CN113766450B - Vehicle virtual key sharing method, mobile terminal, server and vehicle - Google Patents
Vehicle virtual key sharing method, mobile terminal, server and vehicle Download PDFInfo
- Publication number
- CN113766450B CN113766450B CN202010504513.1A CN202010504513A CN113766450B CN 113766450 B CN113766450 B CN 113766450B CN 202010504513 A CN202010504513 A CN 202010504513A CN 113766450 B CN113766450 B CN 113766450B
- Authority
- CN
- China
- Prior art keywords
- authorization
- vehicle
- authorized party
- ciphertext
- random number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000013475 authorization Methods 0.000 claims abstract description 196
- 238000012795 verification Methods 0.000 claims abstract description 34
- 238000004891 communication Methods 0.000 claims description 15
- 230000003993 interaction Effects 0.000 claims description 7
- 238000012545 processing Methods 0.000 claims description 5
- 230000006870 function Effects 0.000 description 13
- 230000008569 process Effects 0.000 description 8
- 230000008901 benefit Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 238000004364 calculation method Methods 0.000 description 5
- 238000011161 development Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 206010063385 Intellectualisation Diseases 0.000 description 1
- 206010000210 abortion Diseases 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/40—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Lock And Its Accessories (AREA)
Abstract
The embodiment of the invention provides a vehicle virtual key sharing method, which comprises the following steps: determining that the user is an authorized party or an authorized party; if the user is an authorized party, acquiring an authorized password and authorized information input by the user; generating an authorization ciphertext according to the authorization password, the authorization information and the root key; if the user is an authorized party, acquiring an authorized password input by the user; if the authorization password is verified, acquiring an authorization ciphertext; the authorization ciphertext is generated according to an authorization password, authorization information and a root key of an authorizer; and the authorized party uses the authorization ciphertext to verify with the vehicle, and after the verification is passed, the authorized party has the control authority in the authorization information. Meanwhile, the corresponding mobile terminal, server and vehicle are also provided. The embodiment of the invention improves the safety and convenience of vehicle sharing.
Description
Technical Field
The invention relates to the field of vehicle internet of things, in particular to a vehicle virtual key sharing method, a mobile terminal for vehicle virtual key sharing, a server for vehicle virtual key sharing and a vehicle.
Background
The new and fourth automobile is gradually the development direction of the automobile industry, and the new and fourth automobile comprises the intellectualization and sharing. In short, if the traditional automobile key function can be integrated on a mobile phone or other intelligent equipment, the intelligent automobile key can be achieved. The sharing is that authorized operation is performed on the intelligent equipment, so that authorized legal users can open the vehicle door and use the vehicle of the vehicle owner.
For car key sharing, a 3C alliance (internet of vehicles alliance) is building a corresponding technical scheme, and each car enterprise also has own ideas. But currently there is no unified standard. The safest scheme is to use a certificate, write the private key of the certificate into the vehicle, issue the public key to the mobile phone, and share the public key to finish the vehicle borrowing operation. The certificate can well identify the identity because of a car-to-car certificate. However, the calculation related to the certificate requires the calculation power of the processor on the vehicle, and the cost of the whole vehicle is increased.
In the prior art, a method for sharing own automobile to other people exists, but a temporary authorization code mode is mostly adopted, and the method needs to provide account number or ID information of an authorized party, and also needs to lend a root key of a vehicle to enable the authorized party to be authorized, so that a certain security risk exists.
SE: secure Elemet, a secure element, typically provided in the form of a chip, having encryption/decryption logic therein for protecting data security against external malicious parsing attacks.
HSM: hardware Security Module, a hardware security module, which is used for protecting the life cycle of the key and processing encryption and decryption operations.
Disclosure of Invention
The invention aims to provide a vehicle virtual key sharing method and a corresponding hardware system, and aims to solve the problem of safety risk of only adopting account verification in the existing automobile borrowing.
In order to achieve the above object, in a first aspect of the present invention, there is provided a vehicle virtual key sharing method, including:
determining that the user is an authorized party or an authorized party;
If the user is an authorized party, acquiring an authorized password and authorized information input by the user; generating an authorization ciphertext according to the authorization password, the authorization information and the root key;
If the user is an authorized party, acquiring an authorized password input by the user; if the authorization password is verified, acquiring an authorization ciphertext; the authorization ciphertext is generated according to an authorization password, authorization information and a root key of an authorizer;
the authorized party uses the authorization ciphertext to verify with the vehicle, and after the verification is passed, the authorized party has the control authority in the authorization information;
The authorization password is shared by the authorized party and the authorized party, and the authorization information comprises the control authority of the authorized party to the vehicle in the authorization period.
Preferably, the generating the authorization ciphertext according to the authorization password, the authorization information and the root key includes:
generating a random number A1;
the authorization password and the random number A1 are spliced to calculate a check value B1,
After the authorization password, the random number A1 and the check value B1 are spliced, encrypting by adopting the root key to generate a ciphertext C1;
Calculating a check value B2 after splicing the authorization information and the random number A1,
After splicing the authorization information, the random number A1 and the check value B2, encrypting by adopting the root key to generate a ciphertext C2;
the ciphertext C1 and the ciphertext C2 are the authorization ciphertext.
