CN106850638A - A kind of mobile unit access control method and system - Google Patents
A kind of mobile unit access control method and system Download PDFInfo
- Publication number
- CN106850638A CN106850638A CN201710078133.4A CN201710078133A CN106850638A CN 106850638 A CN106850638 A CN 106850638A CN 201710078133 A CN201710078133 A CN 201710078133A CN 106850638 A CN106850638 A CN 106850638A
- Authority
- CN
- China
- Prior art keywords
- mobile unit
- nfc
- information
- user
- security class
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3273—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
Abstract
The invention discloses a kind of mobile unit access control method and system, the system includes:NFC terminal, for reading mobile unit identification information from mobile unit, reads identity code from nfc card, and device identifying information and identity code are carried out into the matching analysis, if the match is successful, authentication passes through, and generates device keyses using mobile unit identification information and sends to mobile unit;The nfc card, for storing identity code;The mobile unit, for dynamic generation device keyses, the device keyses that NFC terminal is sended over carry out the matching analysis with the device keyses of dynamic generation, if the match is successful, device authentication passes through, and receive access request of the NFC terminal to mobile unit;The mobile unit also includes NFC chip, for storing the mobile unit identification information.The system is realized improving the security for accessing mobile unit.
Description
Technical field
The present invention relates to mobile unit technical field, more particularly to a kind of mobile unit access control method and system.
Background technology
Train is made up of numerous mobile units, data access is carried out to it, running status is checked, is sent maintenance instruction, right
Very important meaning is suffered from the safe operation of the normal operation of the equipment of holding, or even whole train system.User is to car
The access of load equipment is extremely sensitive behavior, it is understood that there may be many security risks, so in the urgent need to introducing a kind of peace
Full access control method takes precautions against malicious access and attack of the disabled user to mobile unit.
At present, or train-installed equipment controls user to conduct interviews it completely without any safety prevention measure,
Simple access control is carried out by the very weak identification authentication mode based on user password, such equipment very may be used
Some unauthorized access can be subject to, the leakage of mobile unit data be caused, is distorted and destroy, consequently, it is possible to causing mobile unit core
Heart technology is stolen by others, in some instances it may even be possible to cause the damage of mobile unit, influences train system safety.
The content of the invention
It is an object of the invention to provide a kind of mobile unit access control method and system, to realize improving to mobile unit
The security of access.
In order to solve the above technical problems, the present invention provides a kind of mobile unit access control system, the system includes:
NFC terminal, for reading mobile unit identification information from mobile unit, reads identity code, and will set from nfc card
Standby identification information carries out the matching analysis with identity code, if the match is successful, authentication passes through, using mobile unit identification information
Generation device keyses are simultaneously sent to mobile unit;
The nfc card, for storing identity code;
The mobile unit, for dynamic generation device keyses, the device keyses that NFC terminal is sended over are raw with dynamic
Into device keyses carry out the matching analysis, if the match is successful, device authentication passes through, and receives visit of the NFC terminal to mobile unit
Ask request;The mobile unit also includes NFC chip, for storing the mobile unit identification information.
Preferably, the system also includes:
Back-stage management server, for being registered to mobile unit identification information, receives what NFC workbench was sended over
User profile is simultaneously registered to user profile, and mobile unit identification information and user profile are mapped, and generates identity code
And send to NFC workbench;
The NFC workbench, for obtaining user profile and sending to back-stage management server;By back-stage management server
The identity code for sending over is written in nfc card.
Preferably, the back-stage management server is additionally operable to according to user profile distributing user safety level information, by institute
Stating user security class information grade corresponding with the user security class information allows the vehicle equipment information for accessing to enter
Row mapping, realizes the hierarchical access control to vehicle equipment information.
Preferably, the NFC terminal is additionally operable to that identity code parse to obtain user security class information, and user is pacified
Full class information is encrypted, and the user security class information after being encrypted simultaneously is sent to mobile unit.
Preferably, the mobile unit is additionally operable to the user security class information after the encryption sended over to NFC terminal
It is decrypted, obtains user security class information, session key seed is generated and to NFC terminal using user security class information
Send session key seed.
The present invention also provides a kind of mobile unit access control method, for the mobile unit access control system, should
Method includes:
NFC terminal reads mobile unit identification information from mobile unit, identity code is read from nfc card, and equipment is known
Other information carries out the matching analysis with identity code, if the match is successful, authentication passes through, and is generated using mobile unit identification information
Device keyses are simultaneously sent to mobile unit;
Mobile unit dynamically generates device keyses, the equipment that the device keyses that NFC terminal is sended over are generated with dynamic
Key carries out the matching analysis, if the match is successful, device authentication passes through, and receives access request of the NFC terminal to mobile unit.
Preferably, before NFC terminal reads mobile unit identification information from mobile unit, also include:
NFC workbench obtains user profile and sends to back-stage management server;
Back-stage management server is registered to mobile unit identification information, and receives the use that NFC workbench is sended over
Family information is simultaneously registered to user profile, and mobile unit identification information and user profile are mapped, and generation identity code is simultaneously
Send to NFC workbench;
Be written to the identity code that back-stage management server is sended in nfc card by NFC workbench.
Preferably, the back-stage management server is registered to mobile unit identification information, is received NFC workbench and is sent
The user profile that comes over and after being registered to user profile, also includes:
Back-stage management server foundation user profile distributing user safety level information, by the user security class information
Grade corresponding with the user security class information allows the vehicle equipment information for accessing to be mapped, and realization sets to vehicle-mounted
The hierarchical access control of standby information.
Preferably, if it is described the match is successful, device authentication passes through, and receives NFC terminal to the access request of mobile unit
Afterwards, also include:
NFC terminal to identity code parse and obtains user security class information, and user security class information is added
Close, user security class information after being encrypted simultaneously is sent to mobile unit.
Preferably, the NFC terminal to identity code parse and obtains user security class information, to user security grade
Information is encrypted, and the user security class information after being encrypted simultaneously is sent to mobile unit, is also included:
User security class information after the encryption that mobile unit is sended over to NFC terminal is decrypted, and obtains user
Safety level information, generates session key seed and sends session key seed to NFC terminal using user security class information.
A kind of mobile unit access control method provided by the present invention and system, NFC terminal, for reading from mobile unit
Pick up the car and carry device identifying information, identity code is read from nfc card, and device identifying information and identity code are carried out into the matching analysis,
If the match is successful, authentication passes through, and generates device keyses using mobile unit identification information and sends to mobile unit;Institute
Nfc card is stated, for storing identity code;The mobile unit, for dynamic generation device keyses, NFC terminal is sended over
Device keyses carry out the matching analysis with the device keyses of dynamic generation, if the match is successful, device authentication passes through, and receive NFC ends
Hold the access request to mobile unit;The mobile unit also includes NFC chip, for storing the mobile unit identification letter
Breath.It can be seen that, device authentication also is carried out by device keyses by after authentication, only in authentication and device authentication all
Can just conduct interviews mobile unit in the case of, improve what mobile unit was accessed using authentication and device authentication
Security.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
The accompanying drawing to be used needed for having technology description is briefly described, it should be apparent that, drawings in the following description are only this
Inventive embodiment, for those of ordinary skill in the art, on the premise of not paying creative work, can also basis
The accompanying drawing of offer obtains other accompanying drawings.
Fig. 1 is a kind of structural representation figure of mobile unit access control system provided by the present invention;
Fig. 2 is the concrete structure schematic diagram that car-mounted terminal accesses system;
Fig. 3 is a kind of flow chart of mobile unit access control method provided by the present invention;
Fig. 4 is mobile unit and user profile registration and NFC identity code product process schematic diagrames;
Fig. 5 is authenticating user identification and access mandate schematic flow sheet.
Specific embodiment
Core of the invention is to provide a kind of mobile unit access control method and system, to realize improving to mobile unit
The security of access.
In order that those skilled in the art more fully understand the present invention program, below in conjunction with the embodiment of the present invention
Accompanying drawing, is clearly and completely described to the technical scheme in the embodiment of the present invention, it is clear that described embodiment is only
A part of embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art
The every other embodiment obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
Relevant technical terms are explained as follows:
NFC (near field communication), a kind of the short distance wireless communication technology.
Fig. 1 is refer to, Fig. 1 is a kind of structural representation of mobile unit access control system provided by the present invention, should
System includes:
NFC terminal 101, for reading mobile unit identification information from mobile unit, reads identity code from nfc card, and
Device identifying information and identity code are carried out into the matching analysis, if the match is successful, authentication passes through, recognized using mobile unit
Information generating device key is simultaneously sent to mobile unit;
Nfc card 102, for storing identity code;
Mobile unit 103, for dynamic generation device keyses, the device keyses that NFC terminal is sended over are raw with dynamic
Into device keyses carry out the matching analysis, if the match is successful, device authentication passes through, and receives visit of the NFC terminal to mobile unit
Ask request;
Wherein, mobile unit 103 also includes NFC chip, for storing mobile unit identification information.
It can be seen that, the system also carries out device authentication by after authentication by device keyses, only in authentication
Can just conduct interviews mobile unit in the case of all passing through with device authentication, be improved to car using authentication and device authentication
The security that load equipment is accessed.
Based on said system, specifically, the system also includes:
Back-stage management server, for being registered to mobile unit identification information, receives what NFC workbench was sended over
User profile is simultaneously registered to user profile, and mobile unit identification information and user profile are mapped, and generates identity code
And send to NFC workbench;
NFC workbench, for obtaining user profile and sending to back-stage management server;Back-stage management server is sent
The identity code for coming over is written in nfc card.Fig. 2 is the concrete structure schematic diagram that car-mounted terminal accesses system.
Further, back-stage management server is additionally operable to according to user profile distributing user safety level information, by user
Safety level information grade corresponding with user security class information allows the vehicle equipment information for accessing to be mapped, and realizes
To the hierarchical access control of vehicle equipment information.
Wherein, vehicle equipment information includes mobile unit sequence number, model and other kinds vehicle equipment information.Enter one
Step, NFC terminal is additionally operable to that identity code parse to obtain user security class information, and user security class information is carried out
Encrypt, the user security class information after being encrypted simultaneously is sent to mobile unit.
Further, mobile unit is additionally operable to the user security class information after the encryption sended over to NFC terminal and enters
Row decryption, obtains user security class information, generates session key seed using user security class information and is sent out to NFC terminal
Send session key seed.
Wherein, identity code is specially NFC identity codes.
Wherein, after mobile unit sends key to NFC terminal, car-mounted terminal and NFC terminal utilize session key seed
Generation identical session key, then, car-mounted terminal and NFC terminal Content of Communication is encrypted each with session key and
Decryption.
Specifically, the system its composition include mobile unit, back-stage management server, NFC workbench, NFC terminal,
The parts such as NFC chip, nfc card, by mobile unit identification information and user profile registration, mobile unit identification information and user
Information management, the generation of NFC identity codes, the write-in of NFC identity codes, the reading of NFC information, NFC authentification of messages, setting based on NFC information
The combination of the function such as standby key and session key generation and matching, certification attempts to access that the user identity of mobile unit, realizes using
The binding of family information and the vehicle equipment information for allowing it to access, and corresponding visit is authorized to user according to the safe class of user
Ask authority.The security accessed mobile unit can be greatly improved using the system.
Detailed, NFC terminal is the workbench that user directly operates, and possesses NFC abilitys to communicate and wirelessly or non-wirelessly connects
Enter ability, In-vehicle networking can be accessed or by wired connection mobile unit by in-vehicle wireless device, set up and access vehicle-mounted setting
Standby passage, and read NFC chip or nfc card information and carry out authenticating user identification.NFC terminal can also utilize what is read
The session key of NFC information generating devices key, encryption user security grade, generation and vehicle equipment communication simultaneously utilizes the key
Content of Communication is encrypted and decrypted.
Wherein, back-stage management server is that mobile unit and user provide information management service, realizes user's registration, registration
User security ranking score is matched somebody with somebody, vehicle equipment information and user profile binding, and using registration mobile unit NFC identification informations and
User profile generates NFC identity codes, is sent to NFC workbench.
Wherein, NFC workbench possesses the ability and NFC abilitys to communicate that information exchange is carried out with back-stage management server, can
To realize the registration of user profile and to writing the function such as NFC identity codes in nfc card.
Wherein, nfc card accesses NFC terminal, and NFC terminal reads information from nfc card, and nfc card is held uniquely for user
Identity documents, with NFC abilitys to communicate, can store some user profile, such as the safe class of user, and for user's body
The NFC identity codes of part certification.
Wherein, NFC chip is arranged on car-mounted terminal, and the chip with NFC abilitys to communicate simultaneously stores mobile unit identification
Information, for authenticating user identification, the access registrar of equipment and mandate.
Wherein, mobile unit constitutes whole train system, and the object that user accesses, is also the object of security protection.It is vehicle-mounted
Terminal is to realize the main part of access control, possesses device keyses generation and matching, the generation of session key seed, session key
The functions such as generation, encryption and decryption Content of Communication.
During user accesses and communicate with mobile unit, certification user identity is authorized accordingly according to user identity
Access rights, and to communicate content be encrypted, the security protection to mobile unit all plays vital effect.This
Invention is mapped vehicle equipment information and user profile using back-stage management server and is managed and generate NFC identity codes,
Reading the information in NFC chip and nfc card by NFC terminal again carries out authenticating user identification, sharp again if certification passes through
Equipment access registrar is carried out with the NFC information generating devices key being previously read, if equipment access registrar passes through, basis
The safe class of user is distributed in advance to authorize corresponding access rights, and generation session key seed is sent to user, this
Sample user can just be encrypted and decrypted using seed generation session key come the Content of Communication to mobile unit.
Wherein, NFC terminal uses the smart mobile phone with NFC function, it would however also be possible to employ notebook computer connects NFC reader
To be operated.
Fig. 3 is refer to, Fig. 3 is a kind of flow chart of mobile unit access control method provided by the present invention, the method
For above-mentioned mobile unit access control system, the method includes:
S11:NFC terminal reads mobile unit identification information from mobile unit, identity code is read from nfc card, and will set
Standby identification information carries out the matching analysis with identity code, if the match is successful, authentication passes through, using mobile unit identification information
Generation device keyses are simultaneously sent to mobile unit;
S12:Mobile unit dynamically generates device keyses, the device keyses that NFC terminal is sended over and dynamic generation
Device keyses carry out the matching analysis, if the match is successful, device authentication passes through, and receiving access of the NFC terminal to mobile unit please
Ask.
It can be seen that, the method also carries out device authentication by after authentication by device keyses, only in authentication
Can just conduct interviews mobile unit in the case of all passing through with device authentication, be improved to car using authentication and device authentication
The security that load equipment is accessed.
Based on the above method, before NFC terminal reads mobile unit identification information from mobile unit, also including following step
Suddenly:
S21:NFC workbench obtains user profile and sends to back-stage management server;
S22:Back-stage management server is registered to mobile unit identification information, and is received NFC workbench and sended over
User profile and user profile is registered, mobile unit identification information and user profile are mapped, generate identity
Code is simultaneously sent to NFC workbench;
S23:Be written to the identity code that back-stage management server is sended in nfc card by NFC workbench.
Further, back-stage management server is registered to mobile unit identification information, is received NFC workbench and is transmitted across
The user profile come and after being registered to user profile, back-stage management server is according to user profile distributing user safety etc.
Level information, the vehicle equipment information that user security class information grade corresponding with user security class information is allowed to access
Mapped, realized the hierarchical access control to vehicle equipment information.
Further, it is further comprising the steps of after step S12:
S31:NFC terminal to identity code parse and obtains user security class information, and user security class information is entered
Row is encrypted, and the user security class information after being encrypted simultaneously is sent to mobile unit.
Further, after step S31, the user security grade after the encryption that mobile unit is sended over to NFC terminal
Information is decrypted, and obtains user security class information, and session key seed is generated and to NFC using user security class information
Terminal sends session key seed.
Fig. 4 is that mobile unit and user profile are registered and NFC identity code product process schematic diagrames, wherein, idiographic flow
Including:The device identifying information stored in vehicle equipment information such as sequence number, model and mobile unit NFC chip will batch
It is registered in back-stage management server;User profile will be registered in back-stage management server by NFC workbench;Each user
Corresponding safe class will be distributed according to the required access for carrying out;The vehicle equipment information of certain user access will be allowed and be somebody's turn to do
User profile is mapped;Computing is carried out using the mobile unit NFC identification informations and user profile of mutual mapping, NFC is generated
Identity code;NFC identity codes are sent to NFC workbench by back-stage management server;Be written to for NFC identity codes again by NFC workbench
In nfc card.
Fig. 5 be authenticating user identification and access mandate schematic flow sheet, wherein, the flow of authenticating user identification is:NFC ends
The mobile unit identification information for wherein storing is read from NFC chip in end;NFC terminal reads what is wherein stored from nfc card again
Identity code;NFC terminal will carry out matching operation using both information, if the match is successful, authentication passes through;If
With unsuccessful, then authentication does not pass through, and terminates mobile unit and accesses.
Wherein, access rights flow is:If authentication if using the mobile unit identification information that has read and
The customizing messages that other are appointed with mobile unit in advance using and mobile unit as algorithm generation device keyses, Ran Houcong
User security class information is decrypted in the identity code of nfc card, then rear and device keyses one are encrypted with device identifying information
And it is sent to mobile unit;Mobile unit is also using its device identifying information and other are specific with what NFC terminal was appointed in advance
Information is matched using the algorithm generation device keyses as NFC terminal with the device keyses that NFC terminal is sended over
Computing, if the match is successful, device authentication passes through;If matching is unsuccessful, device authentication does not pass through, and terminates mobile unit
Access.
In addition, if mobile unit certification passes through, then using device identifying information first to the level decryptions such as user security, then root
According to user security class information, and combine some uniqueness and ageing information, generation with different level of securitys for car
Load equipment and NFC terminal session key generation seed and be sent to NFC terminal;Mobile unit and NFC terminal can all be utilized should
Seed is using the same algorithm generation session key;Communication between mobile unit and NFC terminal all will be close using the session
Key is encrypted and decrypted.
In the present invention, access control can be divided into two major parts, authenticating user identification and equipment access mandate.User's body
Part certification is, with NFC terminal as core, mobile unit NFC chip information and user's nfc card information to be read respectively, is then used
The NFC identity codes stored in family authentication, wherein nfc card are the mobile units that registration in advance is used by back-stage management server
Identification information and user profile are generated.And equipment access mandate is then that, with mobile unit as core, NFC terminal is using previously reading
The NFC information next life forming apparatus keys for taking carry out equipment access registrar, and the safe class possessed according to user authorizes phase
The access rights answered.The present invention combines NFC terminal, back-stage management server, NFC chip and nfc card and accesses use to mobile unit
Family carries out authentication method, wherein, mobile unit identification information and user profile map bindings simultaneously generate NFC identity codes, with reference to
NFC terminal and NFC chip realization authorize corresponding access rights according to user security grade to mobile unit access registrar.This
Invention can take precautions against the access to mobile unit unauthorized, and the mobile unit that user is able to access that is specified, and realize to car
Carry the graded access of facility information.
A kind of mobile unit access control method provided by the present invention and system are described in detail above.Herein
In apply specific case principle of the invention and implementation method be set forth, the explanation of above example is only intended to side
Assistant solves the method for the present invention and its core concept.It should be pointed out that for those skilled in the art, not
On the premise of departing from the principle of the invention, some improvement and modification can also be carried out to the present invention, these are improved and modification also falls into
In the protection domain of the claims in the present invention.
Claims (10)
1. a kind of mobile unit access control system, it is characterised in that including:
NFC terminal, for reading mobile unit identification information from mobile unit, reads identity code, and equipment is known from nfc card
Other information carries out the matching analysis with identity code, if the match is successful, authentication passes through, and is generated using mobile unit identification information
Device keyses are simultaneously sent to mobile unit;
The nfc card, for storing identity code;
The mobile unit, for dynamic generation device keyses, the device keyses that NFC terminal is sended over are generated with dynamic
Device keyses carry out the matching analysis, if the match is successful, device authentication passes through, and receiving access of the NFC terminal to mobile unit please
Ask;The mobile unit also includes NFC chip, for storing the mobile unit identification information.
2. the system as described in right wants 1, it is characterised in that also include:
Back-stage management server, for being registered to mobile unit identification information, receives the user that NFC workbench is sended over
Information is simultaneously registered to user profile, and mobile unit identification information and user profile are mapped, and generation identity code is concurrent
Deliver to NFC workbench;
The NFC workbench, for obtaining user profile and sending to back-stage management server;Back-stage management server is sent
The identity code for coming over is written in nfc card.
3. system as claimed in claim 2, it is characterised in that the back-stage management server is additionally operable to according to user profile point
With user's safety level information, user security class information grade corresponding with the user security class information is permitted
Perhaps the vehicle equipment information for accessing is mapped, and realizes the hierarchical access control to vehicle equipment information.
4. system as claimed in claim 3, it is characterised in that the NFC terminal is additionally operable to parse identity code
User security class information, is encrypted to user security class information, and the user security class information after being encrypted is concurrent
Deliver to mobile unit.
5. system as claimed in claim 4, it is characterised in that the mobile unit is additionally operable to what is sended over to NFC terminal
User security class information after encryption is decrypted, and obtains user security class information, is given birth to using user security class information
Session key seed is sent into session key seed and to NFC terminal.
6. a kind of mobile unit access control method, it is characterised in that for as described in any one in claim 1 to 5
System, including:
NFC terminal reads mobile unit identification information from mobile unit, identity code is read from nfc card, and equipment is recognized into letter
Breath carries out the matching analysis with identity code, if the match is successful, authentication passes through, and equipment is generated using mobile unit identification information
Key is simultaneously sent to mobile unit;
Mobile unit dynamically generates device keyses, the device keyses that the device keyses that NFC terminal is sended over are generated with dynamic
The matching analysis are carried out, if the match is successful, device authentication passes through, receive access request of the NFC terminal to mobile unit.
7. the method as described in right wants 6, it is characterised in that NFC terminal from mobile unit read mobile unit identification information it
Before, also include:
NFC workbench obtains user profile and sends to back-stage management server;
Back-stage management server is registered to mobile unit identification information, and receives user's letter that NFC workbench is sended over
Cease and user profile is registered, mobile unit identification information and user profile are mapped, generate identity code and send
To NFC workbench;
Be written to the identity code that back-stage management server is sended in nfc card by NFC workbench.
8. method as claimed in claim 7, it is characterised in that the back-stage management server is entered to mobile unit identification information
Row registration, after receiving the user profile that sends over of NFC workbench and user profile being registered, also includes:
Back-stage management server foundation user profile distributing user safety level information, by the user security class information and institute
Stating the corresponding grade of user security class information allows the vehicle equipment information for accessing to be mapped, and realizes believing mobile unit
The hierarchical access control of breath.
9. method as claimed in claim 8, it is characterised in that the match is successful if described, and device authentication passes through, receives NFC
After the access request of terminal-pair mobile unit, also include:
NFC terminal to identity code parse and obtains user security class information, and user security class information is encrypted, and is obtained
User security class information after to encryption is simultaneously sent to mobile unit.
10. method as claimed in claim 9, it is characterised in that the NFC terminal to identity code parse and obtains user's peace
Full class information, is encrypted to user security class information, and the user security class information after being encrypted simultaneously is sent to car
After load equipment, also include:
User security class information after the encryption that mobile unit is sended over to NFC terminal is decrypted, and obtains user security
Class information, generates session key seed and sends session key seed to NFC terminal using user security class information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710078133.4A CN106850638B (en) | 2017-02-14 | 2017-02-14 | Access control method and system for vehicle-mounted equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710078133.4A CN106850638B (en) | 2017-02-14 | 2017-02-14 | Access control method and system for vehicle-mounted equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106850638A true CN106850638A (en) | 2017-06-13 |
CN106850638B CN106850638B (en) | 2020-03-24 |
Family
ID=59127599
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710078133.4A Active CN106850638B (en) | 2017-02-14 | 2017-02-14 | Access control method and system for vehicle-mounted equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106850638B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107426219A (en) * | 2017-07-28 | 2017-12-01 | 湖南中车时代通信信号有限公司 | The wireless system that changes the outfit of LKJ data |
CN109756446A (en) * | 2017-11-01 | 2019-05-14 | 中车株洲电力机车研究所有限公司 | A kind of access method and system of mobile unit |
CN110392036A (en) * | 2018-04-18 | 2019-10-29 | 丰田自动车株式会社 | Service provider system, car-mounted device and command transmission method towards vehicle |
CN111770469A (en) * | 2019-04-02 | 2020-10-13 | 北京车和家信息技术有限公司 | Vehicle control method, device, vehicle and computer readable storage medium |
CN112104603A (en) * | 2020-08-06 | 2020-12-18 | 华人运通(江苏)技术有限公司 | Access right control method, device and system of vehicle interface |
CN113467410A (en) * | 2020-03-31 | 2021-10-01 | 北京新能源汽车股份有限公司 | Vehicle electronic control unit data acquisition method, transmission method and acquisition device |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070296563A1 (en) * | 2006-06-21 | 2007-12-27 | Denso Corporation | On-vehicle apparatus theft deterrence system |
CN102571345A (en) * | 2010-10-19 | 2012-07-11 | 丰田自动车株式会社 | In-vehicle device, vehicle authentication system and data communication method |
CN102819721A (en) * | 2012-08-15 | 2012-12-12 | 腾讯科技(深圳)有限公司 | NFC (near field communication)-based information interaction method and device |
CN103342120A (en) * | 2013-07-10 | 2013-10-09 | 奇瑞汽车股份有限公司 | Intelligent key system and automobile control method |
CN104424779A (en) * | 2013-08-30 | 2015-03-18 | 比亚迪股份有限公司 | System and method for controlling vehicle by virtue of mobile terminal |
CN106341147A (en) * | 2016-08-31 | 2017-01-18 | 上海斐讯数据通信技术有限公司 | Intelligent vehicle-mounted system based on mobile terminal |
-
2017
- 2017-02-14 CN CN201710078133.4A patent/CN106850638B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070296563A1 (en) * | 2006-06-21 | 2007-12-27 | Denso Corporation | On-vehicle apparatus theft deterrence system |
CN102571345A (en) * | 2010-10-19 | 2012-07-11 | 丰田自动车株式会社 | In-vehicle device, vehicle authentication system and data communication method |
CN102819721A (en) * | 2012-08-15 | 2012-12-12 | 腾讯科技(深圳)有限公司 | NFC (near field communication)-based information interaction method and device |
CN103342120A (en) * | 2013-07-10 | 2013-10-09 | 奇瑞汽车股份有限公司 | Intelligent key system and automobile control method |
CN104424779A (en) * | 2013-08-30 | 2015-03-18 | 比亚迪股份有限公司 | System and method for controlling vehicle by virtue of mobile terminal |
CN106341147A (en) * | 2016-08-31 | 2017-01-18 | 上海斐讯数据通信技术有限公司 | Intelligent vehicle-mounted system based on mobile terminal |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107426219A (en) * | 2017-07-28 | 2017-12-01 | 湖南中车时代通信信号有限公司 | The wireless system that changes the outfit of LKJ data |
CN107426219B (en) * | 2017-07-28 | 2020-07-31 | 湖南中车时代通信信号有限公司 | L KJ data wireless reloading system |
CN109756446A (en) * | 2017-11-01 | 2019-05-14 | 中车株洲电力机车研究所有限公司 | A kind of access method and system of mobile unit |
CN109756446B (en) * | 2017-11-01 | 2021-07-30 | 中车株洲电力机车研究所有限公司 | Access method and system for vehicle-mounted equipment |
CN110392036A (en) * | 2018-04-18 | 2019-10-29 | 丰田自动车株式会社 | Service provider system, car-mounted device and command transmission method towards vehicle |
CN111770469A (en) * | 2019-04-02 | 2020-10-13 | 北京车和家信息技术有限公司 | Vehicle control method, device, vehicle and computer readable storage medium |
CN113467410A (en) * | 2020-03-31 | 2021-10-01 | 北京新能源汽车股份有限公司 | Vehicle electronic control unit data acquisition method, transmission method and acquisition device |
CN112104603A (en) * | 2020-08-06 | 2020-12-18 | 华人运通(江苏)技术有限公司 | Access right control method, device and system of vehicle interface |
CN112104603B (en) * | 2020-08-06 | 2023-11-14 | 华人运通(江苏)技术有限公司 | Access authority control method, device and system of vehicle interface |
Also Published As
Publication number | Publication date |
---|---|
CN106850638B (en) | 2020-03-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11664997B2 (en) | Authentication in ubiquitous environment | |
CN106850638A (en) | A kind of mobile unit access control method and system | |
US10829088B2 (en) | Identity management for implementing vehicle access and operation management | |
JP5601729B2 (en) | How to log into a mobile radio network | |
CN101336436B (en) | Security token and method for authentication of a user with the security token | |
CN104885091B (en) | RFID label tag and the method for running RFID label tag | |
CN103413159B (en) | A kind of RFID electronic certificate off-line false proof realization method and system of Jianzhen based on CPK | |
US20190205547A1 (en) | Providing and checking the validity of a virtual document | |
CN100533459C (en) | Data safety reading method and safety storage apparatus thereof | |
CN109688133B (en) | Communication method based on account login free | |
CN101262349A (en) | SMS-based identity authentication method and device | |
CN112165382B (en) | Software authorization method and device, authorization server side and terminal equipment | |
CN107277079A (en) | A kind of across cloud customer certification system towards mixed cloud | |
CN103077461B (en) | System and method for applying for financial document using mobile communication device | |
CN106789024A (en) | A kind of remote de-locking method, device and system | |
KR20070084801A (en) | Creating and authenticating one time password using smartcard and the smartcard therefor | |
CN113132404B (en) | Identity authentication method, terminal and storage medium | |
WO2021198017A1 (en) | Personalised, server-specific authentication mechanism | |
CN106656955A (en) | Communication method and system and user terminal | |
CN107548059A (en) | A kind of authentication method and system | |
CN103020505A (en) | Information management system and information management method based on fingerprint identification | |
JP2006155547A (en) | Individual authentication system, terminal device and server | |
EP2530631A1 (en) | A method for accessing at least one service, corresponding communicating device and system | |
CN108400989A (en) | A kind of safety certificate equipment of shared resource authentication, method and system | |
CN106230821A (en) | The recognition methods of a kind of smart card and equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |