Disclosure of Invention
The invention provides a virtual key sharing system and a virtual key sharing method, which aim to solve the problem that in the prior art, the security of a virtual key is low during sharing.
In one aspect of the present invention, a virtual key sharing system is provided, including:
the user terminal is used for interacting the public key with the target terminal, generating target terminal identity verification information and user terminal identity verification information by using the target terminal public key and the user terminal private key and sending the target terminal identity verification information and the user terminal identity verification information to the target terminal;
the target terminal is used for verifying the received user terminal identity verification information, if the verification is passed, the target terminal identity verification information with the user terminal private key is sent to the locked end for verification, if the verification is passed, a target terminal session key is generated and sent to the locked end for verification, and if the verification is passed, an unlocking instruction is edited by using the session key and sent to the locked end;
the locked terminal is used for verifying the received target terminal identity verification information with the user terminal private key, if the verification is passed, the target terminal public key and the locked terminal private key are used for generating the locked terminal identity verification information and sending the locked terminal identity verification information to the target terminal for verification, if the verification is passed, a locked terminal session key is generated and sent to the target terminal for verification, and if the verification is passed, the unlocked terminal is unlocked according to an unlocking instruction sent by the target terminal;
and the offline communication module is used for transmitting information between the terminal and the locked end.
The system further comprises a key management device, which is used for generating a user terminal identification key pair according to the user terminal ID and sending the user terminal identification key pair to the user terminal; the system also generates a locked end identification key pair according to the ID of the locked end and sends the locked end identification key pair to the locked end; the system also comprises a target terminal ID generation module, a target terminal identification key pair and a target terminal, wherein the target terminal ID generation module is used for generating a target terminal identification key pair according to the target terminal ID and sending the target terminal identification key pair to the target terminal;
the user terminal is also used for compounding the received user terminal identification key pair with a key pair generated by the user terminal identification key pair to obtain a user terminal key pair;
the locked end is also used for compounding the received locked end identification key pair with a key pair generated by the locked end to obtain a locked end key pair;
and the target terminal is also used for compounding the received target terminal identification key pair with the key pair generated by the target terminal identification key pair to obtain the target terminal key pair.
Further, the key management apparatus substitutes the ID into the preset matrix, and generates a key pair using the CPK encryption algorithm.
Further, the off-line communication module is a bluetooth module.
Further, the user terminal comprises a user terminal public key interaction unit and an identity verification information generation unit, the target terminal comprises a target terminal public key interaction unit, a target terminal verification unit, a target terminal session key generation unit and an instruction editing unit, the locked end comprises a locked end identity verification request information editing unit, a locked end verification unit, a locked end session key generation unit and an unlocking unit, wherein,
the user terminal public key interaction unit is used for interacting a public key with the target terminal public key interaction unit and sending the obtained target terminal public key to the identity verification information generation unit;
the target terminal public key interaction unit is used for interacting a public key with the user terminal public key interaction unit and sending the obtained user terminal public key to the target terminal identity verification request information editing unit;
the identity authentication information generating unit is used for generating target terminal identity authentication information and user terminal identity authentication information by using a target terminal public key and a user terminal private key and sending the target terminal identity authentication information and the user terminal identity authentication information to the target terminal authentication unit;
the target terminal verification unit is used for verifying the received user terminal identity verification information, and if the verification is passed, the received target terminal identity verification information is sent to the locked terminal verification unit; the target terminal session key generation unit is used for receiving the identity verification request information of the locked terminal, verifying whether the received identity verification request information of the locked terminal contains a preset locked terminal ID and whether the signature of the locked terminal is correct, and if the identity verification request information of the locked terminal contains the preset locked terminal ID and the signature of the locked terminal is correct, sending a verification result passing the verification to the target terminal session key generation unit; the system is also used for verifying whether the received locked session key contains a preset locked end ID and whether the locked end signature is correct, and if the received locked session key contains the preset locked end ID and the locked end signature is correct, the system sends a verification result passing the verification to the instruction editing unit;
the locked terminal verification unit is used for verifying whether a user terminal private key in the received target terminal identity verification information is the same as a preset user terminal private key or not, and if so, the information passing the verification is sent to the locked terminal identity verification request information editing unit; the device is also used for verifying whether the received target terminal session key contains a preset target terminal ID and whether the target terminal signature is correct, and if the received target terminal session key contains the preset target terminal ID and the target terminal signature is correct, the device sends the verified information to the locked terminal session key generation unit;
the locked terminal identity verification request information editing unit is used for generating locked terminal identity verification request information according to the target terminal public key and the locked terminal private key and sending the locked terminal identity verification request information to the target terminal verification unit;
the target terminal session key generation unit is used for generating a random number, generating a target terminal session key according to the random number and sending the target terminal session key to the locked terminal verification unit;
the locked terminal session key generation unit is used for generating a random number, generating a locked terminal session key according to the random number and sending the locked terminal session key to the target terminal verification unit;
the instruction editing unit is used for editing an unlocking instruction according to the target terminal session key and sending the unlocking instruction to the unlocking unit;
and the unlocking unit is used for unlocking according to the received unlocking instruction.
