[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN111200496A - Digital key implementation method based on vehicle - Google Patents

Digital key implementation method based on vehicle Download PDF

Info

Publication number
CN111200496A
CN111200496A CN201911069314.6A CN201911069314A CN111200496A CN 111200496 A CN111200496 A CN 111200496A CN 201911069314 A CN201911069314 A CN 201911069314A CN 111200496 A CN111200496 A CN 111200496A
Authority
CN
China
Prior art keywords
vehicle
terminal equipment
information
key
cloud server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911069314.6A
Other languages
Chinese (zh)
Other versions
CN111200496B (en
Inventor
储长青
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Mingrui Internet Of Things Technology Co ltd
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN201911069314.6A priority Critical patent/CN111200496B/en
Publication of CN111200496A publication Critical patent/CN111200496A/en
Application granted granted Critical
Publication of CN111200496B publication Critical patent/CN111200496B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/14Direct-mode setup
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • G07C2009/00412Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks the transmitted data signal being encrypted
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides a digital key implementation method based on a vehicle, which comprises the following steps: the terminal equipment sends the vehicle using request and the vehicle identification information to the cloud server by adopting a private key of the terminal equipment; the cloud server checks a table according to the vehicle identification information to obtain a corresponding Bluetooth pairing code, generates a verification factor according to the vehicle using request, and binds and prestores the verification factor and a public key of the terminal device; the cloud server sends the Bluetooth pairing code and the verification factor to the terminal equipment; the terminal equipment is connected with the vehicle in a Bluetooth pairing mode based on the Bluetooth pairing code; the terminal equipment encrypts and signs the verification factor by adopting a private key of the terminal equipment to generate second signature information, and packages and sends the verification factor and the second signature information to the vehicle; the vehicle verifies the verification factor by means of the cloud server, and the control instruction of the terminal device can be received and executed after the verification is successful. The invention realizes the digital key scheme based on the vehicle and promotes the rapid development of the vehicle rental industry.

Description

Digital key implementation method based on vehicle
Technical Field
The invention relates to the field of automobiles, in particular to a digital key implementation method based on a vehicle.
Background
At present, the door access systems applied to automobiles mainly include a mechanical key door access system, a remote control door access system rke (remote key access) and a Keyless door access system (PKE, Passive key access). For the RKE system, compared with the mechanical key system, besides obvious convenience, the technology of the RKE for unlocking the automobile brake device also has the anti-theft function; for PKE, the PKE is developed on the basis of RKE, and is gradually developing and becoming stronger as a new generation of anti-theft technology, and has already gradually entered the medium-grade vehicle market from the high-grade vehicle market at present. Compared with a traditional key, the PKE can be called a smart key, and is similar to a smart card. When the driver steps into the designated range, the system judges through identification, if the driver is legally authorized, the system automatically opens the door. However, none of the above systems is separated from a separate physical key, and the owner of the vehicle needs to carry and keep the physical key. The popularization of business modes such as automobile sharing and automatic leasing is not helpful.
Nowadays, the mobile phone also becomes a portable communication tool which is not far away in daily life. How to realize a security scheme of an automobile digital key by using a mobile phone becomes a problem to be solved urgently at present.
Disclosure of Invention
In order to achieve the above object, the present invention provides a vehicle-based digital key implementation method, including:
the method comprises the steps that a terminal device encrypts and signs a vehicle using request and vehicle identification information by adopting a private key of the terminal device to generate first signature information, and the first signature information is sent to a cloud server;
the cloud server receives the first signature information, and decrypts and verifies the signature by adopting a public key of the terminal equipment to obtain a vehicle using request and vehicle identification information;
the cloud server checks a table according to the vehicle identification information to obtain a corresponding Bluetooth pairing code, generates a verification factor according to the vehicle using request, and binds and prestores the verification factor and a public key of the terminal device;
the cloud server encrypts the Bluetooth pairing code and the verification factor by adopting a public key of the terminal equipment to obtain first ciphertext information, and sends the first ciphertext information to the terminal equipment;
the terminal equipment receives the first ciphertext information and decrypts the first ciphertext information by adopting a private key of the terminal equipment to obtain the Bluetooth pairing code and the verification factor;
the terminal equipment is connected with the vehicle in a Bluetooth pairing mode based on the Bluetooth pairing code;
after the pairing is successful, the terminal equipment adopts a private key of the terminal equipment to carry out encryption signature on the verification factor so as to generate second signature information, and the verification factor and the second signature information are packaged and sent to the vehicle;
the vehicle receives the verification factor and the second signature information and sends the verification factor to the cloud server;
the cloud server searches a public key of the terminal device having a binding relation with the verification factor according to the received verification factor, and returns the public key of the terminal device to the vehicle;
the vehicle decrypts and verifies the signature of the second signature information according to the received public key of the terminal device, and the information obtained by decryption and verification is paired with the verification factor;
and if the pair is consistent, the vehicle receives and executes the control instruction of the terminal equipment.
Further, before the terminal device encrypts and signs the vehicle use request and the vehicle identification information by using its own private key to generate the first signature information, the method further includes:
the terminal equipment is preset with a private and public key pair; the cloud server is preset with a public and private key pair, all vehicle identification information, Bluetooth pairing codes and public keys of all terminal devices; the vehicle is preset with a private and public key pair of the vehicle and a public key of the cloud server.
Further, after the vehicle receives the verification factor and the second signature information, the method further includes:
the vehicle encrypts the verification factor by using a public key of the cloud server to obtain second ciphertext information, and sends the second ciphertext information to the cloud server;
the cloud server receives the second ciphertext information, decrypts the second ciphertext information by adopting a private key of the cloud server to obtain the verification factor, and searches a terminal device public key in a binding relationship with the verification factor according to the verification factor;
the cloud server encrypts the public key of the terminal equipment by adopting the public key of the vehicle to obtain third ciphertext information, and sends the third ciphertext information to the vehicle;
the vehicle receives the third ciphertext information and decrypts the third ciphertext information by using a private key of the vehicle to obtain the public key of the terminal equipment;
the vehicle decrypts and verifies the signature of the second signature information according to the public key of the terminal device, and compares the information obtained by decryption and verification with the verification factor;
and if the comparison is consistent, the vehicle receives and executes the control instruction of the terminal equipment.
Further, the vehicle receives and executes the control instruction of the terminal device, and specifically includes:
the terminal equipment and the vehicle perform key agreement to obtain a session key;
