| 摘要 |
<p>The invention concerns an on-board system for verifying a certification request of a public key (Kp) generated by an on-board identifier system (SNi). For an assembly (Lk) of on-board systems, an authorised identifier (OPj) operator configures the on-board systems and generates (1001) a parent public key (KpM) and a parent private key (KsM). The identifier (Opj), the reference range of identifiers (Lk) and the public key (KpM) are issued (1002). For each on-board system (SNi), a diversified key (KsMi) is generated from the identifier (SNi) and stored (1003) in a storage unit with protected reading and writing access. For every public key (Kp) generated by an on-board system, a cryptographic control value (Sci) is computed (1006) on the public key (Kp), an algorithm identifier (CA1) and utilisation parameters (U) of said key using a zero-knowledge signature algorithm and a certification request message (MRCA) including the control value (Sci), the operator identifier (Opj) and the identifier (SNi) is transmitted to a certification authority, which retrieves the identifier (Opj) (1009) and the parent public key (KpM) value (1001). Verification (1012) of the message (MRCA) from the parent public key (KpM) and of the identifier of the on-board system (SNi) enables to ensure that the public key (Kp) certification request and the use thereof originates indeed from an on-board component capable of restricting the use of said key.</p> |
