CN116233801B - Vehicle-mounted part authentication method, device, storage medium and vehicle - Google Patents
Vehicle-mounted part authentication method, device, storage medium and vehicle Download PDFInfo
- Publication number
- CN116233801B CN116233801B CN202111474861.XA CN202111474861A CN116233801B CN 116233801 B CN116233801 B CN 116233801B CN 202111474861 A CN202111474861 A CN 202111474861A CN 116233801 B CN116233801 B CN 116233801B
- Authority
- CN
- China
- Prior art keywords
- vehicle
- authentication
- authentication request
- mounted part
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 27
- 238000004590 computer program Methods 0.000 claims description 5
- 238000010586 diagram Methods 0.000 description 7
- 239000000284 extract Substances 0.000 description 5
- 230000006855 networking Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 206010063385 Intellectualisation Diseases 0.000 description 1
- 102100039643 Rho-related GTP-binding protein Rho6 Human genes 0.000 description 1
- 101710199571 Rho-related GTP-binding protein Rho6 Proteins 0.000 description 1
- 102100039642 Rho-related GTP-binding protein RhoN Human genes 0.000 description 1
- 108050007497 Rho-related GTP-binding protein RhoN Proteins 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000001788 irregular Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/40—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
- H04W4/48—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for in-vehicle communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/60—Context-dependent security
- H04W12/61—Time-dependent
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/72—Signcrypting, i.e. digital signing and encrypting simultaneously
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/84—Vehicles
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Lock And Its Accessories (AREA)
Abstract
The invention relates to the field of automobiles, in particular to a vehicle-mounted part authentication method, device, storage medium and vehicle based on symmetric encryption. The method comprises the following steps: receiving a whole vehicle wake-up signal; receiving a first authentication request from the vehicle-mounted part; authenticating the first authentication request in a first time period from receiving the whole vehicle wake-up signal; and returning an authentication result to the vehicle-mounted part. According to the vehicle-mounted part authentication scheme, the authentication efficiency of the authentication center platform and the vehicle-mounted equipment can be improved, and meanwhile, the reliability and the safety of authentication are also improved.
Description
Technical Field
The invention relates to the field of automobiles, in particular to a vehicle-mounted part authentication method, device, storage medium and vehicle based on symmetric encryption.
Background
On the one hand, with the development of automobile technology, the requirements of people on driving vehicle experience are also higher and higher, and various parts are additionally arranged. Meanwhile, illegal devices may exist in the irregular added parts, so that the vehicle data or the authority is illegally extracted or used, and network security trouble is caused.
On the other hand, along with the development of the automobile to intellectualization and networking, the functions of the automobile are continuously increased, and the networking of the automobile not only enables a vehicle factory to know and track the condition of the automobile, but also brings more convenience to the daily life of a user. However, illegal users deeply networking the automobile system through the network to operate and control the automobile, and the automobile safety is extremely threatened. Therefore, certain measures are required to be taken to ensure that the mounted parts of the vehicle are legal devices, so that the monitoring of the vehicle-mounted data by the mounted unauthorized devices and the interference and damage of malicious and false instructions and data on the functions of the vehicle are prevented.
Disclosure of Invention
According to the vehicle-mounted part authentication method, the device, the storage medium and the vehicle, the safety authentication based on symmetric encryption of the vehicle-mounted device and the authentication center can be realized, the authentication efficiency of the authentication center platform and the vehicle-mounted device is improved, and the reliability and the safety of the authentication are also improved.
To achieve one or more of the above objects, the present invention provides the following technical solutions. Specifically:
According to a first aspect of the present invention, there is provided a vehicle-mounted part authentication method based on symmetric encryption, characterized by comprising the steps of: receiving a whole vehicle wake-up signal; receiving a first authentication request from the vehicle-mounted part; authenticating the first authentication request in a first time period from receiving the whole vehicle wake-up signal; and returning an authentication result to the vehicle-mounted part.
The method according to an embodiment of the invention, wherein the first authentication request is a digitally signed and encrypted authentication request.
A method according to another embodiment or any of the preceding embodiments of the present invention, wherein authenticating the first authentication request comprises: authenticating the signature of the first authentication request with a digital certificate; if the signature is legal, decrypting the first authentication request by using a symmetric decryption algorithm; and comparing the decryption information with preset information.
The method according to another embodiment of the present invention or any of the above embodiments, further comprising: and if the first authentication request is received after the first time period, returning authentication rejection information to the vehicle-mounted part.
The method according to another embodiment of the present invention or any of the above embodiments, further comprising: and if the number of times of receiving the first authentication request in the first time is larger than a first threshold value, returning authentication refusing information to the vehicle-mounted part.
According to a second aspect of the present invention, there is provided a vehicle-mounted part authentication apparatus based on symmetric encryption, characterized in that the vehicle-mounted part authentication apparatus is configured to: receiving a whole vehicle wake-up signal; receiving a first authentication request from the vehicle-mounted part; authenticating the first authentication request in the first time when the whole vehicle wake-up signal is received; and returning an authentication result to the vehicle-mounted part.
An apparatus according to an embodiment of the invention, wherein the first authentication request is a digitally signed and encrypted authentication request.
According to another embodiment of the present invention or the apparatus of any one of the above embodiments, the in-vehicle part authentication apparatus is further configured to: authenticating the signature of the first authentication request with a digital certificate; if the signature is legal, decrypting the first authentication request by using a symmetric decryption algorithm; and comparing the decryption information with preset information.
According to another embodiment of the present invention or the apparatus of any one of the above embodiments, the in-vehicle part authentication apparatus is further configured to: and if the first authentication request is received after the first time period, returning authentication rejection information to the vehicle-mounted part.
According to another embodiment of the present invention or the apparatus of any one of the above embodiments, the in-vehicle part authentication apparatus is further configured to: and if the number of times of receiving the first authentication request in the first time is larger than a first threshold value, returning authentication refusing information to the vehicle-mounted part.
According to a third aspect of the present invention there is provided a computer readable storage medium having instructions stored therein, characterized in that the instructions, when executed by a processor, cause the processor to perform the method according to the first aspect of the present invention.
According to a fourth aspect of the present invention there is provided a vehicle characterised by being provided with an apparatus according to the second aspect of the present invention.
Drawings
The foregoing and/or other aspects and advantages of the present invention will become more apparent and more readily appreciated from the following description of the various aspects taken in conjunction with the accompanying drawings in which like or similar elements are designated with the same reference numerals. The drawings include:
FIG. 1 shows a flow chart of a vehicle-mounted part authentication method 100 according to one embodiment of the invention; and
Fig. 2 shows a schematic block diagram of an in-vehicle part authentication system 200 according to one embodiment of the invention.
Detailed Description
In this specification, the invention will be described more fully with reference to the accompanying drawings in which illustrative embodiments of the invention are shown. This invention may, however, be embodied in different forms and should not be construed as limited to the embodiments set forth herein. The embodiments are presented in order to fully complete the disclosure herein to more fully convey the scope of the invention to those skilled in the art.
Terms such as "comprising" and "including" mean that the technical solution of the present invention does not exclude the presence of other elements and steps than those directly or explicitly stated in the description and claims. The terms such as "first" and "second" do not denote the order of units in terms of time, space, size, etc. but rather are merely used to distinguish one unit from another.
The present invention is described below with reference to flowchart illustrations, block diagrams, and/or flowchart illustrations of methods and systems according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block and/or flow diagram block or blocks. It should also be noted that in some alternative implementations, the functions/acts noted in the blocks may occur out of the order noted in the flowcharts. For example, two blocks shown in succession may in fact be executed substantially concurrently or the blocks may sometimes be executed in the reverse order, depending upon the functionality/acts involved.
These computer program instructions may be loaded onto a computer or other programmable data processor to cause a series of operational steps to be performed on the computer or other programmable processor to produce a computer implemented process such that the instructions which execute on the computer or other programmable data processor provide steps for implementing the functions or acts specified in the flowchart and/or block diagram block or blocks. It should also be noted that in some alternative implementations, the functions/acts noted in the blocks may occur out of the order noted in the flowcharts. For example, two blocks shown in succession may in fact be executed substantially concurrently or the blocks may sometimes be executed in the reverse order, depending upon the functionality/acts involved.
The term "vehicle" or other similar terms herein include motor vehicles in general, such as passenger vehicles (including sport utility vehicles, buses, trucks, etc.), various commercial vehicles, and the like, and include hybrid vehicles, electric vehicles, plug-in hybrid electric vehicles, and the like. A hybrid vehicle is a vehicle having two or more power sources, such as a gasoline powered and an electric vehicle.
In the safety communication of the vehicle intranet, the identity legitimacy of the vehicle-mounted part ECU (Electronic Control Unit, an electronic control unit) and the gateway is the premise and the guarantee of the safety communication. If there is no effective authentication mechanism between the vehicle-mounted part and the gateway, the risk of being vulnerable to forgery attack and replay attack is faced.
Referring now to fig. 1, fig. 1 shows a flow chart of a vehicle-mounted part authentication method 100 according to one embodiment of the invention.
In step 110, a vehicle wake-up signal may be received. For example, when a user inserts a key into an ignition or brings a smart authentication into a vehicle, the key may transmit an electronic code (i.e., authentication information) stored therein to a vehicle control device such as a vehicle body controller. Then, the vehicle control apparatus may determine whether the received electronic code matches information preset into the vehicle control apparatus. If the vehicle control device judges that the electronic code is matched with the preset information, the key is effective, and the vehicle control device can send a whole vehicle wake-up signal to wake up the basic function or the ignition function of the vehicle. If the vehicle control device judges that the received electronic code is not matched with the preset information, the key is invalid, and the key authentication process fails and ends. Alternatively, in the event that the key authentication procedure fails, the vehicle control apparatus may issue an alarm message to alert the vehicle to the illegal approach or entry.
In step 120, a first authentication request from the vehicle-mounted part may be received. By way of example, the "onboard components" described herein may be either original onboard components (e.g., individual sensors in the vehicle such as millimeter wave radar, laser radar, mono- \binocular cameras, and satellite navigation) or add-on onboard components (e.g., add-on speakers, add-on mobile terminal devices, etc.).
Optionally, the first authentication request from the vehicle-mounted part is a digitally signed and encrypted authentication request. For example, the vehicle-mounted part is distributed with the first authentication information, the authentication signature information in advance by the authentication management system, and the first authentication information, and the authentication signature information may be stored in a profile of the vehicle-mounted part. Illustratively, preset information corresponding to the first authentication information and a digital certificate corresponding to the authentication signature information are distributed in advance by the authentication management system in the in-vehicle part authentication apparatus (e.g., gateway), and the preset information and the digital certificate may be stored in a configuration file of the in-vehicle part authentication apparatus.
The authentication management system described above may be, for example, an in-vehicle part authentication device (e.g., gateway) itself.
For example, the vehicle-mounted part may encrypt the first authentication information using a symmetric encryption algorithm and transmit the ciphertext with the signature to a vehicle-mounted part authentication device (e.g., gateway).
In step 130, the first authentication request is authenticated during a first period of time from receipt of the vehicle wake-up signal.
Optionally, in step 130, if the first authentication request is received after the first period of time, reject authentication information is returned to the vehicle part.
For example, the received authentication request is authenticated only for a prescribed time (e.g., a preset period of time) after the entire vehicle wakes up.
For example, assuming that the vehicle wake-up signal is received at a first time T 1 and a first authentication request from the vehicle-mounted part is received at a second time T 2, if T 2-T1≤TTH, where T TH is a preset time period (e.g., 10 minutes), the first authentication request will be authenticated; if T 2-T1>TTH, where T TH is a preset time period (e.g., 10 minutes), the first authentication request will not be authenticated and reject authentication information is returned to the vehicle component.
Optionally, in step 130, if the number of times the first authentication request is received within the first time is greater than a first threshold, reject authentication information is returned to the vehicle part.
For example, for a specific in-vehicle component, only a limited number of authentication requests (for example, three times) transmitted within a prescribed time may be authenticated, while for an authentication request exceeding a threshold number transmitted continuously, no operation may be performed, or rejection authentication information may be returned to the in-vehicle component.
Alternatively, in the authentication operation in step 130, the signature of the first authentication request may first be authenticated with a digital certificate.
For example, the received authentication request may be signature-authenticated with a digital certificate corresponding to the authentication signature information, which is distributed in advance by the authentication management system, and which may be stored in a configuration file of the in-vehicle part authentication device, as described above. If the authentication signature information in the received authentication request is matched with the information in the digital certificate, the signature authentication is passed, and the following decryption authentication is continued; if the authentication signature information in the received authentication request does not match the information in the digital certificate, the signature authentication fails, and reject authentication information may be returned to the vehicle-mounted part.
Optionally, in the authentication operation in step 130, the received authentication request may then be decrypted using a decryption algorithm corresponding to the encryption algorithm of the first authentication information. If the decrypted authentication request matches the preset information, the decrypted authentication is passed, and the step 140 is continued; if the decrypted authentication request is not matched with the preset information, the decryption authentication fails, and the authentication refusing information can be returned to the vehicle-mounted part.
Alternatively, in the authentication operation in step 130 is described above by taking simple one-way authentication as an example, it should be understood that the authentication operation in step 130 may be a two-way authentication operation to further improve the security of authentication.
In a mutual authentication operation, if the authentication signature information in the received authentication request matches the information in the digital certificate, mutual authentication will be triggered. For example, an electronic code for identifying the in-vehicle part, such as an in-vehicle part identification code (ID), may be stored in advance in the in-vehicle part and in-vehicle part authentication device (e.g., gateway) by the authentication management system. The following description of mutual authentication is made by taking a gateway as an example.
The vehicle-mounted part first generates first authentication information and transmits the first authentication information to the vehicle gateway. Illustratively, the vehicle part may generate and store a first random number (RND 1), a first Seed (Seed 1), and encrypt and send it to the gateway along with the vehicle part identification code (e.g., the last 8 bytes of the ID). For example, the seed sequence may be randomly generated during authentication and the seed may be generated from the seed sequence.
The gateway decrypts the first authentication information after receiving it and extracts the first valid data from the first authentication information to perform the first authentication. Illustratively, the gateway may extract the Seed1+ID from the RND1+Seed1+ID and authenticate it using ID information pre-stored by the authentication management system. If the extracted ID information matches the stored ID, the first authentication is passed.
And the gateway sends second authentication information to the vehicle-mounted part after the first authentication is passed. Illustratively, the gateway may generate and store a second random number (RND 2), a second Seed (Seed 2), and encrypt and send it to the vehicle part along with the first Seed (Seed 1).
The vehicle-mounted part decrypts the second authentication information after receiving the second authentication information, and extracts second valid data from the second authentication information to perform second authentication. By way of example only, and in an illustrative, the gateway can be from RND2+Seed2+ Seed2+Seed1 is extracted from Seed1, and authenticates it using the previously stored Seed 1. If the extracted Seed1 matches the stored Seed1, the second authentication passes.
And the vehicle-mounted part sends third authentication information to the gateway after the second authentication is passed. For example, the vehicle part may generate a third random number (RND 3) and encrypt it with Seed2 and send it to the gateway.
The gateway decrypts the third authentication information after receiving it and extracts third valid data from the third authentication information for third authentication. Illustratively, the gateway may extract Seed2 from rnd3+seed2 and authenticate it with previously stored Seed 2. If the extracted Seed2 matches the stored Seed2, the third authentication passes and the mutual authentication process ends.
In step 140, an authentication result is returned to the vehicle-mounted component. Illustratively, if authentication is successful, authentication success information is returned to the vehicle-mounted part to authorize the vehicle-mounted part to perform further operations (e.g., read sensor data); if the authentication fails, a refusal authentication message is returned to the vehicle-mounted part to prohibit the vehicle-mounted part from further operation.
With continued reference now to FIG. 2, FIG. 2 shows a schematic block diagram of an in-vehicle part authentication system 200 according to one embodiment of the invention.
As shown in fig. 2, the vehicle-mounted part authentication system 200 may include a vehicle-mounted part authentication device 210 and one or more vehicle-mounted parts 220. Illustratively, the vehicle-mounted part 220 may be an original vehicle-mounted part (e.g., various sensors in a vehicle such as millimeter wave radar, laser radar, mono-/binocular camera, and satellite navigation), or may be an add-on vehicle-mounted part (e.g., an external speaker, an external mobile terminal device, etc.).
The vehicle-mounted part 220 may be configured to transmit a first authentication request to the vehicle-mounted part after the entire vehicle is powered up or the entire vehicle wake-up signal is received. Illustratively, the vehicle part 220 may encrypt the first authentication information using a symmetric encryption algorithm and send the ciphertext with the signature to the vehicle part authentication device 210 (e.g., gateway). Illustratively, the vehicle-mounted part 220 is pre-distributed with the first authentication information, the authentication signature information by the authentication management system, and the first authentication information, and the authentication signature information may be stored in a configuration file of the vehicle-mounted part 220. Illustratively, preset information corresponding to the first authentication information and a digital certificate corresponding to the authentication signature information are distributed in advance by the authentication management system in the vehicle-mounted part authentication apparatus 210 (e.g., gateway), and the preset information and the digital certificate may be stored in a configuration file of the vehicle-mounted part authentication apparatus 210. The authentication management system described above may be, for example, an in-vehicle part authentication device (e.g., gateway) itself.
The vehicle-mounted part authentication device 210 may be configured to receive a vehicle wake-up signal and to receive a first authentication request from the vehicle-mounted part. The vehicle-mounted part authentication device 210 may be further configured to authenticate the first authentication request in a first period of time from the receipt of the entire vehicle wake-up signal. Alternatively, if the vehicle-mounted part authentication device 210 receives the first authentication request after the first period of time, reject authentication information is returned to the vehicle-mounted part 220.
Illustratively, the vehicle-mounted part authentication device 210 authenticates the received authentication request only for a prescribed time (e.g., a preset time period) after the entire vehicle wakes up. For example, assuming that the vehicle-mounted part authentication device 210 receives the vehicle wake-up signal at the first time T 1 and receives the first authentication request from the vehicle-mounted part at the second time T 2, if T 2-T1≤TTH, where T TH is a preset time period (e.g., 10 minutes), the vehicle-mounted part authentication device 210 will authenticate the first authentication request; if T 2-T1>TTH, where T TH is a preset time period (e.g., 10 minutes), the vehicle-mounted part authentication device 210 will not authenticate the first authentication request and return reject authentication information to the vehicle-mounted part 220.
Alternatively, the vehicle-mounted part authentication device 210 may be further configured to return the reject authentication information to the vehicle-mounted part 220 if the number of times the first authentication request is received within the first time is greater than a first threshold. For example, the in-vehicle part authentication device 210 may authenticate only a limited number of authentication requests (for example, three times) that it transmits within a prescribed time for a specific in-vehicle part, and may not perform any operation for continuously transmitted authentication requests exceeding a threshold number, or may return rejection authentication information to the in-vehicle part.
Alternatively, the vehicle-mounted part authentication device 210 may be further configured to first authenticate the signature of the first authentication request with a digital certificate. For example, the received authentication request may be signature-authenticated with a digital certificate corresponding to the authentication signature information, which is distributed in advance by the authentication management system, and which may be stored in the configuration file of the in-vehicle part authentication device 210, as described above. If the authentication signature information in the received authentication request is matched with the information in the digital certificate, the signature authentication is passed, and the following decryption authentication is continued; if the authentication signature information in the received authentication request does not match the information in the digital certificate, the signature authentication fails and the reject authentication information may be returned to the vehicle-mounted part 220.
Alternatively, the vehicle-mounted part authentication device 210 may be further configured to decrypt the received authentication request using a decryption algorithm corresponding to the encryption algorithm of the first authentication information. If the decrypted authentication request matches the preset information, the decryption authentication passes, and if the decrypted authentication request does not match the preset information, the decryption authentication fails, and the vehicle-mounted part authentication device 210 may return reject authentication information to the vehicle-mounted part.
Alternatively, the authentication operation between the in-vehicle part authentication device 210 and the in-vehicle part 220 may be a bidirectional authentication operation to further improve the security of authentication.
According to a third aspect of the present invention there is provided a computer readable storage medium having instructions stored therein, which when executed by a processor, cause the processor to perform the method as described in fig. 1.
According to a fourth aspect of the invention there is provided a vehicle provided with a system according to figure 2.
The foregoing disclosure is not intended to limit the disclosure to the precise form disclosed or to the particular field of use. Thus, it is contemplated that various alternative embodiments and/or modifications of the present disclosure are possible in light of the present disclosure, whether explicitly described or implied herein. Having thus described embodiments of the present disclosure, it will be recognized by one of ordinary skill in the art that changes may be made in form and detail without departing from the scope of the present disclosure. Accordingly, the disclosure is limited only by the claims.
Claims (13)
1. The vehicle-mounted part authentication method based on symmetric encryption is characterized by comprising the following steps of:
receiving a whole vehicle wake-up signal from a vehicle control device, wherein the whole vehicle wake-up signal is sent out under the condition that a verified key is valid;
Receiving a first authentication request from an on-board part, wherein the on-board part comprises an original on-board part and/or an additional on-board part;
Authenticating the first authentication request in a first time period from receiving the whole vehicle wake-up signal; and
And returning an authentication result to the vehicle-mounted part.
2. The method of claim 1, wherein the first authentication request is a digitally signed and encrypted authentication request.
3. The method of claim 1, wherein authenticating the first authentication request comprises:
Authenticating the signature of the first authentication request with a digital certificate;
if the signature is legal, decrypting the first authentication request by using a symmetric decryption algorithm; and
The decryption information is compared with preset information.
4. The method of claim 1, further comprising:
And if the first authentication request is received after the first time period, returning authentication rejection information to the vehicle-mounted part.
5. The method of claim 1, further comprising:
And if the number of times of receiving the first authentication request in the first time is larger than a first threshold value, returning authentication refusing information to the vehicle-mounted part.
6. A vehicle-mounted part authentication apparatus based on symmetric encryption, characterized in that the vehicle-mounted part authentication apparatus is configured to:
receiving a whole vehicle wake-up signal from a vehicle control device, wherein the whole vehicle wake-up signal is sent out under the condition that a verified key is valid;
Receiving a first authentication request from an on-board part, wherein the on-board part comprises an original on-board part and/or an additional on-board part;
Authenticating the first authentication request in the first time when the whole vehicle wake-up signal is received; and
And returning an authentication result to the vehicle-mounted part.
7. The apparatus of claim 6, wherein the first authentication request is a digitally signed and encrypted authentication request.
8. The apparatus of claim 6, wherein the in-vehicle part authentication apparatus is further configured to:
Authenticating the signature of the first authentication request with a digital certificate;
if the signature is legal, decrypting the first authentication request by using a symmetric decryption algorithm; and
The decryption information is compared with preset information.
9. The apparatus of claim 6, wherein the in-vehicle part authentication apparatus is further configured to:
And if the first authentication request is received after the first time period, returning authentication rejection information to the vehicle-mounted part.
10. The apparatus of claim 6, wherein the in-vehicle part authentication apparatus is further configured to:
And if the number of times of receiving the first authentication request in the first time is larger than a first threshold value, returning authentication refusing information to the vehicle-mounted part.
11. A computer-readable storage medium having instructions stored therein, which when executed by a processor, cause the processor to perform the vehicle-mounted part authentication method according to any one of claims 1 to 5.
12. A vehicle characterized by being provided with the in-vehicle part authentication apparatus according to any one of claims 6 to 10.
13. A computer program product comprising a computer program which, when executed by a processor, implements the vehicle-mounted part authentication method according to any one of claims 1 to 5.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111474861.XA CN116233801B (en) | 2021-12-06 | 2021-12-06 | Vehicle-mounted part authentication method, device, storage medium and vehicle |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111474861.XA CN116233801B (en) | 2021-12-06 | 2021-12-06 | Vehicle-mounted part authentication method, device, storage medium and vehicle |
Publications (2)
Publication Number | Publication Date |
---|---|
CN116233801A CN116233801A (en) | 2023-06-06 |
CN116233801B true CN116233801B (en) | 2024-10-22 |
Family
ID=86581120
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111474861.XA Active CN116233801B (en) | 2021-12-06 | 2021-12-06 | Vehicle-mounted part authentication method, device, storage medium and vehicle |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116233801B (en) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109606311A (en) * | 2017-09-30 | 2019-04-12 | 比亚迪汽车工业有限公司 | Vehicle authentication method, device and storage medium |
CN113515755A (en) * | 2021-03-25 | 2021-10-19 | 北京汽车研究总院有限公司 | Wake-up method for autonomous vehicle, storage medium, and electronic device |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110889123B (en) * | 2019-11-01 | 2021-01-12 | 浙江地芯引力科技有限公司 | Authentication method, key pair processing method, device and readable storage medium |
CN111638704A (en) * | 2020-06-03 | 2020-09-08 | 上海蔚来汽车有限公司 | Method, system and device for remotely waking up vehicle |
CN111629353B (en) * | 2020-07-29 | 2020-11-13 | 广州汽车集团股份有限公司 | Method and system for communication between vehicle and NFC mobile device and external NFC module |
CN111968256A (en) * | 2020-08-20 | 2020-11-20 | 中国第一汽车股份有限公司 | Electronic tag anti-dismounting method and device, vehicle and storage medium |
-
2021
- 2021-12-06 CN CN202111474861.XA patent/CN116233801B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109606311A (en) * | 2017-09-30 | 2019-04-12 | 比亚迪汽车工业有限公司 | Vehicle authentication method, device and storage medium |
CN113515755A (en) * | 2021-03-25 | 2021-10-19 | 北京汽车研究总院有限公司 | Wake-up method for autonomous vehicle, storage medium, and electronic device |
Also Published As
Publication number | Publication date |
---|---|
CN116233801A (en) | 2023-06-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110798795B (en) | Virtual key vehicle control system, method and device based on Bluetooth and computer equipment | |
CN106240522B (en) | Autonomous vehicle theft prevention | |
KR101378784B1 (en) | Method for the Protection of a Movable Object, especially a Vehicle, against Unauthorized Use | |
CN110769393B (en) | Identity authentication system and method for vehicle-road cooperation | |
EP2663018B1 (en) | Electronic key registration system | |
US7742603B2 (en) | Security for anonymous vehicular broadcast messages | |
CN108122311B (en) | Vehicle virtual key implementation method and system | |
CN106101111A (en) | Vehicle electronics safe communication system and communication means | |
CN111845624B (en) | Method for starting vehicle without key | |
CN104890623A (en) | Vehicle-mounted intelligent terminal control system and control method | |
CN111267774B (en) | Virtual key authorization method and device | |
CN105187442A (en) | Vehicle authorization method, device, vehicle-mounted terminal, terminal and system | |
CN106537463B (en) | Method and device for improving vehicle safety | |
CN111083696B (en) | Communication verification method and system, mobile terminal and vehicle machine side | |
CN104753962A (en) | OBD (On-board diagnostics) safety management method and system | |
CN111114489A (en) | Automatic transmission automobile anti-theft method and automatic transmission automobile | |
US9893886B2 (en) | Communication device | |
CN106657021B (en) | Vehicle message authentication method and device in Internet of vehicles | |
CN116233801B (en) | Vehicle-mounted part authentication method, device, storage medium and vehicle | |
CN107215308B (en) | Keyless system and control method of keyless system | |
CN112653548B (en) | Key processing method, gateway, electric detection equipment, diagnostic instrument and electronic control unit | |
CN117755242A (en) | Vehicle anti-theft system and vehicle anti-theft method | |
CN117475533A (en) | Data transmission method and device, equipment and computer readable storage medium | |
CN106800010A (en) | Automobile burglar control method, system, car body controller and control unit of engine | |
WO2023277921A1 (en) | Systems and methods for a secure keyless system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |