A vehicle-cloud cross-domain interaction system, method, electronic device, and storage medium

By introducing a quantum-resistant root of trust between the vehicle-cloud platform and a third-party cloud service platform, the cross-domain interaction between the vehicle and the cloud is managed in a unified manner. This solves the problems of high vehicle-side configuration complexity and response latency in traditional solutions, and achieves efficient and secure cross-domain data transmission with quantum-resistant security capabilities.

CN122339834APending Publication Date: 2026-07-03CHINA FAW CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
CHINA FAW CO LTD
Filing Date
2026-05-22
Publication Date
2026-07-03

AI Technical Summary

Technical Problem

In traditional cross-domain interaction solutions, vehicle terminals need to pre-install and frequently update a large number of certificates from different third parties, resulting in high complexity of vehicle configuration management, high operation and maintenance costs, and high response latency, which cannot effectively cope with the security threats brought by quantum computing.

Method used

By using root key pairs and digital certificates generated by a quantum-resistant certificate authorization center, cross-domain interaction based on a quantum-resistant trust root is achieved through the vehicle-cloud platform. A unified trust system manages vehicle-cloud platforms and third-party cloud service platforms in various regions. Vehicle terminals do not need to directly participate in cross-domain trust negotiation; trust establishment and identity authentication are completed by high-performance servers in the cloud.

Benefits of technology

It reduces the complexity of vehicle configuration management and operation and maintenance costs, shortens the cross-domain authentication link, improves system security and business continuity, has quantum security capabilities, and ensures the confidentiality and integrity of data transmission.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122339834A_ABST
    Figure CN122339834A_ABST
Patent Text Reader

Abstract

This application provides a vehicle-to-cloud cross-domain interaction system, method, electronic device, and storage medium. The system includes: a vehicle terminal sending a service data packet to a vehicle-to-cloud platform in its region when a target vehicle generates a cross-domain service request; and a vehicle-to-cloud platform using a root key pair pre-generated by a quantum-resistant certificate authority, a first digital certificate of the vehicle-to-cloud platform, and a second digital certificate of a third-party cloud service platform to achieve cross-domain interaction with the third-party cloud service platform based on a quantum-resistant root of trust, to provide the vehicle terminal with services corresponding to the service data packet. The first and second digital certificates are pre-issued digital certificates that meet quantum-resistant security requirements by the quantum-resistant certificate authority. This application reduces the complexity of vehicle-side configuration management and maintenance costs, and avoids response delays through cross-domain trust negotiation via the vehicle-to-cloud platform.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of intelligent vehicle cockpits, and more specifically, to a vehicle-cloud cross-domain interaction system, method, electronic device, and storage medium. Background Technology

[0002] With the continued advancement of electrification and intelligence in intelligent connected vehicles, the intelligent cockpit has evolved from a simple driving space into a core entry point for mobility services. During operation, vehicles frequently interact with various external cloud ecosystems. This business model, heavily reliant on cloud collaboration, places dual demands on the speed and security of data links between the vehicle and heterogeneous cloud entities across multiple regions.

[0003] Currently, the industry primarily uses traditional PKI (Public Key Infrastructure) cross-domain interaction solutions to achieve identity authentication and secure communication between vehicles and heterogeneous cloud environments. In this solution, each automaker, service provider, or operator typically builds and maintains its own PKI system independently and issues corresponding digital certificates to vehicle terminals. When a vehicle accesses cloud services from different entities, it needs to perform end-to-end cross-domain authentication and trust negotiation based on the corresponding certificates.

[0004] However, in traditional cross-domain interaction solutions, vehicle terminals need to pre-install and frequently update a large number of certificates from different third parties. This not only significantly increases the complexity of vehicle configuration management but also leads to high operation and maintenance costs. In addition, vehicle terminals need to directly participate in cross-domain trust negotiation and verify the certificate chain through multiple intermediate nodes, resulting in high response latency. Summary of the Invention

[0005] In view of this, the purpose of this application is to provide a vehicle-cloud cross-domain interaction system, method, electronic device and storage medium that can avoid the vehicle terminal from pre-installing and frequently updating a large number of certificates from different third parties, reduce the complexity of vehicle configuration management and operation and maintenance costs, and avoid response delays by conducting cross-domain trust negotiation through the vehicle-cloud platform.

[0006] In a first aspect, embodiments of this application provide a vehicle-cloud cross-domain interaction system, characterized in that the vehicle-cloud cross-domain interaction system includes a vehicle terminal, vehicle-cloud platforms in various regions, a quantum-resistant certificate authorization center, and a third-party cloud service platform; The vehicle terminal is used to send a business data packet to the vehicle cloud platform of the region to which the target vehicle belongs when the target vehicle generates a cross-domain business request. The vehicle cloud platform is used to utilize the root key pair pre-generated by the quantum-resistant certificate authorization center, the first digital certificate of the vehicle cloud platform, and the second digital certificate of the third-party cloud service platform to achieve cross-domain interaction with the third-party cloud service platform based on the quantum-resistant root of trust, so as to provide the vehicle terminal with services corresponding to the service data packet; The first digital certificate and the second digital certificate are digital certificates that are pre-issued by the quantum-resistant certificate authorization center and meet the requirements of quantum-resistant security.

[0007] In one possible implementation, when the vehicle cloud platform performs cross-domain interaction with the third-party cloud service platform based on a quantum-resistant root of trust, it specifically uses the root public key in the root key pair and the quantum-resistant certificate authority to verify the second digital certificate; after the second digital certificate is verified, the business data packet is sent to the third-party cloud service platform. The third-party cloud service platform is used to verify the first digital certificate using the root public key in the root key pair and the quantum-resistant certificate authority; after the first digital certificate is verified, the service data packet is parsed. The vehicle cloud platform is also used to encapsulate the symmetric key seed and send it to the third-party cloud service platform using the quantum-resistant public key corresponding to the third-party cloud service platform; The third-party cloud service platform is also used to decapsulate the encapsulated symmetric key seed sent by the vehicle cloud platform using the quantum-resistant private key corresponding to the third-party cloud service platform, so as to negotiate with the vehicle cloud platform through the symmetric key seed to obtain a cloud-to-cloud symmetric session key; and to encrypt the business processing result corresponding to the business data packet using the cloud-to-cloud symmetric session key and then transmit it to the vehicle cloud platform. The vehicle-cloud platform is also used to decrypt the encrypted business processing result using the cloud-to-cloud symmetric session key, and send the decrypted business processing result to the vehicle terminal.

[0008] In one possible implementation, when the vehicle-to-cloud platform verifies the second digital certificate using the root public key in the root key pair and the quantum-resistant certificate authority, it specifically performs the following: The signature validity of the second digital certificate is verified using the root public key in the root key pair. After the signature validity of the second digital certificate is verified, the second digital certificate is sent to the quantum-resistant certificate authority to initiate a transfer status protocol request to the quantum-resistant certificate authority. The status information of the second digital certificate sent by the quantum-resistant certificate authorization center is verified.

[0009] In one possible implementation, the third-party cloud service platform is specifically used to encrypt the business processing result corresponding to the business data packet using the cloud-to-cloud symmetric session key through the following steps: Calculate the digital signature corresponding to the business processing result based on the quantum-resistant private key of the third-party cloud service platform. The digital signature corresponding to the business processing result is encrypted using the cloud-to-cloud symmetric session key.

[0010] In one possible implementation, the quantum-resistant certificate authorization center is used to generate a root key pair using a quantum-resistant signature algorithm before the vehicle terminal sends a business data packet to the vehicle cloud platform in its region; store the root private key in the root key pair in an internal hardware security module; and send the root public key in the root key pair to the vehicle cloud platform and the third-party cloud service platform.

[0011] In one possible implementation, the vehicle-cloud platform is further configured to generate a first quantum-resistant key pair before accessing the network; and send the quantum-resistant public key corresponding to the vehicle-cloud platform in the first quantum-resistant key pair to the quantum-resistant certificate authorization center. The third-party cloud service platform is also used to generate a second quantum-resistant key pair before accessing the network; and to send the quantum-resistant public key corresponding to the third-party cloud service platform in the second quantum-resistant key pair to the quantum-resistant certificate authorization center. The quantum-resistant certificate authorization center is also used to perform a quantum-resistant signature on the quantum-resistant public key corresponding to the vehicle cloud platform using the root private key, and issue a first digital certificate that meets the quantum-resistant security requirements for the vehicle cloud platform; and to perform a quantum-resistant signature on the quantum-resistant public key corresponding to the third-party cloud service platform using the root private key, and issue a second digital certificate that meets the quantum-resistant security requirements for the third-party cloud service platform.

[0012] Secondly, embodiments of this application also provide a vehicle-cloud cross-domain interaction method, which is applied to a vehicle-cloud platform in a vehicle-cloud cross-domain interaction system as described in any of the first aspects; the vehicle-cloud cross-domain interaction system further includes a vehicle terminal, a quantum-resistant certificate authorization center, and a third-party cloud service platform; the method further includes: By utilizing the root key pair pre-generated by the quantum-resistant certificate authorization center, the first digital certificate of the vehicle cloud platform, and the second digital certificate of the third-party cloud service platform, cross-domain interaction based on the quantum-resistant root of trust is achieved with the third-party cloud service platform to provide the vehicle terminal with services corresponding to the service data packets sent by the vehicle terminal; The first digital certificate and the second digital certificate are digital certificates that are pre-issued by the quantum-resistant certificate authorization center and meet the requirements of quantum-resistant security.

[0013] In one possible implementation, the step of utilizing the root key pair pre-generated by the quantum-resistant certificate authorization center, the first digital certificate of the vehicle cloud platform, and the second digital certificate of the third-party cloud service platform to achieve cross-domain interaction with the third-party cloud service platform based on the quantum-resistant root of trust includes: The second digital certificate is verified using the root public key in the root key pair and the quantum-resistant certificate authority; after the second digital certificate is verified, the business data packet is sent to the third-party cloud service platform so that the third-party cloud service platform can verify the first digital certificate using the root public key in the root key pair and the quantum-resistant certificate authority; after the first digital certificate is verified, the business data packet is parsed. Using the quantum-resistant public key corresponding to the third-party cloud service platform, a symmetric key seed is encapsulated and sent to the third-party cloud service platform. The third-party cloud service platform then uses its corresponding quantum-resistant private key to decapsulate the encapsulated symmetric key seed sent by the vehicle cloud platform. This allows the third-party cloud service platform to negotiate a cloud-to-cloud symmetric session key with the vehicle cloud platform using the symmetric key seed. The cloud-to-cloud symmetric session key is then used to encrypt the business processing result corresponding to the business data packet before transmitting it to the vehicle cloud platform. The encrypted service processing result is decrypted using the cloud-to-cloud symmetric session key, and the decrypted service processing result is sent to the vehicle terminal.

[0014] Thirdly, embodiments of this application also provide an electronic device, including: a processor, a storage medium, and a bus, wherein the storage medium stores machine-readable instructions executable by the processor, and when the electronic device is running, the processor communicates with the storage medium via the bus, and the processor executes the machine-readable instructions to perform the steps of the vehicle-cloud cross-domain interaction method as described in any of the second aspects.

[0015] Fourthly, embodiments of this application also provide a computer-readable storage medium storing a computer program, which, when executed by a processor, performs the steps of the vehicle-cloud cross-domain interaction method as described in any of the second aspects.

[0016] This application provides a vehicle-to-cloud cross-domain interaction system, method, electronic device, and storage medium. The vehicle-to-cloud cross-domain interaction system includes a vehicle terminal, vehicle-to-cloud platforms in various regions, a quantum-resistant certificate authorization center, and a third-party cloud service platform. The vehicle terminal is used to send a service data packet to the vehicle-to-cloud platform in its region when a target vehicle generates a cross-domain service request. The vehicle-to-cloud platform is used to utilize a root key pair pre-generated by the quantum-resistant certificate authorization center, a first digital certificate of the vehicle-to-cloud platform, and a second digital certificate of the third-party cloud service platform to achieve cross-domain interaction with the third-party cloud service platform based on a quantum-resistant root of trust, so as to provide the vehicle terminal with services corresponding to the service data packet. The first digital certificate and the second digital certificate are pre-issued digital certificates by the quantum-resistant certificate authorization center that meet quantum-resistant security requirements. Compared with traditional methods, this application has the following beneficial effects: Benefit 1: Building a unified trust system significantly reduces the complexity and security risks of vehicle-side operations and maintenance. By deploying a unified quantum-resistant root of trust on the cloud side, serving as the sole highest trust anchor point across the entire network, unified identity management and authentication are implemented for vehicle cloud platforms and target service platforms in various regions. This eliminates trust silos between different service platforms. Vehicle terminals no longer need to pre-install and frequently update multi-source third-party certificate chains; they only need to establish a single secure communication relationship with their respective regional vehicle cloud platform. This not only greatly simplifies the complexity of vehicle-side configuration management (reducing operation and maintenance costs) but also effectively reduces the attack surface exposed to the vehicle, improving the overall system security.

[0017] Benefit 2: The introduction of a cloud-based proxy mechanism significantly shortens the authentication chain and improves business continuity. By introducing a cloud-based proxy collaborative authentication mechanism, the vehicle terminal does not directly participate in cross-domain trust establishment and negotiation. When cross-domain access is required, the vehicle cloud platform in the relevant region acts as a trusted proxy node, proactively initiating collaborative interaction and two-way identity verification with the target domain service platform. The core high-computing-power-consuming processes such as cross-domain trust establishment and identity authentication are centralized on high-performance cloud servers, achieving millisecond-level cloud-based two-way strong authentication. This significantly shortens the cross-domain authentication chain, reduces interaction latency, and effectively avoids problems such as navigation interruptions and payment failures that occur in complex environments such as high-speed driving and weak networks. It ensures the seamless, continuous, and stable operation of critical cockpit services (such as cross-regional charging and cross-regional parking payment) in cross-regional scenarios.

[0018] Benefit Three: It possesses quantum-resistant security evolution capabilities, ensuring long-term data confidentiality and integrity. The unified trust system fully adopts quantum-resistant security mechanisms (including using high-strength quantum-resistant signature algorithms to generate root key pairs, issuing quantum-resistant digital certificates, and using the quantum-resistant key encapsulation mechanism KEM to negotiate cloud-to-cloud symmetric session keys). This effectively resists the cryptographic threats posed by future quantum computing technologies, establishing a quantum-resistant encrypted data transmission channel with forward security between the cloud and the internet. This provides forward-looking security guarantees for cross-domain vehicle-to-cloud interaction, ensuring the confidentiality and integrity of business data transmitted over the public network in complex cross-domain environments, making this solution highly adaptable to long-term technical needs. Attached Figure Description

[0019] To more clearly illustrate the technical solutions of the embodiments of this application, the accompanying drawings used in the embodiments will be briefly introduced below. It should be understood that the following drawings only show some embodiments of this application and should not be regarded as a limitation of the scope. For those skilled in the art, other related drawings can be obtained based on these drawings without creative effort.

[0020] Figure 1 This illustration shows a structural schematic diagram of a vehicle-cloud cross-domain interaction system provided in an embodiment of this application; Figure 2 The flowchart shown is a method for cross-domain interaction between vehicle and cloud provided in an embodiment of this application; Figure 3 This document illustrates a flowchart of the cross-domain interaction between the vehicle cloud platform and a third-party cloud service platform provided in an embodiment of this application. Figure 4 A schematic diagram of the structure of an electronic device provided in an embodiment of this application is shown. Detailed Implementation

[0021] To make the objectives, technical solutions, and advantages of the embodiments of this application clearer, the technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. It should be understood that the accompanying drawings in this application are for illustrative and descriptive purposes only and are not intended to limit the scope of protection of this application. Furthermore, it should be understood that the schematic drawings are not drawn to scale. The flowcharts used in this application illustrate operations implemented according to some embodiments of this application. It should be understood that the operations in the flowcharts may not be implemented in sequence, and steps without logical contextual relationships may be reversed or implemented simultaneously. In addition, those skilled in the art, guided by the content of this application, may add one or more other operations to the flowcharts, or remove one or more operations from the flowcharts.

[0022] Furthermore, the described embodiments are merely some, not all, of the embodiments of this application. The components of the embodiments of this application described and illustrated herein can typically be arranged and designed in various different configurations. Therefore, the following detailed description of the embodiments of this application provided in the accompanying drawings is not intended to limit the scope of the claimed application, but merely to illustrate selected embodiments of the application. All other embodiments obtained by those skilled in the art based on the embodiments of this application without inventive effort are within the scope of protection of this application.

[0023] To enable those skilled in the art to utilize the content of this application, and in conjunction with the specific application scenario of "intelligent vehicle cockpit," the following implementation methods are provided. For those skilled in the art, the general principles defined herein can be applied to other embodiments and application scenarios without departing from the spirit and scope of this application. Although this application is primarily described within the "intelligent vehicle cockpit" field, it should be understood that this is merely an exemplary embodiment.

[0024] It should be noted that the term "comprising" will be used in the embodiments of this application to indicate the presence of the features declared thereafter, but does not exclude the addition of other features.

[0025] With the continued advancement of electrification and intelligence in intelligent connected vehicles, the smart cockpit has evolved from a simple driving space into a core entry point for mobility services. During operation, vehicles frequently interact with various external cloud ecosystems. Typical cross-domain communication scenarios include: accessing remote charging platforms when traveling across regions, retrieving third-party parking and payment systems in real time for seamless settlement, and accessing high-precision maps and streaming media services. This business model, heavily reliant on cloud collaboration, places dual demands on the speed and security of data links between the vehicle and multiple geographically dispersed, heterogeneous cloud entities.

[0026] Currently, the industry primarily uses traditional PKI (Public Key Infrastructure) cross-domain interaction solutions to achieve identity authentication and secure communication between vehicles and heterogeneous cloud environments. In this solution, each automaker, service provider, or operator typically builds and maintains its own PKI system independently and issues corresponding digital certificates to vehicle terminals. When a vehicle accesses cloud services from different entities, it needs to perform end-to-end cross-domain authentication and trust negotiation based on the corresponding certificates.

[0027] In actual engineering implementation, the aforementioned traditional PKI cross-domain interaction solutions have the following prominent bottlenecks, failing to meet the stringent requirements of intelligent connected vehicle cockpit services: Pain Point 1: Fragmented trust leads to high operation and maintenance costs and significant security risks. Each operator independently maintains its own PKI system, lacking a unified root of trust across the industry. To achieve mutual trust and recognition between different platforms, vehicle terminals need to pre-install and frequently update numerous certificates from various third parties. This not only significantly increases the complexity of vehicle configuration management and incurs high operation and maintenance costs, but also expands the attack surface of the vehicle, increasing potential security risks.

[0028] Pain Point 2: Long authentication chains lead to frequent service interruptions and poor real-time performance. In traditional cross-domain authentication processes, vehicle terminals need to directly participate in cross-domain trust negotiation and verify the certificate chain through multiple intermediate nodes, resulting in high response latency. In complex network environments such as high-speed driving or weak network conditions, high authentication latency can easily lead to navigation interruptions, payment failures, and other problems, making it impossible to guarantee the real-time performance and continuity of critical in-cabin services (such as contactless payment and real-time high-precision maps).

[0029] Pain Point 3: Lack of Future-Oriented Security Evolution Capabilities (Quantum Threat Resistance) Traditional PKI systems are mostly based on traditional public-key cryptography algorithms such as RSA and ECC. With the rapid development of quantum computing technology, traditional cryptographic algorithms face the risk of being completely cracked. Existing solutions cannot effectively address the security threats brought by future quantum computing, and it is difficult to guarantee the long-term confidentiality and integrity of vehicle-cloud cross-domain interactions.

[0030] In view of this, this application provides a vehicle-cloud cross-domain interaction system, method, electronic device, and storage medium. The vehicle-cloud cross-domain interaction system includes: a vehicle terminal for sending a service data packet to a vehicle-cloud platform in its region when a target vehicle generates a cross-domain service request; and a vehicle-cloud platform for using a root key pair pre-generated by a quantum-resistant certificate authority, a first digital certificate of the vehicle-cloud platform, and a second digital certificate of a third-party cloud service platform to achieve cross-domain interaction with the third-party cloud service platform based on a quantum-resistant trust root, to provide the vehicle terminal with services corresponding to the service data packet; wherein the first and second digital certificates are digital certificates pre-issued by a quantum-resistant certificate authority that meet quantum-resistant security requirements. This application can reduce the complexity of vehicle-side configuration management and operation and maintenance costs, and avoid response delays through cross-domain trust negotiation via the vehicle-cloud platform.

[0031] Reference Figure 1 The diagram shown is a structural schematic of a vehicle-cloud cross-domain interaction system provided in an embodiment of this application. The system includes a vehicle terminal 101, a vehicle-cloud platform 102, a quantum-resistant certificate authorization center 103, and a third-party cloud service platform 104. The vehicle terminal 101 is communicatively connected to the vehicle-cloud platform 102; the vehicle-cloud platform 102 is communicatively connected to the third-party cloud service platform 104; and the quantum-resistant certificate authorization center 103 is communicatively connected to both the vehicle-cloud platform 102 and the third-party cloud service platform 104.

[0032] First, a unified quantum-resistant root of trust is deployed. The root key pair is pre-generated by a quantum-resistant certificate authority. This quantum-resistant certificate authority is used to generate a root key pair using a quantum-resistant signature algorithm before the vehicle terminal sends business data packets to the vehicle-cloud platform in its region; it stores the root private key in the root key pair in an internal hardware security module, and sends the root public key in the root key pair to the vehicle-cloud platform and the third-party cloud service platform.

[0033] In this embodiment, a unified quantum-resistant Certificate Authority (CA) (including root certificate authorities, sub-CAs, and registration authorities) is deployed in the vehicle-cloud collaborative management center. The quantum-resistant CA uses a high-strength quantum-resistant signature algorithm (e.g., the lattice-based CRYSTALS-Dilithium algorithm or the stateless hash signature SPHINCS+ algorithm) to generate root key pairs and securely stores the root private key in a hardware security module (HSM). This quantum-resistant CA serves as the unified trust anchor in the vehicle-cloud cross-domain interaction system, responsible for providing unified identity registration, quantum-resistant certificate issuance, certificate renewal, and online certificate status protocol (OCSP / CRL) response services to all regional vehicle-cloud platforms and ecosystem service platforms across the network.

[0034] Then, the vehicle cloud platform and third-party cloud service platform are pre-initialized using digital certificates issued by a quantum-resistant certificate authority that meet quantum-resistant security requirements. Specifically: (1) The vehicle cloud platform is also used to generate a first quantum-resistant key pair before accessing the network; and send the quantum-resistant public key corresponding to the vehicle cloud platform in the first quantum-resistant key pair to the quantum-resistant certificate authorization center; In this embodiment of the application, the vehicle cloud platform P A Before connecting to the network, the first quantum-resistant key pair PK is generated locally. A / SK A And submit its own quantum-resistant public key PK to the quantum-resistant certificate authority. A And the Certificate Signing Request (CSR) for identity verification.

[0035] (2) The third-party cloud service platform is also used to generate a second quantum-resistant key pair before accessing the network; and send the quantum-resistant public key corresponding to the third-party cloud service platform in the second quantum-resistant key pair to the quantum-resistant certificate authorization center; In this embodiment of the application, the third-party cloud service platform P B Before connecting to the network, the system first generates its own second quantum-resistant key pair PK locally. B / SK BAnd submit its own quantum-resistant public key PK to the quantum-resistant certificate authority. B And the Certificate Signing Request (CSR) for identity verification.

[0036] (3) The quantum-resistant certificate authorization center is also used to perform quantum-resistant signature on the quantum-resistant public key corresponding to the vehicle cloud platform using the root private key, and issue a first digital certificate that meets the quantum-resistant security requirements for the vehicle cloud platform; and to perform quantum-resistant signature on the quantum-resistant public key corresponding to the third-party cloud service platform using the root private key, and issue a second digital certificate that meets the quantum-resistant security requirements for the third-party cloud service platform.

[0037] In this implementation, the quantum-resistant certificate authority rigorously verifies the identity and qualifications of the certificate holder, then uses the root private key to perform a quantum-resistant signature on the public key, issuing a digital certificate Cert that meets the quantum-resistant security requirements. A and Cert B Each platform securely deploys the acquired certificates and private keys in its own cloud-based key management system to establish the legitimate identity of the cloud node.

[0038] Then, the vehicle terminal is used to send business data packets to the vehicle cloud platform of its respective region when the target vehicle generates cross-domain business needs.

[0039] In this embodiment, the target vehicle is equipped with a vehicle terminal Ve, which is pre-bound to a vehicle cloud platform in the region where the target vehicle is located; then, when the target vehicle generates a cross-domain business request, it sends a request to the vehicle cloud platform P in the region. A Send business data packets to initiate cross-domain business requests.

[0040] Specifically, the vehicle terminal Ve binds to the vehicle cloud platform of the region where the target vehicle is located according to the following steps: Step 1: During the manufacturing or initial activation phase of the vehicle terminal (Ve), the automaker uses dedicated secure production line equipment to strongly bind the target vehicle's unique identifier (e.g., VIN code (Vehicle Identification Number)) to the vehicle-to-cloud platform (PA) of the target vehicle's region. During this process, the target vehicle generates or is securely injected with an initial key credential, which is then securely stored in an automotive-grade security chip (SE) or trusted execution environment (TEE). The initial key certificate typically refers to the complete digital certificate of the target vehicle, which includes at least: the target vehicle's private key (the core confidential part of the entire certificate), the target vehicle's public key (publicly available for others to verify the vehicle's identity), the target vehicle's identity information (such as the vehicle identification number), and the issuer's signature (signed by the car manufacturer or a trusted institution using its root key to prove that "this public key does indeed belong to this legitimate vehicle").

[0041] Step 2: After the target vehicle starts, the vehicle terminal Ve uses the initial key credential to connect with the vehicle cloud platform P in the region where the target vehicle is located. A Perform two-way authentication and utilize Key Derivation Function (KDF) with the vehicle-cloud platform P. A Negotiated Vehicle to Cloud (V2C) Symmetric Session Key V2C This establishes a secure initial V2C communication link protected against replay attacks (by introducing a timestamp T and a random number N).

[0042] In this embodiment, two-way authentication is a crucial step before establishing a secure communication connection in the vehicle-to-everything (V2X) network, confirming that "the vehicle is a legitimate vehicle and the cloud is a trustworthy cloud," only then can a secure communication channel be established. The vehicle terminal (Ve) performs encrypted calculation or signature on the initial key credential and sends the result to the cloud platform. The cloud platform verifies the information to confirm that the vehicle is a registered, legitimate device, not a counterfeit terminal. Simultaneously, the vehicle-cloud platform also uses its own credentials (such as the second digital certificate described later) to prove to the vehicle terminal (Ve) that it is a legitimate, official service platform, not a fake base station or phishing server.

[0043] Furthermore, when a vehicle generates cross-domain business needs during operation (such as calling third-party services in a different location), there is no need to perform complex third-party domain name resolution, nor is it necessary to download and verify the certificate of the target domain third-party service platform. It only needs to send the business data packet to the vehicle cloud platform in its local region. The vehicle cloud platform, acting as a trusted proxy node, proactively initiates collaborative interaction and two-way identity verification with the target domain's third-party cloud service platform.

[0044] Specifically, the vehicle terminal Ve connects to the vehicle-cloud platform P in its respective region. A When sending a business data packet, the specific process for generating the business data packet involves the following plaintext payload: Payload = {Business Type Identifier Biz_Type, Target Service Globally Unique ID, Business Request Parameters Params, Timestamp T, Random Number N}. Subsequently, the vehicle terminal Ve uses the target vehicle's private key to digitally sign the business data packet payload; and uses the vehicle-to-cloud symmetric session key to sign the corresponding digital signature of the business data packet. Ve Encrypt (C) V2C =E(Key V2C Payload||Sign Ve Finally, the encrypted digital signature C corresponding to the business data packet is transmitted via the V2C link. V2C Send to the vehicle cloud platform P in the relevant region A .

[0045] Among them, C V2C For the encrypted digital signature, E() is the encryption function, and Key is the key. V2C The vehicle-to-cloud symmetric session key, the payload is the business data packet, and the sign... Ve For digital signatures corresponding to business data packets.

[0046] Finally, the vehicle-cloud platform is used to utilize the root key pair pre-generated by the quantum-resistant certificate authorization center, the first digital certificate of the vehicle-cloud platform, and the second digital certificate of the third-party cloud service platform to achieve cross-domain interaction with the third-party cloud service platform based on the quantum-resistant root of trust, so as to provide the vehicle terminal with the service corresponding to the service data packet; wherein, the first digital certificate and the second digital certificate are digital certificates pre-issued by the quantum-resistant certificate authorization center that meet the quantum-resistant security requirements.

[0047] In this embodiment of the application, the vehicle cloud platform P A Upon receiving the encrypted request, the vehicle-to-cloud symmetric session key is first used to pair the encrypted digital signature C corresponding to the business data packet. V2C Decrypt: Payload||Sign Ve =D(Key V2C C V2C Then, the car-cloud platform P A Verify the digital signature of the vehicle terminal Ve. Ve The timestamps T and N are used to ensure that the request has not been tampered with and is not a replay attack; after verification, the vehicle cloud platform P... A As a trusted proxy node for the target vehicle, it proactively communicates with the third-party cloud service platform P. B Initiating a C2C collaborative interaction request, during the C2C handshake phase, the vehicle-cloud platform P... A and third-party cloud service platform P B They send each other their respective quantum-resistant digital certificates (Cert). A (i.e., the first digital certificate) and Cert B (i.e., the second digital certificate); finally, the vehicle cloud platform P A, This is used to leverage the root key pair pre-generated by the quantum-resistant certificate authorization center, the first digital certificate of the vehicle-cloud platform, and the second digital certificate of the third-party cloud service platform to achieve cross-domain interaction with the third-party cloud service platform based on the quantum-resistant root of trust, so as to provide the service corresponding to the service data packet to the vehicle terminal. Here, D() is the decryption function.

[0048] (1) When the vehicle cloud platform realizes cross-domain interaction with a third-party cloud service platform based on quantum-resistant root of trust, it is specifically used to verify the second digital certificate using the root public key in the root key pair and the quantum-resistant certificate authorization center; after the second digital certificate is verified, the business data packet is sent to the third-party cloud service platform. In this embodiment, when the vehicle-cloud platform verifies the second digital certificate using the root public key in the root key pair and the quantum-resistant certificate authority, it specifically performs the following steps: using the root public key in the root key pair to verify the signature validity of the second digital certificate; after the signature validity verification of the second digital certificate is successful, sending the second digital certificate to the quantum-resistant certificate authority to initiate a transfer status protocol request to the quantum-resistant certificate authority; and verifying the status information of the second digital certificate sent by the quantum-resistant certificate authority. This process is completed on a high-performance cloud server, achieving strong authentication of two-way identity in the cloud.

[0049] (2) The third-party cloud service platform is used to verify the first digital certificate using the root public key in the root key pair and the quantum-resistant certificate authorization center; after the first digital certificate is verified, the service data packet is parsed. In this embodiment, when the third-party cloud service platform verifies the first digital certificate using the root public key in the root key pair and the quantum-resistant certificate authority, it specifically performs the following steps: Using the root public key in the root key pair, it verifies the signature validity of the first digital certificate; after the signature validity verification of the first digital certificate is successful, it sends the first digital certificate to the quantum-resistant certificate authority to initiate a transfer status protocol request; and it verifies the status information of the first digital certificate sent by the quantum-resistant certificate authority. This process is completed on a high-performance cloud server, achieving strong authentication of two-way identity in the cloud. The third-party cloud service platform P... B After confirming the vehicle cloud platform P A After verifying the legitimate proxy identity, the business data packet payload is parsed and fine-grained authorization judgment is performed according to the preset cross-domain access control policy (ACL) (e.g., verifying whether the car manufacturer to which the target vehicle belongs has signed a cross-domain service agreement, whether the vehicle account status is normal, etc.).

[0050] (3) The vehicle cloud platform is also used to encapsulate the symmetric key seed and send it to the third-party cloud service platform using the anti-quantum public key corresponding to the third-party cloud service platform.

[0051] In this embodiment of the application, the third-party cloud service platform P B After the authorization check is passed, the vehicle cloud platform PA With P B Initiate quantum-resistant key encapsulation mechanisms (KEM, such as the CRYSTALS-Kyber algorithm). Specifically, the vehicle-cloud platform P... A A high-entropy random symmetric key seed (Seed) is generated, and the quantum-resistant public key (PK) corresponding to the third-party cloud service platform is used. B The symmetric key seed is encapsulated and sent to the third-party cloud service platform: CKEM=Enc(PK B ,Seed). Where CKEM is the encapsulated symmetric key seed, and Enc() is the encapsulation function.

[0052] (4) The third-party cloud service platform is also used to decapsulate the encapsulated symmetric key seed sent by the vehicle cloud platform using the quantum-resistant private key corresponding to the third-party cloud service platform, so as to negotiate with the vehicle cloud platform through the symmetric key seed to obtain the cloud-to-cloud symmetric session key; and to encrypt the business processing result corresponding to the business data packet using the cloud-to-cloud symmetric session key and transmit it to the vehicle cloud platform.

[0053] In this embodiment of the application, the third-party cloud service platform P B After receiving, use its own quantum-resistant private key SK B Decapsulation: Seed = Dec(SK) B C KEM Based on this, both parties securely negotiated a high-strength cloud-to-cloud C2C symmetric session key. C2C (e.g., AES-256), thereby establishing a quantum-resistant encrypted data transmission channel with forward security between clouds. Third-party cloud service platform P B Through the aforementioned C2C encrypted channel, business control commands are issued, business data is processed in real time, and a processing result (Result) is generated. Third-party cloud service platform P B Based on the quantum-resistant private key corresponding to the third-party cloud service platform, calculate the digital signature corresponding to the business processing result: Sign B =Sign(SK B , Result); Encrypt the digital signature corresponding to the business processing result using the cloud-to-cloud symmetric session key: C C2C =E(Key C2C ,Result||Sign B The encrypted business processing result, corresponding to a digital signature, is transmitted to the vehicle cloud platform. Here, Dec() is the decapsulation function, Sign() is the digital signature function, and C... C2C This is the digital signature corresponding to the encrypted business processing result.

[0054] (5) The vehicle cloud platform is also used to decrypt the encrypted business processing result using the cloud-to-cloud symmetric session key and send the decrypted business processing result to the vehicle terminal.

[0055] In this embodiment of the application, the vehicle cloud platform P A The encrypted business processing result is decrypted using the cloud-to-cloud symmetric session key: Result||Sign B =D(Key C2C C C2C Subsequently, the CarCloud platform P A Perform protocol conversion and re-encapsulation, and utilize the vehicle-to-cloud symmetric session key to process the business results: C R =E(Key V2C ,Result||Sign B The data is transparently forwarded to the vehicle terminal (Ve) via the initial secure V2C communication link. All cross-domain business data is transmitted in encrypted form, ensuring the confidentiality and integrity of data transmitted over the public network.

[0056] Furthermore, after the vehicle terminal decrypts the Ve code and obtains the Result, it executes a response on the cockpit screen or control module.

[0057] For example, this embodiment uses the example of "a smart connected vehicle with a license plate from CH province traveling to CH province and using a third-party charging station" to illustrate the specific execution process of this system: (a) Role correspondence: (1) Vehicle terminal: CH province license plate vehicle.

[0058] (2) The vehicle cloud platform in the region (P) A ): The cloud platform of the region where the vehicle terminal is located.

[0059] (3) Third-party service platform (P) B ): A third-party charging network operation platform in JL Province.

[0060] (4) CA: Intelligent Connected Vehicle Quantum Resistance Certificate Authorization Center.

[0061] (II) Execution process: When the vehicle leaves CH province, it is already bound to the "CH province's vehicle cloud platform" and a V2C session key has been negotiated. When the vehicle connects to a third-party charging pile in CH province, the vehicle's screen initiates a "start charging" request. The vehicle does not directly connect to a third-party charging network operator platform in JL province. Instead, it constructs a payload containing parameters such as "charging pile ID and charging amount limit," encrypts it with the V2C key, and sends it to the "cloud platform in the region where the vehicle terminal is located." Upon receiving the payload, the "cloud platform in the region where the vehicle terminal is located," acting as a proxy, proactively initiates a C2C handshake with the "third-party charging network operator platform in JL province." Both parties exchange quantum-resistant certificates and verify the validity of each other's certificates with the CA. The "third-party charging network operator platform in JL province" verifies whether the vehicle owner has signed a cross-domain charging agreement (ACL authorization). After successful verification, both parties negotiate a C2C session key using the Kyber algorithm (KEM). The "third-party charging network operator platform in JL province" issues a "start charging" command, encrypts it with the C2C key, and sends it to the "cloud platform in the region where the vehicle terminal is located." After the cloud platform in the region where the vehicle terminal is located is decrypted, it is re-encrypted using the V2C key and transparently forwarded to the vehicle. After the vehicle decrypts, it controls the BMS (Battery Management System) to start charging.

[0062] Replacing the aforementioned "a third-party charging network operation platform in JL province" with a "third-party payment platform" will result in the following process: When a vehicle exits a highway toll station or parking lot, contactless payment is triggered. The vehicle sends an encrypted "deduction request (including the bill serial number)" to its vehicle cloud platform. After the vehicle cloud platform and the third-party payment platform complete quantum-resistant two-way authentication and KEM key negotiation, the payment platform completes the deduction in the cloud and forwards a "deduction successful" receipt encrypted by the vehicle cloud platform to the vehicle's screen for display. Throughout the process, the vehicle does not need to have a built-in certificate for the payment platform, nor does it need to directly initiate external network payment requests, greatly improving payment response speed and security.

[0063] Based on the same inventive concept, this application also provides a vehicle-cloud cross-domain interaction method corresponding to the vehicle-cloud cross-domain interaction system. Since the principle of the method in this application is similar to that of the vehicle-cloud cross-domain interaction system described above in this application, the implementation of the method can refer to the implementation of the system, and the repeated parts will not be described again.

[0064] Reference Figure 2 The diagram shown is a flowchart of a vehicle-cloud cross-domain interaction method provided in an embodiment of this application. This method is applied to a vehicle-cloud platform within a vehicle-cloud cross-domain interaction system. The vehicle-cloud cross-domain interaction system also includes a vehicle terminal, a quantum-resistant certificate authorization center, and a third-party cloud service platform. The method further includes: By utilizing the root key pair pre-generated by the quantum-resistant certificate authorization center, the first digital certificate of the vehicle cloud platform, and the second digital certificate of the third-party cloud service platform, cross-domain interaction based on the quantum-resistant root of trust is achieved with the third-party cloud service platform to provide the vehicle terminal with services corresponding to the service data packets sent by the vehicle terminal; The first digital certificate and the second digital certificate are digital certificates that are pre-issued by the quantum-resistant certificate authorization center and meet the requirements of quantum-resistant security.

[0065] Reference Figure 3 The diagram illustrates a cross-domain interaction flowchart between the vehicle-cloud platform and a third-party cloud service platform provided in this application embodiment. Specifically, the step of utilizing the root key pair pre-generated by the quantum-resistant certificate authorization center, the first digital certificate of the vehicle-cloud platform, and the second digital certificate of the third-party cloud service platform to achieve cross-domain interaction with the third-party cloud service platform based on a quantum-resistant root of trust includes: verifying the second digital certificate using the root public key in the root key pair and the quantum-resistant certificate authorization center; after the second digital certificate is verified, sending the business data packet to the third-party cloud service platform so that the third-party cloud service platform can verify the first digital certificate using the root public key in the root key pair and the quantum-resistant certificate authorization center; After the first digital certificate is verified, the business data packet is parsed; using the quantum-resistant public key corresponding to the third-party cloud service platform, a symmetric key seed is encapsulated and sent to the third-party cloud service platform, so that the third-party cloud service platform can use its corresponding quantum-resistant private key to decapsulate the encapsulated symmetric key seed sent by the vehicle cloud platform, and negotiate with the vehicle cloud platform through the symmetric key seed to obtain a cloud-to-cloud symmetric session key; using the cloud-to-cloud symmetric session key, the business processing result corresponding to the business data packet is encrypted and transmitted to the vehicle cloud platform; using the cloud-to-cloud symmetric session key, the encrypted business processing result is decrypted and sent to the vehicle terminal.

[0066] like Figure 4 As shown in the embodiment of this application, an electronic device 400 includes a processor 401, a memory 402, and a bus. The memory 402 stores machine-readable instructions executable by the processor 401. When the electronic device is running, the processor 401 communicates with the memory 402 via the bus, and the processor 401 executes the machine-readable instructions to perform the steps of the vehicle-cloud cross-domain interaction method described above.

[0067] Specifically, the memory 402 and processor 401 mentioned above can be general-purpose memory and processor, without any specific limitations. When the processor 401 runs the computer program stored in the memory 402, it can execute the above-mentioned vehicle-cloud cross-domain interaction method.

[0068] Corresponding to the above-described vehicle-to-cloud cross-domain interaction method, this application embodiment also provides a computer-readable storage medium storing a computer program, which is executed by a processor to perform the steps of the above-described vehicle-to-cloud cross-domain interaction method.

[0069] Those skilled in the art will clearly understand that, for the sake of convenience and brevity, the specific working processes of the systems and devices described above can be referred to the corresponding processes in the method embodiments, and will not be repeated here. In the several embodiments provided in this application, it should be understood that the disclosed systems, devices, and methods can be implemented in other ways. The device embodiments described above are merely illustrative. For example, the division of modules is only a logical functional division, and in actual implementation, there may be other division methods. Furthermore, multiple modules or components can be combined or integrated into another system, or some features can be ignored or not executed. Another point is that the displayed or discussed mutual coupling or direct coupling or communication connection can be through some communication interfaces; the indirect coupling or communication connection of devices or modules can be electrical, mechanical, or other forms.

[0070] The modules described as separate components may or may not be physically separate. The components shown as modules may or may not be physical units; that is, they may be located in one place or distributed across multiple network units. Some or all of the units can be selected to achieve the purpose of this embodiment according to actual needs.

[0071] In addition, the functional units in the various embodiments of this application can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit.

[0072] If the aforementioned functions are implemented as software functional units and sold or used as independent products, they can be stored in a processor-executable, non-volatile, computer-readable storage medium. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or a portion of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the vehicle-cloud cross-domain interaction method described in the various embodiments of this application. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, external hard drives, ROM, RAM, magnetic disks, or optical disks.

[0073] The above are merely specific embodiments of this application, but the scope of protection of this application is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the scope of the technology disclosed in this application should be included within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.

Claims

1. A vehicle-cloud cross-domain interaction system, characterized in that, The vehicle-cloud cross-domain interaction system includes vehicle terminals, vehicle-cloud platforms in various regions, quantum-resistant certificate authorization centers, and third-party cloud service platforms. The vehicle terminal is used to send a business data packet to the vehicle cloud platform of the region to which the target vehicle belongs when the target vehicle generates a cross-domain business request. The vehicle cloud platform is used to utilize the root key pair pre-generated by the quantum-resistant certificate authorization center, the first digital certificate of the vehicle cloud platform, and the second digital certificate of the third-party cloud service platform to achieve cross-domain interaction with the third-party cloud service platform based on the quantum-resistant root of trust, so as to provide the vehicle terminal with services corresponding to the service data packet; The first digital certificate and the second digital certificate are digital certificates that are pre-issued by the quantum-resistant certificate authorization center and meet the requirements of quantum-resistant security.

2. The vehicle-cloud cross-domain interaction system according to claim 1, characterized in that, When the vehicle cloud platform performs cross-domain interaction with the third-party cloud service platform based on a quantum-resistant root of trust, it specifically uses the root public key in the root key pair and the quantum-resistant certificate authority to verify the second digital certificate; after the second digital certificate is verified, the business data packet is sent to the third-party cloud service platform. The third-party cloud service platform is used to verify the first digital certificate using the root public key in the root key pair and the quantum-resistant certificate authority; after the first digital certificate is verified, the service data packet is parsed. The vehicle cloud platform is also used to encapsulate the symmetric key seed and send it to the third-party cloud service platform using the quantum-resistant public key corresponding to the third-party cloud service platform; The third-party cloud service platform is also used to decapsulate the encapsulated symmetric key seed sent by the vehicle cloud platform using the quantum-resistant private key corresponding to the third-party cloud service platform, so as to negotiate with the vehicle cloud platform through the symmetric key seed to obtain a cloud-to-cloud symmetric session key; and to encrypt the business processing result corresponding to the business data packet using the cloud-to-cloud symmetric session key and then transmit it to the vehicle cloud platform. The vehicle-cloud platform is also used to decrypt the encrypted business processing result using the cloud-to-cloud symmetric session key, and send the decrypted business processing result to the vehicle terminal.

3. The vehicle-cloud cross-domain interaction system according to claim 2, characterized in that, When the vehicle-cloud platform verifies the second digital certificate using the root public key in the root key pair and the quantum-resistant certificate authorization center, it is specifically used for: The signature validity of the second digital certificate is verified using the root public key in the root key pair. After the signature validity of the second digital certificate is verified, the second digital certificate is sent to the quantum-resistant certificate authority to initiate a transfer status protocol request to the quantum-resistant certificate authority. The status information of the second digital certificate sent by the quantum-resistant certificate authorization center is verified.

4. The vehicle-cloud cross-domain interaction system according to claim 2, characterized in that, Specifically, the third-party cloud service platform is used to encrypt the business processing result corresponding to the business data packet using the cloud-to-cloud symmetric session key through the following steps: Calculate the digital signature corresponding to the business processing result based on the quantum-resistant private key of the third-party cloud service platform. The digital signature corresponding to the business processing result is encrypted using the cloud-to-cloud symmetric session key.

5. The vehicle-cloud cross-domain interaction system according to claim 1, characterized in that, The quantum-resistant certificate authorization center is used to generate a root key pair using a quantum-resistant signature algorithm before the vehicle terminal sends a business data packet to the vehicle cloud platform in its region; store the root private key in the root key pair in an internal hardware security module; and send the root public key in the root key pair to the vehicle cloud platform and the third-party cloud service platform.

6. The vehicle-cloud cross-domain interaction system according to claim 5, characterized in that, The vehicle-cloud platform is also used to generate a first quantum-resistant key pair before accessing the network; and to send the quantum-resistant public key corresponding to the vehicle-cloud platform in the first quantum-resistant key pair to the quantum-resistant certificate authorization center. The third-party cloud service platform is also used to generate a second quantum-resistant key pair before accessing the network; and to send the quantum-resistant public key corresponding to the third-party cloud service platform in the second quantum-resistant key pair to the quantum-resistant certificate authorization center. The quantum-resistant certificate authorization center is also used to perform a quantum-resistant signature on the quantum-resistant public key corresponding to the vehicle cloud platform using the root private key, and issue a first digital certificate that meets the quantum-resistant security requirements for the vehicle cloud platform; and to perform a quantum-resistant signature on the quantum-resistant public key corresponding to the third-party cloud service platform using the root private key, and issue a second digital certificate that meets the quantum-resistant security requirements for the third-party cloud service platform.

7. A vehicle cloud cross-domain interaction method, characterized in that, This method is applied to the vehicle-cloud platform in the vehicle-cloud cross-domain interaction system as described in any one of claims 1 to 6; The vehicle-cloud cross-domain interaction system also includes a vehicle terminal, a quantum-resistant certificate authorization center, and a third-party cloud service platform; the method also includes: By utilizing the root key pair pre-generated by the quantum-resistant certificate authorization center, the first digital certificate of the vehicle cloud platform, and the second digital certificate of the third-party cloud service platform, cross-domain interaction based on the quantum-resistant root of trust is achieved with the third-party cloud service platform to provide the vehicle terminal with services corresponding to the service data packets sent by the vehicle terminal; The first digital certificate and the second digital certificate are digital certificates that are pre-issued by the quantum-resistant certificate authorization center and meet the requirements of quantum-resistant security.

8. The vehicle-cloud cross-domain interaction method according to claim 7, characterized in that, The method of utilizing the root key pair pre-generated by the quantum-resistant certificate authorization center, the first digital certificate of the vehicle cloud platform, and the second digital certificate of the third-party cloud service platform to achieve cross-domain interaction with the third-party cloud service platform based on the quantum-resistant root of trust includes: The second digital certificate is verified using the root public key in the root key pair and the quantum-resistant certificate authority; after the second digital certificate is verified, the business data packet is sent to the third-party cloud service platform so that the third-party cloud service platform can verify the first digital certificate using the root public key in the root key pair and the quantum-resistant certificate authority; after the first digital certificate is verified, the business data packet is parsed. Using the quantum-resistant public key corresponding to the third-party cloud service platform, a symmetric key seed is encapsulated and sent to the third-party cloud service platform. The third-party cloud service platform then uses its corresponding quantum-resistant private key to decapsulate the encapsulated symmetric key seed sent by the vehicle cloud platform. This allows the third-party cloud service platform to negotiate a cloud-to-cloud symmetric session key with the vehicle cloud platform using the symmetric key seed. The cloud-to-cloud symmetric session key is then used to encrypt the business processing result corresponding to the business data packet before transmitting it to the vehicle cloud platform. The encrypted service processing result is decrypted using the cloud-to-cloud symmetric session key, and the decrypted service processing result is sent to the vehicle terminal.

9. An electronic device, comprising: include: The device includes a processor, a storage medium, and a bus. The storage medium stores machine-readable instructions executable by the processor. When the electronic device is running, the processor communicates with the storage medium via the bus, and the processor executes the machine-readable instructions to perform the steps of the vehicle-cloud cross-domain interaction method as described in claim 7 or 8.

10. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a computer program, which, when executed by a processor, performs the steps of the vehicle-cloud cross-domain interaction method as described in claim 7 or 8.