WO2023137757A1

WO2023137757A1 - Digital vehicle key sharing method and apparatus, and device and storage medium

Info

Publication number: WO2023137757A1
Application number: PCT/CN2022/073527
Authority: WO
Inventors: 茹昭; 张军
Original assignee: Oppo广东移动通信有限公司
Priority date: 2022-01-24
Filing date: 2022-01-24
Publication date: 2023-07-27

Abstract

The embodiments of the present application relate to the technical field of vehicles. Provided are a digital vehicle key sharing method and apparatus, and a device and a storage medium. The method is applied to a permission server. The method comprises: receiving a vehicle key sharing application message sent by a first device, wherein the vehicle key sharing application message carries capability description information for describing a capability, the vehicle key sharing application message is used for applying to a permission server for the configuration of a permission corresponding to the capability of a second device, and the capability comprises a configuration capability; and recording the capability description information, which corresponds to the second device. On the basis of the technical solution provided in the embodiments of the present application, the problem of a vehicle key sharing scheme lacking support for vehicle configurations can be solved.

Description

Digital car key sharing method, device, equipment and storage medium

technical field

The present application relates to the technical field of vehicles, in particular to a digital car key sharing method, device, equipment and storage medium.

Background technique

With the development of automobile intelligent technology, a digital car key is provided, that is, car owners can unlock the vehicle through smart phones, wearable smart devices, etc., and perform related operations on the vehicle.

The car owner can share the digital car key with friends through the car key sharing scheme, and the friend can control and drive the vehicle based on the shared digital car key.

Contents of the invention

Embodiments of the present application provide a digital car key sharing method, device, equipment, and storage medium. Described technical scheme is as follows:

On the one hand, the embodiment of the present application provides a method for sharing a digital car key, which is applied to an authority server, and the method includes:

receiving a car key sharing application message sent by the first device, wherein the car key sharing application message carries capability description information for describing capabilities, and the car key sharing application message is used to apply to the authority server for configuration of permissions corresponding to the capabilities of the second device, and the capabilities include configuration capabilities;

Recording that the second device corresponds to the capability description information.

On the other hand, an embodiment of the present application provides a digital car key sharing method, which is applied to the first device, and the method includes:

Sending a car key sharing application message to the authority server, where the car key sharing application message carries capability description information for describing capabilities, and the car key sharing application message is used to apply to the authority server for configuration of the authority corresponding to the capability of the second device, and the capability includes the configuration capability.

On the other hand, an embodiment of the present application provides a method for sharing a digital car key, which is applied to a second device, and the method includes:

Receive the digital car key sent by the authority server;

Wherein, the digital car key includes: a first digital car key, and the first digital car key carries capability description information for describing a capability, and the capability includes a configuration capability; or, the digital car key includes: a second digital car key, and the second digital car key carries information corresponding to the configuration capability in the capability description information.

On the other hand, an embodiment of the present application provides a method for sharing a digital car key, which is applied to a vehicle, and the method includes:

Receiving an authority configuration message sent by an authority server, the authority configuration message is used to indicate that the authority corresponding to the capability of the second device is configured to the vehicle, the capability is indicated by the capability description information received by the authority server, the capability description information is used to describe the capability, and the capability includes a configuration capability; configure the authority corresponding to the capability of the second device to the vehicle;

or,

Receive the second digital car key sent by the authority server, where the second digital car key carries information corresponding to the configuration capability in the capability description information.

On the other hand, the embodiment of the present application provides a digital car key sharing device, the device includes:

The sharing application receiving module is configured to receive a car key sharing application message sent by the first device, the car key sharing application message carries capability description information for describing capabilities, and the car key sharing application message is used to apply to the authority server for configuration of permissions corresponding to the capabilities of the second device, and the capabilities include configuration capabilities;

A recording module, configured to record that the second device corresponds to the capability description information.

The sharing application sending module is configured to send a car key sharing application message to an authority server, wherein the car key sharing application message carries capability description information for describing capabilities, and the car key sharing application message is used to apply to the authority server for configuration of the authority corresponding to the capability of the second device, and the capability includes configuration capabilities.

The car key receiving module is used to receive the digital car key sent by the authority server;

An authority configuration module, configured to receive an authority configuration message sent by an authority server, where the authority configuration message is used to indicate that the authority corresponding to the capability of the second device is configured to the vehicle, the capability is indicated by capability description information received by the authority server, and the capability description information is used to describe the capability, and the capability includes a configuration capability; configure the authority corresponding to the capability of the second device to the vehicle;

or,

The car key receiving module is configured to receive the second digital car key sent by the authority server, where the second digital car key carries information corresponding to the configuration capability in the capability description information.

In yet another aspect, an embodiment of the present application provides an authority server, where the authority server includes: a transceiver and a memory;

The transceiver is configured to receive a car key sharing application message sent by the first device, where the car key sharing application message carries capability description information for describing capabilities, and the car key sharing application message is used to apply to the authority server for configuration of permissions corresponding to the capabilities of the second device, and the capabilities include configuration capabilities;

The memory is configured to record that the second device corresponds to the capability description information.

In yet another aspect, an embodiment of the present application provides a first device, where the first device includes: a transceiver;

The transceiver is configured to send a car key sharing application message to an authority server, where the car key sharing application message carries capability description information for describing capabilities, and the car key sharing application message is used to apply to the authority server for configuration of the authority corresponding to the capability of the second device, and the capability includes configuration capabilities.

In yet another aspect, an embodiment of the present application provides a second device, where the second device includes: a transceiver;

The transceiver is used to receive the digital car key sent by the authority server;

In yet another aspect, an embodiment of the present application provides a vehicle, and the vehicle includes: a transceiver;

The transceiver is configured to receive a permission configuration message sent by a permission server, the permission configuration message is used to indicate that the permission corresponding to the capability of the second device is configured to the vehicle, the capability is indicated by capability description information received by the permission server, and the capability description information is used to describe the capability, and the capability includes a configuration capability; configure the permission corresponding to the capability of the second device to the vehicle;

or,

The transceiver is configured to receive the second digital car key sent by the authority server, where the second digital car key carries information corresponding to the configuration capability in the capability description information.

In yet another aspect, an embodiment of the present application provides a computer-readable storage medium, in which a computer program is stored, and the computer program is loaded and executed by a processor to implement the digital car key sharing method as described in the above aspect.

In another aspect, the embodiment of the present application provides a chip, the chip includes a programmable logic circuit and/or program instructions, and when the chip is run on a computer device, it is used to implement the digital car key sharing method described in the above aspect.

In yet another aspect, an embodiment of the present application provides a computer program product, where the computer program product includes computer instructions, and the computer instructions are stored in a computer-readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device executes the digital car key sharing method described in the above aspect.

The technical solutions provided in the embodiments of the present application can bring the following beneficial effects:

The first device with digital car key sharing qualification can send a car key sharing application message to the authority server, and through the car key sharing application message, apply to the authority server for the configuration of the authority corresponding to the capability of the second device, and the capability includes the configuration capability, so that the authority server side correspondingly records that the second device has at least one authority corresponding to the capability including the configuration capability, thereby solving the problem of lack of support for car configuration in the car key sharing solution.

Description of drawings

Fig. 1 is a flowchart of a digital car key sharing solution provided by an exemplary embodiment of the present application;

Fig. 2 is a schematic diagram of a digital car key sharing system provided by an exemplary embodiment of the present application;

Fig. 3 is a flowchart of a digital car key sharing method provided by an exemplary embodiment of the present application;

Fig. 4 is a flowchart of a digital car key sharing method provided by an exemplary embodiment of the present application;

Fig. 5 is a flow chart of two-way authentication between a vehicle and a device provided by an exemplary embodiment of the present application;

Fig. 6 is a flowchart of a digital car key sharing method provided by an exemplary embodiment of the present application;

Fig. 7 is a flowchart of a digital car key sharing method provided by an exemplary embodiment of the present application;

Fig. 8 is a flowchart of a digital car key sharing method provided by an exemplary embodiment of the present application;

Fig. 9 is a block diagram of a digital car key sharing device provided by an exemplary embodiment of the present application;

Fig. 10 is a block diagram of a digital car key sharing device provided by an exemplary embodiment of the present application;

Fig. 11 is a block diagram of a digital car key sharing device provided by an exemplary embodiment of the present application;

Fig. 12 is a block diagram of a digital car key sharing device provided by an exemplary embodiment of the present application;

Fig. 13 is a schematic structural diagram of a device provided by an exemplary embodiment of the present application.

Detailed ways

In order to make the purpose, technical solution and advantages of the present application clearer, the implementation manners of the present application will be further described in detail below in conjunction with the accompanying drawings.

First, a brief introduction to the nouns involved in the embodiments of this application:

Digital car key is an innovative technology under the transformation of automobile intelligence. It is receiving more and more attention because it allows car owners to unlock the vehicle through smartphones, wearable devices, etc., and perform related operations on the vehicle to improve the convenience of using the car.

Through precise Bluetooth positioning, Near Field Communication (NFC) and other near-field communication technologies and more secure key management, the digital car key turns smartphones, NFC smart cards, smart watches, smart bracelets and other devices into car keys, so as to realize comfortable and convenient car experience such as starting the car without a physical key, authorizing remote keys for others, and personalized car settings.

Taking the digital car key standard scheme of the Car Connectivity Consortium (CCC) alliance as an example, the current digital car key sharing scheme is described. For example, as shown in Figure 1, the car owner’s device has completed pre-preparation, which includes: a) the car owner’s device has been paired with the vehicle, b) the channel between the car owner’s device and the friend’s device has been established. After the pre-preparation, the digital car key sharing solution will be implemented through the following steps:

Step 101, the vehicle owner device generates a sharing invitation.

Step 102, the car owner device sends a key creation request (Key Create Request) to the friend device.

Step 103, the friend device executes the following process:

a) accept the invitation;

b) Create a device (endpoint);

c) Create a digital certificate (cert.chain) using the authorized public key (Authroized_PK) contained in the received device configuration data.

Step 104, the friend device sends a key signing request (Key Signing Request) to the car owner device.

Step 105, using the public key generated by the friend device to generate attestation data.

Step 106, the car owner device sends an import request (Import Request) to the friend device.

Step 107, the friend device executes the following process:

a) Write the owner's key-attestation data into a friend's private mailbox;

b) Write the immobilizer token into the friend's confidential mailbox.

Step 108, the friend device sends a key registration (Register Key) to the friend device original equipment manufacturer (Original Equipment Manufacturer, OEM) server.

Step 109, the friend device OEM server sends the key tracking (Track Key) to the vehicle OEM server.

Step 110, the vehicle OEM server sends a key tracking response (Track Key Response) to the friend device OEM server.

Step 111, the friend device OEM server sends a key registration response (Register Key Response) to the friend device.

Step 112, the vehicle OEM server sends an event notification (Event Notification) to the vehicle owner equipment OEM server.

Step 113, the vehicle owner equipment OEM server sends an event notification response (Event Notification Response) to the vehicle OEM server.

Step 114, the friend device initiates the first transaction (First Transaction) to the vehicle.

Vehicles can accept multiple friend devices, and friend devices may have limited access to the vehicle. These access rights are assigned by the vehicle owner using a configuration file when the digital vehicle key is issued, and are checked by the vehicle and/or vehicle OEM server against the vehicle OEM policy. A digital car key from a friend's device may need to be registered with a Key Tracking Server (KTS) in order to be accepted by the car.

The owner device can choose to grant a profile to a friend device during key sharing. The list of supported access profiles is defined below.

Among them, the above-mentioned control includes controlling the opening and closing of the car door, the opening and closing of the car window, the switch and temperature of the car air conditioner, the lights, the seat, etc.; the above-mentioned driving means starting the engine of the car so that the user can drive.

With the further deepening of the interconnection between mobile phones and vehicles, users need to use mobile phones to configure vehicles, such as configuring intelligent control scenarios of vehicles, remote connection solutions, and so on. The operation of configuring the car and controlling or driving the car should be separated, so that users who can control or drive the car may not necessarily have the ability to configure the car. For example, only car owners or a small number of family users are allowed to configure the car, and other relatives and friends can only use the car. Especially in the car rental scene, the borrower should only have the authority to control and drive the car, and cannot configure the car. The current car key sharing solution lacks support for car configuration, and cannot separate configuration and control.

In view of the above problems, the embodiment of the present application provides a digital car key sharing method. The first device with the digital car key sharing qualification can send a car key sharing application message to the authority server, and apply to the authority server through the car key sharing application message for the configuration of the authority corresponding to the capability of the second device, and the capability includes the configuration capability, so that the authority server side correspondingly records that the second device has at least one authority corresponding to the capability including the configuration capability, thereby solving the problem of lack of support for car configuration in the car key sharing solution.

In the following, the technical solution of the present application will be described in conjunction with several exemplary embodiments.

FIG. 2 shows a block diagram of a digital car key sharing system provided by an exemplary embodiment of the present application. The digital car key sharing system may include: a first device 10 , an authority server 20 , a second device 30 and a vehicle 40 .

The first device 10 is a device that is qualified for digital car key sharing for the vehicle 40 . Exemplarily, the first device 10 is a vehicle owner's device, and the owner of the first device 10 is the owner of the vehicle 40 . Exemplarily, the first device 10 is a terminal such as a smart phone, a computer, or a tablet computer, or a wearable smart device such as a wearable smart watch, a wearable smart bracelet, or a wearable smart glasses.

The authority server 20 is a server having management authority of the digital car key of the vehicle 40 . Exemplarily, the authority server 20 issues the digital car key shared by the first device 10 to the second device 30 based on the request of the first device 10 . Wherein, the authority server 20 may be realized as a single server, or may be realized as a server cluster.

The second device 30 is a device for obtaining the digital car key of the vehicle 40 through the sharing of the first device 10 . Exemplarily, the second device 30 is a friend device, and the owner of the second device 30 is a friend, family member, etc. of the owner of the vehicle 40 . Exemplarily, the second device 30 is a terminal such as a smart phone, a computer, or a tablet computer, or a wearable smart device such as a wearable smart watch, a wearable smart bracelet, or a wearable smart glasses.

The vehicle 40 is a vehicle to which the owner of the first device belongs.

In the embodiment of the present application, the first device 10, the authority server 20, the second device 30 and the vehicle 40 are connected to each other through a wired or wireless network. The above authorization server 20 may also run on the vehicle 40 , or run on the first device 10 .

It can be understood that the "digital car key" mentioned in the embodiment of the present application can also be understood as: electronic car key, vehicle digital key and so on.

Please refer to FIG. 3 , which shows a flow chart of a digital car key sharing method provided by an embodiment of the present application. The method can be applied to the digital car key sharing system shown in FIG. 2 . The method may include the following steps:

Step 302: The first device sends a car key sharing application message to the authority server. The car key sharing application message carries capability description information used to describe capabilities. The car key sharing application message is used to apply to the authority server for the configuration of permissions corresponding to the capabilities of the second device, and the capabilities include configuration capabilities.

Correspondingly, the authority server receives the car key sharing application message sent by the first device.

In this embodiment of the application, the first device is a device that has the qualification to configure the digital car key sharing, and the digital car key sharing qualification means that the first device can apply to the server for the authorization to configure other devices with the vehicle. As shown in step 302, the first device sends a car key sharing request message to the authority server, thereby applying to the authority server for configuration of the authority corresponding to the capability of the second device.

Wherein, the car key sharing application message carries capability description information for describing capabilities, and the capabilities include configuration capabilities.

Exemplarily, the car key sharing application message carries: the device identifier of the second device, the vehicle identifier and access profiles (AccessProfiles). Wherein, the device identifier of the second device is used to identify the second device, the vehicle identifier is used to identify the vehicle, and the access configuration file includes at least one configuration file, such as a standard configuration file (Standard Profiles). The standard configuration file indicates capability description information, and the capability description information includes information corresponding to configuration capabilities.

Wherein, the configuration capability is the capability of granting a third-party device the right to access the virtual resources of the vehicle. Exemplarily, the virtual resources of the vehicle include: resources related to an access control list (Access Control List, ACL), resources related to security services, resources related to device status, and the like.

Exemplarily, through the configuration capability indicated by the first device, the second device configures the remote connection between the vehicle and the third-party device.

It can be understood that, in addition to granting the third-party device the right to access the virtual resources of the vehicle, the configuration capability can also be the ability to configure intelligent control scenarios such as user usage habits and user usage scenarios corresponding to the vehicle. For example, different users have different default driving seat angles, and a default driving seat angle can be configured through the configuration capability.

In a possible implementation manner, the first device autonomously sends a car key sharing application message to the authority server. In another possible implementation, upon receiving the digital car key sharing application request message sent by the second device, the first device sends a car key sharing application message to the authority server, wherein the digital car key sharing application request message is used to request the first device to send a car key sharing application message to the authority server.

Step 304: The authorization server records the capability description information corresponding to the second device.

After receiving the car key sharing application message, the authority server records the capability description information corresponding to the second device according to the content of the car key sharing application message.

Exemplarily, the authorization server records the following information: the device identification, vehicle identification and access profiles (AccessProfiles) of the second device. Wherein, the device identifier of the second device is used to identify the second device, the vehicle identifier is used to identify the vehicle, and the access configuration file includes at least one configuration file, such as a standard configuration file (Standard Profiles). The standard configuration file indicates capability description information, and the capability description information includes information corresponding to configuration capabilities.

Optionally, before step 304, the authority server will also perform the following steps: after receiving the car key sharing application message, verify that the first device has the qualification to share the digital car key.

That is, after receiving the car key sharing application message, the authority server will check whether the first device has the qualification to share the corresponding digital car key. Only when the first device has the qualification to share the corresponding digital car key, can the corresponding capability description information of the second device be recorded.

Optionally, after step 304, the authority server will also perform the following steps: return an application success message to the first device; wherein, the application success message is used to indicate that the car key sharing application message has been successfully received.

Correspondingly, the first device receives the application success message returned by the authorization server.

To sum up, in the technical solution provided by this embodiment, the first device with the digital car key sharing qualification can send a car key sharing application message to the authority server, and apply to the authority server through the car key sharing application message for the configuration of the authority corresponding to the capability of the second device, and the capability includes the configuration capability, so that the authority server side correspondingly records that the second device has at least one authority corresponding to the capability including the configuration capability, thereby solving the problem of lack of support for car configuration in the car key sharing solution.

In an exemplary embodiment, after the authority server records the capability description information corresponding to the second device (step 304), the authority server sends the digital car key to the second device, so that the second device establishes a connection with the vehicle based on the digital car key, so that the vehicle is subsequently configured based on the established connection.

Solution 1: The digital car key is a key in the form of a public key digital certificate.

Under this scheme, the authority server sends a digital car key to the second device; the authority server sends a permission configuration message to the vehicle, and configures the authority of the second device to the vehicle; the second device uses the digital car key to establish a secure connection with the vehicle, thereby subsequently configuring the vehicle based on the secure connection.

Among them, a secure connection is a connection that allows access to configuration-related data and control-related data of the vehicle.

Scheme 2: The digital car key is a key in the form of a symmetric key.

In this solution, the authority server sends the digital car key to the second device and the vehicle respectively; the second device uses the digital car key to establish a configuration connection with the vehicle, so that the vehicle is subsequently configured based on the configuration connection.

Among them, a configuration connection is a connection that allows access to configuration-related data of the vehicle.

Next, the above two schemes will be further described.

Please refer to FIG. 4 , which shows a flow chart of a digital car key sharing method provided by an embodiment of the present application. The method can be applied to the digital car key sharing system shown in FIG. 2 . The method may include the following steps:

Step 402: The first device sends a car key sharing application message to the authority server. The car key sharing application message carries capability description information for describing capabilities. The car key sharing application message is used to apply to the authority server for the configuration of the authority corresponding to the capability of the second device. The capability includes the configuration capability.

Step 404: The authorization server records the capability description information corresponding to the second device.

Step 406: The authority server sends an authority configuration message to the vehicle, and the authority configuration message is used to indicate that the authority corresponding to the capability of the second device is configured to the vehicle.

Correspondingly, the vehicle receives the permission configuration message sent by the permission server, and the permission configuration message is used to indicate that the permission corresponding to the capability of the second device is configured to the vehicle, and the capability is indicated by the capability description information received by the permission server, and the capability description information is used to describe the capability, and the capability includes the configuration capability.

Optionally, before step 406, the authority server will also perform the following steps: receiving a car key acquisition request message sent by the second device, the car key acquisition request message is used to request to acquire a digital car key. Correspondingly, step 406 includes: when the capability description information corresponding to the vehicle key acquisition request message is found, the authority server sends an authority configuration message to the vehicle.

Optionally, the vehicle key acquisition request message carries the device identifier and the vehicle identifier of the second device. Wherein, the device identifier of the second device is used to identify the second device, and the vehicle identifier is used to identify the vehicle.

Exemplarily, the authorization server records the corresponding device identification, vehicle identification and capability description information of the second device according to the car key sharing application message received from the first device. The authority server obtains the device identifier and the vehicle identifier of the second device from the vehicle key acquisition request message, and searches the record for corresponding capability description information according to the device identifier and the vehicle identifier of the second device. If the capability description information corresponding to the vehicle key acquisition request message is found, the permission server sends a permission configuration message to the vehicle.

Optionally, since the digital car key is a key in the form of a key certificate, the car key acquisition request message also carries the public key generated by the second device.

Exemplarily, before the second device sends the vehicle key acquisition request message carrying the public key to the authority server, the following steps are further performed:

(1) The first device sends a public-private key request message to the second device.

Correspondingly, the second device receives the public-private key request message sent by the first device.

Wherein, the public-private key request message is used to request the second device to generate the public-private key required by the digital car key.

Exemplarily, the public-private key request message carries the vehicle identifier, and the vehicle identifier is used to identify the vehicle, then the second device that receives the public-private key request message can specify which vehicle the generated public-private key is for generating the digital car key corresponding to.

(2) The second device generates a public and private key in response to the public and private key request message.

After generating the public and private keys, the second device sends the generated public key to the authority server through a vehicle key acquisition request message.

Step 408: configure the permissions corresponding to the capabilities of the second device to the vehicle.

Optionally, configuring the permission corresponding to the capability of the second device to the vehicle includes: adding the second device as a configurable user, and adding the permission that the second device has access control items in the first ACL to the first ACL corresponding to the second device.

Optionally, after step 408, the vehicle further performs the following step: sending a configuration success message to the authority server; wherein the configuration success message is used to indicate that the authority of the second device is successfully configured to the vehicle.

Correspondingly, the authority server receives the configuration success message sent by the vehicle.

Step 410: The authority server sends the digital car key to the second device.

Correspondingly, the second device receives the digital car key.

Optionally, the digital car key carries a digital certificate and all or part of the capability description information.

Wherein, the capability description information is used for the second device to generate a digital signature as a security credential.

Wherein, the digital certificate is a certificate generated by the authority server according to the public key generated by the second device.

Exemplarily, the vehicle key acquisition request message carries the public key generated by the second device and the device identifier of the second device, and the digital certificate is generated in the following manner:

The authority server obtains the public key generated by the second device and the device identifier of the second device from the vehicle key acquisition request message; generates a digital certificate according to the public key and the device identifier of the second device.

Optionally, after the second device receives the digital car key through step 410, the following steps will be performed: the second device registers the digital car key to the OEM server, and then notifies the first device of this event, and gets confirmation from the first device. The specific process can be referred to as shown in step 108 to step 113 in FIG. 1 .

Step 412: The second device performs mutual authentication with the vehicle to establish a secure connection.

Two-way authentication refers to the process in which the vehicle and the device authenticate each other. For example, the vehicle sends the vehicle public key generated by the vehicle to the device. After the vehicle obtains the vehicle authentication certificate generated based on the vehicle public key and calculates the first digital signature based on the encryption challenge value of the vehicle private key on this side, the vehicle authentication material (authentication material) including the vehicle certification certificate and the first digital signature is sent to the device. The device authenticates the vehicle through the vehicle authentication material, such as signature verification and certificate verification; After the device obtains the device authentication certificate generated based on the device public key, and calculates the second digital signature based on the encryption challenge value of the device private key on this side, it sends the device verification materials including the device authentication certificate and the second digital signature to the vehicle, and the vehicle authenticates the device through the device verification materials, such as signature verification and certificate verification.

It can be understood that the above device authentication certificate is equivalent to the digital certificate carried by the digital car key in step 410, and the above second digital signature is equivalent to the digital signature generated based on the capability description information carried by the digital car key in step 410.

Exemplarily, with reference to FIG. 5 , it shows a flow chart of a standard transaction (Standard transaction) defined in relevant standards, including the process of two-way authentication.

Step 414: the second device sends a configuration request message to the vehicle.

Correspondingly, the vehicle receives the configuration request message sent by the second device.

Wherein, the configuration request message is used to request configuration of the vehicle.

Step 416: The vehicle checks the configuration request message.

Optionally, if the configuration request message is used to request configuration of the target item, the vehicle allows the configuration request message based on the existence of an access control item matching the target item in the first ACL.

Optionally, when the configuration request message is used to request configuration of the second ACL corresponding to the third-party device, based on the fact that the second device is a configurable user, the vehicle allows the configuration request message.

Step 418: The vehicle is configured.

Optionally, after step 418, the vehicle will also perform the following step: return an operation success message to the second device; wherein, the operation success message is used to indicate that the vehicle has been configured successfully.

Correspondingly, the second device receives the operation success message returned by the vehicle.

To sum up, in the technical solution provided by this embodiment, the digital car key sent by the authority server to the second device is a key in the form of a public key digital certificate, which is conducive to ensuring the reliability of the subsequent secure connection established based on the digital car key, thereby helping the second device to subsequently configure the vehicle based on the secure connection.

In an optional embodiment of Solution 1, the digital car key has the following possible implementations:

(1) The digital car key is the first digital car key, and the first digital car key carries capability description information.

That is, the authority server generates a first digital car key for all the capabilities described in the capability description information, and provides the first digital car key to the second device.

Exemplarily, besides the configuration capability, the capabilities described in the capability description information may also include at least one of the following capabilities:

• Control ability: The control ability is the ability to control the facilities of the vehicle.

·Driving ability: Driving ability is the ability to launch the vehicle into the driving state.

· Vehicle delivery: Vehicle delivery is the ability to perform a delivery process on a vehicle.

• Valet Parking: Valet Parking is the ability to acquire the ability to park a vehicle.

• Vehicle Service Key: A vehicle service key is the ability to provide services to a vehicle.

(2) The digital car key is the second digital car key, and the second digital car key carries information corresponding to the configuration capability in the capability description information.

That is, the authority server generates a second digital car key for the information corresponding to the configuration capability in the capability description information, and provides the second digital car key to the second device.

Optionally, in the case that the capability description information also includes information corresponding to other capabilities except the configuration capability, the authority server generates a third digital car key for the other capabilities, and provides the third digital car key to the second device.

That is, when the capability description information describes multiple capabilities including the configuration capability, the authority server independently generates a digital car key with the configuration capability (that is, the second digital car key), which is distinguished from the digital car key (that is, the third digital car key) that has been defined in the related art.

Wherein, the third digital vehicle key carries information corresponding to other capabilities in the capability description information except the configuration capability, and the other capabilities include at least one of the following: control capability, driving capability, vehicle delivery, valet parking, and vehicle service key.

Optionally, the values of the key flags of the second digital car key and the third digital car key are different, and the key flag is used to identify the key type; or, the encryption forms of the second digital car key and the third digital car key are different. Thus, the above two types of digital car keys are distinguished in form.

Exemplarily, the second digital car key is a key in the form of a public key digital certificate in Scheme 1, and the third digital car key is a key in the form of a symmetric key, so that the two types of digital car keys can be distinguished through different encryption forms.

Exemplarily, both the second digital car key and the third digital car key are keys in the form of a public key digital certificate in Scheme 1, but the values of the key flags are different, so that the two types of digital car keys can be distinguished through the different values of the key flags. Exemplarily, the second digital car key and the third digital car key correspond to the same group of public and private keys generated by the second device; or, the second digital car key and the third digital car key correspond to two different groups of public and private keys generated by the second device.

To sum up, in the technical solution provided by this embodiment, when the capability description information describes multiple capabilities including the configuration capability, the authority server can generate a first digital car key correspondingly, and the first digital car key has at least one capability including the configuration capability, and send the first digital car key to the second device, and the second device that obtains the first digital car key through sharing can configure the vehicle based on the first digital car key, thereby solving the problem that the car key sharing scheme lacks support for car configuration.

At the same time, in the technical solution provided by this embodiment, when the capability description information describes multiple capabilities including configuration capabilities, the authority server independently generates a second digital car key with configuration capabilities, and then generates a third digital car key with other capabilities. The second digital car key can be implemented as a key in the form of a public key digital certificate, or a key in the form of a symmetric key. The second digital car key can be encrypted in a different form from the third digital car key. Separate the second digital car key with configuration capabilities from the third digital car key with other capabilities, which is conducive to ensuring vehicle configuration The security of the relevant permissions of the capability.

Scheme 2: The digital car key is a key in the form of a symmetric key.

Please refer to FIG. 6 , which shows a flow chart of a digital car key sharing method provided by an embodiment of the present application. This method can be applied to the digital car key sharing system shown in FIG. 2 . The method may include the following steps:

Step 602: The first device sends a car key sharing application message to the authority server. The car key sharing application message carries capability description information for describing capabilities. The car key sharing application message is used to apply to the authority server for configuration of permissions corresponding to the capabilities of the second device, and the capabilities include configuration capabilities.

Step 604: The authority server records the capability description information corresponding to the second device.

Step 606: The authority server sends the second digital car key to the vehicle and the second device respectively, and the second digital car key carries information corresponding to the configuration capability in the capability description information.

Correspondingly, the vehicle receives the second digital car key sent by the authority server; the second device receives the second digital car key sent by the authority server.

Optionally, after the second device receives the second digital car key in step 606, the following steps will be performed: the second device registers the second digital car key with the OEM server, and then notifies the first device of this event, and gets confirmation from the first device. The specific process can be referred to as shown in step 108 to step 113 in FIG. 1 .

Step 608: The second device uses the second digital car key to establish a configuration connection with the vehicle.

Optionally, the second device uses the second digital car key to establish a configuration connection with the vehicle, including the following steps:

(1) The second device sends a connection establishment request message to the vehicle, the connection establishment request message is used to request to establish a configuration connection with the vehicle, and the connection establishment request message is encrypted by the second device using the second digital vehicle key.

Correspondingly, the vehicle receives the connection establishment request message sent by the second device.

(2) The vehicle uses the local second digital car key as a key to decrypt and authenticate the connection establishment request message.

Optionally, the connection establishment request message carries the device identifier of the second device, or the key number of the second digital car key.

Exemplarily, when the connection establishment request message carries the device identifier of the second device, the vehicle searches for the corresponding second digital car key locally; the vehicle uses the local second digital car key as a key to decrypt and authenticate the connection establishment request message.

Exemplarily, when the connection establishment request message carries the key number of the second digital car key, the vehicle searches for the corresponding second digital car key locally; the vehicle uses the local second digital car key as a key to decrypt and authenticate the connection establishment request message.

(3) When the authentication of the connection establishment request message is passed, the vehicle establishes a configuration connection with the second device.

Step 610: the second device sends a configuration request message to the vehicle.

Step 612: The vehicle is configured.

Optionally, after step 612, the vehicle will also perform the following step: return an operation success message to the second device; wherein, the operation success message is used to indicate that the vehicle has been configured successfully.

To sum up, in the technical solution provided by this embodiment, the second digital car key sent by the authority server to the second device is a key in the form of a symmetric key, which is conducive to ensuring the simplicity of subsequent configuration connections based on the second digital car key, thereby helping the second device to subsequently configure the vehicle based on the configuration connection.

In an optional embodiment of solution two, the digital car key further includes a third digital car key in addition to the second digital car key.

· Control ability: The control ability is the ability to control the facilities of the vehicle.

Exemplarily, the second digital car key is a key in the form of a symmetric key in Scheme 2, and the third digital car key is a key in the form of a public key digital certificate, so that the two types of digital car keys can be distinguished through different encryption forms.

Exemplarily, both the second digital car key and the third digital car key are keys in the form of a symmetric key in Scheme 2, but the values of the key flags are different, so that the two types of digital car keys can be distinguished through the different values of the key flags.

To sum up, in the technical solution provided by this embodiment, when the capability description information describes multiple capabilities including configuration capabilities, the authority server independently generates a second digital car key with configuration capabilities, and then generates a third digital car key with other capabilities. The second digital car key can be implemented as a key in the form of a public key digital certificate, or a key in the form of a symmetric key. The second digital car key can be encrypted in a different form from the third digital car key. Separate the second digital car key with configuration capabilities from the third digital car key with other capabilities. Security of permissions related to the configuration capabilities of the vehicle.

In an exemplary embodiment, the description form of the capability description information of the digital car key carried in the car key sharing application message has the following two possibilities:

(1) The description form of the capability description information is the identification information of the role list item, and the role list item is used to describe the role, and the capabilities possessed by the role include the configuration capability.

As an example, refer to the following table:

IDID	名称name	描述describe
00	fullfull	全部配置、控制和驾驶能力Full configuration, control and driving capabilities
11	useuse	全部控制和驾驶能力，无配置能力Full control and driving capabilities, no configuration capabilities
22	accessOnlyaccessOnly	只能控制车，没有其他权利Can only control the car, no other rights
33	accessAndConfigRestrictedaccessAndConfigRestricted	有限制的访问和配置Limited access and configuration
44	accessAndDriveRestrictedaccessAndDriveRestricted	有限制的访问和驾驶limited access and driving
55	carDeliverycarDelivery	车辆交付vehicle delivery
66	valetvalet	代客泊车Valet Parking

7

vehicleService

vehicle service key

As shown in the above table, the description form of the capability description information is the identification information of the role list item, and the role list item includes eight role list items: full, use, accessOnly, accessAndConfigRestricted, accessAndDriveRestricted, carDelivery, valet, and vehicleService, and each role list item corresponds to a corresponding number (ID).

Compared with the technical solutions provided in related technologies, two role list items, use and accessAndConfigRestricted, are added in the above table. use is used to describe that the character has full control and driving capabilities, and has no configuration capabilities. It allows the user to control the car and start driving. accessAndConfigRestricted is used to describe that a role has limited access and configuration capabilities, allowing users to configure and control some of the vehicle's facilities, such as only the screens, air conditioners, and ambient lights in the rear of the vehicle can be configured and controlled. In addition, the configuration capability is added to the role item of full, which has all the permissions of the car, including permissions related to the configuration capability.

Exemplarily, when the ID carried in the capability description information is 1, it means that the first device indicates that the second device has all configuration, control and driving capabilities, and the second device will obtain the corresponding digital car key.

(2) The description form of the capability description information is the identification information of the capability list item, and the capability list item is used to describe the capability, and the capability includes the configuration capability.

For example, refer to the following table:

IDID	名称name	描述describe
00	ConfigConfig	配置能力configuration capability
11	Accessaccess	控制能力control ability
22	Drivedrive	驾驶能力driving ability
33	carDeliverycarDelivery	车辆交付vehicle delivery
44	valetvalet	代客泊车Valet Parking
55	vehicleServicevehicleService	车辆服务钥匙vehicle service key

As shown in the above table, the description form of the capability description information is the identification information of the capability list item, and the capability list item includes six capability list items: Config, Access, Drive, carDelivery, valet, and vehicleService, and each capability list item corresponds to a corresponding number (ID).

For example, if the ID carried in the capability description information is 1&2&3, it means that the first device indicates that the second device has configuration capability, control capability and driving capability, and the second device will obtain the corresponding digital car key.

It can be understood that the first device may select one or more of the above capability list items into the capability description information, and may further define specific capabilities, such as further restricting controllable facilities, which is not limited in this embodiment of the present application.

In the following, the technical solution provided by the present application will be exemplarily described in combination with the following two embodiments.

Please refer to FIG. 7 , which shows a flow chart of a digital car key sharing method provided by an embodiment of the present application. This method can be applied to the digital car key sharing system shown in FIG. 2 .

In this embodiment, the description form of the capability description information is the identification information of the role list item, and the digital car key sent by the authority server to the second device has at least one capability, and the digital car key is a key in the form of a public key digital certificate. In this embodiment, user A refers to the first device, and user B refers to the second device. In this embodiment, the capability description information is included in the configuration file. The method may include the following steps:

Step 701. User A initiates a car key sharing application to the authority server.

Exemplarily, the parameters of the car key sharing application include: user B's identification (userB_ID), vehicle identification (car_ID) and configuration file. The role of the configuration file is full, indicating that the first device indicates that the second device has full configuration, control and driving capabilities.

Step 702, the authority server checks the qualification of user A.

Exemplarily, the authority server checks and obtains: user A has the qualification to share the digital car key of the full role.

Step 703, the authority server records the corresponding authority of user B.

Exemplarily, the authority server records the ID of user B (userB_ID), the ID of the vehicle (car_ID) and the configuration file, and the role of the configuration file is full.

Step 704, the authority server returns that the operation is successful.

A successful operation is the application success message in the above embodiment, which is used to indicate that the car key sharing application has been successfully received.

Step 705, user A initiates a public and private key request to user B.

Exemplarily, the parameters of the public-private key request include: a vehicle identification (car_ID), which is used to request the user B to generate the public-private key required by the digital car key.

Step 706, user B generates public and private keys.

Exemplarily, the public key is marked as pubKey, and the private key is marked as priKey.

Step 707, initiate a vehicle key acquisition request to the authority server.

Exemplarily, the car key acquisition request is used to request to acquire a shared digital car key, and the parameters of the car key acquisition request include: a vehicle identification (car_ID) and a public key pubKey generated by user B.

Step 708, the authorization server finds the corresponding configuration file according to the user B's identification (userB_ID) and vehicle identification (car_ID).

Step 709, the authority server configures the authority of user B to the vehicle.

Exemplarily, the authority server configures the security service of the car according to the configuration file full. Since full is all authority, the security service adds user B as a configurable user, and adds an access control item that user B has all authority to the ACL.

Step 710, the vehicle sends the configuration success to the authorization server.

Step 711, the authority server generates the digital car key of user B.

Exemplarily, the authority server generates a digital certificate as a shared digital car key according to the public key pubKey of user B, and the certificate includes user B's identification (userB_ID).

Step 712, the authority server sends the generated digital car key to user B.

Step 713, user B uses the digital car key to perform two-way authentication with the car, and establishes a secure connection.

Step 714, user B sends a configuration request to the vehicle based on the established secure connection.

Step 715, the vehicle checks the authority and allows the configuration request.

Exemplarily, after the vehicle receives the configuration request, it checks whether the target that user B wants to configure has a corresponding ACL. If there is an ACL, it judges whether user B has the corresponding authority according to the user B's identification (userB_ID), finds a matching access control item, and allows the configuration request;

Step 716: After the vehicle performs the corresponding configuration operation, it returns to user B that the operation is successful.

Operation Successful is used to indicate that the vehicle has been successfully configured.

Please refer to FIG. 8 , which shows a flow chart of a digital car key sharing method provided by an embodiment of the present application. This method can be applied to the digital car key sharing system shown in FIG. 2 .

In this embodiment, the description form of the capability description information is the identification information of the capability list item. The digital car key sent by the authority server to the second device includes: a car configuration key (that is, the second digital car key above) and a car access key (that is, the third digital car key above). The car configuration key has the configuration capability, and the car access key has other capabilities except the configuration capability. In this embodiment, user A refers to the first device, and user B refers to the second device. In this embodiment, the capability description information is included in the configuration file. The method may include the following steps:

Step 801, user A initiates a car key sharing application to the authority server.

Exemplarily, the parameters of the car key sharing application include: user B's identification (userB_ID), vehicle identification (car_ID) and a configuration file. The capability table of the configuration file is ID=0&1&2, which means that the first device indicates that the second device has configuration capability, control capability and driving capability.

Step 802, the authority server checks the qualification of user A.

Exemplarily, the authority server checks and obtains: user A has the qualification to share the digital car key of the capability in the configuration file.

Step 803, the authority server records the corresponding authority of user B.

Exemplarily, the authority server records the ID of user B (userB_ID), the ID of the vehicle (car_ID) and the configuration file, and the capability table of the configuration file is ID=0&1&2.

Step 804, the authority server returns that the operation is successful.

Step 805, the authority server generates the car access key and car configuration key of user B.

Exemplarily, since the configuration file includes the configuration capability (Config), the authority server generates the vehicle configuration key, which can be used for configuration; because the configuration file also includes the control capability (Access) and the driving capability (drive), the authority server generates the vehicle access key, which can be used for control and driving.

Exemplarily, the car configuration key and the car access key can be distinguished in form, for example, the key contains a flag indicating the type of the key.

Step 806, the authority server pushes the generated car access key and car configuration key to user B.

Exemplarily, the parameters of the car key include: user A's identification (userA_ID), vehicle identification (car_ID).

Step 807, the authorization server pushes the generated vehicle access key and vehicle configuration key to the vehicle.

Exemplarily, the vehicle stores corresponding car keys according to key types.

Step 808, user B returns a key acquisition success message to the authority server.

The key acquisition success message is used to indicate that the vehicle access key and the vehicle configuration key have been received successfully.

Step 809, the vehicle returns a configuration success message to the authority server.

The configuration success message is used to indicate that the authority of the second device is successfully configured to the vehicle.

Step 810, user B uses the vehicle configuration key to request to establish a configuration connection with the vehicle.

User B initiates the configuration of the vehicle through the vehicle configuration key.

Step 811, the vehicle uses the corresponding vehicle configuration key for authentication.

Exemplarily, the vehicle finds the corresponding vehicle configuration key on the vehicle according to the identification of user B (userB_ID) or the serial number of the vehicle configuration key (it is required that the authority server generates the key number at the same time when generating the key), and authenticates the request.

Step 812 , after the authentication is passed, the vehicle opens the configuration window according to the vehicle configuration key, allowing access to configuration-related data of the vehicle.

Step 813, user B establishes a configuration connection with the vehicle.

Step 814, user B sends a configuration request to the vehicle based on the established configuration connection.

Step 815: After the vehicle performs the corresponding configuration operation, it returns to user B that the operation is successful.

It can be understood that the above method embodiments can be implemented alone or in combination, which is not limited in the present application.

In each of the above embodiments, the steps performed by the authority server can independently realize the sharing method of the digital car key on the side of the authority server; the steps performed by the first device can independently realize the sharing method of the digital car key on the side of the first device; the steps performed by the second device can independently realize the sharing method of the digital car key on the side of the second device;

The following are device embodiments of the present application, which can be used to implement the method embodiments of the present application. For details not disclosed in the device embodiments of the present application, please refer to the method embodiments of the present application.

Please refer to FIG. 9 , which shows a block diagram of a digital car key sharing device provided by an embodiment of the present application. The device has the function of implementing the above-mentioned method example. The function can be realized by hardware, or by hardware executing corresponding software. The device can be implemented as an authority server, or can be implemented as a part of the authority server. The device 900 may include:

The sharing application receiving module 901 is configured to receive a car key sharing application message sent by the first device, wherein the car key sharing application message carries capability description information for describing capabilities, and the car key sharing application message is used to apply to the authority server for configuration of permissions corresponding to the capabilities of the second device, and the capabilities include configuration capabilities;

The recording module 902 is configured to record that the second device corresponds to the capability description information.

Optionally, the device further includes: a permission configuration sending module;

The permission configuration sending module is configured to send a permission configuration message to the vehicle, where the permission configuration message is used to indicate that the permission corresponding to the capability of the second device is configured to the vehicle.

Optionally, the device further includes: a vehicle key acquisition request receiving module;

The car key acquisition request module is configured to receive a car key acquisition request message sent by the second device, and the car key acquisition request message is used to request to acquire a digital car key;

The authority configuration sending module is configured to send the authority configuration message to the vehicle when the capability description information corresponding to the vehicle key acquisition request message is found.

Optionally, the device also includes: a car key sending module;

The car key sending module is configured to send a first digital car key to the second device, and the first digital car key carries the capability description information;

or,

The car key sending module is configured to send a second digital car key to the second device, and the second digital car key carries information corresponding to the configuration capability in the capability description information.

Optionally, the device also includes: a car key sending module;

The car key sending module is configured to send a second digital car key to the vehicle, and the second digital car key carries information corresponding to the configuration capability in the capability description information.

Optionally, the car key sending module is configured to send the second digital car key to the second device.

Optionally, the values of the key flags of the second digital car key and the third digital car key are different, and the key flags are used to identify the key type;

or,

The encryption form of the second digital car key is different from that of the third digital car key;

Wherein, the third digital car key carries information corresponding to other capabilities in the capability description information except the configuration capability, and the other capabilities include at least one of the following: control capability, driving capability, vehicle delivery, valet parking, and vehicle service key.

Optionally, the control capability is the capability to control the facilities of the vehicle;

said ability to drive is the ability to launch said vehicle into a driving state;

said vehicle delivery is the ability to perform a delivery process on said vehicle;

said valet parking is the ability to park said vehicle;

The vehicle service key is the ability to access services provided to the vehicle.

Optionally, the configuration capability is the capability of granting a third-party device the right to access the virtual resource of the vehicle.

Optionally, the description form of the capability description information is identification information of a role list item, and the role list item is used to describe a role, and the capabilities possessed by the role include the configuration capability;

or,

The description form of the capability description information is identification information of a capability list item, and the capability list item is used to describe a capability, and the capability includes the configuration capability.

Please refer to FIG. 10 , which shows a block diagram of a digital car key sharing device provided by an embodiment of the present application. The device has the function of implementing the above-mentioned method example, and the function can be realized by hardware, and can also be realized by hardware executing corresponding software. The apparatus may be realized as the first device, or may be realized as a part of the first device. The device 1000 may include:

The sharing application sending module 1001 is configured to send a car key sharing application message to an authority server, where the vehicle key sharing application message carries capability description information for describing capabilities, and the car key sharing application message is used to apply to the authority server for configuration of permissions corresponding to the capabilities of the second device, and the capabilities include configuration capabilities.

or,

Please refer to FIG. 11 , which shows a block diagram of a digital car key sharing device provided by an embodiment of the present application. The device has the function of implementing the above-mentioned method example. The function can be realized by hardware, and can also be realized by hardware executing corresponding software. The apparatus may be implemented as the second device, or may be implemented as a part of the second device. The device 1100 may include:

The car key receiving module 1101 is used to receive the digital car key sent by the authority server;

Optionally, the device further includes: configuring a connection establishment module;

The configuration connection establishment module is configured to use the second digital vehicle key to establish a configuration connection with the vehicle, the configuration connection is a connection allowing access to configuration-related data of the vehicle.

Optionally, the configuration connection establishment module is used for:

sending a connection establishment request message to the vehicle, where the connection establishment request message is used to request establishment of the configuration connection with the vehicle, and the connection establishment request message is encrypted by the second device using the second digital vehicle key;

If the vehicle passes the authentication of the connection establishment request message, establish the configuration connection with the vehicle;

Wherein, the connection establishment request message carries the device identification of the second device, or the key number of the second digital car key.

or,

The encrypted forms of the second digital car key and the third digital car key are different;

the ability to drive is the ability to launch the vehicle into a driving state;

said valet parking is the ability to park said vehicle;

Optionally, the configuration capability is the capability of granting a third-party device the right to access the virtual resources of the vehicle.

or,

Please refer to FIG. 12 , which shows a block diagram of a digital car key sharing device provided by an embodiment of the present application. The device has the function of implementing the above-mentioned method example, and the function can be realized by hardware, and can also be realized by hardware executing corresponding software. The device can be implemented as a vehicle, or can be implemented as a part of the vehicle. The device 1200 may include:

The authority configuration module 1201 is configured to receive an authority configuration message sent by an authority server, the authority configuration message is used to indicate that the authority corresponding to the capability of the second device is configured to the vehicle, the capability is indicated by the capability description information received by the authority server, the capability description information is used to describe the capability, and the capability includes configuration capability; configure the authority corresponding to the capability of the second device to the vehicle;

or,

The car key receiving module 1202 is configured to receive the second digital car key sent by the authority server, where the second digital car key carries information corresponding to the configuration capability in the capability description information.

Optionally, the authority configuration module 1201 is configured to:

The second device is added as a configurable user, and the second device is added to the first access control list ACL corresponding to the second device to have the permission of the access control item in the first ACL.

Optionally, the device further includes: a configuration verification module; the configuration verification module is used for:

receiving a configuration request message sent by the second device;

Where the configuration request message is used to request configuration of a target item, allowing the configuration request message based on the existence of an access control item matching the target item in the first ACL;

or,

If the configuration request message is used to request configuration of the second ACL corresponding to the third-party device, the configuration request message is allowed based on that the second device is the configurable user.

The configuration connection establishing module is configured to use the second digital vehicle key to establish a configuration connection with the second device, the configuration connection is a connection allowing access to configuration-related data of the vehicle.

Optionally, the configuration connection establishment module is used for:

receiving a connection establishment request message sent by the second device, where the connection establishment request message is used to request establishment of the configuration connection with the vehicle, and the connection establishment request message is encrypted by the second device using the second digital car key on the second device side;

Using the local second digital car key as a key to decrypt and authenticate the connection establishment request message;

If the authentication of the connection establishment request message is passed, establish the configuration connection with the second device.

Optionally, the device also includes: a car key search module;

The car key search module is configured to search locally for the corresponding second digital car key when the connection establishment request message carries the device identifier of the second device;

Or, the car key search module is configured to search for the corresponding second digital car key locally when the connection establishment request message carries the key number of the second digital car key.

or,

the ability to drive is the ability to launch the vehicle into a driving state;

said valet parking is the ability to park said vehicle;

or,

It should be noted that, when the device provided in the above embodiment implements its functions, the division of the above-mentioned functional modules is used as an example for illustration. In practical applications, the above-mentioned function allocation can be completed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules, so as to complete all or part of the functions described above. In addition, the device and the method embodiment provided by the above embodiment belong to the same idea, and the specific implementation process thereof is detailed in the method embodiment, and will not be repeated here.

FIG. 13 shows a schematic structural diagram of a device (authority server or first device or second device or vehicle) provided by an exemplary embodiment of the present application. The device 1300 includes: a processor 1301 , a transceiver 1302 and a memory 1303 .

The processor 1301 includes one or more processing cores, and the processor 1301 executes various functional applications by running software programs and modules.

The transceiver 1302 can be used for receiving and sending information, and the transceiver 1302 can be a communication chip.

The memory 1303 may be used to store a computer program, and the processor 1301 is used to execute the computer program, so as to implement various steps performed by the device in the above method embodiments.

In addition, the memory 1303 can be realized by any type of volatile or nonvolatile storage device or their combination. The volatile or nonvolatile storage device includes but is not limited to: random-access memory (Random-Access Memory, RAM) and read-only memory (Read-Only Memory, ROM), erasable programmable read-only memory (Erasable Programmable Read-Only Memory, EPROM), electrically erasable programmable read-only memory (Electrically Erasable) asable Programmable Read-Only Memory, EEPROM), flash memory or other solid-state storage technology, compact disc read-only memory (CD-ROM), high-density digital video disc (Digital Video Disc, DVD) or other optical storage, tape cartridges, tapes, magnetic disk storage or other magnetic storage devices.

Wherein, when the device is implemented as an authority server, the processor 1301, transceiver 1302, and memory 1303 involved in the embodiment of the present application may execute the steps performed by the authority server in any of the methods shown in FIGS.

In a possible implementation, when the device is implemented as a permission server,

The transceiver 1302 is configured to receive a car key sharing application message sent by the first device, where the car key sharing application message carries capability description information for describing capabilities, and the car key sharing application message is used to apply to the authority server for configuration of permissions corresponding to the capabilities of the second device, and the capabilities include configuration capabilities;

The memory 1303 is configured to record that the second device corresponds to the capability description information.

Wherein, when the device is implemented as the first device, the processor 1301, the transceiver 1302, and the memory 1303 involved in the embodiment of the present application may execute the steps performed by the first device in any of the methods shown in FIG. 3 to FIG. 8 above, which will not be repeated here.

In a possible implementation manner, when the device is implemented as the first device,

The transceiver 1302 is configured to send a car key sharing application message to an authority server, where the car key sharing application message carries capability description information for describing capabilities, and the car key sharing application message is used to apply to the authority server for configuration of the authority corresponding to the capability of the second device, and the capability includes configuration capabilities.

Wherein, when the device is implemented as the second device, the processor 1301, the transceiver 1302, and the memory 1303 involved in the embodiment of the present application may execute the steps performed by the second device in any of the methods shown in FIG. 3 to FIG. 8 above, which will not be repeated here.

In a possible implementation manner, when the device is implemented as a second device,

The transceiver 1302 is used to receive the digital car key sent by the authority server;

Wherein, when the device is implemented as a vehicle, the processor 1301, transceiver 1302, and memory 1303 involved in the embodiment of the present application can execute the steps performed by the vehicle in any of the methods shown in FIGS. 3 to 8 above, which will not be repeated here.

In a possible implementation, when the device is implemented as a vehicle,

The transceiver 1302 is configured to receive a permission configuration message sent by a permission server, the permission configuration message is used to indicate that the permission corresponding to the capability of the second device is configured to the vehicle, the capability is indicated by capability description information received by the permission server, the capability description information is used to describe the capability, and the capability includes configuration capability; configure the permission corresponding to the capability of the second device to the vehicle;

or,

The transceiver 1302 is configured to receive the second digital car key sent by the authority server, where the second digital car key carries information corresponding to the configuration capability in the capability description information.

In an exemplary embodiment, a computer-readable storage medium is also provided, and a computer program is stored in the computer-readable storage medium, and the computer program is loaded and executed by a processor of a computer device to implement the digital car key sharing method described in the above aspects.

In an exemplary embodiment, a chip is also provided, the chip includes a programmable logic circuit and/or program instructions, and when the chip is run on the device, it is used to implement the digital car key sharing method described in the above aspect.

In an exemplary embodiment, a computer program product is also provided. When the computer program product runs on a processor of a computer device, the computer device executes the digital car key sharing method described in the above aspect.

Those of ordinary skill in the art can understand that all or part of the steps of implementing the above-mentioned embodiments can be completed by hardware, and can also be completed by instructing related hardware through a program. The program can be stored in a computer-readable storage medium. The above-mentioned storage medium can be a read-only memory, a magnetic disk or an optical disk, etc.

The above descriptions are only exemplary embodiments of the present application, and are not intended to limit the present application. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present application shall be included within the protection scope of the present application.

Claims

A method for sharing digital car keys, characterized in that the method is executed by an authority server, and the method includes:

receiving a car key sharing application message sent by the first device, wherein the car key sharing application message carries capability description information for describing capabilities, and the car key sharing application message is used to apply to the authority server for configuration of permissions corresponding to the capabilities of the second device, and the capabilities include configuration capabilities;

Recording that the second device corresponds to the capability description information.
The method according to claim 1, further comprising:

sending a permission configuration message to the vehicle, where the permission configuration message is used to indicate that the permission corresponding to the capability of the second device is configured to the vehicle.
The method according to claim 2, further comprising:

receiving a car key acquisition request message sent by the second device, where the car key acquisition request message is used to request to acquire a digital car key;

The sending permission configuration message to the vehicle includes:

If the capability description information corresponding to the vehicle key acquisition request message is found, the authority configuration message is sent to the vehicle.
The method according to claim 2, further comprising:

sending a first digital car key to the second device, where the first digital car key carries the capability description information;

or,

Sending a second digital car key to the second device, where the second digital car key carries information corresponding to the configuration capability in the capability description information.
The method according to claim 1, further comprising:

Sending a second digital car key to the vehicle, where the second digital car key carries information corresponding to the configuration capability in the capability description information.
The method according to claim 5, wherein the method further comprises:

The second digital vehicle key is sent to the second device.
The method according to any one of claims 4 to 6, characterized in that,

The values of the key flags of the second digital car key and the third digital car key are different, and the key flags are used to identify the key type;

or,

The encrypted forms of the second digital car key and the third digital car key are different;

Wherein, the third digital car key carries information corresponding to other capabilities in the capability description information except the configuration capability, and the other capabilities include at least one of the following: control capability, driving capability, vehicle delivery, valet parking, and vehicle service key.
The method according to claim 7, characterized in that,

The control capability is the capability to control the facilities of the vehicle;

the ability to drive is the ability to launch the vehicle into a driving state;

said vehicle delivery is the ability to perform a delivery process on said vehicle;

said valet parking is the ability to park said vehicle;

The vehicle service key is the ability to access services provided to the vehicle.
The method according to any one of claims 1 to 6, characterized in that,

The configuration capability is the capability to give a third-party device the right to access the virtual resources of the vehicle.
The method according to any one of claims 1 to 6, characterized in that,

The description form of the capability description information is identification information of a role list item, and the role list item is used to describe a role, and the capabilities possessed by the role include the configuration capability;

or,

The description form of the capability description information is identification information of a capability list item, and the capability list item is used to describe a capability, and the capability includes the configuration capability.
A method for sharing digital car keys, characterized in that the method is executed by a first device, and the method includes:

Sending a car key sharing application message to the authority server, where the car key sharing application message carries capability description information for describing capabilities, and the car key sharing application message is used to apply to the authority server for configuration of the authority corresponding to the capability of the second device, and the capability includes configuration capabilities.
The method according to claim 11, characterized in that,

The configuration capability is the capability to give a third-party device the right to access the virtual resources of the vehicle.
The method according to claim 11 or 12, characterized in that,

The description form of the capability description information is identification information of a role list item, and the role list item is used to describe a role, and the capabilities possessed by the role include the configuration capability;

or,

The description form of the capability description information is identification information of a capability list item, and the capability list item is used to describe a capability, and the capability includes the configuration capability.
A method for sharing digital car keys, characterized in that the method is executed by a second device, and the method includes:

Receive the digital car key sent by the authority server;

Wherein, the digital car key includes: a first digital car key, and the first digital car key carries capability description information for describing a capability, and the capability includes a configuration capability; or, the digital car key includes: a second digital car key, and the second digital car key carries information corresponding to the configuration capability in the capability description information.
The method according to claim 14, characterized in that the method further comprises:

Using the second digital vehicle key, a configuration connection is established with the vehicle, the configuration connection being a connection allowing access to configuration-related data of the vehicle.
The method according to claim 15, wherein said using said second digital car key to establish a configuration connection with the vehicle comprises:

sending a connection establishment request message to the vehicle, where the connection establishment request message is used to request establishment of the configuration connection with the vehicle, and the connection establishment request message is encrypted by the second device using the second digital vehicle key;

If the vehicle passes the authentication of the connection establishment request message, establish the configuration connection with the vehicle;

Wherein, the connection establishment request message carries the device identification of the second device, or the key number of the second digital car key.
The method according to any one of claims 14 to 16, wherein,

The values of the key flags of the second digital car key and the third digital car key are different, and the key flags are used to identify the key type;

or,

The encrypted forms of the second digital car key and the third digital car key are different;

Wherein, the third digital car key carries information corresponding to other capabilities in the capability description information except the configuration capability, and the other capabilities include at least one of the following: control capability, driving capability, vehicle delivery, valet parking, and vehicle service key.
The method according to claim 17, characterized in that,

The control capability is the capability to control the facilities of the vehicle;

the ability to drive is the ability to launch the vehicle into a driving state;

said vehicle delivery is the ability to perform a delivery process on said vehicle;

said valet parking is the ability to park said vehicle;

The vehicle service key is the ability to access services provided to the vehicle.
The method according to any one of claims 14 to 16, wherein,

The configuration capability is the capability to give a third-party device the right to access the virtual resources of the vehicle.
The method according to any one of claims 14 to 16, wherein,

The description form of the capability description information is identification information of a role list item, and the role list item is used to describe a role, and the capabilities possessed by the role include the configuration capability;

or,

The description form of the capability description information is identification information of a capability list item, and the capability list item is used to describe a capability, and the capability includes the configuration capability.
A method for sharing digital car keys, characterized in that the method is executed by a vehicle, and the method includes:

Receiving an authority configuration message sent by an authority server, the authority configuration message is used to indicate that the authority corresponding to the capability of the second device is configured to the vehicle, the capability is indicated by the capability description information received by the authority server, the capability description information is used to describe the capability, and the capability includes a configuration capability; configure the authority corresponding to the capability of the second device to the vehicle;

or,

Receive the second digital car key sent by the authority server, where the second digital car key carries information corresponding to the configuration capability in the capability description information.
The method according to claim 21, wherein the configuring the authority corresponding to the capability of the second device to the vehicle comprises:

The second device is added as a configurable user, and the second device is added to the first access control list ACL corresponding to the second device to have the permission of the access control item in the first ACL.
The method according to claim 22, further comprising:

receiving a configuration request message sent by the second device;

Where the configuration request message is used to request configuration of a target item, allowing the configuration request message based on the existence of an access control item matching the target item in the first ACL;

or,

If the configuration request message is used to request configuration of the second ACL corresponding to the third-party device, the configuration request message is allowed based on that the second device is the configurable user.
The method according to claim 21, characterized in that, in the case of receiving the second digital car key sent by the authority server, the method further comprises:

Using the second digital vehicle key, a configuration connection is established with the second device, the configuration connection being a connection allowing access to configuration-related data of the vehicle.
The method according to claim 24, wherein said establishing a configuration connection with said second device using said second digital car key comprises:

receiving a connection establishment request message sent by the second device, where the connection establishment request message is used to request establishment of the configuration connection with the vehicle, and the connection establishment request message is encrypted by the second device using the second digital car key on the second device side;

Using the local second digital car key as a key to decrypt and authenticate the connection establishment request message;

If the authentication of the connection establishment request message is passed, establish the configuration connection with the second device.
The method according to claim 25, further comprising:

If the connection establishment request message carries the device identifier of the second device, search for the corresponding second digital car key locally;

Or, in the case that the connection establishment request message carries the key number of the second digital car key, search for the corresponding second digital car key locally.
A method according to any one of claims 21 to 26, wherein,

The values of the key flags of the second digital car key and the third digital car key are different, and the key flags are used to identify the key type;

or,

The encrypted forms of the second digital car key and the third digital car key are different;

Wherein, the third digital car key carries information corresponding to other capabilities in the capability description information except the configuration capability, and the other capabilities include at least one of the following: control capability, driving capability, vehicle delivery, valet parking, and vehicle service key.
The method of claim 27, wherein,

The control capability is the capability to control the facilities of the vehicle;

the ability to drive is the ability to launch the vehicle into a driving state;

said vehicle delivery is the ability to perform a delivery process on said vehicle;

said valet parking is the ability to park said vehicle;

The vehicle service key is the ability to access services provided to the vehicle.
A method according to any one of claims 21 to 26, wherein,

The configuration capability is the capability to give a third-party device the right to access the virtual resources of the vehicle.
A method according to any one of claims 21 to 26, wherein,

The description form of the capability description information is identification information of a role list item, and the role list item is used to describe a role, and the capabilities possessed by the role include the configuration capability;

or,

The description form of the capability description information is identification information of a capability list item, and the capability list item is used to describe a capability, and the capability includes the configuration capability.
A digital car key sharing device, characterized in that the device includes:

The sharing application receiving module is configured to receive a car key sharing application message sent by the first device, the car key sharing application message carries capability description information for describing capabilities, and the car key sharing application message is used to apply to the authority server for configuration of permissions corresponding to the capabilities of the second device, and the capabilities include configuration capabilities;

A recording module, configured to record that the second device corresponds to the capability description information.
A digital car key sharing device, characterized in that the device includes:

The sharing application sending module is configured to send a car key sharing application message to an authority server, wherein the car key sharing application message carries capability description information for describing capabilities, and the car key sharing application message is used to apply to the authority server for configuration of the authority corresponding to the capability of the second device, and the capability includes configuration capabilities.
A digital car key sharing device, characterized in that the device includes:

The car key receiving module is used to receive the digital car key sent by the authority server;

Wherein, the digital car key includes: a first digital car key, and the first digital car key carries capability description information for describing a capability, and the capability includes a configuration capability; or, the digital car key includes: a second digital car key, and the second digital car key carries information corresponding to the configuration capability in the capability description information.
A digital car key sharing device, characterized in that the device includes:

An authority configuration module, configured to receive an authority configuration message sent by an authority server, where the authority configuration message is used to indicate that the authority corresponding to the capability of the second device is configured to the vehicle, the capability is indicated by capability description information received by the authority server, and the capability description information is used to describe the capability, and the capability includes a configuration capability; configure the authority corresponding to the capability of the second device to the vehicle;

or,

The car key receiving module is configured to receive the second digital car key sent by the authority server, where the second digital car key carries information corresponding to the configuration capability in the capability description information.
An authority server, characterized in that the authority server includes: a transceiver and a memory;

The transceiver is configured to receive a car key sharing application message sent by the first device, where the car key sharing application message carries capability description information for describing capabilities, and the car key sharing application message is used to apply to the authority server for configuration of permissions corresponding to the capabilities of the second device, and the capabilities include configuration capabilities;

The memory is configured to record that the second device corresponds to the capability description information.
A first device, characterized in that the first device includes: a transceiver;

The transceiver is configured to send a car key sharing application message to an authority server, where the car key sharing application message carries capability description information for describing capabilities, and the car key sharing application message is used to apply to the authority server for configuration of the authority corresponding to the capability of the second device, and the capability includes configuration capabilities.
A second device, characterized in that the second device includes: a transceiver;

The transceiver is used to receive the digital car key sent by the authority server;

Wherein, the digital car key includes: a first digital car key, and the first digital car key carries capability description information for describing a capability, and the capability includes a configuration capability; or, the digital car key includes: a second digital car key, and the second digital car key carries information corresponding to the configuration capability in the capability description information.
A vehicle, characterized in that the vehicle comprises: a transceiver;

The transceiver is configured to receive a permission configuration message sent by a permission server, the permission configuration message is used to indicate that the permission corresponding to the capability of the second device is configured to the vehicle, the capability is indicated by capability description information received by the permission server, and the capability description information is used to describe the capability, and the capability includes a configuration capability; configure the permission corresponding to the capability of the second device to the vehicle;

or,

The transceiver is configured to receive the second digital car key sent by the authority server, where the second digital car key carries information corresponding to the configuration capability in the capability description information.
A computer-readable storage medium, characterized in that a computer program is stored in the computer-readable storage medium, and the computer program is loaded and executed by a processor to implement the digital car key sharing method according to any one of claims 1 to 30.
A chip, characterized in that the chip includes a programmable logic circuit and/or program instructions, and when the chip is running, it is used to realize the digital car key sharing method according to any one of claims 1 to 30.
A computer program product or computer program, characterized in that the computer program product or computer program includes computer instructions, the computer instructions are stored in a computer-readable storage medium, and the processor reads and executes the computer instructions from the computer-readable storage medium, so as to realize the digital car key sharing method according to any one of claims 1 to 30.