CN112669491A

CN112669491A - Vehicle digital key distribution management method and device

Info

Publication number: CN112669491A
Application number: CN202011494238.6A
Authority: CN
Inventors: 王辉
Original assignee: Guangzhou Xiaopeng Motors Technology Co Ltd; Guangzhou Chengxingzhidong Automotive Technology Co., Ltd
Current assignee: Guangzhou Xiaopeng Motors Technology Co Ltd; Guangzhou Chengxingzhidong Automotive Technology Co., Ltd
Priority date: 2020-12-16
Filing date: 2020-12-16
Publication date: 2021-04-16
Anticipated expiration: 2040-12-16
Also published as: WO2022127064A1; CN112669491B

Abstract

The embodiment of the invention provides a vehicle digital key distribution management method and a device, which are applied to a server side, wherein the server side is respectively in communication connection with a first mobile terminal, a second mobile terminal and a vehicle, and the method comprises the following steps: receiving key control information sent by the first mobile terminal; generating a preset number of digital keys according to the key control information; encrypting the preset number of digital keys; and sending the encrypted preset number of digital keys to the mobile terminal. The shared terminal can directly adopt the digital keys required to be used to realize vehicle control by generating the preset number of digital keys carrying key control information and sending the preset number of digital keys to the shared terminal, a key user does not need to register in advance or explicitly recover, and the shared terminal is suitable for various sharing scenes.

Description

Vehicle digital key distribution management method and device

Technical Field

The invention relates to the technical field of vehicles, in particular to a vehicle digital key distribution management method and a vehicle digital key distribution management device.

Background

The digital key has the characteristics of convenience in carrying, sharing and management, is deeply loved by users and has extremely high utilization rate, and the digital key becomes the standard configuration of the intelligent automobile. The digital key usually has strict life cycle management, including registration, cancellation and normal use, and each user (e.g. owner) corresponds to a digital key, when registering the digital key, the server needs to communicate with the mobile terminal and the vehicle respectively, and completes the creation operation of the security pairing information of the mobile terminal and the vehicle; when the digital key is logged off, the server, the mobile terminal and the vehicle need to communicate respectively to delete the safe pairing information of the mobile terminal and the vehicle, and the vehicle needs to be ensured to be in an off-line defense state.

The implementation mode of the digital key can support key sharing and other use scenes, and then the registration and the cancellation of the key cannot be realized under certain conditions, such as when a vehicle is in a network-free underground parking lot environment; when some keys are shared at one time, for example, when a car is moved in a car washing shop and a courier places objects in the car, the keys need to be used only through a complicated registration process, and car owners need to check that the keys are shared and then timely cancel the keys, so that the flexibility is low.

Disclosure of Invention

In view of the above problems, embodiments of the present invention are proposed to provide a vehicle digital key distribution management method and a corresponding vehicle digital key distribution management apparatus that overcome or at least partially solve the above problems.

In order to solve the above problem, an embodiment of the present invention discloses a vehicle digital key distribution management method, which is applied to a server, where the server establishes communication connections with a first mobile terminal, a second mobile terminal, and a vehicle, respectively, and the method includes:

receiving key control information sent by the first mobile terminal; the key control information includes a number of key uses;

generating a preset number of digital keys according to the key control information; wherein the preset number does not exceed the number of key uses;

encrypting the preset number of digital keys; the public key used for the encryption processing is generated by a root certificate preset in the vehicle and is forwarded to the server through the vehicle;

and sending the encrypted preset number of digital keys to the second mobile terminal.

Optionally, the generating a preset number of digital keys according to the key control information includes:

acquiring account information from the first mobile terminal, and generating a key pulling instruction according to the key control information and the account information;

sending the key pulling instruction to the second mobile terminal; the key pulling instruction is used for indicating the second mobile terminal to generate a key obtaining request;

and responding to a key acquisition request sent by the second mobile terminal, and generating a preset number of digital keys according to the key control information.

Optionally, the key control information further includes a key master identifier, vehicle information, a key validity period, or an operation authority.

Optionally, the server is connected with a vehicle, the vehicle has a preset root certificate and a first public key, and the server has a first private key matched with the first public key;

the encrypting the preset number of digital keys comprises:

when the activation operation of the preset vehicle digital key is detected, generating a vehicle digital key activation instruction, and sending the vehicle digital key activation instruction to the vehicle; the vehicle digital key activation instruction is used for instructing the vehicle to generate a public-private key pair comprising a second public key and a second private key through the root certificate;

receiving a second public key sent by the vehicle, and adopting the first private key and the second public key to sign and encrypt the preset number of digital keys in sequence;

the sending of the encrypted preset number of digital keys to the second mobile terminal includes:

and sending the preset number of digital keys for signature and encryption processing to the second mobile terminal.

Optionally, the preset number of digital keys includes digital keys carrying the same key primary identifier, and/or digital keys carrying different key primary identifiers;

the generating of the preset number of digital keys according to the key control information further comprises:

generating a key sub-identification for the digital key; the key sub-identifier is used for representing the number of times of using the digital key;

and in the process of sending the digital keys carrying the same key main identification to the second mobile terminal, adding one to the key sub-identification of the digital key carrying the same key main identification.

Optionally, the method further comprises:

acquiring a key disabling instruction; the key disabling instruction comprises a key disabling main identifier;

sending the key disabling instruction to the vehicle; the key disabling instruction is used for informing the vehicle that a disabling identification bit in key record information carrying the key disabling main identification is set as a disabling value.

Optionally, the method further comprises:

generating a restart activation instruction according to a preset time interval, and sending the restart activation instruction to the vehicle; the restart activation instruction is used for instructing the vehicle to generate a public-private key pair including a third public key and a third private key through the root certificate.

The embodiment of the invention also discloses a vehicle digital key distribution management method, which is applied to a vehicle, wherein the vehicle establishes communication connection with the first mobile terminal, the second mobile terminal and the server side, and the method comprises the following steps:

generating a public key according to a preset root certificate and forwarding the public key to the server; receiving the encrypted preset number of digital keys sent by the second mobile terminal; the encrypted preset number of digital keys are generated by the server according to the key control information sent by the first mobile terminal, and are encrypted by adopting the public key; wherein the preset number does not exceed the number of key usage times contained in the key control information;

and correspondingly controlling the vehicle according to the digital key.

Optionally, the vehicle has a preset first public key, and the server has a first private key matched with the first public key; the generating a public key according to a preset root certificate and forwarding the public key to the server side includes:

receiving a vehicle digital key activation instruction sent by the server; the activation instruction is generated by the server side detecting activation operation aiming at the preset vehicle digital key;

responding to the vehicle digital activation instruction, and generating a public and private key pair comprising a second public key and a second private key through the root certificate;

sending the second public key to the server; the server is used for adopting the first private key and the second public key to sequentially sign and encrypt the preset number of digital keys and sending the preset number of digital keys to the second mobile terminal.

Optionally, the correspondingly controlling the vehicle according to the digital key includes:

when receiving a digital key which is sent by the second mobile terminal and carries corresponding key control information, checking the digital key carrying the corresponding key control information;

after the check is passed, an operation corresponding to the corresponding key control information is performed in response.

Optionally, the checking the digital key carrying the corresponding key control information includes:

judging whether the digital key carrying the corresponding key control information is legal or not;

the judging whether the digital key carrying the corresponding key control information is legal or not includes:

judging whether the digital key carrying the corresponding key control information can be decrypted and signed-checking operation or not to obtain the digital key for decrypting and signing checking;

if the digital key for decryption and signature verification can be obtained, judging whether the digital key for decryption and signature verification is legal or not;

and if the digital key for decryption and signature verification is legal, judging whether the key control information carried by the digital key for decryption and signature verification is legal or not.

Optionally, the determining whether the decryption and signature verification operations can be performed on the digital key carrying the corresponding key control information to obtain the digital key for decryption and signature verification includes:

and judging whether a first public key matched with the first private key and a second private key matched with the second public key can be adopted to sequentially decrypt and verify the digital keys with preset number for signature and encryption.

Optionally, the vehicle has a digital key record for the digital key; the judging whether the digital key for decryption and signature verification is legal or not comprises the following steps:

when a digital key for decryption and signature verification is obtained, acquiring a target key main identification of the digital key for decryption and signature verification;

judging whether the digital key record has the target key main identification or not;

if the target key main identification exists in the digital key record, judging whether a forbidden zone bit contained in a target sub-record corresponding to the target key main identification is a preset threshold value or not, and judging whether a key sub-identification contained in the target record reaches a preset expected sub-identification or not.

Optionally, the method further comprises:

if the forbidden zone bit contained in the target sub-record is a preset threshold value and the key sub-identifier contained in the target record reaches a preset expected sub-identifier, the digital key for decryption and signature verification is legal;

or if the target key main identification does not exist in the digital key record, creating the digital key record of the digital key for decryption and signature verification, wherein the digital key record contains the key main identification, a preset expected sub-identification and a forbidden zone bit.

Optionally, if the digital key for decryption and signature verification is legal, determining whether the key control information carried by the digital key for decryption and signature verification is legal, including:

and judging whether the key control information carried by the digital key for decryption and signature verification is the same as the digital key record.

Optionally, the method further comprises:

receiving a key disabling instruction sent by the first mobile terminal; the key disabling instruction comprises a key disabling main identifier;

and setting a forbidden identification bit in the key record information carrying the forbidden key main identification as a forbidden value.

Optionally, the method further comprises:

receiving a restart activation instruction sent by the first mobile terminal according to a preset time interval;

and responding to the restart activation instruction, and generating a public-private key pair comprising a third public key and a third private key through the root certificate.

The embodiment of the invention also discloses a vehicle digital key distribution management device, which is applied to a server side, wherein the server side is respectively communicated with the first mobile terminal, the second mobile terminal and the vehicle, and the device comprises:

the key control information acquisition module is used for receiving the key control information sent by the first mobile terminal; the key control information includes a number of key uses;

the digital key generation module is used for generating a preset number of digital keys according to the key control information; wherein the preset number does not exceed the number of key uses;

the digital key encryption module is used for encrypting the preset number of digital keys; the public key used for the encryption processing is generated by a root certificate preset in the vehicle and is forwarded to the server through the vehicle;

and the digital key sending module is used for sending the encrypted preset number of digital keys to the second mobile terminal.

Optionally, the digital key generation module comprises:

the key pulling instruction generating submodule is used for acquiring account information from the first mobile terminal and generating a key pulling instruction according to the key control information and the account information;

the key pulling instruction sending submodule is used for sending the key pulling instruction to the second mobile terminal; the key pulling instruction is used for indicating the second mobile terminal to generate a key obtaining request;

and the digital key generation submodule is used for responding to a key acquisition request sent by the second mobile terminal and generating a preset number of digital keys according to the key control information.

Optionally, the vehicle has a preset root certificate and a first public key, and the server has a first private key matched with the first public key; the digital key encryption module comprises:

the vehicle digital key activation instruction sending submodule is used for generating a vehicle digital key activation instruction and sending the vehicle digital key activation instruction to the vehicle when the activation operation of the preset vehicle digital key is detected; the vehicle digital key activation instruction is used for instructing the vehicle to generate a public-private key pair comprising a second public key and a second private key through the root certificate;

and the signature encryption processing submodule is used for receiving a second public key sent by the vehicle and adopting the first private key and the second public key to carry out signature and encryption processing on the preset number of digital keys in sequence.

Optionally, the digital key transmission module includes:

and the digital key sending submodule is used for sending the preset number of digital keys for signature and encryption processing to the second mobile terminal.

Optionally, the preset number of digital keys includes digital keys carrying the same key primary identifier, and/or digital keys carrying different key primary identifiers; further comprising:

the key sub-identifier generation sub-module is used for generating a key sub-identifier aiming at the digital key; the key sub-identifier is used for representing the number of times of using the digital key;

and the adding operation submodule is used for adding one to the key sub-identifier of the digital key carrying the same key main identifier in the process of sending the digital key carrying the same key main identifier to the second mobile terminal.

Optionally, the apparatus further comprises:

the key disabling instruction acquisition module is used for acquiring a key disabling instruction; the key disabling instruction comprises a key disabling main identifier;

the key disabling instruction sending module is used for sending the key disabling instruction to the vehicle; the key disabling instruction is used for informing the vehicle that a disabling identification bit in key record information carrying the key disabling main identification is set as a disabling value.

Optionally, the apparatus may further include:

the restart activation instruction sending module is used for generating a restart activation instruction according to a preset time interval and sending the restart activation instruction to the vehicle; the restart activation instruction is used for instructing the vehicle to generate a public-private key pair including a third public key and a third private key through the root certificate.

The embodiment of the invention also discloses a vehicle digital key distribution management device, which is applied to a vehicle, wherein the vehicle is respectively communicated with the first mobile terminal, the second mobile terminal and the server side, and the device comprises:

the public key generating module is used for generating a public key according to a preset root certificate and forwarding the public key to the server;

the digital key receiving module is used for receiving the encrypted preset number of digital keys sent by the second mobile terminal; the encrypted preset number of digital keys are generated by the server according to the key control information sent by the first mobile terminal, and are encrypted by adopting the public key; wherein the preset number does not exceed the number of key usage times contained in the key control information;

and the vehicle control module is used for correspondingly controlling the vehicle according to the digital key.

Optionally, the vehicle has a preset first public key, and the server has a first private key matched with the first public key; the public key generation module comprises:

the vehicle digital key activation instruction receiving submodule is used for receiving a vehicle digital key activation instruction sent by the server side; the activation instruction is generated by the server side detecting activation operation aiming at the preset vehicle digital key;

the vehicle digital activation instruction response submodule is used for responding to the vehicle digital activation instruction and generating a public and private key pair comprising a second public key and a second private key through the root certificate;

the second public key sending submodule is used for sending the second public key to the server; the server is used for adopting the first private key and the second public key to sequentially sign and encrypt the preset number of digital keys and sending the preset number of digital keys to the second mobile terminal.

Optionally, the vehicle control module comprises:

the digital key checking submodule is used for checking the digital key carrying the corresponding key control information when receiving the digital key carrying the corresponding key control information sent by the second mobile terminal;

and the vehicle control sub-module is used for executing the operation corresponding to the corresponding key control information after the check is passed.

Optionally, the digital key checking sub-module includes:

the decryption and signature verification judging unit is used for judging whether the digital key carrying the corresponding key control information can be decrypted and signed verified to obtain the decrypted and signed digital key;

the digital key legality judging unit is used for judging whether the digital key for decryption and signature verification is legal or not if the digital key for decryption and signature verification can be obtained;

and the key control information judging unit is used for judging whether the key control information carried by the digital key for decryption and signature verification is legal or not if the digital key for decryption and signature verification is legal.

Optionally, the decryption and signature verification determining unit includes:

and the decryption and signature verification judging subunit is used for judging whether a first public key matched with the first private key and a second private key matched with the second public key can be adopted to sequentially decrypt and verify the digital keys with preset number for signature and encryption.

Optionally, the vehicle has a digital key record for the digital key; the digital key validity judging unit includes:

the target key main identification obtaining subunit is used for obtaining a target key main identification of the digital key for decryption and signature verification when the digital key for decryption and signature verification is obtained;

a target key master identifier determining subunit, configured to determine whether the target key master identifier exists in the digital key record;

and the digital key legality judging subunit is used for judging whether a forbidden zone bit contained in a target sub-record corresponding to the target key main identifier is a preset threshold value or not and whether the key sub-identifier contained in the target record reaches a preset expected sub-identifier or not if the target key main identifier exists in the digital key record.

Optionally, the digital key validity judging unit further includes:

the first digital key legal subunit is used for judging that the digital key for decryption and signature verification is legal if the forbidden zone bit contained in the target sub-record is a preset threshold value and the key sub-identifier contained in the target record reaches a preset expected sub-identifier;

and the second digital key legal subunit is used for creating a digital key record which contains the key main identifier, a preset expected sub identifier and a forbidden zone bit and aims at the digital key for decryption and signature verification if the target key main identifier does not exist in the digital key record.

Optionally, the key control information determination unit includes:

and the key control information judging subunit is used for judging whether the key control information carried by the digital key for decryption and signature verification is the same as the digital key record.

Optionally, the apparatus further comprises:

the key disabling instruction receiving submodule is used for receiving a key disabling instruction sent by the first mobile terminal; the key disabling instruction comprises a key disabling main identifier;

and the forbidden value setting submodule is used for setting forbidden identification bits in the key record information carrying the forbidden key main identification as forbidden values.

Optionally, the apparatus further comprises:

the restart activation instruction receiving module is used for receiving a restart activation instruction sent by the first mobile terminal according to a preset time interval;

and the restart activation instruction response module is used for responding to the restart activation instruction and generating a public and private key pair comprising a third public key and a third private key through the root certificate.

The embodiment of the invention also discloses a vehicle, which comprises: the vehicle digital key distribution management device, the processor, the memory, and the computer program stored on the memory and capable of running on the processor, the computer program, when executed by the processor, implementing the steps of any of the vehicle digital key distribution management methods.

The embodiment of the invention also discloses a computer readable storage medium, wherein a computer program is stored on the computer readable storage medium, and when the computer program is executed by a processor, the steps of any one of the vehicle digital key distribution management methods are realized.

The embodiment of the invention has the following advantages:

in the embodiment of the invention, a server, a first mobile terminal, a second mobile terminal and a vehicle are involved, key control information sent by the first mobile terminal is received by the server, and a preset number of digital keys are generated according to the key control information; and then, the generated preset number of digital keys can be encrypted, and the encrypted preset number of digital keys are sent to the second mobile terminal, so that the second mobile terminal can send the digital keys carrying the corresponding key control information to the vehicle, and the vehicle can be correspondingly controlled. Through generating the preset number of digital keys carrying key control information and sending the encrypted preset number of digital keys to the shared terminal, the shared terminal can directly adopt the digital keys required to be used to realize vehicle control, a key user does not need to register in advance or explicitly recover, and the vehicle can be controlled under the condition of no network to adapt to various sharing scenes.

Drawings

FIG. 1 is a flow chart of the steps of one embodiment of a vehicle digital key distribution management method of the present invention;

FIG. 2 is a process for implementing vehicle digital key distribution management in an embodiment of the present invention;

FIG. 3 is a process for implementing the production phase and owner binding activation phase for a digital key according to an embodiment of the present invention;

FIG. 4 illustrates an implementation of the key deletion and key deletion by a vehicle owner in accordance with an embodiment of the present invention;

FIG. 5 is a flow chart of steps in another embodiment of a method of vehicle digital key distribution management of the present invention;

FIG. 6 is a flowchart illustrating steps in yet another embodiment of a method for vehicle digital key distribution management in accordance with the present invention;

FIG. 7 is a schematic flow chart of a vehicle inspection according to an embodiment of the present invention;

FIG. 8 is an implementation of vehicle control with an assigned digital key in an embodiment of the present invention;

FIG. 9 is a block diagram showing the construction of an embodiment of a vehicle digital key distribution management apparatus according to the present invention;

FIG. 10 is a block diagram of another embodiment of a vehicle digital key distribution management apparatus of the present invention;

fig. 11 is a block diagram showing a configuration of still another embodiment of the vehicle digital key distribution management apparatus according to the present invention.

Detailed Description

In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.

One of the core ideas of the embodiment of the invention is to provide a light-weight digital car key system and a design method thereof, so that the use, sharing and management of the digital car key are more convenient and faster on the premise of ensuring the safety; and the key user can control the vehicle under the condition of no network without registering in advance or explicitly recovering, so that the key user can adapt to various sharing scenes.

Referring to fig. 1, a flowchart illustrating steps of an embodiment of a vehicle digital key distribution management method according to the present invention is shown, and is applied to a server, where the server establishes communication connections with a first mobile terminal, a second mobile terminal, and a vehicle respectively, and specifically includes the following steps:

step 101, receiving key acquisition control information sent by the first mobile terminal;

in one embodiment of the invention, the server may receive the key control information transmitted by the first mobile terminal, so as to generate a digital key for controlling the vehicle through the received key control information.

In practical applications, the first mobile terminal may refer to a mobile terminal of a vehicle owner sharing the digital key.

In specific implementation, when a vehicle owner shares a key, the key control information to be shared can be set, and the key control information and account information of a sharee are sent to a server, that is, the server can receive the key control information sent by a sharee terminal (i.e., a first mobile terminal) and the account information of the sharee.

In practical applications, the key control information may include a key Master identification (Master ID), vehicle information (VIN code), a key validity period, a number of key uses, and operation authority information for the vehicle.

The Master ID can be used for uniquely calibrating one key control information in the whole network, namely, digital keys with the same Master ID can have the same key control information; the key validity period can be used for indicating that the key is unavailable after the time, namely, the key validity period is used for limiting the valid use time of the generated digital key, and if the valid use time is exceeded, the vehicle control function of the digital key is automatically disabled; the number of times of use of the key may be used to indicate that the key may be used several times, and specifically, the number of times of use may be limited by a set value, for example, if the number of times of use is set to 1, it indicates that the key is shared once, and if the number of times of use is set to-1, it indicates that the key may be used permanently; the operation authority information for the vehicle may indicate whether the key has authority to operate a certain action, such as the authority to unlock, ignite, open the charge flap, open the trunk, and the like. In the embodiment of the invention, the shared key is not required to be explicitly recovered by a vehicle owner (namely, the shared key is not required to be timely cancelled after the shared key is confirmed to be used) through the design of the key validity period and the key use times, so that the use scene of the shared key is greatly facilitated.

102, generating a preset number of digital keys according to the key control information;

in practical applications, a preset number of digital keys may be generated in the process of generating the digital keys according to the key control information, wherein the preset number does not exceed the number of times of key usage included in the key control information.

When a pull signal of the mobile terminal for the digital key is detected, the server side can generate a preset number of digital keys according to the key control information.

The account information of a sharee (namely, a second mobile terminal user) can be acquired, a key pulling instruction is generated according to the key control information and the account information of the sharee, and then the key pulling instruction is sent to the mobile terminal, so that the sharee corresponding to the account information of the sharee can be informed of pulling the generated preset number of digital keys through the key pulling instruction; at this time, the shared terminal (i.e., the second mobile terminal) may generate a key acquisition request according to the received key pull instruction and send the key acquisition request to the server, and the server may respond to the key acquisition request sent by the mobile terminal, so as to generate a preset number of digital keys according to the key control information.

Specifically, referring to fig. 2, an implementation process of vehicle digital key allocation management in the embodiment of the present invention is shown, and key control information and account information of a sharee may be set by a vehicle owner and sent to a server; the server side can inform the account number APP of the shared person of having a new key, and synchronizes basic information to the APP side, wherein the basic information comprises a license plate number, a Bluetooth key MAC address and the like, and the informing and synchronizing mode can be realized by sending a key pulling instruction to the second mobile terminal; the APP of the sharee can regularly pull a batch of digital keys from the server side, then the digital keys are safely cached locally, the storage mode of the APP is generally stored in a tee environment on an android and ios system, and a third party can be effectively prevented from being stolen; the server can then generate a number of digital keys based on the key control information.

Before the server generates the digital key, whether the digital key can be generated can be judged according to the control conditions, for example, the current time does not exceed the validity period, and the total number of distributed digital keys does not exceed the number of use times; then, a digital key can be generated according to the control conditions, and the digital key information inherits the MasterID, the operation authority, and modifies the validity period to be the current time +5 days (i.e., usable within 5 days) and does not exceed the validity period in the control information, and adds the vehicle information.

As an example, the key control information set by the owner, that is, the key control information sent to the server may include MasterID ═ EWRQO132, validity period 2030.12.31, number of uses-1 (that is, unlimited number), operation authority of unlocking, igniting, opening the charging flap, opening the boot, and the like; the server side can generate the sub-keys on the premise that the current time does not exceed the validity period, namely <2030.12.31, and the total number of the generated sub-keys does not exceed the number of use times; the server generates a sub-key according to the key control information, the sub-key information may include MasterID EWRQO132, the validity period may be +5 days at the current time and is <2030.12.31, the vehicle information may be VIN number (for example, LMXXXXXX), the operation authority is the same as the set key control information, the operation authority may be unlocking, ignition, opening a charging flap, opening a tail box, and the like, and the sub-key identifier SubID is increased by 1 every time a sub-key is issued.

In a preferred embodiment, the generated preset number of digital keys may include digital keys carrying the same key primary identifier, and/or digital keys carrying different key primary identifiers; that is, a preset number of digital keys are generated at one time, and the number of generated digital keys with the same key main identification does not exceed the number of key use times.

In a preferred embodiment, while generating a preset number of digital keys according to the key control information, the server may also generate a key sub-identifier for the digital keys; in the process of sending the digital keys carrying the same key main identification to the second mobile terminal, an operation of adding one to the key sub-identification of the digital key carrying the same key main identification may be performed.

Specifically, the service end may generate a key sub-ID (sub-ID) for each digital key, where the ID is a self-increment, for example, an initial value of the ID is 1, and for digital keys carrying the same Master ID, each time a digital key with the same Master ID is issued, the sub-ID of the digital key is incremented by 1, so that the vehicle can use each digital key only once according to the sub-ID, that is, the key sub-ID is used to indicate a use status of the digital key (the digital key is used or not used).

103, encrypting the preset number of digital keys; the public key used for the encryption processing is generated by a root certificate preset in the vehicle and is forwarded to the server through the vehicle;

in practical applications, the server may be connected to a vehicle, the vehicle may have a preset root certificate and a first public key for a preset vehicle digital key, and the server may have a first private key matching the first public key.

When the activation operation of the preset vehicle digital key is detected, generating a vehicle digital key activation instruction, and sending the vehicle digital key activation instruction to the vehicle; and the vehicle is used for responding to the vehicle digital key activation instruction and generating a public-private key pair comprising a second public key and a second private key through the root certificate.

Specifically, referring to fig. 3, an implementation process of a production phase of a digital key and an owner binding activation phase in the embodiment of the present invention is shown, in the production phase of a vehicle, a server public key and a root certificate of a vehicle end may be preset for each vehicle, and all vehicles may have the same root certificate; in the stage of binding and activating the vehicle digital key by the vehicle owner, the vehicle owner can inform the service end to activate the vehicle, and the service end can trigger the vehicle (namely the vehicle end) to activate.

The communication of the digital keys is realized through a public and private key pair, the server side can sign and encrypt the digital keys and then send the digital keys to a second mobile terminal, namely the server side can receive a second public key sent by a vehicle and sign and encrypt the preset number of digital keys in sequence by adopting a first private key and the second public key; and then transmitting the preset number of digital keys for signature and encryption processing to the second mobile terminal.

Specifically, a public-private key pair including a second public key and a second private key may be generated from a root certificate preset in the vehicle, the second private key may be left in the local area of the vehicle, and the second public key may be sent to the server. In this way, the server can sign the generated digital key by using the preset first private key, sequentially encrypt the generated digital key by using the second public key of the vehicle, and after the digital key for signing and encrypting is sent to the second mobile terminal and the digital key for signing and encrypting is sent to the vehicle by the second mobile terminal, the vehicle can sequentially decrypt and verify the digital key by using the second private key and the first public key, so that the security, the impossibility of counterfeiting and the impossibility of tampering of the key data are ensured.

It should be noted that the owner's own key is also obtained by using this method, but this process can be automatically processed in the APP background logic, and this process is not sensible to the owner.

And 104, sending the encrypted preset number of digital keys to the second mobile terminal.

In an embodiment of the present invention, after the server generates the preset number of digital keys according to the key control information, in the process of sending the preset number of digital keys to the second mobile terminal, in order to ensure the security of the digital keys in the communication process, the server may implement communication of the digital keys through a public-private key pair, that is, the digital keys sent to the second mobile terminal are encrypted digital keys.

In a preferred embodiment, the service end may, in addition to generating and issuing the digital key, manage the generated digital key, for example, delete part or all of the generated digital key when the owner needs to terminate the use of a certain key in advance.

Referring to fig. 4, which shows an implementation process of deleting a key and all keys by a vehicle owner in the embodiment of the present invention, a key disabling instruction may be first obtained, and a method of obtaining the key disabling instruction may receive the key disabling instruction generated by a mobile terminal (i.e., a first mobile terminal) of the vehicle owner; wherein the key disabling instruction may include disabling a key master identifier; then sending the key disabling instruction to the vehicle; the key disabling instruction is used for informing the vehicle that a disabling identification bit in key record information carrying the key disabling main identification is set as a disabling value.

Specifically, in the process of deleting a part of the generated digital key, the key disabling instruction acquired by the service end may be an instruction carrying a disabled Master ID sent by the vehicle owner to the service end; the server can inform the vehicle to set the disable flag bit in the key record information with the Master ID to 1, so that the key with the Master ID is deleted and can not be reused.

In the process of deleting all the generated digital keys, the key disabling instruction acquired by the service end can be an instruction which is sent to the service end by a vehicle owner and carries all Master IDs to be disabled; the server can inform the vehicle to set the forbidden flag bit in the key record information of all Master IDs to be 1, so that all issued keys are completely deleted and can not be reused.

In a preferred embodiment, for security, the service end may further notify the vehicle of restart activation, so that the vehicle may generate a new pair of public and private keys using the root certificate during the restart phase and send the new public key to the service end, and the subsequently generated digital key will be encrypted using the public key.

As an example, the first mobile terminal may generate a restart activation instruction at a preset time interval and send the restart activation instruction to the vehicle; and the vehicle-mounted terminal is used for responding to the restart activation instruction and generating a public and private key pair comprising a third public key and a third private key through the root certificate.

It should be noted that, the embodiments of the present invention are not limited to a security design method for enhancing or improving some links, for example, how a server communicates with a mobile terminal securely, how the mobile terminal guarantees device security and reliability, how a user reliability (for example, biometric identification) is guaranteed, how a vehicle side stores and determines security (for example, uses tee) securely, and the like; the form of the APP of the mobile terminal used by the owner or the sharer may be a native APP, or may also be an applet, H5 (refer to HTML5 hypertext markup language programming language), and the like, which is not limited in the embodiments of the present invention.

Referring to fig. 5, a flowchart illustrating steps of another embodiment of a vehicle digital key distribution management method according to the present invention is shown, and is applied to a second mobile terminal, where the second mobile terminal establishes communication connections with a server, a first mobile terminal, and a vehicle, and specifically includes the following steps:

step 501, receiving a preset number of encrypted digital keys sent by the server; in an embodiment of the present invention, the second mobile terminal may pull the digital key to the server, and specifically, the server may generate a key pull instruction according to the key control information and the account information of the sharee, and send the key pull instruction to the second mobile terminal; after receiving the key pulling instruction sent by the server, the second mobile terminal can generate a key acquisition request according to the key pulling instruction and send the key acquisition request to the server; the second mobile terminal may receive a preset number of digital keys sent by the server in response to the key acquisition request.

The received preset number of digital keys may be digital keys signed and encrypted by the server using a public and private key. Specific signing and encryption processes can be referred to above and will not be described again to avoid content encumbrance.

Step 502, sending a digital key carrying corresponding key control information to the vehicle, so that the vehicle can perform corresponding control on the vehicle according to the corresponding key control information.

In practical application, a preset number of digital keys can be cached locally, and when a vehicle needs to be controlled, the digital keys carrying corresponding key control information can be obtained locally; then the digital key carrying the corresponding key control information is sent to the vehicle; the vehicle is used for checking the digital key carrying the corresponding key control information and correspondingly controlling the vehicle according to the corresponding key control information after the checking is passed.

In a preferred embodiment, a batch of digital key security cache can be pulled from the server side at regular intervals to be stored locally, and when the vehicle needs to be operated, an operation code (essentially code/serial number) and the digital key are sent to the vehicle together, so that the vehicle can be controlled.

In the embodiment of the invention, a server, a first mobile terminal, a second mobile terminal and a vehicle are involved, key control information is obtained through the server, and a preset number of digital keys are generated according to the key control information; and then, the generated preset number of digital keys can be encrypted, and the encrypted preset number of digital keys are sent to the second mobile terminal, so that the second mobile terminal can send the digital keys carrying the corresponding key control information to the vehicle, and the vehicle can be correspondingly controlled. Through generating the preset number of digital keys carrying key control information and sending the encrypted preset number of digital keys to the shared terminal, the shared terminal can directly adopt the digital keys required to be used to realize vehicle control, a key user does not need to register in advance or explicitly recover, and the vehicle can be controlled under the condition of no network to adapt to various sharing scenes.

Referring to fig. 6, a flowchart illustrating steps of another embodiment of a vehicle digital key distribution management method according to the present invention is shown, and is applied to a vehicle, where the vehicle establishes communication connections with a first mobile terminal, a second mobile terminal, and a server, and the method specifically includes the following steps:

601, generating a public key according to a preset root certificate and forwarding the public key to the server;

specifically, as shown in fig. 3, the vehicle may have a preset root certificate and a first public key for a preset vehicle digital key, and the server may have a first private key matching the first public key preset in the vehicle.

At this time, the vehicle may receive a vehicle digital key activation instruction sent by the service end, where the activation instruction may be generated by the service end detecting an activation operation for a preset vehicle digital key; then, a public and private key pair comprising a second public key and a second private key can be generated through a preset root certificate in response to the vehicle digital activation instruction; and sending a second public key to the server, so that the server can adopt the received first private key and the second public key to sequentially sign and encrypt the generated preset number of digital keys, and send the preset number of digital keys subjected to signature and encryption to the second mobile terminal.

Step 602, receiving the encrypted preset number of digital keys sent by the second mobile terminal; the encrypted preset number of digital keys are generated by the server according to the key control information sent by the first mobile terminal, and are encrypted by adopting the public key; wherein the preset number does not exceed the number of key usage times contained in the key control information;

in an embodiment of the invention, the second mobile terminal may send the operation code and the digital key to the vehicle, and during the sending, the second mobile terminal and the vehicle may directly perform near field communication in a manner of bluetooth or the like, so that the vehicle may also perform operation authority such as unlocking or the like through the digital key in an environment without a mobile network signal.

Step 603, correspondingly controlling the vehicle according to the digital key.

After the vehicle receives the preset number of digital keys sent by the second mobile terminal, the vehicle indicates that the sharee needs to operate the vehicle at the moment, and the vehicle can check the received digital keys and judge whether the corresponding operation on the vehicle can be completed by adopting the digital keys.

Specifically, when a digital key carrying corresponding key control information sent by the second mobile terminal is received, the digital key carrying the corresponding key control information is checked; after the check is passed, an operation corresponding to the corresponding key control information is performed in response.

The digital key carrying the corresponding key control information is checked, mainly whether the digital key is legal or not is judged, and the specific steps can be as follows: judging whether the digital key carrying the corresponding key control information can be decrypted and signed-checking operation or not to obtain the digital key for decrypting and signing checking; if the digital key for decryption and signature verification can be obtained, judging whether the digital key for decryption and signature verification is legal or not; and if the digital key for decryption and signature verification is legal, judging whether the key control information carried by the digital key for decryption and signature verification is legal or not.

Referring to fig. 7, a flow chart of checking by the vehicle in the embodiment of the invention is shown, the vehicle can perform communication security check, replay attack check and control information check on the received digital key, and after all checks are passed, the operation of explaining that the key is legal and then performing response is performed.

The vehicle can firstly carry out communication security check, and judge whether a first public key matched with the first private key and a second private key matched with the second public key can be adopted to carry out decryption and signature verification processing on digital keys which are subjected to signature and encryption processing and are in a preset number in sequence. The private key of the vehicle end and the public key of the service end are used for sequentially carrying out decryption and signature verification on the digital key, if the verification is passed, replay attack check is continuously carried out, and otherwise, the digital key is illegal.

The vehicle can then perform a replay attack check, the vehicle having a digital key record for the digital key, i.e. the record information for each key can be recorded and compared to determine if the digital key is legitimate, including if the key is disabled and if the digital key has been used; if the check passes the judgment of continuing the check of the control information, otherwise, the digital key is illegal.

The step of judging whether the digital key is legal or not by recording and comparing the recorded information of each key may include: when a digital key for decryption and signature verification is obtained, acquiring a target key main identification of the digital key for decryption and signature verification; judging whether the digital key record has the target key main identification or not; if the target key main identifier exists in the digital key record, whether a forbidden zone bit contained in a target sub-record corresponding to the target key main identifier is a preset threshold value or not can be judged, and whether the key sub-identifier contained in the target record reaches a preset expected sub-identifier or not can be judged.

If the forbidden zone bit contained in the target sub-record is a preset threshold value and the key sub-identifier contained in the target record reaches a preset expected sub-identifier, the digital key for decryption and signature verification is legal; or if the target key main identification does not exist in the digital key record, creating the digital key record of the digital key for decryption and signature verification, wherein the digital key record contains the key main identification, a preset expected sub-identification and a forbidden zone bit.

Referring to fig. 8, which illustrates an implementation process of controlling a vehicle by using an assigned digital key in an embodiment of the present invention, the vehicle may record and compare record information of each received digital key, and determine whether the digital key is legal, where the record information may include a Master ID, an expected sub ID (and a disable flag bit, where the Master ID is a Master ID of the digital key and may be used to indicate that one key information is uniquely marked, the expected sub ID may indicate a sub ID of the digital key expected to be received at this time, if the sub ID in the digital key is an expected sub ID in a sub ID record table, it indicates that the digital key is not used, the digital key is allowed to be used, otherwise, it is ensured that each digital key can be used only once, thereby avoiding replay attack, the sub ID in the digital key is less than the expected sub ID in the record table, indicating that the digital key is used, the disable flag bit may indicate whether the key is disabled, if 1 indicates disabled, all digital keys are not allowed to be used; a value of 0 indicates no disabling.

On the premise of the steps, when the vehicle receives a digital key, whether the Master ID exists or not can be searched firstly; if not, a default record can be created, containing (Master ID, expected sub ID and disable flag bit), whose values are (Master ID in digital key, sub ID +1, 0 in digital key); if the digital key exists, whether the forbidden mark bit is 1 or not can be judged firstly, and if the forbidden mark bit is 1, the digital key is forbidden; if the sub ID > in the digital key is the expected sub ID, the digital key is legal, the expected subiD is updated to be the digital key subiD +1, otherwise, the digital key is illegal. In the embodiment of the invention, the key can be used without registration in a mode of actively recording and comparing at the vehicle end, and the safety is ensured.

The vehicle can finally judge control information check to judge whether the key control information carried by the digital key for decryption and signature verification is the same as the digital key record, specifically to judge whether the VIN number is consistent, whether the validity period is expired and whether the operation authority is satisfied; if the judgment is passed, namely all the checks are passed, the key is legal, then the operation of response is executed, and the result is returned.

In a preferred embodiment, the vehicle may further receive a key disabling instruction sent by the first mobile terminal; the key disabling instruction comprises a key disabling main identifier; and setting a forbidden identification bit in the key record information carrying the forbidden key main identification as a forbidden value.

In a preferred embodiment, the vehicle may further receive a restart activation instruction sent by the first mobile terminal at preset time intervals; and responding to the restart activation instruction, and generating a public-private key pair comprising a third public key and a third private key through the root certificate.

In the embodiment of the invention, a server, a first mobile terminal, a second mobile terminal and a vehicle are involved, key control information sent by the first mobile terminal is received by the server, and a preset number of digital keys are generated according to the key control information; and then, encrypting the generated preset number of digital keys, and sending the encrypted preset number of digital keys to the second mobile terminal, so that the second mobile terminal sends the digital keys carrying the corresponding key control information to the vehicle, thereby realizing the corresponding control of the vehicle. Through generating the preset number of digital keys carrying key control information and sending the encrypted preset number of digital keys to the shared terminal, the shared terminal can directly adopt the digital keys required to be used to realize vehicle control, a key user does not need to register in advance or explicitly recover, and the vehicle can be controlled under the condition of no network to adapt to various sharing scenes.

It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.

Referring to fig. 9, a block diagram of a vehicle digital key distribution management apparatus according to an embodiment of the present invention is shown, and is applied to a server, where the server establishes communication connections with a first mobile terminal, a second mobile terminal, and a vehicle respectively, and specifically includes the following modules:

a key control information obtaining module 901, configured to receive key control information sent by the first mobile terminal; the key control information includes a number of key uses;

a digital key generation module 902, configured to generate a preset number of digital keys according to the key control information; wherein the preset number does not exceed the number of key uses;

a digital key encryption module 903, configured to encrypt the preset number of digital keys; the public key used for the encryption processing is generated by a root certificate preset in the vehicle and is forwarded to the server through the vehicle;

a digital key sending module 904, configured to send the encrypted preset number of digital keys to the second mobile terminal.

In one embodiment of the present invention, the digital key generation module 902 may include the following sub-modules:

the key pulling instruction generating submodule is used for acquiring account information of a sharee from the first mobile terminal and generating a key pulling instruction according to the key control information and the account information of the sharee;

In one embodiment of the present invention, the key control information further includes a key master identifier, vehicle information, a key validity period, or an operation authority.

In one embodiment of the invention, the vehicle is provided with a preset root certificate and a first public key, and the server is provided with a first private key matched with the first public key; the digital key encryption module 903 may include the following sub-modules:

the vehicle digital key activation instruction sending submodule is used for generating a vehicle digital key activation instruction and sending the vehicle digital key activation instruction to the vehicle when the activation operation of the preset vehicle digital key is detected; the vehicle digital key activation instruction is used for instructing the vehicle to generate a public-private key pair including a second public key and a second private key through the root certificate.

In one embodiment of the present invention, the digital key transmission module 904 may include the following sub-modules:

In an embodiment of the present invention, the preset number of digital keys includes digital keys carrying the same key primary identifier and/or digital keys carrying different key primary identifiers; the following sub-modules may also be included:

In an embodiment of the present invention, the apparatus may further include the following modules:

Referring to fig. 10, a block diagram of another embodiment of the vehicle digital key distribution management apparatus according to the present invention is shown, and is applied to a second mobile terminal, where the second mobile terminal establishes communication connections with a server, a first mobile terminal, and a vehicle, and specifically includes the following modules:

a digital key receiving module 1001, configured to receive the encrypted preset number of digital keys sent by the server; the encrypted preset number of digital keys are generated by the server according to the key control information sent by the first mobile terminal, and are encrypted by adopting the public key; wherein the preset number does not exceed the number of key usage times contained in the key control information;

the digital key sending module 1002 is configured to send a digital key to the vehicle, so that the vehicle can perform corresponding control on the vehicle according to the digital key.

In one embodiment of the present invention, the digital key receiving module 1001 may include the following sub-modules:

the key pulling instruction receiving submodule is used for receiving a key pulling instruction sent by the server side; the key pulling instruction is generated by the server according to the key control information and the account information sent by the first mobile terminal;

the key acquisition request sending submodule is used for generating a key acquisition request according to the key pulling instruction and sending the key acquisition request to the server;

and the word key receiving submodule is used for receiving the preset number of digital keys sent by the server side in response to the key acquisition request.

In an embodiment of the present invention, the server performs signature and encryption processing on the received preset number of digital keys by using a public and private key.

In one embodiment of the present invention, the digital key transmission module 1002 may include the following sub-modules:

the key control information acquisition submodule is used for caching the preset number of digital keys locally and acquiring the digital keys carrying the corresponding key control information from the local;

the key control information sending submodule is used for sending the digital key carrying the corresponding key control information to the vehicle; the vehicle is used for checking the digital key carrying the corresponding key control information and correspondingly controlling the vehicle according to the corresponding key control information after the checking is passed.

Referring to fig. 11, a block diagram of a structure of another embodiment of a vehicle digital key distribution management apparatus according to the present invention is shown, and is applied to a vehicle, where the vehicle establishes communication connections with a first mobile terminal, a second mobile terminal, a sharee terminal, and a server, and the vehicle digital key distribution management apparatus specifically includes the following modules:

a public key generating module 1101, configured to generate a public key according to a preset root certificate and forward the public key to the server;

a digital key receiving module 1102, configured to receive the encrypted preset number of digital keys sent by the second mobile terminal; the encrypted preset number of digital keys are generated by the server according to the key control information sent by the first mobile terminal, and are encrypted by adopting the public key; wherein the preset number does not exceed the number of key usage times contained in the key control information;

and a vehicle control module 1103, configured to perform corresponding control on the vehicle according to the digital key.

In one embodiment of the invention, the vehicle is provided with a preset first public key, and the server is provided with a first private key matched with the first public key; the public key generation module 1101 may include the following sub-modules:

In one embodiment of the invention, the vehicle control module 1103 may include the following sub-modules:

the digital key checking sub-module is used for checking the digital key carrying the corresponding key control information when receiving the digital key carrying the corresponding key control information sent by the mobile terminal;

In one embodiment of the present invention, the digital key check submodule may include the following elements:

In an embodiment of the present invention, the decryption-signature-verification-determination unit may include the following sub-units:

In one embodiment of the invention, the vehicle has a digital key record for the digital key; the digital key legality judging unit may include the following sub-units:

In an embodiment of the present invention, the digital key validity judging unit may further include the following sub-units:

In one embodiment of the present invention, the key control information determination unit may include the following sub-units:

For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.

An embodiment of the present invention further provides a vehicle, including:

the vehicle digital key distribution management device comprises the vehicle digital key distribution management device, a processor, a memory and a computer program which is stored on the memory and can run on the processor, wherein when the computer program is executed by the processor, each process of the vehicle digital key distribution management method embodiment is realized, the same technical effect can be achieved, and in order to avoid repetition, the repeated description is omitted.

The embodiment of the invention also provides a computer-readable storage medium, wherein a computer program is stored on the computer-readable storage medium, and when being executed by a processor, the computer program realizes each process of the embodiment of the vehicle digital key distribution management method, can achieve the same technical effect, and is not repeated here to avoid repetition.

The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.

As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

Embodiments of the present invention are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

While preferred embodiments of the present invention have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the embodiments of the invention.

Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or terminal that comprises the element.

The present invention provides a vehicle digital key distribution management method and a vehicle digital key distribution management device, which are introduced in detail above, and the principle and the implementation of the present invention are explained in detail herein by applying specific examples, and the description of the above examples is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims

1. A vehicle digital key distribution management method is applied to a server side, wherein the server side establishes communication connection with a first mobile terminal, a second mobile terminal and a vehicle respectively, and the method comprises the following steps:

2. The method of claim 1, wherein said generating a preset number of digital keys from said key control information comprises:

3. The method according to claim 1 or 2, wherein the key control information further comprises key master identification, vehicle information, key validity period or operating authority.

4. The method of claim 1, wherein the vehicle has a preset root certificate and a first public key, and the server has a first private key matching the first public key;

the encrypting the preset number of digital keys comprises:

5. The method according to claim 3, wherein the predetermined number of digital keys comprises digital keys carrying the same key master id and/or digital keys carrying different key master ids;

6. The method of claim 1, further comprising:

7. The method of claim 1, further comprising:

8. A vehicle digital key distribution management method is applied to a vehicle, the vehicle is respectively communicated with a first mobile terminal, a second mobile terminal and a server, and the method comprises the following steps:

generating a public key according to a preset root certificate and forwarding the public key to the server;

receiving the encrypted preset number of digital keys sent by the second mobile terminal; the encrypted preset number of digital keys are generated by the server according to the key control information sent by the first mobile terminal, and are encrypted by adopting the public key; wherein the preset number does not exceed the number of key usage times contained in the key control information;

and correspondingly controlling the vehicle according to the digital key.

9. The method of claim 8, wherein the vehicle has a preset first public key, and the server has a first private key matching the first public key; the generating a public key according to a preset root certificate and forwarding the public key to the server side includes:

10. The method of claim 8, wherein said controlling said vehicle accordingly in accordance with said digital key comprises:

11. The method of claim 10, wherein said checking the digital key carrying the corresponding key control information comprises:

12. The method of claim 10, wherein the determining whether the digital key carrying the corresponding key control information can be decrypted and signed according to the verification result comprises:

13. The method of claim 10, wherein the vehicle has a digital key record for the digital key; the judging whether the digital key for decryption and signature verification is legal or not comprises the following steps:

14. The method of claim 13, further comprising:

15. The method according to claim 12, wherein said determining whether the key control information carried by the digital key for decryption and signature verification is valid if the digital key for decryption and signature verification is valid comprises:

16. The method of claim 8, further comprising:

17. The method of claim 9, further comprising:

18. A vehicle digital key distribution management device is applied to a server side, and the server side is respectively in communication connection with a first mobile terminal, a second terminal and a vehicle, and the device comprises:

19. A vehicle digital key distribution management device is applied to a vehicle, wherein the vehicle is respectively connected with a first mobile terminal, a second terminal and a server side, and the device comprises:

20. A vehicle, characterized by comprising: the vehicle digital key distribution management apparatus according to claim 19, a processor, a memory, and a computer program stored on the memory and operable on the processor, the computer program, when executed by the processor, implementing the steps of the vehicle digital key distribution management method according to any one of claims 8 to 17.

21. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the vehicle digital key distribution management method according to any one of claims 1 to 7 or 8 to 17.