the terminal equipment generates a control instruction, encrypts the control instruction by adopting the session key to obtain fourth ciphertext information, and sends the fourth ciphertext information to the vehicle;
the vehicle receives the fourth ciphertext message and decrypts by using the session key to obtain the control instruction;
and the vehicle performs corresponding execution actions according to the control command.
Further, the key agreement between the terminal device and the vehicle to obtain the session key specifically includes:
the terminal equipment selects a random secret number a1
Figure BDA0002260435370000041
Respectively calculate SA=a1(xA+yA)-1、QA=a2(XB+YB+PPubhB) And UA=H2(IDA,IDB,a1P,a2P) wherein hB=H1(IDB,XB,YB);
The terminal device sends a message (ID)A,IDB,UA,SA,QA) Providing the vehicle;
the vehicle receives a message (ID)A,IDB,UA,SA,QA) Then, P is calculatedB,1=SA(XA+YA+PPubhA) And PB,2=(xB+yB)-1QAIf there is equation UA=H2(IDA,IDB,PB,1,PB,2) If the terminal device passes the identity validity verification of the vehicle, and the vehicle verifies the validity of the message, that is, the message is confirmed to be the key agreement message sent by the terminal device; if not, terminating;
after the identity and the message validity of the terminal equipment are verified, the vehicle randomly selects a secret number b1
Figure BDA0002260435370000042
Respectively calculate SB=b1(xB+yB)-1、QB=b2(XA+YA+PPubhA) And UB=H2(IDA,IDB,b1P,b2P) wherein hA=H1(IDA,XA,YA);
The vehicle sends a message (ID)A,IDB,UB,SB,QB) To the terminal device, the vehicle calculates a shared secret:
Figure BDA0002260435370000043
the session key K calculated by the vehicleBAComprises the following steps:
Figure BDA0002260435370000044
the terminal device receives a message (ID)A,IDB,UB,SB,QB) Then, P is calculatedA,1=SB(XB+YB+PPubhB) And PA,2=(xA+yA)-1QBIf there is equation UB=H2(IDA,IDB,PA,1,PA,2) If the vehicle passes the identity validity verification of the vehicle by the terminal equipment, and the terminal equipment verifies the validity of the message, namely the message is confirmed to be the key agreement message sent by the vehicle; if not, terminating;
after the vehicle identity and message validity are verified, the terminal device calculates a shared secret:
Figure BDA0002260435370000051
the session key K calculated by the vehicleBAComprises the following steps:
Figure BDA0002260435370000052
further, after the vehicle receives and executes the control instruction of the terminal device, the method further includes:
the terminal equipment sends a car returning request to the cloud server;
the cloud server calculates according to the vehicle using time period to obtain consumption bill information and feeds the consumption bill information back to the terminal equipment;
the terminal equipment pays money through a third party payment platform;
after the payment amount is successful, the cloud server destroys the verification factor and sends verification factor failure information to the vehicle;
and the vehicle stops receiving and executing the control instruction of the terminal equipment when receiving the verification factor failure information.
Further, generating a verification factor according to the vehicle using request specifically includes:
and randomly generating the verification factor according to the current time node of the vehicle using request.
Further, before the terminal device encrypts and signs the vehicle use request and the vehicle identification information by using its own private key to generate the first signature information, the method further includes:
and the terminal equipment scans the preset position of the vehicle through a camera to acquire the vehicle identification information.
Further, the vehicle identification information includes any one or more of a license plate number, a two-dimensional code and a bar code.
Further, the terminal device and the vehicle are respectively in network communication with the cloud server, and the network communication mode includes any one or more of 3G, 4G and 5G.
According to the invention, the terminal equipment and the cloud server are mutually matched to form the digital key for controlling the vehicle, so that the traditional mechanical key is replaced, the convenience degree of using the vehicle by a user is effectively improved, and the rapid development of the vehicle rental industry is further promoted.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
FIG. 1 illustrates a vehicle-based digital key application scenario of the present invention;
fig. 2 shows a flow chart of a vehicle-based digital key implementation method of the present invention.
Detailed Description
In order that the above objects, features and advantages of the present invention can be more clearly understood, a more particular description of the invention will be rendered by reference to the appended drawings. It should be noted that the embodiments and features of the embodiments of the present application may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, however, the present invention may be practiced in other ways than those specifically described herein, and therefore the scope of the present invention is not limited by the specific embodiments disclosed below.
Referring to fig. 1 and fig. 2, the present invention provides a method for implementing a digital key based on a vehicle, the method comprising:
the method comprises the steps that a terminal device encrypts and signs a vehicle using request and vehicle identification information by adopting a private key of the terminal device to generate first signature information, and the first signature information is sent to a cloud server;
the cloud server receives the first signature information, and decrypts and verifies the signature by adopting a public key of the terminal equipment to obtain a vehicle using request and vehicle identification information;
the cloud server checks a table according to the vehicle identification information to obtain a corresponding Bluetooth pairing code, generates a verification factor according to the vehicle using request, and binds and prestores the verification factor and a public key of the terminal device;
the cloud server encrypts the Bluetooth pairing code and the verification factor by adopting a public key of the terminal equipment to obtain first ciphertext information, and sends the first ciphertext information to the terminal equipment;
the terminal equipment receives the first ciphertext information and decrypts the first ciphertext information by adopting a private key of the terminal equipment to obtain the Bluetooth pairing code and the verification factor;
the terminal equipment is connected with the vehicle in a Bluetooth pairing mode based on the Bluetooth pairing code;
after the pairing is successful, the terminal equipment adopts a private key of the terminal equipment to carry out encryption signature on the verification factor so as to generate second signature information, and the verification factor and the second signature information are packaged and sent to the vehicle;
the vehicle receives the verification factor and the second signature information and sends the verification factor to the cloud server;
the cloud server searches a public key of the terminal device having a binding relation with the verification factor according to the received verification factor, and returns the public key of the terminal device to the vehicle;
the vehicle decrypts and verifies the signature of the second signature information according to the received public key of the terminal device, and compares the information obtained by decryption and verification with the verification factor;
and if the comparison is consistent, the vehicle receives and executes the control instruction of the terminal equipment.
Specifically, the technical solution of the present invention is applicable to the vehicle rental industry, and the terminal device may be any one or more of a mobile phone, an IPAD, and a PC, but is not limited thereto. The cloud server may be embodied as a vehicle rental platform.
In practical application, if a user wants to use a vehicle in front, the license plate number of the vehicle can be scanned and identified through a mobile phone carried with the user, a vehicle using request and the license plate number are sent to a vehicle renting platform, then the vehicle renting platform generates a corresponding verification factor according to the vehicle using request, the verification factor and a Bluetooth pairing code are sent to the mobile phone, and then the mobile phone can perform Bluetooth communication with the vehicle through the Bluetooth pairing code. Only Bluetooth communication between the mobile phone and the vehicle is established at the moment, but the vehicle cannot be controlled by using the mobile phone, because the vehicle does not know whether the mobile phone is authorized by the vehicle renting platform, and in order to further verify whether the mobile phone is authorized by the vehicle renting platform, the vehicle can send the verification factor to the vehicle renting platform after receiving the verification factor and the second signature information; the vehicle renting platform searches a mobile phone public key with a binding relation with the vehicle renting platform according to the received verification factor and returns the mobile phone public key to the vehicle; the vehicle decrypts and verifies the signature of the second signature information according to the received mobile phone public key, and the information obtained by decryption and verification is paired with the verification factor; if the pair is consistent, the mobile phone can be verified to be authorized by the vehicle rental platform.
Further, if the cloud server does not search the public key of the terminal device having the binding relationship with the verification factor according to the received verification factor, the cloud server returns search failure information, and the vehicle can interrupt receiving and executing the control instruction of the terminal device after receiving the search failure information.
According to the embodiment of the invention, before the terminal device uses its own private key to encrypt and sign the vehicle using request and the vehicle identification information to generate the first signature information, the method further comprises:
the terminal equipment is preset with a private and public key pair; the cloud server is preset with a public and private key pair, all vehicle identification information, Bluetooth pairing codes and public keys of all terminal devices; the vehicle is preset with a private and public key pair of the vehicle and a public key of the cloud server.
According to an embodiment of the invention, after the vehicle receives the verification factor and the second signature information, the method further comprises:
the vehicle encrypts the verification factor by using a public key of the cloud server to obtain second ciphertext information, and sends the second ciphertext information to the cloud server;
the cloud server receives the second ciphertext information, decrypts the second ciphertext information by adopting a private key of the cloud server to obtain the verification factor, and searches a terminal device public key in a binding relationship with the verification factor according to the verification factor;
the cloud server encrypts the public key of the terminal equipment by adopting the public key of the vehicle to obtain third ciphertext information, and sends the third ciphertext information to the vehicle;
the vehicle receives the third ciphertext information and decrypts the third ciphertext information by using a private key of the vehicle to obtain the public key of the terminal equipment;
the vehicle decrypts and verifies the signature of the second signature information according to the public key of the terminal device, and the information obtained by decryption and verification is paired with the verification factor;
and if the pair is consistent, the vehicle receives and executes the control instruction of the terminal equipment.
It should be noted that, the communication security between the cloud server and the vehicle is ensured by a public key encryption and private key decryption manner, and the third party is effectively prevented from stealing the communication data between the cloud server and the vehicle.
According to an embodiment of the present invention, the receiving and executing of the control instruction of the terminal device by the vehicle specifically includes:
the terminal equipment and the vehicle perform key agreement to obtain a session key;
the terminal equipment generates a control instruction, encrypts the control instruction by adopting the session key to obtain fourth ciphertext information, and sends the fourth ciphertext information to the vehicle;
the vehicle receives the fourth ciphertext message and decrypts by using the session key to obtain the control instruction;
and the vehicle performs corresponding execution actions according to the control command.
It should be noted that, on the basis of the bluetooth connection between the terminal device and the vehicle, key agreement is performed to obtain a session key, and data transmitted between the terminal device and the vehicle is encrypted by the session key to ensure communication security.
Further, the key agreement between the terminal device and the vehicle to obtain the session key specifically includes:
the terminal equipment selects a random secret number a1
Figure BDA0002260435370000101
Respectively calculate SA=a1(xA+yA)-1、QA=a2(XB+YB+PPubhB) And UA=H2(IDA,IDB,a1P,a2P) wherein hB=H1(IDB,XB,YB);
The terminal device sends a message (ID)A,IDB,UA,SA,QA) Providing the vehicle;
the vehicle receives a message (ID)A,IDB,UA,SA,QA) Then, P is calculatedB,1=SA(XA+YA+PPubhA) And PB,2=(xB+yB)-1QAIf there is equation UA=H2(IDA,IDB,PB,1,PB,2) If the terminal device passes the identity validity verification of the vehicle, and the vehicle verifies the validity of the message, that is, the message is confirmed to be the key agreement message sent by the terminal device; if not, terminating;
after the identity and the message validity of the terminal equipment are verified, the vehicle randomly selects a secret number b1
Figure BDA0002260435370000102
Respectively calculate SB=b1(xB+yB)-1、QB=b2(XA+YA+PPubhA) And UB=H2(IDA,IDB,b1P,b2P) wherein hA=H1(IDA,XA,YA);
The vehicle sends a message (ID)A,IDB,UB,SB,QB) To the terminal device, the vehicle calculates a shared secret:
Figure BDA0002260435370000111
the session key K calculated by the vehicleBAComprises the following steps:
Figure BDA0002260435370000112
the terminal device receives a message (ID)A,IDB,UB,SB,QB) Then, P is calculatedA,1=SB(XB+YB+PPubhB) And PA,2=(xA+yA)-1QBIf there is equation UB=H2(IDA,IDB,PA,1,PA,2) If the vehicle passes the identity validity verification of the vehicle by the terminal equipment, and the terminal equipment verifies the validity of the message, namely the message is confirmed to be the key agreement message sent by the vehicle; if not, terminating;
after the vehicle identity and message validity are verified, the terminal device calculates a shared secret:
Figure BDA0002260435370000113
the session key K calculated by the vehicleBAComprises the following steps:
Figure BDA0002260435370000114
note that IDAThe identity of the terminal equipment is identified; xAIs the endPublic parameters of the end device; IDBAn identity of the vehicle; xBIs a public parameter of the vehicle.
It should be noted that, before key agreement, system establishment is required, and group G is a large prime number q (q > 2) of the orderkK is a security parameter), P is a generator of group G; selecting collision resistant one-way hash function
Figure BDA0002260435370000121
H:{0,1}*→{0,1}kWherein L is the length of the (terminal device or vehicle) identity; KGC (Key Generation center) randomly selects master key
Figure BDA0002260435370000123
Computing system public key PPubsP and discloses the system parameters, Params<q,P,G,PPub,H1,H2,H>S is kept secret.
Randomly selecting secret value x by terminal equipment or vehicleAOr
Figure BDA0002260435370000124
Calculating the public parameter XA=xAP or XB=xBP, and sends an identification IDAOr IDBPublic parameter XAOr XBThe KGC was given. Giving the terminal device or the vehicle identification IDAOr IDBPublic parameter XAOr XBKGC randomly selects a secret number rAOr
Figure BDA0002260435370000122
And calculate YA=rAP or YB=rBP,yA=rA+sH1(IDA,XA,YA) Or yB=rB+sH1(IDB,XB,YB) And y is transmitted through a secure channelAOr yB、YAOr YBAnd returning to the terminal equipment or the vehicle.
According to an embodiment of the present invention, after the vehicle receives and executes the control instruction of the terminal device, the method further includes:
the terminal equipment sends a car returning request to the cloud server;
the cloud server calculates according to the vehicle using time period to obtain consumption bill information and feeds the consumption bill information back to the terminal equipment;
the terminal equipment pays money through a third party payment platform;
after the payment amount is successful, the cloud server destroys the verification factor and sends verification factor failure information to the vehicle;
and the vehicle stops receiving and executing the control instruction of the terminal equipment when receiving the verification factor failure information.
According to the embodiment of the invention, generating the verification factor according to the vehicle using request specifically comprises:
and randomly generating the verification factor according to the current time node of the vehicle using request.
It should be noted that the present invention can randomly generate the verification factor in combination with the time point, and the verification factor generated in different time periods for different users is different. In other embodiments, the verification factor may also be randomly generated in combination with the current time node and the current location.
According to the embodiment of the invention, before the terminal device uses its own private key to encrypt and sign the vehicle using request and the vehicle identification information to generate the first signature information, the method further comprises:
and the terminal equipment scans the preset position of the vehicle through a camera to acquire the vehicle identification information.
Preferably, the vehicle identification information includes any one or more of a license plate number, a two-dimensional code and a bar code. But is not limited thereto
Further, the terminal device and the vehicle are respectively in network communication with the cloud server, and the network communication mode includes any one or more of 3G, 4G and 5G.
According to the invention, the terminal equipment and the cloud server are mutually matched to form the digital key for controlling the vehicle, so that the traditional mechanical key is replaced, the convenience degree of using the vehicle by a user is effectively improved, and the rapid development of the vehicle rental industry is further promoted.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.

Claims (10)

1. A vehicle-based digital key implementation method, the method comprising:
the method comprises the steps that a terminal device encrypts and signs a vehicle using request and vehicle identification information by adopting a private key of the terminal device to generate first signature information, and the first signature information is sent to a cloud server;
the cloud server receives the first signature information, and decrypts and verifies the signature by adopting a public key of the terminal equipment to obtain a vehicle using request and vehicle identification information;
the cloud server checks a table according to the vehicle identification information to obtain a corresponding Bluetooth pairing code, generates a verification factor according to the vehicle using request, and binds and prestores the verification factor and a public key of the terminal device;
the cloud server encrypts the Bluetooth pairing code and the verification factor by adopting a public key of the terminal equipment to obtain first ciphertext information, and sends the first ciphertext information to the terminal equipment;
the terminal equipment receives the first ciphertext information and decrypts the first ciphertext information by adopting a private key of the terminal equipment to obtain the Bluetooth pairing code and the verification factor;
the terminal equipment is connected with the vehicle in a Bluetooth pairing mode based on the Bluetooth pairing code;
after the pairing is successful, the terminal equipment adopts a private key of the terminal equipment to carry out encryption signature on the verification factor so as to generate second signature information, and the verification factor and the second signature information are packaged and sent to the vehicle;
the vehicle receives the verification factor and the second signature information and sends the verification factor to the cloud server;
the cloud server searches a public key of the terminal device having a binding relation with the verification factor according to the received verification factor, and returns the public key of the terminal device to the vehicle;
the vehicle decrypts and verifies the signature of the second signature information according to the received public key of the terminal device, and compares the information obtained by decryption and verification with the verification factor;
and if the comparison is consistent, the vehicle receives and executes the control instruction of the terminal equipment.
2. The vehicle-based digital key implementation method of claim 1, wherein before the terminal device uses its own private key to cryptographically sign the vehicle use request and the vehicle identification information to generate the first signature information, the method further comprises:
the terminal equipment is preset with a private and public key pair; the cloud server is preset with a public and private key pair, all vehicle identification information, Bluetooth pairing codes and public keys of all terminal devices; the vehicle is preset with a private and public key pair of the vehicle and a public key of the cloud server.
3. The vehicle-based digital key implementation method of claim 2, wherein after the vehicle receives the verification factor and the second signature information, the method further comprises:
the vehicle encrypts the verification factor by using a public key of the cloud server to obtain second ciphertext information, and sends the second ciphertext information to the cloud server;
the cloud server receives the second ciphertext information, decrypts the second ciphertext information by adopting a private key of the cloud server to obtain the verification factor, and searches a terminal device public key in a binding relationship with the verification factor according to the verification factor;
the cloud server encrypts the public key of the terminal equipment by adopting the public key of the vehicle to obtain third ciphertext information, and sends the third ciphertext information to the vehicle;
the vehicle receives the third ciphertext information and decrypts the third ciphertext information by using a private key of the vehicle to obtain the public key of the terminal equipment;
the vehicle decrypts and verifies the signature of the second signature information according to the public key of the terminal device, and compares the information obtained by decryption and verification with the verification factor;
and if the comparison is consistent, the vehicle receives and executes the control instruction of the terminal equipment.
4. The vehicle-based digital key implementation method according to claim 1, wherein the vehicle receives and executes the control command of the terminal device, and specifically comprises:
the terminal equipment and the vehicle perform key agreement to obtain a session key;
the terminal equipment generates a control instruction, encrypts the control instruction by adopting the session key to obtain fourth ciphertext information, and sends the fourth ciphertext information to the vehicle;
the vehicle receives the fourth ciphertext message and decrypts by using the session key to obtain the control instruction;
and the vehicle performs corresponding execution actions according to the control command.
5. The vehicle-based digital key implementation method according to claim 4, wherein the key agreement between the terminal device and the vehicle to obtain the session key specifically includes:
the terminal equipment selects a random secret number a1
Figure FDA0002260435360000031
Respectively calculate SA=a1(xA+yA)-1、QA=a2(XB+YB+PPubhB) And UA=H2(IDA,IDB,a1P,a2P) wherein hB=H1(IDB,XB,YB);
The terminal device sends a message (ID)A,IDB,UA,SA,QA) Providing the vehicle;
the vehicle receives a message (ID)A,IDB,UA,SA,QA) Then, P is calculatedB,1=SA(XA+YA+PPubhA) And PB,2=(xB+yB)-1QAIf there is equation UA=H2(IDA,IDB,PB,1,PB,2) If the terminal device passes the identity validity verification of the vehicle, and the vehicle verifies the validity of the message, that is, the message is confirmed to be the key agreement message sent by the terminal device; if not, terminating;
after the identity and the message validity of the terminal equipment are verified, the vehicle randomly selects a secret number b1
Figure FDA0002260435360000032
Respectively calculate SB=b1(xB+yB)-1、QB=b2(XA+YA+PPubhA) And UB=H2(IDA,IDB,b1P,b2P) wherein hA=H1(IDA,XA,YA);
The vehicle sends a message (ID)A,IDB,UB,SB,QB) To the terminalA device, the vehicle to calculate a shared secret:
Figure FDA0002260435360000041
Figure FDA0002260435360000042
Figure FDA0002260435360000043
the session key K calculated by the vehicleBAComprises the following steps:
Figure FDA0002260435360000044
the terminal device receives a message (ID)A,IDB,UB,SB,QB) Then, P is calculatedA,1=SB(XB+YB+PPubhB) And PA,2=(xA+yA)-1QBIf there is equation UB=H2(IDA,IDB,PA,1,PA,2) If the vehicle passes the identity validity verification of the vehicle by the terminal equipment, and the terminal equipment verifies the validity of the message, namely the message is confirmed to be the key agreement message sent by the vehicle; if not, terminating;
after the vehicle identity and message validity are verified, the terminal device calculates a shared secret:
Figure FDA0002260435360000045
Figure FDA0002260435360000046
Figure FDA0002260435360000047
the session key K calculated by the vehicleBAComprises the following steps:
Figure FDA0002260435360000048
6. the vehicle-based digital key implementation method of claim 1, wherein after the vehicle receives and executes the control command of the terminal device, the method further comprises:
the terminal equipment sends a car returning request to the cloud server;
the cloud server calculates according to the vehicle using time period to obtain consumption bill information and feeds the consumption bill information back to the terminal equipment;
the terminal equipment pays money through a third party payment platform;
after the payment amount is successful, the cloud server destroys the verification factor and sends verification factor failure information to the vehicle;
and the vehicle stops receiving and executing the control instruction of the terminal equipment when receiving the verification factor failure information.
7. The vehicle-based digital key implementation method according to claim 1, wherein generating a validation factor according to the vehicle utilization request specifically comprises:
and randomly generating the verification factor according to the current time node of the vehicle using request.
8. The vehicle-based digital key implementation method of claim 1, wherein before the terminal device uses its own private key to cryptographically sign the vehicle use request and the vehicle identification information to generate the first signature information, the method further comprises:
and the terminal equipment scans the preset position of the vehicle through a camera to acquire the vehicle identification information.
9. The vehicle-based digital key implementation method of claim 1, wherein the vehicle identification information comprises any one or more of a license plate number, a two-dimensional code, and a bar code.
10. The vehicle-based digital key implementation method according to claim 1, wherein the terminal device and the vehicle are respectively in network communication with the cloud server, and the network communication mode includes any one or more of 3G, 4G, and 5G.
CN201911069314.6A 2019-11-05 2019-11-05 Digital key implementation method based on vehicle Active CN111200496B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911069314.6A CN111200496B (en) 2019-11-05 2019-11-05 Digital key implementation method based on vehicle

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911069314.6A CN111200496B (en) 2019-11-05 2019-11-05 Digital key implementation method based on vehicle

Publications (2)

Publication Number Publication Date
CN111200496A true CN111200496A (en) 2020-05-26
CN111200496B CN111200496B (en) 2022-10-14

Family

ID=70746385

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911069314.6A Active CN111200496B (en) 2019-11-05 2019-11-05 Digital key implementation method based on vehicle

Country Status (1)

Country Link
CN (1) CN111200496B (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111669399A (en) * 2020-06-17 2020-09-15 上海越域智能科技有限公司 Symmetric encryption system and method for vehicle Bluetooth key identity authentication mode
CN111923863A (en) * 2020-08-25 2020-11-13 东信和平科技股份有限公司 Vehicle control method based on digital vehicle key
CN112396735A (en) * 2020-11-27 2021-02-23 昕培科技(北京)有限公司 Internet automobile digital key safety authentication method and device
CN112396738A (en) * 2020-12-01 2021-02-23 深圳市汇顶科技股份有限公司 Unlocking method of shared device and related device
CN113442871A (en) * 2021-06-30 2021-09-28 重庆长安新能源汽车科技有限公司 NFC-based keyless entry method and system
CN113709695A (en) * 2021-08-04 2021-11-26 一汽解放汽车有限公司 Vehicle use authorization method and system
CN115938022A (en) * 2022-12-12 2023-04-07 远峰科技股份有限公司 Vehicle entity key safety authentication method and system
WO2023061029A1 (en) * 2021-10-13 2023-04-20 华为技术有限公司 Digital key activation method, device and system
WO2023151582A1 (en) * 2022-02-14 2023-08-17 华为技术有限公司 Secure communication method for vehicle, related apparatus and communication system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105015489A (en) * 2015-07-14 2015-11-04 杭州万好万家新能源科技有限公司 Intelligent vehicle control system based on digital key
CN105279832A (en) * 2015-12-01 2016-01-27 北京卡多宝信息技术有限公司 Intelligent door lock system and control method thereof
CN105991643A (en) * 2015-03-20 2016-10-05 现代自动车美国技术研究所 Method and apparatus for performing secure Bluetooth communication
WO2016170834A1 (en) * 2015-04-20 2016-10-27 株式会社ディー・エヌ・エー System and method for managing vehicle
CN107689098A (en) * 2017-09-05 2018-02-13 上海博泰悦臻电子设备制造有限公司 The implementation method and system of bluetooth car key
CN108122311A (en) * 2017-11-30 2018-06-05 北京九五智驾信息技术股份有限公司 Vehicle virtual key realization method and system
CN110290525A (en) * 2019-06-21 2019-09-27 湖北亿咖通科技有限公司 A kind of sharing method and system, mobile terminal of vehicle number key

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105991643A (en) * 2015-03-20 2016-10-05 现代自动车美国技术研究所 Method and apparatus for performing secure Bluetooth communication
WO2016170834A1 (en) * 2015-04-20 2016-10-27 株式会社ディー・エヌ・エー System and method for managing vehicle
CN105015489A (en) * 2015-07-14 2015-11-04 杭州万好万家新能源科技有限公司 Intelligent vehicle control system based on digital key
CN105279832A (en) * 2015-12-01 2016-01-27 北京卡多宝信息技术有限公司 Intelligent door lock system and control method thereof
CN107689098A (en) * 2017-09-05 2018-02-13 上海博泰悦臻电子设备制造有限公司 The implementation method and system of bluetooth car key
CN108122311A (en) * 2017-11-30 2018-06-05 北京九五智驾信息技术股份有限公司 Vehicle virtual key realization method and system
CN110290525A (en) * 2019-06-21 2019-09-27 湖北亿咖通科技有限公司 A kind of sharing method and system, mobile terminal of vehicle number key

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
周彦伟等: "一种改进的无证书两方认证密钥协商协议", 《计算机学报》 *

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111669399A (en) * 2020-06-17 2020-09-15 上海越域智能科技有限公司 Symmetric encryption system and method for vehicle Bluetooth key identity authentication mode
CN111669399B (en) * 2020-06-17 2022-04-22 上海越域智能科技有限公司 Symmetric encryption system and method for vehicle Bluetooth key identity authentication mode
CN111923863A (en) * 2020-08-25 2020-11-13 东信和平科技股份有限公司 Vehicle control method based on digital vehicle key
CN111923863B (en) * 2020-08-25 2021-09-17 东信和平科技股份有限公司 Vehicle control method based on digital vehicle key
CN112396735B (en) * 2020-11-27 2022-09-02 昕培科技(北京)有限公司 Internet automobile digital key safety authentication method and device
CN112396735A (en) * 2020-11-27 2021-02-23 昕培科技(北京)有限公司 Internet automobile digital key safety authentication method and device
CN112396738A (en) * 2020-12-01 2021-02-23 深圳市汇顶科技股份有限公司 Unlocking method of shared device and related device
CN113442871A (en) * 2021-06-30 2021-09-28 重庆长安新能源汽车科技有限公司 NFC-based keyless entry method and system
CN113709695A (en) * 2021-08-04 2021-11-26 一汽解放汽车有限公司 Vehicle use authorization method and system
CN113709695B (en) * 2021-08-04 2024-04-09 一汽解放汽车有限公司 Authorization method and system for vehicle use
WO2023061029A1 (en) * 2021-10-13 2023-04-20 华为技术有限公司 Digital key activation method, device and system
WO2023151582A1 (en) * 2022-02-14 2023-08-17 华为技术有限公司 Secure communication method for vehicle, related apparatus and communication system
CN115938022A (en) * 2022-12-12 2023-04-07 远峰科技股份有限公司 Vehicle entity key safety authentication method and system
CN115938022B (en) * 2022-12-12 2023-11-24 远峰科技股份有限公司 Vehicle entity key safety authentication method and system

Also Published As

Publication number Publication date
CN111200496B (en) 2022-10-14

Similar Documents

Publication Publication Date Title
CN111200496B (en) Digital key implementation method based on vehicle
CN110637328B (en) Vehicle access method based on portable equipment
CN111194028B (en) Safety control method based on vehicle
CN108551455B (en) Configuration method and device of smart card
CN1714529B (en) Domain-based digital-rights management system with easy and secure device enrollment
US20140075186A1 (en) Multiple Access Key Fob
US20120155636A1 (en) On-Demand Secure Key Generation
CN109895734B (en) Authorized Bluetooth key activation method and system, storage medium and T-BOX
US11722529B2 (en) Method and apparatus for policy-based management of assets
CN109981562B (en) Software development kit authorization method and device
JP5031994B2 (en) Authority delegation system, control device, and authority delegation method
CN110148239A (en) A kind of authorization method and system of Intelligent key
CN111083696A (en) Communication verification method and system, mobile terminal and vehicle terminal
CN113556710B (en) Vehicle Bluetooth key method and device and vehicle
CN110598469B (en) Information processing method, device and computer storage medium
CN104702566B (en) Authorized use method and device of virtual equipment
CN110932846B (en) Vehicle-mounted virtual key communication method
CN111080856A (en) Bluetooth entrance guard unlocking method
JP7489310B2 (en) Electronic Key System
CN113115309B (en) Data processing method and device for Internet of vehicles, storage medium and electronic equipment
JP6723422B1 (en) Authentication system
CN106603486B (en) Method and system for security authorization of mobile terminal
CN112423298B (en) Identity authentication system and method for road traffic signal management and control facility
CN117475533A (en) Data transmission method and device, equipment and computer readable storage medium
JP2003132253A (en) Service reservation and providing method for mutual authentication by use of ticket, program therefor, and storage medium with program stored therein

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20220921

Address after: Room 605, Tian'an Exchange Center, Panyu Energy-saving Technology Park, No. 555 North Panyu Avenue, Donghuan Street, Panyu District, Guangzhou City, Guangdong Province, 510000

Applicant after: Guangzhou Mingrui Internet of things Technology Co.,Ltd.

Address before: 418400 Xinwu group, Chengjiao village, Feishan Township, Jingzhou Miao and Dong Autonomous County, Huaihua City, Hunan Province

Applicant before: Chu Changqing

GR01 Patent grant
GR01 Patent grant