[go: up one dir, main page]

CN108600240B - Communication system and communication method thereof - Google Patents

Communication system and communication method thereof Download PDF

Info

Publication number
CN108600240B
CN108600240B CN201810408721.4A CN201810408721A CN108600240B CN 108600240 B CN108600240 B CN 108600240B CN 201810408721 A CN201810408721 A CN 201810408721A CN 108600240 B CN108600240 B CN 108600240B
Authority
CN
China
Prior art keywords
vehicle
fog node
digital certificate
key
service request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810408721.4A
Other languages
Chinese (zh)
Other versions
CN108600240A (en
Inventor
郝虹
段成德
于治楼
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inspur Group Co Ltd
Original Assignee
Inspur Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inspur Group Co Ltd filed Critical Inspur Group Co Ltd
Priority to CN201810408721.4A priority Critical patent/CN108600240B/en
Publication of CN108600240A publication Critical patent/CN108600240A/en
Application granted granted Critical
Publication of CN108600240B publication Critical patent/CN108600240B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本发明提供了一种通信系统及其通信方法,包括:至少一个车辆和至少一个雾节点;车辆,用于当接收到用户发送的首次服务请求时,利用非对称车辆私钥对首次服务请求签名,将车辆数字证书和签名后的首次服务请求发送给与雾节点;接收并验证雾节点发送的雾节点数字证书和签名后的首次回执信息;当验证通过时,获取解密后的首次回执信息;雾节点,用于接收并验证车辆发送的车辆数字证书和签名后的首次服务请求当验证通过时生成首次回执信息,利用预先获取的非对称雾节点私钥对首次回执信息签名,将预先获取的雾节点数字证书和签名后的首次回执信息发送给车辆。本方案能够提高车辆与雾节点通信的安全性。

Figure 201810408721

The present invention provides a communication system and a communication method thereof, comprising: at least one vehicle and at least one fog node; the vehicle is used for signing the first service request with an asymmetric vehicle private key when receiving the first service request sent by the user , send the vehicle digital certificate and the signed first service request to the fog node; receive and verify the fog node digital certificate sent by the fog node and the signed first receipt information; when the verification is passed, obtain the decrypted first receipt information; The fog node is used to receive and verify the vehicle digital certificate sent by the vehicle and the first service request after the signature. When the verification is passed, the first receipt information is generated, and the pre-acquired private key of the asymmetric fog node is used to sign the first receipt information. The fog node digital certificate and the signed first receipt information are sent to the vehicle. This solution can improve the safety of communication between vehicles and fog nodes.

Figure 201810408721

Description

一种通信系统及其通信方法A communication system and communication method thereof

技术领域technical field

本发明涉及雾计算与车联网安全领域,特别涉及一种通信系统及其通信方法The invention relates to the field of fog computing and Internet of Vehicles security, in particular to a communication system and a communication method thereof

背景技术Background technique

车联网作为智慧交通的一部分,为解决城市交通问题提供了发展方向。近年来,随着车辆数目和车联网数据的爆炸式增长,云计算网络带宽资源将严重不足,而且无法满足车联网移动性和低时延的特性。而雾节点的出现,大大改善了这种状况。As a part of smart transportation, the Internet of Vehicles provides a development direction for solving urban traffic problems. In recent years, with the explosive growth of the number of vehicles and the data of the Internet of Vehicles, cloud computing network bandwidth resources will be seriously insufficient, and the mobility and low-latency characteristics of the Internet of Vehicles cannot be met. The emergence of fog nodes has greatly improved this situation.

目前,雾节点部署在网络边缘,具有位置感知和低时延的特性,使其能够更好地应用到车联网中。但是,车辆作为车联网中的移动节点,只能通过无线移动网络与雾节点通信,相比传统网络信道安全性更差,更易遭受攻击。如果车辆端收到恶意攻击,容易造成自身隐私泄露。而雾节点被攻击后,其服务的其他车辆就会面临信息泄露的威胁,甚至雾节点连接的上层云环境也会受到影响,从而导致车辆与雾节点通信的安全性低。At present, fog nodes are deployed at the edge of the network and have the characteristics of location awareness and low latency, making them better applicable to the Internet of Vehicles. However, as a mobile node in the Internet of Vehicles, the vehicle can only communicate with the fog node through the wireless mobile network. Compared with the traditional network channel, the security is worse and it is more vulnerable to attack. If the vehicle end receives a malicious attack, it is easy to leak its own privacy. After the fog node is attacked, other vehicles it serves will face the threat of information leakage, and even the upper cloud environment connected to the fog node will be affected, resulting in low security of communication between the vehicle and the fog node.

发明内容SUMMARY OF THE INVENTION

本发明实施例提供了一种通信系统及其通信方法,能够提高车辆与雾节点通信的安全性。Embodiments of the present invention provide a communication system and a communication method thereof, which can improve the safety of communication between vehicles and fog nodes.

第一方面,本发明实施例提供了一种通信系统,包括:In a first aspect, an embodiment of the present invention provides a communication system, including:

至少一个车辆和至少一个雾节点;at least one vehicle and at least one fog node;

每一个所述车辆,用于当接收到用户发送的首次服务请求时,利用预先获取的非对称车辆私钥对所述首次服务请求签名,将预先获取的车辆数字证书和签名后的所述首次服务请求发送给与雾节点;当接收到所述雾节点发送的雾节点数字证书和签名后的首次回执信息时,验证所述雾节点数字证书和签名后的所述首次回执信息;当验证通过时,获取解密后的所述首次回执信息;Each of the vehicles is configured to, when receiving the first service request sent by the user, use the pre-acquired asymmetric vehicle private key to sign the first service request, and sign the pre-acquired vehicle digital certificate and the signed first service request. The service request is sent to the fog node; when receiving the fog node digital certificate and the signed first receipt information sent by the fog node, verify the fog node digital certificate and the signed first receipt information; when the verification passes , obtain the decrypted first receipt information;

每一个雾节点,用于当接收到所述车辆发送的所述车辆数字证书和签名后的所述首次服务请求时,验证所述车辆数字证书和签名后的所述首次服务请求,当验证通过时生成所述首次回执信息,利用预先获取的非对称雾节点私钥对所述首次回执信息签名,将预先获取的所述雾节点数字证书和签名后的所述首次回执信息发送给所述车辆。Each fog node is configured to, when receiving the vehicle digital certificate and the signed first service request sent by the vehicle, verify the vehicle digital certificate and the signed first service request, and when the verification passes When generating the first receipt information, use the pre-obtained asymmetric fog node private key to sign the first receipt information, and send the pre-acquired fog node digital certificate and the signed first receipt information to the vehicle .

优选地,进一步包括:证书授权中心CA中心;Preferably, it further includes: a certificate authority CA center;

所述车辆,用于预先向所述CA中心发送携带车辆身份信息的车辆证书申请,并接收所述CA中心发送的车辆数字证书和非对称车辆私钥;The vehicle is used to send a vehicle certificate application carrying vehicle identity information to the CA center in advance, and receive the vehicle digital certificate and the asymmetric vehicle private key sent by the CA center;

所述雾节点,用于预先向所述CA中心发送携带雾节点身份信息的雾节点证书申请,并接收所述CA中心发送的雾节点数字证书和非对称雾节点私钥;The fog node is used to send the fog node certificate application carrying the fog node identity information to the CA center in advance, and receive the fog node digital certificate and the asymmetric fog node private key sent by the CA center;

所述CA中心,用于当接收到所述车辆发送的携带车辆身份信息的车辆证书申请,根据预设的加密规则,利用所述车辆身份信息生成所述车辆数字证书和所述非对称车辆私钥,将所述车辆数字证书和所述非对称车辆私钥发送给所述车辆;当接收到所述雾节点发送的携带雾节点身份信息的雾节点证书申请,根据所述加密规则,利用所述雾节点身份信息生成所述雾节点数字证书和所述非对称雾节点私钥,将所述雾节点数字证书和所述非对称雾节点私钥发送给所述雾节点。The CA center is used to generate the vehicle digital certificate and the asymmetric vehicle private information by using the vehicle identity information according to the preset encryption rules when receiving the vehicle certificate application carrying the vehicle identity information sent by the vehicle. send the vehicle digital certificate and the asymmetric vehicle private key to the vehicle; when receiving the fog node certificate application carrying the fog node identity information sent by the fog node, according to the encryption rules, use the The fog node identity information generates the fog node digital certificate and the asymmetric fog node private key, and sends the fog node digital certificate and the asymmetric fog node private key to the fog node.

优选地,所述CA中心,进一步用于公布预先生成的中心公钥;Preferably, the CA center is further configured to publish a pre-generated center public key;

所述车辆,用于确定所述中心公钥是否能解密所述雾节点数字证书,如果是,获取解密后的所述雾节点数字证书中的雾节点公钥;利用所述雾节点公钥解密签名后所述首次回执信息;The vehicle is used to determine whether the central public key can decrypt the fog node digital certificate, and if so, obtain the fog node public key in the decrypted fog node digital certificate; decrypt using the fog node public key The first receipt information after signing;

所述雾节点,用于确定所述中心公钥是否能解密所述车辆数字证书,如果是,获取解密后的所述车辆数字证书中的车辆公钥;利用所述车辆公钥解密签名后的所述首次服务请求。The fog node is used to determine whether the central public key can decrypt the vehicle digital certificate, and if so, obtain the vehicle public key in the decrypted vehicle digital certificate; use the vehicle public key to decrypt the signed vehicle public key. the first service request.

优选地,所述车辆,进一步用于当接收到所述用户发送的再次服务请求时,按照预设的密钥规则生成对称根密钥;利用所述非对称车辆私钥对所述对称根密钥和所述再次服务请求加密,生成密钥协商信息;将所述密钥协商信息发送给所述雾节点;当接收到所述雾节点发送的加密后的再次回执信息时,利用所述对称根密钥解密加密后的所述再次回执信息,获取解密后的所述再次回执信息;Preferably, the vehicle is further configured to generate a symmetric root key according to a preset key rule when receiving a re-service request sent by the user; and use the asymmetric vehicle private key to generate a symmetric root key for the symmetric root key. encrypt the key and the re-service request to generate key agreement information; send the key agreement information to the fog node; when receiving the encrypted re-receipt information sent by the fog node, use the symmetric The root key decrypts the encrypted re-receipt information, and obtains the decrypted re-receipt information;

所述雾节点,进一步用于当接收到所述车辆所述密钥协商信息时,利用所述车辆公钥解密所述密钥协商信息,获取所述对称根密钥和所述再次服务请求;生成与所述再次服务请求对应的再次回执信息;利用所述对称根密钥加密所述再次回执信息;将加密后的所述再次回执信息发送给所述车辆。The fog node is further configured to decrypt the key agreement information by using the vehicle public key when receiving the key agreement information of the vehicle, and obtain the symmetric root key and the re-service request; generating re-receipt information corresponding to the re-service request; encrypting the re-receipt information by using the symmetric root key; and sending the encrypted re-receipt information to the vehicle.

优选地,所述车辆,进一步用于确定是否在预设的时限内接收到加密后所述的再次回执信息,如果是,当接收到所述用户发送的后续服务请求时,利用所述对称根密钥加密所述后续服务请求,生成新通信信息,并将新通信信息发送给所述雾节点;否则,当接收到所述后续服务请求时,根据所述密钥规则生成新对称根密钥,利用所述非对称车辆私钥对所述新对称根密钥和所述后续服务请求加密,生成所述新通信信息,并将所述新通信信息发送给所述雾节点,以使所述雾节点根据所述新通信信息发送对应的后续回执信息。Preferably, the vehicle is further configured to determine whether the encrypted re-receipt information is received within a preset time limit, and if so, when a subsequent service request sent by the user is received, use the symmetric root The key encrypts the subsequent service request, generates new communication information, and sends the new communication information to the fog node; otherwise, when the subsequent service request is received, a new symmetric root key is generated according to the key rule , encrypt the new symmetric root key and the subsequent service request with the asymmetric vehicle private key, generate the new communication information, and send the new communication information to the fog node, so that the The fog node sends corresponding subsequent receipt information according to the new communication information.

优选地,所述雾节点,进一步用于预先设置服务用户列表,将所述车辆数字证书、所述车辆公钥、所述车辆的最后服务时间、所述对称根密钥和所述对称根密钥的时限记录到所述服务用户列表中;当接收到所述新通信信息时,执行:Preferably, the fog node is further configured to preset a service user list, which includes the vehicle digital certificate, the vehicle public key, the last service time of the vehicle, the symmetric root key and the symmetric root key. The time limit of the key is recorded in the service user list; when the new communication information is received, execute:

S0:确定所述服务用户列表中是否存在与所述车辆对应的对称根密钥,如果是,执行S1,否则,执行S3;S0: determine whether there is a symmetric root key corresponding to the vehicle in the service user list, if so, execute S1, otherwise, execute S3;

S1:根据所述最后服务时间和所述时限,确定所述对称根密钥是否有效,如果是,执行S2,否则,执行S3;S1: According to the last service time and the time limit, determine whether the symmetric root key is valid, if so, execute S2, otherwise, execute S3;

S2:利用所述对称根密钥解密所述新通信信息,更新所述服务用户列表中的最后服务时间;S2: decrypt the new communication information by using the symmetric root key, and update the last service time in the service user list;

S3:利用所述车辆公钥解密所述新通信信息,删除所述服务用户列表中所述对称根密钥和所述对称根密钥的时限。S3: Decrypt the new communication information by using the vehicle public key, and delete the symmetric root key and the time limit of the symmetric root key in the service user list.

优选地,所述CA中心,进一步用于公布预先生成的证书撤销列表;Preferably, the CA center is further configured to publish a pre-generated certificate revocation list;

所述雾节点,进一步用于当接收到所述车辆发送的所述车辆数字证书和签名后的所述首次服务请求时,确定所述车辆数字证书是否在所述证书撤销列表,如果是,取消本次通信,否则,执行所述验证所述车辆数字证书和签名后的所述首次服务请求。The fog node is further configured to, when receiving the vehicle digital certificate and the signed first service request sent by the vehicle, determine whether the vehicle digital certificate is in the certificate revocation list, and if so, cancel it This communication, otherwise, execute the first service request after verifying the vehicle digital certificate and the signature.

第二方面,本发明实施例提供了一种基于第一方面任一所述的通信系统的通信方法,包括:In a second aspect, an embodiment of the present invention provides a communication method based on any one of the communication systems described in the first aspect, including:

至少一个车辆中的每一个车辆,当接收到用户发送的首次服务请求时,利用预先获取的非对称车辆私钥对所述首次服务请求签名,将预先获取的车辆数字证书和签名后的所述首次服务请求发送给与雾节点;当接收到所述雾节点发送的雾节点数字证书和签名后的首次回执信息时,验证所述雾节点数字证书和签名后的所述首次回执信息;当验证通过时,获取解密后的所述首次回执信息;Each vehicle in the at least one vehicle, when receiving the first service request sent by the user, signs the first service request with the pre-acquired asymmetric vehicle private key, and converts the pre-acquired vehicle digital certificate and the signed said service request. The first service request is sent to the fog node; when receiving the fog node digital certificate and the signed first receipt information sent by the fog node, verify the fog node digital certificate and the signed first receipt information; when verifying When passed, obtain the decrypted first receipt information;

至少一个雾节点中的每一个所述雾节点,当接收到所述车辆发送的所述车辆数字证书和签名后的所述首次服务请求时,验证所述车辆数字证书和签名后的所述首次服务请求,当验证通过时生成所述首次回执信息,利用预先获取的非对称雾节点私钥对所述首次回执信息签名,将预先获取的所述雾节点数字证书和签名后的所述首次回执信息发送给所述车辆。Each of the at least one fog node, when receiving the vehicle digital certificate and the signed first service request sent by the vehicle, verifies the vehicle digital certificate and the signed first service request. Service request, when the verification is passed, generate the first receipt information, use the pre-obtained asymmetric fog node private key to sign the first receipt information, and sign the pre-acquired fog node digital certificate and the signed first receipt. information is sent to the vehicle.

优选地,在所述利用预先获取的非对称车辆私钥对所述首次服务请求签名之前,进一步包括:Preferably, before using the pre-acquired asymmetric vehicle private key to sign the first service request, the method further includes:

所述车辆预先向CA中心发送携带车辆身份信息的车辆证书申请,并接收所述CA中心发送的车辆数字证书和非对称车辆私钥;The vehicle sends a vehicle certificate application carrying vehicle identity information to the CA center in advance, and receives the vehicle digital certificate and asymmetric vehicle private key sent by the CA center;

在所述利用预先获取的非对称雾节点私钥对所述首次回执信息签名之前,进一步包括:Before using the pre-acquired private key of the asymmetric fog node to sign the first receipt information, the method further includes:

所述雾节点预先向所述CA中心发送携带雾节点身份信息的雾节点证书申请,并接收所述CA中心发送的雾节点数字证书和非对称雾节点私钥;The fog node sends the fog node certificate application carrying the fog node identity information to the CA center in advance, and receives the fog node digital certificate and the asymmetric fog node private key sent by the CA center;

所述CA中心当接收到所述车辆发送的携带车辆身份信息的车辆证书申请,根据预设的加密规则,利用所述车辆身份信息生成所述车辆数字证书和所述非对称车辆私钥,将所述车辆数字证书和所述非对称车辆私钥发送给所述车辆;当接收到所述雾节点发送的携带雾节点身份信息的雾节点证书申请,根据所述加密规则,利用所述雾节点身份信息生成所述雾节点数字证书和所述非对称雾节点私钥,将所述雾节点数字证书和所述非对称雾节点私钥发送给所述雾节点。When the CA center receives the vehicle certificate application carrying the vehicle identity information sent by the vehicle, it generates the vehicle digital certificate and the asymmetric vehicle private key by using the vehicle identity information according to the preset encryption rules, and converts the The vehicle digital certificate and the asymmetric vehicle private key are sent to the vehicle; when the fog node certificate application carrying the fog node identity information sent by the fog node is received, the fog node is used according to the encryption rule. The identity information generates the fog node digital certificate and the asymmetric fog node private key, and sends the fog node digital certificate and the asymmetric fog node private key to the fog node.

优选地,在所述将所述车辆数字证书和所述非对称车辆私钥发送给所述车辆之前,进一步包括:Preferably, before the sending the vehicle digital certificate and the asymmetric vehicle private key to the vehicle, the method further includes:

所述CA中心公布预先生成的证书撤销列表;The CA center publishes a pre-generated certificate revocation list;

所述雾节点当接收到所述车辆发送的所述车辆数字证书和签名后的所述首次服务请求时,确定所述车辆数字证书是否在所述证书撤销列表,如果是,取消本次通信,否则,执行所述验证所述车辆数字证书和签名后的所述首次服务请求。When receiving the vehicle digital certificate and the signed first service request sent by the vehicle, the fog node determines whether the vehicle digital certificate is in the certificate revocation list, and if so, cancels this communication, Otherwise, the first service request after the verification of the vehicle digital certificate and the signature is performed.

在本发明实施例中,车辆在与雾节点交互之前,通信双方需要先获取各自的数字证书,以使雾节点在与车辆交互时,根据车辆数字证书确定车辆的身份是否合法,当确定合法时,将雾节点数字证书及对应的首次回执信息发送给车辆,以使车辆根据雾节点数字证书确定雾节点的身份是否合法,当且仅当确定雾节点的身份合法时,获取雾节点发送的首次回执信息。综上可见,向外部雾节点发送车辆数字证书和接收外部雾节点发送的雾节点数字证书,可以使得通信双方将数字证书作为双方身份认证的凭据,确定通信双方身份的合法性,从而能够提高车辆与雾节点通信的安全性。In the embodiment of the present invention, before the vehicle interacts with the fog node, both parties in the communication need to obtain their respective digital certificates, so that when the fog node interacts with the vehicle, it can determine whether the identity of the vehicle is legal according to the vehicle digital certificate. , send the fog node digital certificate and the corresponding first receipt information to the vehicle, so that the vehicle can determine whether the identity of the fog node is legal according to the fog node digital certificate, and if and only when the identity of the fog node is determined to be legal, obtain the first time sent by the fog node. Receipt information. To sum up, it can be seen that sending the vehicle digital certificate to the external fog node and receiving the fog node digital certificate sent by the external fog node can enable both parties to use the digital certificate as a credential for the identity authentication of both parties to determine the legitimacy of the identities of the two parties in communication, thereby improving the vehicle quality. The security of communicating with fog nodes.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to illustrate the embodiments of the present invention or the technical solutions in the prior art more clearly, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the drawings in the following description are For some embodiments of the present invention, for those of ordinary skill in the art, other drawings can also be obtained according to these drawings without creative efforts.

图1是本发明一实施例提供的一种通信系统的结构示意图;1 is a schematic structural diagram of a communication system according to an embodiment of the present invention;

图2是本发明一实施例提供的另一种通信系统的结构示意图;FIG. 2 is a schematic structural diagram of another communication system provided by an embodiment of the present invention;

图3是本发明一实施例提供的又一种通信系统的结构示意图;3 is a schematic structural diagram of another communication system provided by an embodiment of the present invention;

图4是本发明一实施例提供的一种通信系统的通信方法的流程图。FIG. 4 is a flowchart of a communication method of a communication system provided by an embodiment of the present invention.

具体实施方式Detailed ways

为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例,基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动的前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purposes, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of the embodiments of the present invention, not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative work are protected by the present invention. scope.

如图1所示,本发明实施例提供了一种通信系统,包括:至少一个车辆101和至少一个雾节点102;As shown in FIG. 1, an embodiment of the present invention provides a communication system, including: at least one vehicle 101 and at least one fog node 102;

每一个所述车辆101,用于当接收到用户发送的首次服务请求时,利用预先获取的非对称车辆私钥对所述首次服务请求签名,将预先获取的车辆数字证书和签名后的所述首次服务请求发送给与雾节点102;当接收到所述雾节点102发送的雾节点数字证书和签名后的首次回执信息时,验证所述雾节点数字证书和签名后的所述首次回执信息;当验证通过时,获取解密后的所述首次回执信息;Each of the vehicles 101 is configured to, when receiving the first service request sent by the user, sign the first service request with a pre-acquired asymmetric vehicle private key, and sign the pre-acquired vehicle digital certificate and the signed The first service request is sent to the fog node 102; when receiving the fog node digital certificate and the signed first receipt information sent by the fog node 102, verify the fog node digital certificate and the signed first receipt information; When the verification is passed, obtain the decrypted first receipt information;

每一个雾节点102,用于当接收到所述车辆101发送的所述车辆数字证书和签名后的所述首次服务请求时,验证所述车辆数字证书和签名后的所述首次服务请求,当验证通过时生成所述首次回执信息,利用预先获取的非对称雾节点私钥对所述首次回执信息签名,将预先获取的所述雾节点数字证书和签名后的所述首次回执信息发送给所述车辆101。Each fog node 102 is configured to, when receiving the vehicle digital certificate and the signed first service request sent by the vehicle 101, verify the vehicle digital certificate and the signed first service request, when When the verification is passed, generate the first receipt information, use the pre-acquired private key of the asymmetric fog node to sign the first receipt information, and send the pre-acquired fog node digital certificate and the signed first receipt information to the Described vehicle 101.

在本发明实施例中,车辆在与雾节点交互之前,通信双方需要先获取各自的数字证书,以使雾节点在与车辆交互时,根据车辆数字证书确定车辆的身份是否合法,当确定合法时,将雾节点数字证书及对应的首次回执信息发送给车辆,以使车辆根据雾节点数字证书确定雾节点的身份是否合法,当且仅当确定雾节点的身份合法时,获取雾节点发送的首次回执信息。综上可见,向外部雾节点发送车辆数字证书和接收外部雾节点发送的雾节点数字证书,可以使得通信双方将数字证书作为双方身份认证的凭据,确定通信双方身份的合法性,从而能够提高车辆与雾节点通信的安全性。In the embodiment of the present invention, before the vehicle interacts with the fog node, both parties in the communication need to obtain their respective digital certificates, so that when the fog node interacts with the vehicle, it can determine whether the identity of the vehicle is legal according to the vehicle digital certificate. , send the fog node digital certificate and the corresponding first receipt information to the vehicle, so that the vehicle can determine whether the identity of the fog node is legal according to the fog node digital certificate, and if and only when the identity of the fog node is determined to be legal, obtain the first time sent by the fog node. Receipt information. To sum up, it can be seen that sending the vehicle digital certificate to the external fog node and receiving the fog node digital certificate sent by the external fog node can enable both parties to use the digital certificate as a credential for the identity authentication of both parties to determine the legitimacy of the identities of the two parties in communication, thereby improving the vehicle quality. The security of communicating with fog nodes.

基于图1所示的通信系统,如图2所示,在本发明一实施例中,所述通信系统,进一步包括:证书授权中心CA中心201;Based on the communication system shown in FIG. 1, as shown in FIG. 2, in an embodiment of the present invention, the communication system further includes: a certificate authority CA center 201;

所述车辆101,用于预先向所述CA中心201发送携带车辆身份信息的车辆证书申请,并接收所述CA中心201发送的车辆数字证书和非对称车辆私钥;The vehicle 101 is used to send a vehicle certificate application carrying vehicle identity information to the CA center 201 in advance, and receive the vehicle digital certificate and asymmetric vehicle private key sent by the CA center 201;

所述雾节点102,用于预先向所述CA中心201发送携带雾节点身份信息的雾节点证书申请,并接收所述CA中心201发送的雾节点数字证书和非对称雾节点私钥;The fog node 102 is configured to send the fog node certificate application carrying the fog node identity information to the CA center 201 in advance, and receive the fog node digital certificate and the asymmetric fog node private key sent by the CA center 201;

所述CA中心201,用于当接收到所述车辆101发送的携带车辆身份信息的车辆证书申请,根据预设的加密规则,利用所述车辆身份信息生成所述车辆数字证书和所述非对称车辆私钥,将所述车辆数字证书和所述非对称车辆私钥发送给所述车辆101;当接收到所述雾节点102发送的携带雾节点身份信息的雾节点证书申请,根据所述加密规则,利用所述雾节点身份信息生成所述雾节点数字证书和所述非对称雾节点私钥,将所述雾节点数字证书和所述非对称雾节点私钥发送给所述雾节点102。The CA center 201 is configured to, when receiving a vehicle certificate application carrying vehicle identity information sent by the vehicle 101, use the vehicle identity information to generate the vehicle digital certificate and the asymmetric vehicle according to a preset encryption rule. vehicle private key, send the vehicle digital certificate and the asymmetric vehicle private key to the vehicle 101; when receiving the fog node certificate application carrying the fog node identity information sent by the fog node 102, according to the encryption According to the rules, the fog node digital certificate and the asymmetric fog node private key are generated by using the fog node identity information, and the fog node digital certificate and the asymmetric fog node private key are sent to the fog node 102 .

在本发明实施例中,车辆与雾节点在交互之前,分别向可信的CA中心申请证书申请,可以使得CA中心分别为车辆和雾节点颁发各自的数字证书,以使通信双方将数字证书作为通信双方身份认证的凭据,从而实现提高车辆与雾节点通信的安全性的目的。In the embodiment of the present invention, before the vehicle and the fog node interact, respectively apply for a certificate application to the trusted CA center, so that the CA center can issue their own digital certificates for the vehicle and the fog node respectively, so that both parties in the communication use the digital certificate as the digital certificate. Credentials for identity authentication of both parties in communication, so as to achieve the purpose of improving the security of communication between vehicles and fog nodes.

在本发明一实施例中,所述CA中心,进一步用于公布预先生成的中心公钥;In an embodiment of the present invention, the CA center is further configured to publish a pre-generated center public key;

所述车辆,用于确定所述中心公钥是否能解密所述雾节点数字证书,如果是,获取解密后的所述雾节点数字证书中的雾节点公钥;利用所述雾节点公钥解密签名后所述首次回执信息;The vehicle is used to determine whether the central public key can decrypt the fog node digital certificate, and if so, obtain the fog node public key in the decrypted fog node digital certificate; decrypt using the fog node public key The first receipt information after signing;

所述雾节点,用于确定所述中心公钥是否能解密所述车辆数字证书,如果是,获取解密后的所述车辆数字证书中的车辆公钥;利用所述车辆公钥解密签名后的所述首次服务请求。The fog node is used to determine whether the central public key can decrypt the vehicle digital certificate, and if so, obtain the vehicle public key in the decrypted vehicle digital certificate; use the vehicle public key to decrypt the signed vehicle public key. the first service request.

在本发明实施例中,由于非对称车辆私钥在车辆处,非对称雾节点私钥在雾节点处,他人无法获取非对称车辆私钥和非对称雾节点私钥,因此,车辆在与雾节点交互信息时,利用非对称车辆私钥对交互信息签名,以及雾节点在与车辆交互信息时,利用非对称雾节点私钥对交互信息签名,可以使得他人无法伪造被签名的交互信息,在通信双方确定可以解密对应的交互信息时,即可确定对方的身份合法,在确定对方为合法身份时再进行交互可以避免通信双方的信息被窃取,从而可以提高提高车辆与雾节点通信的安全性。In the embodiment of the present invention, since the private key of the asymmetric vehicle is at the vehicle and the private key of the asymmetric fog node is at the fog node, others cannot obtain the private key of the asymmetric vehicle and the private key of the asymmetric fog node. When the nodes exchange information, the asymmetric vehicle private key is used to sign the interaction information, and when the fog node exchanges information with the vehicle, the asymmetric fog node private key is used to sign the interaction information, so that others cannot forge the signed interaction information. When both parties of the communication determine that the corresponding interaction information can be decrypted, the identity of the other party can be determined to be legal. When the other party is determined to be legal, the interaction can prevent the information of the two parties from being stolen, thereby improving the security of the communication between the vehicle and the fog node. .

在本发明一实施例中,所述车辆,进一步用于当接收到所述用户发送的再次服务请求时,按照预设的密钥规则生成对称根密钥;利用所述非对称车辆私钥对所述对称根密钥和所述再次服务请求加密,生成密钥协商信息;将所述密钥协商信息发送给所述雾节点;当接收到所述雾节点发送的加密后的再次回执信息时,利用所述对称根密钥解密加密后的所述再次回执信息,获取解密后的所述再次回执信息;In an embodiment of the present invention, the vehicle is further configured to generate a symmetric root key according to a preset key rule when receiving a re-service request sent by the user; using the asymmetric vehicle private key pair encrypting the symmetric root key and the re-service request to generate key agreement information; sending the key agreement information to the fog node; when receiving the encrypted re-receipt information sent by the fog node , using the symmetric root key to decrypt the encrypted re-receipt information to obtain the decrypted re-receipt information;

所述雾节点,进一步用于当接收到所述车辆所述密钥协商信息时,利用所述车辆公钥解密所述密钥协商信息,获取所述对称根密钥和所述再次服务请求;生成与所述再次服务请求对应的再次回执信息;利用所述对称根密钥加密所述再次回执信息;将加密后的所述再次回执信息发送给所述车辆。The fog node is further configured to decrypt the key agreement information by using the vehicle public key when receiving the key agreement information of the vehicle, and obtain the symmetric root key and the re-service request; generating re-receipt information corresponding to the re-service request; encrypting the re-receipt information by using the symmetric root key; and sending the encrypted re-receipt information to the vehicle.

在本发明实施例中,通信双方在进行数字证书互认证之后,车辆需要与雾节点进行密钥协商,以使利用协商的对称根密钥加密交互信息。而利用对称根密钥对交互信息进行加密不仅可以提高车辆与雾节点通信时的安全性,还可以提高加密交互信息时的速度。In the embodiment of the present invention, after the mutual authentication of the digital certificate between the two communicating parties, the vehicle needs to perform key negotiation with the fog node, so that the negotiated symmetric root key is used to encrypt the mutual information. Using the symmetric root key to encrypt the interactive information can not only improve the security of the communication between the vehicle and the fog node, but also improve the speed of encrypting the interactive information.

在本发明一实施例中,所述车辆,进一步用于确定是否在预设的时限内接收到加密后所述的再次回执信息,如果是,当接收到所述用户发送的后续服务请求时,利用所述对称根密钥加密所述后续服务请求,生成新通信信息,并将新通信信息发送给所述雾节点;否则,当接收到所述后续服务请求时,根据所述密钥规则生成新对称根密钥,利用所述非对称车辆私钥对所述新对称根密钥和所述后续服务请求加密,生成所述新通信信息,并将所述新通信信息发送给所述雾节点,以使所述雾节点根据所述新通信信息发送对应的后续回执信息。In an embodiment of the present invention, the vehicle is further configured to determine whether the encrypted re-receipt information is received within a preset time limit, and if so, when receiving a follow-up service request sent by the user, Use the symmetric root key to encrypt the subsequent service request, generate new communication information, and send the new communication information to the fog node; otherwise, when the subsequent service request is received, generate new communication information according to the key rule a new symmetric root key, encrypting the new symmetric root key and the subsequent service request with the asymmetric vehicle private key, generating the new communication information, and sending the new communication information to the fog node , so that the fog node sends the corresponding subsequent receipt information according to the new communication information.

在本发明实施例中,车辆在接收到雾节点发送的加密后的再次回执信息后,车辆需要确定是否在预设的时限内使用对称根密钥进行认证,当确定超过时限后,则需要利用雾节点公钥重新协商新的对称根密钥,以使提高车辆与雾节点的通信的安全性。In the embodiment of the present invention, after the vehicle receives the encrypted re-receipt information sent by the fog node, the vehicle needs to determine whether to use the symmetric root key for authentication within the preset time limit. The fog node public key renegotiates a new symmetric root key to improve the security of the communication between the vehicle and the fog node.

在本发明一实施例中,所述雾节点,进一步用于预先设置服务用户列表,将所述车辆数字证书、所述车辆公钥、所述车辆的最后服务时间、所述对称根密钥和所述对称根密钥的时限记录到所述服务用户列表中;当接收到所述新通信信息时,执行:In an embodiment of the present invention, the fog node is further configured to preset a service user list, which includes the vehicle digital certificate, the vehicle public key, the last service time of the vehicle, the symmetric root key and the The time limit of the symmetric root key is recorded in the service user list; when the new communication information is received, execute:

S0:确定所述服务用户列表中是否存在与所述车辆对应的对称根密钥,如果是,执行S1,否则,执行S3;S0: determine whether there is a symmetric root key corresponding to the vehicle in the service user list, if so, execute S1, otherwise, execute S3;

S1:根据所述最后服务时间和所述时限,确定所述对称根密钥是否有效,如果是,执行S2,否则,执行S3;S1: According to the last service time and the time limit, determine whether the symmetric root key is valid, if so, execute S2, otherwise, execute S3;

S2:利用所述对称根密钥解密所述新通信信息,更新所述服务用户列表中的最后服务时间;S2: decrypt the new communication information by using the symmetric root key, and update the last service time in the service user list;

S3:利用所述车辆公钥解密所述新通信信息,删除所述服务用户列表中所述对称根密钥和所述对称根密钥的时限。S3: Decrypt the new communication information by using the vehicle public key, and delete the symmetric root key and the time limit of the symmetric root key in the service user list.

在本发明实施例中,雾节点在确定车辆的身份合法后,需要将车辆的身份信息,例如,车辆ID、车辆数字证书、车辆公钥记录到预设的服务用户列表中,以使再次与车辆交互时,根据服务用户列表中记录的信息再次确定车辆身份合法性。In the embodiment of the present invention, after determining that the identity of the vehicle is legal, the fog node needs to record the identity information of the vehicle, for example, the vehicle ID, the vehicle digital certificate, and the vehicle public key into the preset service user list, so that it can be used again with the vehicle. When the vehicle interacts, the legality of the vehicle identity is determined again according to the information recorded in the service user list.

在本发明一实施例中,所述CA中心,进一步用于公布预先生成的证书撤销列表;In an embodiment of the present invention, the CA center is further configured to publish a pre-generated certificate revocation list;

所述雾节点,进一步用于当接收到所述车辆发送的所述车辆数字证书和签名后的所述首次服务请求时,确定所述车辆数字证书是否在所述证书撤销列表,如果是,取消本次通信,否则,执行所述验证所述车辆数字证书和签名后的所述首次服务请求。The fog node is further configured to, when receiving the vehicle digital certificate and the signed first service request sent by the vehicle, determine whether the vehicle digital certificate is in the certificate revocation list, and if so, cancel it This communication, otherwise, execute the first service request after verifying the vehicle digital certificate and the signature.

在本发明实施例中,雾节点在确定车辆的车辆数字证书具有合法性时,还需要根据证书撤销列表,确定车辆数字证书是否具有有效性。当确定车辆的身份既合法又有效时,再与车辆进行信息交互,可以降低雾节点被攻击的概率,从而能够提高雾节点与车辆通信的安全性。In the embodiment of the present invention, when the fog node determines that the vehicle digital certificate of the vehicle is legal, it also needs to determine whether the vehicle digital certificate is valid according to the certificate revocation list. When it is determined that the identity of the vehicle is both legal and valid, information interaction with the vehicle can reduce the probability of the fog node being attacked, thereby improving the security of the communication between the fog node and the vehicle.

为了更加清晰的说明本发明的技术方案及优点,对本发明实施例提供的一种通信系统进行详细描述,如图3所示,包括:In order to more clearly illustrate the technical solutions and advantages of the present invention, a communication system provided by an embodiment of the present invention is described in detail, as shown in FIG. 3 , including:

车辆301,用于预先向CA中心302发送携带车辆身份信息的车辆证书申请,并接收CA中心302根据车辆证书申请发送的车辆数字证书和非对称车辆私钥。The vehicle 301 is used to send the vehicle certificate application carrying the vehicle identity information to the CA center 302 in advance, and receive the vehicle digital certificate and the asymmetric vehicle private key sent by the CA center 302 according to the vehicle certificate application.

具体地,车辆在与雾节点交互之前,需要先向CA中心申请车辆数字证书,以使在与雾节点交互时,雾节点可以通过车辆数字证书确定车辆的身份是否合法,当确雾节点的身份合法时,再与雾节点进行交互,从而实现提高车辆与雾节点通信的安全性的目的。Specifically, before the vehicle interacts with the fog node, it needs to apply for a vehicle digital certificate from the CA center, so that when interacting with the fog node, the fog node can determine whether the identity of the vehicle is legal through the vehicle digital certificate. When it is legal, it will interact with the fog node, so as to achieve the purpose of improving the security of the communication between the vehicle and the fog node.

雾节点303,用于预先向CA中心302发送携带雾节点身份信息的雾节点证书申请,并接收CA中心302根据雾节点证书申请发送的雾节点数字证书和非对称雾节点私钥。The fog node 303 is configured to send the fog node certificate application carrying the fog node identity information to the CA center 302 in advance, and receive the fog node digital certificate and the asymmetric fog node private key sent by the CA center 302 according to the fog node certificate application.

具体地,雾节点在与车辆交互之前,需要先向CA中心申请雾节点数字证书,以使在与车辆交互时,车辆可以通过雾节点数字证书确定雾节点的身份是否合法,当确定车辆的身份合法时再与车辆交互,能够提高车辆与雾节点通信的安全性。Specifically, before the fog node interacts with the vehicle, it needs to apply to the CA center for a fog node digital certificate, so that when interacting with the vehicle, the vehicle can determine whether the identity of the fog node is legal through the fog node digital certificate. Interacting with the vehicle when it is legal can improve the security of the communication between the vehicle and the fog node.

CA中心302,用于公布预先生成的中心公钥,当接收到车辆301发送的车辆证书申请时,根据预设的加密规则,利用车辆证书申请中的车辆身份信息生成车辆数字证书和非对称车辆私钥,将车辆数字证书和非对称车辆私钥发送给车辆301;当接收到雾节点303发送的雾节点证书申请时,根据加密规则,利用雾节点证书申请中的雾节点身份信息生成雾节点数字证书和非对称雾节点私钥,将雾节点数字证书和非对称雾节点私钥发送给雾节点303。The CA center 302 is used to publish the pre-generated public key of the center. When receiving the vehicle certificate application sent by the vehicle 301, according to the preset encryption rules, use the vehicle identity information in the vehicle certificate application to generate the vehicle digital certificate and the asymmetric vehicle private key, send the vehicle digital certificate and the asymmetric vehicle private key to the vehicle 301; when receiving the fog node certificate application sent by the fog node 303, according to the encryption rules, use the fog node identity information in the fog node certificate application to generate the fog node The digital certificate and the private key of the asymmetric fog node, the fog node digital certificate and the private key of the asymmetric fog node are sent to the fog node 303 .

具体地,CA中心向雾节点发送雾节点数字证书和非对称雾节点私钥,以及向车辆发送车辆数字证书和非对称车辆私钥,不仅可以使得通信双方在进行信息交互时,提高通信的安全性,还可以使得通信双方以数字证书作为双方身份认证的凭据。Specifically, the CA center sends the fog node digital certificate and the asymmetric fog node private key to the fog node, and sends the vehicle digital certificate and the asymmetric vehicle private key to the vehicle, which can not only improve the security of communication when the two communicating parties exchange information It can also make the communication parties use the digital certificate as the credential for the authentication of the two parties.

车辆301,用于当接收到用户发送的首次服务请求时,利用非对称车辆私钥对首次服务请求加密,将加密后首次服务请求和车辆数字证书发送给雾节点303。The vehicle 301 is configured to encrypt the first service request with the asymmetric vehicle private key when receiving the first service request sent by the user, and send the encrypted first service request and the vehicle digital certificate to the fog node 303 .

具体地,利用非对称车辆私钥加密首次服务请求,可以提高传输首次服务请求时的安全性,而发送车辆数字证书,可以使得雾节点通过数字证书确定车辆的身份是否合法。Specifically, using the asymmetric vehicle private key to encrypt the first service request can improve the security of transmitting the first service request, and sending the vehicle digital certificate can enable the fog node to determine whether the vehicle's identity is legal through the digital certificate.

雾节点303,用于当接收到车辆301发送的加密后的首次服务请求和车辆数字证书时,确定中心公钥是否能解密车辆数字证书,如果是,获取解密后的车辆数字证书中的车辆公钥;根据CA中心302预先公布的证书撤销列表,确定所述车辆数字证书是否被撤销,如果是,取消本次通信,否则,利用车辆公钥解密签名后的首次服务请求,生成与首次服务请求对应的首次回执信息,利用非对称雾节点私钥对首次回执信息签名,将签名后的首次回执信息和雾节点公钥发送给车辆301。The fog node 303 is used to determine whether the central public key can decrypt the vehicle digital certificate when receiving the encrypted first service request and the vehicle digital certificate sent by the vehicle 301, and if so, obtain the vehicle public key in the decrypted vehicle digital certificate. According to the certificate revocation list pre-published by the CA center 302, determine whether the vehicle digital certificate is revoked, if so, cancel this communication, otherwise, use the vehicle public key to decrypt the signed first service request, and generate and first service request For the corresponding first receipt information, use the private key of the asymmetric fog node to sign the first receipt information, and send the signed first receipt information and the public key of the fog node to the vehicle 301 .

具体地,雾节点当接收到车辆数字证书后,验证车辆数字证书的真实性,可以确定车辆的身份是否合法,当且仅当在车辆的身份合法时,再与车辆进行交互。而将雾节点数字证书发送给车辆,可以使得车辆通过雾节点数字证书验证雾节点的身份是否合法,从而实现提高雾节点与车辆通信的安全性的目的。Specifically, after receiving the vehicle digital certificate, the fog node verifies the authenticity of the vehicle digital certificate, and can determine whether the identity of the vehicle is legal, and then interacts with the vehicle if and only when the identity of the vehicle is legal. Sending the fog node digital certificate to the vehicle can enable the vehicle to verify whether the identity of the fog node is legal through the fog node digital certificate, thereby achieving the purpose of improving the security of the communication between the fog node and the vehicle.

车辆301,用于当接收到雾节点303发送的签名后的首次回执信息和雾节点数字证书时,确定中心公钥是否能解密雾节点数字证书,如果是,获取解密后的雾节点数字证书中的雾节点公钥,利用雾节点公钥解密签名后的首次回执信息,获取解密后的首次回执信息,并执行首次回执信息;当接收到用户发送的再次服务请求时,根据预设的密钥规则生成对称根密钥,利用非对称车辆私钥对对称根密钥和再次服务请求加密,生成密钥协商信息,将密钥协商信息发送给雾节点303。The vehicle 301 is used to determine whether the central public key can decrypt the fog node digital certificate when receiving the signed first receipt information and the fog node digital certificate sent by the fog node 303, and if so, obtain the decrypted fog node digital certificate. the public key of the fog node, decrypt the signed first receipt information with the fog node public key, obtain the decrypted first receipt information, and execute the first receipt information; when receiving the re-service request sent by the user, according to the preset key The rules generate a symmetric root key, use the asymmetric vehicle private key to encrypt the symmetric root key and the re-service request, generate key negotiation information, and send the key negotiation information to the fog node 303 .

具体地,车辆当确定雾节点的身份合法时,需要生成对称根密钥,将对称根密钥发送给雾节点,以使通信双方完成密钥协商,以及在提高车辆与雾节点通信安全性的基础上,提高加密交互信息时的速度。Specifically, when the vehicle determines that the identity of the fog node is legal, it needs to generate a symmetric root key, and send the symmetric root key to the fog node, so that both parties can complete the key negotiation and improve the communication security between the vehicle and the fog node. On the basis, improve the speed when encrypting interactive information.

雾节点303,用于在接收到车辆301发送的密钥协商信息时,利用车辆公钥解密密钥协商信息,获取解密后的密钥协商中的对称根密钥和再次服务请求;生成与再次服务请求对应的再次回执信息,利用对称根密加密再次回执信息,将加密后的再次回执信息发送给车辆301。The fog node 303 is configured to decrypt the key negotiation information by using the vehicle public key when receiving the key negotiation information sent by the vehicle 301, and obtain the symmetric root key in the decrypted key negotiation and the service request again; For the re-receipt information corresponding to the service request, the re-receipt information is encrypted by using the symmetric root key, and the encrypted re-receipt information is sent to the vehicle 301 .

具体地,雾节点在与车辆完成密钥协商后,通过密钥协商获得的对称根密钥加密再次回执信息,以使在提高与车辆通信安全性的基础上,提高加密速度。Specifically, after completing the key negotiation with the vehicle, the fog node encrypts the re-receipt information with the symmetric root key obtained through the key negotiation, so as to improve the encryption speed on the basis of improving the security of communication with the vehicle.

车辆301,用于在接收到雾节点303发送的加密后的再次回执信息时,利用对称根密钥对加密后的再次回执信息解密,获取解密后的再次回执信息,执行再次回执信息,以及执行:The vehicle 301 is configured to, when receiving the encrypted re-receipt information sent by the fog node 303, use the symmetric root key to decrypt the encrypted re-receipt information, obtain the decrypted re-receipt information, execute the re-receipt information, and execute the :

确定是否在预设的时限内接收到加密后的再次回执信息;Determine whether the encrypted re-receipt information is received within a preset time limit;

如果是,当接收到用户发送的后续服务请求时,利用对称根密钥加密后续服务请求,将加密后的后续服务请求发送给雾节点303;If yes, when receiving the subsequent service request sent by the user, encrypt the subsequent service request with the symmetric root key, and send the encrypted subsequent service request to the fog node 303;

否则,当后续服务请求时,根据密钥规则生成新对称根密钥,利用非对称车辆私钥对新对称根密钥和后续服务请求加密,生成信通信息,将信通信信息发送给雾节点303。Otherwise, when subsequent service requests are made, a new symmetric root key is generated according to the key rules, and the new symmetric root key and subsequent service requests are encrypted with the asymmetric vehicle private key to generate communication information, and send the communication information to the fog node 303.

具体地,车辆在与雾节点完成密钥协商后,需要确定是否在预设时限内,使用对称根密钥进行认证,即利用对称根密钥解密交互的信息,如果是,则继续利用对称根密钥进行交互,否则,为了避免对称根密钥被他人获取,需要成新对称根密钥,进行新的密钥协商。Specifically, after the vehicle completes the key negotiation with the fog node, it needs to determine whether to use the symmetric root key for authentication within a preset time limit, that is, use the symmetric root key to decrypt the exchanged information, and if so, continue to use the symmetric root key for authentication. Otherwise, in order to prevent the symmetric root key from being acquired by others, a new symmetric root key needs to be created and a new key negotiation is performed.

综上可见,雾节点认证车辆的身份过程为:To sum up, the identity process of fog node authentication vehicle is as follows:

A:车辆向雾节点发送身份信息时,其中,身份信息包括车辆数字证书或对称根密钥。A: When the vehicle sends identity information to the fog node, the identity information includes the vehicle digital certificate or symmetric root key.

B:雾节点在接收到身份信息时,确定车辆是否在服务用户列表中,如果车辆在服务用户列表中:B: When the fog node receives the identity information, it determines whether the vehicle is in the service user list. If the vehicle is in the service user list:

确定服务用户列表中的对称根密钥是否仍有效Determine if the symmetric root key in the service user list is still valid

如果有效,利用对称根密钥认证车辆,执行D。If valid, authenticate the vehicle with the symmetric root key, and execute D.

如果失效,则利用服务用户列表中的车辆公钥认证车辆,执行D。If invalid, use the vehicle public key in the service user list to authenticate the vehicle, and execute D.

C:如果车辆不在服务用户列表中,则通过中心公钥认证车辆数字证书。C: If the vehicle is not in the service user list, authenticate the vehicle digital certificate through the central public key.

D:查询证书撤销列表,确定车辆数字证书的有效性。D: Query the certificate revocation list to determine the validity of the vehicle digital certificate.

E:认证结束,雾节点更新服务用户列表。E: The authentication is over, and the fog node updates the service user list.

如图4所示,本发明实施例提供了一种如上述实施例中任一所述一种通信系统的通信方法,该方法可以包括以下步骤:As shown in FIG. 4 , an embodiment of the present invention provides a communication method for a communication system as described in any of the foregoing embodiments, and the method may include the following steps:

步骤401:至少一个车辆中的每一个车辆,当接收到用户发送的首次服务请求时,利用预先获取的非对称车辆私钥对所述首次服务请求签名,将预先获取的车辆数字证书和签名后的所述首次服务请求发送给与雾节点;当接收到所述雾节点发送的雾节点数字证书和签名后的首次回执信息时,验证所述雾节点数字证书和签名后的所述首次回执信息;当验证通过时,获取解密后的所述首次回执信息;Step 401: Each vehicle in at least one vehicle, when receiving the first service request sent by the user, signs the first service request with the pre-acquired asymmetric vehicle private key, and signs the pre-acquired vehicle digital certificate and the signed service request. The first service request is sent to the fog node; when receiving the fog node digital certificate and the signed first receipt information sent by the fog node, verify the fog node digital certificate and the signed first receipt information. ; When the verification is passed, obtain the decrypted first receipt information;

步骤402:至少一个雾节点中的每一个所述雾节点,当接收到所述车辆发送的所述车辆数字证书和签名后的所述首次服务请求时,验证所述车辆数字证书和签名后的所述首次服务请求,当验证通过时生成所述首次回执信息,利用预先获取的非对称雾节点私钥对所述首次回执信息签名,将预先获取的所述雾节点数字证书和签名后的所述首次回执信息发送给所述车辆。Step 402: Each of the at least one fog node, when receiving the vehicle digital certificate and the signed first service request sent by the vehicle, verifies the vehicle digital certificate and the signed service request. For the first service request, when the verification is passed, the first receipt information is generated, the first receipt information is signed with the pre-acquired private key of the asymmetric fog node, and the pre-acquired fog node digital certificate and the signed all information are signed. The first receipt information is sent to the vehicle.

在本发明实施例中,车辆在与雾节点交互之前,通信双方需要先获取各自的数字证书,以使雾节点在与车辆交互时,根据车辆数字证书确定车辆的身份是否合法,当确定合法时,将雾节点数字证书及对应的首次回执信息发送给车辆,以使车辆根据雾节点数字证书确定雾节点的身份是否合法,当且仅当确定雾节点的身份合法时,获取雾节点发送的首次回执信息。综上可见,向外部雾节点发送车辆数字证书和接收外部雾节点发送的雾节点数字证书,可以使得通信双方将数字证书作为双方身份认证的凭据,确定通信双方身份的合法性,从而能够提高车辆与雾节点通信的安全性。In the embodiment of the present invention, before the vehicle interacts with the fog node, both parties in the communication need to obtain their respective digital certificates, so that when the fog node interacts with the vehicle, it can determine whether the identity of the vehicle is legal according to the vehicle digital certificate. , send the fog node digital certificate and the corresponding first receipt information to the vehicle, so that the vehicle can determine whether the identity of the fog node is legal according to the fog node digital certificate, and if and only when the identity of the fog node is determined to be legal, obtain the first time sent by the fog node. Receipt information. To sum up, it can be seen that sending the vehicle digital certificate to the external fog node and receiving the fog node digital certificate sent by the external fog node can enable both parties to use the digital certificate as a credential for the identity authentication of both parties to determine the legitimacy of the identities of the two parties in communication, thereby improving the vehicle quality. The security of communicating with fog nodes.

在本发明一实施例中,在所述利用预先获取的非对称车辆私钥对所述首次服务请求签名之前,进一步包括:In an embodiment of the present invention, before using the pre-acquired asymmetric vehicle private key to sign the first service request, the method further includes:

所述车辆预先向CA中心发送携带车辆身份信息的车辆证书申请,并接收所述CA中心发送的车辆数字证书和非对称车辆私钥;The vehicle sends a vehicle certificate application carrying vehicle identity information to the CA center in advance, and receives the vehicle digital certificate and asymmetric vehicle private key sent by the CA center;

在所述利用预先获取的非对称雾节点私钥对所述首次回执信息签名之前,进一步包括:Before using the pre-acquired private key of the asymmetric fog node to sign the first receipt information, the method further includes:

所述雾节点预先向所述CA中心发送携带雾节点身份信息的雾节点证书申请,并接收所述CA中心发送的雾节点数字证书和非对称雾节点私钥;The fog node sends the fog node certificate application carrying the fog node identity information to the CA center in advance, and receives the fog node digital certificate and the asymmetric fog node private key sent by the CA center;

所述CA中心当接收到所述车辆发送的携带车辆身份信息的车辆证书申请,根据预设的加密规则,利用所述车辆身份信息生成所述车辆数字证书和所述非对称车辆私钥,将所述车辆数字证书和所述非对称车辆私钥发送给所述车辆;当接收到所述雾节点发送的携带雾节点身份信息的雾节点证书申请,根据所述加密规则,利用所述雾节点身份信息生成所述雾节点数字证书和所述非对称雾节点私钥,将所述雾节点数字证书和所述非对称雾节点私钥发送给所述雾节点。When the CA center receives the vehicle certificate application carrying the vehicle identity information sent by the vehicle, it generates the vehicle digital certificate and the asymmetric vehicle private key by using the vehicle identity information according to the preset encryption rules, and converts the The vehicle digital certificate and the asymmetric vehicle private key are sent to the vehicle; when the fog node certificate application carrying the fog node identity information sent by the fog node is received, the fog node is used according to the encryption rule. The identity information generates the fog node digital certificate and the asymmetric fog node private key, and sends the fog node digital certificate and the asymmetric fog node private key to the fog node.

在本发明一实施例中,在所述将所述车辆数字证书和所述非对称车辆私钥发送给所述车辆之前,进一步包括:In an embodiment of the present invention, before the sending the vehicle digital certificate and the asymmetric vehicle private key to the vehicle, the method further includes:

所述CA中心公布预先生成的证书撤销列表;The CA center publishes a pre-generated certificate revocation list;

所述雾节点当接收到所述车辆发送的所述车辆数字证书和签名后的所述首次服务请求时,确定所述车辆数字证书是否在所述证书撤销列表,如果是,取消本次通信,否则,执行所述验证所述车辆数字证书和签名后的所述首次服务请求。When receiving the vehicle digital certificate and the signed first service request sent by the vehicle, the fog node determines whether the vehicle digital certificate is in the certificate revocation list, and if so, cancels this communication, Otherwise, the first service request after the verification of the vehicle digital certificate and the signature is performed.

本发明各个实施例至少具有如下有益效果:Each embodiment of the present invention has at least the following beneficial effects:

1、在本发明一是实施例中,车辆在与雾节点交互之前,通信双方需要先获取各自的数字证书,以使雾节点在与车辆交互时,根据车辆数字证书确定车辆的身份是否合法,当确定合法时,将雾节点数字证书及对应的首次回执信息发送给车辆,以使车辆根据雾节点数字证书确定雾节点的身份是否合法,当且仅当确定雾节点的身份合法时,获取雾节点发送的首次回执信息。综上可见,向外部雾节点发送车辆数字证书和接收外部雾节点发送的雾节点数字证书,可以使得通信双方将数字证书作为双方身份认证的凭据,确定通信双方身份的合法性,从而能够提高车辆与雾节点通信的安全性。1. In the first embodiment of the present invention, before the vehicle interacts with the fog node, both parties in the communication need to obtain their respective digital certificates, so that when the fog node interacts with the vehicle, it can determine whether the identity of the vehicle is legal according to the vehicle digital certificate, When it is determined to be legal, the fog node digital certificate and the corresponding first receipt information are sent to the vehicle, so that the vehicle can determine whether the identity of the fog node is legal according to the fog node digital certificate. The first receipt information sent by the node. To sum up, it can be seen that sending the vehicle digital certificate to the external fog node and receiving the fog node digital certificate sent by the external fog node can enable both parties to use the digital certificate as a credential for the identity authentication of both parties to determine the legitimacy of the identities of the two parties in communication, thereby improving the vehicle quality. The security of communicating with fog nodes.

2、在本发明一是实施例中,车辆与雾节点在交互之前,分别向可信的CA中心申请证书申请,可以使得CA中心分别为车辆和雾节点颁发各自的数字证书,以使通信双方将数字证书作为通信双方身份认证的凭据,从而实现提高车辆与雾节点通信的安全性的目的。2. In the first embodiment of the present invention, before the vehicle and the fog node interact, they apply for a certificate application to the trusted CA center respectively, so that the CA center can issue their own digital certificates for the vehicle and the fog node respectively, so that both parties can communicate with each other. The digital certificate is used as a credential for the identity authentication of both parties in the communication, so as to achieve the purpose of improving the security of the communication between the vehicle and the fog node.

3、在本发明一是实施例中,由于非对称车辆私钥在车辆处,非对称雾节点私钥在雾节点处,他人无法获取非对称车辆私钥和非对称雾节点私钥,因此,车辆在与雾节点交互信息时,利用非对称车辆私钥对交互信息签名,以及雾节点在与车辆交互信息时,利用非对称雾节点私钥对交互信息签名,可以使得他人无法伪造被签名的交互信息,在通信双方确定可以解密对应的交互信息时,即可确定对方的身份合法,在确定对方为合法身份时再进行交互可以避免通信双方的信息被窃取,从而可以提高提高车辆与雾节点通信的安全性。3. In the first embodiment of the present invention, since the private key of the asymmetric vehicle is at the vehicle and the private key of the asymmetric fog node is at the fog node, others cannot obtain the private key of the asymmetric vehicle and the private key of the asymmetric fog node. Therefore, When the vehicle interacts with the fog node, the asymmetric vehicle private key is used to sign the interactive information, and when the fog node interacts with the vehicle, the asymmetric fog node private key is used to sign the interactive information, so that others cannot forge the signed information. Interaction information, when both parties of the communication determine that the corresponding interaction information can be decrypted, the identity of the other party can be determined to be legal. When the other party is determined to be legal, the interaction can prevent the information of the two parties from being stolen, thereby improving the efficiency of vehicles and fog nodes. Security of communications.

4、在本发明一是实施例中,通信双方在进行数字证书互认证之后,车辆需要与雾节点进行密钥协商,以使利用协商的对称根密钥加密交互信息。而利用对称根密钥对交互信息进行加密不仅可以提高车辆与雾节点通信时的安全性,还可以提高加密交互信息时的速度。4. In the first embodiment of the present invention, after the mutual authentication of digital certificates between the two communicating parties, the vehicle needs to perform key negotiation with the fog node, so that the negotiated symmetric root key is used to encrypt the mutual information. Using the symmetric root key to encrypt the interactive information can not only improve the security of the communication between the vehicle and the fog node, but also improve the speed of encrypting the interactive information.

5、在本发明一是实施例中,车辆在接收到雾节点发送的加密后的再次回执信息后,车辆需要确定是否在预设的时限内使用对称根密钥进行认证,当确定超过时限后,则需要利用雾节点公钥重新协商新的对称根密钥,以使提高车辆与雾节点的通信的安全性。5. In the first embodiment of the present invention, after the vehicle receives the encrypted re-receipt information sent by the fog node, the vehicle needs to determine whether to use the symmetric root key for authentication within the preset time limit. , it is necessary to use the fog node public key to renegotiate a new symmetric root key, so as to improve the security of the communication between the vehicle and the fog node.

6、在本发明一是实施例中,雾节点在确定车辆的身份合法后,需要将车辆的身份信息,例如,车辆ID、车辆数字证书、车辆公钥记录到预设的服务用户列表中,以使再次与车辆交互时,根据服务用户列表中记录的信息再次确定车辆身份合法性。6. In the first embodiment of the present invention, after determining that the identity of the vehicle is legal, the fog node needs to record the identity information of the vehicle, for example, the vehicle ID, the vehicle digital certificate, and the vehicle public key into the preset service user list, So that when interacting with the vehicle again, the legality of the vehicle identity is determined again according to the information recorded in the service user list.

7、在本发明一是实施例中,雾节点在确定车辆的车辆数字证书具有合法性时,还需要根据证书撤销列表,确定车辆数字证书是否具有有效性。当确定车辆的身份既合法又有效时,再与车辆进行信息交互,可以降低雾节点被攻击的概率,从而能够提高雾节点与车辆通信的安全性。7. In the first embodiment of the present invention, when the fog node determines that the vehicle digital certificate of the vehicle is legal, it also needs to determine whether the vehicle digital certificate is valid according to the certificate revocation list. When it is determined that the identity of the vehicle is both legal and valid, information interaction with the vehicle can reduce the probability of the fog node being attacked, thereby improving the security of the communication between the fog node and the vehicle.

需要说明的是,在本文中,诸如第一和第二之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个······”限定的要素,并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同因素。It should be noted that, in this document, relational terms such as first and second are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply a relationship between these entities or operations. There is no such actual relationship or sequence. Moreover, the terms "comprising", "comprising" or any other variation thereof are intended to encompass a non-exclusive inclusion such that a process, method, article or device that includes a list of elements includes not only those elements, but also includes not explicitly listed or other elements inherent to such a process, method, article or apparatus. Without further limitation, the inclusion of an element by the phrase "comprising a..." does not preclude the presence of additional such elements in the process, method, article or apparatus that includes the element.

最后需要说明的是:以上所述仅为本发明的较佳实施例,仅用于说明本发明的技术方案,并非用于限定本发明的保护范围。凡在本发明的精神和原则之内所做的任何修改、等同替换、改进等,均包含在本发明的保护范围内。Finally, it should be noted that the above descriptions are only preferred embodiments of the present invention, and are only used to illustrate the technical solutions of the present invention, but not to limit the protection scope of the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention are included in the protection scope of the present invention.

Claims (7)

1. A communication system, comprising: at least one vehicle and at least one fog node;
each vehicle is used for signing the first service request by using a pre-acquired asymmetric vehicle private key when receiving the first service request sent by a user, and sending a pre-acquired vehicle digital certificate and the signed first service request to a mist sending node; when a fog node digital certificate and signed first receipt information sent by the fog node are received, verifying the fog node digital certificate and the signed first receipt information; when the verification is passed, acquiring the decrypted first receipt information;
each fog node is used for verifying the vehicle digital certificate and the signed first service request when receiving the vehicle digital certificate and the signed first service request sent by the vehicle, generating the first receipt information when the verification is passed, signing the first receipt information by using a pre-obtained asymmetric fog node private key, and sending the pre-obtained fog node digital certificate and the signed first receipt information to the vehicle; further comprising: a Certificate Authority (CA) center;
the vehicle is used for sending a vehicle certificate application carrying vehicle identity information to the CA in advance, and receiving a vehicle digital certificate and an asymmetric vehicle private key sent by the CA;
the fog node is used for sending a fog node certificate application carrying fog node identity information to the CA center in advance and receiving a fog node digital certificate and an asymmetric fog node private key sent by the CA center;
the CA center is used for generating the vehicle digital certificate and the asymmetric vehicle private key by using the vehicle identity information according to a preset encryption rule when receiving a vehicle certificate application carrying vehicle identity information sent by the vehicle, and sending the vehicle digital certificate and the asymmetric vehicle private key to the vehicle; when a fog node certificate application carrying fog node identity information sent by the fog node is received, generating the fog node digital certificate and the asymmetric fog node private key by using the fog node identity information according to the encryption rule, and sending the fog node digital certificate and the asymmetric fog node private key to the fog node;
the CA center is further used for publishing a pre-generated center public key;
the vehicle is used for determining whether the central public key can decrypt the fog node digital certificate, and if so, acquiring a fog node public key in the decrypted fog node digital certificate; decrypting the signed first receipt information by using the fog node public key;
the fog node is used for determining whether the central public key can decrypt the vehicle digital certificate, and if so, acquiring the vehicle public key in the decrypted vehicle digital certificate; decrypting the signed first service request using the vehicle public key;
the vehicle is further used for generating a symmetric root key according to a preset key rule when receiving a re-service request sent by the user; encrypting the symmetric root key and the re-service request by using the asymmetric vehicle private key to generate key negotiation information; sending the key negotiation information to the fog node; when encrypted receipt information sent by the fog node is received, decrypting the encrypted receipt information by using the symmetric root key to obtain the decrypted receipt information;
the fog node is further configured to decrypt the key agreement information by using the vehicle public key when receiving the key agreement information of the vehicle, and obtain the symmetric root key and the re-service request; generating re-receipt information corresponding to the re-service request; encrypting the receipt information again by using the symmetric root key; and sending the encrypted receipt information to the vehicle.
2. The communication system of claim 1,
the vehicle is further used for determining whether the encrypted receipt information is received again within a preset time limit, if so, when a subsequent service request sent by the user is received, the subsequent service request is encrypted by using the symmetric root key, new communication information is generated, and the new communication information is sent to the fog node; otherwise, when the subsequent service request is received, generating a new symmetric root key according to the key rule, encrypting the new symmetric root key and the subsequent service request by using the asymmetric vehicle private key to generate new communication information, and sending the new communication information to the fog node so that the fog node sends corresponding subsequent receipt information according to the new communication information.
3. The communication system of claim 2,
the fog node is further configured to preset a service user list, and record the vehicle digital certificate, the vehicle public key, the last service time of the vehicle, the symmetric root key, and the time limit of the symmetric root key in the service user list; when the new communication information is received, performing:
s0: determining whether a symmetric root key corresponding to the vehicle exists in the service user list, if so, performing S1, otherwise, performing S3;
s1: determining whether the symmetric root key is valid according to the last service time and the time limit, if so, executing S2, otherwise, executing S3;
s2: decrypting the new communication information by using the symmetric root key, and updating the last service time in the service user list;
s3: and decrypting the new communication information by using the vehicle public key, and deleting the symmetric root key and the time limit of the symmetric root key in the service user list.
4. The communication system according to any of claims 2 to 3,
the CA center is further used for publishing a certificate revocation list generated in advance;
the fog node is further configured to, when receiving the vehicle digital certificate and the signed first service request sent by the vehicle, determine whether the vehicle digital certificate is on the certificate revocation list, and if so, cancel the communication this time, otherwise, execute the first service request after verifying the vehicle digital certificate and the signature.
5. A communication method based on the communication system of any one of claims 1 to 4, comprising:
each vehicle in at least one vehicle signs the first service request by using a pre-acquired asymmetric vehicle private key when receiving the first service request sent by a user, and sends a pre-acquired vehicle digital certificate and the signed first service request to a mist giving node; when a fog node digital certificate and signed first receipt information sent by the fog node are received, verifying the fog node digital certificate and the signed first receipt information; when the verification is passed, acquiring the decrypted first receipt information;
each of the at least one fog node verifies the vehicle digital certificate and the signed first service request when receiving the vehicle digital certificate and the signed first service request sent by the vehicle, generates the first receipt information when the verification is passed, signs the first receipt information by using a pre-obtained asymmetric fog node private key, and sends the pre-obtained fog node digital certificate and the signed first receipt information to the vehicle.
6. The communication system of claim 5,
prior to said signing said first service request with said pre-obtained asymmetric vehicle private key, further comprising:
the vehicle sends a vehicle certificate application carrying vehicle identity information to a CA center in advance, and receives a vehicle digital certificate and an asymmetric vehicle private key sent by the CA center;
before the signing the first receipt information by using the pre-acquired asymmetric fog node private key, further comprising:
the fog node sends a fog node certificate application carrying fog node identity information to the CA center in advance, and receives a fog node digital certificate and an asymmetric fog node private key sent by the CA center;
when the CA center receives a vehicle certificate application carrying vehicle identity information sent by the vehicle, the CA center generates the vehicle digital certificate and the asymmetric vehicle private key by using the vehicle identity information according to a preset encryption rule, and sends the vehicle digital certificate and the asymmetric vehicle private key to the vehicle; and when a fog node certificate application carrying fog node identity information sent by the fog node is received, generating the fog node digital certificate and the asymmetric fog node private key by using the fog node identity information according to the encryption rule, and sending the fog node digital certificate and the asymmetric fog node private key to the fog node.
7. The communication system of claim 6,
prior to said sending said vehicle digital certificate and said asymmetric vehicle private key to said vehicle, further comprising:
the CA center publishes a pre-generated certificate revocation list;
and when receiving the vehicle digital certificate and the signed first service request sent by the vehicle, the fog node determines whether the vehicle digital certificate is in the certificate revocation list, if so, cancels the communication, and otherwise, executes the first service request after verifying the vehicle digital certificate and the signature.
CN201810408721.4A 2018-05-02 2018-05-02 Communication system and communication method thereof Active CN108600240B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810408721.4A CN108600240B (en) 2018-05-02 2018-05-02 Communication system and communication method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810408721.4A CN108600240B (en) 2018-05-02 2018-05-02 Communication system and communication method thereof

Publications (2)

Publication Number Publication Date
CN108600240A CN108600240A (en) 2018-09-28
CN108600240B true CN108600240B (en) 2020-11-10

Family

ID=63619508

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810408721.4A Active CN108600240B (en) 2018-05-02 2018-05-02 Communication system and communication method thereof

Country Status (1)

Country Link
CN (1) CN108600240B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10869190B2 (en) * 2018-07-13 2020-12-15 Micron Technology, Inc. Secure vehicular services communication
CN109474577A (en) * 2018-10-17 2019-03-15 太原市高远时代科技有限公司 A kind of Internet of Things network edge O&M equipment with safety permission function
CN110430063B (en) * 2019-07-26 2020-05-19 绍兴文理学院 Anonymous identity authentication method for heterogeneous sensor network nodes based on fog computing architecture

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102075522B (en) * 2010-12-22 2012-07-04 北京航空航天大学 Secure certification and transaction method with combination of digital certificate and one-time password
JP5844001B2 (en) * 2012-04-01 2016-01-13 オーセンティファイ・インクAuthentify Inc. Secure authentication in multi-party systems
CN103684768A (en) * 2012-09-10 2014-03-26 中国银联股份有限公司 POS system and method for bidirectional authentication in POS system
CN103312691A (en) * 2013-04-19 2013-09-18 无锡成电科大科技发展有限公司 Method and system for authenticating and accessing cloud platform
US10931456B2 (en) * 2014-06-26 2021-02-23 Comcast Cable Communications, Llc Secure router authentication
CN104811941B (en) * 2015-04-30 2018-09-11 福建星网锐捷网络有限公司 Offline secure virtual machine management method and device
US20170048308A1 (en) * 2015-08-13 2017-02-16 Saad Bin Qaisar System and Apparatus for Network Conscious Edge to Cloud Sensing, Analytics, Actuation and Virtualization
EP3291504B1 (en) * 2016-08-30 2020-03-11 Wacom Co., Ltd. Authentication and secure transmission of data between signature devices and host computers using transport layer security
CN107071033A (en) * 2017-04-20 2017-08-18 济南浪潮高新科技投资发展有限公司 A kind of car networking deployment system calculated based on mist
CN107679847B (en) * 2017-09-07 2021-05-11 广东工业大学 A mobile transaction privacy protection method based on near field communication two-way identity authentication

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
车载自组网Sybil攻击检测方案研究综述;李春彦,王良民;《计算机科学》;20141115;全文 *

Also Published As

Publication number Publication date
CN108600240A (en) 2018-09-28

Similar Documents

Publication Publication Date Title
CN114154135B (en) Method, system and device for security authentication of Internet of Vehicles communication based on national secret algorithm
CN110380852B (en) Two-way authentication method and communication system
CN107919956B (en) An end-to-end security assurance method for IoT cloud environment
CN109309565B (en) Security authentication method and device
CN106789090B (en) Blockchain-based public key infrastructure system and semi-random joint certificate signature method
CN104683112B (en) A kind of car car safety communicating method that certification is assisted based on RSU
JP4879176B2 (en) System and method for implementing a digital signature using a one-time private key
KR100860404B1 (en) Device authenticaton method and apparatus in multi-domain home networks
CN109412816A (en) An anonymous communication system and method for in-vehicle network based on ring signature
JP2023544529A (en) Authentication methods and systems
CN112766962A (en) Method for receiving and sending certificate, transaction system, storage medium and electronic device
CN109687965A (en) The real name identification method of subscriber identity information in a kind of protection network
CN105516119A (en) Cross-domain identity authentication method based on proxy re-signature
KR20200080441A (en) Distributed device authentication protocol in internet of things blockchain environment
CN109005032B (en) Routing method and device
CN107679847A (en) A kind of move transaction method for secret protection based on near-field communication bidirectional identity authentication
CN114362993A (en) Block chain assisted Internet of vehicles security authentication method
CN117278330B (en) Lightweight networking and secure communication method for electric power Internet of things equipment network
CN109362062A (en) Anonymous authentication system and method for VANETs based on ID-based group signature
Patel et al. Vehiclechain: Blockchain-based vehicular data transmission scheme for smart city
CN108600240B (en) Communication system and communication method thereof
CN108683506B (en) Digital certificate application method, system, fog node and certificate authority
CN113630243B (en) Authenticated key agreement method with anti-key exposure characteristics in the Internet of Vehicles environment
He et al. An accountable, privacy-preserving, and efficient authentication framework for wireless access networks
CN106130724A (en) Internet of things terminal security implementation method adopting key agreement

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20201015

Address after: 250100 Ji'nan high tech Zone, Shandong, No. 1036 wave road

Applicant after: INSPUR GROUP Co.,Ltd.

Address before: 250100, Ji'nan province high tech Zone, Sun Village Branch Road, No. 2877, building, floor, building, on the first floor

Applicant before: JINAN INSPUR HI-TECH INVESTMENT AND DEVELOPMENT Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant