CN103974255B - A kind of vehicle access system and method - Google Patents
A kind of vehicle access system and method Download PDFInfo
- Publication number
- CN103974255B CN103974255B CN201410187144.2A CN201410187144A CN103974255B CN 103974255 B CN103974255 B CN 103974255B CN 201410187144 A CN201410187144 A CN 201410187144A CN 103974255 B CN103974255 B CN 103974255B
- Authority
- CN
- China
- Prior art keywords
- vehicle
- digital certificate
- request
- intelligent transportation
- transportation server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 238000004891 communication Methods 0.000 claims abstract description 71
- 238000013475 authorization Methods 0.000 claims abstract description 55
- 238000012795 verification Methods 0.000 claims abstract description 22
- 101150050163 CERT1 gene Proteins 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 5
- 230000008859 change Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- OTZZZISTDGMMMX-UHFFFAOYSA-N 2-(3,5-dimethylpyrazol-1-yl)-n,n-bis[2-(3,5-dimethylpyrazol-1-yl)ethyl]ethanamine Chemical compound N1=C(C)C=C(C)N1CCN(CCN1C(=CC(C)=N1)C)CCN1C(C)=CC(C)=N1 OTZZZISTDGMMMX-UHFFFAOYSA-N 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000004083 survival effect Effects 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention provides a kind of vehicle access system and methods, and the system comprises communication unit, digital certificate center, access unit and intelligent transportation servers.The communication unit is used to send the first request to digital certificate center and generates the authorization messages for including digital certificate after digital certificate is returned at digital certificate center, and authorization message is sent to the access unit;The digital certificate center be used for according to described first request to generate with the first corresponding digital certificate of request and, digital certificate is back to communication unit;The access unit is used to receive the authorization messages for including the digital certificate that the communication unit is sent, and sends the second request to the intelligent transportation server according to the authorization messages;The intelligent transportation server is used to verify whether second request is legal and determines whether that vehicle accesses the intelligent transportation server according to verification result.The technical program solves the problems, such as the privacy and security during existing vehicle access.
Description
Technical field
The present invention relates to a kind of vehicle access system and methods.
Background technology
Intelligent transportation system (Intelligent Transport System, abbreviation ITS) be by advanced information technology,
Mechanics of communication, sensing technology, control technology and computer technology etc. are effectively integrated into entire traffic management body
System, and set up it is a kind of in a wide range of, it is comprehensive play a role, in real time, accurately and efficiently comprehensive transport and management
System.The automobile of user can enjoy various easily transport services after accessing ITS systems in the process of moving, for example, can be with
Real-time Traffic Information is received, the information such as journey periphery hotel, market can be understood at any time, can also realize that vehicle is not required to parking and hands over
Receive toll, the electronic charging function of cross-bridge-expense.
But vehicle, when accessing ITS systems, due to being directly to initiate access application with real information by vehicle, there are vehicles
Driving trace, the disclosure risk of running time, and its communication data after ITS systems are accessed also easily is cut by third party
It takes.
The content of the invention
In view of this, a kind of safer vehicle access system is provided and method is actually necessary.
The vehicle access system that the embodiment of the present invention is provided, including communication unit, digital certificate center, access unit and
Intelligent transportation server.
The communication unit is used to send the first request to the digital certificate center, and first request is for number of request
Word certificate and, after returning to digital certificate at the digital certificate center, generation includes the authorization messages of the digital certificate,
And the authorization message is sent to the access unit.
The digital certificate center be used for according to described first request to generate with the described first corresponding digital certificate of request,
And the digital certificate is back to the communication unit.
The access unit is asked for receiving the authorization messages according to authorization messages generation second, and will
Second request is sent to the intelligent transportation server, and second request hands over the vehicle access intelligence for request
Logical server.
Whether the intelligent transportation server is legal for verifying second request, and is judged whether according to verification result
The vehicle is allowed to access the intelligent transportation server.
Further, the communication unit requests to generate module including essential information generation module, first, request sends mould
Block, certificate receiving module and authorization messages generation module, wherein:The essential information generation module for generate vehicle assumed name and
Public-private key pair;Described first requests to generate module for according to first request of the vehicle assumed name and public key generation;Institute
Request sending module is stated for the described first request to be sent to the digital certificate center;The certificate receiving module is used to connect
Receive the digital certificate that the digital certificate center returns;The authorization messages generation module is used for according to the vehicle assumed name, institute
It states public key, the private key and the digital certificate and generates the authorization messages.
Further, the vehicle assumed name is for the replacement title as the vehicle, to represent the vehicle as application
The user of the digital certificate, the vehicle assumed name are a random number.
Further, the access unit is used to be generated according to the vehicle assumed name, the public key and the digital certificate
Second request.
Further, when the verification result that the intelligent transportation server returns is legal, the intelligent transportation service
Device allow the vehicle access the intelligent transportation server and, when the verification result that the intelligent transportation server returns
For it is illegal when, the intelligent transportation server forbids the vehicle to access the intelligent transportation server.
The embodiment of the present invention additionally provides a kind of vehicle cut-in method, applied to by communication unit, digital certificate center, connect
Enter the vehicle access system that unit and intelligent transportation server are formed, the described method includes:
The communication unit sends the first request to digital certificate center, and first request is for digital certificate request;
The digital certificate center according to described first request to generate with the described first corresponding digital certificate of request, with
And the digital certificate is back to the communication unit;
The communication unit receives the digital certificate that the digital certificate center returns, and is generated according to the digital certificate
Authorization messages, while the authorization messages are sent to the access unit;
The access unit receives the authorization messages, according to the second request of authorization messages generation, and by described the
Two requests are sent to the intelligent transportation server;
Whether the second request is legal described in the intelligent transportation server authentication, and is determined whether according to verification result
The vehicle accesses the intelligent transportation server.
Further, before the communication unit sends the first request to digital certificate center, the method further includes:
The communication unit generates vehicle assumed name and public-private key pair and according to the vehicle assumed name and public key generation described first
Request.
Further, the communication unit is according to digital certificate generation authorization messages:The communication unit according to
The vehicle assumed name, the public key, the private key and the digital certificate generate the authorization messages;The access unit according to
The authorization messages generation second is asked:The access unit is demonstrate,proved according to the vehicle assumed name, the public key and the number
Inteilectual asks into described second.
Further, the vehicle assumed name is for the replacement title as the vehicle, to represent the vehicle as application
The user of the digital certificate, the vehicle assumed name are a random number.
Further, when the verification result that the intelligent transportation server returns is legal, the intelligent transportation service
Device allows the vehicle to access the intelligent transportation server;
When the verification result that the intelligent transportation server returns is illegal, the intelligent transportation server is forbidden described
Vehicle accesses the intelligent transportation server.
When current vehicle is accessed intelligent transportation server by the technical program, digital certificate request is independently initiated by vehicle simultaneously
The process that access application is directly initiated with real information is improved to:By generating vehicle assumed name, realizing is needing interactive vehicle true
It is all substituted when real information using vehicle assumed name, information of vehicles lets out when accessing intelligent transportation system so as to avoid vehicle
Dew.
Description of the drawings
The Organization Chart for the vehicle access system that Fig. 1 is provided by the first embodiment of the present invention.
Fig. 2 is the Organization Chart for the communication unit that the vehicle access system that first embodiment provides includes.
The flow chart for the vehicle cut-in method that Fig. 3 is provided by the second embodiment of the present invention.
Specific implementation method
It is to better understand the objects, features and advantages of the present invention, below in conjunction with the accompanying drawings and specific real
Example is applied the present invention is further described in detail.It should be noted that in the case where there is no conflict, embodiments herein
And the feature in embodiment can be mutually combined.
Many details are elaborated in the following description to facilitate a thorough understanding of the present invention, still, the present invention may be used also
To be implemented using other different from other modes described here, therefore, protection scope of the present invention and from described below
Specific embodiment limitation.
Refer to Fig. 1, the vehicle access system 100 that the first embodiment of the present invention is provided, for the vehicle to be connect
Enter intelligent transportation server, the vehicle access system 100 includes:Communication unit 10, digital certificate center 20, access unit 30
With intelligent transportation server 40.
The communication unit 10 is used to send the first request to the digital certificate center 20, and first request is used for please
Ask digital certificate and, after returning to the digital certificate at the digital certificate center 20, generation include the digital certificate
Authorization messages, and the authorization message is sent to the access unit 30, the authorization messages are single for authorizing the access
Member 30 is initiated to access the request of the intelligent transportation server 40.
In the above-described embodiments, the communication unit 10 requests to generate module including essential information generation module 11, first
12nd, request sending module 13, certificate receiving module 14 and authorization messages generation module 15.
The essential information generation module 11 is used to generate vehicle assumed name a and public-private key to (pk, sk).
In the above-described embodiments, the vehicle assumed name a is specially a random integers, for the replacement name as the vehicle
Claim, for expressing its user for application digital certificate.
