CN116061874B

CN116061874B - Anti-theft authentication method, system, equipment and medium based on SOA service architecture

Info

Publication number: CN116061874B
Application number: CN202310076247.0A
Authority: CN
Inventors: 姚迪; 刘洋
Original assignee: Chongqing Changan Automobile Co Ltd
Current assignee: Chongqing Changan Automobile Co Ltd
Priority date: 2023-01-18
Filing date: 2023-01-18
Publication date: 2024-06-21
Anticipated expiration: 2043-01-18
Also published as: CN116061874A

Abstract

The application provides an anti-theft authentication method, system, equipment and medium based on SOA service architecture, wherein the method comprises the following steps: mapping a plurality of area controllers into a master node and a slave node to establish a one-to-one correspondence between the master node and the slave node and the area controllers, and mounting anti-theft authentication service on the master node and the slave node; initiating a theft-proof authentication request to the slave node based on a theft-proof authentication service on the master node; outputting encrypted data in response to the anti-theft authentication request through the anti-theft authentication service on the slave node; and verifying the encrypted data of the slave node through the anti-theft authentication service on the master node to obtain a verification result. The application can be applied to a service-oriented architecture, and the security of anti-theft authentication is improved through bidirectional authentication.

Description

Anti-theft authentication method, system, equipment and medium based on SOA service architecture

Technical Field

The application relates to the field of intelligent automobile application, in particular to an anti-theft authentication method, system, equipment and medium based on an SOA (Service-Oriented Architecture) Service architecture.

Background

The anti-theft authentication technology is to carry out encryption communication through a vehicle body anti-theft controller, an intelligent key and a power system controller, and after authentication, the vehicle enters the drivable control. As the degree of intellectualization of automobiles increases, the electronic and electrical architecture of automobiles is developed from a distributed architecture to a domain architecture and a central area architecture. The original car body burglar alarm and power system controller are integrated into one or more area controllers, and the prior burglar authentication system and method are not applicable to the existing electronic architecture and design.

Disclosure of Invention

In view of the problems in the prior art, the application provides an anti-theft authentication method, an anti-theft authentication system, anti-theft authentication equipment and anti-theft authentication media based on an SOA service architecture, which mainly solve the problem that the traditional anti-theft authentication method is difficult to be suitable for service-oriented architecture design.

In order to achieve the above and other objects, the present application adopts the following technical scheme.

The application provides an anti-theft authentication method based on an SOA service architecture, which comprises the following steps:

Mapping a plurality of area controllers into a master node and a slave node to establish a one-to-one correspondence between the master node and the slave node and the area controllers, and mounting anti-theft authentication service on the master node and the slave node;

Initiating a theft-proof authentication request to the slave node based on a theft-proof authentication service on the master node;

outputting encrypted data in response to the anti-theft authentication request through the anti-theft authentication service on the slave node;

and verifying the encrypted data of the slave node through the anti-theft authentication service on the master node to obtain a verification result.

In an embodiment of the present application, after mapping the plurality of area controllers into the master node and the slave node, the method further includes:

The master node sends target data to the slave node according to the anti-theft authentication key learning request so that the slave node generates a corresponding slave node key according to the target data;

The master node initiates key authentication so that the slave node outputs authentication data according to the corresponding slave node key;

And after the master node passes the verification according to the authentication data, the anti-theft authentication service is mounted on the corresponding slave node.

and mounting an anti-theft system service on the main node, wherein the anti-theft system service is used for carrying out anti-theft state management, receiving a verification result output by the anti-theft authentication service, and carrying out anti-theft state switching according to the verification result.

In an embodiment of the present application, before invoking the anti-theft authentication service on the master node to initiate an anti-theft authentication request to the slave node, the method further includes:

And identifying the burglary-resisting authentication precondition through the burglary-resisting system service, and calling the burglary-resisting authentication service on the master node to perform burglary-resisting authentication when the burglary-resisting authentication precondition is achieved.

In an embodiment of the present application, the anti-theft authentication precondition includes: sleep wakeup, reset, system power up or external request for anti-theft authentication.

In an embodiment of the present application, the plurality of slave nodes verify the encrypted data of the slave nodes through the anti-theft authentication service on the master node to obtain a verification result, including:

verifying the encrypted data of all the slave nodes through the anti-theft authentication service on the master node, and if all the encrypted data of the slave nodes pass the verification, successfully authenticating the anti-theft authentication;

If any one of the slave nodes fails the verification of the encrypted data, the anti-theft authentication fails, and the failure reason is recorded.

In an embodiment of the present application, the anti-theft authentication request includes a random number generated by a master node and a master node message authentication code, and outputting encrypted data in response to the anti-theft authentication request through an anti-theft authentication service on the slave node includes:

and verifying the correctness of the master node message authentication code received by the slave node based on the session key agreed between the master node and the slave node, and if the master node message authentication code is correct, carrying out encryption calculation on the random number to obtain the encrypted data.

In one embodiment of the present application, the encrypted data includes a slave node return value and a slave node message authentication code, and verifying, by the anti-theft authentication service on the master node, the encrypted data of all the slave nodes includes:

And verifying the correctness of the message authentication code of the slave node through the antitheft authentication service of the master node, comparing the return value of the slave node with the random number if the message authentication code of the slave node is correct, and outputting antitheft authentication success when all the return values of the slave node are consistent with the random number.

In an embodiment of the present application, before verifying the encrypted data of the slave node by the anti-theft authentication service on the master node, the method further includes:

if the master node does not receive the encrypted data within the preset time range, regenerating the random number, sending the random number to each slave node to acquire the encrypted data of the slave node again, and accumulating the authentication times after resending the random number each time;

When the accumulated authentication times exceeds a preset threshold, the anti-theft authentication fails.

In an embodiment of the present application, verifying, by the anti-theft authentication service of the master node, the correctness of the message authentication code of the slave node further includes:

And if the slave node message authentication code is wrong, outputting a slave node message authentication failure corresponding to the slave node message authentication code to a preset terminal.

The application also provides an anti-theft authentication system based on the SOA service architecture, which comprises:

the node mapping module is used for mapping a plurality of area controllers into a master node and a slave node so as to establish a one-to-one correspondence between the master node and the slave node and the area controllers, and the master node and the slave node are provided with anti-theft authentication services;

A request initiating module, configured to initiate an anti-theft authentication request to the slave node based on an anti-theft authentication service on the master node;

The encryption calculation module is used for responding to the anti-theft authentication request through the anti-theft authentication service on the slave node to output encrypted data;

And the verification module is used for verifying the encrypted data of the slave node through the anti-theft authentication service on the master node to obtain a verification result.

The present application also provides a computer device comprising: the system comprises a memory, a processor and a computer program which is stored in the memory and can run on the processor, wherein the processor realizes the steps of the anti-theft authentication method based on the SOA service architecture when executing the computer program.

The application also provides a computer readable storage medium, on which a computer program is stored, which when being executed by a processor implements the steps of the SOA service architecture based anti-theft authentication method.

As described above, the anti-theft authentication method, system, equipment and medium based on the SOA service architecture have the following beneficial effects.

Mapping a plurality of area controllers into a master node and a slave node to establish one-to-one correspondence between the master node and the slave node and the area controllers, and mounting anti-theft authentication service on the master node and the slave node; initiating a theft-proof authentication request to the slave node based on a theft-proof authentication service on the master node; outputting encrypted data in response to the anti-theft authentication request through the anti-theft authentication service on the slave node; and verifying the encrypted data of the slave node through the anti-theft authentication service on the master node to obtain a verification result. According to the application, the corresponding anti-theft authentication service is mounted through the master node and the slave node corresponding to the regional controller, anti-theft authentication between nodes is performed based on the service, and the master node manages the verification result, so that the requirements of service-oriented architecture design can be met, the authentication mode can be flexibly configured, and the applicability is enhanced.

Drawings

Fig. 1 is an application scenario diagram of an anti-theft authentication system based on an SOA service architecture according to an embodiment of the present application.

Fig. 2 is a schematic structural diagram of a vehicle end according to an embodiment of the present application.

Fig. 3 is a flowchart of an anti-theft authentication method based on an SOA service architecture according to an embodiment of the present application.

FIG. 4 is a schematic diagram illustrating the configuration of node configuration and service configuration of different domain controllers according to an embodiment of the present application.

FIG. 5 is a timing diagram of anti-theft authentication based on an SOA service architecture in accordance with an embodiment of the present application.

Fig. 6 is a timing diagram of learning anti-theft authentication keys based on an SOA service architecture according to an embodiment of the present application.

Fig. 7 is a block diagram of an anti-theft authentication system based on an SOA architecture according to an embodiment of the present application.

Fig. 8 is a schematic structural diagram of an apparatus according to an embodiment of the present application.

Detailed Description

Other advantages and effects of the present application will become apparent to those skilled in the art from the following disclosure, which describes the embodiments of the present application with reference to specific examples. The application may be practiced or carried out in other embodiments that depart from the specific details, and the details of the present description may be modified or varied from the spirit and scope of the present application. It should be noted that the following embodiments and features in the embodiments may be combined with each other without conflict.

It should be noted that the illustrations provided in the following embodiments merely illustrate the basic concept of the present application by way of illustration, and only the components related to the present application are shown in the drawings and are not drawn according to the number, shape and size of the components in actual implementation, and the form, number and proportion of the components in actual implementation may be arbitrarily changed, and the layout of the components may be more complicated.

Technical terms:

SOA (Service-Oriented Architecture, service oriented architecture) is a method of designing, developing, deploying and managing discrete models in a computer environment. SOAs are proposed in the context of enterprise internal IT system re-construction and inefficiency. In the SOA model, all functions are defined as independent services, and all services are connected through a service Bus (ESB, enterprise Service Bus) or a flow manager. This loosely coupled architecture enables integration of the various heterogeneous systems already present at minimal cost, and of course introduces more complexity itself due to the need to implement adaptations to the various heterogeneous systems (ESBs are typically used to accomplish protocol conversions and data format conversions between the different systems).

An engine anti-theft lock-up system (immobiliser/immobilizer, IMMO for short) is an electronic device built into a vehicle that prevents the engine from operating without the correct key (or other verification means). The key is matched with the code of the chip in the starting electric valve to control the starting of the engine, so that the aim of theft prevention is achieved, and forced short-circuit starting after people enter the automobile can be prevented.

In the prior art, an engine control unit generally sends the authentication data of the engine control unit to an engine anti-theft unit; the engine anti-theft unit compares the high 32 bits of the first encryption result data of the engine control unit with the high 32 bits of the first encryption result data of the engine control unit, and if the high 32 bits of the first encryption result data of the engine control unit are consistent with the high 32 bits of the first encryption result data of the engine control unit, the authentication data of the engine anti-theft unit is sent to the engine control unit; the engine control unit compares the lower 64 bits of the second encryption result data of the engine control unit and the engine anti-theft unit, and if they are identical, starts the engine and stops sending the engine control unit authentication data to the engine anti-theft unit. The mode intelligently realizes one-to-one IMMO anti-theft authentication between the anti-theft controller and the engine controller, and can only be applied to a solution where wind is not an independent controller of a framework.

Based on the problems existing in the prior art, the application provides an anti-theft authentication method based on an SOA service architecture, which not only can be applied to one-to-one anti-theft authentication of a vehicle body anti-theft controller and a power controller under a distributed architecture, but also can use anti-theft authentication among a plurality of regional controllers, and the anti-theft authentication is designed into an anti-theft authentication service by using an SOA service layering architecture design, and is invoked and inquired by upper-layer services in a basic service mode, wherein the basic service is independent of the context and state of other services. Meanwhile, parallel authentication is performed by an encryption authentication mode of bidirectional authentication, and the method has the advantages of high security level, high encryption speed, flexible adaptation and the like.

Referring to fig. 1, fig. 1 is a schematic diagram of an application scenario of an anti-theft authentication system based on an SOA service architecture according to an embodiment of the present application. Mapping a plurality of area controllers into a master node and a slave node to establish a one-to-one correspondence between the master node and the slave node and the area controllers, and mounting anti-theft authentication service on the master node and the slave node; initiating a theft-proof authentication request to the slave node based on a theft-proof authentication service on the master node; outputting encrypted data in response to the anti-theft authentication request through the anti-theft authentication service on the slave node; and verifying the encrypted data of the slave node through the anti-theft authentication service on the master node to obtain a verification result. The design of a specific anti-theft authentication service and the area controller master-slave relationship configuration can be performed in the server 200. After the server 200 completes the design of the anti-theft authentication service, the anti-theft authentication service can be mounted on the corresponding regional controller of the vehicle end.

In an embodiment, the server 200 may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server that provides cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDNs, and basic cloud computing services such as big data and artificial intelligence platforms.

In an embodiment, the configuration of the master-slave relationship of the regional controller and the mounting of the anti-theft authentication service may also be performed at the vehicle end 400, the vehicle end may be a vehicle-mounted terminal, and after the anti-theft authentication service is mounted on the regional controller with the vehicle end as the master node, the anti-theft system service may also be mounted, the anti-theft state management and the pre-condition identification of the anti-theft authentication are performed through the anti-theft system service, and the anti-theft authentication service of the master node is invoked to initiate the anti-theft authentication request to the slave node when the pre-condition is achieved.

Referring to fig. 2, fig. 2 is a schematic structural diagram of a vehicle end 400 according to an embodiment of the present application, and the vehicle end 400 shown in fig. 2 includes: at least one processor 410, a memory 450, at least one network interface 420, and a user interface 430. The various components in the vehicle end 400 are coupled together by a bus system 440. It is understood that the bus system 440 is used to enable connected communication between these components. The bus system 440 includes a power bus, a control bus, and a status signal bus in addition to the data bus. But for clarity of illustration the various buses are labeled in fig. 2 as bus system 440.

The Processor 410 may be an integrated circuit chip having signal processing capabilities such as a general purpose Processor, such as a microprocessor or any conventional Processor, a digital signal Processor (DSP, digital Signal Processor), or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like.

The user interface 430 includes one or more output devices 431, including one or more speakers and/or one or more visual displays, that enable presentation of the media content. The user interface 430 also includes one or more input devices 432, including user interface components that facilitate user input, such as a keyboard, mouse, microphone, touch screen display, camera, other input buttons and controls.

Memory 450 may be removable, non-removable, or a combination thereof. Exemplary hardware devices include solid state memory, hard drives, optical drives, and the like. Memory 250 optionally includes one or more storage devices physically remote from processor 410.

Memory 450 includes volatile memory or nonvolatile memory, and may also include both volatile and nonvolatile memory. The non-volatile Memory may be a Read Only Memory (ROM) and the volatile Memory may be a random access Memory (RAM, random Access Memory). The memory 450 described in embodiments of the present application is intended to comprise any suitable type of memory.

In some embodiments, memory 450 is capable of storing data to support various operations, examples of which include programs, modules and data structures, or subsets or supersets thereof, as exemplified below.

An operating system 451 including system programs, e.g., framework layer, core library layer, driver layer, etc., for handling various basic system services and performing hardware-related tasks, for implementing various basic services and handling hardware-based tasks;

network communication module 452 for reaching other computing devices via one or more (wired or wireless) network interfaces 420, exemplary network interfaces 420 include: bluetooth, wireless compatibility authentication (WiFi), and universal serial bus (USB, universal Serial Bus), etc.;

A presentation module 453 for enabling presentation of information (e.g., a user interface for operating peripheral devices and displaying content and information) via one or more output devices 431 (e.g., a display screen, speakers, etc.) associated with the user interface 430;

An input processing module 454 for detecting one or more user inputs or interactions from one of the one or more input devices 432 and translating the detected inputs or interactions.

In some embodiments, the apparatus provided by the embodiments of the present application may be implemented in software, and fig. 2 shows an anti-theft authentication system 455 based on SOA service architecture stored in a memory 450, which may be software in the form of a program and a plug-in, and includes the following software modules: the node mapping module 4551, the request initiation module 4552, the encryption computation module 4553, and the verification module 4554 are logical, and thus may be arbitrarily combined or further split according to the implemented functions.

The functions of the respective modules will be described hereinafter.

In other embodiments, the system provided by the embodiments of the present application may be implemented in hardware, and by way of example, the system provided by the embodiments of the present application may be a processor in the form of a hardware decoding processor that is programmed to perform the SOA service architecture-based anti-theft authentication method provided by the embodiments of the present application, for example, the processor in the form of a hardware decoding processor may employ one or more Application Specific Integrated Circuits (ASICs), DSPs, programmable Logic devices (PLDs, programmable Logic Device), complex programmable Logic devices (CPLD, complexProgrammable Logic devices), field programmable gate arrays (FPGAs, field-Programmable GateArray), or other electronic components.

In some embodiments, the terminal or the server may implement the anti-theft authentication method based on the SOA service architecture provided by the embodiment of the present application by running a computer program. For example, the computer program may be a native program or a software module in an operating system; a local (Native) Application program (APP), i.e. a program that needs to be installed in an operating system to run, such as a social Application APP or a message sharing APP; the method can also be an applet, namely a program which can be run only by being downloaded into a browser environment; but also an applet or web client program that can be embedded in any APP. In general, the computer programs described above may be any form of application, module or plug-in.

The anti-theft authentication method based on the SOA service architecture of the application is explained in detail below with reference to the specific embodiment.

Referring to fig. 3, the application provides an anti-theft authentication method based on an SOA service architecture, which comprises the following steps:

Step S300, mapping a plurality of area controllers into a master node and a slave node to establish a one-to-one correspondence between the master node and the slave node and the area controllers, and mounting anti-theft authentication service on the master node and the slave node;

step S310, initiating a theft-proof authentication request to the slave node based on the theft-proof authentication service on the master node;

Step S320, outputting encrypted data in response to the anti-theft authentication request through the anti-theft authentication service on the slave node;

Step S330, verifying the encrypted data of the slave node through the anti-theft authentication service on the master node, to obtain a verification result.

In step S300, a plurality of area controllers are mapped into a master node and a slave node to establish a one-to-one correspondence between the master node and the slave node and the area controllers, and anti-theft authentication services are installed on the master node and the slave node.

The current electronic and electrical architecture of automobiles has evolved from early distributed architecture to AND architecture and mid-range architecture. The related functions of the original automobile body burglar alarm and the power system controller can be integrated in one or more regional controllers, and the original one-to-one IMMO authentication process is replaced by antitheft authentication among the regional controllers. Therefore, in the embodiment of the application, a plurality of regional controllers of the automobile, which are responsible for anti-theft authentication, are mapped into nodes with master-slave relationship. Specifically, one of the area controllers may be designated as a master node, and the other area controllers may be designated as slave nodes of the master node, so as to form a one-to-one correspondence between the master node and the area controllers. The anti-theft authentication is further designed to be the basic anti-theft authentication service, and the anti-theft authentication service is mounted under the master node and the slave nodes, so that the master node and the corresponding slave nodes have the same anti-theft authentication service.

In an embodiment, after mapping the plurality of zone controllers into the master node and the slave node, the method further comprises:

In an embodiment, the master node may further be provided with an upper layer service of the anti-theft authentication service, and an anti-theft system service. The anti-theft system service is responsible for the management of anti-theft states, wherein the anti-theft states can comprise preset release, fortification, defence release, alarm and the like. The anti-theft system service can also switch the anti-theft state according to the anti-theft authentication result of the master node and the slave node. For example, when the antitheft authentication service of the master node initiates an antitheft authentication request, the antitheft system service may switch the antitheft state into authentication, and when the authentication passes, the antitheft system service may switch the antitheft state into authentication, or when the authentication fails, switch the antitheft state into alarm, and output alarm information such as the cause of the failure.

Referring to fig. 4, fig. 4 is a schematic diagram illustrating an architecture of different domain controller node configuration and service configuration according to an embodiment of the application. Assuming that the automobile integrates the function of antitheft authentication among 4 zone controllers, the four zone controllers are respectively denoted as zone controller 1, zone controller 2, zone controller 3, and zone controller 4. The area controller 1 is used as a master node of the anti-theft authentication, and the area controller 1 is provided with an anti-theft system service and an anti-theft authentication basic service (namely the anti-theft authentication service). The area controller 2 is used as the anti-theft authentication slave node 1, the area controller 3 is used as the anti-theft authentication slave node 2, the area controller 4 is used as the anti-theft authentication slave node 3, and the same anti-theft authentication basic service as the master node is respectively mounted on the anti-theft authentication slave nodes 1-3, so that the SOA architecture of the area controller is formed. The antitheft system service is used as an upper layer service of the antitheft authentication basic service and manages an authentication result fed back by the antitheft authentication basic service. Antitheft authentication slave node basic service: and (5) the encryption calculation responsible for anti-theft authentication. After receiving the random number notice of the basic service of the antitheft authentication master node, firstly authenticating that the data content is legal, then encrypting the antitheft data, and transmitting the encrypted data to the basic service of the antitheft authentication master node through an interface. If the authentication data is illegal, notifying the master node of data checking errors, and not performing encryption data calculation.

In step S310, a request for anti-theft authentication is initiated to the slave node based on the anti-theft authentication service on the master node.

In an embodiment, before invoking the anti-theft authentication service on the master node to initiate an anti-theft authentication request to the slave node, further comprising:

In an embodiment, the antitheft system service installed on the master node may also be used to perform antitheft authentication precondition identification. The pre-conditions of the anti-theft authentication comprise: sleep wake-up, reset, system power-up or external request for anti-theft authentication, etc. When the system of the automobile is powered on, the regional controller serving as the master node recognizes the power-on control signal and then invokes the underlying anti-theft authentication service to initiate an anti-theft authentication request to the slave node. Because a master node can correspond to a plurality of slave nodes, the master node can initiate anti-theft authentication requests to all the slave nodes at the same time, and the anti-theft authentication of each slave node can be synchronously and parallelly carried out, so that the high efficiency of the authentication process is ensured. The master node and the slave node can pre-agree on a session key for encryption and decryption, and encrypted data transmission is performed based on the session key. The anti-theft authentication service on the master node can call an encryption algorithm to generate a random number and a message authentication code, and the random number and the message authentication code are packaged to generate an anti-theft authentication request and sent to the slave node. The specific encryption algorithm may be selected according to practical application requirements, which is not limited herein.

In step S320, encrypted data is output in response to the anti-theft authentication request by the anti-theft authentication service on the slave node.

In one embodiment, the anti-theft authentication request includes a random number generated by a master node and a master node message authentication code, and outputting encrypted data in response to the anti-theft authentication request through an anti-theft authentication service on the slave node, including:

In one embodiment, the message authentication code (Message Authentication Code, MAC), i.e., the keyed hash function, is a verification mechanism for cryptographic communication entity double-issuing. A tool for ensuring message data integrity. The security of the message authentication code depends on the Hash function and is therefore also referred to as a keyed Hash function. The message authentication code is a value obtained based on the key and the message digest and can be used for data origin authentication and integrity verification. Before transmitting data, the sender first calculates its digest value using a hash function negotiated by both parties. Under the action of the session key shared by both parties, the message verification code is obtained by the digest value. After which it is sent along with the data. After receiving the message, the receiver firstly uses the session key to restore the digest value, and simultaneously uses the hash function to locally calculate the digest value of the received data, and compares the two data. If the two are equal, the message passes the authentication. In this embodiment, after receiving the master node message authentication code, the slave node restores the digest value through the session key agreed by the master node and the slave node, compares the digest value calculated by using the hash function local to the slave node with the restored digest value, and considers that the master node message authentication code received by the slave node is correct if the two are identical. Only after verifying that the message authentication code of the master node is correct, the random number sent by the master node is encrypted and calculated. The message authentication code verification process of each slave node can be performed in parallel. The hash function for calculating the digest value can be flexibly configured according to practical application requirements, and is not limited herein. The encryption algorithm used for the encryption calculation of the random number can also be adapted according to the actual application requirements, and is not limited herein. The slave node can also derive the message authentication code of the slave node in the process of encrypting the random number to generate the encrypted data, so that the master node can conveniently perform message authentication based on the message authentication code derived from the slave node.

In step S330, the encrypted data of the slave node is verified by the anti-theft authentication service on the master node, and a verification result is obtained.

In an embodiment, the plurality of slave nodes verify the encrypted data of the slave nodes through the anti-theft authentication service on the master node to obtain a verification result, and the method includes:

Specifically, after receiving the encrypted data returned by each slave node, the master node invokes the anti-theft authentication service of the master node to decrypt the encrypted data, compares the decrypted data with the random number generated before, and considers that the encrypted data returned by the corresponding slave node is correct if the decrypted data are consistent with the random number, and only if the encrypted data returned by all the slave nodes are correct, the master node can judge that the anti-theft authentication is successful, so that the vehicle is unlocked. If any slave node has wrong encrypted data, the anti-theft authentication fails, the authentication failure result and the reason are fed back to the anti-theft system service of the master node, and the anti-theft system service can switch the anti-theft state based on the feedback result and output alarm information and the like.

In one embodiment, the encrypted data includes a slave node return value and a slave node message authentication code, and verifying the encrypted data of all slave nodes by the anti-theft authentication service on the master node includes:

In one embodiment, after receiving the random number of the master node, the slave node may perform encryption calculation on the random number to obtain a slave node return value, and generate a message authentication code of the slave node based on a hash function. After receiving the encrypted data of the slave node, the master node can preferentially verify the message authentication code of the slave node, and return value verification can be performed only after the message authentication code of the slave node passes verification. The verification process of the message authentication code of the slave node by the master node is consistent with the verification process of the message authentication code of the master node by the slave node, and is not repeated here.

In an embodiment, verifying, by the antitheft authentication service of the master node, the correctness of the slave node message authentication code further includes:

In an embodiment, before verifying the encrypted data of the slave node by the anti-theft authentication service on the master node, the method further comprises:

Specifically, the master node clears the authentication times when initiating the anti-theft authentication request, if the master node receives the encrypted data fed back by the slave node within the time T, the master node determines that the authentication fails, the master node can regenerate the random number and send the random number to each slave node, and the slave node performs encryption calculation based on the retransmitted random number. And the authentication times are accumulated for 1 time, and if the authentication times threshold is 5 times, the master node continuously receives no encrypted data of the slave node within a set time range for 5 times, and the anti-theft authentication is judged to be failed.

Referring to fig. 5, fig. 5 is a timing chart of anti-theft authentication based on SOA service architecture according to an embodiment of the present application. The specific flow of the anti-theft authentication can be expressed as follows:

The first step: the master node judges the pre-condition of the anti-theft authentication: ① Each sleep wakeup, reset, system power up or ② has an external request immo authentication call;

And a second step of: the master node identifies preconditions of anti-theft authentication through anti-theft system service, and the preconditions comprise: 1. the authentication times A are cleared, 2, and the anti-theft authentication state is switched to. Switching the anti-theft state into authentication when the pre-condition of the anti-theft authentication is achieved;

and a third step of: the master node transmits 'random number data information' (Rnd, MAC) to each slave node;

Fourth step: each slave node receives the random number data information (Rnd, MAC); firstly, whether the MAC is correct or not is verified, if not, the 'master node MAC verification error' is fed back, and the encrypted data calculation is not performed any more. If correct, calculate and send "encrypted data information": slave node 0 reply (Rnd 0, MAC 0), slave node 1 reply (Rnd 1, MAC 1), slave node 2 reply (Rnd 2, MAC 2);

Fifth step: the master node receives the encrypted data information of each slave node within a certain time, firstly verifies whether the MAC0, the MAC1 and the MAC2 derived from each slave node are correct, if so, verifies whether the encrypted data are correct, and if all the nodes are authenticated correctly, informs the upper layer service of the successful result of the anti-theft authentication. Otherwise, notifying the failure result and the specific failure reason.

Specifically, referring to fig. 6, fig. 6 is a timing chart of learning anti-theft authentication keys based on SOA service architecture according to an embodiment of the present application. The specific process of anti-theft authentication key learning can be expressed as follows:

The master node receives the method call: ① The offline radio call, or ② has a service request immo authentication learning call;

the first step: master node generates IMMO line learning random number RndLrn "

And a second step of: the master node transmits the learned random number data information (i.e., target data) to each slave node: ① IMMO line learning is random; ② The MAC value of the authentication request; ③ Anti-theft slave node index: for example 0x0011;

and a third step of: each slave node receives the random number data information (Rnd, MAC); generating respective slave node keys 'IMMO line learning keys KeyLrn' and storing the keys locally;

fourth step: the master node initiates an IMMO authentication procedure once. Each slave node feeds back IMMO authentication data.

Fifth step: feeding back authentication results of the IMMO slave nodes: if successful, namely the anti-theft key learning is successful, otherwise, the anti-theft key learning is failed.

Only after the key authentication of the slave node passes, the slave node can mount the corresponding anti-theft authentication service on the slave node, and the corresponding slave node can participate in the authentication flow based on the anti-theft authentication service. Therefore, the vehicle controller can be prevented from being manually replaced by a controller without anti-theft authentication key learning, any control device can be normally used only by the anti-theft authentication key learning of an official channel, the problem of function authorization management is effectively solved, and the safety of the vehicle is ensured.

Referring to fig. 7, fig. 7 is a block diagram of an anti-theft authentication system based on SOA service architecture according to an embodiment of the present application, the system includes: the node mapping module 4551 is configured to map a plurality of area controllers into a master node and a slave node to establish a one-to-one correspondence between the master node and the slave node and the area controllers, and mount anti-theft authentication services on the master node and the slave node; a request initiation module 4552 for initiating a request for anti-theft authentication to the slave node based on an anti-theft authentication service on the master node; an encryption calculation module 4553 for outputting encrypted data in response to the anti-theft authentication request through the anti-theft authentication service on the slave node; and the verification module 4554 is configured to verify the encrypted data of the slave node through the anti-theft authentication service on the master node, so as to obtain a verification result.

In an embodiment, the node mapping module 4551 is further configured to, after mapping the plurality of regional controllers to the master node and the slave node, further comprise: the master node sends target data to the slave node according to the anti-theft authentication key learning request so that the slave node generates a corresponding slave node key according to the target data; the master node initiates key authentication so that the slave node outputs authentication data according to the corresponding slave node key; and after the master node passes the verification according to the authentication data, the anti-theft authentication service is mounted on the corresponding slave node.

In an embodiment, the node mapping module 4551 is further configured to, after mapping the plurality of regional controllers to the master node and the slave node, further comprise: and mounting an anti-theft system service on the main node, wherein the anti-theft system service is used for carrying out anti-theft state management, receiving a verification result output by the anti-theft authentication service, and carrying out anti-theft state switching according to the verification result.

In an embodiment, the request initiation module 4552 is further configured to, before invoking the anti-theft authentication service on the master node to initiate an anti-theft authentication request to the slave node, further comprise: and identifying the burglary-resisting authentication precondition through the burglary-resisting system service, and calling the burglary-resisting authentication service on the master node to perform burglary-resisting authentication when the burglary-resisting authentication precondition is achieved.

In an embodiment, the antitheft authentication precondition includes: sleep wakeup, reset, system power up or external request for anti-theft authentication.

In an embodiment, the verification module 4554 is further configured to verify, by using the anti-theft authentication service on the master node, the encrypted data of the slave node to obtain a verification result, where the verification result includes: verifying the encrypted data of all the slave nodes through the anti-theft authentication service on the master node, and if all the encrypted data of the slave nodes pass the verification, successfully authenticating the anti-theft authentication; if any one of the slave nodes fails the verification of the encrypted data, the anti-theft authentication fails, and the failure reason is recorded.

In an embodiment, the encryption calculation module 4553 is further configured to output, by the antitheft authentication service on the slave node, encrypted data in response to the antitheft authentication request, where the antitheft authentication request includes a random number generated by the master node and a master node message authentication code, and includes: and verifying the correctness of the master node message authentication code received by the slave node based on the session key agreed between the master node and the slave node, and if the master node message authentication code is correct, carrying out encryption calculation on the random number to obtain the encrypted data.

In an embodiment, the verification module 4554 is further configured to verify, by the anti-theft authentication service on the master node, the encrypted data of all the slave nodes including a slave node return value and a slave node message authentication code, including: and verifying the correctness of the message authentication code of the slave node through the antitheft authentication service of the master node, comparing the return value of the slave node with the random number if the message authentication code of the slave node is correct, and outputting antitheft authentication success when all the return values of the slave node are consistent with the random number.

In an embodiment, the verification module 4554 is further configured to, before verifying the encrypted data of the slave node by the anti-theft authentication service on the master node, further comprise: if the master node does not receive the encrypted data within the preset time range, regenerating the random number, sending the random number to each slave node to acquire the encrypted data of the slave node again, and accumulating the authentication times after resending the random number each time; when the accumulated authentication times exceeds a preset threshold, the anti-theft authentication fails.

In an embodiment, the verification module 4554 is further configured to verify, by the anti-theft authentication service of the master node, correctness of the message authentication code of the slave node, and further includes: and if the slave node message authentication code is wrong, outputting a slave node message authentication failure corresponding to the slave node message authentication code to a preset terminal.

The antitheft authentication system based on the SOA service architecture may be implemented in the form of a computer program, which may be run on a computer device as shown in fig. 7. A computer device, comprising: memory, a processor, and a computer program stored on the memory and executable on the processor.

The above-mentioned anti-theft authentication system based on the SOA service architecture may be implemented in whole or in part by software, hardware and a combination thereof. The above modules can be embedded in the memory of the terminal in a hardware form or independent of the terminal, and can also be stored in the memory of the terminal in a software form, so that the processor can call and execute the operations corresponding to the above modules. The processor may be a Central Processing Unit (CPU), microprocessor, single-chip microcomputer, etc.

FIG. 8 is a schematic diagram of the internal structure of a computer device in one embodiment. There is provided a computer device comprising: a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the steps of: mapping a plurality of area controllers into a master node and a slave node to establish a one-to-one correspondence between the master node and the slave node and the area controllers, and mounting anti-theft authentication service on the master node and the slave node; initiating a theft-proof authentication request to the slave node based on a theft-proof authentication service on the master node; outputting encrypted data in response to the anti-theft authentication request through the anti-theft authentication service on the slave node; and verifying the encrypted data of the slave node through the anti-theft authentication service on the master node to obtain a verification result.

In an embodiment, after the mapping of the plurality of area controllers into the master node and the slave node, the processor further includes: the master node sends target data to the slave node according to the anti-theft authentication key learning request so that the slave node generates a corresponding slave node key according to the target data; the master node initiates key authentication so that the slave node outputs authentication data according to the corresponding slave node key; and after the master node passes the verification according to the authentication data, the anti-theft authentication service is mounted on the corresponding slave node.

In an embodiment, after the mapping of the plurality of area controllers into the master node and the slave node, the processor further includes: and mounting an anti-theft system service on the main node, wherein the anti-theft system service is used for carrying out anti-theft state management, receiving a verification result output by the anti-theft authentication service, and carrying out anti-theft state switching according to the verification result.

In an embodiment, when the processor executes the foregoing method, before the invoking the anti-theft authentication service on the master node to initiate an anti-theft authentication request to the slave node, the method further includes: and identifying the burglary-resisting authentication precondition through the burglary-resisting system service, and calling the burglary-resisting authentication service on the master node to perform burglary-resisting authentication when the burglary-resisting authentication precondition is achieved.

In an embodiment, when the processor executes the foregoing, the antitheft authentication precondition implemented includes: sleep wakeup, reset, system power up or external request for anti-theft authentication.

In an embodiment, when the processor executes the foregoing method, the implemented slave nodes are plural, and the verification is performed on the encrypted data of the slave nodes through the anti-theft authentication service on the master node, so as to obtain a verification result, which includes: verifying the encrypted data of all the slave nodes through the anti-theft authentication service on the master node, and if all the encrypted data of the slave nodes pass the verification, successfully authenticating the anti-theft authentication; if any one of the slave nodes fails the verification of the encrypted data, the anti-theft authentication fails, and the failure reason is recorded.

In an embodiment, when the processor executes the above-mentioned processor, the implemented anti-theft authentication request includes a random number generated by a master node and a master node message authentication code, and the outputting, by the anti-theft authentication service on the slave node, the encrypted data in response to the anti-theft authentication request includes: and verifying the correctness of the master node message authentication code received by the slave node based on the session key agreed between the master node and the slave node, and if the master node message authentication code is correct, carrying out encryption calculation on the random number to obtain the encrypted data.

In an embodiment, when the processor executes the above, the implemented encrypted data includes a slave node return value and a slave node message authentication code, and verifying, by the anti-theft authentication service on the master node, the encrypted data of all slave nodes includes: and verifying the correctness of the message authentication code of the slave node through the antitheft authentication service of the master node, comparing the return value of the slave node with the random number if the message authentication code of the slave node is correct, and outputting antitheft authentication success when all the return values of the slave node are consistent with the random number.

In an embodiment, before the processor performs verification on the encrypted data of the slave node through the anti-theft authentication service on the master node, the method further includes: if the master node does not receive the encrypted data within the preset time range, regenerating the random number, sending the random number to each slave node to acquire the encrypted data of the slave node again, and accumulating the authentication times after resending the random number each time; when the accumulated authentication times exceeds a preset threshold, the anti-theft authentication fails.

In an embodiment, when the processor executes the foregoing, the implemented anti-theft authentication service through the master node verifies the correctness of the message authentication code of the slave node, and further includes: and if the slave node message authentication code is wrong, outputting a slave node message authentication failure corresponding to the slave node message authentication code to a preset terminal.

In one embodiment, the computer device may be used as a server, including but not limited to a stand-alone physical server, or a server cluster formed by a plurality of physical servers, and may also be used as a terminal, including but not limited to a mobile phone, a tablet computer, a personal digital assistant, a smart device, or the like. As shown in FIG. 7, the computer device includes a processor, a non-volatile storage medium, an internal memory, a display screen, and a network interface connected by a system bus.

Wherein the processor of the computer device is configured to provide computing and control capabilities to support the operation of the entire computer device. The non-volatile storage medium of the computer device stores an operating system and a computer program. The computer program can be executed by a processor to implement the anti-theft authentication method based on the SOA service architecture provided in the above embodiments. Internal memory in a computer device provides a cached operating environment for an operating system and computer programs in a non-volatile storage medium. The display interface can display data through the display screen. The display screen may be a touch screen, such as a capacitive screen or an electronic screen, and the corresponding instruction may be generated by receiving a click operation on a control displayed on the touch screen.

It will be appreciated by those skilled in the art that the architecture of the computer device illustrated in fig. 7 is merely a block diagram of portions of the architecture in connection with the present inventive arrangements and is not limiting of the computer device to which the present inventive arrangements are applicable, and that a particular computer device may include more or less components than those illustrated, or may be combined with certain components, or have a different arrangement of components.

In one embodiment, a computer readable storage medium is provided having stored thereon a computer program which when executed by a processor performs the steps of: mapping a plurality of area controllers into a master node and a slave node to establish a one-to-one correspondence between the master node and the slave node and the area controllers, and mounting anti-theft authentication service on the master node and the slave node; initiating a theft-proof authentication request to the slave node based on a theft-proof authentication service on the master node; outputting encrypted data in response to the anti-theft authentication request through the anti-theft authentication service on the slave node; and verifying the encrypted data of the slave node through the anti-theft authentication service on the master node to obtain a verification result.

In an embodiment, after the mapping of the plurality of zone controllers to the master node and the slave node, the computer program when executed by the processor further comprises: the master node sends target data to the slave node according to the anti-theft authentication key learning request so that the slave node generates a corresponding slave node key according to the target data; the master node initiates key authentication so that the slave node outputs authentication data according to the corresponding slave node key; and after the master node passes the verification according to the authentication data, the anti-theft authentication service is mounted on the corresponding slave node.

In an embodiment, after the mapping of the plurality of zone controllers to the master node and the slave node, the computer program when executed by the processor further comprises: and mounting an anti-theft system service on the main node, wherein the anti-theft system service is used for carrying out anti-theft state management, receiving a verification result output by the anti-theft authentication service, and carrying out anti-theft state switching according to the verification result.

In an embodiment, the computer program, when executed by the processor, is implemented to invoke a burglar authentication service on the master node to initiate a burglar authentication request to the slave node, further comprising: and identifying the burglary-resisting authentication precondition through the burglary-resisting system service, and calling the burglary-resisting authentication service on the master node to perform burglary-resisting authentication when the burglary-resisting authentication precondition is achieved.

In an embodiment, the computer program, when executed by the processor, implements the antitheft authentication preconditions comprising: sleep wakeup, reset, system power up or external request for anti-theft authentication.

In an embodiment, when the computer program is executed by the processor, the plurality of slave nodes are implemented, and the verification result is obtained by verifying the encrypted data of the slave nodes through the anti-theft authentication service on the master node, including: verifying the encrypted data of all the slave nodes through the anti-theft authentication service on the master node, and if all the encrypted data of the slave nodes pass the verification, successfully authenticating the anti-theft authentication; if any one of the slave nodes fails the verification of the encrypted data, the anti-theft authentication fails, and the failure reason is recorded.

In one embodiment, the computer program, when executed by a processor, implements the anti-theft authentication request comprising a master node generated random number and a master node message authentication code, outputting encrypted data in response to the anti-theft authentication request by an anti-theft authentication service on the slave node, comprising: and verifying the correctness of the master node message authentication code received by the slave node based on the session key agreed between the master node and the slave node, and if the master node message authentication code is correct, carrying out encryption calculation on the random number to obtain the encrypted data.

In one embodiment, the instructions, when executed by the processor, implement the encrypted data comprising a slave node return value and a slave node message authentication code, verifying the encrypted data of all slave nodes by a burglar authentication service on the master node, comprising: and verifying the correctness of the message authentication code of the slave node through the antitheft authentication service of the master node, comparing the return value of the slave node with the random number if the message authentication code of the slave node is correct, and outputting antitheft authentication success when all the return values of the slave node are consistent with the random number.

In one embodiment, the instructions, when executed by the processor, before implementing verification of the encrypted data of the slave node by the anti-theft authentication service on the master node, further comprise: if the master node does not receive the encrypted data within the preset time range, regenerating the random number, sending the random number to each slave node to acquire the encrypted data of the slave node again, and accumulating the authentication times after resending the random number each time; when the accumulated authentication times exceeds a preset threshold, the anti-theft authentication fails.

In an embodiment, the instructions, when executed by the processor, implement a validation of the correctness of the slave node message authentication code by the antitheft authentication service of the master node, further comprising: and if the slave node message authentication code is wrong, outputting a slave node message authentication failure corresponding to the slave node message authentication code to a preset terminal.

Those skilled in the art will appreciate that all or part of the processes in the methods of the above embodiments may be implemented by a computer program for instructing relevant hardware, where the program may be stored in a non-volatile computer readable storage medium, and where the program, when executed, may include processes in the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), or the like.

The above embodiments are merely illustrative of the principles of the present application and its effectiveness, and are not intended to limit the application. Modifications and variations may be made to the above-described embodiments by those skilled in the art without departing from the spirit and scope of the application. Accordingly, it is intended that all equivalent modifications and variations of the application be covered by the claims, which are within the ordinary skill of the art, be within the spirit and scope of the present disclosure.

Claims

1. The anti-theft authentication method based on the SOA service architecture is characterized by comprising the following steps:

Verifying the encrypted data of the slave nodes through the anti-theft authentication service on the master node to obtain a verification result, wherein the number of the slave nodes is multiple, and verifying the encrypted data of the slave nodes through the anti-theft authentication service on the master node to obtain the verification result comprises the following steps: verifying the encrypted data of all the slave nodes through the anti-theft authentication service on the master node, and if all the encrypted data of the slave nodes pass the verification, successfully authenticating the anti-theft authentication; if any one of the encrypted data of the slave nodes fails to pass the verification, the anti-theft authentication fails, and the failure reason is recorded;

The anti-theft authentication request comprises a random number generated by a master node and a master node message authentication code, and the anti-theft authentication service on the slave node responds to the anti-theft authentication request to output encrypted data, and the method comprises the following steps: verifying the correctness of the master node message authentication code received by the slave node based on a session key agreed between the master node and the slave node, and if the master node message authentication code is correct, carrying out encryption calculation on the random number to obtain the encrypted data;

The encrypted data comprises a slave node return value and a slave node message authentication code, and all the encrypted data of the slave nodes are verified through the antitheft authentication service on the master node, and the method comprises the following steps: and verifying the correctness of the message authentication code of the slave node through the antitheft authentication service of the master node, comparing the return value of the slave node with the random number if the message authentication code of the slave node is correct, and outputting antitheft authentication success when all the return values of the slave node are consistent with the random number.

2. The SOA service architecture based anti-theft authentication method according to claim 1, further comprising, after mapping the plurality of zone controllers into the master node and the slave node:

3. The SOA service architecture based anti-theft authentication method according to claim 1, further comprising, after mapping the plurality of zone controllers into the master node and the slave node:

4. The SOA service architecture based anti-theft authentication method of claim 3, further comprising, prior to invoking the anti-theft authentication service on the master node to initiate an anti-theft authentication request to the slave node:

5. The SOA service architecture based anti-theft authentication method according to claim 4, wherein the pre-condition for anti-theft authentication comprises: sleep wakeup, reset, system power up or external request for anti-theft authentication.

6. The SOA service architecture based anti-theft authentication method according to claim 1, further comprising, before verifying the encrypted data of the slave node by the anti-theft authentication service on the master node:

7. The SOA service architecture based anti-theft authentication method according to claim 6, wherein the correctness of the slave node message authentication code is verified by the anti-theft authentication service of the master node, further comprising:

8. An antitheft authentication system based on an SOA service architecture, comprising:

The verification module is configured to verify the encrypted data of the slave node through the anti-theft authentication service on the master node to obtain a verification result, where the number of slave nodes is multiple, and verify the encrypted data of the slave node through the anti-theft authentication service on the master node to obtain the verification result, and the verification module includes: verifying the encrypted data of all the slave nodes through the anti-theft authentication service on the master node, and if all the encrypted data of the slave nodes pass the verification, successfully authenticating the anti-theft authentication; if any one of the encrypted data of the slave nodes fails to pass the verification, the anti-theft authentication fails, and the failure reason is recorded; the anti-theft authentication request comprises a random number generated by a master node and a master node message authentication code, and the anti-theft authentication service on the slave node responds to the anti-theft authentication request to output encrypted data, and the method comprises the following steps: verifying the correctness of the master node message authentication code received by the slave node based on a session key agreed between the master node and the slave node, and if the master node message authentication code is correct, carrying out encryption calculation on the random number to obtain the encrypted data; the encrypted data comprises a slave node return value and a slave node message authentication code, and all the encrypted data of the slave nodes are verified through the antitheft authentication service on the master node, and the method comprises the following steps: and verifying the correctness of the message authentication code of the slave node through the antitheft authentication service of the master node, comparing the return value of the slave node with the random number if the message authentication code of the slave node is correct, and outputting antitheft authentication success when all the return values of the slave node are consistent with the random number.

9. A computer device, comprising: memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the SOA service architecture based anti-theft authentication method according to any one of claims 1 to 7 when executing the computer program.

10. A computer-readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the SOA service architecture based anti-theft authentication method according to any one of claims 1 to 7.