In a second aspect of the present invention, a virtual key sharing method implemented based on the virtual key sharing system described above is provided, including the following steps:
the method comprises the steps that a public key is interacted between a user terminal and a target terminal, target terminal identity verification information and user terminal identity verification information are generated by the aid of the public key of the target terminal and a private key of the user terminal, and the target terminal identity verification information and the user terminal identity verification information are sent to the target terminal;
the target terminal is used for verifying the received user terminal identity verification information, if the verification is passed, the target terminal identity verification information with the user terminal private key is sent to the locked end for verification, if the verification is passed, a target terminal session key is generated and sent to the locked end for verification, and if the verification is passed, an unlocking instruction is edited and sent to the locked end by using the session key;
verifying received target terminal identity verification information with a user terminal private key by using a locked terminal, if the verification is passed, generating locked terminal identity verification information by using a target terminal public key and a locked terminal private key, and sending the locked terminal identity verification information to the target terminal for verification, if the verification is passed, generating a locked terminal session key, sending the locked terminal session key to the target terminal for verification, and if the verification is passed, unlocking according to an unlocking instruction sent by the target terminal;
and the offline communication module is used for transmitting information between the terminal and the locked terminal.
Further, the method also comprises the following steps:
generating a user terminal identification key pair according to the user terminal ID by using a key management device, and sending the user terminal identification key pair to the user terminal; generating a locked end identification key pair according to the ID of the locked end, and sending the locked end identification key pair to the locked end; generating a target terminal identification key pair according to the target terminal ID, and sending the target terminal identification key pair to the target terminal;
compounding the received user terminal identification key pair with a key pair generated by the user terminal by using the user terminal to obtain a user terminal key pair;
the received locked end identification key pair and the key pair generated by the locked end are compounded by the locked end to obtain a locked end key pair;
and compounding the received target terminal identification key pair with a key pair generated by the target terminal by using the target terminal to obtain the target terminal key pair.
Further, the key management apparatus substitutes the ID into the preset matrix, and generates a key pair using the CPK encryption algorithm.
Further, the off-line communication module is a bluetooth module.
Further, the user terminal comprises a user terminal public key interaction unit and an identity verification information generation unit, the target terminal comprises a target terminal public key interaction unit, a target terminal verification unit, a target terminal session key generation unit and an instruction editing unit, the locked end comprises a locked end identity verification request information editing unit, a locked end verification unit, a locked end session key generation unit and an unlocking unit, wherein,
the public key is interacted between the user terminal public key interaction unit and the target terminal public key interaction unit, and the obtained target terminal public key is sent to the identity verification information generation unit;
the public key is interacted between the target terminal public key interaction unit and the user terminal public key interaction unit, and the obtained user terminal public key is sent to the target terminal identity verification request information editing unit;
generating target terminal authentication information and user terminal authentication information by using a target terminal public key and a user terminal private key by using an authentication information generating unit, and sending the target terminal authentication information and the user terminal authentication information to a target terminal authentication unit;
the target terminal verification unit is used for verifying the received user terminal identity verification information, and if the verification is passed, the received target terminal identity verification information is sent to the locked terminal verification unit; verifying whether the received identity verification request information of the locked end contains a preset locked end ID and whether the signature of the locked end is correct, and if the identity verification request information of the locked end contains the preset locked end ID and the signature of the locked end is correct, sending a verification result passing the verification to a target terminal session key generation unit; verifying whether the received locked session key contains a preset locked ID and whether the locked signature is correct, and if the received locked session key contains the preset locked ID and the locked signature is correct, sending a verification result passing the verification to an instruction editing unit;
verifying whether a user terminal private key in the received target terminal identity verification information is the same as a preset user terminal private key or not by using a locked terminal verification unit, and if so, sending the verified information to a locked terminal identity verification request information editing unit; verifying whether the received target terminal session key contains a preset target terminal ID and whether the target terminal signature is correct, and if the received target terminal session key contains the preset target terminal ID and the target terminal signature is correct, sending the verified information to a locked terminal session key generation unit;
generating identity verification request information of the locked end according to the target terminal public key and the private key of the locked end by using the identity verification request information editing unit of the locked end, and sending the identity verification request information of the locked end to the target terminal verification unit;
generating a random number by using a target terminal session key generation unit, generating a target terminal session key according to the random number, and sending the target terminal session key to a locked terminal verification unit;
generating a random number by using a locked terminal session key generation unit, generating a locked terminal session key according to the random number and sending the locked terminal session key to a target terminal verification unit;
editing an unlocking instruction by using an instruction editing unit according to the target terminal session key and sending the unlocking instruction to an unlocking unit;
and unlocking by using the unlocking unit according to the received unlocking instruction.
Compared with the prior art, the virtual key sharing system and the virtual key sharing method provided by the invention have the following advantages that:
(1) the user terminal and the target terminal verify the identity information through the interactive public key, and the target terminal can unlock the locked end by using the identity information of the user terminal only if the verification is successful, so that the method has the advantages of simple structure and method, and safety and convenience in use.
(2) When the target terminal and the locked end carry out information transmission, the target terminal and the locked end directly carry out information transmission without the online authentication of a third party, so that the interaction steps, the interaction data amount and the operation amount are reduced, and the unlocking safety is ensured through double verification; meanwhile, the offline communication module is used for transmitting information between the target terminal and the locked terminal, so that the sensitivity of the whole system and method to the network is reduced, and the safety and reliability in the using process are improved.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
It will be understood by those skilled in the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
The embodiment provides a virtual key sharing system and a virtual key sharing method.
As shown in fig. 1, the virtual key sharing system of the present embodiment includes:
the user terminal is used for interacting the public key with the target terminal, generating target terminal identity verification information and user terminal identity verification information by using the target terminal public key and the user terminal private key and sending the target terminal identity verification information and the user terminal identity verification information to the target terminal;
the target terminal is used for verifying the received user terminal identity verification information, if the verification is passed, the target terminal identity verification information with the user terminal private key is sent to the locked end for verification, if the verification is passed, a target terminal session key is generated and sent to the locked end for verification, and if the verification is passed, an unlocking instruction is edited by using the session key and sent to the locked end;
the locked terminal is used for verifying the received target terminal identity verification information with the user terminal private key, if the verification is passed, the target terminal public key and the locked terminal private key are used for generating the locked terminal identity verification information and sending the locked terminal identity verification information to the target terminal for verification, if the verification is passed, a locked terminal session key is generated and sent to the target terminal for verification, and if the verification is passed, the unlocked terminal is unlocked according to an unlocking instruction sent by the target terminal;
and the offline communication module is used for transmitting information between the terminal and the locked end.
In the virtual key sharing system of the embodiment, the user terminal and the target terminal verify the identity information through the interactive public key, and the target terminal can unlock the locked end by using the identity information of the user terminal only if the verification is successful, so that the virtual key sharing system has the advantages of simple structure and method, and safety and convenience in use.
As shown in fig. 1, in a specific implementation, the virtual key sharing system of this embodiment further includes a key management device, configured to generate a user terminal identification key pair according to a user terminal ID, and send the user terminal identification key pair to the user terminal; the system also generates a locked end identification key pair according to the ID of the locked end and sends the locked end identification key pair to the locked end; the system also comprises a target terminal ID generation module, a target terminal identification key pair and a target terminal, wherein the target terminal ID generation module is used for generating a target terminal identification key pair according to the target terminal ID and sending the target terminal identification key pair to the target terminal;
the user terminal is also used for compounding the received user terminal identification key pair with a key pair generated by the user terminal identification key pair to obtain a user terminal key pair;
the locked end is also used for compounding the received locked end identification key pair with a key pair generated by the locked end to obtain a locked end key pair;
and the target terminal is also used for compounding the received target terminal identification key pair with the key pair generated by the target terminal identification key pair to obtain the target terminal key pair.
The key pair is compounded by adding the public key point and the private key modulo.
In the virtual key sharing system of the embodiment, when the target terminal and the locked end perform information transmission, the target terminal and the locked end directly perform information transmission without online authentication of a third party, so that the interaction steps, the interaction data volume and the operation volume are reduced, and the unlocking safety is ensured through double verification of the identity and the session key; meanwhile, the offline communication module is used for transmitting information between the target terminal and the locked terminal, so that the sensitivity of the whole system to a network is reduced, and the safety and the reliability in the using process are improved.
In specific implementation, the key management device substitutes any one of the user terminal ID, the target terminal ID or the locked terminal ID into a preset matrix, wherein the preset matrix comprises a matrix public key and a matrix private key which are respectively used for generating a public key and a private key to form a key pair; and generating any one of a user terminal Key pair, a target terminal identification Key pair or a locked end identification Key pair by using a CPK (Combined Public Key) encryption algorithm. The CPK encryption algorithm may be specifically any one or more of the national secret SM2/SM3/SM4 and AES/DES/ECC/SHA1/SHA256, and is selected as required. The algorithm can realize the production and distribution of the super-large scale identification key, and can meet the requirements of more users by using very small resources; and the method also has the advantages of less storage space requirement, high operation efficiency, large processing energy and the like.
In specific implementation, the offline communication module is a bluetooth module. The Bluetooth module can realize short-distance and low-power-consumption off-line communication and has the advantages of low cost, easy realization and convenient popularization.
As shown in fig. 1, in a specific implementation of the virtual key sharing system of this embodiment, a user terminal includes a user terminal public key interaction unit and an authentication information generation unit, a target terminal includes a target terminal public key interaction unit, a target terminal authentication unit, a target terminal session key generation unit and an instruction editing unit, a locked end includes a locked end authentication request information editing unit, a locked end authentication unit, a locked end session key generation unit and an unlocking unit, wherein,
the user terminal public key interaction unit is used for interacting a public key with the target terminal public key interaction unit and sending the obtained target terminal public key to the identity verification information generation unit;
the target terminal public key interaction unit is used for interacting a public key with the user terminal public key interaction unit and sending the obtained user terminal public key to the target terminal identity verification request information editing unit;
the identity authentication information generating unit is used for generating target terminal identity authentication information and user terminal identity authentication information by using a target terminal public key and a user terminal private key and sending the target terminal identity authentication information and the user terminal identity authentication information to the target terminal authentication unit;
the target terminal verification unit is used for verifying the received user terminal identity verification information, and if the verification is passed, the received target terminal identity verification information is sent to the locked terminal verification unit; the target terminal session key generation unit is used for receiving the identity verification request information of the locked terminal, verifying whether the received identity verification request information of the locked terminal contains a preset locked terminal ID and whether the signature of the locked terminal is correct, and if the identity verification request information of the locked terminal contains the preset locked terminal ID and the signature of the locked terminal is correct, sending a verification result passing the verification to the target terminal session key generation unit; the system is also used for verifying whether the received locked session key contains a preset locked end ID and whether the locked end signature is correct, and if the received locked session key contains the preset locked end ID and the locked end signature is correct, the system sends a verification result passing the verification to the instruction editing unit;
the locked terminal verification unit is used for verifying whether a user terminal private key in the received target terminal identity verification information is the same as a preset user terminal private key or not, and if so, the information passing the verification is sent to the locked terminal identity verification request information editing unit; the device is also used for verifying whether the received target terminal session key contains a preset target terminal ID and whether the target terminal signature is correct, and if the received target terminal session key contains the preset target terminal ID and the target terminal signature is correct, the device sends the verified information to the locked terminal session key generation unit;
the locked terminal identity verification request information editing unit is used for generating locked terminal identity verification request information according to the target terminal public key and the locked terminal private key and sending the locked terminal identity verification request information to the target terminal verification unit;
the target terminal session key generation unit is used for generating a random number, generating a target terminal session key according to the random number and sending the target terminal session key to the locked terminal verification unit;
the locked terminal session key generation unit is used for generating a random number, generating a locked terminal session key according to the random number and sending the locked terminal session key to the target terminal verification unit;
the instruction editing unit is used for editing an unlocking instruction according to the target terminal session key and sending the unlocking instruction to the unlocking unit;
and the unlocking unit is used for unlocking according to the received unlocking instruction.
The system comprises a target terminal public key interaction unit, a target terminal verification unit, a target terminal session key generation unit, an instruction editing unit, a locked end identity verification request information editing unit, a locked end verification unit, a locked end session key generation unit and an unlocked unit which are all electrically connected with an offline communication module, a key management device is respectively and electrically connected with a user terminal public key interaction unit, a target terminal public key interaction unit and a locked end identity verification request information editing unit, and an identity verification information generation unit is respectively and electrically connected with the user terminal public key interaction unit and the target terminal verification unit. The target terminal and the user terminal can be connected by using a cable or a radio connection, and the radio connection can be in a Bluetooth mode, a wifi mode, an nfc mode, a 3G mode, a 4G mode and the like. The specific connection mode can be selected according to requirements.
As shown in fig. 2, this embodiment further provides a virtual key sharing method implemented by the virtual key sharing system according to the foregoing embodiment, including the following steps:
the method comprises the steps that a public key is interacted between a user terminal and a target terminal, target terminal identity verification information and user terminal identity verification information are generated by the aid of the public key of the target terminal and a private key of the user terminal, and the target terminal identity verification information and the user terminal identity verification information are sent to the target terminal;
the target terminal is used for verifying the received user terminal identity verification information, if the verification is passed, the target terminal identity verification information with the user terminal private key is sent to the locked end for verification, if the verification is passed, a target terminal session key is generated and sent to the locked end for verification, and if the verification is passed, an unlocking instruction is edited and sent to the locked end by using the session key;
verifying received target terminal identity verification information with a user terminal private key by using a locked terminal, if the verification is passed, generating locked terminal identity verification information by using a target terminal public key and a locked terminal private key, and sending the locked terminal identity verification information to the target terminal for verification, if the verification is passed, generating a locked terminal session key, sending the locked terminal session key to the target terminal for verification, and if the verification is passed, unlocking according to an unlocking instruction sent by the target terminal;
and the offline communication module is used for transmitting information between the terminal and the locked terminal.
According to the virtual key sharing method, the user terminal and the target terminal verify the identity information through the interactive public key, and only after the verification is successful, the target terminal can unlock the locked end by using the identity information of the user terminal.
The virtual key sharing method of the embodiment further includes the following steps:
generating a user terminal identification key pair according to the user terminal ID by using a key management device, and sending the user terminal identification key pair to the user terminal; generating a locked end identification key pair according to the ID of the locked end, and sending the locked end identification key pair to the locked end; generating a target terminal identification key pair according to the target terminal ID, and sending the target terminal identification key pair to the target terminal;
compounding the received user terminal identification key pair with a key pair generated by the user terminal by using the user terminal to obtain a user terminal key pair;
the received locked end identification key pair and the key pair generated by the locked end are compounded by the locked end to obtain a locked end key pair;
and compounding the received target terminal identification key pair with a key pair generated by the target terminal by using the target terminal to obtain the target terminal key pair.
The key pair is compounded by adding the public key point and the private key modulo.
In the virtual key sharing method of the embodiment, when the target terminal and the locked end transmit information, the target terminal and the locked end directly transmit information without online authentication of a third party, so that the interaction steps, the interaction data amount and the operation amount are reduced, and the unlocking safety is ensured through double verification of the identity and the session key; meanwhile, the offline communication module is used for transmitting information between the target terminal and the locked terminal, so that the sensitivity of the whole method to a network is reduced, and the safety and the reliability in the using process are improved.
In specific implementation, the key management device substitutes any one of the user terminal ID, the target terminal ID or the locked terminal ID into a preset matrix, wherein the preset matrix comprises a matrix public key and a matrix private key which are respectively used for generating a public key and a private key to form a key pair; and generating any one of a user terminal Key pair, a target terminal identification Key pair or a locked end identification Key pair by using a CPK (Combined Public Key) encryption algorithm. The CPK encryption algorithm may be specifically any one or more of the national secret SM2/SM3/SM4 and AES/DES/ECC/SHA1/SHA256, and is selected as required. The algorithm can realize the production and distribution of the super-large scale identification key, and can meet the requirements of more users by using very small resources; and the method also has the advantages of less storage space requirement, high operation efficiency, large processing energy and the like.
In specific implementation, the offline communication module is a bluetooth module. The Bluetooth module can realize short-distance and low-power-consumption off-line communication and has the advantages of low cost, easy realization and convenient popularization.
In the specific implementation of the virtual key sharing system of this embodiment, the user terminal includes a user terminal public key interaction unit and an authentication information generation unit, the target terminal includes a target terminal public key interaction unit, a target terminal authentication unit, a target terminal session key generation unit and an instruction editing unit, the locked end includes a locked end authentication request information editing unit, a locked end authentication unit, a locked end session key generation unit and an unlocking unit, wherein,
step 100, a public key is interacted between a user terminal public key interaction unit and a target terminal public key interaction unit, and the obtained target terminal public key is sent to an identity verification information generation unit; the public key is interacted between the target terminal public key interaction unit and the user terminal public key interaction unit, and the obtained user terminal public key is sent to the target terminal identity verification request information editing unit;
200, generating target terminal identity verification information and user terminal identity verification information by using a target terminal public key and a user terminal private key by using an identity verification information generating unit, and sending the target terminal identity verification information and the user terminal identity verification information to a target terminal verifying unit;
step 300, the target terminal verification unit is used for verifying the received user terminal identity verification information, and if the verification is passed, the received target terminal identity verification information is sent to the locked terminal verification unit; verifying whether the received identity verification request information of the locked end contains a preset locked end ID and whether the signature of the locked end is correct, and if the identity verification request information of the locked end contains the preset locked end ID and the signature of the locked end is correct, sending a verification result passing the verification to a target terminal session key generation unit; verifying whether the received locked session key contains a preset locked ID and whether the locked signature is correct, and if the received locked session key contains the preset locked ID and the locked signature is correct, sending a verification result passing the verification to an instruction editing unit;
step 400, verifying whether a user terminal private key in the received target terminal identity verification information is the same as a preset user terminal private key by using a locked terminal verification unit, and if so, sending the verified information to a locked terminal identity verification request information editing unit; verifying whether the received target terminal session key contains a preset target terminal ID and whether the target terminal signature is correct, and if the received target terminal session key contains the preset target terminal ID and the target terminal signature is correct, sending the verified information to a locked terminal session key generation unit;
500, generating locked end identity verification request information according to a target terminal public key and a locked end private key by using a locked end identity verification request information editing unit, and sending the locked end identity verification request information to a target terminal verification unit;
step 600, generating a random number by using a target terminal session key generation unit, generating a target terminal session key according to the random number, and sending the target terminal session key to a locked terminal verification unit; generating a random number by using a locked terminal session key generation unit, generating a locked terminal session key according to the random number and sending the locked terminal session key to a target terminal verification unit;
step 700, editing an unlocking instruction according to a target terminal session key by using an instruction editing unit and sending the unlocking instruction to an unlocking unit; and unlocking by using the unlocking unit according to the received unlocking instruction.
The virtual key sharing system and the virtual key sharing method of the embodiment bind the user terminal and the locked end before use, and the user terminal and the target terminal perform public key interaction firstly, so that the user terminal obtains the public keys of the locked end and the target terminal, the locked end obtains the public key of the terminal, and the target terminal obtains the public key of the user terminal, so that the subsequent encryption and verification by using the secret key can be conveniently performed. When the system is used specifically, the user terminal and the target terminal can be mobile terminals held by a user, the locked terminal can be an automobile, the user terminal firstly encrypts own identity verification information by using a target terminal public key, the identity verification information is sent to the target terminal in a private key signature mode, the target terminal verifies by using the public key of the user terminal, the identity information and the user terminal identity are sent to the locked terminal for verification after verification is successful, and the identity information can be verified with the target terminal only when the identity of the user terminal is verified by the locked terminal to be the same as a preset user terminal ID. And offline information transmission is performed between the mobile terminal and the automobile through Bluetooth, such as transmission of authentication information and an unlocking instruction after encryption by using a session key. The terminal can be a computer, a mobile phone and the like, and the locked end can also be a door lock and the like capable of utilizing Bluetooth to perform offline information transmission. The terminal ID may be any one of a mobile phone Number or a mobile phone factory code, and the locked terminal ID may be a Vehicle Identification Number (VIN) of an automobile. The ID may also be other numbers that may be used to identify the terminal and the locked end. The bluetooth module may be provided with a counter for counting when the target terminal and the locked terminal perform offline data transmission, and when a certain number of times, such as 65535, is reached, the authentication and negotiation of the session key is restarted, thereby improving the security and reliability of the system and method.
For simplicity of explanation, the method embodiments are described as a series of acts or combinations, but those skilled in the art will appreciate that the embodiments are not limited by the order of acts described, as some steps may occur in other orders or concurrently with other steps in accordance with the embodiments of the invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.