In the above-described embodiments, it is used as vehicle assumed name by generating random number, on the one hand by the real information of the vehicle,
For example vehicle code, car plate etc. are used to distinguish the Information hiding of vehicle, realize the safety of the information of vehicles;The opposing party
The random number is filled into the described first request, seems particularly necessary in following two situations by face:
Situation one
It is multiple when the communication unit 10 is ensures that the digital certificate center 20 receives first request really
When sending first request, the digital certificate center 20 for the principle for only providing same user a digital certificate,
It fills to the random number of the described first request and can be used for identifying whether to have provided digital certificate to the user, to avoid
Repeat the difficulty of subsequent authentication caused by providing.
Situation two
When having multiple communication units 10 to need to apply digital certificate, the digital certificate center 20 can profit
The first different requests from different communication unit 10 are distinguished with the difference of the random number.
In the above-described embodiments, the public-private key is common concepts in cryptography to (pk, sk), by a public key
Pk and private key sk composition.Public key pk can use corresponding commonly used in encrypted session key, verification digital signature or encryption
The data of private key decryption.Public key pk is outwardly disclosed, and private key sk is then protected as security information.Using this key pair when
It waits, if encrypting one piece of data with one of key, it is necessary to another secret key decryption.For example just must with public key encryption data
It must be decrypted with private key, if must also use public key decryptions with private key encryption, otherwise decryption will not succeed.
In the above-described embodiments, the private key sk is the random number randomly selected, and public key pk is by private key sk and encryption
What the systematic parameter of system was calculated, it can specifically pass through the symmetry Encryption Algorithm such as DES algorithms, 3DES algorithms, TDEA algorithms
Generation, which is not described herein again.
Described first requests to generate module 12 for according to the vehicle assumed name a and public key pk generations first request.
In the above-described embodiments, the message package of first request concretely following several forms, specific form by
Consult definite communication protocol in advance or password judges, the specific form includes the content that message package includes and each content goes out
Existing order, the message packages of following several forms only to it includes content be defined, do not limit each content occur it is suitable
Sequence:
The first:Packet1 → (vehicle assumed name, public key) → (a, pk)
It is automatic to know after the digital certificate center 20 receives the Packet1 during using the first message packet format
Different content in not described message package on vehicle assumed name position and public key bits, and vehicle assumed name a and public key pk are regarded as respectively,
And for the vehicle assumed name a and public key pk generation certification certificates.
Second:Packet2 → (encryption data bag, public key) → ((a, pk)pk,pk)
During using second of message packet format, the encryption data bag is suitable by the vehicle assumed name a and the public key pk
The secondary character string connected and composed is encrypted by the public key pk.Described in being received when the digital certificate center 20
After Packet2, the public key pk described in automatic identification in message package public key bits, and decrypt the encryption data using the public key pk
Bag so as to obtain the vehicle assumed name a, and generates certification certificate further directed to the vehicle assumed name a and public key pk.
The third:Packet3 → (encryption data bag, vehicle assumed name, public key) → ((a, pk)pk,a,pk)
During using the third message packet format, the vehicle assumed name a also serves as public information and appears in the data packet,
Difference with the Packet1 is adding vehicle assumed name a as public information in the message package.The benefit so brought
It is that digital certificate center 20 can detect the vehicle assumed name in the message package first after the message package Packet3 is detected
Whether whether a has freshness, i.e., do not received before, and decrypted with this public key pk for judging whether to next step
Operation.It if for example, the vehicle assumed name has freshness, carries out in next step, the encryption data is decrypted with the public key pk
The data packet if the vehicle assumed name a does not have freshness, is directly made discard processing by bag.
In any one above-mentioned message package, since the public key pk is needed to 20 disclosure of digital certificate center, therefore in institute
It states in message package, the public key pk is presented with plaintext version.
In any one above-mentioned message package, a request can also be included in specific position and identified, the specific position
And judged by consulting definite communication protocol or password in advance, the request mark is that a request is issued for marking the message package
The message package issued licence, so as to which information is automatically decomposed in the digital certificate center 20.
The request sending module 13 is used to the described first request being sent to the digital certificate center 20.
The certificate receiving module 14 is used to receive the digital certificate that the digital certificate center 20 returns.
In the above-described embodiments, after the digital certificate 20 receives first request, can be asked according to described first
Corresponding digital certificate is sought survival into, and the digital certificate is back to the communication unit 10, the certificate receiving module 14
Receive the digital certificate.
The authorization messages generation module 15 be used for according to the vehicle assumed name a, the public key pk, the private key sk and from
The digital certificate that the digital certificate center 20 returns generates the authorization messages, and is sent to the access unit 30.
In the above-described embodiments, the specific form of the authorization messages equally by consulting definite communication protocol or mouth in advance
Order judges, the specific form includes the order that the content that includes of message package and each content occur, same in the authorization messages
Sample can contain one and authorize mark, described to authorize mark for marking the message package that the message package is an authorization messages.For example, institute
Stating authorization messages can be:(public key, private key, vehicle assumed name, digital certificate, request mark) → (pk, sk, a, cert, ap), wherein
Ap is to authorize mark.
In the above-described embodiments, the communication unit 10 can be an independent terminal, such as mobile phone, PAD, handset etc.,
Can also be the module built in one, for example, a built-in module that can completely realize communication function in the car, this hair
It is bright to be not construed as limiting.
In the above-described embodiments, the essential information generation module 11, first request to generate module 12, request sending module
13rd, certificate receiving module 14 and authorization messages generation module 15 can be as the separate modular built in script in terminal or multiple modules
In the presence of can be also present in by forming a special applications in terminal, the present invention is not construed as limiting.The digital certificate center 20
For according to described first request to generate with the described first corresponding digital certificate of request and, the digital certificate is returned
To the communication unit 10.
In the above-described embodiments, the digital certificate center 20 is CA mechanisms, and also known as certificate awards card (Certificate
Authority) center, the effect of the digital certificate, which is that the user listed in certification is legal, possesses the public affairs listed in certificate
Key is opened, is bound to the present embodiment, is that the corresponding vehicles of the vehicle assumed name a are the legal user for possessing certificate.The number
The hash algorithm that 20 generally use both sides of word certificate center make an appointment is calculated the message digest of a fixed digit, and
Mathematically ensure that as long as any message digest value one, recalculated will not be consistent with original value in change message.
It so ensures that the unalterable feature of message namely ensure that the authenticity of certificate.
The access unit 30 is used to receive the authorization messages for including the digital certificate that the communication unit 10 is sent,
And it is sent to the intelligent transportation server 40 according to the second request of authorization messages generation, and by the second request, described the
Two requests access the intelligent transportation server 40 for request.
In the above-described embodiments, the access unit 30 is the built-in vehicle for accessing the intelligent transportation service
The separate unit of device 40.
In the above-described embodiments, the access unit 30 is specifically used for according to the vehicle assumed name a, the public key pk and institute
State digital certificate generation second request.
The specific form of second request is equally judged by consulting definite communication protocol or password in advance, described specific
Form includes the order that the content that includes of message package and each content occur, can also be in certain bits in the described second request
It puts and is identified comprising a request, the specific position is also to be judged by consulting definite communication protocol or password in advance, described to ask
Mark is sought for marking message package of the message package for a request access intelligent transportation server 40, so as to which the intelligence is handed over
Logical server 40 can automatically decompose information.The intelligent transportation server 40 is used to verify whether second request closes
Method, and determine whether that the vehicle accesses the intelligent transportation server 40 according to verification result.
In the above-described embodiments, when the verification result that the intelligent transportation server 40 returns is legal, the intelligence
Transportation server 40 allows the vehicle to access the intelligent transportation server 40;It is returned when the intelligent transportation server 40
When verification result is illegal, the intelligent transportation server 40 forbids the vehicle to access the intelligent transportation server 40.
In the above-described embodiments, the intelligent transportation server 40 has been previously implanted the digital certificate center 30 and has been used
Digital certificate generation method, hash algorithm as the aforementioned.When the intelligent transportation server 40 receives second request
Afterwards, i.e., the public key pk decryption related news bags in the described second request obtain the vehicle assumed name a and public key, and according to institute
It states digital certificate generation method and reappears the generating process of the digital certificate, and judge the digital certificate of this generation and described the
Whether the digital certificate carried in two requests is consistent, if unanimously, to be legal, the intelligent transportation server 40 allows the vehicle
The access intelligent transportation server 40;If inconsistent, to be illegal, the intelligent transportation server 40 does not allow the vehicle
The access intelligent transportation server 40.
In the above-described embodiments, the verification computing and the digital certificate center 20 that the intelligent transportation server 40 carries out
It is the computing of equidirectional, i.e.,:(pk a) generates number to cert1=Hash in the following way at the digital certificate center 20
Certificate, then the intelligent transportation server 40 also carry out following computing cert2=Hash (pk a), then verify that cert1 is equal to
Whether cert2 is true.
In the above-mentioned technical solutions, the relation of the digital certificate center 20 and the intelligent transportation server 40 between the two
It is:Can be two entities in two systems or a system, the present invention is not construed as limiting.
Through the above technical solutions, when current vehicle is accessed intelligent transportation server, digital card is independently initiated by vehicle
Book is asked and is directly improved to the process of real information initiation access application:By generating vehicle assumed name, realizing is needing to hand over
It is all substituted when mutual vehicle real information using vehicle assumed name, information of vehicles when avoiding vehicle access intelligent transportation system
Leakage, be more conducive to vehicle traveling and the communication information secrecy.
Further, public and private key pair is generated for vehicle by communication unit and is added using public and private key to carrying out communication
The close confidentiality that communication data has been effectively ensured.The embodiment of the present invention additionally provides a kind of vehicle cut-in method, for by described in
Vehicle accesses intelligent transportation server, and the vehicle cut-in method may be employed single by communication unit, digital certificate center, access
Member and intelligent transportation server form the vehicle access system 100 realize, the described method includes:
S202, the communication unit 10 send the first request to digital certificate center 20, and described first asks to ask
Digital certificate;
S204, the digital certificate center 20 request to generate number corresponding with the described first request according to described first and demonstrate,prove
Book and, the digital certificate is back to the communication unit 10;
S206, the communication unit 10 receive the digital certificate that the digital certificate center 20 returns, and according to the number
Word certificates constructing authorization messages, and the authorization messages are sent to the access unit 30;
S208, the access unit 30 receive the authorization messages, according to the second request of authorization messages generation, and will
Second request is sent to the intelligent transportation server 40, and second request is for ask will be described in vehicle access
Intelligent transportation server;
S210, the intelligent transportation server 40 verifies second request, and is determined whether according to verification result
The vehicle accesses the intelligent transportation server.
In the above-described embodiments, further included before the S202:
The communication unit 10 generates vehicle assumed name a and public-private key to (pk, sk) and according to the vehicle assumed name a
And public key pk generations first request.
In the above-described embodiments, the vehicle assumed name a is a random integers, for the replacement title as the vehicle,
For expressing its user for application digital certificate.
In the above-described embodiments, it is used as vehicle assumed name by generating random number, on the one hand by the real information of the vehicle,
For example vehicle code, car plate etc. are used to distinguish the Information hiding of vehicle, realize the safety of information of vehicles;On the other hand,
The random number is filled into the described first request, seems particularly necessary in following two situations:
Situation one
It is multiple when the communication unit 10 is ensures that the digital certificate center 20 receives first request really
When sending first request, the digital certificate center 20 for the principle for only providing same user a digital certificate,
It fills to the random number of the described first request and can be used for identifying whether to have provided digital certificate to the user, to avoid
Repeat the difficulty of subsequent authentication caused by providing.
Situation two
When having multiple communication units 10 to need to apply digital certificate, the digital certificate center 20 can profit
Distinguishing the first different requests from different communication unit 10 with the difference of the random number is particularly important.
In the above-described embodiments, the message package of first request concretely following several forms, specific form by
Consult definite communication protocol in advance or password judges, the specific form includes the content that message package includes and each content goes out
Existing order, the message packages of following several forms only to it includes content be defined, do not limit each content occur it is suitable
Sequence:
The first:Packet1 → (vehicle assumed name, public key) → (a)
It is automatic to know after the digital certificate center 20 receives the Packet1 during using the first message packet format
Different content on not described message package vehicle assumed name position and public key bits, and vehicle assumed name a and public key pk are regarded as respectively, and
For the vehicle assumed name a and public key pk generation certification certificates.
Second:Packet2 → (encryption data bag, public key) → ((a, pk)pk,pk)
During using second of message packet format, the encryption data bag is suitable by the vehicle assumed name a and the public key pk
The secondary character string connected and composed is encrypted by the public key pk.Described in being received when the digital certificate center 20
After Packet2, the public key pk described in automatic identification in message package public key bits, and decrypt the encryption data using the public key pk
Bag so as to obtain the vehicle assumed name a, and generates certification certificate further directed to the vehicle assumed name a and public key pk.
The third:Packet3 → (encryption data bag, vehicle assumed name, public key) → ((a, pk)pk,a,pk)
During using the third message packet format, the vehicle assumed name a also serves as public information and appears in the data packet,
With the difference of the Packet1 in adding vehicle assumed name a in the message package as public information.That so brings is good
During place, after the message package Packet3 is detected, the vehicle that can be detected first in the message package is false at digital certificate center 20
Whether whether name a has freshness, i.e., do not received before, and the public key pk decryption of next step is judged whether to this
Operation.It if for example, the vehicle assumed name a has freshness, carries out in next step, the encryption number is decrypted with the public key pk
According to bag, if the vehicle assumed name a does not have freshness, the data packet is directly made into discard processing.
In any one above-mentioned message package, since the public key pk is needed to 20 disclosure of digital certificate center, therefore in institute
It states in message package, the public key pk is presented with plaintext version.
In any one above-mentioned message package, a request can also be included in specific position and identified, the specific position
And judged by consulting definite communication protocol or password in advance, the request mark is that a request is issued for marking the message package
The message package issued licence, so as to which the digital certificate center 20 will decompose automatically.
In the above-described embodiments, to be that the user listed in certification is legal possess in certificate for the effect of the digital certificate
The public-key cryptography listed.The hash algorithm that the 20 generally use both sides of digital certificate center make an appointment is calculated one admittedly
The message digest of number is positioned, as long as and mathematically ensureing to change any message digest value one, recalculated in message
It will not be consistent with original value.It so ensures that the unalterable feature of message namely ensure that the authenticity of certificate.
In the above-described embodiments, the communication unit 10 in the S208 is specific according to digital certificate generation authorization messages
For:
The communication unit 10 is given birth to according to the vehicle assumed name a, the public key pk, the private key sk and the digital certificate
Into the authorization messages.
In the above-described embodiments, the specific form of the authorization messages equally by consulting definite communication protocol or mouth in advance
Order judges, the specific form includes the order that the content that includes of message package and each content occur, same in the authorization messages
Sample can contain one and authorize mark, described to authorize mark for marking the message package that the message package is an authorization messages.For example, institute
Stating authorization messages can be:(public key, private key, vehicle assumed name, digital certificate, request mark) → (pk, sk, a, cert, ap), wherein
Ap is to authorize mark.
In the above-described embodiments, the communication unit 10 can be an independent terminal, such as mobile phone, PAD, handset etc.,
Can also be the module built in one, for example, a built-in module that can completely realize communication function in the car, this hair
It is bright to be not construed as limiting.
In the above-described embodiments, the access unit 30 in the S208 is according to the second request of authorization messages generation
Specially:According to the vehicle assumed name a, the public key pk and the digital certificate generation second request.
The specific form of second request is equally judged by consulting definite communication protocol or password in advance, described specific
Form includes the order that the content that includes of message package and each content occur, can also be in certain bits in the described second request
It puts and is identified comprising a request, the specific position is also to be judged by consulting definite communication protocol or password in advance, described to ask
Mark is sought for marking message package of the message package for a request access intelligent transportation server 40, so as to which the intelligence is handed over
Logical server 40 automatically decomposes information.
In the above-described embodiments, the access unit 30 is the built-in vehicle for accessing the intelligent transportation service
The separate unit of device 40.
The S210 can be:When the verification result that the intelligent transportation server 40 returns is legal, the intelligence
Transportation server 40 allows the vehicle to access the intelligent transportation server 40;It is returned when the intelligent transportation server 40
When verification result is illegal, the intelligent transportation server 40 forbids the vehicle to access the intelligent transportation server 40.
In the above-described embodiments, the intelligent transportation server 40 has been previously implanted the digital certificate center 20 and has been used
Digital certificate generation method, hash algorithm as the aforementioned.When the intelligent transportation server 40 receives the second message
Afterwards, i.e., the public key decryptions related news bag in the second message obtains the vehicle assumed name a and public key pk, and according to institute
It states digital certificate generation method and reappears the generating process of the digital certificate, and judge the digital certificate of this generation and described the
Whether the digital certificate carried in two message is consistent, if unanimously, to be legal, the intelligent transportation server 40 allows the vehicle
The access intelligent transportation server 40;If inconsistent, to be illegal, the intelligent transportation server 40 does not allow the vehicle
The access intelligent transportation server 40.
In the above-described embodiments, the verification computing and the digital certificate center 20 that the intelligent transportation server 40 carries out
It is the computing of equidirectional, i.e.,:(pk a) generates number to cert1=Hash in the following way at the digital certificate center 20
Certificate, then the intelligent transportation server 40 also carry out following computing cert2=Hash (pk a), then verify that cert1 is equal to
Whether cert2 is true.
In the above-mentioned technical solutions, the relation of the digital certificate center 20 and the intelligent transportation server 40 between the two
It is:Can be two entities in two systems or a system, the present invention is not construed as limiting.
Through the above technical solutions, when current vehicle is accessed intelligent transportation server, digital card is independently initiated by vehicle
Book is asked and is directly improved to the process of real information initiation access application:By generating vehicle assumed name, realizing is needing to hand over
It is all substituted when mutual vehicle real information using vehicle assumed name, information of vehicles when avoiding vehicle access intelligent transportation system
Leakage, be more conducive to vehicle traveling and the communication information secrecy.
Further, public and private key pair is generated for vehicle by mobile terminal and is added using public and private key to carrying out communication
The close confidentiality that communication data has been effectively ensured.
Technique according to the invention scheme is described in detail above in association with attached drawing, the present invention can automatically be returned in user setting
Different processing methods is performed when multiple with reference to user's concrete condition so that user obtains message in time.
