CN106850638A - A kind of mobile unit access control method and system - Google Patents

A kind of mobile unit access control method and system Download PDF

Info

Publication number
CN106850638A
CN106850638A CN201710078133.4A CN201710078133A CN106850638A CN 106850638 A CN106850638 A CN 106850638A CN 201710078133 A CN201710078133 A CN 201710078133A CN 106850638 A CN106850638 A CN 106850638A
Authority
CN
China
Prior art keywords
mobile unit
nfc
information
user
security class
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710078133.4A
Other languages
Chinese (zh)
Other versions
CN106850638B (en
Inventor
皮魏
郝波
戴计生
肖家博
黄铖
冯东
巫钊
毕文
毕文一
周贤民
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CRRC Zhuzhou Institute Co Ltd
Original Assignee
CRRC Zhuzhou Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CRRC Zhuzhou Institute Co Ltd filed Critical CRRC Zhuzhou Institute Co Ltd
Priority to CN201710078133.4A priority Critical patent/CN106850638B/en
Publication of CN106850638A publication Critical patent/CN106850638A/en
Application granted granted Critical
Publication of CN106850638B publication Critical patent/CN106850638B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication

Abstract

The invention discloses a kind of mobile unit access control method and system, the system includes:NFC terminal, for reading mobile unit identification information from mobile unit, reads identity code from nfc card, and device identifying information and identity code are carried out into the matching analysis, if the match is successful, authentication passes through, and generates device keyses using mobile unit identification information and sends to mobile unit;The nfc card, for storing identity code;The mobile unit, for dynamic generation device keyses, the device keyses that NFC terminal is sended over carry out the matching analysis with the device keyses of dynamic generation, if the match is successful, device authentication passes through, and receive access request of the NFC terminal to mobile unit;The mobile unit also includes NFC chip, for storing the mobile unit identification information.The system is realized improving the security for accessing mobile unit.

Description

A kind of mobile unit access control method and system
Technical field
The present invention relates to mobile unit technical field, more particularly to a kind of mobile unit access control method and system.
Background technology
Train is made up of numerous mobile units, data access is carried out to it, running status is checked, is sent maintenance instruction, right Very important meaning is suffered from the safe operation of the normal operation of the equipment of holding, or even whole train system.User is to car The access of load equipment is extremely sensitive behavior, it is understood that there may be many security risks, so in the urgent need to introducing a kind of peace Full access control method takes precautions against malicious access and attack of the disabled user to mobile unit.
At present, or train-installed equipment controls user to conduct interviews it completely without any safety prevention measure, Simple access control is carried out by the very weak identification authentication mode based on user password, such equipment very may be used Some unauthorized access can be subject to, the leakage of mobile unit data be caused, is distorted and destroy, consequently, it is possible to causing mobile unit core Heart technology is stolen by others, in some instances it may even be possible to cause the damage of mobile unit, influences train system safety.
The content of the invention
It is an object of the invention to provide a kind of mobile unit access control method and system, to realize improving to mobile unit The security of access.
In order to solve the above technical problems, the present invention provides a kind of mobile unit access control system, the system includes:
NFC terminal, for reading mobile unit identification information from mobile unit, reads identity code, and will set from nfc card Standby identification information carries out the matching analysis with identity code, if the match is successful, authentication passes through, using mobile unit identification information Generation device keyses are simultaneously sent to mobile unit;
The nfc card, for storing identity code;
The mobile unit, for dynamic generation device keyses, the device keyses that NFC terminal is sended over are raw with dynamic Into device keyses carry out the matching analysis, if the match is successful, device authentication passes through, and receives visit of the NFC terminal to mobile unit Ask request;The mobile unit also includes NFC chip, for storing the mobile unit identification information.
Preferably, the system also includes:
Back-stage management server, for being registered to mobile unit identification information, receives what NFC workbench was sended over User profile is simultaneously registered to user profile, and mobile unit identification information and user profile are mapped, and generates identity code And send to NFC workbench;
The NFC workbench, for obtaining user profile and sending to back-stage management server;By back-stage management server The identity code for sending over is written in nfc card.
Preferably, the back-stage management server is additionally operable to according to user profile distributing user safety level information, by institute Stating user security class information grade corresponding with the user security class information allows the vehicle equipment information for accessing to enter Row mapping, realizes the hierarchical access control to vehicle equipment information.
Preferably, the NFC terminal is additionally operable to that identity code parse to obtain user security class information, and user is pacified Full class information is encrypted, and the user security class information after being encrypted simultaneously is sent to mobile unit.
Preferably, the mobile unit is additionally operable to the user security class information after the encryption sended over to NFC terminal It is decrypted, obtains user security class information, session key seed is generated and to NFC terminal using user security class information Send session key seed.
The present invention also provides a kind of mobile unit access control method, for the mobile unit access control system, should Method includes:
NFC terminal reads mobile unit identification information from mobile unit, identity code is read from nfc card, and equipment is known Other information carries out the matching analysis with identity code, if the match is successful, authentication passes through, and is generated using mobile unit identification information Device keyses are simultaneously sent to mobile unit;
Mobile unit dynamically generates device keyses, the equipment that the device keyses that NFC terminal is sended over are generated with dynamic Key carries out the matching analysis, if the match is successful, device authentication passes through, and receives access request of the NFC terminal to mobile unit.
Preferably, before NFC terminal reads mobile unit identification information from mobile unit, also include:
NFC workbench obtains user profile and sends to back-stage management server;
Back-stage management server is registered to mobile unit identification information, and receives the use that NFC workbench is sended over Family information is simultaneously registered to user profile, and mobile unit identification information and user profile are mapped, and generation identity code is simultaneously Send to NFC workbench;
Be written to the identity code that back-stage management server is sended in nfc card by NFC workbench.
Preferably, the back-stage management server is registered to mobile unit identification information, is received NFC workbench and is sent The user profile that comes over and after being registered to user profile, also includes:
Back-stage management server foundation user profile distributing user safety level information, by the user security class information Grade corresponding with the user security class information allows the vehicle equipment information for accessing to be mapped, and realization sets to vehicle-mounted The hierarchical access control of standby information.
Preferably, if it is described the match is successful, device authentication passes through, and receives NFC terminal to the access request of mobile unit Afterwards, also include:
NFC terminal to identity code parse and obtains user security class information, and user security class information is added Close, user security class information after being encrypted simultaneously is sent to mobile unit.
