Virtual key share system and method
Technical field
The present invention relates to field of communication technology more particularly to a kind of virtual key share system and methods.
Background technique
Internet of Things is considered as the third time revolution that IT industry develops after computer, internet by people, general
Make it possible all things on earth interconnection in the network characteristic of change.Smart home, car networking, artificial intelligence everything behind just
It is that Internet of Things is accelerating landing, fast-ripenin, the arrival of the internet of things era is unquestionable.The basis of Internet of Things and core are still
It is so internet, is extension and expansion based on the internet, and cloud computing, mobile Internet, intelligent terminal etc. then exist
The architectural framework of help Internet of Things becomes more to enrich full.Internet of Things has become our times new round economy and development in science and technology
One of strategic high ground, develop Internet of Things and have important practical significance for promoting economic development with social progress.However,
Just because of internet of things for the natural inheritance of internet, so that all kinds of malicious attacks initiated for internet start
Internet of things field is spread to.
By taking car networking as an example, car networking is core application of the Internet of Things in intelligent transportation field, and car networking project is intelligence
The important component of traffic system.Car networking be by the sensing equipment, mobile unit and communication module being installed on vehicle,
Using mobile communication technology, auto-navigation system, intelligent terminal and information network platform etc., realize the road Che Yu, Che Yuche,
Vehicle is connect with the overall network of people and vehicle and application platform, and is analyzed by business platform information, handled and dug
More abundant, comfortable, safe and efficient vehicle operation and integrated information service are realized in pick.
As the acceleration of mobile Internet and car networking technology is universal, bluetooth is led to offline as a kind of short distance, low-power consumption
Letter technology, has at low cost, realizes and is easy, the characteristics of convenient for promoting, the life of the combination of Bluetooth technology and automotive engineering to automobile
Production, use, service band carry out bigger convenience, and Bluetooth technology has very big in the efficiency of communication and low-power consumption, security fields
Progress.
The one kind of bluetooth key as virtual key will become the standard configuration of next-generation automobile.Virtual key can also be with
It is called digital key, mainly utilizes near-field communication technology, user is allowed to pass through smart phone or wearable smart machine
Unlocking, locking etc. to carry out car door, door etc. operate.Digital key in addition to bigger convenience can be brought to user,
The digitized essence of body is but also digital key becomes the infrastructure of many new car networking application and service, such as automobile is total to
It enjoys, timesharing lease, business of hiring a car is delivered to boot etc. fastly.Current many automakers are constructing digital key solution
When there is no adequately it is considered that bluetooth key is a very important service in fact.And how to ensure this and service
Safety, then need automaker just to pass through the different use-cases under structured walk-through scene in the initial design phase, analyze
Specific demand for security, to select suitable technology and standard to construct safe digital key system.There are also critically important
Any is that the life cycle of bluetooth key service is longer (5~10 years), if bluetooth will also be determined by having complete updating ability
Safety of the key service in whole life cycle.
The technical solution of the virtual key of current research is based primarily upon PKI (Public Key Infrastructure, public key
Infrastructure) technical system design, this design needs by the way that under the conditions of online, mobile terminal is obtained by the number of lock end such as automobile
Word certificate, automobile obtain the digital certificate of mobile terminal, realize the two-way authentication of mobile terminal and vehicle, the key that then conversates association
The interaction of quotient, operation system.Virtual key in the prior art, which has the disadvantage in that, needs the online exchange for carrying out certificate, right
The sensibility of network is higher;It is higher to CA system (certificate center) server requirement;It will appear man-in-the-middle attack, certificate carried out
It kidnaps;With the increase of number of users, construction and operating cost are high, system complex.In addition, the sharing based on this virtual key
System is also dangerous.
Therefore, it is badly in need of a kind of highly-safe virtual key share system and method.
Summary of the invention
The present invention provides a kind of virtual key share system and methods, are being shared with solving virtual key in the prior art
When the low problem of safety.
One aspect of the present invention provides a kind of virtual key share system, comprising:
User terminal is generated for interacting public key with target terminal, and using target terminal public key and user terminal private key
Target terminal authentication information and user terminal identity verification information, are sent to target terminal;
Target terminal, if being verified, will have for verifying to received user terminal identity verification information
The target terminal authentication information of user terminal private key is sent to be verified by lock end, if being verified, generates target
Terminal session key is sent to be verified by lock end, if being verified, is sent using session key editor's unlock instruction
To by lock end;
By lock end, for being verified to the received target terminal authentication information with user terminal private key, if
It is verified, then generates using target terminal public key and by lock end private key by lock end authentication information, and be sent to target end
End is verified, if being verified, generation is sent to target terminal by lock end session key and is verified, if being verified,
Then unlocked according to the unlock instruction that target terminal is sent;
Offline communications module, for terminal and by the transmission of information between lock end.
It further, further include key management apparatus, for generating user terminal identification key pair according to user terminal ID,
And it is sent to the user terminal;It is also used to generate according to by lock end ID by lock end tagged keys pair, and is sent to by lock end;It is also used to
Target terminal tagged keys pair are generated according to target terminal ID, and are sent to target terminal;
User terminal, be also used to carry out received user terminal identification key pair with the key pair that itself generates it is compound,
Obtain user terminal key pair;
It by lock end, is also used to be carried out received by lock end tagged keys pair with the key pair that itself generates compound, obtains
By lock end key pair;
Target terminal, be also used to carry out received target terminal tagged keys pair with the key pair that itself generates it is compound,
Obtain target terminal key pair.
Further, ID is substituted into default matrix by key management apparatus, generates key pair using CPK Encryption Algorithm.
Further, offline communications module is bluetooth module.
Further, user terminal includes user terminal public key interactive unit, authentication information generation unit, and target is whole
End includes target terminal public key interactive unit, target terminal authentication unit, target terminal session key generation unit, instruction editor
Unit includes giving birth to by lock end authentication request information compiling unit, by lock end authentication unit, by lock end session key by lock end
At unit and unlocking unit, wherein
User terminal public key interactive unit, for interacting public key, and the mesh that will be obtained with target terminal public key interactive unit
Mark terminal public key is sent to authentication information generation unit;
Target terminal public key interactive unit, for interacting public key, and the use that will be obtained with user terminal public key interactive unit
Family terminal public key is sent to target terminal authentication request information compiling unit;
Authentication information generation unit, for generating target terminal body using target terminal public key and user terminal private key
Part verification information and user terminal identity verification information, are sent to target terminal authentication unit;
Target terminal authentication unit, for being verified to received user terminal identity verification information, if being verified,
Then received target terminal authentication information is sent to by lock end authentication unit;It is also used to verify received by lock end identity
Whether containing preset by lock end ID in checking solicited message, and signed by lock end it is whether correct, if being locked containing preset
It end ID and is signed by lock end errorless, then the verification result being verified is sent to target terminal session key generation unit;
Be also used to verify it is received by lock end session key whether containing preset by lock end ID, and whether just by lock end signature
Really, if containing it is preset sign by lock end ID and by lock end it is errorless, by the verification result being verified be sent to instruction compile
Collect unit;
By lock end authentication unit, for whether verifying the user terminal private key in received target terminal authentication information
It is identical as preset family terminal secret key, if they are the same, then the information being verified is sent to by lock end authentication request information
Edit cell;It is also used to verify in received target terminal session key and whether contains preset target terminal ID and target
Whether terminal signature is correct, if containing preset target terminal ID and errorless, the letter that will be verified of target terminal signature
Breath is sent to by lock end session key generation unit;
By lock end authentication request information compiling unit, for generating quilt according to target terminal public key and by lock end private key
Lock end authentication request information, and it is sent to target terminal authentication unit;
Target terminal session key generation unit, for generating random number, and according to generating random number target terminal session
Key is sent to by lock end authentication unit;
By lock end session key generation unit, for generating random number, and according to generating random number by lock end session key
It is sent to by target terminal authentication unit;
Edit cell is instructed, for being sent to unlocking unit according to target terminal session key editor's unlock instruction;
Unlocking unit is unlocked for unlock instruction based on the received.
The second aspect of the invention provides a kind of void realized based on the virtual key share system described among the above
Quasi- key sharing method, comprising the following steps:
Public key is interacted with target terminal using user terminal, and generates mesh using target terminal public key and user terminal private key
Terminal identity verification information and user terminal identity verification information are marked, target terminal is sent to;
It is verified using target terminal in received user terminal identity verification information, if being verified, by band
There is the target terminal authentication information of user's terminal secret key to be sent to be verified by lock end, if being verified, generates mesh
Mark terminal session key is sent to be verified by lock end, if being verified, is sent out using session key editor's unlock instruction
It send to by lock end;
The received target terminal authentication information with user terminal private key is verified using by lock end, if testing
Card passes through, then generates using target terminal public key and by lock end private key by lock end authentication information, and be sent to target terminal
It is verified, if being verified, generation is sent to target terminal by lock end session key and is verified, if being verified,
The unlock instruction unlock sent according to target terminal;
Terminal is carried out using offline communications module and by the transmission of information between lock end.
Further, further comprising the steps of:
User terminal identification key pair is generated according to user terminal ID using key management apparatus, and is sent to user's end
End;It generates according to by lock end ID by lock end tagged keys pair, and is sent to by lock end;Target terminal is generated according to target terminal ID
Tagged keys pair, and it is sent to target terminal;
Received user terminal identification key pair carried out using user terminal compound with the key pair that itself generates, obtained
User terminal key pair;
Using being carried out with the key pair that itself generates by lock end tagged keys pair compound by received by lock end, obtain being locked
Hold key pair;
Received target terminal tagged keys pair are carried out using target terminal compound with the key pair that itself generates, obtained
Target terminal key pair.
Further, ID is substituted into default matrix by key management apparatus, generates key pair using CPK Encryption Algorithm.
Further, offline communications module is bluetooth module.
Further, user terminal includes user terminal public key interactive unit, authentication information generation unit, and target is whole
End includes target terminal public key interactive unit, target terminal authentication unit, target terminal session key generation unit, instruction editor
Unit includes giving birth to by lock end authentication request information compiling unit, by lock end authentication unit, by lock end session key by lock end
At unit and unlocking unit, wherein
Public key, and the target that will be obtained are interacted with target terminal public key interactive unit using user terminal public key interactive unit
Terminal public key is sent to authentication information generation unit;
Public key, and the user that will be obtained are interacted with user terminal public key interactive unit using target terminal public key interactive unit
Terminal public key is sent to target terminal authentication request information compiling unit;
Target terminal body is generated using target terminal public key and user terminal private key using authentication information generation unit
Part verification information and user terminal identity verification information, are sent to target terminal authentication unit;
Received user terminal identity verification information is verified using target terminal authentication unit, if being verified,
Then received target terminal authentication information is sent to by lock end authentication unit;It verifies and received is asked by lock end authentication
Whether ask in information containing preset by lock end ID, and signed by lock end it is whether correct, if containing preset by lock end ID, with
And signed by lock end errorless, then the verification result being verified is sent to target terminal session key generation unit;Verifying connects
Whether whether being contained in lock end session key for receiving be preset by lock end ID and correct by lock end signature, if containing default
By lock end ID, and signed by lock end errorless, then the verification result being verified be sent to instruction edit cell;
Using the user terminal private key verified by lock end authentication unit in received target terminal authentication information whether
It is identical as preset family terminal secret key, if they are the same, then the information being verified is sent to by lock end authentication request information
Edit cell;It verifies in received target terminal session key and whether contains preset target terminal ID and target terminal label
Whether name is correct, if errorless containing preset target terminal ID and target terminal signature, the information being verified is sent
To by lock end session key generation unit;
Quilt is generated using by lock end authentication request information compiling unit according to target terminal public key and by lock end private key
Lock end authentication request information, and it is sent to target terminal authentication unit;
Random number is generated using target terminal session key generation unit, and close according to generating random number target terminal session
Key is sent to by lock end authentication unit;
Random number is generated using by lock end session key generation unit, and is sent out according to generating random number by lock end session key
It send to by target terminal authentication unit;
Unlocking unit is sent to according to target terminal session key editor's unlock instruction using instruction edit cell;
Using unlocking unit, unlock instruction is unlocked based on the received.
Virtual key share system provided by the invention and method have following progress compared with prior art:
(1) user terminal and target terminal pass through the verifying that interaction public key carries out identity information, are only proved to be successful, target
Terminal could be unlocked using the identity information of user terminal by lock end, have structures and methods simple, safe and convenient to use
The advantages of.
(2) target terminal and by lock end when carrying out information transmission, do not need third-party on-line authentication, but target is whole
It holds and information transmission is directly carried out by lock end, reduce interactive step, interaction data amount and operand, by double verifying, really
Protect the safety of unlock;Target terminal is carried out using offline communications module simultaneously and by the transmission of information between lock end, is reduced
Whole system and method improve the safety and reliability in use process to the sensibility of network.
The above description is only an overview of the technical scheme of the present invention, in order to better understand the technical means of the present invention,
And it can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can
It is clearer and more comprehensible, the followings are specific embodiments of the present invention.
Detailed description of the invention
By reading the following detailed description of the preferred embodiment, various other advantages and benefits are common for this field
Technical staff will become clear.The drawings are only for the purpose of illustrating a preferred embodiment, and is not considered as to the present invention
Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 is that the device of virtual key share system in the embodiment of the present invention connects block diagram;
The step of Fig. 2 is virtual key sharing method in the embodiment of the present invention is schemed.
Specific embodiment
Exemplary embodiments of the present disclosure are described in more detail below with reference to accompanying drawings.Although showing the disclosure in attached drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here
It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure
It is fully disclosed to those skilled in the art.
Those skilled in the art of the present technique are appreciated that unless otherwise defined, all terms used herein (including technology art
Language and scientific term), there is meaning identical with the general understanding of those of ordinary skill in fields of the present invention.Should also
Understand, those terms such as defined in the general dictionary, it should be understood that have in the context of the prior art
The consistent meaning of meaning, and unless otherwise will not be explained in an idealized or overly formal meaning by specific definitions.
Present embodiments provide a kind of virtual key share system and method.
Such as Fig. 1, the virtual key share system of the present embodiment, comprising:
User terminal is generated for interacting public key with target terminal, and using target terminal public key and user terminal private key
Target terminal authentication information and user terminal identity verification information, are sent to target terminal;
Target terminal, if being verified, will have for verifying to received user terminal identity verification information
The target terminal authentication information of user terminal private key is sent to be verified by lock end, if being verified, generates target
Terminal session key is sent to be verified by lock end, if being verified, is sent using session key editor's unlock instruction
To by lock end;
By lock end, for being verified to the received target terminal authentication information with user terminal private key, if
It is verified, then generates using target terminal public key and by lock end private key by lock end authentication information, and be sent to target end
End is verified, if being verified, generation is sent to target terminal by lock end session key and is verified, if being verified,
Then unlocked according to the unlock instruction that target terminal is sent;
Offline communications module, for terminal and by the transmission of information between lock end.
The virtual key share system of the present embodiment, user terminal and target terminal pass through interaction public key and carry out identity information
Verifying, be only proved to be successful, target terminal could be unlocked using the identity information of user terminal by lock end, have structure
Simple, the safe and convenient to use advantage with method.
As Fig. 1 is used for root when it is implemented, the virtual key share system of the present embodiment further includes key management apparatus
User terminal identification key pair is generated according to user terminal ID, and is sent to the user terminal;It is also used to generate quilt according to by lock end ID
Lock end tagged keys pair, and be sent to by lock end;It is also used to generate target terminal tagged keys pair according to target terminal ID, concurrently
It send to target terminal;
User terminal, be also used to carry out received user terminal identification key pair with the key pair that itself generates it is compound,
Obtain user terminal key pair;
It by lock end, is also used to be carried out received by lock end tagged keys pair with the key pair that itself generates compound, obtains
By lock end key pair;
Target terminal, be also used to carry out received target terminal tagged keys pair with the key pair that itself generates it is compound,
Obtain target terminal key pair.
It is to add to the public key point of cipher key pair that key pair, which carries out compound mode, and private key mould adds.
In the virtual key share system of the present embodiment, target terminal and by lock end when carrying out information transmission, do not need
Third-party on-line authentication, but target terminal and information transmission is directly carried out by lock end, reduce interactive step, interaction data
Amount and operand, pass through identity, the double verifying of session key, it is ensured that the safety of unlock;Offline communications module is used simultaneously
It carries out target terminal and by the transmission of information between lock end, reduces whole system to the sensibility of network, improve and used
Safety and reliability in journey.
When it is implemented, key management apparatus is by user terminal ID or target terminal ID or by any in lock end ID
Default matrix is substituted into, which includes matrix public key and matrix private key, is respectively used to generate public key and private key, forms key
It is right;User terminal key pair, target terminal mark are generated using CPK (Combined Public Key, Conbined public or double key) Encryption Algorithm
Know key pair or by any of lock end tagged keys centering.CPK Encryption Algorithm specifically can be the close SM2/SM3/SM4 of state and
It is any one or more in AES/DES/ECC/SHA1/SHA256, it is selected as needed.It may be implemented to surpass using these algorithms
The production and distribution of extensive tagged keys can satisfy the needs of more users with the resource of very little;Also there is memory space
Need less, the advantages that operational efficiency is high, processing energy is big.
When it is implemented, offline communications module is bluetooth module.Bluetooth module can be realized short distance, low-power consumption it is offline
Communication has the advantages that at low cost, realization is easy, convenient for popularization.
Such as Fig. 1, the virtual key share system of the present embodiment, when it is implemented, user terminal includes user terminal public key
Interactive unit, authentication information generation unit, target terminal include target terminal public key interactive unit, target terminal verifying list
Member, target terminal session key generation unit, instruction edit cell, include by lock end authentication request information editing by lock end
Unit, by lock end authentication unit, by lock end session key generation unit and unlocking unit, wherein
User terminal public key interactive unit, for interacting public key, and the mesh that will be obtained with target terminal public key interactive unit
Mark terminal public key is sent to authentication information generation unit;
Target terminal public key interactive unit, for interacting public key, and the use that will be obtained with user terminal public key interactive unit
Family terminal public key is sent to target terminal authentication request information compiling unit;
Authentication information generation unit, for generating target terminal body using target terminal public key and user terminal private key
Part verification information and user terminal identity verification information, are sent to target terminal authentication unit;
Target terminal authentication unit, for being verified to received user terminal identity verification information, if being verified,
Then received target terminal authentication information is sent to by lock end authentication unit;It is also used to verify received by lock end identity
Whether containing preset by lock end ID in checking solicited message, and signed by lock end it is whether correct, if being locked containing preset
ID is held, and is signed by lock end errorless, then the verification result being verified is sent to target terminal session key generation unit;
Be also used to verify it is received by lock end session key whether containing preset by lock end ID, and whether just by lock end signature
Really, it if containing preset by lock end ID, and is signed by lock end errorless, then the verification result being verified is sent to instruction and compiled
Collect unit;
By lock end authentication unit, for whether verifying the user terminal private key in received target terminal authentication information
It is identical as preset family terminal secret key, if they are the same, then the information being verified is sent to by lock end authentication request information
Edit cell;It is also used to verify in received target terminal session key and whether contains preset target terminal ID and target
Whether terminal signature is correct, if containing preset target terminal ID and errorless, the letter that will be verified of target terminal signature
Breath is sent to by lock end session key generation unit;
By lock end authentication request information compiling unit, for generating quilt according to target terminal public key and by lock end private key
Lock end authentication request information, and it is sent to target terminal authentication unit;
Target terminal session key generation unit, for generating random number, and according to generating random number target terminal session
Key is sent to by lock end authentication unit;
By lock end session key generation unit, for generating random number, and according to generating random number by lock end session key
It is sent to by target terminal authentication unit;
Edit cell is instructed, for being sent to unlocking unit according to target terminal session key editor's unlock instruction;
Unlocking unit is unlocked for unlock instruction based on the received.
Wherein, target terminal public key interactive unit, target terminal authentication unit, target terminal session key generation unit,
Instruction edit cell is generated by lock end authentication request information compiling unit, by lock end authentication unit, by lock end session key
Unit and unlocking unit are electrically connected with offline communications module, key management apparatus respectively with user terminal public key interactive unit,
Target terminal public key interactive unit is electrically connected by lock end authentication request information compiling unit, and authentication information generates single
Member is electrically connected with user terminal public key interactive unit, target terminal authentication unit respectively.Target terminal can make with user terminal
It is connected with cable, radio connection can also be used, the mode of radio connection can be the side such as bluetooth, wifi, nfc, 3G, 4G
Formula.Specific connection type can be selected according to demand.
Such as Fig. 2, the present embodiment additionally provides what a kind of virtual key share system based on the above embodiment was realized
Virtual key sharing method, comprising the following steps:
Public key is interacted with target terminal using user terminal, and generates mesh using target terminal public key and user terminal private key
Terminal identity verification information and user terminal identity verification information are marked, target terminal is sent to;
It is verified using target terminal in received user terminal identity verification information, if being verified, by band
There is the target terminal authentication information of user's terminal secret key to be sent to be verified by lock end, if being verified, generates mesh
Mark terminal session key is sent to be verified by lock end, if being verified, is sent out using session key editor's unlock instruction
It send to by lock end;
The received target terminal authentication information with user terminal private key is verified using by lock end, if testing
Card passes through, then generates using target terminal public key and by lock end private key by lock end authentication information, and be sent to target terminal
It is verified, if being verified, generation is sent to target terminal by lock end session key and is verified, if being verified,
The unlock instruction unlock sent according to target terminal;
Terminal is carried out using offline communications module and by the transmission of information between lock end.
The virtual key sharing method of the present embodiment, user terminal and target terminal pass through interaction public key and carry out identity information
Verifying, be only proved to be successful, target terminal could be unlocked using the identity information of user terminal by lock end, have structure
Simple, the safe and convenient to use advantage with method.
The virtual key sharing method of the present embodiment, further comprising the steps of:
User terminal identification key pair is generated according to user terminal ID using key management apparatus, and is sent to user's end
End;It generates according to by lock end ID by lock end tagged keys pair, and is sent to by lock end;Target terminal is generated according to target terminal ID
Tagged keys pair, and it is sent to target terminal;
Received user terminal identification key pair carried out using user terminal compound with the key pair that itself generates, obtained
User terminal key pair;
Using being carried out with the key pair that itself generates by lock end tagged keys pair compound by received by lock end, obtain being locked
Hold key pair;
Received target terminal tagged keys pair are carried out using target terminal compound with the key pair that itself generates, obtained
Target terminal key pair.
It is to add to the public key point of cipher key pair that key pair, which carries out compound mode, and private key mould adds.
In the virtual key sharing method of the present embodiment, target terminal and by lock end when carrying out information transmission, do not need
Third-party on-line authentication, but target terminal and information transmission is directly carried out by lock end, reduce interactive step, interaction data
Amount and operand, pass through identity, the double verifying of session key, it is ensured that the safety of unlock;Offline communications module is used simultaneously
It carries out target terminal and by the transmission of information between lock end, reduces entire method to the sensibility of network, improve and used
Safety and reliability in journey.
When it is implemented, key management apparatus is by user terminal ID or target terminal ID or by any in lock end ID
Default matrix is substituted into, which includes matrix public key and matrix private key, is respectively used to generate public key and private key, forms key
It is right;User terminal key pair, target terminal mark are generated using CPK (Combined Public Key, Conbined public or double key) Encryption Algorithm
Know key pair or by any of lock end tagged keys centering.CPK Encryption Algorithm specifically can be the close SM2/SM3/SM4 of state and
It is any one or more in AES/DES/ECC/SHA1/SHA256, it is selected as needed.It may be implemented to surpass using these algorithms
The production and distribution of extensive tagged keys can satisfy the needs of more users with the resource of very little;Also there is memory space
Need less, the advantages that operational efficiency is high, processing energy is big.
When it is implemented, offline communications module is bluetooth module.Bluetooth module can be realized short distance, low-power consumption it is offline
Communication has the advantages that at low cost, realization is easy, convenient for popularization.
The virtual key share system of the present embodiment, when it is implemented, user terminal includes that the interaction of user terminal public key is single
Member, authentication information generation unit, target terminal includes target terminal public key interactive unit, target terminal authentication unit, mesh
Mark terminal session Key generating unit, instruction edit cell, by lock end include by lock end authentication request information compiling unit,
By lock end authentication unit, by lock end session key generation unit and unlocking unit, wherein
Step 100 is interacted public key with target terminal public key interactive unit using user terminal public key interactive unit, and incited somebody to action
To target terminal public key be sent to authentication information generation unit;Utilize target terminal public key interactive unit and user terminal
Public key interactive unit interacts public key, and obtained user terminal public key is sent to target terminal authentication request information editing
Unit;
Step 200 generates mesh using target terminal public key and user terminal private key using authentication information generation unit
Terminal identity verification information and user terminal identity verification information are marked, target terminal authentication unit is sent to;
Step 300 verifies received user terminal identity verification information using target terminal authentication unit, if testing
Card passes through, then received target terminal authentication information is sent to by lock end authentication unit;It verifies received by lock end body
Whether containing preset by lock end ID in part checking solicited message, and signed by lock end it is whether correct, if containing preset quilt
Lock end ID, and signed by lock end it is errorless, then by the verification result being verified be sent to target terminal session key generate it is single
Member;Verify it is received by lock end session key whether containing preset by lock end ID, and signed by lock end it is whether correct, if
It containing preset by lock end ID, and is signed by lock end errorless, then it is single the verification result being verified to be sent to instruction editor
Member;
Step 400 utilizes the user terminal verified in received target terminal authentication information by lock end authentication unit
Whether private key is identical as preset family terminal secret key, if they are the same, then the information being verified is sent to by lock end authentication
Solicited message edit cell;It verifies in received target terminal session key and whether contains preset target terminal ID and mesh
Whether correct terminal signature is marked, if errorless containing preset target terminal ID and target terminal signature, by what is be verified
Information is sent to by lock end session key generation unit;
Step 500, using by lock end authentication request information compiling unit according to target terminal public key and by lock end private
Key is generated by lock end authentication request information, and is sent to target terminal authentication unit;
Step 600 generates random number using target terminal session key generation unit, and whole according to generating random number target
End session key is sent to by lock end authentication unit;Using by lock end session key generation unit generate random number, and according to
The generation of machine number is sent to by lock end session key by target terminal authentication unit;
Step 700 is sent to unlock list according to target terminal session key editor's unlock instruction using instruction edit cell
Member;Using unlocking unit, unlock instruction is unlocked based on the received.
The virtual key share system and method for the present embodiment by user terminal and by lock end before use, first tie up
Fixed, user terminal and target terminal first carry out public key interaction, obtain user terminal by lock end, the public key of target terminal, are locked
End obtains the public key of terminal, and target terminal obtains the public key of user terminal, uses key to be encrypted, verified in order to subsequent.
When specifically used, user terminal and target terminal may each be the mobile terminal that user holds, and specifically can be vapour by lock end
The authentication information of oneself is utilized target terminal public key encryption first by vehicle, user terminal, and the mode of own private key signature is sent out
Target terminal is given, target terminal is verified using the public key of user terminal, again by self-identity information, use after being proved to be successful
Family terminal identity is sent to be verified by lock end, only verifies user terminal identity and preset user terminal ID phase by lock end
Meanwhile the verifying of identity information can be just carried out with target terminal.Offline letter is carried out between mobile terminal and automobile by bluetooth
Breath transmission, such as authentication information, the transmission for carrying out using session key encrypted unlock instruction.Terminal can be electricity
Brain, mobile phone etc. are also possible to that the door lock etc. of information off-line transmission can be carried out using bluetooth by lock end.Termination ID can be hand
Any in machine number or mobile phone factory code, can be VIN code (the Vehicle Identification of automobile by lock end ID
Number, vehicle identification code).ID, which is also possible to other, can be used to identification terminal and other numbers by lock end.Bluetooth module
In counter can be set, counted when offline data are transmitted for target terminal and by lock end, reach certain
When number such as 65535, restarts verifying and consult session key, improve the safety and reliability of system and method.
For embodiment of the method, for simple description, therefore, it is stated as a series of action combinations, but this field
Technical staff should be aware of, and embodiment of that present invention are not limited by the describe sequence of actions, because implementing according to the present invention
Example, some steps may be performed in other sequences or simultaneously.Secondly, those skilled in the art should also know that, specification
Described in embodiment belong to preferred embodiment, the actions involved are not necessarily necessary for embodiments of the present invention.
Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although
Present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: it still may be used
To modify the technical solutions described in the foregoing embodiments or equivalent replacement of some of the technical features;
And these are modified or replaceed, technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution spirit and
Range.