METHOD FOR AUTHENTICATING A USER TERMINAL

Abstract

A method for authenticating a user terminal as a transmitter of a message transmitted in a wireless communication network having a plurality of spatially distributed user terminals, The message is transmitted from a first user terminal to at least one second and/or one third user terminal with the aid of a wireless communications connection. The message includes useful data, first user-terminal-specific and second user-terminal-specific authentication data. The first user terminal is authenticated as the transmitter of the message based on the first user-terminal-specific authentication data with the aid of the second user terminal, and/or based on the second user-terminal-specific authentication data with the aid of the third user terminal.

Claims

1. A method for authenticating a user terminal as a transmitter of a message transmitted in a wireless communication network having a plurality of spatially distributed user terminals, the message being transmitted from a first user terminal to at least one second user terminal and/or third user terminal using a wireless communications connection, the message including useful data, first user-terminal-specific authentication data, and second user-terminal-specific authentication data, the method comprising: authenticating the first user terminal as transmitter of the message: based on the first user-terminal-specific authentication data using the second user terminal, and/or based on the second user-terminal-specific authentication data using the third user terminal.

2. The method as recited in claim 1, wherein a content of the first user-terminal-specific authentication data of the message and the second user-terminal-specific authentication data of the message depends on a spatial placement of the user terminals relative to the first user terminal.

3. The method as recited in claim 2, wherein the spatial positioning of the user terminals represents a positioning of vehicles driving one behind the other along a common driving direction each having a respective user terminal of the user terminals.

4. The method as recited in claim 1, wherein the first user-terminal-specific authentication data and/or the second user-terminal-specific authentication data are generated using a symmetrical key provided to two user terminals in each case, and also using the useful data.

5. The method as recited in claim 1, wherein the first user-terminal-specific authentication data and/or the second user-terminal-specific authentication data include a user-terminal-specific message authentication code.

6. The method as recited in claim 1, wherein the message further includes a random value, and the first user-terminal-specific authentication data and/or the second user-terminal-specific authentication data include a user-terminal-specific function value based on the random value.

7. The method as recited in claim 1, wherein the useful data of the message or the message is encrypted using a key provided to the user terminals of the communication network.

8. The method as recited in claim 1, wherein the second user terminal and/or the third user terminal and/or a second vehicle having the second user terminal and/or a third vehicle including the third user terminal, is controlled based on the transmitted message.

9. The method as recited in claim 1, wherein the message is transmitted from the first user terminal to a fourth user terminal and a fifth user terminal of the wireless communication network, and the message further includes third user-terminal-specific authentication data specific to the third user terminal, and the first user terminal is authenticated as the transmitter of the message based on the third user-terminal-specific authentication data using the fourth user terminal.

10. A first user terminal, configured to: supply a message including useful data, first user-terminal-specific authentication data and second user-terminal-specific authentication data; and transmit the message to at least one second user terminal and/or third user terminal, using a wireless communications connection.

11. A system, comprising: a first user terminal configured to: supply a message including useful data, first user-terminal-specific authentication data and second user-terminal-specific authentication data, and transmit the message to at least one second user terminal and third user terminal, using a wireless communications connection; and the at least one second and third user terminal; wherein the second user terminal is configured to: receive the message transmitted from the first user terminal to the second user terminal using the wireless communications connection, and authenticate the first user terminal as a transmitter of the message based on the first user-terminal-specific authentication data; and wherein the third user terminal is configured to: receive the message transmitted from the first user terminal to the third user terminal using the aid of the wireless communications connection, and authenticate the first user terminal as the transmitter of the message based on the second user-terminal-specific authentication data.

12. A non-transitory machine-readable memory medium on which is stored a computer program which includes instructions that when executed by a first user terminal, induce the first user terminal to: supply a message including useful data, first user-terminal-specific authentication data, and second user-terminal-specific authentication data; and transmit the message to at least one second and/or one third user terminal, using a wireless communications connection.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0043] Below, the present invention is described in greater detail by way of example based on the figures.

[0044] FIG. 1 shows a communication network having five vehicle-side user terminals, according to an example embodiment of the present invention.

[0045] FIG. 2 shows a flow diagram of a method in an incorporation of a further user terminal into a communication network, according to an example embodiment of the present invention.

[0046] FIGS. 3A and 3B each show a schematic illustration of the structure of a message according to an example embodiment of the present invention.

[0047] FIG. 4 shows a flow diagram of a method for authenticating a user terminal as a transmitter of a message according to an example embodiment of the present invention.

DETAILED DESCRIPTION OF EXAMPLE EMBODIMENTS

[0048] FIG. 1 shows a communication network 10, which includes a first user terminal 12, a second user terminal 14, a third user terminal 16, a fourth user terminal 18, and a fifth user terminal 20. User terminals 12, 14, 16, 18, 20 are developed as vehicle-side user terminals 12, 14, 16, 18, 20 and disposed on a vehicle 22, 24, 26, 28, 30 in each case. Vehicles 22, 24, 26, 28, 30 are developed as trucks 22, 24, 26, 28, 30 and travel one behind the other along a common driving direction 32.

[0049] Each user terminals 12, 14, 16, 18, 20 at least includes a processor unit and a memory medium. In addition, a vehicle-side antenna is allocated to user terminal 12, 14, 16, 18, 20.

[0050] User terminals 12, 14, 16, 18, 20 are set up to exchange messages 34, directly or indirectly, with the aid of a wireless communications connection. User terminals 12, 14, 16, 18, 20 are preferably designed for a mobile radio communication such as 3G, 4G or 5G, for a C-V2X communication or for an ITS-G5 communication.

[0051] According to the present exemplary embodiment, user terminals 12, 14, 16, 18, 20 are developed as V2X control units 12, 14, 16, 18, 20. User terminals 12, 14, 16, 18, 20 are connected with the aid of a wired communications connection, in particular a CAN connection, to a vehicle-side control unit for a speed control of respective vehicle 22, 24, 26, 28, 30 in each case. In addition, user terminals 12, 14, 16, 18, 20 may be connected by a wired communications connection, in particular a CAN connection, to a vehicle-side HMI control unit to represent information for a driver of respective vehicle 22, 24, 26, 28, 30.

[0052] In addition, user terminals 12, 14, 16, 18, 20 or V2X control units 12, 14, 16, 18, 20 are preferably also designed for a wireless communication with a road communications device or an infrastructure device (known as roadside) and optionally also with a vehicle-external server unit.

[0053] The control units for controlling the speed are designed to ascertain and/or to control or adjust a setpoint speed, in particular while actuating a drive unit and/or a brake unit of the respective vehicle. The control units for a speed control may also be designed to establish the driving strategy, e.g., with the aid of an electronic horizon.

[0054] According to a preferred embodiment of the present invention, a platooning software is stored or installed on a memory unit allocated to the respective user terminal 12, 14, 16, 18, 20. The platooning software enables communications-based trailing of vehicles 22, 24, 26, 28, 30, such as on a highway, e.g., an expressway, at a spatial distance of less than or equal to 50 m, in particular less than or equal to 20 m, or at a time interval of less than or equal to 2 seconds, in particular less than or equal to 0.8 seconds, between two of the vehicles in each case.

[0055] FIG. 2 shows a method for transmitting messages when incorporating a further user terminal into a communication network.

[0056] According to a preferred embodiment, vehicles 22, 24, 26, 28 according to FIG. 1 already form a vehicle convoy or platoon to which vehicle 30 is added.

[0057] Vehicle-side user terminal 18 of the last vehicle 28 of communication network 10 in the driving direction transmits a message 50 to at least vehicle 30, in particular a CAM message 50 developed as a broadcast message 50, to vehicles 22, 24, 26,

[0058] 30. This message includes an item of information, e.g., the information including, “Joinable = yes”, based on which vehicles 22, 24, 26, 30 recognize that vehicle 28 is the last vehicle of the vehicle platoon.

[0059] Vehicle 30 approaches vehicles 22, 24, 26, 28 from behind. Vehicle-side user terminal 20 transmits a “Join Request” message 52 to vehicle-side user terminal 18 with the aid of the wireless communications connection. This “Join Request” message 52 includes a station ID of vehicle-side user terminal 20 and a certificate of vehicle-side user terminal 20.

[0060] Via the wireless communications connection, vehicle-side user terminal 18 transmits a “Join Response” message 54 to vehicle-side user terminal 20 to confirm the addition of vehicle 20 to the platoon of vehicles 22, 24, 26, 28. Vehicle-side user terminal 18 is designed to encrypt “Join Response” message 54 using a public key included in “Join Request” message 52. “Join Response” message 54 includes a group key already used for encrypting messages between vehicle-side user terminals 12, 14, 16, 18. “Join Response” message 54 furthermore includes a position, allocated to vehicle 30 to be added, in a spatial sequence of vehicles 22, 24, 26, 28.

[0061] In addition, “Join Response” message 54 encompasses a symmetrical key which is preferably generated by vehicle-side user terminal 18. Moreover, “Join Response” message 54 includes a list of vehicles 22, 24, 26, 28, in particular a list of tuples made up of a station ID of respective vehicle 22, 24, 26, 28 and its position within the platoon. It is thus known to user terminal 20 which vehicle 22, 24, 26, 28 is driving in which position in the platoon. It is possible that the list included in “Join Response” message 54 includes information pertaining only to the three last vehicles 24, 26, 28 in the driving direction.

[0062] Vehicle-side user terminal 20 is now designed to address a “Direct Key Request” message 56a, 56b to vehicle-side user terminals 14, 16 using the station ID of respective vehicle 24, 26 and to transmit it with the aid of the wireless communications connection.

[0063] This “Direct Key Request” message 56a, 56b is certified by vehicle-side user terminal 20 so that respective vehicle-side user terminal 14, 16 is able to verify the certificate. The “Direct Key Request” message 56a, 56b furthermore includes the position allocated to vehicle 30 in the platoon of vehicles 22, 24, 26, 28, 30. The “Direct Key Request” message 56a, 56b additionally includes a public key of vehicle-side user terminal 20.

[0064] Vehicle-side user terminals 14, 16 are designed to receive the “Direct Key Request” message 56a, 56b and to generate a symmetrical key in each case. Moreover, vehicle-side user terminals 14, 16 are designed to transmit a “Direct Key Response” message 58a, 58b to vehicle-side user terminal 20 in response to the received “Direct Key Request” message 56a, 56b. Each “Direct Key Response” message 58a, 58b includes the generated symmetrical key. In addition, “Direct Key Response” message 58a, 58b is encrypted using the public key of vehicle-side user terminal 20.

[0065] The following keys are made available to vehicle-side user terminals 14, 16, 18, 20: [0066] Using the certificate of vehicle-side user terminal 20, verifiable public keys of vehicle-side user terminal 20 are supplied to vehicle-side user terminals 14, 16, 18. [0067] The symmetrical group key already known to vehicle-side user terminals 12, 14, 16, 18 is provided to vehicle-side user terminals 20. [0068] A symmetrical key is supplied to vehicle-side user terminals 18, 20, to vehicle-side user terminals 16, 20, and to vehicle-side user terminals 14, 20.

[0069] FIG. 3A, B show a schematic representation of the structure of a message 34, 34' transmitted in a communication network 10 according to FIG. 1. Message 34, 34', for example, may be a PCM or platooning control message 34, 34'.

[0070] In FIG. 3A, message 34 includes a first data block 36 and a second data block 38. First data block 36 includes useful data 40. Second data block 38 includes first authentication data 42a, second authentication data 42b, and third authentication data 42c. Authentication data 42a, 42b, 42c are developed as user-terminal-specific message authentication codes MAC2-3, MAC2-4, MAC2-5. User-terminal-specific message authentication codes MAC2-3, MAC2-4, MAC2-5 are generated using a symmetrical key provided to two vehicle-side user terminals in each case and utilizing useful data 40.

[0071] According to this exemplary embodiment, message 34 is generated by second vehicle-side user terminal 14 and transmitted to vehicle-side user terminals 12, 16, 18, 20 with the aid of the wireless communications connection. First user-terminal-specific message authentication code MAC2-3 is generated using the symmetrical key exchanged between vehicle-side user terminals 14, 16 as well as useful data 40. Second user-terminal-specific message authentication code MAC2-3 is generated using the symmetrical key exchanged between vehicle-side user terminals 14, 18 as well as useful data 40. Third user-terminal-specific message authentication code MAC2-4 is generated using the symmetrical key exchanged between vehicle-side user terminals 14, 20 as well as useful data 40.

[0072] In FIG. 3B, message 34' includes a first data block 36' and a second data block 38'. First data block 36' includes useful data 40'. Second data block 38' includes a random value 44, first authentication data 46a, second authentication data 46b, and third authentication data 46c. Authentication data 46a, 46b, 46c are developed as function values 46a, 46b, 46c of a user-terminal-specific allocation function F2-3, F2-4, F2-5. Function values 46a, 46b, 46c correspond to an output value of the respective user-terminal-specific allocation function F2-3, F2-4, F2-5 for random value 44 as an input value. If message 34' is transmitted in encrypted form, in particular encrypted using a group key, the integrity of message 34' is able to be verified based on the encryption. The authentication of message 34' is implemented based on random value 44.

[0073] According to this exemplary embodiment, message 34' is generated by second vehicle-side user terminal 14 and transmitted to vehicle-side user terminals 12, 16, 18, 20 with the aid of the wireless communications connection.

[0074] Function value 46a is generated using random value 44 and user-terminal-specific allocation function F2-3 exchanged between vehicle-side user terminals 14, 16. Function value 46b is generated using random value 44 and user-terminal-specific allocation function F2-4 exchanged between vehicle-side user terminals 14, 18. Function value 46c is generated using random value 44 and the user-terminal-specific allocation function F2-5 exchanged between vehicle-side user terminals 14, 20.

[0075] In addition, message 34, 34' or useful data 40, 40' of message 34, 34' is/are able to be encrypted using a group key supplied to vehicle-side user terminals 12, 14, 16, 18, 20 of communication network 10.

[0076] FIG. 4 shows a flow diagram of a method for authenticating a user terminal as a transmitter of a message, the method including steps for generating message 34 according to FIG. 3, e.g., in a communication network according to FIG. 1. The method has been provided with reference numeral 100 as a whole. For instance, method 100 is able to be carried out after executing the method for transmitting messages when incorporating a further user terminal into a communication network according to FIG. 2.

[0077] In step 110, useful data are supplied to the first user terminal.

[0078] In step 120, it is ascertained whether a vehicle of a vehicle platoon including the first user terminal is followed by a vehicle of a vehicle platoon including a second user terminal.

[0079] In the event that no vehicle of the vehicle platoon including a second user terminal is following the vehicle having the first user terminal, the message to be transmitted is generated in step 130. The message includes the supplied useful data. The message is encrypted using a compound key of the vehicle platoon.

[0080] In the event that the vehicle including the first user terminal is followed by a vehicle of the vehicle platoon including a second user terminal, then a first user-terminal-specific message authentication code is generated as first user-terminal-specific authentication data in step 140 with the aid of the first user terminal, using a first symmetrical key specific to the first and the second user terminal, and the useful data.

[0081] In step 150, it is ascertained whether the vehicle including the second user terminal is followed by a vehicle of the vehicle platoon including a third user terminal.

[0082] In the event that the vehicle including the second user terminal is not followed by a vehicle of the vehicle platoon including a third user terminal, the message to be transmitted is generated in step 160. The message includes the supplied useful data and the first user-terminal-specific message authentication code. The message is encrypted using the compound key of the vehicle platoon.

[0083] In the event that the vehicle having the second user terminal is followed by a vehicle of the vehicle platoon having a third user terminal, a second user-terminal-specific message authentication code is generated in step 170 as second user-terminal-specific authentication data with the aid of the first user terminal using a second symmetrical key specific to the first and the third user terminal, and the useful data.

[0084] In step 180, it is ascertained whether the vehicle having the third user terminal is followed by a vehicle of the vehicle platoon having a fourth user terminal.

[0085] In the event that no vehicle of the vehicle platoon having a fourth user terminal follows the vehicle having the third user terminal, then the message to be transmitted is generated in step 190. The message includes the supplied useful data as well as the first and second user-terminal-specific message authentication codes. The message is encrypted using the compound key of the vehicle platoon.

[0086] In the event that the vehicle having the third user terminal is followed by a vehicle of the vehicle platoon having a fourth user terminal, then a third user-terminal-specific message authentication code is generated in step 200 as third user-terminal-specific authentication data with the aid of the first user terminal, using a third symmetrical key specific to the first and fourth user terminal, and the useful data.

[0087] In step 210, the message to be transmitted is generated. The message includes the supplied useful data as well as the first, the second and the third user-terminal-specific message authentication code. The message is encrypted using a compound key of the vehicle platoon.

[0088] In step 220, the message is transmitted from the first user terminal to the further user terminals of the communication network, in particular to the further vehicle-side user terminals of the vehicle platoon.

[0089] In step 230, the first user terminal is authenticated as the transmitter of the message based on the user-terminal-specific authentication data. If step 220 follows step 160, the first user terminal is authenticated as the transmitter of the message based on the first user-terminal-specific message authentication code with the aid of the second user terminal. If step 220 follows step 190, the first user terminal is additionally authenticated as the transmitter of the message based on the second user-terminal-specific message authentication code with the aid of the third user terminal. If step 220 follows step 210, the first user terminal is additionally authenticated as the transmitter of the message based on the third user-terminal-specific message authentication code with the aid of the fourth user terminal.

[0090] The method may be carried out multiple times one after the other, preferably periodically, while the vehicle platoon is driving and in operation.