阅读说明：本技术 使用some/ip通信协议改进车载数据或消息的传输 (Transmission of vehicle data or messages using SOME/IP communication protocol ) 是由 富尔维奥·里索 富尔维奥·瓦伦扎 里卡尔多·西斯托 马尔科·约里奥 马西莫·雷内里 阿尔贝 于 2020-04-23 设计创作，主要内容包括：描述了一种用于在请求服务实例的实体和提供服务实例的实体之间通过SOME/IP通信协议在车辆上的通信网络上传输消息的方法,其包括：(a)鉴于与服务实例相关联的通信在所述请求实体和所述提供实体之间的相互认证步骤,其包括：(i)验证所述请求实体和所述提供实体的预分配的证书的存在和相互有效性,这授权其对所述服务实例的访问,以及(ii)验证由所述提供实体所提供的服务的安全等级不低于所述请求实体和所述提供实体处预分配给所述服务的最低安全等级；以及(b)如果所述证书验证和所述安全等级验证成功,则将与服务实例相关联的至少一个通信消息从所述提供实体传输至所述请求实体,反之亦然。(A method is described for transmitting messages over a communication network on a vehicle via the SOME/IP communication protocol between an entity requesting a service instance and an entity providing the service instance, comprising: (a) a mutual authentication step between the requesting entity and the providing entity in view of a communication associated with a service instance, comprising: (i) verify the presence and mutual validity of pre-assigned certificates of the requesting entity and the providing entity, which authorizes its access to the service instance, and (ii) verify that the security level of the service provided by the providing entity is not below the lowest security level pre-assigned to the service at the requesting entity and the providing entity; and (b) transmitting at least one communication message associated with a service instance from the providing entity to the requesting entity and vice versa if the certificate verification and the security level verification are successful.)

1. Method for transmitting data or messages over a communication network on board a vehicle, between at least one entity requesting a service instance and an entity providing a service instance, by means of a SOME/IP communication protocol, wherein the providing entity provides a response as a result of the request of the requesting entity, or wherein the providing entity provides periodic notifications or provides notifications triggered by events due to the subscription of the requesting entity to a service,

wherein the rights of the at least one requesting entity and at least one providing entity to access a service instance are predefined by a certification authority external to the vehicle by issuing pre-assigned certificates of the requesting entity and the providing entity, wherein the certificate of the providing entity further assigns a minimum level of security to the service of the providing entity among a plurality of predetermined levels of security and the certificate of the requesting entity assigns a minimum level of security to the service of the requesting entity among the plurality of predetermined levels of security,

and in that the method comprises a preliminary mutual authentication step between the requesting entity and the providing entity, in view of the start of a subsequent communication associated with a service instance, comprising:

-verifying the presence and mutual validity of the pre-allocated certificates of the requesting entity and the providing entity,

-verifying that the security level of the service provided by the providing entity is not lower than the lowest security level pre-allocated to the service at the requesting entity and the providing entity, and

-transmitting at least one communication message associated with a service instance from the providing entity to the requesting entity and vice versa if the security level verification and the certificate verification are successful.

2. The method of claim 1, wherein the plurality of predetermined security levels comprises an authentication security level and a privacy security level, wherein a message authentication code encrypted with a predetermined encryption function is associated with each communication message of a service instance, wherein each communication message comprises a message authentication code encrypted with a predetermined encryption function and a payload encrypted with the predetermined encryption function.

3. The method of claim 2, wherein the predetermined cryptographic function comprises a symmetric cryptographic key associated with a respective service instance transmitted by the providing entity to the receiving entity in the preliminary mutual authentication step.

4. The method of claim 3, wherein the message authentication code is generated by a sending entity through the predetermined cryptographic function that receives at an input the communication message and the symmetric cryptographic key associated with the service instance and returns a fixed-size string of bytes.

5. A method according to claim 3 or 4, wherein the symmetric encryption key is transmitted by the providing entity to the receiving entity encrypted by means of a public encryption key of the requesting entity.

6. The method according to any of the preceding claims, wherein said verifying that a security level of a service provided by said providing entity is not below a minimum security level pre-allocated to said service at said providing entity and said requesting entity is performed at said providing entity and said receiving entity.

7. The method according to any of the preceding claims, wherein the preliminary mutual authentication step comprises: sending a message for an authentication request from the requesting entity to the providing entity, wherein the message for an authentication request comprises the pre-assigned certificate or an identifier of the pre-assigned certificate of the requesting entity; and sending an authentication response message from the providing entity to the requesting entity, wherein the authentication response message comprises the pre-assigned certificate or an identifier of the pre-assigned certificate of the providing entity.

8. The method of claim 7, wherein the pre-assigned certificate of the requesting entity and the pre-assigned certificate of the providing entity are stored in a centralized certificate register of a vehicle or are replicated in each in-vehicle device and issued by a certification authority external to the vehicle.

9. The method according to claim 7 or 8, wherein verifying the existence and mutual validity of the pre-assigned certificates of the requesting entity and the providing entity is performed by verifying the correctness of the digital signatures associated with the pre-assigned certificates using a public key contained in a master certificate, the integrity and authenticity of which is guaranteed by an external mechanism.

10. The method of claim 7, wherein the authentication response message further includes a control signature of the providing entity generated by a private encryption key of the providing entity.

11. The method of claim 3, wherein a plurality of entities requesting the same service instance communicate with a single entity providing the service instance in a multicast communication configuration, wherein the symmetric encryption key associated with the service instance is generated by the providing entity and shared with the plurality of requesting entities.