Preferably, the authorization ciphertext is communicated through a server configured to:
receiving an authorization password input by an authorizing party; verifying the authorization password input by the authorized party by using the authorization password of the authorized party; and receiving the authorization ciphertext acquired by the authorized party and transmitting the authorization ciphertext to the authorized party passing the verification.
Preferably, the authenticating by the authorized party with the vehicle using the authorization ciphertext includes:
the vehicle acquires the authorization ciphertext from the authorized party;
decrypting the ciphertext C1 and the ciphertext C2 by adopting a root key respectively:
Authorization password, random number A2, check value B3, authorization information, random number A3, check value B4; the following three conditions are satisfied at the same time to verify that:
the random number A2 is equal to the random number A3;
the check value B3 is correct and the check value B4 is correct;
and determining that the ending time of the authorization deadline in the authorization information is after the current time.
Preferably, the authorized party has the control authority in the authorization information after the verification is passed, including:
the vehicle encodes the authorization password into the same format as the root key, and the authorized party encodes the authorization password into the same temporary root key in the same encoding mode as the temporary root key; and
The authorized party generates a random number R1 and a check value K1, encrypts the random number by adopting the temporary root key and transmits the encrypted random number R1 and the check value K1 to the vehicle;
after the vehicle decrypts and verifies, the random number R1, the random number R2 generated by the vehicle and the calculated verification value K2 of the random number R1 and the random number R2 are transmitted to the authorized party after being encrypted by adopting the temporary root key;
after decryption and verification of the authorized party, the random number R1 and the random number R2 are encrypted by adopting the temporary root key to serve as a session key, and the session key is used for encrypting a control instruction sent to the vehicle by the authorized party.
In a second aspect of the present invention, there is also provided a mobile terminal for vehicle virtual key sharing, the mobile terminal comprising:
the determining module is used for determining whether the user belongs to an authorized party or an authorized party;
The authorization password input module is used for inputting an authorization password by a user;
If the user is an authorized party, an authorization information input module is called, wherein the authorization information input module is used for inputting authorization information by the user, and then an authorization ciphertext generation module is called, and the authorization ciphertext generation module is used for generating an authorization ciphertext according to the authorization password, the authorization information and the root key;
If the user is an authorized party, a vehicle verification module is called, and the vehicle verification module is used for verifying the obtained authorization information with the vehicle; the vehicle control module is used for implementing the control authority in the authorization information by the authorized party;
the computing module is used for providing a computing processing function of the data;
the communication module is used for providing a data interaction function between the mobile terminal and external equipment;
And the storage module is used for storing the program instructions and the data information of the mobile terminal.
In a third aspect of the present invention, there is also provided a server for vehicle virtual key sharing, the server being configured as the function of the foregoing server.
Preferably, the server is further configured to:
Verifying the identity of the authorized party and the authorized party;
Providing reference times of the authorized party, the authorized party and the vehicle;
After detecting that the authorization information provided by the authorized party is changed, synchronizing the changed authorization information to the authorized party;
After detecting that the authorization period expires, deleting the temporary root key of the authorized party.
In a fourth aspect of the present invention, there is also provided a vehicle comprising a control module and a communication module, the control module being configured as a function of the aforementioned vehicle.
In a fifth aspect of the present invention, there is also provided a system for vehicle virtual key sharing, comprising: at least one mobile terminal, a server and a vehicle.
In a sixth aspect of the present invention, there is also provided a storage medium having stored therein instructions that, when executed on a computer, cause the computer to perform the aforementioned vehicle virtual key sharing method.
The technical scheme provided by the invention has the following beneficial effects:
1) A secret message, such as a 6-bit password message, is commonly determined by the borrower and the owner. The data, and also expiration time data, are then encrypted using the owner's root key, sent together to the borrower, and forwarded by the borrower to the vehicle for subsequent authentication. The method is simple and easy to realize on the premise of ensuring safety, and has low cost.
2) The vehicle indirectly authenticates the root key of the vehicle owner. Because of the characteristics of the encryption algorithm (the same input can cause the same encryption and decryption results), the important root key of the vehicle owner does not need to be directly authenticated for the borrower.
3) The algorithm (symmetric encryption algorithm) is simple to realize, and can be suitable for operation of a mobile phone end and a vehicle end, and the calculation is quick. The requirements on the mobile phone terminal are less, the development cost is reduced, and the development period is shortened.
Additional features and advantages of embodiments of the invention will be set forth in the detailed description which follows.
Drawings
The accompanying drawings are included to provide a further understanding of embodiments of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain, without limitation, the embodiments of the invention. In the drawings:
Fig. 1 is a flow chart of a vehicle virtual key sharing method in embodiment 1 of the present invention;
Fig. 2 is a schematic diagram of an authorization ciphertext generation and transmission flow in embodiment 2 of the present invention;
Fig. 3 is a schematic diagram of a verification process of an authorized party using an authorization ciphertext and a vehicle in embodiment 4 of the present invention;
fig. 4 is a flow chart of the embodiment of the invention in which the authorized party has the control authority in the authorization information;
fig. 5 is a schematic diagram of a vehicle virtual key sharing system according to embodiment 6 of the present invention.
Detailed Description
In addition, the embodiments of the present invention and the features of the embodiments may be combined with each other without collision.
The following describes the detailed implementation of the embodiments of the present invention with reference to the drawings. It should be understood that the detailed description and specific examples, while indicating and illustrating the invention, are not intended to limit the invention.
Example 1
Fig. 1 is a flow chart of a vehicle virtual key sharing method in embodiment 1 of the present invention. As shown in fig. 1, a vehicle virtual key sharing method includes:
Determining that the user is an authorized party or an authorized party; if the user is an authorized party, acquiring an authorized password and authorized information input by the user; generating an authorization ciphertext according to the authorization password, the authorization information and the root key; if the user is an authorized party, acquiring an authorized password input by the user; the borrowing check code in fig. 1 is an optional additional check mode. If the authorization password is verified, acquiring an authorization ciphertext; the authorization ciphertext is generated according to an authorization password, authorization information and a root key of an authorizer; the authorized party uses the authorization ciphertext to verify with the vehicle, and after the verification is passed, the authorized party has the control authority in the authorization information; the authorization password is shared by the authorized party and the authorized party, and the authorization information comprises the control authority of the authorized party to the vehicle in the authorization period.
The scheme needs to generate a piece of information which uniquely identifies the user according to some information of the user, the length of the information can be 16 bytes, and the information is called root authentication information. Generally, the root information participates in the subsequent symmetric encryption and decryption operations, and the key length supported by the encryption and decryption algorithms is 16 bytes. So for unification we call this string of 16 bytes of information uniquely identifying the user the root key. The root key needs to be stored in the user's smart device, and this root key information should also be available inside the vehicle. The root key is preferably stored in the SE secure element or HSM hardware encryption module to secure the key storage and encryption/decryption process. For vehicle enterprise applications, both the vehicle owners and borrowers need to register digital intelligent key application account numbers of the vehicle enterprises, and also need to ensure that data interaction is safe and reliable when the mobile terminal equipment is connected with the vehicle enterprise cloud server in the background, and the HTTPS protocol can be used for achieving the situation. The existing vehicle lending mode is mostly realized by sharing the root key of the vehicle, but the root key of the lending vehicle is accompanied by the risk of leakage. In order to avoid this risk, the present embodiment realizes sharing of vehicles by means of secret information (e.g., an authorized password) that is agreed in advance by one of both parties. The authorization password may be in the form of a number, for example, of 6 bits in length (hereinafter also referred to as a PIN code). Wherein the authorization password is shared by the authorizing party and the authorized party, and the sharing means that both parties know the authorization password, and the specific sharing method comprises the following steps: the authorization password is generated by negotiation of both parties or transmitted by common communication modes such as oral delivery, weChat, short message and authorized signal between both parties. Therefore, the vehicle indirectly authenticates the root key of the vehicle owner, and as the two parties hold the same PIN code, the important root key of the vehicle owner does not need to be directly authenticated for the borrower. In addition, the embodiment uses a symmetric encryption algorithm, has low requirement on the equipment operation capability, and has the advantages of quick calculation and simple development. Wherein determining that the user is an authorized or authorized party comprises: a selection box is provided for the user to select, and the default identity of the user is confirmed by the user login ID, etc.
Example 2
The present embodiment provides a specific authorization ciphertext generating method based on the previous embodiment. Fig. 2 is a schematic diagram of an authorization ciphertext generation and transmission flow in embodiment 2 of the invention, as shown in fig. 2. The generating the authorization ciphertext according to the authorization password, the authorization information and the root key comprises the following steps: generating a random number A1; calculating a check value B1 after splicing the authorization password and the random number A1, and generating a ciphertext C1 by encrypting the root key after splicing the authorization password, the random number A1 and the check value B1; calculating a check value B2 after splicing the authorization information and the random number A1, and generating a ciphertext C2 by encrypting the root key after splicing the authorization information, the random number A1 and the check value B2; the ciphertext C1 and the ciphertext C2 are the authorization ciphertext. Specifically, taking an authorized party as a vehicle owner and an authorized party as a vehicle receiving person as an example, the process of generating an authentication message by the vehicle owner is as follows: the borrowing operation formally starts, the car owner clicks a borrowing interface, account information (usually a mobile phone number) of a borrower is input, the borrowing expiration time and an authorization password (6-bit PIN code). The mobile phone of the car owner generates a random number A, splices the PIN code and the random number A, calculates a check value B1, and the check mode can use CRC32 or other check algorithms. And the three data of the PIN code, the random number A and the check value B1 are combined into a message, and the message is encrypted by using a root key to form a ciphertext C1. The mobile phone of the vehicle owner collects the expiration time information T input by the user before, splices the random number A, calculates the check value B2, and also makes three items of data (expiration time T+random number A+check value B2) into a message, and encrypts the message by using the root key to generate the ciphertext C2. The random number a here serves to give a certain randomness to the ciphertext, and under the influence of the random number a, the ciphertexts C1, C2 must be different even if the PIN code is the same. At this time, the authorization ciphertext is prepared, and the owner mobile phone sends the PIN code to a device or equipment for verifying the identity of the borrower according to the requirement. The authorization ciphertext generation mode in the embodiment has the advantages of good randomness and reliability.
Example 3
The present embodiment provides a procedure for transmitting authorization ciphertext using a server on the basis of the foregoing embodiment. The authorization ciphertext is communicated through a server configured to: receiving an authorization password input by an authorizing party, and verifying the authorization password input by the authorized party by the authorization password of the authorizing party; and receiving the authorization ciphertext of the authorized party, and sending the authorization ciphertext to the authorized party passing verification. Wherein the step of receiving the authorization ciphertext of the authorizing party may occur simultaneously with the step of receiving an authorization password or after the step of verifying. An embodiment of receiving authorization ciphertext of an authorized party after verification thereof refers to the server part of fig. 2. Specifically, the flow of receiving the authentication message by the borrower is as follows: the server informs the borrower of preparing to borrow the vehicle, pops up the input box and requests the borrower to input the PIN code determined before and upload. The server compares the PIN code with the PIN code uploaded by the vehicle owner before. If the vehicle is mistaken, the vehicle borrowing action needs to be input again or stopped, and the vehicle owner is informed of the failure of the vehicle borrowing. If the input is correct, the server will require the application of the owner to upload two encrypted messages C1, C2, which are then issued to the borrower together with some necessary borrowing information (e.g. who the owner is, the borrowing duration, the basic information of the vehicle). The borrower stores the information and simultaneously stores the PIN code input before. At this time, the borrower has two encrypted messages C1, C2 and PIN code. The preparation data for the borrowing has been completed. The server mode is adopted to transmit the authorization ciphertext, so that the method has the advantage of being free from distance limitation, and the verification and storage functions of the server can be utilized.
Example 4
On the basis of the foregoing embodiments, the present embodiment provides a verification process between an authorized party and a vehicle, and has the advantages of simple calculation and good security. Fig. 3 is a schematic diagram of a verification process of using authorization ciphertext and a vehicle by an authorized party in embodiment 4 of the present invention, as shown in fig. 3. The authorized party uses the authorization ciphertext to verify with the vehicle, and comprises the following steps: the vehicle acquires the authorization ciphertext from the authorized party; decrypting the ciphertext C1 and the ciphertext C2 by adopting a root key respectively: authorization password, random number A2, check value B3, authorization information, random number A3, check value B4; the following three conditions are satisfied at the same time to verify that: the random number A2 is equal to the random number A3; the check value B3 is correct and the check value B4 is correct; and determining that the ending time of the authorization deadline in the authorization information is after the current time. Specifically, a borrower (authorized party) obtains authentication information of a vehicle owner and starts to authenticate the vehicle. The borrower sends messages C1 and C2 to the vehicle completely. Since both messages are themselves encrypted by the root key, the messages can also be decrypted by the same root key owned by the vehicle. The vehicle is then able to restore from C1 the PIN code + the random number a2+ the check value B3, the random number A2 being equal to the aforementioned random number A1 and the check value B3 being equal to the aforementioned check value B1; similarly, the expiration time t+the random number a3+the check value B4 is restored from C2, and the random number A3 is also equal to the random number A1, and the check value B4 should be equal to the check value B2. The vehicle needs to do three things for these data: it is determined that the random numbers of the two messages are identical, i.e. a1=a2=a3 is required. The check values B1, B2 are determined to be intact (calculated using the same check method). The expiration time is determined to be after the current system time. If there is a problem in these three points, the illegal check data of the borrowing vehicle should return an error and disconnect. If the confirmation is correct, the vehicle returns a positive response, so that the application of the borrower stores the PIN code and takes the PIN code as the root information of the current communication requiring authentication. Since the owner of the car is also essentially the root information of the authentication himself when using the digital key. For the borrower at this time, he can only authenticate the PIN. And the authentication process of the borrower and the authentication process of the car owner should be compatible.
Example 5
The present embodiment provides an embodiment in which an authorized party obtains the right to operate the vehicle on the basis of the foregoing embodiment, and has the advantage of playback resistance. Fig. 4 is a flow chart of the embodiment of the invention in which the authorized party owns the control authority in the authorization information, as shown in fig. 4. After the verification is passed, the authorized party has the control authority in the authorization information, and the method comprises the following steps: the vehicle encodes the authorization password into the same format as the root key, and the authorized party encodes the authorization password into the same temporary root key in the same encoding mode as the temporary root key; the authorized party generates a random number R1 and a verification value K1 thereof, and the random number R1 and the verification value K1 are transmitted to the vehicle after being encrypted by adopting the temporary root key; After the vehicle decrypts and verifies, the random number R1, the random number R2 generated by the vehicle and the verification value K2 of the random number R2 and the random number are transmitted to the authorized party after being encrypted by adopting the temporary root key; after decryption and verification of the authorized party, the random number R1 and the random number R2 are encrypted by adopting the temporary root key to serve as a session key, and the session key is used for encrypting a control instruction sent to the vehicle by the authorized party. As described above, the authentication procedure of the borrower and the authentication procedure of the vehicle owner should be compatible, and an embodiment of the authentication procedure is provided below. First, root information is expanded. The owner and the vehicle hold a 16-byte root key, and the borrower has a 6-bit-length digital PIN code at the time of borrowing, and the vehicle also has the 6-bit PIN code at the time. in order to be unified, when a borrower interacts, an expansion operation is required to be performed on the 6-bit PIN code of the borrower and the vehicle (generally, MD5 or other digest algorithm can be used), and the 6-bit PIN code is changed into 16-byte information. At this time, whether the information is 16 bytes of the owner or 16 bytes of information obtained by expanding the borrower, we can refer to the information as a root key in a unified way. However, in order to distinguish the root key from the original car root key, the root key expanded by the PIN code is referred to as a temporary root key. And second, generating a session key. The mobile phone end generates a random number R1, calculates a check value K1 and encrypts the random number R1 into a ciphertext E1 by using a root key. The vehicle end should have the same root key as the mobile phone end at this time, and can decrypt E1 to obtain the random number R1 and the check value E1. Then, the correctness and the integrity of E1 are checked, if no error exists, the vehicle end generates a random number R2 and calculates a check value K2. And encrypting R2, K2 and K1 together to form ciphertext E2, and transmitting the ciphertext E2 to the mobile phone terminal. And the mobile phone end receives the data, decrypts E2 by using the root key, and checks whether K1 and K2 are accurate or not. If there is no problem, it is indicated that the handset is matched with the vehicle it is communicating with. The handset encrypts the random numbers R1 and R2 using the root key to form the final session key. Subsequent interaction of any control instructions is required to pass this encryption. and finally, the mobile phone end uses the session key to encrypt the instruction of handshake completion to inform the vehicle end. After the vehicle receives the message, the vehicle end also needs to encrypt R1 and R2 by using the root key to form a session key for decrypting the message of the previous vehicle. If the handshake is confirmed to be a handshake completion message, the mobile phone is replied, and the handshake is really completed. The embodiment has the advantages of being capable of resisting replay attacks, and the specific principle is as follows:
Replay attack enables an attacker to perform the same function as when successfully communicating the previous time by repeatedly sending messages that were successfully communicated before, without having completely passed the communication flow. A solution to this threat is to add a random number of interactions at the time of the interaction handshake. The scheme can also resist replay attacks. Assuming that an attacker can directly obtain a certain communication, the mobile phone sends all legal messages to the vehicle. He first sends a C1, C2 message to the vehicle. The vehicle records the PIN code and expiration time inside. And E1 message is sent by the attacker, and the vehicle can also pass the verification after receiving the message, generate random numbers at the same time, and send the random numbers to the attacker through verification and encryption. At this time the attacker sends a handshake completion instruction for session key encryption. The vehicle cannot pass the verification of the message. Because the attacker's session key is based on the random numbers R1 and R2 of the last successful communication. In this communication, the random number R1 is unchanged, and the random number R2 is changed, so that the session key of this vehicle communication has changed, and the last encryption result cannot be analyzed naturally. Subsequent time validation and unblocking instructions cannot be performed.
The authorization period in the authorization information is also important, and in general, in practice, for the vehicle owner, the above procedure is already completed, and the vehicle owner can directly encrypt the unlocking instruction to control the vehicle. But for the borrower to continue to authenticate the time information. Obviously, as long as the previous C1, C2 messages are sent, the controller should consider this to be the condition of the borrowing vehicle, and if the encrypted unlocking instruction is directly sent, the controller should not respond. The mobile phone end needs to encrypt the current time by using the session key and sends the current time to the vehicle end. The vehicle end uses the session key to decrypt and compare with the current system time in the vehicle. If the device is before the termination time, the device connected at present is ensured to be a legal borrower, and the borrowing time is within the allowed time period, and a normal message is returned to the mobile phone. At this time, the authentication process of the borrower is completed, so that the mobile phone can send a locking unlocking instruction.
If any of the above flows has any checking errors or aborts, the controller needs to have corresponding processing. For example, if several consecutive check errors occur, it is necessary to terminate the connection and prompt an error.
Example 6
Fig. 5 is a schematic diagram of a vehicle virtual key sharing system according to embodiment 6 of the present invention, as shown in fig. 5. The embodiment provides a system for sharing a virtual key of a vehicle, which comprises the following components: at least one of the aforementioned mobile terminals, server and vehicle. The mobile terminal, the server and the vehicle are connected in a networking manner through a wireless communication mode, wherein Bluetooth connection is preferred between the mobile terminal and the vehicle.
The following describes the modules in the system for vehicle virtual key sharing in embodiment 6, respectively:
A mobile terminal for vehicle virtual key sharing, the mobile terminal comprising:
The determining module is used for determining whether the user belongs to an authorized party or an authorized party; the authorization password input module is used for inputting an authorization password by a user; if the user is an authorized party, an authorization information input module is called, wherein the authorization information input module is used for inputting authorization information by the user, and then an authorization ciphertext generation module is called, and the authorization ciphertext generation module is used for generating an authorization ciphertext according to the authorization password, the authorization information and the root key; if the user is an authorized party, a vehicle verification module is called, and the vehicle verification module is used for verifying the obtained authorization information with the vehicle; the vehicle control module is used for implementing the control authority in the authorization information by the authorized party; the computing module is used for providing a computing processing function of the data; the communication module is used for providing a data interaction function between the mobile terminal and external equipment; and the storage module is used for storing the program instructions and the data information of the mobile terminal. A commonly used mobile terminal is a processor plus memory architecture capable of running software programs. The computing module is a CPU in the mobile phone, the communication module and the storage module are existing hardware modules in the mobile phone, the rest determining modules are program modules, and the program modules are stored in the storage module of the mobile phone and are presented in a mode of a mobile phone APP.
(Two) a server for vehicle virtual key sharing, the server being configured to function as the server in embodiment 3, further configured to:
Verifying the identity of the authorized party and the authorized party; authentication here includes login authentication of a server, authentication of an authorized password, and the like.
Providing reference times of the authorized party, the authorized party and the vehicle; the system is sensitive to time requirements. The borrower should use the network time as much as possible while verifying the time. If the system needs to be used without a network, then the local time is allowed to be used. For a vehicle, the expiration time needs to be compared when receiving the C2 message, and if the expiration time has expired, the vehicle is not allowed to borrow. When checking the current time of the borrower, the borrower needs to confirm again, whether the expiration time is out of date or not, and if the expiration time is out of date, the borrower is not allowed to use the vehicle.
After detecting that the authorization information provided by the authorized party is changed, synchronizing the changed authorization information to the authorized party; when the vehicle is in the authorized period, the vehicle owner can change the authorization information to implement the change of the authorization, so that the control right of the vehicle owner on the vehicle is enhanced.
After detecting that the authorization period expires, deleting the temporary root key of the authorized party. The use authority and the control period of the borrower are jointly controlled by a virtual key application and a vehicle-end virtual control module in the mobile equipment of the borrower, and when the authority expires and the vehicle is in a flameout and vehicle locking state, the virtual key application of the borrower and the vehicle-end controller destroy the virtual key of the borrower.
And (III) the vehicle comprises a control module and a communication module, wherein the control module is configured to have the functions of the vehicle and can be matched with a mobile terminal and a server to implement the vehicle virtual key sharing method. The vehicle may also have the following functions:
The vehicle is characterized in that a virtual key which can be authorized controls a door lock, a vehicle window, starting flameout and the like; the vehicle needs to be able to connect securely to the key service platform; the vehicle is provided with a virtual key antenna, a transceiver and a virtual key controller.
The control module in the vehicle is provided with an in-vehicle virtual key control function (hereinafter referred to as an in-vehicle virtual key controller) and is used for managing a vehicle owner virtual key, supporting authentication, registration, deletion, disablement and restoration, and managing a borrower virtual key, wherein the management comprises authority detection, key generation and key destruction;
The safety area of the virtual key controller in the vehicle stores the key of the vehicle owner and the safe operation encryption and decryption algorithm; and the virtual key controller in the vehicle analyzes the identity, the vehicle control authority and the vehicle control period of the lender through the authentication information of the lender, and stores and manages the virtual key controller.
The virtual key controller in the vehicle is used for authenticating the identity of the vehicle owner, authenticating the identity information of the vehicle borrower through authentication information, detecting the service life of the vehicle borrower, refusing access if the authority is out of date, and destroying the virtual key of the vehicle borrower; the virtual key controller in the vehicle can negotiate with the vehicle owner and the borrower to generate a temporary session password, and control instruction decryption verification is carried out; only in response to the vehicle owner authorization.
Example 7
In one embodiment of the present invention, a computer-readable storage medium is provided, in which instructions are stored, which when run on a computer, cause the computer to perform the aforementioned vehicle virtual key sharing method.
The foregoing details of the optional implementation of the embodiment of the present invention have been described in conjunction with the accompanying drawings, but the embodiment of the present invention is not limited to the specific details of the foregoing implementation, and various simple modifications may be made to the technical solution of the embodiment of the present invention within the scope of the technical concept of the embodiment of the present invention, where all the simple modifications belong to the protection scope of the embodiment of the present invention.
In addition, the specific features described in the above embodiments may be combined in any suitable manner without contradiction. In order to avoid unnecessary repetition, various possible combinations of embodiments of the present invention are not described in detail.
Those skilled in the art will appreciate that all or part of the steps in implementing the methods of the embodiments described above may be implemented by a program stored in a storage medium, including instructions for causing a single-chip microcomputer, chip or processor (processor) to perform all or part of the steps of the methods of the embodiments described herein. And the aforementioned storage medium includes: a usb disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
In addition, any combination of various embodiments of the present invention may be performed, so long as the concept of the embodiments of the present invention is not violated, and the disclosure of the embodiments of the present invention should also be considered.
Claims (9)
1. A vehicle virtual key sharing method, comprising:
determining that the user is an authorized party or an authorized party;
If the user is an authorized party, acquiring an authorized password and authorized information input by the user; generating an authorization ciphertext according to the authorization password, the authorization information and the root key;
If the user is an authorized party, acquiring an authorized password input by the user; if the authorization password is verified, acquiring an authorization ciphertext; the authorization ciphertext is generated according to an authorization password, authorization information and a root key of an authorizer;
Generating an authorization ciphertext according to the authorization password, the authorization information and the root key, wherein the generating comprises the following steps: generating a random number A1; calculating a check value B1 after splicing the authorization password and the random number A1, and generating a ciphertext C1 by encrypting the root key after splicing the authorization password, the random number A1 and the check value B1; calculating a check value B2 after splicing the authorization information and the random number A1, and generating a ciphertext C2 by encrypting the root key after splicing the authorization information, the random number A1 and the check value B2; the ciphertext C1 and the ciphertext C2 are the authorization ciphertext;
the authorized party uses the authorization ciphertext to verify with the vehicle, and after the verification is passed, the authorized party has the control authority in the authorization information;
The authorization password is shared by the authorized party and the authorized party, and the authorization information comprises the control authority of the authorized party to the vehicle in the authorization period.
2. The method of claim 1, wherein the authorization ciphertext is communicated through a server configured to:
Receiving an authorization password input by an authorizing party;
Verifying the authorization password input by the authorized party by using the authorization password of the authorized party;
Receiving the authorization ciphertext of the authorizing party; and
And sending the authorization ciphertext to the authorized party passing the verification.
3. The method of claim 1, wherein the authorized party uses the authorization ciphertext to verify with a vehicle, comprising:
the vehicle acquires the authorization ciphertext from the authorized party;
decrypting the ciphertext C1 and the ciphertext C2 by adopting a root key respectively:
Authorization password, random number A2, check value B3, authorization information, random number A3, check value B4; the following three conditions are satisfied at the same time to verify that:
the random number A2 is equal to the random number A3;
the check value B3 is correct and the check value B4 is correct;
and determining that the ending time of the authorization deadline in the authorization information is after the current time.
4. A method according to claim 3, wherein the authorized party has the right to manipulate in the authorization information after the verification is passed, comprising:
the vehicle encodes the authorization password into the same format as the root key, and the authorized party encodes the authorization password into the same temporary root key in the same encoding mode as the temporary root key; and
The authorized party generates a random number R1 and a check value K1 of the random number R1, encrypts the random number R1 by adopting the temporary root key and transmits the encrypted random number R1 to the vehicle;
after the vehicle decrypts and verifies, the random number R1, the random number R2 generated by the vehicle and the calculated verification value K2 of the random number R1 and the random number R2 are transmitted to the authorized party after being encrypted by adopting the temporary root key;
after decryption and verification of the authorized party, the random number R1 and the random number R2 are encrypted by adopting the temporary root key to serve as a session key, and the session key is used for encrypting a control instruction sent to the vehicle by the authorized party.
5. A mobile terminal for vehicle virtual key sharing, the mobile terminal comprising:
the determining module is used for determining whether the user belongs to an authorized party or an authorized party;
The authorization password input module is used for inputting an authorization password by a user;
If the user is an authorized party, an authorization information input module is called, wherein the authorization information input module is used for inputting authorization information by the user, and then an authorization ciphertext generation module is called, and the authorization ciphertext generation module is used for generating an authorization ciphertext according to the authorization password, the authorization information and the root key; generating an authorization ciphertext according to the authorization password, the authorization information and the root key, wherein the generating comprises the following steps: generating a random number A1; calculating a check value B1 after splicing the authorization password and the random number A1, and generating a ciphertext C1 by encrypting the root key after splicing the authorization password, the random number A1 and the check value B1; calculating a check value B2 after splicing the authorization information and the random number A1, and generating a ciphertext C2 by encrypting the root key after splicing the authorization information, the random number A1 and the check value B2; the ciphertext C1 and the ciphertext C2 are the authorization ciphertext;
If the user is an authorized party, a vehicle verification module is called, and the vehicle verification module is used for verifying the obtained authorization information with the vehicle; the vehicle control module is used for implementing the control authority in the authorization information by the authorized party;
the computing module is used for providing a computing processing function of the data;
the communication module is used for providing a data interaction function between the mobile terminal and external equipment;
And the storage module is used for storing the program instructions and the data information of the mobile terminal.
6. A server for vehicle virtual key sharing, characterized in that the server is configured as the functionality of the server of claim 2.
7. The server of claim 6, wherein the server is further configured to:
Verifying the identity of the authorized party and the authorized party;
Providing reference times of the authorized party, the authorized party and the vehicle;
After detecting that the authorization information provided by the authorized party is changed, synchronizing the changed authorization information to the authorized party;
After detecting that the authorization period expires, deleting the temporary root key of the authorized party.
8. A vehicle, characterized in that it comprises a control module and a communication module, the control module being configured as a function of the vehicle in the method of claim 3 or 4.
9. A vehicle virtual key sharing system, comprising: at least one mobile terminal of claim 5, a server of claim 6 or 7 and a vehicle of claim 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010504513.1A CN113766450B (en) | 2020-06-05 | 2020-06-05 | Vehicle virtual key sharing method, mobile terminal, server and vehicle |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010504513.1A CN113766450B (en) | 2020-06-05 | 2020-06-05 | Vehicle virtual key sharing method, mobile terminal, server and vehicle |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113766450A CN113766450A (en) | 2021-12-07 |
| CN113766450B true CN113766450B (en) | 2024-07-16 |
Family
ID=78783955
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010504513.1A Active CN113766450B (en) | 2020-06-05 | 2020-06-05 | Vehicle virtual key sharing method, mobile terminal, server and vehicle |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113766450B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117813804A (en) * | 2022-07-30 | 2024-04-02 | 华为技术有限公司 | Communication method and related equipment |
| CN115512468B (en) * | 2022-09-13 | 2024-06-28 | 辽宁科大物联科技有限公司 | Authorization management method and system for digital key |
| CN116489621A (en) * | 2023-04-18 | 2023-07-25 | 小米汽车科技有限公司 | Vehicle key sharing method, device, equipment and medium |
| CN117353916B (en) * | 2023-11-01 | 2024-07-26 | 北京中宏立达科技发展有限公司 | Key distribution acquisition method and system based on encrypted two-dimensional code |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102582574A (en) * | 2012-02-23 | 2012-07-18 | 浙江吉利汽车研究院有限公司 | Car start device by virtue of long-distance authorization and car start method |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120124374A1 (en) * | 2010-11-12 | 2012-05-17 | Nxp B.V. | Secured acknowledge protocol for automotive remote keyless entry systems and for networked sensor devices |
| CN106394486A (en) * | 2016-08-31 | 2017-02-15 | 长城汽车股份有限公司 | Authorization method and system of virtual key and server |
| CN109936833B (en) * | 2017-12-15 | 2021-08-13 | 蔚来(安徽)控股有限公司 | Vehicle virtual key generation and use method and system and user terminal |
| CN108569250B (en) * | 2018-03-30 | 2020-12-22 | 上海汽车集团股份有限公司 | Automatic authorization method of Bluetooth key based on shared automobile |
| CN110290525A (en) * | 2019-06-21 | 2019-09-27 | 湖北亿咖通科技有限公司 | A kind of sharing method and system, mobile terminal of vehicle number key |
-
2020
- 2020-06-05 CN CN202010504513.1A patent/CN113766450B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102582574A (en) * | 2012-02-23 | 2012-07-18 | 浙江吉利汽车研究院有限公司 | Car start device by virtue of long-distance authorization and car start method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113766450A (en) | 2021-12-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113766450B (en) | Vehicle virtual key sharing method, mobile terminal, server and vehicle | |
| CN108064440B (en) | FIDO authentication method, device and system based on block chain | |
| CN111049660B (en) | Certificate distribution method, system, device and equipment, and storage medium | |
| CN1777096B (en) | Password protection method and device | |
| CN106161032B (en) | A kind of identity authentication method and device | |
| US8590024B2 (en) | Method for generating digital fingerprint using pseudo random number code | |
| US20180183587A1 (en) | Blockchain-Assisted Public Key Infrastructure for Internet of Things Applications | |
| CA2357792C (en) | Method and device for performing secure transactions | |
| CN110990827A (en) | Identity information verification method, server and storage medium | |
| CN110708388B (en) | Vehicle body safety anchor node device, method and network system for providing safety service | |
| CN112396735B (en) | Internet automobile digital key safety authentication method and device | |
| CN102215221A (en) | Methods and systems for secure remote wake, boot, and login to a computer from a mobile device | |
| CN112235235A (en) | SDP authentication protocol implementation method based on state cryptographic algorithm | |
| CN106230813B (en) | Method for authenticating, authentication device and terminal | |
| CN101262342A (en) | Distributed authorization and validation method, device and system | |
| CN107733636B (en) | Authentication method and authentication system | |
| WO2018119623A1 (en) | Method of unlocking electronic lock device, and client and electronic lock device thereof | |
| CN111224784B (en) | Role separation distributed authentication and authorization method based on hardware trusted root | |
| CN110929231A (en) | Digital asset authorization method and device and server | |
| CN115022868A (en) | Satellite terminal entity authentication method, system and storage medium | |
| CN109743283B (en) | Information transmission method and equipment | |
| CN112887099B (en) | Data signing method, electronic device and computer readable storage medium | |
| CN112506267B (en) | RTC calibration method, vehicle-mounted terminal, user and storage medium | |
| CN111625815B (en) | Data transaction method and device based on trusted execution environment | |
| CN111200807B (en) | Bluetooth-based information interaction method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |