[go: up one dir, main page]

CN115884175A - Communication method and device of Internet of vehicles terminal, electronic equipment and storage medium - Google Patents

Communication method and device of Internet of vehicles terminal, electronic equipment and storage medium Download PDF

Info

Publication number
CN115884175A
CN115884175A CN202211556623.8A CN202211556623A CN115884175A CN 115884175 A CN115884175 A CN 115884175A CN 202211556623 A CN202211556623 A CN 202211556623A CN 115884175 A CN115884175 A CN 115884175A
Authority
CN
China
Prior art keywords
terminal
networking terminal
session key
internet
session
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211556623.8A
Other languages
Chinese (zh)
Inventor
王蕴实
张曼君
徐雷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN202211556623.8A priority Critical patent/CN115884175A/en
Publication of CN115884175A publication Critical patent/CN115884175A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides a communication method and device of a vehicle networking terminal, electronic equipment and a storage medium, and belongs to the technical field of communication. The method comprises the following steps: receiving and analyzing a service request sent by a first vehicle networking terminal; positioning a second car networking terminal needing communication of the first car networking terminal according to the service request; generating corresponding encrypted session keys for the first car networking terminal and the second car networking terminal respectively; and directionally sending the encrypted session key to the corresponding first car networking terminal and the second car networking terminal so that the first car networking terminal and the second car networking terminal decrypt the encrypted session key respectively to obtain a session key pair for mutual communication, wherein the session key is used for encrypting or decrypting session content. The method and the system at least solve the problem that communication between the Internet of vehicles terminals in the related technology has no safety guarantee, and are suitable for scenes of Internet of vehicles communication and automatic driving.

Description

一种车联网终端的通信方法、装置、电子设备及存储介质Communication method, device, electronic equipment and storage medium of a vehicle networking terminal

技术领域technical field

本发明涉及通信技术领域,尤其涉及一种车联网终端的通信方法、装置、电子设备及存储介质。The present invention relates to the field of communication technology, and in particular to a communication method, device, electronic equipment and storage medium of a vehicle networking terminal.

背景技术Background technique

根据通信方式的不同,C-V2X(Cellular-Vehicle to Everything,蜂窝车联网)系统包含蜂窝网通信和直连通信两种场景。车联网V2X通信涉及OBU(On Board Unit,车载单元)、行人、RSU(RoadAccording to different communication methods, the C-V2X (Cellular-Vehicle to Everything) system includes two scenarios of cellular network communication and direct connection communication. The V2X communication of the Internet of Vehicles involves OBU (On Board Unit, vehicle-mounted unit), pedestrians, RSU (Road

Side Unit,路侧单元)及云端业务平台等终端,终端之间通过Uu接口或PC5/V5直连通信接口等与车辆进行通信。车与车、车与路边设施、车与行人之间可通过直连通信方式动态交互车辆的位置、速度、航向和路况事件等基本信息。也可以通过Uu接口上/下行链路与其他车联网终端或网络侧业务平台交互信息,实现长距离和大范围的可靠通信。Terminals such as Side Unit, roadside unit) and cloud service platform communicate with vehicles through Uu interface or PC5/V5 direct connection communication interface. Vehicles and vehicles, vehicles and roadside facilities, and vehicles and pedestrians can dynamically exchange basic information such as vehicle position, speed, heading, and road condition events through direct communication. It can also exchange information with other Internet of Vehicles terminals or network-side service platforms through the Uu interface up/downlink to achieve long-distance and large-scale reliable communication.

目前,针对车联网终端之间通信的会话内容,发送方使用CA(CertificateAuthority,证书颁发机构)签发的证书提供数字签名和传输数据加密的保护。车联网终端基于PKI(Public KeyAt present, for the session content of communication between terminals of the Internet of Vehicles, the sender uses a certificate issued by a CA (Certificate Authority, certificate authority) to provide digital signature and transmission data encryption protection. The Internet of Vehicles terminal is based on PKI (Public Key

Infrastructure,网络公钥基础设施)的直连加密通信过程如下:Infrastructure (network public key infrastructure) direct encrypted communication process is as follows:

(1)发送端的车联网终端(OBU或RSU)使用与证书对应的私钥对包含有其车联网会话内容的消息进行数字签名,将该签名消息连同证书一起广播出去。(1) The IoV terminal (OBU or RSU) at the sending end uses the private key corresponding to the certificate to digitally sign the message containing the content of the IOV session, and broadcast the signed message together with the certificate.

(2)周围接收到该消息的车联网终端利用签发证书的CA的证书验证消息中的签名证书是否有效。(2) The IoV terminal receiving the message verifies whether the signature certificate in the message is valid using the certificate of the CA that issued the certificate.

(3)验证有效后,利用通过验证的证书中的公钥验证签名消息中的签名是否正确。(3) After the verification is valid, use the public key in the verified certificate to verify whether the signature in the signed message is correct.

(4)接收车联网终端确定通过验证的签名消息中的内容为合法信息,获得车联网会话内容。(4) The terminal receiving the Internet of Vehicles determines that the content in the signed message that has passed the verification is legal information, and obtains the session content of the Internet of Vehicles.

以上通信方式存在任一接收方(包括恶意第三方和黑客)可通过公钥破解通信的会话内容,导致车联网终端之间的通信无安全保障。In the above communication methods, any recipient (including malicious third parties and hackers) can crack the communication session content through the public key, resulting in no security guarantee for the communication between the Internet of Vehicles terminals.

发明内容Contents of the invention

本发明所要解决的技术问题是针对现有技术的上述不足,提供一种车联网终端的通信方法、装置、电子设备及存储介质,以至少解决相关技术中存在的车联网终端之间的通信无安全保障的问题。The technical problem to be solved by the present invention is to provide a communication method, device, electronic equipment, and storage medium for a terminal of the Internet of Vehicles to at least solve the problem of communication between the terminals of the Internet of Vehicles existing in the related art. security issues.

第一方面,本发明提供一种车联网终端的通信方法,应用于网络设备,所述方法包括:接收并解析第一车联网终端发送的业务请求;根据所述业务请求定位第一车联网终端需要通信的第二车联网终端;;In a first aspect, the present invention provides a communication method for an Internet of Vehicles terminal, which is applied to a network device, and the method includes: receiving and analyzing a service request sent by a first Internet of Vehicles terminal; locating the first Internet of Vehicles terminal according to the service request A second Internet of Vehicles terminal that needs to communicate;

将加密会话秘钥fi(k,K)定向发送给对应的第一车联网终端和第二车联网终端,以使第一车联网终端和第二车联网终端分别对加密会话秘钥fi(k,K)解密,得到会话秘钥对(k,K)进行相互通信,其中,i=1,2,3,…,m,m为第一车联网终端和第二车联网终端构成的车联网终端总数量,k为会话加密秘钥,K为会话解密秘钥,会话秘钥对(k,K)用于加密或解密会话内容。Directly send the encrypted session key f i (k, K) to the corresponding first IoV terminal and the second IOV terminal, so that the first IOV terminal and the second IOV terminal respectively encrypt the session key f i (k, K) is decrypted to obtain a session key pair (k, K) for mutual communication, wherein, i=1, 2, 3,..., m, m is composed of the first Internet of Vehicles terminal and the second Internet of Vehicles terminal The total number of IoV terminals, k is the session encryption key, K is the session decryption key, and the session key pair (k, K) is used to encrypt or decrypt the session content.

优选地,所述业务请求包括业务类型和第一车联网终端标识,业务类型用于确定第一车联网终端的通信对象和通信范围。在所述根据所述业务请求定位第一车联网终端需要通信的第二车联网终端之后,以及在所述将加密会话秘钥fi(k,K)定向发送给对应的第一车联网终端和第二车联网终端之前,还包括:为第一车联网终端和第二车联网终端分别生成对应的加密会话秘钥fi(k,K)。所述根据所述业务请求定位第一车联网终端需要通信的第二车联网终端,具体包括:根据所述业务请求中第一车联网终端标识确定第一车联网终端的位置;根据第一车辆网终端的位置和业务类型定位第一车联网终端需要通信的第二车联网终端。Preferably, the service request includes a service type and an identifier of the first IoV terminal, and the service type is used to determine a communication object and a communication range of the first IOV terminal. After locating the second IOV terminal that the first IOV terminal needs to communicate with according to the service request, and after sending the encrypted session key f i (k, K) to the corresponding first IOV terminal Before the connection with the second Internet of Vehicles terminal, it also includes: generating corresponding encrypted session keys f i (k, K) for the first Internet of Vehicles terminal and the second Internet of Vehicles terminal. The positioning of the second IOV terminal that needs to communicate with the first IOV terminal according to the service request specifically includes: determining the position of the first IOV terminal according to the identifier of the first IOV terminal in the service request; Locate the second IoV terminal with which the first IOV terminal needs to communicate based on the location and service type of the IOV terminal.

优选地,所述为第一车联网终端和第二车联网终端分别生成对应的加密会话秘钥fi(k,K),具体包括:利用会话秘钥加密秘钥fi分别对会话秘钥对(k,K)加密,得到加密会话秘钥fi(k,K),并周期性更新会话秘钥对(k,K),其中,一个车联网终端对应一个会话秘钥加密秘钥fiPreferably, generating corresponding encrypted session keys f i (k, K) for the first IoV terminal and the second IOV terminal respectively includes: using the session key encryption key f i to encrypt the session key Encrypt (k, K) to obtain the encrypted session key f i (k, K), and periodically update the session key pair (k, K), where one IoV terminal corresponds to a session key encryption key f i .

优选地,车联网终端包括以下至少之一:车载单元、路侧单元。在所述接收并解析第一车联网终端发送的业务请求之后,以及,在根据所述业务请求定位第一车联网终端需要通信的第二车联网终端之前,所述通信方法还包括:认证第一车联网终端的身份合法性。所述根据所述业务请求定位第一车联网终端需要通信的第二车联网终端,所述通信方法还包括:认证第二车联网终端的身份合法性。Preferably, the Internet of Vehicles terminal includes at least one of the following: a vehicle-mounted unit and a roadside unit. After receiving and analyzing the service request sent by the first IoV terminal, and before locating the second IOV terminal that the first IOV terminal needs to communicate with according to the service request, the communication method further includes: authenticating the first IOV terminal The identity legitimacy of a car networking terminal. Said locating the second IOV terminal that needs to communicate with the first IOV terminal according to the service request, the communication method further includes: authenticating the identity of the second IOV terminal.

优选地,认证车联网终端的身份合法性,具体包括:根据车联网终端标识认证所述车联网终端的网络身份合法性,其中,所述车联网终端标识为移动通信用户标识的加密字符串与设备标识的加密字符串的组合;响应于所述车联网终端的网络身份合法,将所述车联网终端标识中设备标识的加密字符串发送至可信中心,以使可信中心认证所述车联网终端的设备身份合法性;响应于所述车联网终端的网络身份合法及设备身份合法,确定所述车联网终端身份合法。Preferably, authenticating the legality of the identity of the Internet of Vehicles terminal specifically includes: authenticating the legality of the network identity of the Internet of Vehicles terminal according to the identification of the Internet of Vehicles terminal, wherein the identification of the Internet of Vehicles terminal is an encrypted string of mobile communication user identification and Combination of encrypted character strings of device identification; in response to the legality of the network identity of the Internet of Vehicles terminal, sending the encrypted character string of the device identification in the Internet of Vehicles terminal identification to the trusted center, so that the trusted center can authenticate the vehicle The device identity of the Internet of Vehicles terminal is legal; in response to the network identity and device identity of the Internet of Vehicles terminal being legal, it is determined that the identity of the Internet of Vehicles terminal is legal.

第二方面,本发明还提一种车联网终端的通信方法,应用于第一车联网终端,包括:向网络设备发送业务请求,以使网络设备根据所述业务请求定位第一车联网终端需要通信的第二车联网终端;接收网络设备定向发送的加密会话秘钥fi(k,K),其中,i=1,2,3,…,m,m为第一车联网终端和第二车联网终端构成的车联网终端总数量;利用自身的会话秘钥解密秘钥Fi对加密会话秘钥fi(k,K)解密,得到会话秘钥对(k,K);利用会话秘钥对(k,K)与第二车联网终端相互通信,其中,k为会话加密秘钥,K为会话解密秘钥,会话秘钥对(k,K)用于加密或解密会话内容。In the second aspect, the present invention also provides a communication method for a terminal of the Internet of Vehicles, which is applied to the first Internet of Vehicles terminal, including: sending a service request to the network device, so that the network device locates the first Internet of Vehicles terminal according to the service request. The second IoV terminal for communication; receiving the encrypted session key f i (k, K) directed by the network device, where i=1, 2, 3,..., m, m is the first IOV terminal and the second IOV terminal The total number of IoV terminals composed of IOV terminals; decrypt the encrypted session key f i (k, K) with its own session key decryption key F i (k, K) to obtain the session key pair (k, K); use the session key The key pair (k, K) communicates with the second IoV terminal, wherein k is a session encryption key, K is a session decryption key, and the session key pair (k, K) is used to encrypt or decrypt session content.

优选地,所述业务请求包括业务类型和第一车联网终端标识,业务类型用于确定第一车联网终端的通信对象和通信范围。所述利用自身的会话秘钥解密秘钥Fi对加密会话秘钥fi(k,K)解密,具体包括:利用自身存储的会话秘钥解密秘钥Fi对加密会话秘钥fi(k,K)解密。Preferably, the service request includes a service type and an identifier of the first IoV terminal, and the service type is used to determine a communication object and a communication range of the first IOV terminal. The decryption key F i using its own session key to decrypt the encrypted session key f i (k, K) specifically includes: using its own stored session key to decrypt the key F i to decrypt the encrypted session key f i ( k, K) decryption.

优选地,车联网终端包括以下至少之一:车载单元、路侧单元。在所述向网络设备发送业务请求之前,所述通信方法还包括:向网络设备发送身份认证请求,以使网络设备认证车联网终端身份的合法性。Preferably, the Internet of Vehicles terminal includes at least one of the following: a vehicle-mounted unit and a roadside unit. Before sending the service request to the network device, the communication method further includes: sending an identity authentication request to the network device, so that the network device can verify the legitimacy of the identity of the IoV terminal.

第三方面,本发明还提供一种车联网终端的通信装置,应用于网络设备,包括:第一接收模块,用于接收并解析第一车联网终端发送的业务请求。定位模块,与第一接收模块连接,用于根据所述业务请求定位第一车联网终端需要通信的第二车联网终端。第一发送模块,与定位模块连接,用于将加密会话秘钥fi(k,K)定向发送给对应的第一车联网终端和第二车联网终端,以使第一车联网终端和第二车联网终端分别对加密会话秘钥fi(k,K)解密,得到会话秘钥对(k,K)进行相互通信,其中,i=1,2,3,…,m,m为第一车联网终端和第二车联网终端构成的车联网终端总数量,k为会话加密秘钥,K为会话解密秘钥,会话秘钥对(k,K)用于加密或解密会话内容。According to the third aspect, the present invention also provides a communication device for an IoV terminal, which is applied to a network device, and includes: a first receiving module, configured to receive and analyze a service request sent by a first IOV terminal. The locating module is connected with the first receiving module, and is used for locating the second IoV terminal with which the first IOV terminal needs to communicate according to the service request. The first sending module is connected with the positioning module, and is used to send the encrypted session key f i (k, K) to the corresponding first Internet of Vehicles terminal and the second Internet of Vehicles terminal, so that the first Internet of Vehicles terminal and the second Internet of Vehicles terminal The two IoV terminals respectively decrypt the encrypted session key f i (k, K) to obtain a session key pair (k, K) for mutual communication, where i=1,2,3,...,m, m is the first The total number of IoV terminals composed of a IoV terminal and a second IOV terminal, k is the session encryption key, K is the session decryption key, and the session key pair (k, K) is used to encrypt or decrypt the session content.

第四方面,本发明还提供一种车联网终端的通信装置,应用于第一车联网终端,包括:第二发送模块,用于向网络设备发送业务请求,以使网络设备根据所述业务请求定位第一车联网终端需要通信的第二车联网终端。第二接收模块,用于接收网络设备定向发送的加密会话秘钥fi(k,K),其中,i=1,2,3,…,m,m为第一车联网终端和第二车联网终端构成的车联网终端总数量。解密模块,与第二接收模块连接,用于利用自身的会话秘钥解密秘钥Fi对加密会话秘钥fi(k,K)解密,得到会话秘钥对(k,K)。通信模块,与解密模块连接,用于利用会话秘钥对(k,K)与第二车联网终端相互通信,其中,k为会话加密秘钥,K为会话解密秘钥,会话秘钥对(k,K)用于加密或解密会话内容。In a fourth aspect, the present invention also provides a communication device for a terminal of the Internet of Vehicles, which is applied to the first terminal of the Internet of Vehicles, including: a second sending module, configured to send a service request to the network device, so that the network device can transmit the service request according to the service request Locating the second Internet of Vehicles terminal that needs to communicate with the first Internet of Vehicles terminal. The second receiving module is used to receive the encrypted session key f i (k, K) directed by the network device, where i=1, 2, 3,..., m, m is the first Internet of Vehicles terminal and the second vehicle The total number of Internet of Vehicles terminals composed of Internet-connected terminals. The decryption module is connected with the second receiving module, and is used to decrypt the encrypted session key f i (k, K) by using its own session key decryption key F i to obtain a session key pair (k, K). The communication module is connected with the decryption module, and is used to communicate with the second Internet of Vehicles terminal using the session key pair (k, K), wherein k is the session encryption key, K is the session decryption key, and the session key pair ( k, K) is used to encrypt or decrypt session content.

第五方面,本发明还提供一种电子设备,包括存储器和处理器,所述存储器中存储有计算机程序,所述处理器被设置为运行所述计算机程序以实现如第一方面所述的车联网终端的通信方法或第二方面所述的车联网终端的通信方法。In a fifth aspect, the present invention also provides an electronic device, including a memory and a processor, the memory stores a computer program, and the processor is configured to run the computer program to realize the vehicle described in the first aspect. A communication method for an Internet-connected terminal or the communication method for an Internet-of-vehicle terminal described in the second aspect.

第六方面,本发明还提供一种计算机可读存储介质,其上存储有计算机程序,所述计算机程序被处理器执行时,实现如第一方面所述的车联网终端的通信方法或第一方面所述的车联网终端的通信方法。In the sixth aspect, the present invention also provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the communication method of the Internet of Vehicles terminal or the first The communication method of the Internet of Vehicles terminal described in the aspect.

本发明提供的车联网终端的通信方法、装置、电子设备及存储介质,通过将加密会话秘钥fi(k,K)定向传输至需要进行相互通信的第一车联网终端和第二车联网终端,以使对应的车联网终端分别解密得到相互通信需要的会话秘钥对。通过对车联网终端之间通信所需的会话秘钥对分别进行加密保护,使得车联网终端会话秘钥对的加密实现一户一秘,可显著提高后续通信的安全性,且将车联网终端对应的加密会话秘钥定向传输给车联网终端,防止车联网终端的会话秘钥在空口传播时被窃取和替换,从而进一步实现车联网终端之间的安全通信。The communication method, device, electronic device, and storage medium of the IoV terminal provided by the present invention transmit the encrypted session key f i (k, K) to the first IOV terminal and the second IOV terminal that need to communicate with each other. terminals, so that the corresponding IoV terminals can decrypt and obtain the session key pair required for mutual communication. By encrypting and protecting the session key pairs required for communication between the IoV terminals, the encryption of the session key pairs of the IoV terminals can be encrypted for one account, which can significantly improve the security of subsequent communications, and the IoV terminals The corresponding encrypted session key is transmitted to the Internet of Vehicles terminal in a targeted manner to prevent the session key of the Internet of Vehicles terminal from being stolen and replaced during air interface transmission, thereby further realizing secure communication between Internet of Vehicles terminals.

附图说明Description of drawings

图1为本发明实施例1的一种应用场景示意图;FIG. 1 is a schematic diagram of an application scenario according to Embodiment 1 of the present invention;

图2为本发明实施例1的一种车联网终端的通信方法的流程示意图;FIG. 2 is a schematic flowchart of a communication method for an Internet of Vehicles terminal according to Embodiment 1 of the present invention;

图3为本发明实施例3的一种车联网终端的通信方法的流程示意图;FIG. 3 is a schematic flowchart of a communication method for an Internet of Vehicles terminal according to Embodiment 3 of the present invention;

图4为本发明实施例4的一种车联网终端的通信装置的结构示意图;FIG. 4 is a schematic structural diagram of a communication device of a vehicle networking terminal according to Embodiment 4 of the present invention;

图5为本发明实施例5的一种车联网终端的通信装置的结构示意图;FIG. 5 is a schematic structural diagram of a communication device for a vehicle networking terminal according to Embodiment 5 of the present invention;

图6为本发明实施例6的一种电子设备的结构示意图。FIG. 6 is a schematic structural diagram of an electronic device according to Embodiment 6 of the present invention.

具体实施方式Detailed ways

为使本领域技术人员更好地理解本发明的技术方案,下面将结合附图对本发明实施方式作进一步地详细描述。In order to enable those skilled in the art to better understand the technical solution of the present invention, the implementation manner of the present invention will be further described in detail below in conjunction with the accompanying drawings.

可以理解的是,此处描述的具体实施例和附图仅仅用于解释本发明,而非对本发明的限定。It should be understood that the specific embodiments and drawings described here are only for explaining the present invention, rather than limiting the present invention.

可以理解的是,在不冲突的情况下,本发明中的各实施例及实施例中的各特征可相互组合。It can be understood that, in the case of no conflict, each embodiment and each feature in the embodiment of the present invention can be combined with each other.

可以理解的是,为便于描述,本发明的附图中仅示出了与本发明相关的部分,而与本发明无关的部分未在附图中示出。It can be understood that, for the convenience of description, only the parts related to the present invention are shown in the drawings of the present invention, while the parts irrelevant to the present invention are not shown in the drawings.

可以理解的是,本发明的实施例中所涉及的每个单元、模块可仅对应一个实体结构,也可由多个实体结构组成,或者,多个单元、模块也可集成为一个实体结构。It can be understood that each unit and module involved in the embodiments of the present invention may only correspond to one physical structure, or may be composed of multiple physical structures, or multiple units and modules may also be integrated into one physical structure.

可以理解的是,在不冲突的情况下,本发明的流程图和框图中所标注的功能、步骤可按照不同于附图中所标注的顺序发生。It can be understood that, under the condition of no conflict, the functions and steps marked in the flowchart and block diagram of the present invention may occur in a sequence different from that marked in the drawings.

可以理解的是,本发明的流程图和框图中,示出了按照本发明各实施例的系统、装置、设备、方法的可能实现的体系架构、功能和操作。其中,流程图或框图中的每个方框可代表一个单元、模块、程序段、代码,其包含用于实现规定的功能的可执行指令。而且,框图和流程图中的每个方框或方框的组合,可用实现规定的功能的基于硬件的系统实现,也可用硬件与计算机指令的组合来实现。It can be understood that the flowcharts and block diagrams of the present invention show the system architecture, functions and operations of possible implementations of systems, devices, devices, and methods according to various embodiments of the present invention. Wherein, each block in the flowchart or block diagram may represent a unit, module, program segment, or code, which includes executable instructions for realizing specified functions. Furthermore, each block or combination of blocks in the block diagrams and flowcharts can be implemented by a hardware-based system which performs the specified function, or by a combination of hardware and computer instructions.

可以理解的是,本发明实施例中所涉及的单元、模块可通过软件的方式实现,也可通过硬件的方式来实现,例如单元、模块可位于处理器中。It can be understood that the units and modules involved in the embodiments of the present invention may be implemented by means of software or hardware, for example, the units and modules may be located in a processor.

实施例1:Example 1:

本实施例提供一种车联网终端的通信方法,如图1所示,应用场景涉及车联网终端(如车载单元和路侧单元)、基站、核心网设备等通信终端。其中,每个C-V2X的车载单元具有Uu接口和PC5/V5直连通信接口,车载单元通过Uu接口与基站通信,通过PC5/V5接口与其他车辆或者RSU直连通信。This embodiment provides a communication method for an Internet of Vehicles terminal. As shown in FIG. 1 , the application scenario involves communication terminals such as an Internet of Vehicles terminal (such as a vehicle-mounted unit and a roadside unit), a base station, and a core network device. Among them, each C-V2X vehicle-mounted unit has a Uu interface and a PC5/V5 direct connection communication interface. The vehicle-mounted unit communicates with the base station through the Uu interface, and directly communicates with other vehicles or RSUs through the PC5/V5 interface.

如图2所示,本实施例提供一种车联网终端的通信方法,应用于网络设备,网络设备包括基站和核心网设备,所述方法包括:As shown in FIG. 2, this embodiment provides a communication method for a terminal of the Internet of Vehicles, which is applied to network equipment. The network equipment includes base stations and core network equipment. The method includes:

步骤101,接收并解析第一车联网终端发送的业务请求。Step 101, receiving and analyzing a service request sent by a first IoV terminal.

本实施例中,当第一车联网终端有车联网业务需求时,第一车联网终端向网络设备发送业务请求,其中,业务请求包括业务类型和第一车联网终端标识。业务类型用于确定第一车联网终端的通信对象和通信范围。车联网终端包括以下至少之一:车载单元、路侧单元。In this embodiment, when the first Internet of Vehicles terminal has an Internet of Vehicles service requirement, the first Internet of Vehicles terminal sends a service request to the network device, where the service request includes a service type and an identifier of the first Internet of Vehicles terminal. The service type is used to determine the communication object and communication range of the first IoV terminal. The Internet of Vehicles terminal includes at least one of the following: a vehicle-mounted unit and a roadside unit.

步骤102,根据所述业务请求定位第一车联网终端需要通信的第二车联网终端。Step 102, locate a second IoV terminal with which the first IoV terminal needs to communicate according to the service request.

本实施例中,若业务类型确定的通信对象为车车通信,确定的通信范围为预设范围内的防碰撞预警,例如,第一车联网终端需要与其周围预设范围(如300米)内的第二车联网终端(如车载单元)通信,此时,第二车联网终端的数量为一个或多个,由网络设备定位出第一车联网终端需要通信的第二车联网终端。需要说明的是,第二车联网终端可能分布在至少一个基站的覆盖范围内。In this embodiment, if the communication object determined by the business type is vehicle-to-vehicle communication, the determined communication range is the anti-collision warning within the preset range. For example, the first Internet of Vehicles terminal needs to be within a preset range (such as 300 meters) At this time, the number of the second IOV terminal is one or more, and the network device locates the second IOV terminal that the first IOV terminal needs to communicate with. It should be noted that the second Internet of Vehicles terminals may be distributed within the coverage of at least one base station.

具体地,所述根据所述业务请求定位第一车联网终端需要通信的第二车联网终端,具体包括:根据所述业务请求中第一车联网终端标识确定第一车联网终端的位置;根据第一车联网终端的位置和业务类型定位第一车联网终端需要通信的第二车联网终端。Specifically, the locating the second IOV terminal that the first IOV terminal needs to communicate with according to the service request includes: determining the location of the first IOV terminal according to the identifier of the first IOV terminal in the service request; The location and service type of the first IoV terminal locates the second IOV terminal with which the first IOV terminal needs to communicate.

本实施例中,第一车联网终端标识可以是移动通信用户标识,或移动通信用户标识的加密字符串与设备标识的加密字符串的组合,或其他唯一标识车联网终端的标识信息。根据第一车联网终端的所在位置和业务类型(如防碰撞预警业务)定位第一车联网终端周围300米范围内的第二车联网终端。In this embodiment, the first IoV terminal identifier may be a mobile communication user identifier, or a combination of an encrypted character string of a mobile communication user identifier and an encrypted character string of a device identifier, or other identification information that uniquely identifies an IoV terminal. Locate the second IOV terminal within 300 meters around the first IOV terminal according to the location of the first IOV terminal and the service type (such as anti-collision warning service).

步骤103,将加密会话秘钥fi(k,K)定向发送给对应的第一车联网终端和第二车联网终端,以使第一车联网终端和第二车联网终端分别对加密会话秘钥fi(k,K)解密,得到会话秘钥对(k,K)进行相互通信,其中,i=1,2,3,…,m,m为第一车联网终端和第二车联网终端构成的车联网终端总数量,k为会话加密秘钥,K为会话解密秘钥,会话秘钥对(k,K)用于加密或解密会话内容。Step 103: Directly send the encrypted session key f i (k, K) to the corresponding first IoV terminal and the second IOV terminal, so that the first IOV terminal and the second IOV terminal respectively encrypt the session key The key f i (k, K) is decrypted to obtain the session key pair (k, K) for mutual communication, wherein, i=1, 2, 3,..., m, m is the terminal of the first Internet of Vehicles and the second Internet of Vehicles The total number of IoV terminals composed of terminals, k is the session encryption key, K is the session decryption key, and the session key pair (k, K) is used to encrypt or decrypt the session content.

本实施例中,在网络设备处对于每个车联网终端存储有固定的加密会话秘钥池,网络设备可根据车联网终端标识将对应的加密会话秘钥发给对应的车联网终端。第一车联网终端和第二车联网终端可利用自身(如用户识别模块SIM卡或终端硬件模块)存储的会话秘钥解密秘钥Fi对加密会话秘钥fi(k,K)解密,具有高安全性且减少车联网终端的证书维护压力。通过将加密会话秘钥fi(k,K)定向发送给对应的第一车联网终端和第二车联网终端,防止车联网终端之间通信的会话秘钥在空口传播时被窃取和替换,进一步提高车联网终端的安全通信。In this embodiment, a fixed encrypted session key pool is stored for each IoV terminal at the network device, and the network device can send the corresponding encrypted session key to the corresponding IOV terminal according to the IOV terminal identifier. The first IoV terminal and the second IoV terminal can decrypt the encrypted session key f i (k, K) by using the session key decryption key F i stored by itself (such as the subscriber identity module SIM card or the terminal hardware module), It has high security and reduces the certificate maintenance pressure of the Internet of Vehicles terminal. By directionally sending the encrypted session key f i (k, K) to the corresponding first IoV terminal and the second IOV terminal, the session key for communication between IOV terminals is prevented from being stolen and replaced during air interface propagation, Further improve the secure communication of the Internet of Vehicles terminal.

可选地,在所述根据所述业务请求定位第一车联网终端需要通信的第二车联网终端之后,以及在所述将加密会话秘钥fi(k,K)定向发送给对应的第一车联网终端和第二车联网终端之前,所述通信方法还包括:为第一车联网终端和第二车联网终端分别生成对应的加密会话秘钥fi(k,K)。Optionally, after locating the second IOV terminal that the first IOV terminal needs to communicate with according to the service request, and after sending the encrypted session key f i (k, K) to the corresponding first IoV terminal Before the first IoV terminal and the second IOV terminal, the communication method further includes: respectively generating corresponding encryption session keys f i (k, K) for the first IOV terminal and the second IOV terminal.

本实施例中,一个车联网终端对应一个加密会话秘钥fi(k,K)。(k,K)为会话秘钥对,是第一车联网终端和第二车联网终端用于加密或解密两者之间通信的会话内容的秘钥。例如,第一车联网终端的加密会话秘钥为f1(k,K),第二车联网终端的数量为三个,则三个第二车联网终端的加密会话秘钥分别为f2(k,K)、f3(k,K)、f4(k,K)。通过对车联网终端之间通信所需的会话秘钥对分别进行加密保护,得到加密会话秘钥fi(k,K),使得车联网终端会话秘钥对的加密实现一户一秘,有效保障后续车联网终端之间通信的安全性。In this embodiment, one IoV terminal corresponds to one encrypted session key f i (k, K). (k, K) is a session key pair, which is a key used by the first IoV terminal and the second IOV terminal to encrypt or decrypt the session content of the communication between them. For example, the encrypted session key of the first IoV terminal is f 1 (k, K), and the number of the second IOV terminal is three, then the encrypted session keys of the three second IOV terminals are respectively f 2 ( k, K), f 3 (k, K), f 4 (k, K). By encrypting and protecting the session key pairs required for communication between the IoV terminals, the encrypted session key f i (k, K) is obtained, so that the encryption of the IoV terminal session key pairs can be encrypted for each user, effectively Ensure the security of communication between subsequent Internet of Vehicles terminals.

具体地,所述为第一车联网终端和第二车联网终端分别生成对应的加密会话秘钥fi(k,K)包括:利用会话秘钥加密秘钥fi分别对会话秘钥对(k,K)加密,得到加密会话秘钥fi(k,K),并周期性更新会话秘钥对(k,K),其中,一个车联网终端对应一个会话秘钥加密秘钥fiSpecifically, generating corresponding encrypted session keys f i (k, K) for the first IoV terminal and the second IOV terminal respectively includes: using the session key encryption key f i to pair the session key pair ( k, K) encryption to obtain the encrypted session key f i (k, K), and periodically update the session key pair (k, K), where one IoV terminal corresponds to a session key encrypted key f i .

本实施例中,会话秘钥对(k,K)由网络设备对合法车联网终端进行分发,出于安全性考虑,周期性更新会话秘钥对(k,K)。对于同一周期进行通信的车联网终端,网络设备下发一对会话秘钥对(第一会话加密秘钥k和第一会话解密秘钥K),便于车联网终端之间加密通信。发送的会话内容为s,发送方用第一会话加密秘钥k,将需要发送的会话内容s加密成k(s)传输,接收方利用第一会话解密秘钥K进行解密,以解析出会话内容s。由网络设备分发并周期性更新会话秘钥对(k,K)可提高车联网终端的通信安全。会话秘钥加密秘钥fi,其中,i=1、2、3…n,n为所有注册的车联网终端的总数量,fi可以是核心网设备发送给基站设备用于加密会话秘钥对(k,K)的秘钥,是为了防止基站设备向车联网终端发送会话秘钥时,会话秘钥被第三方截取而对会话秘钥进行加密的秘钥。核心网设备存储所有注册车联网终端对应的会话秘钥加密秘钥{fi}。核心网可以根据车联网终端i的移动通信用户标识,查询车联网终端i的会话秘钥加密秘钥fiIn this embodiment, the session key pair (k, K) is distributed by the network device to legal IoV terminals, and the session key pair (k, K) is periodically updated for security considerations. For the IoV terminals communicating in the same period, the network device issues a pair of session key pairs (the first session encryption key k and the first session decryption key K) to facilitate encrypted communication between IOV terminals. The sent session content is s, and the sender uses the first session encryption key k to encrypt the session content s to be sent into k(s) for transmission, and the receiver uses the first session decryption key K to decrypt it to parse out the session content s. Distributing and periodically updating the session key pair (k, K) by the network device can improve the communication security of the IoV terminal. Session key encryption key f i , where i=1, 2, 3...n, n is the total number of all registered IoV terminals, and f i can be the key network device sent to the base station device to encrypt the session key The key for (k, K) is used to encrypt the session key to prevent the session key from being intercepted by a third party when the base station device sends the session key to the IoV terminal. The core network device stores the session key encryption key {f i } corresponding to all registered IoV terminals. The core network can query the session key encryption key f i of the IOV terminal i according to the mobile communication user ID of the IOV terminal i.

可选地,在所述接收并解析第一车联网终端发送的业务请求之后,以及,在根据所述业务请求定位第一车联网终端需要通信的第二车联网终端之前,所述通信方法还包括:认证第一车联网终端的身份合法性。Optionally, after receiving and analyzing the service request sent by the first IoV terminal, and before locating the second IOV terminal that the first IOV terminal needs to communicate with according to the service request, the communication method further Including: authenticating the legality of the identity of the first Internet of Vehicles terminal.

可选地,所述根据所述业务请求定位第一车联网终端需要通信的第二车联网终端,所述通信方法还包括:认证第二车联网终端的身份合法性。Optionally, the locating the second IOV terminal that needs to communicate with the first IOV terminal according to the service request, the communication method further includes: authenticating the identity of the second IOV terminal.

本实施例中,网络设备对第一车联网终端和第二车联网终端进行身份合法性认证。对发起业务请求的第一车联网终端进行身份合法性认证,拒绝身份不合法的终端的业务请求,可提高车联网通信安全。此外,在网络设备定位出第一车联网终端需要通信的第二车联网终端后,对定位出的第二车联网终端进行身份合法性认证,将身份合法的车联网终端确定为最终的第二车联网终端,以保证通信双方的车联网终端是合法设备,提高通信安全。In this embodiment, the network device performs identity legality authentication on the first IoV terminal and the second IOV terminal. Authentication of the legality of the identity of the first Internet of Vehicles terminal that initiates a service request, and rejection of service requests from terminals with illegal identities can improve the communication security of the Internet of Vehicles. In addition, after the network device locates the second IOV terminal that the first IOV terminal needs to communicate with, it conducts identity authentication on the located second IOV terminal, and determines the legally identifiable IOV terminal as the final second IOV terminal. The Internet of Vehicles terminal ensures that the Internet of Vehicles terminals on both sides of the communication are legitimate devices and improves communication security.

可选地,认证车联网终端的身份合法性,具体包括:根据车联网终端标识认证所述车联网终端的网络身份合法性,其中,所述车联网终端标识为移动通信用户标识的加密字符串与设备标识的加密字符串的组合;响应于所述车联网终端的网络身份合法,将所述车联网终端标识中设备标识的加密字符串发送至可信中心,以使可信中心认证所述车联网终端的设备身份合法性;响应于所述车联网终端的网络身份合法及设备身份合法,确定所述车联网终端身份合法。Optionally, authenticating the legality of the identity of the IoV terminal specifically includes: authenticating the legality of the network identity of the IOV terminal according to the IOV terminal ID, wherein the IOV terminal ID is an encrypted character string of a mobile communication user ID Combination with the encrypted character string of the device identification; in response to the legality of the network identity of the Internet of Vehicles terminal, sending the encrypted character string of the device identification in the Internet of Vehicles terminal identification to the trusted center, so that the trusted center can authenticate the The device identity of the Internet of Vehicles terminal is legal; in response to the network identity and device identity of the Internet of Vehicles terminal being legal, it is determined that the identity of the Internet of Vehicles terminal is legal.

可选地,所述根据车联网终端标识认证所述车联网终端的网络身份合法性,具体包括:从所述车联网终端标识中提取移动通信用户标识的加密字符串;利用预设的第一加密秘钥解密移动通信用户标识的加密字符串,得到移动通信用户标识;根据移动通信用户标识认证所述车联网终端的网络身份合法性。Optionally, the authenticating the legality of the network identity of the Internet of Vehicles terminal according to the Internet of Vehicles terminal identifier specifically includes: extracting an encrypted character string of a mobile communication user identifier from the Internet of Vehicles terminal identifier; using a preset first The encryption key decrypts the encrypted character string of the mobile communication user ID to obtain the mobile communication user ID; and authenticates the legality of the Internet of Vehicles terminal's network identity according to the mobile communication user ID.

本实施例中,定义车载单元的标识OBUID为移动通信用户标识及车载标识VID的加密组合。车载标识VID由需要对车辆合法性进行认证的单位定义,比如车辆制造商、车辆营运公司及车联网服务公司等。例如,车载单元的移动通信用户标识为N1位字符串,车载标识VID为N2位字符串,则车载单元的标识OBUID为N1+N2位字符串,前N1位为移动通信用户标识的加密组合F1(移动通信用户标识OBU),其中第一加密秘钥对分别设置(或存储)在车载单元的通信SIM卡和核心网。后N2位为车载标识VID的加密组合F2(VID),其中第二加密秘钥对分别设置(或存储)车载单元的通信SIM卡和可信中心TA1。因此,车载单元的通信SIM卡中存储有两类秘钥:对通信网络身份的第一加密秘钥K1′(对应的解密秘钥K1存在核心网)、对设备身份加密的第二加密秘钥K2′(对应的解密秘钥K2存在可信中心TA1)。In this embodiment, the OBU ID is defined as an encrypted combination of the mobile communication user ID and the vehicle ID V ID . Vehicle identification V ID is defined by units that need to verify the legality of vehicles, such as vehicle manufacturers, vehicle operating companies, and Internet of Vehicles service companies. For example, the mobile communication user identification of the vehicle-mounted unit is a string of N 1 digits, and the vehicle-mounted identification V ID is a string of N 2 digits, then the identification OBU ID of the vehicle-mounted unit is a string of N 1 + N 2 digits, and the first N 1 digits are mobile The encryption combination F 1 of the communication user identification (mobile communication user identification OBU ), wherein the first encryption key pair is respectively set (or stored) in the communication SIM card of the vehicle unit and the core network. The last N 2 digits are the encrypted combination F 2 (V ID ) of the vehicle identification V ID , in which the second encryption key pair is respectively set (or stored) in the communication SIM card of the vehicle unit and the trusted center TA 1 . Therefore, two types of secret keys are stored in the communication SIM card of the vehicle unit: the first encryption key K 1 ' for the communication network identity (the corresponding decryption key K 1 exists in the core network), and the second encryption key for encrypting the device identity Key K 2 ′ (the corresponding decryption key K 2 exists in the trusted center TA 1 ).

路侧单元RSU均匀部署在路边,与覆盖范围内车辆通过PC5口无线通信,与基站通过Uu口连接。基站覆盖范围大于RSU,基站覆盖范围内可有多个RSU。定义路侧单元RSU的标识RSUID为移动通信用户标识及RSU设备标识RSUVID的加密组合。路侧单元RSU的设备标识RSUVID由路侧单元RSU运营公司定义,由路侧单元RSU运营公司可信中心TA2认证。若路侧单元的移动通信用户标识为N1位字符串,设备标识RSUVID为N2位字符串,则路侧单元RSU的认证标识RSUID为N1+N2位字符串,前N1位为移动通信用户标识的加密组合F1(移动通信用户标识RSU),其中加密秘钥对存入路侧单元的通信SIM卡和核心网里。后N2位为N2位RSU设备标识RSUVID的加密组合F2(RSUVID),其中加密秘钥对分别存入路侧单元的通信SIM卡和可信中心TA2。因此,路侧单元的通信SIM卡中存储有两类秘钥:对通信网络身份的第一加密秘钥K1′(对应的解密秘钥K1存在核心网)、对设备身份加密的第二加密秘钥K2′(对应的解密秘钥K2存在可信中心TA2)。The roadside unit RSU is evenly deployed on the roadside, communicates wirelessly with vehicles within the coverage area through the PC5 port, and connects with the base station through the Uu port. The coverage area of the base station is larger than that of the RSU, and there can be multiple RSUs within the coverage area of the base station. The identification RSU ID of the roadside unit RSU is defined as an encrypted combination of the mobile communication user identification and the RSU equipment identification RSU VID . The device identifier RSU VID of the RSU is defined by the RSU operating company and authenticated by the trusted center TA 2 of the RSU operating company. If the mobile communication user identification of the roadside unit is a string of N1 digits, and the device identification RSU VID is a string of N2 digits, then the authentication identifier RSU ID of the roadside unit RSU is a string of N1 + N2 digits, with the first N1 digit It is the encryption combination F 1 (mobile communication user identification RSU ) of the mobile communication user identification, in which the encryption key pair is stored in the communication SIM card of the roadside unit and the core network. The last N 2 digits are the encryption combination F 2 (RSU VID ) of N 2 RSU device identifiers RSU VID , where the encryption key pair is stored in the communication SIM card of the roadside unit and the trusted center TA 2 respectively. Therefore, there are two types of secret keys stored in the communication SIM card of the roadside unit: the first encryption key K 1 ' for communication network identity (the corresponding decryption key K 1 exists in the core network), the second encryption key for device identity encryption The encryption key K 2 ′ (the corresponding decryption key K 2 exists in the trusted center TA 2 ).

网络设备提取车载单元OBUID的前N1位字符串F1(移动通信用户标识),利用存储的第一加密秘钥K1对F1(移动通信用户标识)进行解密,得到移动通信用户标识,根据移动通信用户标识对车载单元的网络身份合法性进行认证。或者,网络设备提取路侧单元RSUVID的前N1位字符串F1(移动通信用户标识RSU),利用存储的第一加密秘钥K1对F1(移动通信用户标识RSU)进行解密,得到移动通信用户标识,根据移动通信用户标识对路侧单元的网络身份合法性进行认证。在车联网终端通过核心网的网络合法性认证后,核心网将OBUID的后N2位字符串F2(VID)发送给可信中心TA1,或者,核心网将RSUVID的后N2位字符串F2(RSUVID)发送给可信中心TA2。此处,仅将设备身份相关的加密字符串发送给可信中心进行认证,对于任一安全域,可保证在认证过程中不会泄露另一个安全域的标识,从而有效保护终端用户身份隐私,提高系统的安全性。其中,可信中心根据设备标识的加密字符串认证所述车联网终端的设备身份合法性,具体包括:可信中心利用预设的第二加密秘钥解密所述车联网终端标识中设备标识的加密字符串,得到设备标识;根据设备标识认证所述车联网终端的设备身份合法性。例如,可信中心TA1/TA2利用存储的第二加密秘钥K2对F2进行解密,得到相应的设备标识,根据设备标识对车联网终端的设备身份合法性进行认证。当车联网终端的网络身份合法及其设备身份合法,网络设备确定所述车联网终端身份合法。当车联网终端网络身份和/或设备身份的认证结果为不合法,网络设备确定车联网终端身份不合法。The network equipment extracts the first N 1 character string F 1 (mobile communication user identification) of the vehicle-mounted unit OBU ID , utilizes the stored first encryption key K 1 to decrypt F 1 (mobile communication user identification), and obtains the mobile communication user identification , according to the mobile communication user identification, the validity of the network identity of the vehicle-mounted unit is authenticated. Or, the network device extracts the first N 1 character string F 1 (mobile communication user identification RSU ) of the roadside unit RSU VID , and uses the stored first encryption key K 1 to decrypt F 1 (mobile communication user identification RSU ), The mobile communication user ID is obtained, and the legality of the network identity of the roadside unit is authenticated according to the mobile communication user ID. After the Internet of Vehicles terminal passes the network legality authentication of the core network, the core network sends the last N 2 -digit character string F 2 (V ID ) of the OBU ID to the trusted center TA 1 , or the core network sends the last N 2 digits of the RSU VID The 2 -digit string F 2 (RSU VID ) is sent to the trusted center TA 2 . Here, only the encrypted string related to the device identity is sent to the trusted center for authentication. For any security domain, it can be guaranteed that the identity of another security domain will not be disclosed during the authentication process, thereby effectively protecting the identity privacy of the end user. Improve system security. Wherein, the trusted center verifies the legitimacy of the device identity of the IoV terminal according to the encrypted string of the device ID, specifically including: the trusted center decrypts the device ID in the IOV terminal ID using the preset second encryption key. Encrypt the character string to obtain the device identification; authenticate the validity of the device identity of the Internet of Vehicles terminal according to the device identification. For example, the trusted center TA 1 /TA 2 uses the stored second encryption key K 2 to decrypt F 2 to obtain the corresponding device identification, and then authenticates the legitimacy of the device identity of the IoV terminal according to the device identification. When the network identity of the Internet of Vehicles terminal and its device identity are legal, the network device determines that the identity of the Internet of Vehicles terminal is legal. When the authentication result of the Internet of Vehicles terminal network identity and/or device identity is invalid, the network device determines that the identity of the Internet of Vehicles terminal is illegal.

本实施例的车联网终端的通信方法,将加密会话秘钥fi(k,K)定向传输至需要进行相互通信的车联网终端,以使车联网终端分别解密得到相互通信需要的会话秘钥对。通过对车联网终端之间通信所需的会话秘钥对分别进行加密保护,使得车联网终端会话秘钥对的加密实现一户一秘,可显著提高后续通信的安全性,且将车联网终端对应的会话秘钥对的加密结果定向传输给车联网终端,防止车联网终端的会话秘钥在空口传播时被窃取和替换,从而进一步实现车联网终端之间的安全通信。进一步地,由网络设备分发并周期性更新会话秘钥对(k,K)可提高车联网终端的通信安全。第一车联网终端和第二车联网终端可利用自身存储的会话秘钥解密秘钥Fi对加密会话秘钥fi(k,K)解密,具有高安全性且减少车联网终端的证书维护压力。此外,对即将进行业务通信的第一车辆网终端和第二车联网终端进行身份合法性认证,以保证通信双方的车联网终端是合法设备,提高通信安全。The communication method of the IoV terminal in this embodiment transmits the encrypted session key f i (k, K) to the IOV terminals that need to communicate with each other, so that the IOV terminals can respectively decrypt and obtain the session key required for mutual communication. right. By encrypting and protecting the session key pairs required for communication between the IoV terminals, the encryption of the session key pairs of the IoV terminals can be encrypted for one account, which can significantly improve the security of subsequent communications, and the IoV terminals The encryption result of the corresponding session key pair is transmitted to the Internet of Vehicles terminal in a targeted manner, preventing the session key of the Internet of Vehicles terminal from being stolen and replaced during air interface transmission, thereby further realizing secure communication between Internet of Vehicles terminals. Further, distributing and periodically updating the session key pair (k, K) by the network device can improve the communication security of the IoV terminal. The first IoV terminal and the second IOV terminal can decrypt the encrypted session key f i (k, K) by using the session key decryption key F i stored by itself, which has high security and reduces the certificate maintenance of the IoV terminal pressure. In addition, identity legality authentication is performed on the first vehicle network terminal and the second vehicle network terminal that are about to conduct business communication, so as to ensure that the vehicle network terminals of both communication parties are legal devices and improve communication security.

实施例2:Example 2:

本实施例提供一种车联网终端的通信方法,包括:This embodiment provides a communication method for an Internet of Vehicles terminal, including:

步骤201,第一车联网终端即将进行车联网业务,向核心网设备发送车联网业务请求,其中,车联网业务请求包括第一车联网终端标识及业务类型;Step 201, the first Internet of Vehicles terminal is about to perform Internet of Vehicles services, and sends an Internet of Vehicles service request to the core network device, wherein the Internet of Vehicles service request includes the first Internet of Vehicles terminal identifier and service type;

步骤202,核心网设备根据终端标识认证第一车联网终端的身份合法性,响应于第一车联网终端的身份合法,将第一车联网终端的身份合法消息发送给基站,以使基站为第一车联网终端提供网络接入。Step 202: The core network device authenticates the legality of the first IoV terminal's identity according to the terminal identifier, and sends a message of the identity of the first IoV terminal to the base station in response to the legality of the first IoV terminal's identity, so that the base station is the first IoV terminal. A vehicle networking terminal provides network access.

步骤203,核心网设备解析车联网业务请求中的业务类型,若业务类型为车与路侧单元通信,即第二车联网终端为路侧单元,核心网向基站发送第一车联网终端的会话秘钥加密秘钥fi及会话秘钥对(k,K)。Step 203: The core network device analyzes the service type in the IoV service request. If the service type is communication between the vehicle and the RSU, that is, the second IOV terminal is the RSU, the core network sends the session of the first IOV terminal to the base station. Key encryption key f i and session key pair (k, K).

步骤204,基站利用会话秘钥加密秘钥fi对会话秘钥对(k,K)进行加密,得到加密会话秘钥fi(k,K),并将加密会话秘钥fi(k,K)发送给第一车联网终端。Step 204, the base station encrypts the session key pair (k, K) with the session key encryption key f i to obtain the encrypted session key f i (k, K), and encrypts the session key f i (k, K) sending to the first IoV terminal.

步骤205,基站存储着其覆盖范围内路侧单元RSU的会话秘钥加密秘钥,基站定位出第一车联网终端需要通信的路侧单元RSU,利用定位出的路侧单元RSU的会话秘钥加密秘钥fRSU_i,将会话秘钥对(k,K)加密,得到加密会话秘钥fRSU_i(k,K),并将加密会话秘钥fRSU_i(k,K)发送给该路侧单元RSU。Step 205, the base station stores the session key encryption key of the roadside unit RSU within its coverage area, the base station locates the roadside unit RSU that the first Internet of Vehicles terminal needs to communicate with, and uses the located roadside unit RSU session key Encrypt the key f RSU_i , encrypt the session key pair (k, K) to obtain the encrypted session key f RSU_i (k, K), and send the encrypted session key f RSU_i (k, K) to the RSU RSU.

步骤206,第一车联网终端和路侧单元分别利用存储在自身SIM卡或终端硬件模块里的Fi解析基站发送的加密会话秘钥fi(k,K)及fRSU_i(k,K),得到会话秘钥对(k,K)。Step 206, the first Internet of Vehicles terminal and the roadside unit use F i stored in their own SIM card or terminal hardware module to analyze the encrypted session key f i (k, K) and f RSU_i (k, K) sent by the base station respectively , get the session key pair (k, K).

步骤207,第一车联网终端和路侧单元利用会话秘钥对(k,K)对车联网业务内容进行加解密,实现车联网安全通信。Step 207, the first IoV terminal and the RSU use the session key pair (k, K) to encrypt and decrypt the IOV business content, so as to realize secure communication in the IOV.

实施例3:Example 3:

如图3所示,本实施例提供一种车联网终端的通信方法,应用于第一车联网终端,包括:As shown in FIG. 3 , this embodiment provides a communication method for an IoV terminal, which is applied to a first IOV terminal, including:

步骤301,向网络设备发送业务请求,以使网络设备根据所述业务请求定位第一车联网终端需要通信的第二车联网终端。Step 301, sending a service request to a network device, so that the network device locates a second IoV terminal with which a first IoV terminal needs to communicate according to the service request.

本实施例中,网络设备根据所述业务请求定位第一车联网终端需要通信的第二车联网终端具体包括:网络设备根据所述业务请求中第一车联网终端标识确定第一车联网终端的位置;并根据第一车辆网终端的位置和业务类型定位第一车联网终端需要通信的第二车联网终端。In this embodiment, the network device locating the second Internet of Vehicles terminal that the first Internet of Vehicles terminal needs to communicate with according to the service request specifically includes: the network device determines the identity of the first Internet of Vehicles terminal according to the first Internet of Vehicles terminal identifier in the service request location; and locating the second IOV terminal that the first IOV terminal needs to communicate with according to the location and service type of the first IOV terminal.

步骤302,接收网络设备定向发送的加密会话秘钥fi(k,K),其中,i=1,2,3,…,m,m为第一车联网终端和第二车联网终端构成的车联网终端总数量。Step 302, receiving the encrypted session key f i (k, K) directed by the network device, where i=1, 2, 3,..., m, m is composed of the first Internet of Vehicles terminal and the second Internet of Vehicles terminal The total number of IoV terminals.

本实施例中,在网络设备处对于每个车联网终端存储有固定的加密会话秘钥池,网络设备可根据车联网终端标识将对应的加密会话秘钥定向发送给对应的车联网终端。In this embodiment, a fixed encrypted session key pool is stored for each IoV terminal at the network device, and the network device can send the corresponding encrypted session key to the corresponding IOV terminal according to the identifier of the IOV terminal.

在另一种实施方式中,网络设备可以为第一车联网终端和第二车联网终端分别生成对应的加密会话秘钥fi(k,K)。其中,一个车联网终端对应一个加密会话秘钥fi(k,K)。(k,K)为会话秘钥对,是第一车联网终端和第二车联网终端用于加密或解密两者之间通信的会话内容的秘钥。例如,第一车联网终端的加密会话秘钥为f1(k,K),第二车联网终端的数量为三个,则三个第二车联网终端的加密会话秘钥分别为f2(k,K)、f3(k,K)、f4(k,K)。通过对车联网终端之间通信所需的会话秘钥对分别进行加密保护,得到加密会话秘钥fi(k,K),使得车联网终端会话秘钥对的加密实现一户一秘,有效保障后续车联网终端之间通信的安全性。具体地,网络设备为第一车联网终端和第二车联网终端分别生成对应的加密会话秘钥fi(k,K)包括:利用会话秘钥加密秘钥fi分别对会话秘钥对(k,K)加密,得到加密会话秘钥fi(k,K),并周期性更新会话秘钥对(k,K),其中,一个车联网终端对应一个会话秘钥加密秘钥fi。会话秘钥对(k,K)由网络设备对合法车联网终端进行分发,出于安全性考虑,周期性更新会话秘钥对(k,K)。对于同一周期进行通信的车联网终端,网络设备下发一对会话秘钥对(第一会话加密秘钥k和第一会话解密秘钥K),便于车联网终端之间加密通信。发送的会话内容为s,发送方用第一会话加密秘钥k,将需要发送的会话内容s加密成k(s)传输,接收方利用第一会话解密秘钥K进行解密,以解析出会话内容s。由网络设备分发并周期性更新会话秘钥对(k,K)可提高车联网终端的通信安全。会话秘钥加密秘钥fi,其中,i=1、2、3…n,n为所有注册的车联网终端的总数量,fi可以是核心网设备发送给基站设备用于加密会话秘钥对(k,K)的秘钥,是为了防止基站设备向车联网终端发送会话秘钥时,会话秘钥被第三方截取而对会话秘钥进行加密的秘钥。核心网设备存储所有注册车联网终端对应的会话秘钥加密秘钥{fi}。核心网可以根据车联网终端i的移动通信用户标识,查询车联网终端i的会话秘钥加密秘钥fi。步骤303,利用自身的会话秘钥解密秘钥Fi对加密会话秘钥fi(k,K)解密,得到会话秘钥对(k,K)。In another implementation manner, the network device may respectively generate corresponding encryption session keys f i (k, K) for the first IoV terminal and the second IOV terminal. Wherein, one IoV terminal corresponds to one encrypted session key f i (k, K). (k, K) is a session key pair, which is a key used by the first IoV terminal and the second IOV terminal to encrypt or decrypt the session content of the communication between them. For example, the encrypted session key of the first IoV terminal is f 1 (k, K), and the number of the second IOV terminal is three, then the encrypted session keys of the three second IOV terminals are respectively f 2 ( k, K), f 3 (k, K), f 4 (k, K). By encrypting and protecting the session key pairs required for communication between the IoV terminals, the encrypted session key f i (k, K) is obtained, so that the encryption of the IoV terminal session key pairs can be encrypted for each user, effectively Ensure the security of communication between subsequent Internet of Vehicles terminals. Specifically, the network device generates corresponding encrypted session keys f i (k, K) for the first Internet of Vehicles terminal and the second Internet of Vehicles terminal respectively, including: using the session key to encrypt the key f i respectively to the session key pair ( k, K) encryption to obtain the encrypted session key f i (k, K), and periodically update the session key pair (k, K), where one IoV terminal corresponds to a session key encrypted key f i . The session key pair (k, K) is distributed by the network device to the legitimate IoV terminals, and the session key pair (k, K) is periodically updated for security reasons. For the IoV terminals communicating in the same period, the network device issues a pair of session key pairs (the first session encryption key k and the first session decryption key K) to facilitate encrypted communication between IOV terminals. The sent session content is s, and the sender uses the first session encryption key k to encrypt the session content s to be sent into k(s) for transmission, and the receiver uses the first session decryption key K to decrypt it to parse out the session content s. Distributing and periodically updating the session key pair (k, K) by the network device can improve the communication security of the IoV terminal. Session key encryption key f i , where i=1, 2, 3...n, n is the total number of all registered IoV terminals, and f i can be the key network device sent to the base station device to encrypt the session key The key for (k, K) is used to encrypt the session key to prevent the session key from being intercepted by a third party when the base station device sends the session key to the IoV terminal. The core network device stores the session key encryption key {f i } corresponding to all registered IoV terminals. The core network can query the session key encryption key f i of the IOV terminal i according to the mobile communication user ID of the IOV terminal i. Step 303: Decrypt the encrypted session key f i (k, K) with its own session key decryption key F i to obtain a session key pair (k, K).

步骤303,利用自身的会话秘钥解密秘钥Fi对加密会话秘钥fi(k,K)解密,得到会话秘钥对(k,K)。Step 303: Decrypt the encrypted session key f i (k, K) with its own session key decryption key F i to obtain a session key pair (k, K).

步骤304,利用会话秘钥对(k,K)与第二车联网终端相互通信,其中,k为会话加密秘钥,K为会话解密秘钥,会话秘钥对(k,K)用于加密或解密会话内容。Step 304, using the session key pair (k, K) to communicate with the second IoV terminal, wherein k is the session encryption key, K is the session decryption key, and the session key pair (k, K) is used for encryption Or decrypt the session content.

可选地,所述业务请求包括业务类型和第一车联网终端标识,业务类型用于确定第一车联网终端的通信对象和通信范围。Optionally, the service request includes a service type and an identifier of the first Internet of Vehicles terminal, and the service type is used to determine a communication object and a communication range of the first Internet of Vehicles terminal.

所述利用自身的会话秘钥解密秘钥Fi对加密会话秘钥fi(k,K)解密,具体包括:利用自身存储的自身内存储的会话秘钥解密秘钥Fi对加密会话秘钥fi(k,K)解密。The decryption key F i using its own session key to decrypt the encrypted session key f i (k, K) specifically includes: using the session key stored in itself to decrypt the key F i to decrypt the encrypted session key The key f i (k, K) decrypts.

可选地,车联网终端包括以下至少之一:车载单元、路侧单元。在所述向网络设备发送业务请求之前,车联网终端的通信方法还包括:向网络设备发送身份认证请求,以使网络设备认证车联网终端身份的合法性。Optionally, the Internet of Vehicles terminal includes at least one of the following: a vehicle-mounted unit and a roadside unit. Before sending the service request to the network device, the communication method of the IoV terminal further includes: sending an identity authentication request to the network device, so that the network device can verify the legitimacy of the identity of the IOV terminal.

本实施例中,网络设备认证车联网终端(第一车辆网终端和第二车联网终端)身份的合法性包括:根据车联网终端标识认证所述车联网终端的网络身份合法性,其中,所述车联网终端标识为移动通信用户标识的加密字符串与设备标识的加密字符串的组合;响应于所述车联网终端的网络身份合法,将所述车联网终端标识中设备标识的加密字符串发送至可信中心,以使可信中心认证所述车联网终端的设备身份合法性;响应于所述车联网终端的网络身份合法及设备身份合法,确定所述车联网终端身份合法。In this embodiment, the network device authenticating the legality of the identity of the Internet of Vehicles terminal (the first Internet of Vehicles terminal and the second Internet of Vehicles terminal) includes: authenticating the legality of the network identity of the Internet of Vehicles terminal according to the identity of the Internet of Vehicles terminal, wherein the The terminal identifier of the Internet of Vehicles is a combination of an encrypted character string of a mobile communication user identifier and an encrypted character string of a device identifier; in response to the network identity of the Internet of Vehicles terminal being legal, the encrypted character string of the device identifier in the Internet of Vehicles terminal identifier sending to the trusted center, so that the trusted center can verify the legitimacy of the device identity of the IoV terminal; in response to the legality of the network identity and device identity of the IOV terminal, determine that the identity of the IOV terminal is legal.

本实施例的车联网终端的通信方法,将加密会话秘钥fi(k,K)定向传输至需要进行相互通信的第一车联网终端和第二车联网终端,以使车联网终端分别解密得到相互通信需要的会话秘钥对。In the communication method of the IoV terminal in this embodiment, the encrypted session key f i (k, K) is transmitted to the first IOV terminal and the second IOV terminal that need to communicate with each other, so that the IOV terminals can respectively decrypt Obtain the session key pair required for mutual communication.

实施例4:Example 4:

如图4所示,本实施例提供一种车联网终端的通信装置,应用于网络设备,包括:As shown in FIG. 4, this embodiment provides a communication device for an Internet of Vehicles terminal, which is applied to network equipment, including:

第一接收模块41,用于接收并解析第一车联网终端发送的业务请求。The first receiving module 41 is configured to receive and analyze the service request sent by the first Internet of Vehicles terminal.

定位模块42,与第一接收模块41连接,用于根据所述业务请求定位第一车联网终端需要通信的第二车联网终端。The locating module 42 is connected with the first receiving module 41, and is used for locating the second IoV terminal that the first IoV terminal needs to communicate with according to the service request.

第一发送模块43,与定位模块42连接,用于将加密会话秘钥fi(k,K)定向发送给对应的第一车联网终端和第二车联网终端,以使第一车联网终端和第二车联网终端分别对加密会话秘钥fi(k,K)解密,得到会话秘钥对(k,K)进行相互通信,其中,i=1,2,3,…,m,m为第一车联网终端和第二车联网终端构成的车联网终端总数量,k为会话加密秘钥,K为会话解密秘钥,会话秘钥对(k,K)用于加密或解密会话内容。第一发送模块还用于针对每个车联网终端存储有固定的加密会话秘钥池,用于根据车联网终端标识将对应的加密会话秘钥定向发送给对应的车联网终端。The first sending module 43 is connected with the positioning module 42, and is used to send the encrypted session key f i (k, K) to the corresponding first Internet of Vehicles terminal and the second Internet of Vehicles terminal correspondingly, so that the first Internet of Vehicles terminal Decrypt the encrypted session key f i (k, K) with the second IoV terminal respectively, and obtain a session key pair (k, K) for mutual communication, where i=1,2,3,...,m,m is the total number of IoV terminals composed of the first IOV terminal and the second IOV terminal, k is the session encryption key, K is the session decryption key, and the session key pair (k, K) is used to encrypt or decrypt the session content . The first sending module is also used to store a fixed encrypted session key pool for each IoV terminal, and to send the corresponding encrypted session key to the corresponding IOV terminal in a directed manner according to the IOV terminal identifier.

可选地,所述业务请求包括业务类型和第一车联网终端标识,业务类型用于确定第一车联网终端的通信对象和通信范围。Optionally, the service request includes a service type and an identifier of the first Internet of Vehicles terminal, and the service type is used to determine a communication object and a communication range of the first Internet of Vehicles terminal.

定位模块包括定位单元。定位单元,用于根据所述业务请求中第一车联网终端标识确定第一车联网终端的位置;以及,用于根据第一车辆网终端的位置和业务类型定位第一车联网终端需要通信的第二车联网终端。The positioning module includes a positioning unit. A positioning unit, configured to determine the location of the first IoV terminal according to the first IOV terminal identifier in the service request; and, used to locate the first IOV terminal that needs to communicate according to the location and service type of the first IOV terminal The second car networking terminal.

可选地,车联网终端的通信装置还包括生成模块。生成模块,与第一接收模块和定位模块连接,用于为第一车联网终端和第二车联网终端分别生成对应的加密会话秘钥fi(k,K),其中,i=1,2,3,…,m,m为第一车联网终端和第二车联网终端构成的车联网终端总数量。Optionally, the communication device of the Internet of Vehicles terminal further includes a generation module. The generating module is connected with the first receiving module and the positioning module, and is used to generate corresponding encrypted session keys f i (k, K) respectively for the first Internet of Vehicles terminal and the second Internet of Vehicles terminal, where i=1,2 ,3,...,m, m is the total number of IoV terminals composed of the first IOV terminal and the second IOV terminal.

可选地,生成模块包括生成单元。生成单元用于接收核心网设备发送的会话秘钥加密秘钥fi和会话秘钥对(k,K),其中,一个车联网终端对应一个会话秘钥加密秘钥fi,核心网设备周期性更新会话秘钥对(k,K);以及,用于利用会话秘钥加密秘钥fi分别对会话秘钥对(k,K)加密,得到加密会话秘钥fi(k,K)。Optionally, the generation module includes a generation unit. The generation unit is used to receive the session key encryption key f i and the session key pair (k, K) sent by the core network device, wherein one IoV terminal corresponds to a session key encryption key f i , and the core network device period Update the session key pair (k, K) permanently; and, use the session key encryption key f i to encrypt the session key pair (k, K) respectively to obtain the encrypted session key f i (k, K) .

可选地,车联网终端包括以下至少之一:车载单元、路侧单元。车联网终端的通信装置还包括认证模块。认证模块,与第一接收模块和定位模块连接,用于认证第一车联网终端的身份合法性,以及,用于认证第二车联网终端的身份合法性。Optionally, the Internet of Vehicles terminal includes at least one of the following: a vehicle-mounted unit and a roadside unit. The communication device of the Internet of Vehicles terminal also includes an authentication module. The authentication module is connected with the first receiving module and the positioning module, and is used for authenticating the legality of the identity of the first Internet of Vehicles terminal, and for authenticating the identity of the second Internet of Vehicles terminal.

可选地,认证模块,用于根据车联网终端标识认证所述车联网终端的网络身份合法性,其中,所述车联网终端标识为移动通信用户标识的加密字符串与设备标识的加密字符串的组合;并响应于所述车联网终端的网络身份合法,将所述车联网终端标识中设备标识的加密字符串发送至可信中心,以使可信中心认证所述车联网终端的设备身份合法性;以及,用于响应于所述车联网终端的网络身份合法及设备身份合法,确定所述车联网终端身份合法。认证模块的具体工作过程详见实施例1的描述。Optionally, an authentication module, configured to authenticate the validity of the network identity of the IoV terminal according to the IOV terminal identifier, wherein the IOV terminal identifier is an encrypted character string of a mobile communication user identifier and an encrypted character string of a device identifier and in response to the legality of the network identity of the Internet of Vehicles terminal, send the encrypted character string of the device identification in the Internet of Vehicles terminal identification to the trusted center, so that the trusted center can authenticate the device identity of the Internet of Vehicles terminal legitimacy; and, in response to the legality of the network identity and device identity of the Internet of Vehicles terminal, determine that the identity of the Internet of Vehicles terminal is legal. For the specific working process of the authentication module, refer to the description of Embodiment 1.

实施例5:Example 5:

如图5所示,本实施例提供一种车联网终端的通信装置,应用于第一车联网终端,包括:As shown in FIG. 5, this embodiment provides a communication device for an IoV terminal, which is applied to a first IOV terminal, including:

第二发送模块51,用于向网络设备发送业务请求,以使网络设备根据所述业务请求定位第一车联网终端需要通信的第二车联网终端。本实施例中,网络设备用于根据所述业务请求中第一车联网终端标识确定第一车联网终端的位置,以及,用于根据第一车辆网终端的位置和业务类型定位第一车联网终端需要通信的第二车联网终端。The second sending module 51 is configured to send a service request to the network equipment, so that the network equipment locates the second IoV terminal that needs to communicate with the first IoV terminal according to the service request. In this embodiment, the network device is used to determine the location of the first IoV terminal according to the first IoV terminal identifier in the service request, and to locate the first IOV terminal according to the location and service type of the first IOV terminal The terminal needs a second IoV terminal for communication.

第二接收模块52,用于接收网络设备定向发送的加密会话秘钥fi(k,K),其中,i=1,2,3,…,m,m为第一车联网终端和第二车联网终端构成的车联网终端总数量。其中,网络设备处针对每个车联网终端存储有固定的加密会话秘钥池,网络设备用于根据车联网终端标识将对应的加密会话秘钥定向发送给对应的车联网终端。在另一种实施方式中,网络设备用于为第一车联网终端和第二车联网终端分别生成对应的加密会话秘钥fi(k,K),其中,一个车联网终端对应一个会话秘钥加密秘钥fi,网络设备用于周期性更新会话秘钥对(k,K),以及,用于利用会话秘钥加密秘钥fi分别对会话秘钥对(k,K)加密,得到加密会话秘钥fi(k,K)。The second receiving module 52 is used to receive the encrypted session key f i (k, K) directed by the network device, where i=1, 2, 3,..., m, m is the first IoV terminal and the second The total number of Internet of Vehicles terminals composed of Internet of Vehicles terminals. Wherein, the network device stores a fixed encrypted session key pool for each IoV terminal, and the network device is used to send the corresponding encrypted session key to the corresponding IOV terminal in a directed manner according to the IOV terminal identifier. In another embodiment, the network device is used to generate corresponding encrypted session keys f i (k, K) for the first Internet of Vehicles terminal and the second Internet of Vehicles terminal, wherein one Internet of Vehicles terminal corresponds to one session key key encryption key f i , the network device is used to periodically update the session key pair (k, K), and is used to use the session key encryption key f i to encrypt the session key pair (k, K) respectively, Get the encrypted session key f i (k, K).

解密模块53,与第二接收模块52连接,用于利用自身的会话秘钥解密秘钥Fi对加密会话秘钥fi(k,K)解密,得到会话秘钥对(k,K)。The decryption module 53, connected to the second receiving module 52, is used to decrypt the encrypted session key f i (k, K) by using its own session key decryption key F i to obtain a session key pair (k, K).

通信模块54,与解密模块53连接,用于利用会话秘钥对(k,K)与第二车联网终端相互通信,其中,k为会话加密秘钥,K为会话解密秘钥,会话秘钥对(k,K)用于加密或解密会话内容。The communication module 54 is connected with the decryption module 53, and is used to communicate with the second Internet of Vehicles terminal using the session key pair (k, K), wherein k is the session encryption key, K is the session decryption key, and the session key The pair (k, K) is used to encrypt or decrypt the session content.

可选地,所述业务请求包括业务类型和第一车联网终端标识,业务类型用于确定第一车联网终端的通信对象和通信范围。Optionally, the service request includes a service type and an identifier of the first Internet of Vehicles terminal, and the service type is used to determine a communication object and a communication range of the first Internet of Vehicles terminal.

可选地,解密模块用于利用自身存储的会话秘钥解密秘钥Fi对加密会话秘钥fi(k,K)解密。Optionally, the decryption module is configured to use the session key decryption key F i stored by itself to decrypt the encrypted session key f i (k, K).

可选地,车联网终端包括以下至少之一:车载单元、路侧单元。Optionally, the Internet of Vehicles terminal includes at least one of the following: a vehicle-mounted unit and a roadside unit.

可选地,第二发送模块还用于向网络设备发送身份认证请求,以使网络设备认证车联网终端身份的合法性。Optionally, the second sending module is further configured to send an identity authentication request to the network device, so that the network device can verify the legitimacy of the identity of the IoV terminal.

本实施例中,网络设备认证车联网终端(第一车辆网终端和第二车联网终端)身份的合法性包括:根据车联网终端标识认证所述车联网终端的网络身份合法性,其中,所述车联网终端标识为移动通信用户标识的加密字符串与设备标识的加密字符串的组合;响应于所述车联网终端的网络身份合法,将所述车联网终端标识中设备标识的加密字符串发送至可信中心,以使可信中心认证所述车联网终端的设备身份合法性;响应于所述车联网终端的网络身份合法及设备身份合法,确定所述车联网终端身份合法。In this embodiment, the network device authenticating the legality of the identity of the Internet of Vehicles terminal (the first Internet of Vehicles terminal and the second Internet of Vehicles terminal) includes: authenticating the legality of the network identity of the Internet of Vehicles terminal according to the identity of the Internet of Vehicles terminal, wherein the The terminal identifier of the Internet of Vehicles is a combination of an encrypted character string of a mobile communication user identifier and an encrypted character string of a device identifier; in response to the network identity of the Internet of Vehicles terminal being legal, the encrypted character string of the device identifier in the Internet of Vehicles terminal identifier sending to the trusted center, so that the trusted center can verify the legitimacy of the device identity of the IoV terminal; in response to the legality of the network identity and device identity of the IOV terminal, determine that the identity of the IOV terminal is legal.

实施例6:Embodiment 6:

如图6所示,本实施例提供一种电子设备,包括存储器61和处理器62,所述存储器61中存储有计算机程序,所述处理器62被设置为运行所述计算机程序以实现如实施例1所述的车联网终端的通信方法或实施例3所述的车联网终端的通信方法。As shown in FIG. 6, this embodiment provides an electronic device, including a memory 61 and a processor 62, the memory 61 stores a computer program, and the processor 62 is configured to run the computer program to implement the The communication method of the Internet of Vehicles terminal described in Example 1 or the communication method of the Internet of Vehicles terminal described in Embodiment 3.

实施例7:Embodiment 7:

本实施例提供一种计算机可读存储介质,其上存储有计算机程序,所述计算机程序被处理器执行时,实现如实施例1所述的车联网终端的通信方法或实施例3所述的车联网终端的通信方法。This embodiment provides a computer-readable storage medium, on which a computer program is stored. When the computer program is executed by a processor, the communication method of the Internet of Vehicles terminal as described in Embodiment 1 or the communication method described in Embodiment 3 is implemented. A communication method for an Internet of Vehicles terminal.

实施例4和实施例5的车联网终端的通信装置、实施例6的电子设备,以及实施例7的计算机可读存储介质,用于将加密会话秘钥fi(k,K)定向传输至需要进行相互通信的第一车联网终端和第二车联网终端,以使车联网终端分别解密得到相互通信需要的会话秘钥对。用于对车联网终端之间通信所需的会话秘钥对分别进行加密保护,使得车联网终端会话秘钥对的加密实现一户一秘,可显著提高后续通信的安全性,且用于将车联网终端对应的会话秘钥对的加密结果定向传输给车联网终端,防止车联网终端的会话秘钥在空口传播时被窃取和替换,从而进一步实现车联网终端之间的安全通信。进一步地,网络设备用于分发并周期性更新会话秘钥对(k,K)可提高车联网终端的通信安全。第一车联网终端和第二车联网终端用于利用自身存储的自身内存储的会话秘钥解密秘钥Fi对加密会话秘钥fi(k,K)解密,具有高安全性且减少车联网终端的证书维护压力。此外,用于对即将进行业务通信的第一车辆网终端和第二车联网终端进行身份合法性认证,以保证通信双方的车联网终端是合法设备,提高通信安全。The communication device of the Internet of Vehicles terminal of Embodiment 4 and Embodiment 5, the electronic device of Embodiment 6, and the computer-readable storage medium of Embodiment 7 are used to transmit the encrypted session key f i (k, K) to The first Internet of Vehicles terminal and the second Internet of Vehicles terminal need to communicate with each other, so that the Internet of Vehicles terminals can respectively decrypt and obtain the session key pair required for mutual communication. It is used to encrypt and protect the session key pairs required for communication between IoV terminals, so that the encryption of the session key pairs of IOV terminals can be encrypted for one account, which can significantly improve the security of subsequent communications, and is used to The encryption result of the session key pair corresponding to the Internet of Vehicles terminal is transmitted to the Internet of Vehicles terminal in a directional manner to prevent the session key of the Internet of Vehicles terminal from being stolen and replaced during air interface transmission, thereby further realizing secure communication between Internet of Vehicles terminals. Further, the network device is used to distribute and periodically update the session key pair (k, K) to improve the communication security of the IoV terminal. The first Internet of Vehicles terminal and the second Internet of Vehicles terminal are used to decrypt the encrypted session key f i (k, K) using their own stored session key decryption key F i , which has high security and reduces the number of vehicles. Certificate maintenance pressure for connected endpoints. In addition, it is used to authenticate the legality of the first vehicle network terminal and the second vehicle network terminal that are about to conduct business communication, so as to ensure that the vehicle network terminals of both communication parties are legal devices and improve communication security.

可以理解的是,以上实施方式仅仅是为了说明本发明的原理而采用的示例性实施方式,然而本发明并不局限于此。对于本领域内的普通技术人员而言,在不脱离本发明的精神和实质的情况下,可以做出各种变型和改进,这些变型和改进也视为本发明的保护范围。It can be understood that, the above embodiments are only exemplary embodiments adopted for illustrating the principle of the present invention, but the present invention is not limited thereto. For those skilled in the art, various modifications and improvements can be made without departing from the spirit and essence of the present invention, and these modifications and improvements are also regarded as the protection scope of the present invention.

Claims (12)

1. A communication method of a vehicle networking terminal is applied to network equipment, and the method comprises the following steps:
receiving and analyzing a service request sent by a first car networking terminal;
positioning a second car networking terminal needing communication of the first car networking terminal according to the service request;
encrypting the session key f i (K, K) is directionally sent to the corresponding first car networking terminal and the second car networking terminal, so that the first car networking terminal and the second car networking terminal respectively encrypt the session key f i And (K, K) decrypting to obtain a session key pair (K, K) for mutual communication, wherein i =1,2,3, \8230;, m and m are the total quantity of the vehicle networking terminals formed by the first vehicle networking terminal and the second vehicle networking terminal, K is a session encryption key,k is a session decryption key, and the pair of session keys (K, K) is used to encrypt or decrypt the session content.
2. The communication method of the car networking terminal according to claim 1, wherein the service request comprises a service type and a first car networking terminal identification, the service type is used for determining a communication object and a communication range of the first car networking terminal,
after the second car networking terminal needing communication is located according to the service request, and the session key f to be encrypted i Before the directional transmission to corresponding first car networking terminal and second car networking terminal (K, K), still include:
respectively generating corresponding encrypted session keys f for the first car networking terminal and the second car networking terminal i (k,K),
The positioning of the second car networking terminal, which needs to communicate with the first car networking terminal according to the service request, specifically includes:
determining the position of a first car networking terminal according to the first car networking terminal identifier in the service request;
and positioning a second vehicle networking terminal which needs to communicate with the first vehicle networking terminal according to the position and the service type of the first vehicle networking terminal.
3. The communication method of the vehicle networking terminal according to claim 2, wherein the encrypted session keys f corresponding to the first vehicle networking terminal and the second vehicle networking terminal are respectively generated i (K, K), specifically including:
encrypting the key f using the session key i Encrypting the session key pairs (K, K) respectively to obtain an encrypted session key f i (K, K) and periodically updating the session key pair (K, K), wherein one car networking terminal encrypts the key f corresponding to one session key i
4. The communication method of the vehicle networking terminal according to claim 1, wherein the vehicle networking terminal comprises at least one of the following: a vehicle-mounted unit, a road side unit,
after the receiving and analyzing the service request sent by the first vehicle networking terminal, and before the locating a second vehicle networking terminal, which needs to communicate with the first vehicle networking terminal, according to the service request, the method further includes:
the identity validity of the first vehicle networking terminal is authenticated,
the positioning of the second car networking terminal, which needs to communicate with the first car networking terminal according to the service request, further comprises:
and authenticating the identity validity of the second vehicle networking terminal.
5. The communication method of the Internet of vehicles terminal according to claim 4, wherein the authentication of the identity validity of the Internet of vehicles terminal specifically comprises:
the network identity legitimacy of the Internet of vehicles terminal is authenticated according to the Internet of vehicles terminal identification, wherein the Internet of vehicles terminal identification is the combination of the encrypted character string of the mobile communication user identification and the encrypted character string of the equipment identification;
responding to the fact that the network identity of the Internet of vehicles terminal is legal, and sending the encrypted character string of the equipment identity in the Internet of vehicles terminal identity to a trusted center so that the trusted center can authenticate the equipment identity validity of the Internet of vehicles terminal;
and determining that the identity of the Internet of vehicles terminal is legal in response to the fact that the network identity of the Internet of vehicles terminal is legal and the equipment identity is legal.
6. A communication method of a vehicle networking terminal is applied to a first vehicle networking terminal, and is characterized by comprising the following steps:
sending a service request to network equipment so that the network equipment positions a second car networking terminal which needs to communicate with the first car networking terminal according to the service request;
receiving an encrypted session key f sent by the network equipment in a directional manner i (K, K), wherein i =1,2,3, \8230;, m, m is the total number of the first and second car networking terminals;
by usingOwn session key decryption key F i For encrypted session key f i Decrypting the (K, K) to obtain a session key pair (K, K);
and communicating with the second networked terminal using a session key pair (K, K), wherein K is a session encryption key, K is a session decryption key, and the session key pair (K, K) is used for encrypting or decrypting session content.
7. The communication method of the car networking terminal according to claim 6, wherein the service request comprises a service type and a first car networking terminal identification, the service type is used for determining a communication object and a communication range of the first car networking terminal,
decrypting the key F by using the own session key i For encrypted session key f i And (K, K) decrypting specifically comprises:
decrypting the key F using the self-stored session key i For encrypted session key f i And (K, K) decrypting.
8. The communication method of the vehicle networking terminal according to claim 6, wherein the vehicle networking terminal comprises at least one of the following: a vehicle-mounted unit, a road side unit,
before the sending the service request to the network device, the method further includes:
and sending an identity authentication request to the network equipment so that the network equipment authenticates the legality of the identity of the Internet of vehicles terminal.
9. The utility model provides a communication device of car networking terminal which characterized in that, is applied to network equipment, includes:
a first receiving module, configured to receive and analyze a service request sent by a first car networking terminal,
the positioning module is connected with the first receiving module and used for positioning a second vehicle networking terminal which needs to communicate with the first vehicle networking terminal according to the service request,
a first sending module connected with the positioning module and used for encrypting the session key f i (K, K) directional transmission pairThe first car networking terminal and the second car networking terminal are used for respectively encrypting the session key f by the first car networking terminal and the second car networking terminal i And (K, K) decrypting to obtain a session key pair (K, K) for mutual communication, wherein i =1,2,3, \8230;, m, m is the total number of the vehicle networking terminals consisting of the first vehicle networking terminal and the second vehicle networking terminal, K is a session encryption key, K is a session decryption key, and the session key pair (K, K) is used for encrypting or decrypting session content.
10. The utility model provides a communication device of car networking terminal, is applied to first car networking terminal, its characterized in that includes:
the second sending module is used for sending a service request to the network equipment so that the network equipment positions a second vehicle networking terminal which needs to communicate with the first vehicle networking terminal according to the service request,
a second receiving module, configured to receive an encrypted session key f sent by the network device in a directional manner i (K, K), wherein i =1,2,3, \8230;, m, m is the total number of the first and second car networking terminals,
a decryption module connected with the second receiving module for decrypting the key F by using its own session key i For encryption session key f i (K, K) decrypting to obtain a session key pair (K, K),
and the communication module is connected with the decryption module and is used for communicating with the second vehicle networking terminal by using a session key pair (K, K), wherein the K is a session encryption key, the K is a session decryption key, and the session key pair (K, K) is used for encrypting or decrypting session content.
11. An electronic device, comprising a memory and a processor, wherein the memory stores a computer program, and the processor is configured to execute the computer program to implement the communication method of the vehicle networking terminal according to any one of claims 1-5 or the communication method of the vehicle networking terminal according to any one of claims 6-8.
12. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out a communication method of a vehicle networking terminal according to any one of claims 1 to 5 or a communication method of a vehicle networking terminal according to any one of claims 6 to 8.
CN202211556623.8A 2022-12-06 2022-12-06 Communication method and device of Internet of vehicles terminal, electronic equipment and storage medium Pending CN115884175A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211556623.8A CN115884175A (en) 2022-12-06 2022-12-06 Communication method and device of Internet of vehicles terminal, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211556623.8A CN115884175A (en) 2022-12-06 2022-12-06 Communication method and device of Internet of vehicles terminal, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN115884175A true CN115884175A (en) 2023-03-31

Family

ID=85766063

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211556623.8A Pending CN115884175A (en) 2022-12-06 2022-12-06 Communication method and device of Internet of vehicles terminal, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115884175A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119696786A (en) * 2023-09-25 2025-03-25 中移(成都)信息通信科技有限公司 A secure communication method, related equipment and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130182845A1 (en) * 2012-01-18 2013-07-18 Square, Inc. Secure communications between devices using a trusted server
CN105721149A (en) * 2016-04-25 2016-06-29 北汽福田汽车股份有限公司 Internet of vehicles system session key generation method and vehicular terminal and ECU binding method
CN107623912A (en) * 2016-07-15 2018-01-23 上海中兴软件有限责任公司 The method and device of secure communication between a kind of car networking terminal
CN112311539A (en) * 2020-10-30 2021-02-02 中电智能技术南京有限公司 Method for issuing certificate based on GBA mechanism
CN114154135A (en) * 2022-02-07 2022-03-08 南京理工大学 Method, system and device for security authentication of Internet of Vehicles communication based on national secret algorithm

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130182845A1 (en) * 2012-01-18 2013-07-18 Square, Inc. Secure communications between devices using a trusted server
CN105721149A (en) * 2016-04-25 2016-06-29 北汽福田汽车股份有限公司 Internet of vehicles system session key generation method and vehicular terminal and ECU binding method
CN107623912A (en) * 2016-07-15 2018-01-23 上海中兴软件有限责任公司 The method and device of secure communication between a kind of car networking terminal
CN112311539A (en) * 2020-10-30 2021-02-02 中电智能技术南京有限公司 Method for issuing certificate based on GBA mechanism
CN114154135A (en) * 2022-02-07 2022-03-08 南京理工大学 Method, system and device for security authentication of Internet of Vehicles communication based on national secret algorithm

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119696786A (en) * 2023-09-25 2025-03-25 中移(成都)信息通信科技有限公司 A secure communication method, related equipment and storage medium

Similar Documents

Publication Publication Date Title
CN110971415B (en) An anonymous access authentication method and system for a space-earth integrated spatial information network
CN110769393B (en) Identity authentication system and method for vehicle-road cooperation
CN114154135B (en) Method, system and device for security authentication of Internet of Vehicles communication based on national secret algorithm
CN109922475B (en) Vehicle Authentication and Message Verification Method in Vehicle Network Environment
JP6659220B2 (en) Communication device, semiconductor device, program and communication system
CN112399382A (en) Vehicle networking authentication method, device, equipment and medium based on block chain network
CN108260102B (en) Proxy signature-based non-access stratum authentication method for LTE-R vehicle-ground communication
CN103281191B (en) The method and system communicated is carried out based on car networking
CN111314056A (en) Heaven and earth integrated network anonymous access authentication method based on identity encryption system
CN109362062B (en) Anonymous authentication system and method for VANETs based on ID-based group signature
CN105847235A (en) Identity-based efficient anonymous batch authentication method in Internet of vehicles environment
CN104394000A (en) Batched certification method based on pseudonym verification public key in vehicle-mounted network
CN111601280B (en) Access verification method and device
CN108881176A (en) A kind of method of secure communication between car networking terminal
CN113163375B (en) Air certificate issuing method and system based on NB-IoT communication module
CN111182497A (en) V2X anonymous authentication method, device and storage medium
Patel et al. Vehiclechain: Blockchain-based vehicular data transmission scheme for smart city
CN105450623A (en) Access authentication method of electric automobile
CN113572795A (en) Vehicle safety communication method and system and vehicle-mounted terminal
CN108933665B (en) Approach of Lightweight V2I Group Communication Authentication Protocol in VANETs
CN115119178A (en) Encrypted communication method for vehicle-road coordination and device with encrypted communication function
CN117439740A (en) In-vehicle network identity authentication and key negotiation method, system and terminal
CN115884175A (en) Communication method and device of Internet of vehicles terminal, electronic equipment and storage medium
CN115802347B (en) Authentication method and device for identity of Internet of vehicles terminal, electronic equipment and storage medium
CN108600240A (en) A kind of communication system and its communication means

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination