CN103974255A - System and method for vehicle access - Google Patents
System and method for vehicle access Download PDFInfo
- Publication number
- CN103974255A CN103974255A CN201410187144.2A CN201410187144A CN103974255A CN 103974255 A CN103974255 A CN 103974255A CN 201410187144 A CN201410187144 A CN 201410187144A CN 103974255 A CN103974255 A CN 103974255A
- Authority
- CN
- China
- Prior art keywords
- digital certificate
- vehicle
- request
- intelligent transportation
- transportation server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 238000004891 communication Methods 0.000 claims abstract description 69
- 238000013475 authorization Methods 0.000 claims abstract description 56
- 230000008569 process Effects 0.000 abstract description 7
- 238000012795 verification Methods 0.000 abstract 1
- 101150050163 CERT1 gene Proteins 0.000 description 6
- 230000000977 initiatory effect Effects 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 5
- 230000006872 improvement Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 230000002452 interceptive effect Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- OTZZZISTDGMMMX-UHFFFAOYSA-N 2-(3,5-dimethylpyrazol-1-yl)-n,n-bis[2-(3,5-dimethylpyrazol-1-yl)ethyl]ethanamine Chemical compound N1=C(C)C=C(C)N1CCN(CCN1C(=CC(C)=N1)C)CCN1C(C)=CC(C)=N1 OTZZZISTDGMMMX-UHFFFAOYSA-N 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The invention provides a system and method for vehicle access. The system comprises a communication unit, a digital certificate center, an access unit and an intelligent transportation server. The communication unit is used for sending a first request to the digital certificate center, generating an authorization message comprising a digital certificate after the digital certificate is returned by the digital certificate center and sending the authorization message to the access unit; the digital certificate center is used for generating the digital certificate corresponding to the first request according to the first request and returning the digital certificate to the communication unit; the access unit is used for receiving the authorization message sent by the communication unit and comprising the digital certificate and is used for sending a second request to the intelligent transportation server according to the authorization message; the intelligent transportation server is used for verifying whether the second request is legal or not and judging whether a vehicle is allowed to have access to the intelligent traffic server according to a verification result. According to the system and method for vehicle access, privacy and safety of an existing vehicle in the process of vehicle access are guaranteed.
Description
Technical field
The present invention relates to a kind of vehicle connecting system and method.
Background technology
Intelligent transportation system (Intelligent Transport System, be called for short ITS) be to apply to whole traffic management system by effectively integrated to advanced information technology, mechanics of communication, sensing technology, control technology and computer technology etc., and set up a kind of on a large scale in, comprehensive playing a role, in real time, comprehensive transport and management system accurately and efficiently.User's automobile can be enjoyed various transport services easily after accessing in the process of moving ITS system, for example, can receive Real-time Traffic Information, can understand at any time the information such as journey periphery hotel, market, can realize vehicle does not need parking to pay the electronic charging function of toll, cross-bridge-expense yet.
But vehicle, in the time of access ITS system, because being directly initiates access application with real information by vehicle, exists the disclosure risk of vehicle driving trace, running time, and its communication data after access ITS system is also easily intercepted by third party.
Summary of the invention
In view of this, provide a kind of safer vehicle connecting system and method real in necessary.
The vehicle connecting system that the embodiment of the present invention provides, comprises communication unit, digital certificate center, access unit and intelligent transportation server.
Described communication unit is for sending the first request to described digital certificate center, described the first request is for digital certificate request, and, return after digital certificate at described digital certificate center, generation comprises the authorization messages of described digital certificate, and described authorization message is sent to described access unit.
Corresponding digital certificate is asked for asking to generate with described first according to described first in described digital certificate center, and, described digital certificate is back to described communication unit.
Described access unit is used for receiving described authorization messages, and generates the second request according to described authorization messages, and the second request is sent to described intelligent transportation server, and described the second request accesses described intelligent transportation server for request by described vehicle.
Described intelligent transportation server is used for verifying whether described the second request is legal, and judges whether to allow described vehicle to access described intelligent transportation server according to the result.
Further, described communication unit comprises essential information generation module, the first request generation module, request sending module, certificate receiver module and authorization messages generation module, wherein: described essential information generation module is used for generating vehicle assumed name and PKI-private key pair; Described the first request generation module is for generating described the first request according to described vehicle assumed name and PKI; Described request sending module is for being sent to described digital certificate center by described the first request; Described certificate receiver module is for receiving the digital certificate that described digital certificate center is returned; Described authorization messages generation module is for generating described authorization messages according to described vehicle assumed name, described PKI, described private key and described digital certificate.
Further, described vehicle assumed name is for the alternative title as described vehicle, and to represent the user of described vehicle as the described digital certificate of application, described vehicle assumed name is a random number.
Further, described access unit is for generating described the second request according to described vehicle assumed name, described PKI and described digital certificate.
Further, when the result returning when described intelligent transportation server is legal, described intelligent transportation server allows described vehicle to access described intelligent transportation server, and, when the result returning when described intelligent transportation server is illegal, described intelligent transportation server forbids that described vehicle accesses described intelligent transportation server.
The embodiment of the present invention also provides a kind of vehicle cut-in method, is applied to the vehicle connecting system being made up of communication unit, digital certificate center, access unit and intelligent transportation server, and described method comprises:
Described communication unit sends the first request to digital certificate center, described the first request is for digital certificate request;
Described digital certificate center generates the digital certificate corresponding with described the first request according to described the first request, and, described digital certificate is back to described communication unit;
Described communication unit receives the digital certificate that described digital certificate center is returned, and generates authorization messages according to described digital certificate, described authorization messages is sent to described access unit simultaneously;
Described access unit receives described authorization messages, generates the second request according to described authorization messages, and described the second request is sent to described intelligent transportation server;
Described in described intelligent transportation server authentication, whether the second request legal, and judges whether to allow described vehicle to access described intelligent transportation server according to the result.
Further, before described communication unit sends the first request to digital certificate center, described method also comprises: described communication unit generates vehicle assumed name and PKI-private key pair, and generates described the first request according to described vehicle assumed name and PKI.
Further, described communication unit according to described digital certificate generation authorization messages is: described communication unit generates described authorization messages according to described vehicle assumed name, described PKI, described private key and described digital certificate; Described access unit generates the second request according to described authorization messages: described access unit generates described the second request according to described vehicle assumed name, described PKI and described digital certificate.
Further, described vehicle assumed name is for the alternative title as described vehicle, and to represent the user of described vehicle as the described digital certificate of application, described vehicle assumed name is a random number.
Further, when the result returning when described intelligent transportation server is legal, described intelligent transportation server allows described vehicle to access described intelligent transportation server;
When the result returning when described intelligent transportation server is illegal, described intelligent transportation server forbids that described vehicle accesses described intelligent transportation server.
When current vehicle is accessed intelligent transportation server by the technical program, the process improvement of independently initiating digital certificate request and directly initiating access application taking real information by vehicle as: by generating vehicle assumed name, realize and in needs interactive vehicle real information, all adopt vehicle assumed name to substitute, thus the leakage of information of vehicles while having avoided vehicle access intelligent transportation system.
Brief description of the drawings
The Organization Chart of the vehicle connecting system that Fig. 1 provides for the first embodiment of the present invention.
The Organization Chart of the communication unit that the vehicle connecting system that Fig. 2 provides for the first embodiment comprises.
The flow chart of the vehicle cut-in method that Fig. 3 provides for the second embodiment of the present invention.
Specific implementation method
In order more clearly to understand above-mentioned purpose of the present invention, feature and advantage, below in conjunction with the drawings and specific embodiments, the present invention is further described in detail.It should be noted that, in the situation that not conflicting, the feature in the application's embodiment and embodiment can combine mutually.
A lot of details are set forth in the following description so that fully understand the present invention; but; the present invention can also adopt other to be different from other modes described here and implement, and therefore, protection scope of the present invention is not subject to the restriction of following public specific embodiment.
Refer to Fig. 1, the vehicle connecting system 100 that the first embodiment of the present invention provides, for described vehicle is accessed to intelligent transportation server, described vehicle connecting system 100 comprises: communication unit 10, digital certificate center 20, access unit 30 and intelligent transportation server 40.
Described communication unit 10 is for sending the first request to described digital certificate center 20, described the first request is for digital certificate request, and, return after described digital certificate at described digital certificate center 20, generation comprises the authorization messages of described digital certificate, and described authorization message is sent to described access unit 30, described authorization messages is for authorizing described access unit 30 to initiate the request of the described intelligent transportation server 40 of access.
In the above-described embodiments, described communication unit 10 comprises essential information generation module 11, the first request generation module 12, request sending module 13, certificate receiver module 14 and authorization messages generation module 15.
Described essential information generation module 11 is for generating vehicle assumed name a and PKI-private key to (pk, sk).
In the above-described embodiments, described vehicle assumed name a is specially random integers, for the alternative title as described vehicle, for expressing its user for application digital certificate.
In the above-described embodiments, by generating random number as vehicle assumed name, on the one hand by the real information of described vehicle, such as vehicle code, car plate etc. are for distinguishing the Information hiding of vehicle, realized the safety of described information of vehicles; On the other hand, this random number is filled in described the first request, in following two kinds of situations, seems particularly necessary:
Situation one
When described communication unit 10 is when ensureing that described digital certificate center 20 receives that described first when request repeatedly sends described the first request really, described digital certificate center 20 is for the principle of same user only being provided to a digital certificate, the described random number that is filled to described the first request can be used for identification and whether this user has been provided to digital certificate, the difficulty of the subsequent authentication causing to avoid repeating to provide.
Situation two
In the time having multiple described communication units 10 to apply for digital certificate, described digital certificate center 20 can utilize the difference section of described random number to divide the first different request from different communication unit 10.
In the above-described embodiments, described PKI-private key is common concepts in cryptography to (pk, sk), and it is made up of a PKI pk and a private key sk.PKI pk is generally used for encrypted session key, certifying digital signature, or encrypts the data that can decipher with corresponding private key.PKI pk is open to the external world, and private key sk protects as security information.When using this key right, if with one of them secret key encryption one piece of data, must use another secret key decryption.Such as just deciphering with private key by public key encryption data, if must decipher with PKI with encrypted private key, otherwise deciphering will can be not successful yet.
In the above-described embodiments, described private key sk is the random number of choosing at random, and PKI pk calculates by the system parameters of private key sk and encryption system, specifically can pass through DES algorithm, 3DES algorithm, the symmetry cryptographic algorithm such as TDEA algorithm generate, and repeat no more here.
Described the first request generation module 12 is for generating described the first request according to described vehicle assumed name a and PKI pk.
In the above-described embodiments, described the first request specifically can be the message bag of following several forms, its concrete form judges by consulting in advance definite communication protocol or password, described concrete form comprises the order that content that message handbag contains and each content occur, the content that the message bag of following several forms only comprises it limits, and does not limit the order that each content occurs:
The first: Packet1 → (vehicle assumed name, PKI) → (a, pk)
While adopting the first message packet format, when described digital certificate center 20 receives after described Packet1, automatically the different content in vehicle assumed name position and public key bits in the described message bag of identification, and be regarded as respectively vehicle assumed name a and PKI pk, and generate certificate of certification for described vehicle assumed name a and described PKI pk.
The second: Packet2 → (encrypted packets, PKI) → ((a, pk)
pk, pk)
While adopting the second message packet format, the described encrypted packets character string that described vehicle assumed name a and described PKI pk connect and compose in turn of serving as reasons is encrypted and is formed through described PKI pk.When described digital certificate center 20 receives after described Packet2, automatically the PKI pk in the described message bag public key bits of identification, and utilize described PKI pk to decipher described encrypted packets, thereby obtain described vehicle assumed name a, and further generate certificate of certification for described vehicle assumed name a and described PKI pk.
The third: Packet3 → (encrypted packets, vehicle assumed name, PKI) → ((a, pk)
pk, a, pk)
While adopting the third message packet format, described vehicle assumed name a also appears in described packet as public information, is to have increased vehicle assumed name a as public information in described message bag with the difference of described Packet1.The benefit of bringing is like this, digital certificate center 20 is detecting after described message bag Packet3, whether whether the vehicle assumed name a that can first detect in described message bag has freshness, do not receiving before, and judging whether to carry out the operation of next step PKI pk deciphering with this.Such as, if described vehicle assumed name has freshness, carry out next step, decipher described encrypted packets with described PKI pk, if described vehicle assumed name a does not have freshness, directly this packet is made to discard processing.
In above-mentioned any one message bag, because described PKI pk need to be open to digital certificate center 20, therefore in described message bag, described PKI pk presents with plaintext form.
In above-mentioned any one message bag, can also comprise a request mark at ad-hoc location, described ad-hoc location is also to judge by consulting in advance definite communication protocol or password, described request mark is the message bag that certificate is issued in a request for this message bag of mark, thereby decompose information automatically at described digital certificate center 20.
Described request sending module 13 is for being sent to described digital certificate center 20 by described the first request.
The digital certificate that described certificate receiver module 14 returns for receiving described digital certificate center 20.
In the above-described embodiments, when described digital certificate 20 receives after described the first request, can generate corresponding digital certificate according to described the first request, and described digital certificate is back to described communication unit 10, described certificate receiver module 14 receives described digital certificate.
Described authorization messages generation module 15 is for generating described authorization messages according to described vehicle assumed name a, described PKI pk, described private key sk and the digital certificate that returns from described digital certificate center 20, and is sent to described access unit 30.
In the above-described embodiments, the concrete form of described authorization messages judges by consulting in advance definite communication protocol or password equally, described concrete form comprises the order that content that message handbag contains and each content occur, in described authorization messages, can contain equally a mandate mark, the message bag that described mandate mark is an authorization messages for this message bag of mark.For example, described authorization messages can be: (PKI, private key, vehicle assumed name, digital certificate, request mark) → (pk, sk, a, cert, ap), wherein ap is and authorizes mark.
In the above-described embodiments, described communication unit 10 can be a terminal independently, such as mobile phone, PAD, handset etc., can be also a built-in module, and such as being built in vehicle one and can completely realizing the module of communication function, the present invention is not construed as limiting.
In the above-described embodiments, described essential information generation module 11, the first request generation module 12, request sending module 13, certificate receiver module 14 and authorization messages generation module 15 can be used as separate modular originally built-in in terminal or the existence of multiple module, also can be present in terminal by forming a special applications, the present invention is not construed as limiting.Corresponding digital certificate is asked for asking to generate with described first according to described first in described digital certificate center 20, and, described digital certificate is back to described communication unit 10.
In the above-described embodiments, described digital certificate center 20JiCA mechanism, be called again certificate and award card (Certificate Authority) center, the effect of described digital certificate is the legal public-key cryptography of listing in certificate that has of user of listing in certification, be bonded to the present embodiment, being vehicle corresponding to described vehicle assumed name a is the legal user who has certificate.The hash algorithm that described digital certificate center 20 adopts both sides to make an appointment conventionally calculates the message digest of a fixing figure place, and on mathematics, ensure that the message digest value recalculating will not conform to original value as long as change in message any one.So just ensure the unalterable feature of message, also ensured the authenticity of certificate.
The authorization messages that comprises described digital certificate that described access unit 30 sends for receiving described communication unit 10, and generate the second request according to described authorization messages, and the second request is sent to described intelligent transportation server 40, described the second request is used for asking to access described intelligent transportation server 40.
In the above-described embodiments, described access unit 30 is described built-in vehicle for accessing the separate unit of described intelligent transportation server 40.
In the above-described embodiments, described access unit 30 is specifically for generating described the second request according to described vehicle assumed name a, described PKI pk and described digital certificate.
The concrete form of described the second request judges by consulting in advance definite communication protocol or password equally, described concrete form comprises the order that content that message handbag contains and each content occur, in described the second request, can also comprise a request mark at ad-hoc location, described ad-hoc location is also to judge by consulting in advance definite communication protocol or password, described request mark is the message bag that a request accesses described intelligent transportation server 40 for this message bag of mark, thereby described intelligent transportation server 40 can decompose information automatically.Whether described intelligent transportation server 40 is legal for verifying described the second request, and judges whether to allow described vehicle to access described intelligent transportation server 40 according to the result.
In the above-described embodiments, when the result returning when described intelligent transportation server 40 is legal, described intelligent transportation server 40 allows described vehicle to access described intelligent transportation server 40; When the result returning when described intelligent transportation server 40 is illegal, described intelligent transportation server 40 forbids that described vehicle accesses described intelligent transportation server 40.
In the above-described embodiments, described intelligent transportation server 40 has been implanted digital certificate generation way, the as the aforementioned hash algorithm that described digital certificate center 30 adopts in advance.When described intelligent transportation server 40 receives after described the second request, obtain described vehicle assumed name a and PKI according to the PKI pk deciphering related news bag in described the second request, and the generative process of reappearing described digital certificate according to described digital certificate generation way, and whether the digital certificate that judges this generation is consistent with the digital certificate carrying in described the second request, if consistent, be legal, described intelligent transportation server 40 allows described vehicle to access described intelligent transportation server 40; If inconsistent, be illegal, described intelligent transportation server 40 does not allow described vehicle to access described intelligent transportation server 40.
In the above-described embodiments, checking computing and described digital certificate center 20 that described intelligent transportation server 40 carries out are computings of equidirectional, that is: described digital certificate center 20 cert1=Hash (pk in the following way, a) generated digital certificate, described intelligent transportation server 40 also carries out following computing cert2=Hash (pk,, then verify that cert1 equals cert2 and whether sets up a).
In technique scheme, described digital certificate center 20 and described intelligent transportation server 40 relation are between the two: can be two systems, can be also two entities in a system, and the present invention is not construed as limiting.
Pass through technique scheme, during by current vehicle access intelligent transportation server, the process improvement of independently initiating digital certificate request and directly initiating access application taking real information by vehicle as: by generating vehicle assumed name, realize and in needs interactive vehicle real information, all adopt vehicle assumed name to substitute, while having avoided vehicle access intelligent transportation system, the leakage of information of vehicles, is more conducive to maintaining secrecy of Vehicle Driving Cycle and the communication information.
Further, be that vehicle generates public and private key pair by communication unit, and use public and private key effectively to ensure the confidentiality of communication data to communicating encryption.The embodiment of the present invention also provides a kind of vehicle cut-in method, for described vehicle is accessed to intelligent transportation server, described vehicle cut-in method can adopt the described vehicle connecting system 100 being made up of communication unit, digital certificate center, access unit and intelligent transportation server to realize, and described method comprises:
S202, described communication unit 10 sends the first request to digital certificate center 20, and described the first request is for digital certificate request;
S204, described digital certificate center 20 generates the digital certificate corresponding with described the first request according to described the first request, and, described digital certificate is back to described communication unit 10;
S206, described communication unit 10 receives the digital certificate that described digital certificate center 20 is returned, and generates authorization messages according to described digital certificate, and described authorization messages is sent to described access unit 30;
S208, described access unit 30 receives described authorization messages, generate the second request according to described authorization messages, and described the second request is sent to described intelligent transportation server 40, described the second request accesses described intelligent transportation server for request by described vehicle;
S210, described intelligent transportation server 40 is verified described the second request, and judges whether to allow described vehicle to access described intelligent transportation server according to the result.
In the above-described embodiments, before described S202, also comprise:
Described communication unit 10 generates vehicle assumed name a and PKI-private key to (pk, sk), and generates described the first request according to described vehicle assumed name a and PKI pk.
In the above-described embodiments, described vehicle assumed name a is random integers, for the alternative title as described vehicle, for expressing its user for application digital certificate.
In the above-described embodiments, by generating random number as vehicle assumed name, on the one hand by the real information of described vehicle, such as vehicle code, car plate etc. are for distinguishing the Information hiding of vehicle, realized the safety of information of vehicles; On the other hand, this random number is filled in described the first request, in following two kinds of situations, seems particularly necessary:
Situation one
When described communication unit 10 is when ensureing that described digital certificate center 20 receives that described first when request repeatedly sends described the first request really, described digital certificate center 20 is for the principle of same user only being provided to a digital certificate, the described random number that is filled to described the first request can be used for identification and whether this user has been provided to digital certificate, the difficulty of the subsequent authentication causing to avoid repeating to provide.
Situation two
In the time having multiple described communication units 10 to apply for digital certificate, described digital certificate center 20 can utilize the difference section of described random number to divide from different first requests of different communication unit 10 to seem particularly important.
In the above-described embodiments, described the first request specifically can be the message bag of following several forms, its concrete form judges by consulting in advance definite communication protocol or password, described concrete form comprises the order that content that message handbag contains and each content occur, the content that the message bag of following several forms only comprises it limits, and does not limit the order that each content occurs:
The first: Packet1 → (vehicle assumed name, PKI) → (a)
While adopting the first message packet format, when described digital certificate center 20 receives after described Packet1, automatically the different content in an identification described message hired car assumed name position and public key bits, and be regarded as respectively vehicle assumed name a and PKI pk, and generate certificate of certification for described vehicle assumed name a and PKI pk.
The second: Packet2 → (encrypted packets, PKI) → ((a, pk)
pk, pk)
While adopting the second message packet format, the described encrypted packets character string that described vehicle assumed name a and described PKI pk connect and compose in turn of serving as reasons is encrypted and is formed through described PKI pk.When described digital certificate center 20 receives after described Packet2, automatically the PKI pk in the described message bag public key bits of identification, and utilize described PKI pk to decipher described encrypted packets, thereby obtain described vehicle assumed name a, and further generate certificate of certification for described vehicle assumed name a and described PKI pk.
The third: Packet3 → (encrypted packets, vehicle assumed name, PKI) → ((a, pk)
pk, a, pk)
While adopting the third message packet format, described vehicle assumed name a also appears in described packet as public information, is to have increased vehicle assumed name a as public information in described message bag with the difference of described Packet1.Bring like this benefit time, digital certificate center 20 is detecting after described message bag Packet3, whether whether the vehicle assumed name a that can first detect in described message bag has freshness, do not receiving before, and judging whether to carry out the operation of next step PKI pk deciphering with this.Such as, if described vehicle assumed name a has freshness, carry out next step, decipher described encrypted packets with described PKI pk, if described vehicle assumed name a does not have freshness, directly this packet is made to discard processing.
In above-mentioned any one message bag, because described PKI pk need to be open to digital certificate center 20, therefore in described message bag, described PKI pk presents with plaintext form.
In above-mentioned any one message bag, can also comprise a request mark at ad-hoc location, described ad-hoc location is also to judge by consulting in advance definite communication protocol or password, described request mark is the message bag that certificate is issued in a request for this message bag of mark, thereby described digital certificate center 20 will be decomposed automatically.
In the above-described embodiments, the effect of described digital certificate is the legal public-key cryptography of listing in certificate that has of user of listing in certification.The hash algorithm that described digital certificate center 20 adopts both sides to make an appointment conventionally calculates the message digest of a fixing figure place, and on mathematics, ensure that the message digest value recalculating will not conform to original value as long as change in message any one.So just ensure the unalterable feature of message, also ensured the authenticity of certificate.
In the above-described embodiments, the communication unit 10 in described S208 is specially according to described digital certificate generation authorization messages:
Described communication unit 10 generates described authorization messages according to described vehicle assumed name a, described PKI pk, described private key sk and described digital certificate.
In the above-described embodiments, the concrete form of described authorization messages judges by consulting in advance definite communication protocol or password equally, described concrete form comprises the order that content that message handbag contains and each content occur, in described authorization messages, can contain equally a mandate mark, the message bag that described mandate mark is an authorization messages for this message bag of mark.For example, described authorization messages can be: (PKI, private key, vehicle assumed name, digital certificate, request mark) → (pk, sk, a, cert, ap), wherein ap is and authorizes mark.
In the above-described embodiments, described communication unit 10 can be a terminal independently, such as mobile phone, PAD, handset etc., can be also a built-in module, and such as being built in vehicle one and can completely realizing the module of communication function, the present invention is not construed as limiting.
In the above-described embodiments, the described access unit 30 in described S208 is specially according to described authorization messages generation the second request: generate described the second request according to described vehicle assumed name a, described PKI pk and described digital certificate.
The concrete form of described the second request judges by consulting in advance definite communication protocol or password equally, described concrete form comprises the order that content that message handbag contains and each content occur, in described the second request, can also comprise a request mark at ad-hoc location, described ad-hoc location is also to judge by consulting in advance definite communication protocol or password, described request mark is the message bag that a request accesses described intelligent transportation server 40 for this message bag of mark, thereby described intelligent transportation server 40 decomposes information automatically.
In the above-described embodiments, described access unit 30 is described built-in vehicle for accessing the separate unit of described intelligent transportation server 40.
Described S210 can be: when the result returning when described intelligent transportation server 40 is legal, described intelligent transportation server 40 allows described vehicle to access described intelligent transportation server 40; When the result returning when described intelligent transportation server 40 is illegal, described intelligent transportation server 40 forbids that described vehicle accesses described intelligent transportation server 40.
In the above-described embodiments, described intelligent transportation server 40 has been implanted digital certificate generation way, the as the aforementioned hash algorithm that described digital certificate center 20 adopts in advance.When described intelligent transportation server 40 receives after described the second message, obtain described vehicle assumed name a and PKI pk according to the PKI deciphering related news bag in described the second message, and the generative process of reappearing described digital certificate according to described digital certificate generation way, and whether the digital certificate that judges this generation is consistent with the digital certificate carrying in described the second message, if consistent, be legal, described intelligent transportation server 40 allows described vehicle to access described intelligent transportation server 40; If inconsistent, be illegal, described intelligent transportation server 40 does not allow described vehicle to access described intelligent transportation server 40.
In the above-described embodiments, checking computing and described digital certificate center 20 that described intelligent transportation server 40 carries out are computings of equidirectional, that is: described digital certificate center 20 cert1=Hash (pk in the following way, a) generated digital certificate, described intelligent transportation server 40 also carries out following computing cert2=Hash (pk,, then verify that cert1 equals cert2 and whether sets up a).
In technique scheme, described digital certificate center 20 and described intelligent transportation server 40 relation are between the two: can be two systems, can be also two entities in a system, and the present invention is not construed as limiting.
Pass through technique scheme, during by current vehicle access intelligent transportation server, the process improvement of independently initiating digital certificate request and directly initiating access application taking real information by vehicle as: by generating vehicle assumed name, realize and in needs interactive vehicle real information, all adopt vehicle assumed name to substitute, while having avoided vehicle access intelligent transportation system, the leakage of information of vehicles, is more conducive to maintaining secrecy of Vehicle Driving Cycle and the communication information.
Further, be that vehicle generates public and private key pair by mobile terminal, and use public and private key effectively to ensure the confidentiality of communication data to communicating encryption.
More than be described with reference to the accompanying drawings according to technical scheme of the present invention, the present invention can carry out different processing methods in conjunction with user's concrete condition in the time that user's setting automatically replies, and makes user obtain in time message.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for a person skilled in the art, the present invention can have various modifications and variations.Within the spirit and principles in the present invention all, any amendment of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (10)
1. a vehicle connecting system, for by described vehicle access intelligent transportation server, is characterized in that, described vehicle connecting system comprises communication unit, digital certificate center, access unit and intelligent transportation server, wherein:
Described communication unit is for sending the first request to described digital certificate center, described the first request is for digital certificate request, and, return after digital certificate at described digital certificate center, generation comprises the authorization messages of described digital certificate, and described authorization message is sent to described access unit;
Corresponding digital certificate is asked for asking to generate with described first according to described first in described digital certificate center, and, described digital certificate is back to described communication unit; Described access unit is used for receiving described authorization messages, and generates the second request according to described authorization messages, and the second request is sent to described intelligent transportation server, and described the second request accesses described intelligent transportation server for request by described vehicle;
Described intelligent transportation server is used for verifying whether described the second request is legal, and judges whether to allow described vehicle to access described intelligent transportation server according to the result.
2. vehicle connecting system according to claim 1, is characterized in that, described communication unit comprises essential information generation module, the first request generation module, request sending module, certificate receiver module and authorization messages generation module, wherein:
Described essential information generation module is used for generating vehicle assumed name and PKI-private key pair;
Described the first request generation module is for generating described the first request according to described vehicle assumed name and PKI;
Described request sending module is for being sent to described digital certificate center by described the first request;
Described certificate receiver module is for receiving the digital certificate that described digital certificate center is returned;
Described authorization messages generation module is for generating described authorization messages according to described vehicle assumed name, described PKI, described private key and described digital certificate.
3. vehicle connecting system according to claim 2, is characterized in that, described vehicle assumed name is for the alternative title as described vehicle, and to represent the user of described vehicle as the described digital certificate of application, described vehicle assumed name is a random number.
4. according to the described vehicle connecting system of claim 2, it is characterized in that, described access unit generates described the second request according to described vehicle assumed name, described PKI and described digital certificate.
5. according to the vehicle connecting system described in any one of claim 1 to 4, it is characterized in that, when the result returning when described intelligent transportation server is legal, described intelligent transportation server allows described vehicle to access described intelligent transportation server;
When the result returning when described intelligent transportation server is illegal, described intelligent transportation server forbids that described vehicle accesses described intelligent transportation server.
6. a vehicle cut-in method, is applied to the vehicle connecting system being made up of communication unit, digital certificate center, access unit and intelligent transportation server, and described method comprises:
Described communication unit sends the first request to digital certificate center, described the first request is for digital certificate request;
Described digital certificate center generates the digital certificate corresponding with described the first request according to described the first request, and, described digital certificate is back to described communication unit;
Described communication unit receives the digital certificate that described digital certificate center is returned, and generates authorization messages according to described digital certificate, described authorization messages is sent to described access unit simultaneously;
Described access unit receives described authorization messages, generates the second request according to described authorization messages, and described the second request is sent to described intelligent transportation server, and described the second request accesses described intelligent transportation server for request by described vehicle;
Described in described intelligent transportation server authentication, whether the second request legal, and judges whether to allow described vehicle to access described intelligent transportation server according to the result.
7. vehicle cut-in method according to claim 6, it is characterized in that, before described communication unit sends the first request to digital certificate center, described method also comprises: described communication unit generates vehicle assumed name and PKI-private key pair, and, generate described the first request according to described vehicle assumed name and PKI.
8. vehicle cut-in method according to claim 6, it is characterized in that, described communication unit generates authorization messages according to described digital certificate and is: described communication unit generates described authorization messages according to described vehicle assumed name, described PKI, described private key and described digital certificate;
Described access unit generates the second request according to described authorization messages: described access unit generates described the second request according to described vehicle assumed name, described PKI and described digital certificate.
9. vehicle cut-in method according to claim 7, is characterized in that, described vehicle assumed name is for the alternative title as described vehicle, and to represent the user of described vehicle as the described digital certificate of application, described vehicle assumed name is a random number.
10. according to the vehicle cut-in method described in any one of claim 6 to 9, it is characterized in that,
When the result returning when described intelligent transportation server is legal, described intelligent transportation server allows described vehicle to access described intelligent transportation server;
When the result returning when described intelligent transportation server is illegal, described intelligent transportation server forbids that described vehicle accesses described intelligent transportation server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410187144.2A CN103974255B (en) | 2014-05-05 | 2014-05-05 | A kind of vehicle access system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410187144.2A CN103974255B (en) | 2014-05-05 | 2014-05-05 | A kind of vehicle access system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103974255A true CN103974255A (en) | 2014-08-06 |
| CN103974255B CN103974255B (en) | 2018-06-05 |
Family
ID=51243195
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410187144.2A Active CN103974255B (en) | 2014-05-05 | 2014-05-05 | A kind of vehicle access system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103974255B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105516134A (en) * | 2015-12-08 | 2016-04-20 | 浪潮(北京)电子信息产业有限公司 | Authentication method and system for system integration |
| CN105704160A (en) * | 2016-04-12 | 2016-06-22 | 成都景博信息技术有限公司 | Vehicle data real time calculation method |
| CN106506161A (en) * | 2016-10-31 | 2017-03-15 | 宇龙计算机通信科技(深圳)有限公司 | Method for secret protection and privacy protection device in vehicle communication |
| CN108055236A (en) * | 2017-11-03 | 2018-05-18 | 深圳市轱辘车联数据技术有限公司 | A kind of data processing method, mobile unit and electronic equipment |
| CN111917685A (en) * | 2019-05-07 | 2020-11-10 | 华为技术有限公司 | Method for applying for digital certificate |
| CN113810411A (en) * | 2021-09-17 | 2021-12-17 | 公安部交通管理科学研究所 | Traffic control facility digital certificate management method and system |
| CN115439959A (en) * | 2014-12-23 | 2022-12-06 | 法雷奥舒适驾驶助手公司 | Method for controlling access to at least one function of a motor vehicle |
| CN117676580A (en) * | 2023-12-14 | 2024-03-08 | 上海博汽智能科技有限公司 | Safety authentication method based on vehicle-mounted gateway |
| WO2024113077A1 (en) * | 2022-11-28 | 2024-06-06 | 华为技术有限公司 | Communication method and apparatus, and vehicle |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1753569A (en) * | 2005-11-02 | 2006-03-29 | 中国移动通信集团公司 | System and method for mobile communication data service processing based on pseudocode |
| CN1961605A (en) * | 2004-05-28 | 2007-05-09 | 皇家飞利浦电子股份有限公司 | Privacy-preserving information distributing system |
| CN103281191A (en) * | 2013-05-30 | 2013-09-04 | 江苏大学 | Method and system for communicating based on car networking |
| CN103314606A (en) * | 2011-01-20 | 2013-09-18 | 皇家飞利浦有限公司 | Authentication and authorization of cognitive radio devices |
-
2014
- 2014-05-05 CN CN201410187144.2A patent/CN103974255B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1961605A (en) * | 2004-05-28 | 2007-05-09 | 皇家飞利浦电子股份有限公司 | Privacy-preserving information distributing system |
| CN1753569A (en) * | 2005-11-02 | 2006-03-29 | 中国移动通信集团公司 | System and method for mobile communication data service processing based on pseudocode |
| CN103314606A (en) * | 2011-01-20 | 2013-09-18 | 皇家飞利浦有限公司 | Authentication and authorization of cognitive radio devices |
| CN103281191A (en) * | 2013-05-30 | 2013-09-04 | 江苏大学 | Method and system for communicating based on car networking |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115439959A (en) * | 2014-12-23 | 2022-12-06 | 法雷奥舒适驾驶助手公司 | Method for controlling access to at least one function of a motor vehicle |
| CN105516134A (en) * | 2015-12-08 | 2016-04-20 | 浪潮(北京)电子信息产业有限公司 | Authentication method and system for system integration |
| CN105516134B (en) * | 2015-12-08 | 2018-10-30 | 浪潮(北京)电子信息产业有限公司 | A kind of authentication method and system of the system integration |
| CN105704160B (en) * | 2016-04-12 | 2019-01-08 | 南京理学工程数据技术有限公司 | Vehicle-mounted data real-time computing technique |
| CN105704160A (en) * | 2016-04-12 | 2016-06-22 | 成都景博信息技术有限公司 | Vehicle data real time calculation method |
| CN106506161B (en) * | 2016-10-31 | 2023-08-15 | 宇龙计算机通信科技(深圳)有限公司 | Privacy protection method and privacy protection device in vehicle communication |
| CN106506161A (en) * | 2016-10-31 | 2017-03-15 | 宇龙计算机通信科技(深圳)有限公司 | Method for secret protection and privacy protection device in vehicle communication |
| CN108055236A (en) * | 2017-11-03 | 2018-05-18 | 深圳市轱辘车联数据技术有限公司 | A kind of data processing method, mobile unit and electronic equipment |
| CN111917685A (en) * | 2019-05-07 | 2020-11-10 | 华为技术有限公司 | Method for applying for digital certificate |
| WO2020224621A1 (en) * | 2019-05-07 | 2020-11-12 | 华为技术有限公司 | Method for applying for digital certificate |
| CN111917685B (en) * | 2019-05-07 | 2022-05-31 | 华为云计算技术有限公司 | Method for applying for digital certificate |
| US11888993B2 (en) | 2019-05-07 | 2024-01-30 | Huawei Cloud Computing Technologies Co., Ltd. | Digital certificate application method |
| CN113810411A (en) * | 2021-09-17 | 2021-12-17 | 公安部交通管理科学研究所 | Traffic control facility digital certificate management method and system |
| CN113810411B (en) * | 2021-09-17 | 2023-02-14 | 公安部交通管理科学研究所 | Traffic control facility digital certificate management method and system |
| WO2024113077A1 (en) * | 2022-11-28 | 2024-06-06 | 华为技术有限公司 | Communication method and apparatus, and vehicle |
| CN117676580A (en) * | 2023-12-14 | 2024-03-08 | 上海博汽智能科技有限公司 | Safety authentication method based on vehicle-mounted gateway |
| CN117676580B (en) * | 2023-12-14 | 2024-05-17 | 上海博汽智能科技有限公司 | Safety authentication method based on vehicle-mounted gateway |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103974255B (en) | 2018-06-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103974255B (en) | A kind of vehicle access system and method | |
| CN105471833B (en) | A kind of safe communication method and device | |
| CN106161032B (en) | A kind of identity authentication method and device | |
| CN112528250B (en) | System and method for realizing data privacy and digital identity through block chain | |
| CN109936833A (en) | Vehicle virtual key generation and use method, system and user terminal | |
| CN105577613B (en) | A kind of method of sending and receiving of key information, equipment and system | |
| CN102394749B (en) | Line protection method, system, information safety equipment and application equipment for data transmission | |
| CN106101068A (en) | Terminal communicating method and system | |
| KR101706117B1 (en) | Apparatus and method for other portable terminal authentication in portable terminal | |
| CN108141444B (en) | Improved authentication method and authentication device | |
| US8806206B2 (en) | Cooperation method and system of hardware secure units, and application device | |
| CN101300808A (en) | Method and arrangement for secure autentication | |
| Yeh et al. | PAACP: A portable privacy-preserving authentication and access control protocol in vehicular ad hoc networks | |
| CN109617675B (en) | Method and system for authenticating identifiers of both sides between charge and discharge facility and user terminal | |
| CN114006736B (en) | Instant communication message protection system and method based on hardware password equipment | |
| CN107679847A (en) | A kind of move transaction method for secret protection based on near-field communication bidirectional identity authentication | |
| CN103684798A (en) | Authentication system used in distributed user service | |
| CN106790064A (en) | The method that both sides are communicated in credible root server cloud computing server model | |
| CN101964805B (en) | Method, equipment and system for safely sending and receiving data | |
| CN114338091B (en) | Data transmission method, device, electronic equipment and storage medium | |
| CN108964897A (en) | Identity authorization system and method based on group communication | |
| CN110611679A (en) | Data transmission method, device, equipment and system | |
| CN111756528A (en) | Quantum session key distribution method and device and communication architecture | |
| CN105471657A (en) | Method, device and system for managing inter-domain communication log of virtual machine | |
| CN111656729B (en) | System and method for computing escrow and private session keys for encoding digital communications between two devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |