[go: up one dir, main page]

CN109495454A - Authentication method, device, cloud server and vehicle - Google Patents

Authentication method, device, cloud server and vehicle Download PDF

Info

Publication number
CN109495454A
CN109495454A CN201811256365.5A CN201811256365A CN109495454A CN 109495454 A CN109495454 A CN 109495454A CN 201811256365 A CN201811256365 A CN 201811256365A CN 109495454 A CN109495454 A CN 109495454A
Authority
CN
China
Prior art keywords
signature
certification request
key
vehicle
public key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811256365.5A
Other languages
Chinese (zh)
Inventor
马东辉
李文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing CHJ Information Technology Co Ltd
Original Assignee
Beijing CHJ Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing CHJ Information Technology Co Ltd filed Critical Beijing CHJ Information Technology Co Ltd
Priority to CN201811256365.5A priority Critical patent/CN109495454A/en
Publication of CN109495454A publication Critical patent/CN109495454A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Lock And Its Accessories (AREA)

Abstract

Embodiment of the disclosure is related to a kind of authentication method, device, cloud server and vehicle, wherein the authentication method applied to cloud server includes: the first certification request for obtaining vehicle and sending, and is authenticated to first certification request;In the case where first certification request passes through, the second certification request is generated, and second certification request is sent to vehicle;Wherein, second certification request includes the first public key, the first signature and the second signature, it is that root private key carries out signature operation to first public key and obtains that described first, which signs, and second signature is that the first private key obtains the first random number signature operation of generation.Technical solution provided by the invention solves the problems, such as that cloud key is easy leakage in existing car networking communication.

Description

Authentication method, device, cloud server and vehicle
Technical field
Embodiment of the disclosure be related to field of communication technology more particularly to a kind of authentication method, device, cloud server and Vehicle.
Background technique
In existing technology, car networking depends on greatly two-way TLS (Transport Layer Security, safe transmission Layer protocol) guarantee the identification and information privacy of communicating pair, this just needs a set of PKI (Public Key Infrastructure, Public Key Infrastructure) digital certificate is issued for cloud and engine end.In a communication link, the private of TLS Key and certificate are generally disposed in the load balancer at Web portal or reverse proxy;But from load balancer or reversely It is not protected for acting on behalf of this distance between cloud service supplier, it is easy to the leakage of cloud key is caused, It causes a hidden trouble to the communication security of vehicle net.
Summary of the invention
Embodiment of the disclosure provides a kind of authentication method, device, cloud server and vehicle, it is intended to solve existing The problem of cloud key is easy leakage in car networking communication.
In a first aspect, embodiment of the disclosure provides a kind of authentication method, it is applied to cloud server, comprising:
The first certification request that vehicle is sent is obtained, first certification request is authenticated;
In the case where first certification request passes through, the second certification request is generated, and by second certification request It is sent to vehicle;
Wherein, second certification request includes the first public key, the first signature and the second signature, and first signature is root Private key carries out signature operation to first public key and obtains, and second signature is first random number of first private key to generation Signature operation and obtain.
In some embodiments, first certification request for obtaining vehicle and sending, carries out first certification request Before the step of certification, further includes:
The root public key of generation is saved into the vehicle;
It is described in the case where first certification request passes through, generate the second certification request, and described second authenticated After the step of request is sent to vehicle, further includes:
Obtain the authentication result that the vehicle authenticates second certification request based on the root public key.
In some embodiments, first certification request for obtaining vehicle and sending, carries out first certification request Before the step of certification, further includes:
The root private key of generation is saved into root key generation system;Wherein, the root key generate system be in from The key generation system of linear state;
First public key is imported in the root key generation system, and obtains the root key and generates system feedback First signature;
It is described in the case where first certification request passes through, generate the second certification request, and described second authenticated The step of request is sent to vehicle, comprising:
In the case where first certification request passes through, the first random number is generated, and by the first private key to described the One random number carries out signature operation, obtains second signature;
It will be sent to including the second certification request of first public key, first signature and second signature described Vehicle.
In some embodiments, first certification request for obtaining vehicle and sending, carries out first certification request Before the step of certification, further includes:
The vehicle identification code of the vehicle is obtained, the second key corresponding with the vehicle identification code is generated;Described second Key includes the second public key and the second private key;
Second private key is sent to the vehicle;
First certification request is that vehicle calls second private key to carry out signature operation to the second random number of generation And it obtains;First certification request for obtaining vehicle and sending, the step of certification to first certification request, comprising:
First certification request that vehicle is sent is obtained, first certification request is carried out based on second public key Certification.
In some embodiments, described in the case where first certification request passes through, the second certification request is generated, and After the step of second certification request is sent to vehicle, further includes:
In the case where first private key leakage, matched first public key of the first private key with leakage is obtained;
Blacklist is generated, and signature operation is carried out to the blacklist by the root private key and obtains third signature;Wherein, Include in the blacklist and matched first public key of the first private key of the leakage;
The blacklist and third signature are sent to the vehicle.
Second aspect, embodiment of the disclosure additionally provide a kind of authentication method, are applied to vehicle, comprising:
The first certification request is sent to cloud server;
In the case where first certification request passes through, the second certification request that cloud server is sent is obtained;
Second certification request is authenticated;
Wherein, second certification request includes the first public key, the first signature and the second signature, and first signature is root Private key carries out signature operation to first public key and obtains, and second signature is first random number of first private key to generation Signature operation and obtain.
In some embodiments, described the step of sending the first certification request to cloud server, comprising:
It obtains the second private key that cloud server is sent and saves;Wherein, cloud server is preserved and second private Second public key of key pairing;
The second random number is generated, and obtains institute after calling second private key to carry out signature operation to second random number State the first certification request;
First certification request is sent to the cloud server.
In some embodiments, before described the step of sending the first certification request to cloud server, further includes:
Obtain the root public key that cloud server is sent;
Described the step of second certification request is authenticated, comprising:
First signature is authenticated based on the root public key;
In the case where first signature authentication passes through, second signature is recognized based on first public key Card, to judge whether the cloud server is legal.
In some embodiments, before described the step of being authenticated to second certification request, further includes:
Obtain the blacklist and third signature that cloud server is sent;
Third signature is authenticated based on the root public key;
In the case where the third signature authentication passes through, the blacklist is saved;
It is described in the case where first signature authentication passes through, based on first public key to it is described second signature carry out Certification, to judge the whether legal step of the cloud server, comprising:
In the case where first signature authentication passes through, judge to save in first public key and the blacklist the Whether whether one public key is consistent, legal with the determination cloud server.
The third aspect, embodiment of the disclosure additionally provide a kind of authentication device, are applied to cloud server, comprising:
First authentication module recognizes first certification request for obtaining the first certification request of vehicle transmission Card;
First sending module, in the case where first certification request passes through, generating the second certification request, and will Second certification request is sent to vehicle;
Wherein, second certification request includes the first public key, the first signature and the second signature, and first signature is root Private key carries out signature operation to first public key and obtains, and second signature is first random number of first private key to generation Signature operation and obtain.
In some embodiments, further includes:
First preserving module, for saving the root public key of generation into the vehicle;
First obtains module, is authenticated based on the root public key to second certification request for obtaining the vehicle Authentication result.
In some embodiments, further includes:
Second preserving module, for saving the root private key of generation into root key generation system;Wherein, the root key Generation system is the key generation system in off-line state;
Second obtains module, for importing first public key in the root key generation system, and obtains described First signature of key generation system feedback;
First sending module is also used to:
In the case where first certification request passes through, the first random number is generated, and by the first private key to described the One random number carries out signature operation, obtains second signature;
It will be sent to including the second certification request of first public key, first signature and second signature described Vehicle.
In some embodiments, further includes:
Third obtains module, for obtaining the vehicle identification code of the vehicle, generates corresponding with the vehicle identification code Second key;Second key includes the second public key and the second private key;
Second sending module, for second private key to be sent to the vehicle;
First certification request is that vehicle calls second private key to carry out signature operation to the second random number of generation And it obtains;First authentication module is also used to:
First certification request that vehicle is sent is obtained, first certification request is carried out based on second public key Certification.
In some embodiments, further include third sending module, be used for:
In the case where first private key leakage, matched first public key of the first private key with leakage is obtained;
Blacklist is generated, and signature operation is carried out to the blacklist by the root private key and obtains third signature;Wherein, Include in the blacklist and matched first public key of the first private key of the leakage;
The blacklist and third signature are sent to the vehicle.
Fourth aspect, embodiment of the disclosure additionally provide a kind of authentication device, are applied to vehicle, comprising:
4th sending module, for sending the first certification request to cloud server;
4th obtains module, in the case where first certification request passes through, obtaining what cloud server was sent Second certification request;
Second authentication module, for being authenticated to second certification request;
Wherein, second certification request includes the first public key, the first signature and the second signature, and first signature is root Private key carries out signature operation to first public key and obtains, and second signature is first random number of first private key to generation Signature operation and obtain.
In some embodiments, the 4th sending module is also used to:
It obtains the second private key that cloud server is sent and saves;Wherein, cloud server is preserved and second private Second public key of key pairing;
The second random number is generated, and obtains institute after calling second private key to carry out signature operation to second random number State the first certification request;
First certification request is sent to the cloud server.
In some embodiments, further includes:
5th obtains module, for obtaining the root public key of cloud server transmission;
Second authentication module is also used to:
First signature is authenticated based on the root public key;
In the case where first signature authentication passes through, second signature is recognized based on first public key Card, to judge whether the cloud server is legal.
In some embodiments, further include third authentication module, be used for:
Obtain the blacklist and third signature that cloud server is sent;
Third signature is authenticated based on the root public key;
In the case where the third signature authentication passes through, the blacklist is saved;
Second authentication module is also used to:
In the case where first signature authentication passes through, judge to save in first public key and the blacklist the Whether whether one public key is consistent, legal with the determination cloud server.
5th aspect, embodiment of the disclosure additionally provide a kind of cloud server, including such as any one of third aspect The authentication device.
6th aspect, embodiment of the disclosure additionally provides a kind of vehicle, including as described in any one of fourth aspect Authentication device.
7th aspect, embodiment of the disclosure additionally provide a kind of computer readable storage medium, are stored thereon with calculating Machine program realizes the step of the authentication method as described in any one of first aspect when the computer program is executed by processor Suddenly;Alternatively, realizing the step of the authentication method as described in any one of second aspect when the computer program is executed by processor Suddenly.
In embodiment of the disclosure, for cloud server during being communicated with vehicle, cloud server is to vehicle The first certification request sent is authenticated, and after certification passes through, cloud server generates the second certification request, so that vehicle is to cloud End server is authenticated, and communication security between the two is ensured by the two-way authentication between cloud server and vehicle; In addition, the second certification request that cloud server generates includes the first public key and after root private key is to the first public key signature operation First signature, that is to say, that cloud server has included at least root key and first key two-stage key, improves cloud service The safety of device key also just further ensures the communication security between cloud server and vehicle.
Detailed description of the invention
It, below will be in embodiment of the disclosure description in order to illustrate more clearly of the technical solution of embodiment of the disclosure Required attached drawing is briefly described, it should be apparent that, the accompanying drawings in the following description is only some realities of the disclosure Example is applied, it for those of ordinary skill in the art, without any creative labor, can also be attached according to these Figure obtains other attached drawings.
Fig. 1 is a kind of flow chart for authentication method that embodiment of the disclosure provides;
Fig. 2 is the flow chart for another authentication method that embodiment of the disclosure provides;
Fig. 3 is a kind of structure chart for authentication device that embodiment of the disclosure provides;
Fig. 4 is the structure chart for another authentication device that embodiment of the disclosure provides.
Specific embodiment
Below in conjunction with the attached drawing in embodiment of the disclosure, the technical solution in embodiment of the disclosure is carried out clear Chu is fully described by, it is clear that described embodiment is a part of this disclosure embodiment, instead of all the embodiments.Base It is obtained by those of ordinary skill in the art without making creative efforts every other in embodiment of the disclosure Embodiment belongs to the range of disclosure protection.
Referring to Figure 1, Fig. 1 is a kind of flow chart for authentication method that embodiment of the disclosure provides, the authentication method Applied to cloud server;As shown in Figure 1, the authentication method the following steps are included:
Step 101 obtains the first certification request that vehicle is sent, and authenticates to first certification request.
In embodiment of the disclosure, in the case where vehicle is communicated with cloud, APP generates random number on vehicle, and It calls the safety chip of vehicle to carry out signature operation to the random number, and then obtains the first certification request, this first is authenticated Request is sent to cloud server.Wherein, the second private key of cloud server generation, and cloud are written in the safety chip of vehicle End server preserves the second public key with second private key pairing, in this way, cloud server is obtaining the first of vehicle transmission After certification request, the first certification request can also be verified based on the second public key.
Wherein, second public key and second private key are RSA (rivest, shamir, adelman) key.It is to be appreciated that RSA key be it is existing in pairs, one is public key (Public Key), and one is private key (Private Key), and public key can be public It opens, private key must maintain secrecy, and private key can sign to message, and public key can also verify the signature.For example, A with oneself Private key signs to the message of sending, other people can verify signature using the public key of A, and confirmation message is strictly A It issues, to confirm the identity of A.
Specifically, before the step 101, further includes:
The vehicle identification code of the vehicle is obtained, the second key corresponding with the vehicle identification code is generated;Described second Key includes the second public key and the second private key;
Second private key is sent to the vehicle.
In embodiment of the disclosure, the cloud server includes vehicle key generation system, and the vehicle key generates System is responsible for vehicle and generates RSA key.Each vehicle all has unique vehicle identification code, and cloud server is obtaining vehicle After identification code, also vehicle can be identified by vehicle identification code;Vehicle key generation system can be according to the vehicle identification Code is that vehicle generates a pair of second key, and due to the difference of vehicle identification code, the second key of each car is also different from.Its In, second key includes the second public key and the second private key of pairing.
In producing line on vehicle, the second private key is sent to corresponding vehicle according to vehicle identification code by cloud server, and It saves into the safety chip of the vehicle, so that all not needing to replace after second private key, also ensures the peace of the second private key Quan Xing.And the second public key saves in vehicle key generation system beyond the clouds, to facilitate cloud server to pass through the second public key pair The certification request with the second private key signature that vehicle is sent is authenticated, to identify the identity of vehicle.The step 101 can be with Include:
First certification request that vehicle is sent is obtained, first certification request is carried out based on second public key Certification.
Wherein, first certification request is that vehicle calls second private key to carry out the second random number that vehicle generates It is obtained after signature operation.It is to be appreciated that the second private key is stored in the safety chip of vehicle, the second private key will not be changed, When APP is communicated with cloud server on vehicle, vehicle APP generates the second random number, and calls the second private key to generation Second random number carries out signature operation, and then obtains the first certification request;Cloud server after obtaining first certification request, It identifies first certification request obtained based on the second private key signature, it is public that matched second is searched from vehicle key generation system Key authenticates the first certification request, so that it is determined that the identity of vehicle.
Step 102, in the case where first certification request passes through, generate the second certification request, and by described second Certification request is sent to vehicle.
Wherein, second certification request includes the first public key, the first signature and the second signature, and first signature is root Private key carries out signature operation to first public key and obtains, and second signature is first random number of first private key to generation Signature operation and obtain.
It should be noted that first public key is SP (Service Provider, the service offer of cloud server Person) key generation system generation;Cloud server further includes that root key generates system, is responsible for generating and the root in management cloud is close Key, and it is the key generation system in off-line state that the root key, which generates system, that is, is not connected to network, Jin Erye It is just avoided that network hacker attack and steals the root key and generate system, prevent the leakage of root key, it is ensured that the peace of root key Quan Xing.
In embodiment of the disclosure, before the step 101, further includes:
The root public key of generation is saved into the vehicle.
It should be noted that vehicle, before communicating with cloud server, cloud server has generated root Key.The root key of cloud server generates system and generates a pair of RSA root key, including root public key (Root RSA Public ) and root private key (Root RSA Private Key) Key.It is that the key in off-line state generates that the root key, which generates system, System can be and export the root public key of generation by user and be saved into vehicle, and root private key is still stored in offline root In key generation system.In this way, being also just avoided that root private key is attacked, stolen or distorted, it is ensured that the safety of root private key.
In embodiment of the disclosure, before the step 101, further includes:
The root private key of generation is saved into root key generation system;Wherein, the root key generate system be in from The key generation system of linear state;
First public key of generation is imported in the root key generation system, and obtains the root key and generates system feedback It is described first signature.
It should be noted that vehicle, before communicating with cloud server, cloud server has generated One key, the first key include the first public key and the first private key of pairing.The generation of first key and the generation of root key Sequentially, without limitation, cloud server, which be can be, first generates first key, is also possible to first generate root key.
In embodiment of the disclosure, cloud server further includes the SP key generation system for generating first key, and first is close Key can be RSA key, including the first public key (SP RSA Public Key) and the first private key (SP RSA Private Key).It should be noted that the SP key generation system is the system that can be communicated with vehicle or other network equipments, For the safety for ensuring cloud key, the first public key is imported into root key and generates system, that is, root key generates system, such as It can be and the first public key is sent in specific movable storage device (such as USB flash disk), then will be described in movable storage device connection Root key generates system, and the first public key is imported in the root key generation system, by being stored in root key generation system Root private key signature operation is carried out to obtain the first signature to first public key, which is sent to mobile storage and is set It is standby, then the SP key generation system of cloud server is directed by the movable storage device or other of cloud server are In system.In this way, cloud server is no longer single level-one key, and it is divided into root key and first key, and needed Signature operation is carried out to the first public key by the root private key saved offline to obtain the first signature for being sent to vehicle, so that cloud Hold the safety of server key higher;Also, root private key saves offline, and root public key is stored in vehicle, and cloud server is more When changing key, the first public key and the first private key are only needed to change, without being replaced to root key, would not also be caused to vehicle It influences, but also the key management of cloud server is more flexible.
In embodiment of the disclosure, the step 102 may include:
In the case where first certification request passes through, the first random number is generated, and by the first private key to described the One random number carries out signature operation, obtains second signature;
It will be sent to including the second certification request of first public key, first signature and second signature described Vehicle.
It is to be appreciated that in the case where the first certification request passes through, that is, cloud server is completed to vehicle Certification, the first private key that cloud server generates the first random number, and generated by SP key generation system to described first with Machine number carries out signature operation, and then obtains the second signature, will be including the first public key, the second signature and through root private key to the first public affairs Second certification request of the first signature obtained after key signature operation is sent to vehicle, so that vehicle carries out the second certification request Certification.
May include: after the step 102
Obtain the authentication result that the vehicle authenticates second certification request based on the root public key.
It include through root in the second certification request it is to be appreciated that saving the root public key that can be matched with root private key in vehicle Private key is to the first signature obtained after the first public key signature operation, and then vehicle carries out the first signature based on the root public key Certification also just can determine that the first public key is legal if being verified;The second signature in second certification request is the first private key To first random number carry out signature operation and obtain, determine the first public key it is legal and then by the first public key come pair Second signature is authenticated, if certification passes through, also just can determine that the legal identity of cloud server, and the authentication result is fed back To cloud server, the two-way authentication of vehicle and cloud server is also just completed in this way, it is ensured that vehicle and cloud server Communication security.
In embodiment of the disclosure, can also include: after the step 102
In the case where first private key leakage, matched first public key of the first private key with leakage is obtained;
Blacklist is generated, and signature operation is carried out to the blacklist by the root private key and obtains third signature;Wherein, Include in the blacklist and matched first public key of the first private key of the leakage;
The blacklist and third signature are sent to the vehicle.
It is to be appreciated that the SP key generation system of cloud server is disposed online, the first private key generated It is possible to be compromised, and then influences the communication security between cloud server and vehicle.The case where the first private key leaks Under, due to public key be it is disclosed, be equivalent to the first public key also just it is dangerous, cloud server generate blacklist, the blacklist In include with matched first public key of the first private key of the leakage, and the blacklist is carried out by the root private key that saves offline Signature operation obtains third signature.Specifically, it can be and blacklist be sent to movable storage device, which is set Standby connection root key generates system, and root key generates the blacklist in system acquisition movable storage device, and passes through root private key pair The blacklist carries out signature operation, and then obtains third signature, and third signature is sent in movable storage device, then is led to It crosses movable storage device and third signature is imported into the SP key generation system disposed online in cloud server or other systems In, the blacklist and third signature are sent to by vehicle by network.
In this way, vehicle can also test the third signature that root private key signature operation obtains by the root public key saved Card after being proved to be successful, the blacklist received is saved, can also know the first public key revealed in blacklist.Vehicle is receiving When the message that cloud server is sent, can first judge whether the first public key is first saved in blacklist in the message received Public key, if it is, think this message be it is illegal, this message can be refused to respond, and then ensure vehicle and cloud service The communication security of device.
It should be noted that new first can be regenerated in the case where the first private key leakage of server beyond the clouds Private key and the first public key of pairing, and the second new certification request is generated by newly-generated the first private key and the first public key, To realize the communication with vehicle;Its specific process can be referring to above-mentioned for the first private key, the first public key and the second certification The specific descriptions of the generating process of request, to avoid repeating, details are not described herein again.Wherein, the first of the cloud server is private The case where key is revealed, which can be according to the feedback of external equipment, to be obtained.
In embodiment of the disclosure, for cloud server during being communicated with vehicle, cloud server is to vehicle The first certification request sent is authenticated, and after certification passes through, cloud server generates the second certification request, so that vehicle is to cloud End server is authenticated, and communication security between the two is ensured by the two-way authentication between cloud server and vehicle; In addition, the second certification request that cloud server generates includes the first public key and after root private key is to the first public key signature operation First signature, that is to say, that cloud server has included at least root key and first key two-stage key, improves cloud service The safety of device key also just further ensures the communication security between cloud server and vehicle.
Fig. 2 is referred to, Fig. 2 is the flow chart for another authentication method that embodiment of the disclosure provides, the authentication method Applied to vehicle;As shown in Fig. 2, the authentication method the following steps are included:
Step 201 sends the first certification request to cloud server.
It is to be appreciated that need first to obtain the certification of cloud server when vehicle is that cloud server is communicated, this When vehicle to cloud server send be used for authenticating identity the first certification request.In embodiment of the disclosure, the step 201 May include:
It obtains the second private key that cloud server is sent and saves;Wherein, cloud server is preserved and second private Second public key of key pairing;
The second random number is generated, and obtains institute after calling second private key to carry out signature operation to second random number State the first certification request;
First certification request is sent to the cloud server.
It should be noted that cloud server includes vehicle key generation system, the vehicle key generation system is responsible for RSA key is generated for vehicle.Each vehicle all has unique vehicle identification code, and cloud server is obtaining vehicle identification code Afterwards, also vehicle can be identified by vehicle identification code.The vehicle key generation system of cloud server can be known according to vehicle Other code is that vehicle generates a pair of second key, and due to the difference of vehicle identification code, the second key of each car is also different from.Its In, second key includes the second public key and the second private key of pairing.
Before vehicle sends the first certification request to cloud server, cloud server is according to vehicle identification code by second Private key is sent to corresponding vehicle, and saves into the safety chip of the vehicle, so that all not needing more after second private key It changes, also ensures the safety of the second private key.Cloud server preserves the second public key with second private key pairing, with side Just cloud server authenticates the certification request with the second private key signature that vehicle is sent by the second public key, with identification The identity of vehicle.
In embodiment of the disclosure, vehicle generates the second random number when server is communicated beyond the clouds, and calls preservation The second private key second random number is carried out to obtain the first certification request after signature operation, vehicle sends out first certification request It send to cloud server, the first certification request is authenticated so that cloud server is based on the second public key.
Step 202, in the case where first certification request passes through, obtain cloud server send second certification asks It asks.
It is to be appreciated that can send second after identity of the cloud server based on the second public key confirmation vehicle to vehicle and recognize Card request, so that identity of the vehicle to cloud server confirms.Wherein, second certification request include the first public key, First signature and the second signature, first signature is that root private key carries out signature operation to first public key and obtains, described Second signature is that the first private key obtains the first random number signature operation of generation.
It should be noted that vehicle, before communicating with cloud server, cloud server has generated root Key and first key, the first key include the first public key and the first private key.First public key is cloud server SP (Service Provider, ISP) key generation system generates;Root key is that the root key of cloud server is raw It is responsible for generating and manages at system, and it is the key generation system in off-line state that the root key, which generates system, also Be be not connected to network, and then also it is avoided that network hacker attack and steal the root key system, prevent the leakage of root key, really Protect the safety of root key.Specifically, the root key of cloud server generates system and generates a pair of RSA root key, including root public affairs Key (Root RSA Public Key) and root private key (Root RSA Private Key).In embodiment of the disclosure, cloud clothes The detailed process that business device generates the second certification request is referred to the embodiment in embodiment described in Fig. 1, and details are not described herein again.
Step 203 authenticates second certification request.
It should be noted that before the step 203 further include:
Obtain the root public key that cloud server is sent.
It include through root in the second certification request in this way, also just saving the root public key that can be matched with root private key in vehicle Private key to obtained after the first public key signature operation first signature, and then vehicle based on the root public key come to the second certification request It is authenticated.Specifically, the step 203 may include:
First signature is authenticated based on the root public key;
In the case where first signature authentication passes through, second signature is recognized based on first public key Card, to judge whether the cloud server is legal.
It is to be appreciated that including the first label obtained after root private key is to the first public key signature operation in the second certification request Name, vehicle authenticates the first signature based on the root public key, if being verified, also just can determine that the first public key is legal 's;The second signature in second certification request is that the first private key carries out signature operation to first random number and obtains, true Fixed first public key is legal and then is authenticated by the first public key to the second signature, if certification passes through, vehicle also can be really Determine the legal identity of cloud server, and the authentication result is fed back into cloud server, also just completes vehicle and cloud in this way Hold the two-way authentication of server, it is ensured that the communication security of vehicle and cloud server.
It should be noted that the SP key generation system of cloud server is disposed online, the first private key generated Also it is possible to be compromised, and then influences the communication security between cloud server and vehicle.Before the step 203, Can also include:
Obtain the blacklist and third signature that cloud server is sent;
Third signature is authenticated based on the root public key;
In the case where the third signature authentication passes through, the blacklist is saved.
Wherein, the blacklist includes the first public key of cloud server leakage, and the third signature is cloud server Blacklist signature operation is obtained by the root private key.In the case where the leakage of the first private key, since public key is public It opens, is equivalent to that the first public key is also just dangerous, and it includes blacklist that cloud server, which generates, include and leakage in the blacklist Matched first public key of the first private key, and signature operation is carried out to the blacklist by the root private key that saves offline, obtains the Three signatures.Specifically, it can be and blacklist be sent to movable storage device, movable storage device connection root key is generated System, root key generates the blacklist in system acquisition movable storage device, and is signed by root private key to the blacklist Operation, and then third signature is obtained, and third signature is sent in movable storage device, then will by movable storage device Third signature imports in the SP key generation system disposed online in cloud server or other systems, will be described by network Blacklist and third signature are sent to vehicle.
Vehicle can also verify the third signature that root private key signature operation obtains by the root public key saved, verify After success, the blacklist received is saved, can also know first with the pairing of leakage the first private key that be saving in blacklist Public key.
Specifically, described in the case where first signature authentication passes through, based on first public key to described second Signature is authenticated, and to judge the whether legal step of the cloud server, may include:
In the case where first signature authentication passes through, judge to save in first public key and the blacklist the Whether whether one public key is consistent, legal with the determination cloud server.
Specifically, in the case where first signature authentication passes through, judge first public key whether with the black name First public key of the leakage saved in list is consistent;If first public key is not public with the first of the leakage saved in the blacklist Key is consistent, then is authenticated based on first public key to second signature, and determine that the cloud server is legal;If institute It is consistent to state the first public key of leakage saved in the first public key and the blacklist, then determines that the cloud server is illegal.
In this way, vehicle can first judge the first public key in the message received when receiving the message of cloud server transmission Whether be the first public key saved in blacklist, if it is, think this message be it is illegal, this message can be refused to respond, And then ensure the communication security of vehicle and cloud server.
In embodiment of the disclosure, for vehicle during being communicated with cloud server, vehicle is to cloud server The first certification request is sent, after certification passes through, vehicle needs the second certification request sent to cloud server to authenticate, and leads to The two-way authentication crossed between vehicle and cloud server ensures communication security between the two;In addition, cloud server generates The second certification request include the first public key and through root private key to after the first public key signature operation first signature, that is to say, that cloud End server has included at least root key and first key two-stage key, improves the complexity of the second certification request, vehicle base The second certification request is authenticated in the root public key of preservation, better ensures the communication between cloud server and vehicle Safety.
Fig. 3 is referred to, Fig. 3 is a kind of structure chart for authentication device that embodiment of the disclosure provides, which answers For cloud server;As shown in figure 3, the authentication device 300 includes:
First authentication module 301 carries out first certification request for obtaining the first certification request of vehicle transmission Certification;
First sending module 302, for generating the second certification request in the case where first certification request passes through, And second certification request is sent to vehicle;
Wherein, second certification request includes the first public key, the first signature and the second signature, and first signature is root Private key carries out signature operation to first public key and obtains, and second signature is first random number of first private key to generation Signature operation and obtain.
In some embodiments, the authentication device 300 further include:
First preserving module, for saving the root public key of generation into the vehicle;
First obtains module, is authenticated based on the root public key to second certification request for obtaining the vehicle Authentication result.
In some embodiments, the authentication device 300 further include:
Second preserving module, for saving the root private key of generation into root key generation system;Wherein, the root key Generation system is the key generation system in off-line state;
Second obtains module, for importing first public key in the root key generation system, and obtains described First signature of key generation system feedback;
First sending module 302 is also used to:
In the case where first certification request passes through, the first random number is generated, and by the first private key to described the One random number carries out signature operation, obtains second signature;
It will be sent to including the second certification request of first public key, first signature and second signature described Vehicle.
In some embodiments, the authentication device 300 further include:
Third obtains module, for obtaining the vehicle identification code of the vehicle, generates corresponding with the vehicle identification code Second key;Second key includes the second public key and the second private key;
Second sending module, for second private key to be sent to the vehicle;
First certification request is that vehicle calls second private key to carry out signature operation to the second random number of generation And it obtains;First authentication module 301 is also used to:
First certification request that vehicle is sent is obtained, first certification request is carried out based on second public key Certification.
In some embodiments, the authentication device 300 further includes third sending module, is used for:
In the case where first private key leakage, matched first public key of the first private key with leakage is obtained;
Blacklist is generated, and signature operation is carried out to the blacklist by the root private key and obtains third signature;Wherein, Include in the blacklist and matched first public key of the first private key of the leakage;
The blacklist and third signature are sent to the vehicle.
The authentication device applied to cloud server that embodiment of the disclosure provides may be implemented to recognize described in above-mentioned Fig. 1 Whole embodiments in card method, and identical technical effect can be reached, to avoid repeating, details are not described herein.
In embodiment of the disclosure, the authentication device 300 applied to cloud server asks the first certification that vehicle is sent It asks and is authenticated, after certification passes through, authentication device 300 generates the second certification request, so that vehicle recognizes cloud server Card, and then ensure communication security between the two by the two-way authentication between cloud server and vehicle;In addition, certification dress The second certification request for setting 300 generations includes the first public key and signs through root private key to first after the first public key signature operation, That is cloud server has included at least root key and first key two-stage key, improves the peace of cloud server key Quan Xing also just further ensures the communication security between cloud server and vehicle.
Fig. 4 is referred to, Fig. 4 is a kind of structure chart for authentication device that embodiment of the disclosure provides, which answers For vehicle;As shown in figure 4, the authentication device 400 includes:
4th sending module 401, for sending the first certification request to cloud server;
4th obtains module 402, sends in the case where first certification request passes through, obtaining cloud server The second certification request;
Second authentication module 403, for being authenticated to second certification request;
Wherein, second certification request includes the first public key, the first signature and the second signature, and first signature is root Private key carries out signature operation to first public key and obtains, and second signature is first random number of first private key to generation Signature operation and obtain.
In some embodiments, the 4th sending module 401 is also used to:
It obtains the second private key that cloud server is sent and saves;Wherein, cloud server is preserved and second private Second public key of key pairing;
The second random number is generated, and obtains institute after calling second private key to carry out signature operation to second random number State the first certification request;
First certification request is sent to the cloud server.
In some embodiments, the authentication device 400 further include:
5th obtains module, for obtaining the root public key of cloud server transmission;
Second authentication module 403 is also used to:
First signature is authenticated based on the root public key;
In the case where first signature authentication passes through, second signature is recognized based on first public key Card, to judge whether the cloud server is legal.
In some embodiments, the authentication device 400 further includes third authentication module, is used for:
Obtain the blacklist and third signature that cloud server is sent;
Third signature is authenticated based on the root public key;
In the case where the third signature authentication passes through, the blacklist is saved;
Second authentication module 403 is also used to:
In the case where first signature authentication passes through, judge to save in first public key and the blacklist the Whether whether one public key is consistent, legal with the determination cloud server.
Authentication method described in above-mentioned Fig. 2 may be implemented in the authentication device applied to vehicle that embodiment of the disclosure provides In whole embodiments, and identical technical effect can be reached, to avoid repeating, details are not described herein.
In embodiment of the disclosure, the authentication device 400 applied to vehicle sends the first certification request to cloud server, After certification passes through, authentication device 400 needs the second certification request sent to cloud server to authenticate, and passes through vehicle and cloud The two-way authentication between server is held to ensure communication security between the two;In addition, the second certification that cloud server generates Request includes the first public key and signs through root private key to first after the first public key signature operation, that is to say, that cloud server is extremely Less include root key and first key two-stage key, improves the complexity of the second certification request, root of the vehicle based on preservation Public key authenticates the second certification request, also just better ensures the communication security between vehicle and cloud server.
Embodiment of the disclosure additionally provides a kind of cloud server, including authentication device as described in Figure 3, and can reach The identical technical effect of embodiment described in Fig. 3, to avoid repeating, details are not described herein.
The embodiment of the present disclosure additionally provides a kind of vehicle, including authentication device as described in Figure 4, and can reach described in Fig. 4 The identical technical effect of embodiment, to avoid repeating, details are not described herein.
Embodiment of the disclosure also provides a kind of computer readable storage medium, is stored on computer readable storage medium Computer program, the computer program realize each process of authentication method embodiment described in above-mentioned Fig. 1 when being executed by processor, Or the computer program realizes each process of authentication method embodiment described in above-mentioned Fig. 2 when being executed by processor, and can reach To identical technical effect, to avoid repeating, which is not described herein again.Wherein, the computer readable storage medium, it is such as read-only Memory (Read-Only Memory, abbreviation ROM), random access memory (Random Access Memory, abbreviation RAM), magnetic or disk etc..
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row His property includes, so that the process, method, article or the device that include a series of elements not only include those elements, and And further include other elements that are not explicitly listed, or further include for this process, method, article or device institute it is intrinsic Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do There is also other identical elements in the process, method of element, article or device.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art The part contributed out can be embodied in the form of software products, which is stored in a storage medium In (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal (can be mobile phone, computer, service Device, air conditioner or network equipment etc.) execute method described in each embodiment of the present invention.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain Lid is within protection scope of the present invention.Therefore, protection scope of the present invention should be subject to the protection scope in claims.

Claims (21)

1. a kind of authentication method is applied to cloud server characterized by comprising
The first certification request that vehicle is sent is obtained, first certification request is authenticated;
In the case where first certification request passes through, the second certification request is generated, and second certification request is sent To vehicle;
Wherein, second certification request includes the first public key, the first signature and the second signature, and first signature is root private key Signature operation is carried out to first public key and is obtained, second signature is that the first private key signs to the first random number of generation Operation and obtain.
2. authentication method according to claim 1, which is characterized in that first certification request for obtaining vehicle and sending, Before the step of being authenticated to first certification request, further includes:
The root public key of generation is saved into the vehicle;
It is described in the case where first certification request passes through, generate the second certification request, and by second certification request After the step of being sent to vehicle, further includes:
Obtain the authentication result that the vehicle authenticates second certification request based on the root public key.
3. authentication method according to claim 2, which is characterized in that first certification request for obtaining vehicle and sending, Before the step of being authenticated to first certification request, further includes:
The root private key of generation is saved into root key generation system;Wherein, it is in offline shape that the root key, which generates system, The key generation system of state;
First public key is imported in the root key generation system, and obtains the root key and generates the described of system feedback First signature;
It is described in the case where first certification request passes through, generate the second certification request, and by second certification request The step of being sent to vehicle, comprising:
In the case where first certification request passes through, generate the first random number, and by the first private key to described first with Machine number carries out signature operation, obtains second signature;
The vehicle will be sent to including the second certification request of first public key, first signature and second signature ?.
4. authentication method according to any one of claim 1 to 3, which is characterized in that for obtaining vehicle and sending One certification request, before the step of being authenticated to first certification request, further includes:
The vehicle identification code of the vehicle is obtained, the second key corresponding with the vehicle identification code is generated;Second key Including the second public key and the second private key;
Second private key is sent to the vehicle;
First certification request is that vehicle calls second private key to carry out signature operation to the second random number of generation and obtain ?;First certification request for obtaining vehicle and sending, the step of certification to first certification request, comprising:
First certification request that vehicle is sent is obtained, first certification request is recognized based on second public key Card.
5. authentication method according to any one of claim 1 to 3, which is characterized in that described to be asked in first certification It asks in the case where, generates the second certification request, and after the step of second certification request is sent to vehicle, also wrap It includes:
In the case where first private key leakage, matched first public key of the first private key with leakage is obtained;
Blacklist is generated, and signature operation is carried out to the blacklist by the root private key and obtains third signature;Wherein, described Include in blacklist and matched first public key of the first private key of the leakage;
The blacklist and third signature are sent to the vehicle.
6. a kind of authentication method is applied to vehicle characterized by comprising
The first certification request is sent to cloud server;
In the case where first certification request passes through, the second certification request that cloud server is sent is obtained;
Second certification request is authenticated;
Wherein, second certification request includes the first public key, the first signature and the second signature, and first signature is root private key Signature operation is carried out to first public key and is obtained, second signature is that the first private key signs to the first random number of generation Operation and obtain.
7. authentication method according to claim 6, which is characterized in that described to send the first certification request to cloud server The step of, comprising:
It obtains the second private key that cloud server is sent and saves;Wherein, cloud server is preserved matches with second private key Pair the second public key;
The second random number is generated, and obtains described after calling second private key to carry out signature operation to second random number One certification request;
First certification request is sent to the cloud server.
8. authentication method according to claim 6, which is characterized in that described to send the first certification request to cloud server The step of before, further includes:
Obtain the root public key that cloud server is sent;
Described the step of second certification request is authenticated, comprising:
First signature is authenticated based on the root public key;
In the case where first signature authentication passes through, second signature is authenticated based on first public key, with Judge whether the cloud server is legal.
9. authentication method according to claim 8, which is characterized in that described to be authenticated to second certification request Before step, further includes:
Obtain the blacklist and third signature that cloud server is sent;
Third signature is authenticated based on the root public key;
In the case where the third signature authentication passes through, the blacklist is saved;
It is described in the case where first signature authentication passes through, based on first public key to it is described second signature recognize Card, to judge the whether legal step of the cloud server, comprising:
In the case where first signature authentication passes through, judge that save in first public key and the blacklist first is public Whether whether key is consistent, legal with the determination cloud server.
10. a kind of authentication device is applied to cloud server characterized by comprising
First authentication module authenticates first certification request for obtaining the first certification request of vehicle transmission;
First sending module, in the case where first certification request passes through, generating the second certification request, and will be described Second certification request is sent to vehicle;
Wherein, second certification request includes the first public key, the first signature and the second signature, and first signature is root private key Signature operation is carried out to first public key and is obtained, second signature is that the first private key signs to the first random number of generation Operation and obtain.
11. authentication device according to claim 10, which is characterized in that further include:
First preserving module, for saving the root public key of generation into the vehicle;
First obtains module, is recognized based on the root public key what second certification request was authenticated for obtaining the vehicle Demonstrate,prove result.
12. authentication device according to claim 11, which is characterized in that further include:
Second preserving module, for saving the root private key of generation into root key generation system;Wherein, the root key generates System is the key generation system in off-line state;
Second obtains module, for importing first public key in the root key generation system, and obtains the root key Generate first signature of system feedback;
First sending module is also used to:
In the case where first certification request passes through, generate the first random number, and by the first private key to described first with Machine number carries out signature operation, obtains second signature;
The vehicle will be sent to including the second certification request of first public key, first signature and second signature ?.
13. authentication device according to any one of claims 10 to 12, which is characterized in that further include:
Third obtains module, for obtaining the vehicle identification code of the vehicle, generates corresponding with the vehicle identification code second Key;Second key includes the second public key and the second private key;
Second sending module, for second private key to be sent to the vehicle;
First certification request is that vehicle calls second private key to carry out signature operation to the second random number of generation and obtain ?;First authentication module is also used to:
First certification request that vehicle is sent is obtained, first certification request is recognized based on second public key Card.
14. authentication device according to any one of claims 10 to 12, which is characterized in that further include that third sends mould Block is used for:
In the case where first private key leakage, matched first public key of the first private key with leakage is obtained;
Blacklist is generated, and signature operation is carried out to the blacklist by the root private key and obtains third signature;Wherein, described Include in blacklist and matched first public key of the first private key of the leakage;
The blacklist and third signature are sent to the vehicle.
15. a kind of authentication device is applied to vehicle characterized by comprising
4th sending module, for sending the first certification request to cloud server;
4th obtains module, in the case where first certification request passes through, obtaining cloud server is sent second Certification request;
Second authentication module, for being authenticated to second certification request;
Wherein, second certification request includes the first public key, the first signature and the second signature, and first signature is root private key Signature operation is carried out to first public key and is obtained, second signature is that the first private key signs to the first random number of generation Operation and obtain.
16. authentication device according to claim 15, which is characterized in that the 4th sending module is also used to:
It obtains the second private key that cloud server is sent and saves;Wherein, cloud server is preserved matches with second private key Pair the second public key;
The second random number is generated, and obtains described after calling second private key to carry out signature operation to second random number One certification request;
First certification request is sent to the cloud server.
17. authentication device according to claim 15, which is characterized in that further include:
5th obtains module, for obtaining the root public key of cloud server transmission;
Second authentication module is also used to:
First signature is authenticated based on the root public key;
In the case where first signature authentication passes through, second signature is authenticated based on first public key, with Judge whether the cloud server is legal.
18. authentication device according to claim 17, which is characterized in that further include third authentication module, be used for:
Obtain the blacklist and third signature that cloud server is sent;
Third signature is authenticated based on the root public key;
In the case where the third signature authentication passes through, the blacklist is saved;
Second authentication module is also used to:
In the case where first signature authentication passes through, judge that save in first public key and the blacklist first is public Whether whether key is consistent, legal with the determination cloud server.
19. a kind of cloud server, which is characterized in that including the authentication device as described in any one of claim 10 to 14.
20. a kind of vehicle, which is characterized in that including the authentication device as described in any one of claim 15 to 18.
21. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program The step of authentication method as described in any one of claims 1 to 5 is realized when being executed by processor;Alternatively, the computer The step of authentication method as described in any one of claim 6 to 9 is realized when program is executed by processor.
CN201811256365.5A 2018-10-26 2018-10-26 Authentication method, device, cloud server and vehicle Pending CN109495454A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811256365.5A CN109495454A (en) 2018-10-26 2018-10-26 Authentication method, device, cloud server and vehicle

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811256365.5A CN109495454A (en) 2018-10-26 2018-10-26 Authentication method, device, cloud server and vehicle

Publications (1)

Publication Number Publication Date
CN109495454A true CN109495454A (en) 2019-03-19

Family

ID=65691552

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811256365.5A Pending CN109495454A (en) 2018-10-26 2018-10-26 Authentication method, device, cloud server and vehicle

Country Status (1)

Country Link
CN (1) CN109495454A (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110175846A (en) * 2019-05-30 2019-08-27 阿里巴巴集团控股有限公司 The reimbursement of expense method and apparatus of internet of things equipment
CN110460674A (en) * 2019-08-21 2019-11-15 中国工商银行股份有限公司 A kind of information-pushing method, apparatus and system
CN112002037A (en) * 2019-05-10 2020-11-27 联合汽车电子有限公司 Cloud server, vehicle, mobile terminal and authorization data updating method
CN112491559A (en) * 2020-12-03 2021-03-12 中国联合网络通信集团有限公司 Identity verification method and device
CN112585549A (en) * 2020-02-29 2021-03-30 华为技术有限公司 Fault diagnosis method and device and vehicle
CN112788061A (en) * 2021-01-29 2021-05-11 百度在线网络技术(北京)有限公司 Authentication method, device, equipment, storage medium and program product
WO2021168614A1 (en) * 2020-02-24 2021-09-02 华为技术有限公司 Data encryption processing method, data decryption processing method, apparatus, and electronic device
CN114039721A (en) * 2020-07-20 2022-02-11 北京罗克维尔斯科技有限公司 Key management method and device for vehicle-mounted multimedia system
CN114286313A (en) * 2021-12-07 2022-04-05 上海瓶钵信息科技有限公司 Method and system for authenticating mobile terminal and vehicle

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101039180A (en) * 2007-05-09 2007-09-19 中兴通讯股份有限公司 Method and system for generating and transmitting key
CN101958793A (en) * 2010-03-03 2011-01-26 北京唐朝科技股份有限公司 Double public key cryptograph identity identification, secrete key verification and digital signing integrated solution
WO2011159715A2 (en) * 2010-06-14 2011-12-22 Engels Daniel W Key management systems and methods for shared secret ciphers
CN103873240A (en) * 2012-12-10 2014-06-18 华为技术有限公司 CRL transmission method, device and system
CN105847247A (en) * 2016-03-21 2016-08-10 飞天诚信科技股份有限公司 Authentication system and working method thereof
CN106330445A (en) * 2015-06-19 2017-01-11 中兴新能源汽车有限责任公司 Vehicle authentication method and device
CN106713237A (en) * 2015-11-16 2017-05-24 厦门雅迅网络股份有限公司 Encryption method of vehicle-mounted terminal and center platform communication
CN106897606A (en) * 2015-12-18 2017-06-27 东莞酷派软件技术有限公司 A kind of brush machine means of defence and device
JP2017120984A (en) * 2015-12-28 2017-07-06 Kddi株式会社 In-vehicle computer system, vehicle, management method, and computer program

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101039180A (en) * 2007-05-09 2007-09-19 中兴通讯股份有限公司 Method and system for generating and transmitting key
CN101958793A (en) * 2010-03-03 2011-01-26 北京唐朝科技股份有限公司 Double public key cryptograph identity identification, secrete key verification and digital signing integrated solution
WO2011159715A2 (en) * 2010-06-14 2011-12-22 Engels Daniel W Key management systems and methods for shared secret ciphers
CN103873240A (en) * 2012-12-10 2014-06-18 华为技术有限公司 CRL transmission method, device and system
CN106330445A (en) * 2015-06-19 2017-01-11 中兴新能源汽车有限责任公司 Vehicle authentication method and device
CN106713237A (en) * 2015-11-16 2017-05-24 厦门雅迅网络股份有限公司 Encryption method of vehicle-mounted terminal and center platform communication
CN106897606A (en) * 2015-12-18 2017-06-27 东莞酷派软件技术有限公司 A kind of brush machine means of defence and device
JP2017120984A (en) * 2015-12-28 2017-07-06 Kddi株式会社 In-vehicle computer system, vehicle, management method, and computer program
CN105847247A (en) * 2016-03-21 2016-08-10 飞天诚信科技股份有限公司 Authentication system and working method thereof

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
N V VIGHNESH: ""Vehicle authentication scheme based on random permutation for VANET"", 《2011 WORLD CONGRESS ON INFORMATION AND COMMUNICATION TECHNOLOGIES》 *
谢永: ""面向车联网的多服务器架构的匿名双向认证与密钥协商协议"", 《计算机研究与发展》 *

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112002037A (en) * 2019-05-10 2020-11-27 联合汽车电子有限公司 Cloud server, vehicle, mobile terminal and authorization data updating method
CN110175846A (en) * 2019-05-30 2019-08-27 阿里巴巴集团控股有限公司 The reimbursement of expense method and apparatus of internet of things equipment
CN110460674A (en) * 2019-08-21 2019-11-15 中国工商银行股份有限公司 A kind of information-pushing method, apparatus and system
WO2021168614A1 (en) * 2020-02-24 2021-09-02 华为技术有限公司 Data encryption processing method, data decryption processing method, apparatus, and electronic device
CN112585549B (en) * 2020-02-29 2022-05-31 华为技术有限公司 Fault diagnosis method and device and vehicle
CN112585549A (en) * 2020-02-29 2021-03-30 华为技术有限公司 Fault diagnosis method and device and vehicle
CN114039721A (en) * 2020-07-20 2022-02-11 北京罗克维尔斯科技有限公司 Key management method and device for vehicle-mounted multimedia system
CN114039721B (en) * 2020-07-20 2023-09-22 北京罗克维尔斯科技有限公司 Key management method and device for vehicle-mounted multimedia system
CN112491559A (en) * 2020-12-03 2021-03-12 中国联合网络通信集团有限公司 Identity verification method and device
CN112491559B (en) * 2020-12-03 2022-11-22 中国联合网络通信集团有限公司 Identity verification method and device
CN112788061A (en) * 2021-01-29 2021-05-11 百度在线网络技术(北京)有限公司 Authentication method, device, equipment, storage medium and program product
CN112788061B (en) * 2021-01-29 2023-09-01 百度在线网络技术(北京)有限公司 Authentication method, authentication device, authentication apparatus, authentication storage medium, and authentication program product
CN114286313A (en) * 2021-12-07 2022-04-05 上海瓶钵信息科技有限公司 Method and system for authenticating mobile terminal and vehicle

Similar Documents

Publication Publication Date Title
CN109495454A (en) Authentication method, device, cloud server and vehicle
CN103067402B (en) The generation method and system of digital certificate
US9654284B2 (en) Group based bootstrapping in machine type communication
CN110381075B (en) Block chain-based equipment identity authentication method and device
US20150038118A1 (en) Method for verifying the identity of a user of a communicating terminal and associated system
CN103297403A (en) Method and system for achieving dynamic password authentication
CN102868531B (en) Networked transaction certification system and method
CN108024243B (en) A kind of eSIM is caught in Network Communication method and its system
CN101777978A (en) Method and system based on wireless terminal for applying digital certificate and wireless terminal
CN104579649A (en) Identity recognition method and system
CN106550359B (en) Authentication method and system for terminal and SIM card
CN103684797B (en) User and the association authentication method and system of subscriber terminal equipment
CN106534086B (en) A kind of equipment authentication method, terminal device, server and system
CN108111497A (en) Video camera and server inter-authentication method and device
CN106934628A (en) The generation verification method and system of a kind of passive anti-fake two-dimension code
CN111130769A (en) Internet of things terminal encryption method and device
CN106330838A (en) Dynamic signature method, client using the same and server
CN113595985A (en) Internet of things security cloud platform implementation method based on state cryptographic algorithm security chip
CN109698834A (en) A kind of encrypted transmission method and system
CN103905194A (en) Identity traceability authentication method and system
CN110505055A (en) Based on unsymmetrical key pond to and key card outer net access identity authentication method and system
CN105578464B (en) A kind of WLAN certificate identification method, the apparatus and system of enhancing
CN104202170A (en) An identity-based identity authentication system and method
CN112055019A (en) Method for establishing communication channel and user terminal
CN117081736A (en) Key distribution method, key distribution device, communication method, and communication device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190319