阅读说明：本技术 车载单元的停用方法、装置、存储介质及终端 (Method and device for deactivating vehicle-mounted unit, storage medium and terminal ) 是由 桂杰 周小东 李东元 李春荣 韩召 秦建良 于 2021-06-07 设计创作，主要内容包括：本申请公开了一种车载单元的停用方法、装置、存储介质及车载单元,该车载单元的停用方法应用于车载单元,车载单元中预设有初始认证密钥和唯一通信密钥,包括：当车载单元首次与智能车机通信连接时,根据初始认证密钥验证智能车机的身份；若对智能车机的身份验证成功,则下发唯一通信密钥至智能车机,并获取智能车机的第一身份标识,以与智能车机建立绑定关系；当已建立绑定关系的车载单元每次与智能车机通信时,根据第一身份标识和唯一通信密钥判断本次通信的智能车机是否为与车载单元建立绑定关系的智能车机,以判断车载单元是否非法拆卸；若确定车载单元非法拆卸,则停用车载单元,从而既保证了车载单元防拆卸功能的实现,又不会带来成本增加。(The application discloses a method and a device for deactivating a vehicle-mounted unit, a storage medium and the vehicle-mounted unit, wherein the method for deactivating the vehicle-mounted unit is applied to the vehicle-mounted unit, an initial authentication key and a unique communication key are preset in the vehicle-mounted unit, and the method comprises the following steps: when the vehicle-mounted unit is in communication connection with the intelligent vehicle machine for the first time, the identity of the intelligent vehicle machine is verified according to the initial authentication key; if the identity verification of the intelligent vehicle machine is successful, issuing a unique communication key to the intelligent vehicle machine, and acquiring a first identity of the intelligent vehicle machine so as to establish a binding relationship with the intelligent vehicle machine; when the vehicle-mounted unit with the binding relationship established communicates with the intelligent vehicle machine each time, judging whether the intelligent vehicle machine communicating this time is the intelligent vehicle machine with the binding relationship established with the vehicle-mounted unit according to the first identity and the unique communication key so as to judge whether the vehicle-mounted unit is illegally dismounted; if the vehicle-mounted unit is determined to be illegally detached, the vehicle-mounted unit is stopped, so that the anti-detachment function of the vehicle-mounted unit is guaranteed, and the cost is not increased.)

1. A method for deactivating an on-board unit, the method being applied to the on-board unit, an initial authentication key and a unique communication key being preset in the on-board unit, the method comprising:

when the vehicle-mounted unit is in communication connection with the intelligent vehicle machine for the first time, verifying the identity of the intelligent vehicle machine according to the initial authentication key;

if the identity verification of the intelligent vehicle machine is successful, the unique communication key is issued to the intelligent vehicle machine, and a first identity of the intelligent vehicle machine is obtained so as to establish a binding relationship with the intelligent vehicle machine;

when the vehicle-mounted unit which has established the binding relationship communicates with the intelligent vehicle machine each time, judging whether the intelligent vehicle machine which communicates at this time is the intelligent vehicle machine which establishes the binding relationship with the vehicle-mounted unit according to the first identity and the unique communication key so as to judge whether the vehicle-mounted unit is illegally dismounted;

and if the vehicle-mounted unit is determined to be illegally detached, the vehicle-mounted unit is stopped.

2. The method for disabling a vehicle-mounted unit according to claim 1, wherein said initial authentication key is preset in said smart car machine, and said verifying the identity of said smart car machine according to said initial authentication key comprises:

generating a first character string, and encrypting the first character string according to the initial authentication key to generate first encrypted data;

sending the first character string to the intelligent vehicle machine so that the intelligent vehicle machine generates second encrypted data after encrypting the first character string according to the initial authentication key;

acquiring the second encrypted data returned by the intelligent vehicle machine;

judging whether the first encrypted data is consistent with the second encrypted data;

if the first encrypted data is consistent with the second encrypted data, the identity of the intelligent vehicle machine is successfully verified;

and if the first encrypted data is inconsistent with the second encrypted data, the identity verification of the intelligent vehicle machine is unsuccessful.

3. The method for disabling the on-board unit according to claim 2, wherein after the smart car machine encrypts the first string according to the initial authentication key to generate second encrypted data, if the first string is stored as a first authenticator and the second encrypted data is stored as a second authenticator, the issuing the unique communication key to the smart car machine and obtaining the first identity identifier of the smart car machine includes:

encrypting the first character string and the unique communication key according to the initial authentication key, and then sending the encrypted first character string and the encrypted unique communication key to the smart car machine, so that the smart car machine checks that the first character string is consistent with the currently stored first authentication symbol, and then storing the unique communication key in the smart car machine;

acquiring a key issuing result returned by the intelligent vehicle machine;

if the key issuing result indicates that the key issuing is successful, acquiring third encrypted data carried by the key issuing result;

and decrypting the third encrypted data according to the initial authentication key to obtain the second authentication symbol and the first identity identifier of the smart car machine, and storing the first identity identifier after checking that the second authentication symbol is consistent with the second encrypted data received by the on-board unit last time.

4. The method of disabling an on-board unit of claim 3, further comprising:

and after encrypting the second identity of the vehicle-mounted unit according to the initial authentication key, sending the second identity to the intelligent vehicle machine, so that the intelligent vehicle machine stores the second identity after checking that the first character string is consistent with the first authentication symbol stored currently.

5. The method for disabling a vehicle-mounted unit according to claim 3, wherein said determining whether the smart car machine in current communication is a smart car machine that establishes a binding relationship with the vehicle-mounted unit according to the first identity and the unique communication key comprises:

generating a second character string, encrypting the second character string according to the unique communication key to obtain fourth encrypted data, and sending the fourth encrypted data to the intelligent vehicle machine in the communication;

acquiring fifth encrypted data sent by the intelligent vehicle machine of the communication, wherein the fifth encrypted data is generated after the intelligent vehicle machine of the communication encrypts the second character string and the third identity of the intelligent vehicle machine of the communication according to the unique communication key;

and judging whether the intelligent vehicle machine in the communication is the intelligent vehicle machine which establishes a binding relationship with the vehicle-mounted unit or not according to the fifth encrypted data and the first identity mark.

6. The method for disabling an on-board unit according to claim 5, wherein the determining whether the smart car machine of the current communication is a smart car machine that establishes a binding relationship with the on-board unit according to the fifth cryptographic data and the first identity identifier includes:

decrypting the fifth encrypted data according to the unique communication key to obtain a third character string and a third identity of the intelligent vehicle-mounted machine in the communication;

if the third character string is inconsistent with the second character string, determining that the intelligent vehicle machine in the current communication is not the intelligent vehicle machine establishing the binding relationship;

if the third character string is consistent with the second character string, judging whether the third identity mark is consistent with the first identity mark;

if the third identity mark is consistent with the first identity mark, determining that the intelligent vehicle machine in the communication at this time is the intelligent vehicle machine for establishing the binding relationship;

and if the third identity mark is inconsistent with the first identity mark, determining that the intelligent vehicle machine communicating at the time is not the intelligent vehicle machine establishing the binding relationship.

7. The method of deactivating an on-board unit of claim 1, wherein said deactivating the on-board unit comprises:

and setting a preset mark in a preset storage area of the vehicle-mounted unit, wherein the preset mark is used for indicating the vehicle-mounted unit to be stopped.

8. A deactivation device of an on-board unit, applied to an on-board unit in which an initial authentication key and a unique communication key are preset, comprising:

the verification module is used for verifying the identity of the intelligent vehicle machine according to the initial authentication key when the vehicle-mounted unit is in communication connection with the intelligent vehicle machine for the first time;

the binding module is used for issuing the unique communication key to the intelligent vehicle machine and acquiring a first identity identifier of the intelligent vehicle machine to establish a binding relationship with the intelligent vehicle machine if the identity verification of the intelligent vehicle machine is successful;

the judging module is used for judging whether the intelligent vehicle machine which is communicated at the time is the intelligent vehicle machine which is in the binding relation with the vehicle-mounted unit according to the first identity identification and the unique communication key when the vehicle-mounted unit which is in the binding relation is communicated with the intelligent vehicle machine every time so as to judge whether the vehicle-mounted unit is illegally dismounted;

and the disabling module is used for disabling the vehicle-mounted unit if the vehicle-mounted unit is determined to be illegally detached.

9. A computer-readable storage medium, characterized in that a plurality of instructions are stored in said storage medium, said instructions being adapted to be loaded by a processor to perform a method of deactivation of an on-board unit according to any of claims 1 to 7.

10. On-board unit, characterized in that it comprises a processor and a memory, in which a computer program is stored, said processor being adapted to carry out the method of deactivation of the on-board unit according to any one of claims 1 to 7 by calling said computer program stored in said memory.

Technical Field

The application relates to the technical field of communication, in particular to a method, a system, a device, a storage medium and a vehicle-mounted unit for disabling the vehicle-mounted unit.

Background

With the rapid development of communication technology and the continuous improvement of traffic systems, Electronic Toll Collection (ETC) is widely used. The electronic toll collection system is characterized in that special short-range communication is carried out between a vehicle-mounted unit arranged on a vehicle windshield and a road side unit on an ETC lane of a toll station, and background settlement processing is carried out by utilizing a computer networking technology and a bank, so that the purpose of paying the toll of the expressway or the bridge without parking when the vehicle passes through the expressway or the bridge toll station is achieved.

Since different vehicle models have different charging standards, the use of the on-board unit should have a function of preventing illegal removal. At present, two common schemes for preventing the illegal disassembly of the vehicle-mounted unit are mainly used, one scheme is that the vehicle end and the vehicle-mounted unit are subjected to bidirectional authentication, then whether the vehicle-mounted unit is disassembled illegally is judged by the vehicle, the other scheme is that the disassembly prevention scheme is realized by binding the vehicle-mounted unit and a Vehicle Identification Number (VIN), however, the responsibility for judging whether the vehicle-mounted unit is disassembled illegally is put at the vehicle end by a wrong scheme, and if the vehicle-mounted unit is installed on a vehicle without the function after being disassembled illegally, the disassembly prevention function is disabled. In the second scheme, two ways of obtaining the vehicle VIN exist at present, the first way is direct plaintext communication, but the first way is easy to attack by a man in the middle, so that the anti-dismounting function is disabled, and the second way is that a key management background is established, and then a key is authorized to the vehicle-mounted unit and the vehicle-mounted terminal through the key management background, so that the vehicle-mounted unit and the vehicle-mounted terminal perform encrypted communication, although the problem of plaintext communication is solved, the cost is increased.

Disclosure of Invention

The application provides a method and a device for disabling a vehicle-mounted unit, a storage medium and the vehicle-mounted unit, which can ensure the realization of the anti-disassembly function of the vehicle-mounted unit and can not increase the cost.

In a first aspect, a method for deactivating an on-board unit is applied to the on-board unit, where an initial authentication key and a unique communication key are preset in the on-board unit, and the method includes:

when the vehicle-mounted unit is in communication connection with the intelligent vehicle machine for the first time, verifying the identity of the intelligent vehicle machine according to the initial authentication key;

if the identity verification of the intelligent vehicle machine is successful, the unique communication key is issued to the intelligent vehicle machine, and a first identity of the intelligent vehicle machine is obtained so as to establish a binding relationship with the intelligent vehicle machine;

when the vehicle-mounted unit which has established the binding relationship communicates with the intelligent vehicle machine each time, judging whether the intelligent vehicle machine which communicates at this time is the intelligent vehicle machine which establishes the binding relationship with the vehicle-mounted unit according to the first identity and the unique communication key so as to judge whether the vehicle-mounted unit is illegally dismounted;

and if the vehicle-mounted unit is determined to be illegally detached, the vehicle-mounted unit is stopped.

In a second aspect, a deactivation apparatus for an on-board unit is provided, which is applied to an on-board unit, wherein an initial authentication key and a unique communication key are preset in the on-board unit, and the deactivation apparatus for the on-board unit includes:

the verification module is used for verifying the identity of the intelligent vehicle machine according to the initial authentication key when the vehicle-mounted unit is in communication connection with the intelligent vehicle machine for the first time;

the binding module is used for issuing the unique communication key to the intelligent vehicle machine and acquiring a first identity identifier of the intelligent vehicle machine to establish a binding relationship with the intelligent vehicle machine if the identity verification of the intelligent vehicle machine is successful;

the judging module is used for judging whether the intelligent vehicle machine which is communicated at the time is the intelligent vehicle machine which is in the binding relation with the vehicle-mounted unit according to the first identity identification and the unique communication key when the vehicle-mounted unit which is in the binding relation is communicated with the intelligent vehicle machine every time so as to judge whether the vehicle-mounted unit is illegally dismounted;

and the disabling module is used for disabling the vehicle-mounted unit if the vehicle-mounted unit is determined to be illegally detached.

In a third aspect, a computer readable storage medium is provided, having stored therein a plurality of instructions adapted to be loaded by a processor to perform the method of deactivating an on-board unit as described above in the first aspect.

In a fourth aspect, an on-board unit is provided, the on-board unit comprising a processor and a memory, the memory having stored therein a computer program, the processor being configured to execute the method of deactivating the on-board unit of the first aspect by calling the computer program stored in the memory.

The beneficial effect of this application does: the application discloses a method, a device, a storage medium and a vehicle-mounted unit for the vehicle-mounted unit, wherein the vehicle-mounted unit is pre-provided with an initial authentication key and a unique communication key, the intelligent vehicle machine can be authenticated through the initial authentication key when communicating with the intelligent vehicle machine for the first time, if the authentication is successful, the unique communication key is sent to the intelligent vehicle machine, the identity of the intelligent vehicle machine is obtained and stored to be bound with the intelligent vehicle machine, then encrypted communication is carried out with the intelligent vehicle machine through the unique communication key each time the vehicle-mounted unit establishes communication with the intelligent vehicle machine, whether the vehicle-mounted unit is illegally dismounted is judged through the identity stored in the vehicle-mounted unit, ciphertext communication effectively avoids man-in-the-middle attack, thereby ensuring the realization of the dismounting prevention function without introducing a key management background, the cost is greatly saved.

Drawings

The technical solution and other advantages of the present application will become apparent from the detailed description of the embodiments of the present application with reference to the accompanying drawings.

Fig. 1 is a schematic flowchart of a method for deactivating an on-board unit according to an embodiment of the present application.

Fig. 2 is a schematic view of a process of authenticating identities of a vehicle-mounted unit and an intelligent vehicle machine provided in an embodiment of the present application.

Fig. 3 is a schematic view of a process of binding a vehicle-mounted unit and an intelligent vehicle machine provided in the embodiment of the present application.

Fig. 4 is a schematic diagram of a process of determining whether the on-board unit is illegally detached by the on-board unit having established a binding relationship according to the embodiment of the present application.

Fig. 5 is a schematic structural diagram of a deactivation device of an on-board unit according to an embodiment of the present application.

Fig. 6 is a schematic structural diagram of an on-board unit provided in the embodiment of the present application.

Fig. 7 is another schematic structural diagram of an on-board unit provided in the embodiment of the present application.

Detailed Description

The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application. It is to be understood that the embodiments described are only a few embodiments of the present application and not all embodiments. In the drawings, elements having similar structures are denoted by the same reference numerals. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

In the description of the present application, it is to be understood that the terms "first", "second" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implying any number of technical features indicated. Thus, features defined as "first", "second", may explicitly or implicitly include one or more of the described features. In the description of the present application, "a plurality" means two or more unless specifically limited otherwise.

Referring to fig. 1, fig. 1 is a schematic flow chart of a deactivation method of a vehicle-mounted unit according to an embodiment of the present application, where the deactivation method is applied to the vehicle-mounted unit, and an initial authentication key and a unique communication key are preset in the vehicle-mounted unit, where a specific flow may be as follows:

and S101, when the vehicle-mounted unit is in communication connection with the intelligent vehicle machine for the first time, verifying the identity of the intelligent vehicle machine according to the initial authentication key.

Specifically, an OBU (On board Unit) is a microwave device that communicates with an RSU (Road Side Unit) by using a DSRC (Dedicated Short Range Communication) technology, and is mostly installed On a windshield of a vehicle, and an intelligent vehicle is an On board terminal installed On a vehicle driver's seat and having various functions such as 3G or more wireless Communication, online navigation, Road condition information, travel guidance, shopping, entertainment audio and video. The OBU can be connected with the intelligent vehicle machine through a wired or wireless mode. The wired mode CAN comprise CAN, 485, a serial port or other modes and the like, and the wireless mode CAN comprise WIFI, Bluetooth and other modes.

Specifically, when the on-board unit is installed on the vehicle, the manufacturer may solidify the initial authentication key inside the OBU and the smart car machine, so that the OBU and the smart car machine perform identity authentication according to the initial authentication key, and solidify the unique communication key in the OBU and set the unique communication key in an unsynchronized state.

In this embodiment, step S101 may mainly include the following steps: generating a first character string, encrypting the first character string according to the initial authentication key to generate first encrypted data, and sending the first character string to the intelligent vehicle machine so that the intelligent vehicle machine generates second encrypted data after encrypting the first character string according to the initial authentication key; acquiring second encrypted data returned by the intelligent vehicle machine; judging whether the first encrypted data is consistent with the second encrypted data; if the first encrypted data is consistent with the second encrypted data, the identity of the intelligent vehicle machine is successfully verified; and if the first encrypted data is inconsistent with the second encrypted data, the identity verification of the intelligent vehicle machine is unsuccessful.

The intelligent vehicle-mounted unit is arranged on the vehicle, and the intelligent vehicle machine arranged on the vehicle is provided with the same initial authentication key in advance, so when the vehicle-mounted unit sends the first character string to the intelligent vehicle machine arranged on the vehicle, the intelligent vehicle machine encrypts the first character string and then returns the encrypted first character string to the intelligent vehicle machine, and the encrypted first character string should be the second encrypted data which is completely the same as the first encrypted data, and therefore identity verification can be carried out on the intelligent vehicle machine by judging whether the first encrypted data is consistent with the second encrypted data.

Specifically, the first character string may be a random number generated according to a preset algorithm. It is easy to understand that if the same string of characters is used each time, when the encrypted data returned after the string of characters is encrypted by the intelligent vehicle machine is intercepted by the man-in-the-middle, the man-in-the-middle can return the encrypted data next time to impersonate, and if the random number is used, even if the encrypted data is maliciously intercepted by the man-in-the-middle, the next authentication is unsuccessful because the random number used next time is not the same as the current time, so that the security and reliability of the authentication can be greatly improved.

Among them, Man-in-the-middlet attack (abbreviated as "MITM attack") is an "indirect" intrusion attack in which a computer controlled by an intruder is virtually placed between two communicating computers in a network connection by various technical means, and the computer is called "middleman".

After the smart car machine encrypts the first character string according to the initial authentication key to generate second encrypted data, the first character string can be stored as a first authentication symbol, and the second encrypted data can be stored as a second authentication symbol.

For example, as shown in fig. 2, fig. 2 is a process diagram of performing identity verification between a vehicle-mounted unit and a smart car machine according to the embodiment of the present application, and a vehicle authentication unit is a vehicle authentication unit in the smart car machine. For example, after the ETC OBU is installed on the vehicle, the vehicle and the authentication unit of the intelligent vehicle machine start to communicate with the vehicle for the first time, and the ETC OBU initiates vehicle authentication: 1. the ETC OBU generates a RANDOM number RANDOM _ OBU1 (namely the first character string); 2. the ETC OBU encrypts RANDOM _ OBU1 by using the initial authentication key to generate MAC _ OBU1 (namely the first encrypted data); 3. the ETC OBU sends RANDOM _ OBU1 to the vehicle authentication unit; 4. the vehicle authentication unit encrypts RANDOM _ obu1 using the initial authentication key to generate MAC _ car1 (i.e., second encrypted data), and stores RANDOM _ obu1 as RANDOM _ obu1_ save _ car (i.e., first authenticator), and stores MAC _ car1 as MAC _ car1_ save _ ca (i.e., second authenticator) r; 5. the vehicle authentication unit sends the MAC _ car1 to the ETC OBU; 6. the ETC OBU judges whether the MAC _ OBU1 is equal to the MAC _ car1 or not, if the MAC _ OBU1 is equal to the MAC _ car1, the authentication is passed, and if the MAC _ car is not equal to the MAC _ car, the authentication is failed.

Specifically, after the step "verify the identity of the smart car machine according to the initial authentication key", the method may further include: and if the identity verification of the intelligent vehicle machine fails, disconnecting the intelligent vehicle machine, and repeatedly executing the step of verifying the identity of the intelligent vehicle machine according to the initial authentication key when communicating with the intelligent vehicle machine next time.

It is easy to understand that if the identity authentication of the smart car machine fails, the smart car machine is not yet bound, the smart car machine should be disconnected from the smart car machine, and the smart car machine should be authenticated again next time to establish a binding relationship in subsequent steps. It is worth noting that an indicator light can be arranged on the vehicle-mounted unit, when the verification fails, the indicator light flickers to prompt the user that the authentication with the intelligent vehicle machine fails, or the intelligent vehicle machine can be provided with a display screen, if the authentication fails, prompt information is displayed on the display screen, and the prompt information can include the reason of the authentication failure, so that the user can perform subsequent operations.

And S102, if the identity verification of the intelligent vehicle machine is successful, issuing the unique communication key to the intelligent vehicle machine, and acquiring a first identity identification of the intelligent vehicle machine so as to establish a binding relationship with the intelligent vehicle machine.

The identity of the intelligent Vehicle machine can be a Vehicle Identification Number (VIN) of a Vehicle installed on the intelligent Vehicle machine, and when a manufacturer installs the intelligent Vehicle machine on the Vehicle, the VIN can be written into the intelligent Vehicle machine.

Specifically, in order to realize the anti-detachment function of the on-board unit, when the on-board unit communicates with the smart car machine mounted on the vehicle, identity binding is performed, that is, the VIN1 of the smart car machine is written into the on-board unit, and then, each time the vehicle is started, the on-board unit acquires the VIN2 of the smart car machine, and determines whether the VIN2 is consistent with the stored VIN1, and if so, it is verified that the on-board unit is not detached illegally and mounted on another vehicle. It is easy to understand that if plaintext communication is adopted when the VIN of the smart car is obtained, the VIN is easy to be cracked and attacked by a man in the middle, so that during binding, a unique communication key preset in the smart car is issued to the smart car, and then encryption communication is performed by using the unique communication key every time of communication, so that the communication safety is improved. The unique communication key can be generated correspondingly by an SN (Serial Number, identity) of the vehicle-mounted unit, and the security of communication is greatly improved in a one-secret mode.

In this embodiment, step S102 may mainly include: after the first character string and the unique communication key are encrypted according to the initial authentication key, the encrypted first character string and the unique communication key are sent to the intelligent vehicle machine, so that the intelligent vehicle machine can check that the first character string is consistent with a first authentication symbol stored currently, and then the unique communication key is stored in the intelligent vehicle machine; acquiring a key issuing result returned by the intelligent vehicle machine; if the key issuing result indicates that the key issuing is successful, acquiring third encrypted data carried by the key issuing result; and decrypting the third encrypted data according to the initial authentication key to obtain a second authentication symbol and a first identity identifier of the intelligent vehicle machine, and storing the first identity identifier after checking that the second authentication symbol is consistent with the second encrypted data received by the vehicle-mounted unit last time.

Specifically, the smart car machine has saved the first character string as the first authentication symbol in the above steps, and therefore, after the on-board unit sends the encrypted first character string and the unique communication key to the smart car machine, the smart car machine may determine whether the on-board unit that is communicating is an authenticated on-board unit according to whether the first character string is consistent with the currently saved first authentication symbol, and if the on-board unit is an authenticated on-board unit, the smart car machine may save the unique communication key for subsequent encrypted communication. If the smart car machine stores the unique communication key, a key issuing result can be returned, the key issuing result can carry third encrypted data, the third encrypted data is obtained after the smart car machine encrypts a second authentication symbol and the first identity identification of the smart car machine according to the initial authentication key, wherein the second authentication symbol returned is used for enabling the vehicle-mounted terminal to verify the identity of the smart car machine again, namely, after whether the second authentication symbol is consistent with the second encrypted data received by the vehicle-mounted unit last time is checked again, the first identity identification is stored in the vehicle-mounted unit. After the first identity mark is stored by the vehicle-mounted unit, the binding process with the intelligent vehicle machine is completed, and the state of the vehicle-mounted unit can be set to be the bound state.

Specifically, in this embodiment, the on-board unit may further encrypt the second identity of the on-board unit according to the initial authentication key, and send the encrypted second identity to the smart car machine, so that the smart car machine stores the second identity after checking that the first character string is consistent with the currently stored first authentication symbol. Wherein, the second identity may be an SN number.

For example, referring to fig. 3, fig. 3 is a schematic diagram of a binding process between a vehicle-mounted unit and a smart car machine according to an embodiment of the present application, including: 1. the ETC OBU encrypts the RANDOM _ OBU1+ SN number + unique communication key by using an initial authentication key to generate Encrypted _ data 1; 2. the ETC OBU sends Encrypted _ data1 to the vehicle authentication unit; 3. the vehicle authentication unit decrypts Encrypted _ data1 by using the initial authentication key to generate RANDOM _ obu1+ SN number + unique communication key; 4. judging whether RANDOM _ obu1 and RANDOM _ obu1_ save _ car are equal, if so, storing the SN number and the unique communication key, and if not, not storing the SN number and the unique communication key, and returning a result of failed key issuing; 5. after storing the SN number and the unique communication key, the vehicle authentication unit encrypts the MAC _ car1_ save _ car + VIN using the initial authentication key to generate Encrypted _ data2 (i.e., the above-described third Encrypted data); 6. the vehicle authentication unit returns a result that the key is successfully issued and sends Encrypted _ data2 to the ETC OBU, or returns a result that the key is unsuccessfully issued; 7. the ETC OBU judges whether the request response of the sharing communication key is successful, and if so, the ETC OBU decrypts Encrypted _ data2 by using the initial authentication key to obtain MAC _ car1_ save _ car + VIN; 8. comparing whether the MAC _ car1_ save _ car is consistent with the stored MAC _ car1, if so, storing the VIN, completing the binding process, and setting the OBU state to the bound state.

And S103, when the vehicle-mounted unit with the binding relationship established communicates with the intelligent vehicle machine each time, judging whether the intelligent vehicle machine with the communication is the intelligent vehicle machine with the binding relationship established with the vehicle-mounted unit according to the first identity and the unique communication key so as to judge whether the vehicle-mounted unit is illegally dismounted, if so, executing a step S104, and if not, executing a step S105.

Specifically, when the vehicle-mounted unit with the binding relationship established communicates with the intelligent vehicle, the VIN of the intelligent vehicle is required to be acquired, whether the VIN is consistent with the first identity mark stored in the vehicle-mounted unit or not is judged, if so, the vehicle-mounted unit is judged to be the intelligent vehicle bound with the vehicle-mounted unit, the vehicle-mounted unit is judged not to be illegally detached and can be normally used, if not, the vehicle-mounted unit is judged not to be the intelligent vehicle bound with the vehicle-mounted unit, the vehicle-mounted unit is judged to be illegally detached and installed on other vehicles, and the vehicle-mounted unit is forbidden so that the ETC function cannot be performed. In order to avoid the 'man-in-the-middle attack' suffered in the communication process, the unique communication key is used for encrypted communication all the time.

In some embodiments, step S103 may generally include: generating a second character string, encrypting the second character string according to the unique communication key to obtain fourth encrypted data, and sending the fourth encrypted data to the intelligent vehicle machine in the communication; acquiring fifth encrypted data sent by the intelligent vehicle machine of the communication, wherein the fifth encrypted data is generated after the intelligent vehicle machine of the communication encrypts a second character string and a third identity of the intelligent vehicle machine of the communication according to the unique communication key; and judging whether the intelligent vehicle machine in the communication is the intelligent vehicle machine which establishes the binding relationship with the vehicle-mounted unit or not according to the fifth encrypted data and the first identity mark.

Specifically, the second character string is encrypted according to the unique communication key and then sent to the smart car machine for the communication, the identity of the smart car machine for the communication is further verified, if the smart car machine for the communication is the smart car machine which establishes the binding relationship with the vehicle-mounted unit, the smart car machine has the unique communication key, the fourth encrypted data can be decrypted, and in the subsequent steps, the second character string and the third identity of the second character string can be encrypted according to the unique communication key and then sent back to the vehicle-mounted terminal. Therefore, after the vehicle-mounted unit receives the fifth cryptographic data returned by the intelligent vehicle machine of the communication, whether the intelligent vehicle machine of the communication is the intelligent vehicle machine which establishes the binding relationship with the vehicle-mounted unit can be judged according to the fifth cryptographic data and the currently stored first identity.

Further, the step of determining whether the smart car machine in the communication is the smart car machine that establishes the binding relationship with the on-board unit according to the fifth cryptographic data and the first identity identifier may specifically include: decrypting the fifth encrypted data according to the unique communication key to obtain a third character string and a third identity of the intelligent vehicle-mounted machine in the communication; if the third character string is not consistent with the second character string, determining that the intelligent vehicle machine in the communication is not the intelligent vehicle machine for establishing the binding relationship; if the third character string is consistent with the second character string, judging whether the third identity mark is consistent with the first identity mark; if the third identity mark is consistent with the first identity mark, determining that the intelligent vehicle machine in the communication is the intelligent vehicle machine for establishing the binding relationship; and if the third identity mark is inconsistent with the first identity mark, determining that the intelligent vehicle machine in the communication is not the intelligent vehicle machine for establishing the binding relationship.

It is easy to understand that, if the smart car machine in communication is not the smart car machine that establishes the binding relationship with the on-board unit, the fourth encrypted data cannot be decrypted to obtain the second character string, and the third character string obtained by decrypting the fifth encrypted data returned by the on-board unit is inconsistent with the second character string, so that it can be determined that the smart car machine in communication is not the smart car machine that establishes the binding relationship with the on-board unit. If the intelligent vehicle machine of the communication is the intelligent vehicle machine which is in binding relation with the vehicle-mounted unit, the fourth encrypted data can be decrypted to obtain a second character string, and the returned third identity is the first identity stored in the vehicle-mounted unit.

For example, referring to fig. 4, fig. 4 is a process diagram of determining whether the on-board unit having established a binding relationship is detached illegally according to the embodiment of the present application, where the vehicle authentication unit in fig. 4 is a vehicle authentication unit in the smart car machine in which the on-board unit having established a binding relationship communicates this time, specifically: 1. the ETC OBU generates a RANDOM number RANDOM _ OBU 2; 2. the ETC OBU encrypts the RANDOM _ OBU2 using the unique communication key to generate Encrypted _ data3 (i.e., the fourth Encrypted data); 3. the ETC OBU sends Encrypted _ data3 to the vehicle authentication unit; 4. the vehicle authentication unit decrypts Encrypted _ data3 using the unique communication key to generate RANDOM _ obu 3; 5. the vehicle authentication unit encrypts RANDOM _ obu3+ VIN _ car (i.e. the identity of the currently communicating smart car machine) by using the unique communication key to generate Encrypted _ data4 (i.e. fifth Encrypted data); 6. the vehicle authentication unit sends Encrypted _ data4 to the ETC OBU; 7. the ETC OBU decrypts Encrypted _ data4 by using the unique communication key to generate RANDOM _ OBU4+ VIN _ car; 8. comparing whether RANDOM _ OBU4 and RANDOM _ OBU2 are equal, if so, comparing whether VIN _ car and VIN _ OBU stored by the ETC OBU (namely, the identity of the bound intelligent vehicle machine stored by the vehicle-mounted unit) are the same, if so, determining that the ETC OBU is not illegally disassembled, and if not, determining that the ETC OBU is illegally disassembled.

S104, deactivating the vehicle-mounted unit.

It is easily understood that vehicles of different models should have different configurations of on-board units installed due to different highway toll standards, and the on-board units cannot be freely replaced to other vehicles after being installed. For example, since the on-board unit of a large vehicle has a higher toll collection standard than the on-board unit of a small vehicle, in order to prevent a person from maliciously detaching and attaching the on-board unit of the small vehicle to the large vehicle and reduce the road toll, if the on-board unit is found to be detached illegally, the on-board unit should be immediately stopped and cannot be normally used at the ETC toll station.

In this embodiment, step S104 may specifically include: and setting a preset mark in a preset storage area of the vehicle-mounted unit, wherein the preset mark is used for indicating the vehicle-mounted unit to be stopped.

Specifically, when the vehicle runs to the ETC toll station, the on-board unit communicates with the road side unit, and if the preset mark is arranged in the on-board unit, the road side unit can interrupt communication with the on-board unit after acquiring the preset mark, and forbid the on-board unit from passing at a high speed.

Therefore, the vehicle-mounted unit can stop using the vehicle without depending on the intelligent vehicle machine by judging whether the vehicle-mounted unit is illegally detached, and the function of preventing the vehicle-mounted unit from being detached can be realized even if the intelligent vehicle machine does not have the function of judging whether the vehicle-mounted unit is illegally detached.

And S105, normally using the vehicle-mounted unit.

Specifically, if the on-board unit is not illegally detached, the on-board unit may be normally used to make a toll when the vehicle travels to the ETC toll station, so that the on-board unit is normally used to pass at a high speed.

As can be seen from the above description, the present embodiment provides a method for deactivating an on-board unit, which is applied to an on-board unit, where an initial authentication key and a unique communication key are preset in the on-board unit, and the method includes: when the vehicle-mounted unit is in communication connection with the intelligent vehicle machine for the first time, the identity of the intelligent vehicle machine is verified according to the initial authentication key; if the identity verification of the intelligent vehicle machine is successful, issuing a unique communication key to the intelligent vehicle machine, and acquiring a first identity of the intelligent vehicle machine so as to establish a binding relationship with the intelligent vehicle machine; when the vehicle-mounted unit with the binding relationship established communicates with the intelligent vehicle machine each time, judging whether the intelligent vehicle machine communicating this time is the intelligent vehicle machine with the binding relationship established with the vehicle-mounted unit according to the first identity and the unique communication key so as to judge whether the vehicle-mounted unit is illegally dismounted; if the vehicle-mounted unit is determined to be illegally detached, the vehicle-mounted unit is stopped, so that the anti-detachment function of the vehicle-mounted unit is guaranteed, and the cost is not increased.

According to the method described in the above embodiments, the present embodiment will be further described from the perspective of a deactivation device of an on-board unit, which may be specifically implemented as a separate entity or integrated into the on-board unit.

Referring to fig. 5, fig. 5 specifically illustrates a deactivation device of an on-board unit provided in the embodiment of the present application, where the deactivation device 10 of the on-board unit includes an authentication module 11, a binding module 12, a determination module 13, and a deactivation module 14, where:

(1) authentication module 11

And the verification module 11 is used for verifying the identity of the intelligent vehicle machine according to the initial authentication key when the vehicle-mounted unit is in communication connection with the intelligent vehicle machine for the first time.

In some embodiments, the smart car machine presets an initial authentication key, and the verification module 11 may be mainly configured to: generating a first character string, encrypting the first character string according to the initial authentication key to generate first encrypted data, and sending the first character string to the intelligent vehicle machine so that the intelligent vehicle machine generates second encrypted data after encrypting the first character string according to the initial authentication key; acquiring second encrypted data returned by the intelligent vehicle machine; judging whether the first encrypted data is consistent with the second encrypted data; if the first encrypted data is consistent with the second encrypted data, the identity of the intelligent vehicle machine is successfully verified; and if the first encrypted data is inconsistent with the second encrypted data, the identity verification of the intelligent vehicle machine is unsuccessful.

(2) Binding module 12

And the binding module 12 is configured to issue the unique communication key to the smart car machine if the authentication of the smart car machine is successful, and acquire the first identity identifier of the smart car machine to establish a binding relationship with the smart car machine.

Further, after the smart car machine encrypts the first character string according to the initial authentication key to generate second encrypted data, the first character string may be stored as the first authenticator, and the second encrypted data may be stored as the second authenticator, and the binding module 12 may be mainly configured to: after the first character string and the unique communication key are encrypted according to the initial authentication key, the encrypted first character string and the unique communication key are sent to the intelligent vehicle machine, so that the intelligent vehicle machine can check that the first character string is consistent with the first authentication symbol, and then the unique communication key is stored in the intelligent vehicle machine; acquiring a key issuing result returned by the intelligent vehicle machine; if the key issuing result indicates that the key issuing is successful, acquiring third encrypted data carried by the key issuing result; and decrypting the third encrypted data according to the initial authentication key to obtain a second authentication symbol and a first identity identifier of the intelligent vehicle machine, and storing the first identity identifier after checking that the second authentication symbol is consistent with the second encrypted data received by the vehicle-mounted unit last time.

In some embodiments, the binding module 12 may also be configured to: and after the second identity of the vehicle-mounted unit is encrypted according to the initial authentication key, the second identity is sent to the intelligent vehicle machine, so that the intelligent vehicle machine stores the second identity after checking that the first character string is consistent with the currently stored first authentication symbol.

In some embodiments, the disabling device 10 of the on-board unit may further include a repeated execution module, configured to disconnect the smart car from the smart car if the authentication of the smart car fails, and repeatedly execute the function of "verifying the identity of the smart car according to the initial authentication key" according to the authentication module when the smart car is next connected to the smart car.

(3) Judging module 13

And the judging module 13 is configured to judge, when the vehicle-mounted unit with the established binding relationship communicates with the smart car machine each time, whether the smart car machine with the current communication is the smart car machine with the established binding relationship with the vehicle-mounted unit according to the first identity and the unique communication key, so as to judge whether the vehicle-mounted unit is illegally detached.

In this embodiment, the determining module 13 is specifically configured to: generating a second character string, encrypting the second character string according to the unique communication key to obtain fourth encrypted data, and sending the fourth encrypted data to the intelligent vehicle machine in the communication; acquiring fifth encrypted data sent by the intelligent vehicle machine of the communication, wherein the fifth encrypted data is generated after the intelligent vehicle machine of the communication encrypts a second character string and a third identity of the intelligent vehicle machine of the communication according to the unique communication key; and judging whether the intelligent vehicle machine in the communication is the intelligent vehicle machine which establishes the binding relationship with the vehicle-mounted unit or not according to the fifth encrypted data and the first identity mark.

Further, the determining module 13 may specifically be configured to: decrypting the fifth encrypted data according to the unique communication key to obtain a third character string and a third identity of the intelligent vehicle-mounted machine in the communication; if the third character string is not consistent with the second character string, determining that the intelligent vehicle machine in the communication is not the intelligent vehicle machine for establishing the binding relationship; if the third character string is consistent with the second character string, judging whether the third identity mark is consistent with the first identity mark; if the third identity mark is consistent with the first identity mark, determining that the intelligent vehicle machine in the communication is the intelligent vehicle machine for establishing the binding relationship; and if the third identity mark is inconsistent with the first identity mark, determining that the intelligent vehicle machine in the communication is not the intelligent vehicle machine for establishing the binding relationship.

(4) Disabling module 14

And the disabling module 14 is used for disabling the vehicle-mounted unit if the judging module 13 determines that the vehicle-mounted unit is illegally detached.

In this embodiment, the disabling module 14 may specifically be configured to: and setting a preset mark in a preset storage area of the vehicle-mounted unit, wherein the preset mark is used for indicating the vehicle-mounted unit to be stopped.

As can be seen from the above, the present embodiment provides a vehicle-mounted unit disabling device 10, which is applied to a vehicle-mounted unit, when the vehicle-mounted unit is first connected to a smart car machine in a communication manner, the identity of the smart car machine is verified by a verification module 11 according to an initial authentication key, then, if the identity verification of the smart car machine is successful, a binding module 12 issues a unique communication key to the smart car machine and obtains a first identity of the smart car machine to establish a binding relationship with the smart car machine, then, when the vehicle-mounted unit having established the binding relationship communicates with the smart car machine each time, a determination module 13 determines whether the smart car machine in communication this time is the smart car machine having established the binding relationship with the vehicle-mounted unit according to the first identity and the unique communication key to determine whether the vehicle-mounted unit is illegally detached, and if it is determined that the vehicle-mounted unit is illegally detached, a vehicle-mounted unit disabling module 14 disables the vehicle-mounted unit, therefore, the realization of the anti-disassembly function of the vehicle-mounted unit is ensured, and the cost is not increased.

In addition, the embodiment of the present application further provides an on-board unit, as shown in fig. 6, the on-board unit 600 includes a processor 601 and a memory 602. The processor 601 is electrically connected to the memory 602.

The processor 601 is a control center of the on-board unit 600, connects various parts of the entire on-board unit using various interfaces and lines, and performs various functions of the on-board unit and processes data by running or loading an application stored in the memory 602 and calling data stored in the memory 602, thereby performing overall monitoring of the on-board unit.

In this embodiment, the processor 601 in the on-board unit 600 loads instructions corresponding to processes of one or more applications into the memory 602 according to the following steps, and the processor 601 runs the applications stored in the memory 602, thereby implementing various functions: when the vehicle-mounted unit is in communication connection with the intelligent vehicle machine for the first time, the identity of the intelligent vehicle machine is verified according to the initial authentication key; if the identity verification of the intelligent vehicle machine is successful, issuing a unique communication key to the intelligent vehicle machine, and acquiring a first identity of the intelligent vehicle machine so as to establish a binding relationship with the intelligent vehicle machine; when the vehicle-mounted unit with the binding relationship established communicates with the intelligent vehicle machine each time, judging whether the intelligent vehicle machine communicating this time is the intelligent vehicle machine with the binding relationship established with the vehicle-mounted unit according to the first identity and the unique communication key so as to judge whether the vehicle-mounted unit is illegally dismounted; and if the vehicle-mounted unit is determined to be illegally detached, the vehicle-mounted unit is stopped.

Fig. 7 is a block diagram showing a specific structure of an on-board unit provided in an embodiment of the present application, which may be used to implement the method for deactivating the on-board unit provided in the above-described embodiment.

The RF circuit 710 is used for receiving and transmitting electromagnetic waves, and performs interconversion between the electromagnetic waves and electrical signals, thereby communicating with a communication network or other devices. The RF circuitry 710 may include various existing circuit elements for performing these functions, such as antennas, radio frequency transceivers, digital signal processors, encryption/decryption chips, memory, and so forth. The RF circuitry 710 may communicate with various networks, such as the internet, wireless networks, or with other devices over a wireless network. The wireless network may comprise a wireless local area network or a metropolitan area network.

The memory 720 may be used for storing software programs and modules, such as the deactivation method of the on-board unit and the corresponding program instructions/modules in the above-mentioned embodiments, and the processor 730 executes various functional applications and data processing, i.e., implements a communication data saving function, by operating the software programs and modules stored in the memory 720. The memory 720 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, memory 720 may further include memory located remotely from processor 730, which may be connected to on-board unit 700 via a network. Examples of such networks include, but are not limited to, the internet, local area networks, mobile communication networks, and combinations thereof.

The processor 730 is a control center of the on-board unit 700, connects various parts of the entire cellular phone using various interfaces and lines, and performs various functions of the on-board unit 700 and processes data by operating or executing software programs and/or modules stored in the memory 720 and calling data stored in the memory 720, thereby performing overall monitoring of the on-board unit. Optionally, processor 730 may include one or more processing cores; in some embodiments, processor 730 may integrate a modem processor, primarily handling wireless communications. It will be appreciated that the modem processor described above may not be integrated into processor 730.

The on-board unit 700 also includes a power source 740 (e.g., a battery) for powering the various components, which may be logically coupled to the processor 730 via a power management system in some embodiments to manage charging, discharging, and power consumption management functions via the power management system. The power supply 740 may also include any component including one or more dc or ac power sources, recharging systems, power failure detection circuitry, power converters or inverters, power status indicators, and the like.

In this embodiment, the on-board unit further includes a memory, and one or more programs, where the one or more programs are stored in the memory, and the one or more programs are configured to be executed by the one or more processors and include instructions for: when the vehicle-mounted unit is in communication connection with the intelligent vehicle machine for the first time, the identity of the intelligent vehicle machine is verified according to the initial authentication key; if the identity verification of the intelligent vehicle machine is successful, acquiring a first identity identifier of the intelligent vehicle machine, and issuing a unique communication key to the intelligent vehicle machine so as to establish a binding relationship with the intelligent vehicle machine; when the vehicle-mounted unit with the binding relationship established communicates with the intelligent vehicle machine each time, judging whether the intelligent vehicle machine communicating this time is the intelligent vehicle machine with the binding relationship established with the vehicle-mounted unit according to the first identity and the unique communication key so as to judge whether the vehicle-mounted unit is illegally dismounted; and if the vehicle-mounted unit is determined to be illegally detached, the vehicle-mounted unit is stopped.

In specific implementation, the above modules may be implemented as independent entities, or may be combined arbitrarily to be implemented as the same or several entities, and specific implementation of the above modules may refer to the foregoing method embodiments, which are not described herein again.

It will be understood by those skilled in the art that all or part of the steps of the methods of the above embodiments may be performed by instructions or by associated hardware controlled by the instructions, which may be stored in a computer readable storage medium and loaded and executed by a processor. To this end, embodiments of the present application provide a storage medium including on-board unit executable instructions. The vehicle-mounted unit executable instructions, when executed by the vehicle-mounted unit processor, perform the steps of any one of the methods for deactivating a vehicle-mounted unit provided by the embodiments of the present application.

Wherein the storage medium may include: read Only Memory (ROM), Random Access Memory (RAM), magnetic or optical disks, and the like.

Since the instructions stored in the storage medium can execute the steps in any method for deactivating an on-board unit provided in the embodiments of the present application, the beneficial effects that can be achieved by any method for deactivating an on-board unit provided in the embodiments of the present application can be achieved, and detailed descriptions are omitted here for the detailed description of the foregoing embodiments.

The above operations can be implemented in the foregoing embodiments, and are not described in detail herein.

In summary, although the present application has been described with reference to the preferred embodiments, the above-described preferred embodiments are not intended to limit the present application, and those skilled in the art can make various changes and modifications without departing from the spirit and scope of the present application, so that the scope of the present application shall be determined by the appended claims.