The foregoing is only a preferred embodiment of the present invention, is not intended to limit the invention, for the skill of this field
For art personnel, the invention may be variously modified and varied.Within the spirit and principles of the invention, that is made any repaiies
Change, equivalent substitution, improvement etc., should all be included in the protection scope of the present invention.
Claims (8)
1. a kind of vehicle access system, for the vehicle to be accessed intelligent transportation server, which is characterized in that the vehicle connects
Entering system includes communication unit, digital certificate center, access unit and intelligent transportation server, wherein:
The communication unit is used to send the first request to the digital certificate center, and described first asks to ask digital card
Book and, after returning to digital certificate at the digital certificate center, generation includes the authorization messages of the digital certificate, and general
The authorization messages are sent to the access unit;
The digital certificate center be used for according to described first request to generate with the described first corresponding digital certificate of request, with
And the digital certificate is back to the communication unit;The access unit is used to receive the authorization messages, and according to institute
The second request of authorization messages generation is stated, and the second request is sent to the intelligent transportation server, second request is used for
The vehicle is accessed the intelligent transportation server by request;
Whether the intelligent transportation server is legal for verifying second request, and is determined whether according to verification result
The vehicle accesses the intelligent transportation server;Wherein, the communication unit includes essential information generation module, the first request
Generation module, request sending module, certificate receiving module and authorization messages generation module, wherein:
The essential information generation module is used to generate vehicle assumed name and public-private key pair;
Described first requests to generate module for according to first request of the vehicle assumed name and public key generation;
The request sending module is used to the described first request being sent to the digital certificate center;
The certificate receiving module is used to receive the digital certificate that the digital certificate center returns;
The authorization messages generation module is used for according to the vehicle assumed name, the public key, the private key and the digital certificate
Generate the authorization messages.
2. vehicle access system according to claim 1, which is characterized in that the vehicle assumed name is used to be used as the vehicle
Replacement title, to represent the vehicle as the user for applying for the digital certificate, the vehicle assumed name is a random number.
3. the vehicle access system according to claim 1, which is characterized in that the access unit is false according to the vehicle
Name, the public key and digital certificate generation second request.
4. according to any one of them vehicle access system of claims 1 to 3, which is characterized in that when the intelligent transportation takes
When the verification result that business device returns is legal, the intelligent transportation server allows the vehicle to access the intelligent transportation service
Device;
When the verification result that the intelligent transportation server returns is illegal, the intelligent transportation server forbids the vehicle
Access the intelligent transportation server.
5. a kind of vehicle cut-in method, applied to by communication unit, digital certificate center, access unit and intelligent transportation server
The vehicle access system of composition, the described method includes:
The communication unit sends the first request to digital certificate center, and first request is for digital certificate request;
The digital certificate center according to described first request to generate with the described first corresponding digital certificate of request and, will
The digital certificate is back to the communication unit;
The communication unit receives the digital certificate that the digital certificate center returns, and is generated and authorized according to the digital certificate
Message, while the authorization messages are sent to the access unit;
The access unit receives the authorization messages, according to the second request of authorization messages generation, and please by described second
It asks and is sent to the intelligent transportation server, the vehicle is accessed the intelligent transportation service by second request for request
Device;
Whether the second request is legal described in the intelligent transportation server authentication, and according to determining whether verification result
Vehicle accesses the intelligent transportation server;Wherein, before the communication unit sends the first request to digital certificate center,
The method further includes:Communication unit generation vehicle assumed name and public-private key pair and, according to the vehicle assumed name and
Public key generation first request.
6. vehicle cut-in method according to claim 5, which is characterized in that the communication unit is according to the digital certificate
Generating authorization messages is:The communication unit is given birth to according to the vehicle assumed name, the public key, the private key and the digital certificate
Into the authorization messages;
The access unit is asked according to authorization messages generation second:The access unit according to the vehicle assumed name,
The public key and digital certificate generation second request.
7. vehicle cut-in method according to claim 5, which is characterized in that the vehicle assumed name is used to be used as the vehicle
Replacement title, to represent the vehicle as the user for applying for the digital certificate, the vehicle assumed name is a random number.
8. according to any one of them vehicle cut-in method of claim 5 to 7, which is characterized in that
When the verification result that the intelligent transportation server returns is legal, the intelligent transportation server allows the vehicle
Access the intelligent transportation server;
When the verification result that the intelligent transportation server returns is illegal, the intelligent transportation server forbids the vehicle
Access the intelligent transportation server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410187144.2A CN103974255B (en) | 2014-05-05 | 2014-05-05 | A kind of vehicle access system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410187144.2A CN103974255B (en) | 2014-05-05 | 2014-05-05 | A kind of vehicle access system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103974255A CN103974255A (en) | 2014-08-06 |
| CN103974255B true CN103974255B (en) | 2018-06-05 |
Family
ID=51243195
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410187144.2A Active CN103974255B (en) | 2014-05-05 | 2014-05-05 | A kind of vehicle access system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103974255B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FR3030850B1 (en) * | 2014-12-23 | 2020-01-24 | Valeo Comfort And Driving Assistance | METHOD FOR CONTROLLING ACCESS TO AT LEAST ONE FUNCTIONALITY OF A MOTOR VEHICLE |
| CN105516134B (en) * | 2015-12-08 | 2018-10-30 | 浪潮(北京)电子信息产业有限公司 | A kind of authentication method and system of the system integration |
| CN105704160B (en) * | 2016-04-12 | 2019-01-08 | 南京理学工程数据技术有限公司 | Vehicle-mounted data real-time computing technique |
| CN106506161B (en) * | 2016-10-31 | 2023-08-15 | 宇龙计算机通信科技(深圳)有限公司 | Privacy protection method and privacy protection device in vehicle communication |
| CN108055236A (en) * | 2017-11-03 | 2018-05-18 | 深圳市轱辘车联数据技术有限公司 | A kind of data processing method, mobile unit and electronic equipment |
| CN111917685B (en) * | 2019-05-07 | 2022-05-31 | 华为云计算技术有限公司 | Method for applying for digital certificate |
| CN113810411B (en) * | 2021-09-17 | 2023-02-14 | 公安部交通管理科学研究所 | Traffic control facility digital certificate management method and system |
| WO2024113077A1 (en) * | 2022-11-28 | 2024-06-06 | 华为技术有限公司 | Communication method and apparatus, and vehicle |
| CN117676580B (en) * | 2023-12-14 | 2024-05-17 | 上海博汽智能科技有限公司 | Safety authentication method based on vehicle-mounted gateway |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1961605A (en) * | 2004-05-28 | 2007-05-09 | 皇家飞利浦电子股份有限公司 | Privacy-preserving information distributing system |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1753569B (en) * | 2005-11-02 | 2010-05-12 | 中国移动通信集团公司 | System and method for mobile communication data service processing based on pseudocode |
| JP6113079B2 (en) * | 2011-01-20 | 2017-04-12 | コーニンクレッカ フィリップス エヌ ヴェKoninklijke Philips N.V. | Cognitive radio device authentication and authorization |
| CN103281191B (en) * | 2013-05-30 | 2016-02-17 | 江苏大学 | The method and system communicated is carried out based on car networking |
-
2014
- 2014-05-05 CN CN201410187144.2A patent/CN103974255B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1961605A (en) * | 2004-05-28 | 2007-05-09 | 皇家飞利浦电子股份有限公司 | Privacy-preserving information distributing system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103974255A (en) | 2014-08-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103974255B (en) | A kind of vehicle access system and method | |
| EP3726865B1 (en) | Method and system for generating and using virtual key of vehicle | |
| CN112528250B (en) | System and method for realizing data privacy and digital identity through block chain | |
| CN101547095B (en) | Application service management system and management method based on digital certificate | |
| CN1714529B (en) | Domain-based digital-rights management system with easy and secure device enrollment | |
| CN101300808B (en) | Method and arrangement for secure autentication | |
| CN109309565A (en) | Method and device for security authentication | |
| CN101136748B (en) | Identification authentication method and system | |
| CN107105060A (en) | A kind of method for realizing electric automobile information security | |
| CN114172740B (en) | Distribution network certificate verification-based distribution network security access method | |
| JPH06223041A (en) | Rarge-area environment user certification system | |
| CN114006736B (en) | Instant communication message protection system and method based on hardware password equipment | |
| JP2008060789A (en) | Public key distribution system and public key distribution method | |
| CN105162797A (en) | Bidirectional authentication method based on video surveillance system | |
| CN103684798A (en) | Authentication system used in distributed user service | |
| CN109495441A (en) | Access authentication method, device, relevant device and computer readable storage medium | |
| CN108964897A (en) | Identity authorization system and method based on group communication | |
| CN112565294B (en) | Identity authentication method based on block chain electronic signature | |
| CN108667801A (en) | A kind of Internet of Things access identity safety certifying method and system | |
| CN110611679A (en) | Data transmission method, device, equipment and system | |
| CN109618313B (en) | Vehicle-mounted Bluetooth device and connection method and system thereof | |
| CN114036490B (en) | Plug-in software interface calling security authentication method, USBKey driving device and authentication system | |
| CN106027254A (en) | Secret key use method for identity card reading terminal in identity card authentication system | |
| CN114422266A (en) | IDaaS system based on dual verification mechanism | |
| CN111628860A (en) | Method for generating and applying double-key system digital certificate |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |