The Ministry of Industry and Information Technology conducts pilot work on identity authentication and security trust in the Internet of Vehicles

In order to implement the “New Energy Vehicle Industry Development Plan (2021-2035)”, “Intelligent Vehicle Innovation and Development Strategy” and the task requirements of the fourth plenary meeting of the Internet of Vehicles Industry Development Committee, accelerate the construction of Internet of Vehicles network security assurance capabilities , build a vehicle network identity authentication and security trust system, promote the application of commercial passwords, and ensure the communication security of the cellular vehicle network (C-V2X), and now carry out the vehicle network identity authentication and security trust pilot work. The relevant matters are notified as follows:

1. The direction of the pilot

(1) Vehicle and cloud secure communication

For the communication scenario between the vehicle and the cloud service platform, establish a vehicle-cloud communication security trust system.

1. Technical requirements

Through digital certificates, digital signatures, and data encryption technologies based on commercial passwords, secure communication between in-vehicle information interaction systems, automotive gateways, C-V2X in-vehicle communication equipment, and the Internet of Vehicles service platform is realized. Based on the secure link protocol, a secure tunnel for vehicle-cloud communication is established to protect the confidentiality and integrity of vehicle-cloud communication data. Based on the cryptographic application middleware, message encapsulation and certificate management are implemented on the vehicle side, and certificate verification and data analysis are implemented on the platform side. The in-vehicle equipment realizes data interaction with the certificate management system and the related vehicle networking security root of trust in accordance with relevant standards.

2. Application scenarios

In the vehicle-cloud communication scenario of the vehicle end and the vehicle enterprise cloud platform, the roadside edge cloud platform, the intelligent assisted driving service platform, the vehicle information service cloud platform, the high-precision dynamic map service platform and other vehicle networking service platforms, the vehicle can be trusted to connect. Vehicle-to-cloud communication applications such as trusted collection of vehicle positioning and perception data, trusted upload of vehicle status information, trusted verification of remote vehicle upgrades, and trusted vehicle-cloud interaction based on secure links.

3. Pilot objectives

The pilot units have developed and established technical capabilities such as vehicle-cloud communication identity authentication and data encryption to realize identity authentication, data confidentiality and integrity protection in various vehicle-cloud communication scenarios, and build vehicle-cloud communication security assurance capabilities.

(2) Vehicle-to-vehicle safety communication

For vehicle-to-vehicle direct communication scenarios, establish a vehicle-to-vehicle communication security trust system.

1. Technical requirements

On the vehicle side, components such as security chips and software modules based on commercial passwords are applied to realize vehicle-side security credential management and data processing functions such as key management, certificate management, and secure computing. In-vehicle device certificate initialization is realized through vehicle production link configuration, operator channel configuration, and server token authorization. Establish a certificate management system for in-vehicle equipment to provide certificate management services such as certificate issuance, renewal, and revocation for in-vehicle equipment. The in-vehicle equipment realizes data interaction with the certificate management system, related vehicle networking security root of trust and the Ministry of Industry and Information Technology’s vehicle networking security root of trust management platform in accordance with relevant standards.

2. Application scenarios

In key cities, highways, logistics parks, ports, mines, science and technology parks and other scenarios, realize assisted driving and conditional automatic driving applications based on safe communication, including collision warning, blind spot warning, lane change assistance, abnormal vehicle reminder, formation driving etc.

3. Pilot objectives

The pilot unit develops and establishes the vehicle-to-vehicle communication identity authentication technology capability, and conducts certificate management for C-V2X models with direct communication function. Carry out identity authentication across trust domains in vehicle driving application scenarios to ensure secure communication of multi-brand vehicles and build vehicle-to-vehicle communication security capabilities.

(3) Vehicle and road safety communication

A vehicle-to-road communication security trust system is established for the scenario of direct communication between vehicles and roadside facilities.

1. Technical requirements

Roadside equipment is equipped with security chips, software modules and other components based on commercial passwords to realize security credential management and data processing functions. Establish a roadside equipment certificate management system to provide certificate management services such as certificate issuance, renewal, and revocation for roadside equipment. The roadside equipment realizes data interaction with on-board equipment, certificate management system, related vehicle networking security root of trust and the Ministry of Industry and Information Technology’s vehicle networking security root of trust management platform in accordance with relevant standards.

2. Application scenarios

In key cities, highways, closed test sites, vehicle-road collaboration pilot sections and other scenarios, realize vehicle-road collaboration applications such as safety warning and efficiency improvement based on secure communication, including traffic light reminders and green wave traffic, road traffic information reminders, vulnerable Traffic participant reminder, bus priority, automatic driving test, etc.

3. Pilot objectives

The pilot unit develops and establishes the technical capability of vehicle-to-road communication identity authentication, and conducts certificate management for C-V2X communication equipment with direct communication capability in the pilot area. Management platform, carry out identity authentication across trust domains, ensure vehicle-road safety communication between various types of roadside equipment and vehicles in the region, and build vehicle-road communication security assurance capabilities.

(4) Safe communication between vehicles and equipment

For vehicle-device communication scenarios, establish a vehicle-device communication security trust system.

1. Technical requirements

Through digital certificates, digital signatures, and data encryption technologies based on commercial passwords, secure communication between the vehicle information interaction system and handheld mobile smart terminals, new energy vehicles and charging piles and other vehicle interaction scenarios with external devices is realized. Based on commercial cryptography, it realizes trusted key exchange and security protection in vehicle short-range wireless communication scenarios, and uses security protocols to encrypt communication links.

2. Application scenarios

Implement vehicle-to-device communication applications based on identity authentication and encryption technology, including applications such as vehicle remote control, vehicle information query, security warning, etc. with user-held mobile smart terminals, vehicle-mounted short-range wireless communication applications such as keyless entry and vehicle-mounted device interconnection, and New energy vehicle charging applications, etc.

3. Pilot objectives

Pilot units have developed and established technical capabilities such as identity authentication and security reinforcement to support identity authentication, data confidentiality and integrity protection in various vehicle-to-equipment communication scenarios, and to build vehicle-to-equipment communication security capabilities.

2. Pilot application requirements

(1) The subject of the declaration. Basic telecommunications companies, Internet companies, automobile manufacturers, Electronic parts companies, network security companies, commercial encryption companies, transportation companies, scientific research institutes, as well as advanced demonstration areas for network security innovation and application, national-level vehicle networking pilot areas, and national intelligence Construction and operation units such as connected vehicle test demonstration areas (bases), smart city infrastructure and intelligent connected vehicle collaborative development pilot cities, etc.

(2) Eligibility for application. The unit with the identity authentication management and operation capabilities of the Internet of Vehicles shall be the lead unit, and the relevant industrial chain entities (one lead unit and no more than 10 joint units) shall jointly declare. The applicant should be registered in the territory of the People’s Republic of China, have the qualification of an independent legal person, and have good technical research and development and integrated innovation capabilities. In principle, the total number of pilot projects led by a single applicant shall not exceed 2.

(3) Technical requirements. The pilot project complies with the “General Technical Requirements for LTE-based Internet of Vehicles Communication Technology Security”, “Technical Requirements for LTE-based Internet of Vehicles Wireless Communication Technology Security Certificate Management System”, “Basic Requirements for Cryptographic Application of Information Security Technology Information System”, and “Information Security Technology Public Key Foundation” Facility Digital Certificate Format, Information Security Technology Certificate Authentication System Password and Related Security Technology, Internet of Vehicles Wireless Communication Security Technical Guide, Internet of Vehicles Information Service Platform Security Protection Technical Requirements, Internet of Vehicles Information Service Data Security Technical Requirements, Vehicle Internet of Vehicles Information Service Data Security Technical Requirements Requirements for the Protection of Personal Information of Online Information Service Users. The pilot program does not involve electronic certification services that require third-party certification.

(4) Security. Pilot units should implement the main responsibility for network security, improve the enterprise network security management system, and conduct anti-attack, anti-virus, and anti-intrusion measures for participating in the pilot related vehicles and key components, IoV platforms, IoV APPs, data and user personal information. , anti-control, anti-theft and other aspects to implement network security protection requirements. Where commercial cryptographic applications are involved, the security assessment of commercial cryptographic applications shall be strengthened in accordance with the relevant requirements of the “Cryptographic Law of the People’s Republic of China”.

(5) All provinces, autonomous regions and municipalities directly under the Central Government in charge of industry and information technology, communications administrations and central enterprise group companies may make recommendations.

3. Workflow

(1) How to declare. The applicant should submit the application form for the Internet of Vehicles identity authentication and security trust pilot in triplicate and the electronic version to the Ministry of Industry and Information Technology (Network Security Administration) before July 8, 2021. The declaration subject recommended by the local industrial and information technology authorities, the communications administration and the central enterprise group company must be affixed with the seal of the recommending unit.

(2) Organization and implementation. The Ministry of Industry and Information Technology selects projects that meet the requirements for pilot work. The pilot lead unit will formulate a pilot implementation plan and plan, carry out technical verification and joint debugging tests, and complete the pilot project tasks by the end of June 2022. The pilot unit shall establish a working mechanism, strengthen organization and coordination, and advance the pilot work in an orderly manner. The Ministry of Industry and Information Technology and the pilot recommending units strengthened the guidance on the pilot work and organized the evaluation of the pilot projects.

(3) Support and guarantee. An expert committee for identity authentication and security trust in the Internet of Vehicles was established to provide technical support and consultation for the pilot work. China Academy of Information and Communications Technology, China Industrial Internet Research Institute, National Industrial Information Security Development Research Center, China Electronic Information Industry Development Research Institute, Equipment Industry Development Center of the Ministry of Industry and Information Technology, China Automotive Technology Research Center Co., Ltd., National Automobile (Beijing) ) Third-party professional organizations such as Intelligent Connected Vehicle Research Institute Co., Ltd., China Communications Society, China Communications Standardization Association, China Association of Automobile Manufacturers, and In-Vehicle Information Service Industry Application Alliance are responsible for the pilot support work.

(4) Exit the program. If the pilot unit decides to terminate the pilot work due to its own reasons, it shall submit an application for withdrawal, and start the pilot withdrawal after approval by the Ministry of Industry and Information Technology (Network Security Administration). If the pilot unit fails to fulfill its responsibilities, has major problems in operating services, causes major network security incidents, or has serious violations of laws and regulations, its pilot qualifications will be cancelled. Units withdrawing from the pilot program shall properly handle the aftermath.

(5) Pilot summary. The pilot lead unit, together with the participating units, summarizes the pilot situation, main practices, experience and results, existing problems, IoV identity authentication management specifications and process recommendations, etc., and forms written materials, which will be reported to the Ministry of Industry and Information Technology by the end of June 2022 ( Network Security Administration) and pilot recommended units.