Preferably, the NFC terminal to identity code parse and obtains user security class information, to user security grade Information is encrypted, and the user security class information after being encrypted simultaneously is sent to mobile unit, is also included:
User security class information after the encryption that mobile unit is sended over to NFC terminal is decrypted, and obtains user Safety level information, generates session key seed and sends session key seed to NFC terminal using user security class information.
A kind of mobile unit access control method provided by the present invention and system, NFC terminal, for reading from mobile unit Pick up the car and carry device identifying information, identity code is read from nfc card, and device identifying information and identity code are carried out into the matching analysis, If the match is successful, authentication passes through, and generates device keyses using mobile unit identification information and sends to mobile unit;Institute Nfc card is stated, for storing identity code;The mobile unit, for dynamic generation device keyses, NFC terminal is sended over Device keyses carry out the matching analysis with the device keyses of dynamic generation, if the match is successful, device authentication passes through, and receive NFC ends Hold the access request to mobile unit;The mobile unit also includes NFC chip, for storing the mobile unit identification letter Breath.It can be seen that, device authentication also is carried out by device keyses by after authentication, only in authentication and device authentication all Can just conduct interviews mobile unit in the case of, improve what mobile unit was accessed using authentication and device authentication Security.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing The accompanying drawing to be used needed for having technology description is briefly described, it should be apparent that, drawings in the following description are only this Inventive embodiment, for those of ordinary skill in the art, on the premise of not paying creative work, can also basis The accompanying drawing of offer obtains other accompanying drawings.
Fig. 1 is a kind of structural representation figure of mobile unit access control system provided by the present invention;
Fig. 2 is the concrete structure schematic diagram that car-mounted terminal accesses system;
Fig. 3 is a kind of flow chart of mobile unit access control method provided by the present invention;
Fig. 4 is mobile unit and user profile registration and NFC identity code product process schematic diagrames;
Fig. 5 is authenticating user identification and access mandate schematic flow sheet.
Specific embodiment
Core of the invention is to provide a kind of mobile unit access control method and system, to realize improving to mobile unit The security of access.
In order that those skilled in the art more fully understand the present invention program, below in conjunction with the embodiment of the present invention Accompanying drawing, is clearly and completely described to the technical scheme in the embodiment of the present invention, it is clear that described embodiment is only A part of embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art The every other embodiment obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
Relevant technical terms are explained as follows:
NFC (near field communication), a kind of the short distance wireless communication technology.
Fig. 1 is refer to, Fig. 1 is a kind of structural representation of mobile unit access control system provided by the present invention, should System includes:
NFC terminal 101, for reading mobile unit identification information from mobile unit, reads identity code from nfc card, and Device identifying information and identity code are carried out into the matching analysis, if the match is successful, authentication passes through, recognized using mobile unit Information generating device key is simultaneously sent to mobile unit;
Nfc card 102, for storing identity code;
Mobile unit 103, for dynamic generation device keyses, the device keyses that NFC terminal is sended over are raw with dynamic Into device keyses carry out the matching analysis, if the match is successful, device authentication passes through, and receives visit of the NFC terminal to mobile unit Ask request;
Wherein, mobile unit 103 also includes NFC chip, for storing mobile unit identification information.
It can be seen that, the system also carries out device authentication by after authentication by device keyses, only in authentication Can just conduct interviews mobile unit in the case of all passing through with device authentication, be improved to car using authentication and device authentication The security that load equipment is accessed.
Based on said system, specifically, the system also includes:
Back-stage management server, for being registered to mobile unit identification information, receives what NFC workbench was sended over User profile is simultaneously registered to user profile, and mobile unit identification information and user profile are mapped, and generates identity code And send to NFC workbench;
NFC workbench, for obtaining user profile and sending to back-stage management server;Back-stage management server is sent The identity code for coming over is written in nfc card.Fig. 2 is the concrete structure schematic diagram that car-mounted terminal accesses system.
Further, back-stage management server is additionally operable to according to user profile distributing user safety level information, by user Safety level information grade corresponding with user security class information allows the vehicle equipment information for accessing to be mapped, and realizes To the hierarchical access control of vehicle equipment information.
Wherein, vehicle equipment information includes mobile unit sequence number, model and other kinds vehicle equipment information.Enter one Step, NFC terminal is additionally operable to that identity code parse to obtain user security class information, and user security class information is carried out Encrypt, the user security class information after being encrypted simultaneously is sent to mobile unit.
Further, mobile unit is additionally operable to the user security class information after the encryption sended over to NFC terminal and enters Row decryption, obtains user security class information, generates session key seed using user security class information and is sent out to NFC terminal Send session key seed.
Wherein, identity code is specially NFC identity codes.
Wherein, after mobile unit sends key to NFC terminal, car-mounted terminal and NFC terminal utilize session key seed Generation identical session key, then, car-mounted terminal and NFC terminal Content of Communication is encrypted each with session key and Decryption.
Specifically, the system its composition include mobile unit, back-stage management server, NFC workbench, NFC terminal, The parts such as NFC chip, nfc card, by mobile unit identification information and user profile registration, mobile unit identification information and user Information management, the generation of NFC identity codes, the write-in of NFC identity codes, the reading of NFC information, NFC authentification of messages, setting based on NFC information The combination of the function such as standby key and session key generation and matching, certification attempts to access that the user identity of mobile unit, realizes using The binding of family information and the vehicle equipment information for allowing it to access, and corresponding visit is authorized to user according to the safe class of user Ask authority.The security accessed mobile unit can be greatly improved using the system.
Detailed, NFC terminal is the workbench that user directly operates, and possesses NFC abilitys to communicate and wirelessly or non-wirelessly connects Enter ability, In-vehicle networking can be accessed or by wired connection mobile unit by in-vehicle wireless device, set up and access vehicle-mounted setting Standby passage, and read NFC chip or nfc card information and carry out authenticating user identification.NFC terminal can also utilize what is read The session key of NFC information generating devices key, encryption user security grade, generation and vehicle equipment communication simultaneously utilizes the key Content of Communication is encrypted and decrypted.
Wherein, back-stage management server is that mobile unit and user provide information management service, realizes user's registration, registration User security ranking score is matched somebody with somebody, vehicle equipment information and user profile binding, and using registration mobile unit NFC identification informations and User profile generates NFC identity codes, is sent to NFC workbench.
Wherein, NFC workbench possesses the ability and NFC abilitys to communicate that information exchange is carried out with back-stage management server, can To realize the registration of user profile and to writing the function such as NFC identity codes in nfc card.
Wherein, nfc card accesses NFC terminal, and NFC terminal reads information from nfc card, and nfc card is held uniquely for user Identity documents, with NFC abilitys to communicate, can store some user profile, such as the safe class of user, and for user's body The NFC identity codes of part certification.
Wherein, NFC chip is arranged on car-mounted terminal, and the chip with NFC abilitys to communicate simultaneously stores mobile unit identification Information, for authenticating user identification, the access registrar of equipment and mandate.
Wherein, mobile unit constitutes whole train system, and the object that user accesses, is also the object of security protection.It is vehicle-mounted Terminal is to realize the main part of access control, possesses device keyses generation and matching, the generation of session key seed, session key The functions such as generation, encryption and decryption Content of Communication.
During user accesses and communicate with mobile unit, certification user identity is authorized accordingly according to user identity Access rights, and to communicate content be encrypted, the security protection to mobile unit all plays vital effect.This Invention is mapped vehicle equipment information and user profile using back-stage management server and is managed and generate NFC identity codes, Reading the information in NFC chip and nfc card by NFC terminal again carries out authenticating user identification, sharp again if certification passes through Equipment access registrar is carried out with the NFC information generating devices key being previously read, if equipment access registrar passes through, basis The safe class of user is distributed in advance to authorize corresponding access rights, and generation session key seed is sent to user, this Sample user can just be encrypted and decrypted using seed generation session key come the Content of Communication to mobile unit.
Wherein, NFC terminal uses the smart mobile phone with NFC function, it would however also be possible to employ notebook computer connects NFC reader To be operated.
Fig. 3 is refer to, Fig. 3 is a kind of flow chart of mobile unit access control method provided by the present invention, the method For above-mentioned mobile unit access control system, the method includes:
S11:NFC terminal reads mobile unit identification information from mobile unit, identity code is read from nfc card, and will set Standby identification information carries out the matching analysis with identity code, if the match is successful, authentication passes through, using mobile unit identification information Generation device keyses are simultaneously sent to mobile unit;
S12:Mobile unit dynamically generates device keyses, the device keyses that NFC terminal is sended over and dynamic generation Device keyses carry out the matching analysis, if the match is successful, device authentication passes through, and receiving access of the NFC terminal to mobile unit please Ask.
It can be seen that, the method also carries out device authentication by after authentication by device keyses, only in authentication Can just conduct interviews mobile unit in the case of all passing through with device authentication, be improved to car using authentication and device authentication The security that load equipment is accessed.
Based on the above method, before NFC terminal reads mobile unit identification information from mobile unit, also including following step Suddenly:
S21:NFC workbench obtains user profile and sends to back-stage management server;
S22:Back-stage management server is registered to mobile unit identification information, and is received NFC workbench and sended over User profile and user profile is registered, mobile unit identification information and user profile are mapped, generate identity Code is simultaneously sent to NFC workbench;
S23:Be written to the identity code that back-stage management server is sended in nfc card by NFC workbench.
Further, back-stage management server is registered to mobile unit identification information, is received NFC workbench and is transmitted across The user profile come and after being registered to user profile, back-stage management server is according to user profile distributing user safety etc. Level information, the vehicle equipment information that user security class information grade corresponding with user security class information is allowed to access Mapped, realized the hierarchical access control to vehicle equipment information.
Further, it is further comprising the steps of after step S12:
S31:NFC terminal to identity code parse and obtains user security class information, and user security class information is entered Row is encrypted, and the user security class information after being encrypted simultaneously is sent to mobile unit.
Further, after step S31, the user security grade after the encryption that mobile unit is sended over to NFC terminal Information is decrypted, and obtains user security class information, and session key seed is generated and to NFC using user security class information Terminal sends session key seed.
Fig. 4 is that mobile unit and user profile are registered and NFC identity code product process schematic diagrames, wherein, idiographic flow Including:The device identifying information stored in vehicle equipment information such as sequence number, model and mobile unit NFC chip will batch It is registered in back-stage management server;User profile will be registered in back-stage management server by NFC workbench;Each user Corresponding safe class will be distributed according to the required access for carrying out;The vehicle equipment information of certain user access will be allowed and be somebody's turn to do User profile is mapped;Computing is carried out using the mobile unit NFC identification informations and user profile of mutual mapping, NFC is generated Identity code;NFC identity codes are sent to NFC workbench by back-stage management server;Be written to for NFC identity codes again by NFC workbench In nfc card.
Fig. 5 be authenticating user identification and access mandate schematic flow sheet, wherein, the flow of authenticating user identification is:NFC ends The mobile unit identification information for wherein storing is read from NFC chip in end;NFC terminal reads what is wherein stored from nfc card again Identity code;NFC terminal will carry out matching operation using both information, if the match is successful, authentication passes through;If With unsuccessful, then authentication does not pass through, and terminates mobile unit and accesses.
Wherein, access rights flow is:If authentication if using the mobile unit identification information that has read and The customizing messages that other are appointed with mobile unit in advance using and mobile unit as algorithm generation device keyses, Ran Houcong User security class information is decrypted in the identity code of nfc card, then rear and device keyses one are encrypted with device identifying information And it is sent to mobile unit;Mobile unit is also using its device identifying information and other are specific with what NFC terminal was appointed in advance Information is matched using the algorithm generation device keyses as NFC terminal with the device keyses that NFC terminal is sended over Computing, if the match is successful, device authentication passes through;If matching is unsuccessful, device authentication does not pass through, and terminates mobile unit Access.
In addition, if mobile unit certification passes through, then using device identifying information first to the level decryptions such as user security, then root According to user security class information, and combine some uniqueness and ageing information, generation with different level of securitys for car Load equipment and NFC terminal session key generation seed and be sent to NFC terminal;Mobile unit and NFC terminal can all be utilized should Seed is using the same algorithm generation session key;Communication between mobile unit and NFC terminal all will be close using the session Key is encrypted and decrypted.
In the present invention, access control can be divided into two major parts, authenticating user identification and equipment access mandate.User's body Part certification is, with NFC terminal as core, mobile unit NFC chip information and user's nfc card information to be read respectively, is then used The NFC identity codes stored in family authentication, wherein nfc card are the mobile units that registration in advance is used by back-stage management server Identification information and user profile are generated.And equipment access mandate is then that, with mobile unit as core, NFC terminal is using previously reading The NFC information next life forming apparatus keys for taking carry out equipment access registrar, and the safe class possessed according to user authorizes phase The access rights answered.The present invention combines NFC terminal, back-stage management server, NFC chip and nfc card and accesses use to mobile unit Family carries out authentication method, wherein, mobile unit identification information and user profile map bindings simultaneously generate NFC identity codes, with reference to NFC terminal and NFC chip realization authorize corresponding access rights according to user security grade to mobile unit access registrar.This Invention can take precautions against the access to mobile unit unauthorized, and the mobile unit that user is able to access that is specified, and realize to car Carry the graded access of facility information.
A kind of mobile unit access control method provided by the present invention and system are described in detail above.Herein In apply specific case principle of the invention and implementation method be set forth, the explanation of above example is only intended to side Assistant solves the method for the present invention and its core concept.It should be pointed out that for those skilled in the art, not On the premise of departing from the principle of the invention, some improvement and modification can also be carried out to the present invention, these are improved and modification also falls into In the protection domain of the claims in the present invention.

Claims (10)

1. a kind of mobile unit access control system, it is characterised in that including:
NFC terminal, for reading mobile unit identification information from mobile unit, reads identity code, and equipment is known from nfc card Other information carries out the matching analysis with identity code, if the match is successful, authentication passes through, and is generated using mobile unit identification information Device keyses are simultaneously sent to mobile unit;
The nfc card, for storing identity code;
The mobile unit, for dynamic generation device keyses, the device keyses that NFC terminal is sended over are generated with dynamic Device keyses carry out the matching analysis, if the match is successful, device authentication passes through, and receiving access of the NFC terminal to mobile unit please Ask;The mobile unit also includes NFC chip, for storing the mobile unit identification information.
2. the system as described in right wants 1, it is characterised in that also include:
Back-stage management server, for being registered to mobile unit identification information, receives the user that NFC workbench is sended over Information is simultaneously registered to user profile, and mobile unit identification information and user profile are mapped, and generation identity code is concurrent Deliver to NFC workbench;
The NFC workbench, for obtaining user profile and sending to back-stage management server;Back-stage management server is sent The identity code for coming over is written in nfc card.
3. system as claimed in claim 2, it is characterised in that the back-stage management server is additionally operable to according to user profile point With user's safety level information, user security class information grade corresponding with the user security class information is permitted Perhaps the vehicle equipment information for accessing is mapped, and realizes the hierarchical access control to vehicle equipment information.
4. system as claimed in claim 3, it is characterised in that the NFC terminal is additionally operable to parse identity code User security class information, is encrypted to user security class information, and the user security class information after being encrypted is concurrent Deliver to mobile unit.
5. system as claimed in claim 4, it is characterised in that the mobile unit is additionally operable to what is sended over to NFC terminal User security class information after encryption is decrypted, and obtains user security class information, is given birth to using user security class information Session key seed is sent into session key seed and to NFC terminal.
6. a kind of mobile unit access control method, it is characterised in that for as described in any one in claim 1 to 5 System, including:
NFC terminal reads mobile unit identification information from mobile unit, identity code is read from nfc card, and equipment is recognized into letter Breath carries out the matching analysis with identity code, if the match is successful, authentication passes through, and equipment is generated using mobile unit identification information Key is simultaneously sent to mobile unit;
Mobile unit dynamically generates device keyses, the device keyses that the device keyses that NFC terminal is sended over are generated with dynamic The matching analysis are carried out, if the match is successful, device authentication passes through, receive access request of the NFC terminal to mobile unit.
7. the method as described in right wants 6, it is characterised in that NFC terminal from mobile unit read mobile unit identification information it Before, also include:
NFC workbench obtains user profile and sends to back-stage management server;
Back-stage management server is registered to mobile unit identification information, and receives user's letter that NFC workbench is sended over Cease and user profile is registered, mobile unit identification information and user profile are mapped, generate identity code and send To NFC workbench;
Be written to the identity code that back-stage management server is sended in nfc card by NFC workbench.
8. method as claimed in claim 7, it is characterised in that the back-stage management server is entered to mobile unit identification information Row registration, after receiving the user profile that sends over of NFC workbench and user profile being registered, also includes:
Back-stage management server foundation user profile distributing user safety level information, by the user security class information and institute Stating the corresponding grade of user security class information allows the vehicle equipment information for accessing to be mapped, and realizes believing mobile unit The hierarchical access control of breath.
9. method as claimed in claim 8, it is characterised in that the match is successful if described, and device authentication passes through, receives NFC After the access request of terminal-pair mobile unit, also include:
NFC terminal to identity code parse and obtains user security class information, and user security class information is encrypted, and is obtained User security class information after to encryption is simultaneously sent to mobile unit.
10. method as claimed in claim 9, it is characterised in that the NFC terminal to identity code parse and obtains user's peace Full class information, is encrypted to user security class information, and the user security class information after being encrypted simultaneously is sent to car After load equipment, also include:
User security class information after the encryption that mobile unit is sended over to NFC terminal is decrypted, and obtains user security Class information, generates session key seed and sends session key seed to NFC terminal using user security class information.
CN201710078133.4A 2017-02-14 2017-02-14 Access control method and system for vehicle-mounted equipment Active CN106850638B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710078133.4A CN106850638B (en) 2017-02-14 2017-02-14 Access control method and system for vehicle-mounted equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710078133.4A CN106850638B (en) 2017-02-14 2017-02-14 Access control method and system for vehicle-mounted equipment

Publications (2)

Publication Number Publication Date
CN106850638A true CN106850638A (en) 2017-06-13
CN106850638B CN106850638B (en) 2020-03-24

Family

ID=59127599

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710078133.4A Active CN106850638B (en) 2017-02-14 2017-02-14 Access control method and system for vehicle-mounted equipment

Country Status (1)

Country Link
CN (1) CN106850638B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107426219A (en) * 2017-07-28 2017-12-01 湖南中车时代通信信号有限公司 The wireless system that changes the outfit of LKJ data
CN109756446A (en) * 2017-11-01 2019-05-14 中车株洲电力机车研究所有限公司 A kind of access method and system of mobile unit
CN110392036A (en) * 2018-04-18 2019-10-29 丰田自动车株式会社 Service provider system, car-mounted device and command transmission method towards vehicle
CN111770469A (en) * 2019-04-02 2020-10-13 北京车和家信息技术有限公司 Vehicle control method, device, vehicle and computer readable storage medium
CN112104603A (en) * 2020-08-06 2020-12-18 华人运通(江苏)技术有限公司 Access right control method, device and system of vehicle interface
CN113467410A (en) * 2020-03-31 2021-10-01 北京新能源汽车股份有限公司 Vehicle electronic control unit data acquisition method, transmission method and acquisition device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070296563A1 (en) * 2006-06-21 2007-12-27 Denso Corporation On-vehicle apparatus theft deterrence system
CN102571345A (en) * 2010-10-19 2012-07-11 丰田自动车株式会社 In-vehicle device, vehicle authentication system and data communication method
CN102819721A (en) * 2012-08-15 2012-12-12 腾讯科技(深圳)有限公司 NFC (near field communication)-based information interaction method and device
CN103342120A (en) * 2013-07-10 2013-10-09 奇瑞汽车股份有限公司 Intelligent key system and automobile control method
CN104424779A (en) * 2013-08-30 2015-03-18 比亚迪股份有限公司 System and method for controlling vehicle by virtue of mobile terminal
CN106341147A (en) * 2016-08-31 2017-01-18 上海斐讯数据通信技术有限公司 Intelligent vehicle-mounted system based on mobile terminal

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070296563A1 (en) * 2006-06-21 2007-12-27 Denso Corporation On-vehicle apparatus theft deterrence system
CN102571345A (en) * 2010-10-19 2012-07-11 丰田自动车株式会社 In-vehicle device, vehicle authentication system and data communication method
CN102819721A (en) * 2012-08-15 2012-12-12 腾讯科技(深圳)有限公司 NFC (near field communication)-based information interaction method and device
CN103342120A (en) * 2013-07-10 2013-10-09 奇瑞汽车股份有限公司 Intelligent key system and automobile control method
CN104424779A (en) * 2013-08-30 2015-03-18 比亚迪股份有限公司 System and method for controlling vehicle by virtue of mobile terminal
CN106341147A (en) * 2016-08-31 2017-01-18 上海斐讯数据通信技术有限公司 Intelligent vehicle-mounted system based on mobile terminal

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107426219A (en) * 2017-07-28 2017-12-01 湖南中车时代通信信号有限公司 The wireless system that changes the outfit of LKJ data
CN107426219B (en) * 2017-07-28 2020-07-31 湖南中车时代通信信号有限公司 L KJ data wireless reloading system
CN109756446A (en) * 2017-11-01 2019-05-14 中车株洲电力机车研究所有限公司 A kind of access method and system of mobile unit
CN109756446B (en) * 2017-11-01 2021-07-30 中车株洲电力机车研究所有限公司 Access method and system for vehicle-mounted equipment
CN110392036A (en) * 2018-04-18 2019-10-29 丰田自动车株式会社 Service provider system, car-mounted device and command transmission method towards vehicle
CN111770469A (en) * 2019-04-02 2020-10-13 北京车和家信息技术有限公司 Vehicle control method, device, vehicle and computer readable storage medium
CN113467410A (en) * 2020-03-31 2021-10-01 北京新能源汽车股份有限公司 Vehicle electronic control unit data acquisition method, transmission method and acquisition device
CN112104603A (en) * 2020-08-06 2020-12-18 华人运通(江苏)技术有限公司 Access right control method, device and system of vehicle interface
CN112104603B (en) * 2020-08-06 2023-11-14 华人运通(江苏)技术有限公司 Access authority control method, device and system of vehicle interface

Also Published As

Publication number Publication date
CN106850638B (en) 2020-03-24

Similar Documents

Publication Publication Date Title
US11664997B2 (en) Authentication in ubiquitous environment
CN106850638A (en) A kind of mobile unit access control method and system
US10829088B2 (en) Identity management for implementing vehicle access and operation management
JP5601729B2 (en) How to log into a mobile radio network
CN101336436B (en) Security token and method for authentication of a user with the security token
CN104885091B (en) RFID label tag and the method for running RFID label tag
CN103413159B (en) A kind of RFID electronic certificate off-line false proof realization method and system of Jianzhen based on CPK
US20190205547A1 (en) Providing and checking the validity of a virtual document
CN100533459C (en) Data safety reading method and safety storage apparatus thereof
CN109688133B (en) Communication method based on account login free
CN101262349A (en) SMS-based identity authentication method and device
CN112165382B (en) Software authorization method and device, authorization server side and terminal equipment
CN107277079A (en) A kind of across cloud customer certification system towards mixed cloud
CN103077461B (en) System and method for applying for financial document using mobile communication device
CN106789024A (en) A kind of remote de-locking method, device and system
KR20070084801A (en) Creating and authenticating one time password using smartcard and the smartcard therefor
CN113132404B (en) Identity authentication method, terminal and storage medium
WO2021198017A1 (en) Personalised, server-specific authentication mechanism
CN106656955A (en) Communication method and system and user terminal
CN107548059A (en) A kind of authentication method and system
CN103020505A (en) Information management system and information management method based on fingerprint identification
JP2006155547A (en) Individual authentication system, terminal device and server
EP2530631A1 (en) A method for accessing at least one service, corresponding communicating device and system
CN108400989A (en) A kind of safety certificate equipment of shared resource authentication, method and system
CN106230821A (en) The recognition methods of a kind of smart card and equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant