CN109067549A - Virtual key two-way authentication system and method - Google Patents

Virtual key two-way authentication system and method Download PDF

Info

Publication number
CN109067549A
CN109067549A CN201811106148.8A CN201811106148A CN109067549A CN 109067549 A CN109067549 A CN 109067549A CN 201811106148 A CN201811106148 A CN 201811106148A CN 109067549 A CN109067549 A CN 109067549A
Authority
CN
China
Prior art keywords
lock end
terminal
key
sent
verified
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811106148.8A
Other languages
Chinese (zh)
Other versions
CN109067549B (en
Inventor
罗燕京
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing xinchangcheng Technology Development Co.,Ltd.
Original Assignee
Beijing Ren Letter Card Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Ren Letter Card Technology Co Ltd filed Critical Beijing Ren Letter Card Technology Co Ltd
Priority to CN201811106148.8A priority Critical patent/CN109067549B/en
Publication of CN109067549A publication Critical patent/CN109067549A/en
Application granted granted Critical
Publication of CN109067549B publication Critical patent/CN109067549B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00571Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by interacting with a central unit
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • G07C2009/00412Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks the transmitted data signal being encrypted
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Lock And Its Accessories (AREA)

Abstract

The present invention relates to field of communication technology more particularly to a kind of virtual key two-way authentication system and methods.The system includes terminal, for generating terminal identity checking solicited message, and is sent to and is verified by lock end, if being verified, it then generates terminal session key and is sent to and verified by lock end, if being verified, is sent to using session key editor's unlock instruction by lock end;It by lock end, for generating by lock end authentication request information, and is sent to terminal and is verified, if being verified, generation is sent to terminal by lock end session key and is verified, if being verified, is unlocked according to the unlock instruction that terminal is sent;Offline communications module, for terminal and by the transmission of information between lock end.The present invention does not need third-party on-line authentication in unlock, but terminal and the interaction that information is directly carried out by lock end, reduces whole system and method to the sensibility of network, improves the safety and reliability in use process.

Description

Virtual key two-way authentication system and method
Technical field
The present invention relates to field of communication technology more particularly to a kind of virtual key two-way authentication system and methods.
Background technique
Internet of Things is considered as the third time revolution that IT industry develops after computer, internet by people, general Make it possible all things on earth interconnection in the network characteristic of change.Smart home, car networking, artificial intelligence everything behind just It is that Internet of Things is accelerating landing, fast-ripenin, the arrival of the internet of things era is unquestionable.The basis of Internet of Things and core are still It is so internet, is extension and expansion based on the internet, and cloud computing, mobile Internet, intelligent terminal etc. then exist The architectural framework of help Internet of Things becomes more to enrich full.Internet of Things has become our times new round economy and development in science and technology One of strategic high ground, develop Internet of Things and have important practical significance for promoting economic development with social progress.However, Just because of internet of things for the natural inheritance of internet, so that all kinds of malicious attacks initiated for internet start Internet of things field is spread to.
By taking car networking as an example, car networking is core application of the Internet of Things in intelligent transportation field, and car networking project is intelligence The important component of traffic system.Car networking be by the sensing equipment, mobile unit and communication module being installed on vehicle, Using mobile communication technology, auto-navigation system, intelligent terminal and information network platform etc., realize the road Che Yu, Che Yuche, Vehicle is connect with the overall network of people and vehicle and application platform, and is analyzed by business platform information, handled and dug More abundant, comfortable, safe and efficient vehicle operation and integrated information service are realized in pick.
As the acceleration of mobile Internet and car networking technology is universal, bluetooth is led to offline as a kind of short distance, low-power consumption Letter technology, has at low cost, realizes and is easy, the characteristics of convenient for promoting, the life of the combination of Bluetooth technology and automotive engineering to automobile Production, use, service band carry out bigger convenience, and Bluetooth technology has very big in the efficiency of communication and low-power consumption, security fields Progress.
The one kind of bluetooth key as virtual key will become the standard configuration of next-generation automobile.Virtual key can also be with It is called digital key, mainly utilizes near-field communication technology, user is allowed to pass through smart phone or wearable smart machine Unlocking, locking etc. to carry out car door, door etc. operate.Digital key in addition to bigger convenience can be brought to user, The digitized essence of body is but also digital key becomes the infrastructure of many new car networking application and service, such as automobile is total to It enjoys, timesharing lease, business of hiring a car is delivered to boot etc. fastly.Current many automakers are constructing digital key solution When there is no adequately it is considered that bluetooth key is a very important service in fact.And how to ensure this and service Safety, then need automaker just to pass through the different use-cases under structured walk-through scene in the initial design phase, analyze Specific demand for security, to select suitable technology and standard to construct safe digital key system.There are also critically important Any is that the life cycle of bluetooth key service is longer (5~10 years), if bluetooth will also be determined by having complete updating ability Safety of the key service in whole life cycle.
The technical solution of the virtual key of current research be based primarily upon PKI (Pub l i c Key I nfrastructure, Public Key Infrastructure) technical system design, this design needs by the way that under the conditions of online, mobile terminal is obtained by lock end such as automobile Digital certificate, automobile obtain mobile terminal digital certificate, realize mobile terminal and vehicle two-way authentication, then conversate close Key negotiation, the interaction of operation system.Virtual key in the prior art, which has the disadvantage in that, needs the online friendship for carrying out certificate It changes, it is higher to the sensibility of network;It is higher to CA system (certificate center) server requirement;It will appear man-in-the-middle attack, verify Book is kidnapped;With the increase of number of users, construction and operating cost are high, system complex.
Therefore, it is badly in need of a kind of can unlock offline and highly-safe virtual key two-way authentication system and method.
Summary of the invention
The present invention provides a kind of virtual key two-way authentication system and methods, to solve to make online in the prior art With the low problem of virtual key, safety.
One aspect of the present invention provides a kind of virtual key two-way authentication system, comprising:
Terminal, for generating terminal identity checking request letter according to by lock end public key and the terminal secret key of terminal key centering Breath, and is sent to and is verified by lock end, if being verified, generates terminal session key and is sent to and verified by lock end, If being verified, it is sent to using session key editor's unlock instruction by lock end;
By lock end, for according to terminal public key and being generated by lock end authentication by lock end private key by lock end cipher key pair Solicited message, and be sent to terminal and verified, if being verified, generation is sent to terminal by lock end session key and is tested Card unlocks if being verified according to the unlock instruction that terminal is sent;
Offline communications module, for terminal and by the transmission of information between lock end.
Further, further include key management apparatus, for generating terminal iidentification key pair according to Termination ID, and be sent to Terminal;It is also used to generate according to by lock end ID by lock end tagged keys pair, and is sent to by lock end;
Terminal, is also used to carry out received terminal iidentification key pair with the key pair that itself generates compound, obtains terminal Key pair;
It by lock end, is also used to be carried out received by lock end tagged keys pair with the key pair that itself generates compound, obtains By lock end key pair.
Further, key management apparatus presets matrix by Termination ID or by any substitution in lock end ID, utilizes CPK Encryption Algorithm generates terminal iidentification key pair or by any of lock end tagged keys centering.
Further, offline communications module is bluetooth module.
Further, terminal includes that terminal identity checking solicited message edit cell, terminal authentication unit, terminal session are close Key generation unit and instruction edit cell, include verifying by lock end authentication request information compiling unit, by lock end by lock end Unit, by lock end session key generation unit and unlocking unit, wherein
Terminal identity checking solicited message edit cell, for according to private by lock end public key and the terminal of terminal key centering Key generates terminal identity checking solicited message, and is sent to by lock end authentication unit;
By lock end authentication unit, whether contain for being verified in received terminal identity checking solicited message according to terminal public key There are preset Termination ID and terminal signature whether correct, if errorless containing preset Termination ID and terminal signature, will test The information passed through is demonstrate,proved to be sent to by lock end authentication request information compiling unit;It is also used to verify received terminal session key In it is whether correct containing preset Termination ID and terminal signature, if signing nothing containing preset Termination ID and terminal Accidentally, then the information being verified is sent to by lock end session key generation unit;
By lock end authentication request information compiling unit, for according to terminal public key and being locked by lock end cipher key pair It holds private key to generate by lock end authentication request information, and is sent to terminal authentication unit;
Terminal authentication unit, for according to by lock end public key verifications it is received by lock end authentication request information whether Containing preset by lock end ID, and it is whether correct by lock end signature, if signing containing preset by lock end ID, and by lock end It is errorless, then the verification result being verified is sent to terminal session Key generating unit;It is also used to verify received by lock end Whether containing preset by lock end ID in session key, and signed by lock end it is whether correct, if containing preset by lock end ID, And signed by lock end errorless, then the verification result being verified is sent to instruction edit cell;
Terminal session Key generating unit is sent for generating random number, and according to generating random number terminal session key To by lock end authentication unit;
By lock end session key generation unit, for generating random number, and according to generating random number by lock end session key It is sent to by terminal authentication unit;
Edit cell is instructed, for being sent to unlocking unit according to terminal session key editor's unlock instruction;
Unlocking unit is unlocked for unlock instruction based on the received.
The second aspect of the invention provides a kind of based on the virtual key two-way authentication system realization described among the above Virtual key mutual authentication method, comprising the following steps:
Terminal identity checking request letter is generated according to by lock end public key and the terminal secret key of terminal key centering using terminal Breath, and is sent to and is verified by lock end, if being verified, generates terminal session key and is sent to and verified by lock end, If being verified, it is sent to using session key editor's unlock instruction by lock end;
It is generated by lock end private key by lock end authentication using by lock end according to terminal public key and by lock end cipher key pair Solicited message, and be sent to terminal and verified, if being verified, generation is sent to terminal by lock end session key and is tested Card unlocks if being verified according to the unlock instruction that terminal is sent;
Terminal is carried out using offline communications module and by the transmission of information between lock end.
Further, further comprising the steps of:
Terminal iidentification key pair is generated according to Termination ID using key management apparatus, and is sent to terminal;It is also used to basis It is generated by lock end ID by lock end tagged keys pair, and is sent to by lock end;
Received terminal iidentification key pair carried out using terminal compound with the key pair that itself generates, obtains terminal key It is right;
Using being carried out with the key pair that itself generates by lock end tagged keys pair compound by received by lock end, obtain being locked Hold key pair.
Further, key management apparatus presets matrix by Termination ID or by any substitution in lock end ID, utilizes CPK Encryption Algorithm generates terminal iidentification key pair or by any of lock end tagged keys centering.
Further, offline communications module is bluetooth module.
Further, terminal includes that terminal identity checking solicited message edit cell, terminal authentication unit, terminal session are close Key generation unit and instruction edit cell, include verifying by lock end authentication request information compiling unit, by lock end by lock end Unit, by lock end session key generation unit and unlocking unit, wherein
Using terminal identity checking solicited message edit cell according to private by lock end public key and the terminal of terminal key centering Key generates terminal identity checking solicited message, and is sent to by lock end authentication unit;
Whether contained using being verified in received terminal identity checking solicited message by lock end authentication unit according to terminal public key There are preset Termination ID and terminal signature whether correct, if errorless containing preset Termination ID and terminal signature, will test The information passed through is demonstrate,proved to be sent to by lock end authentication request information compiling unit;Verify in received terminal session key whether It is whether correct containing preset Termination ID and terminal signature, it, will if errorless containing preset Termination ID and terminal signature The information being verified is sent to by lock end session key generation unit;
Using by lock end authentication request information compiling unit according to terminal public key and being locked by lock end cipher key pair It holds private key to generate by lock end authentication request information, and is sent to terminal authentication unit;
Using terminal authentication unit according to by lock end public key verifications it is received by lock end authentication request information whether Containing preset by lock end ID, and it is whether correct by lock end signature, if signing containing preset by lock end ID, and by lock end It is errorless, then the verification result being verified is sent to terminal session Key generating unit;It verifies received close by lock end session Whether containing preset by lock end ID in key, and signed by lock end it is whether correct, if containing preset by lock end ID, and by Lock end signature is errorless, then the verification result being verified is sent to instruction edit cell;
Random number is generated using terminal session Key generating unit, and is sent to according to generating random number terminal session key By lock end authentication unit;
Random number is generated using by lock end session key generation unit, and is sent out according to generating random number by lock end session key It send to by terminal authentication unit;
Unlocking unit is sent to according to terminal session key editor's unlock instruction using instruction edit cell;
Using unlocking unit, unlock instruction is unlocked based on the received.
Virtual key two-way authentication system provided by the invention and method have following progress compared with prior art:
(1) terminal and by lock end when carrying out information transmission, do not need third-party on-line authentication, but terminal and locked End directly carries out information transmission, reduces interactive step, interaction data amount and operand, passes through double verifying, it is ensured that unlock Safety;Terminal is carried out using offline communications module simultaneously and by the transmission of information between lock end, reduces whole system and side Method improves the safety and reliability in use process to the sensibility of network.
(2) tagged keys for generating key management apparatus to and the key pair that itself generates carry out it is compound, using final Obtained key pair carries out the transmission of data, enhances data transmission and privacy and safety using the unlock of virtual key.
The above description is only an overview of the technical scheme of the present invention, in order to better understand the technical means of the present invention, And it can be implemented in accordance with the contents of the specification, and in order to allow above and other objects of the present invention, feature and advantage can It is clearer and more comprehensible, the followings are specific embodiments of the present invention.
Detailed description of the invention
By reading the following detailed description of the preferred embodiment, various other advantages and benefits are common for this field Technical staff will become clear.The drawings are only for the purpose of illustrating a preferred embodiment, and is not considered as to the present invention Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 is that the device of virtual key two-way authentication system in the embodiment of the present invention connects block diagram;
The step of Fig. 2 is virtual key mutual authentication method in the embodiment of the present invention is schemed.
Specific embodiment
Exemplary embodiments of the present disclosure are described in more detail below with reference to accompanying drawings.Although showing the disclosure in attached drawing Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure It is fully disclosed to those skilled in the art.
Those skilled in the art of the present technique are appreciated that unless otherwise defined, all terms used herein (including technology art Language and scientific term), there is meaning identical with the general understanding of those of ordinary skill in fields of the present invention.Should also Understand, those terms such as defined in the general dictionary, it should be understood that have in the context of the prior art The consistent meaning of meaning, and unless otherwise will not be explained in an idealized or overly formal meaning by specific definitions.
Present embodiments provide a kind of virtual key two-way authentication system and method.
Such as Fig. 1, the virtual key two-way authentication system of the present embodiment, comprising:
Terminal, for generating terminal identity checking request letter according to by lock end public key and the terminal secret key of terminal key centering Breath, and is sent to and is verified by lock end, if being verified, generates terminal session key and is sent to and verified by lock end, If being verified, it is sent to using session key editor's unlock instruction by lock end;
By lock end, for according to terminal public key and being generated by lock end authentication by lock end private key by lock end cipher key pair Solicited message, and be sent to terminal and verified, if being verified, generation is sent to terminal by lock end session key and is tested Card unlocks if being verified according to the unlock instruction that terminal is sent;
Offline communications module, for terminal and by the transmission of information between lock end.
In the virtual key two-way authentication system of the present embodiment, terminal and by lock end when carrying out information transmission, do not need Third-party on-line authentication, but terminal and information transmission is directly carried out by lock end, reduce interactive step, interaction data amount and Operand passes through double verifying, it is ensured that the safety of unlock;Simultaneously using offline communications module progress terminal and by between lock end The transmission of information reduces whole system and method to the sensibility of network, improves safety in use process and reliable Property.
If the virtual key two-way authentication system of Fig. 1, the present embodiment further include key management apparatus, for according to Termination ID Terminal iidentification key pair is generated, and is sent to terminal;It is also used to generate according to by lock end ID by lock end tagged keys pair, and sends To by lock end;
Terminal, is also used to carry out received terminal iidentification key pair with the key pair that itself generates compound, obtains terminal Key pair;
It by lock end, is also used to be carried out received by lock end tagged keys pair with the key pair that itself generates compound, obtains By lock end key pair.
The tagged keys that key management apparatus is generated to and the key pair that itself generates carry out it is compound, using finally obtaining Key pair carry out data transmission, enhance data transmission and using virtual key unlock privacy and safety.
When it is implemented, key management apparatus presets matrix by Termination ID or by any substitution in lock end ID, this is pre- If matrix includes matrix public key and matrix private key, it is respectively used to generate public key and private key, forms key pair;Utilize CPK (Combined Public Key, Conbined public or double key) Encryption Algorithm generates terminal iidentification key pair or by lock end tagged keys pair In any.CPK Encryption Algorithm specifically can be in state close SM2/SM3/SM4 and AES/DES/ECC/SHA1/SHA256 It is any one or more, it is selected as needed.The production and distribution of ultra-large tagged keys may be implemented using these algorithms, With the resource of very little, it can satisfy the needs of more users;Also with memory space need less, operational efficiency is high, processing energy Measure the advantages that big.
When it is implemented, offline communications module is bluetooth module.Bluetooth module can be realized short distance, low-power consumption it is offline Communication has the advantages that at low cost, realization is easy, convenient for popularization.
Such as Fig. 1, in the specific implementation, terminal includes terminal identity verifying to the virtual key two-way authentication system of the present embodiment Solicited message edit cell, terminal authentication unit, terminal session Key generating unit and instruction edit cell, include quilt by lock end Lock end authentication request information compiling unit, by lock end authentication unit, by lock end session key generation unit and unlocking unit, Wherein,
Terminal identity checking solicited message edit cell, for according to private by lock end public key and the terminal of terminal key centering Key generates terminal identity checking solicited message, and is sent to by lock end authentication unit;
By lock end authentication unit, whether contain for being verified in received terminal identity checking solicited message according to terminal public key There are preset Termination ID and terminal signature whether correct, if errorless containing preset Termination ID and terminal signature, will test The information passed through is demonstrate,proved to be sent to by lock end authentication request information compiling unit;It is also used to verify received terminal session key In it is whether correct containing preset Termination ID and terminal signature, if signing nothing containing preset Termination ID and terminal Accidentally, then the information being verified is sent to by lock end session key generation unit;
By lock end authentication request information compiling unit, for according to terminal public key and being locked by lock end cipher key pair It holds private key to generate by lock end authentication request information, and is sent to terminal authentication unit;
Terminal authentication unit, for according to by lock end public key verifications it is received by lock end authentication request information whether Containing preset by lock end ID, and it is whether correct by lock end signature, if signing containing preset by lock end ID, and by lock end It is errorless, then the verification result being verified is sent to terminal session Key generating unit;It is also used to verify received by lock end Whether containing preset by lock end ID in session key, and signed by lock end it is whether correct, if containing preset by lock end ID, And signed by lock end errorless, then the verification result being verified is sent to instruction edit cell;
Terminal session Key generating unit is sent for generating random number, and according to generating random number terminal session key To by lock end authentication unit;
By lock end session key generation unit, for generating random number, and according to generating random number by lock end session key It is sent to by terminal authentication unit;
Edit cell is instructed, for being sent to unlocking unit according to terminal session key editor's unlock instruction;
Unlocking unit is unlocked for unlock instruction based on the received.
Wherein, terminal identity checking solicited message edit cell, terminal authentication unit, terminal session Key generating unit, Instruction edit cell is generated by lock end authentication request information compiling unit, by lock end authentication unit, by lock end session key Unit, unlocking unit are electrically connected with offline communications module, with the purpose realized terminal with transmitted information offline by lock end.
Such as Fig. 2, the present embodiment additionally provides a kind of virtual key mutual authentication method, comprising the following steps:
Terminal identity checking request letter is generated according to by lock end public key and the terminal secret key of terminal key centering using terminal Breath, and is sent to and is verified by lock end, if being verified, generates terminal session key and is sent to and verified by lock end, If being verified, it is sent to using session key editor's unlock instruction by lock end;
It is generated by lock end private key by lock end authentication using by lock end according to terminal public key and by lock end cipher key pair Solicited message, and be sent to terminal and verified, if being verified, generation is sent to terminal by lock end session key and is tested Card unlocks if being verified according to the unlock instruction that terminal is sent;
Terminal is carried out using offline communications module and by the transmission of information between lock end.
In the virtual key mutual authentication method of the present embodiment, terminal and by lock end when carrying out information transmission, do not need Third-party on-line authentication, but terminal and information transmission is directly carried out by lock end, reduce interactive step, interaction data amount and Operand passes through double verifying, it is ensured that the safety of unlock;Simultaneously using offline communications module progress terminal and by between lock end The transmission of information reduces entire method to the sensibility of network, improves the safety and reliability in use process.
Virtual key mutual authentication method such as Fig. 2, the present embodiment is further comprising the steps of:
Step 100 generates terminal iidentification key pair according to Termination ID using key management apparatus, and is sent to terminal;Also For generating according to by lock end ID by lock end tagged keys pair, and it is sent to by lock end;Using terminal by received terminal iidentification Key pair and the key pair progress itself generated are compound, obtain terminal key pair;It is identified received by lock end using by lock end Key pair and the key pair progress itself generated are compound, obtain by lock end key pair.
When it is implemented, key management apparatus presets matrix by Termination ID or by any substitution in lock end ID, this is pre- If matrix includes matrix public key and matrix private key, it is respectively used to generate public key and private key, forms key pair;It is encrypted and is calculated using CPK Method generates terminal iidentification key pair or by any of lock end tagged keys centering.It is close that CPK Encryption Algorithm specifically can be state It is any one or more in SM2/SM3/SM4 and AES/DES/ECC/SHA1/SHA256, it is selected as needed.Utilize this The production and distribution that ultra-large tagged keys may be implemented in a little algorithms can satisfy the need of more users with the resource of very little It wants;Also have many advantages, such as that memory space needs less, operational efficiency is high, processing energy is big.
When it is implemented, offline communications module is bluetooth module.Bluetooth module can be realized short distance, low-power consumption it is offline Communication has the advantages that at low cost, realization is easy, convenient for popularization.
Such as Fig. 2, in the specific implementation, terminal includes terminal identity verifying to the virtual key mutual authentication method of the present embodiment Solicited message edit cell, terminal authentication unit, terminal session Key generating unit and instruction edit cell, include quilt by lock end Lock end authentication request information compiling unit, by lock end authentication unit, by lock end session key generation unit and unlocking unit, Wherein,
Step 200, using terminal identity checking solicited message edit cell according to by lock end public key and terminal key centering Terminal secret key generate terminal identity checking solicited message, and be sent to by lock end authentication unit;
Step 300 verifies received terminal identity checking solicited message according to terminal public key using by lock end authentication unit In it is whether correct containing preset Termination ID and terminal signature, if signing nothing containing preset Termination ID and terminal Accidentally, then the information being verified is sent to by lock end authentication request information compiling unit;Verify received terminal session It is whether correct containing preset Termination ID and terminal signature in key, if containing preset Termination ID and terminal label Name is errorless, then the information being verified is sent to by lock end session key generation unit;
Step 400, using by lock end authentication request information compiling unit according to terminal public key and by lock end key pair In generated by lock end private key by lock end authentication request information, and be sent to terminal authentication unit;
Step 500 is believed according to by lock end public key verifications are received by lock end authentication request using terminal authentication unit Whether containing preset by lock end ID in breath, and signed by lock end it is whether correct, if containing preset by lock end ID, and by Lock end signature is errorless, then the verification result being verified is sent to terminal session Key generating unit;Verify received locked Hold whether containing preset by lock end ID in session key, and signed by lock end it is whether correct, if containing preset by lock end ID, and signed by lock end errorless, then the verification result being verified is sent to instruction edit cell;
Step 600 generates random number using terminal session Key generating unit, and close according to generating random number terminal session Key is sent to by lock end authentication unit;
Step 700 generates random number using by lock end session key generation unit, and according to generating random number by lock end meeting Words key is sent to by terminal authentication unit;
Step 800 is sent to unlocking unit according to terminal session key editor's unlock instruction using instruction edit cell;Benefit With unlocking unit, unlock instruction is unlocked based on the received.
The virtual key two-way authentication system and method for the present embodiment by terminal and by lock end before use, first tie up It is fixed, it obtains terminal by the public key of lock end, the public key of terminal is obtained by lock end, encrypted and tested using key in order to subsequent Card.It terminal and is received and is disappeared with the private key signature of oneself with the public key encryption of other side in the transmission process of information by lock end Whether first to verify in message after breath has with whether the signature in the ID of preset other side and message is correct.Specifically used When, terminal specifically can be the mobile terminal that user holds, and specifically can be automobile by lock end, lead between mobile terminal and automobile It crosses bluetooth and carries out offline information transmission, the biography of encrypted unlock instruction is carried out such as authentication information, using session key It is defeated etc..Terminal can be computer, mobile phone etc., is also possible to that the door lock of information off-line transmission can be carried out using bluetooth by lock end Deng.Termination ID can be any in cell-phone number or mobile phone factory code, can be the VIN code (Vehicle of automobile by lock end ID Identification Number, vehicle identification code).ID, which is also possible to other, can be used to identification terminal and its by lock end His number.Counter can be set in bluetooth module, carry out carrying out when offline data transmission by terminal and by lock end based on Number when reaching certain number such as 65535, restarts verifying and consult session key, improve the safeties of system and method with Reliability.
For embodiment of the method, for simple description, therefore, it is stated as a series of action combinations, but this field Technical staff should be aware of, and embodiment of that present invention are not limited by the describe sequence of actions, because implementing according to the present invention Example, some steps may be performed in other sequences or simultaneously.Secondly, those skilled in the art should also know that, specification Described in embodiment belong to preferred embodiment, the actions involved are not necessarily necessary for embodiments of the present invention.
Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although Present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: it still may be used To modify the technical solutions described in the foregoing embodiments or equivalent replacement of some of the technical features; And these are modified or replaceed, technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution spirit and Range.

Claims (10)

1. a kind of virtual key two-way authentication system characterized by comprising
Terminal, for generating terminal identity checking solicited message according to by lock end public key and the terminal secret key of terminal key centering, And be sent to and verified by lock end, if being verified, generates terminal session key and be sent to and verified by lock end, if testing Card passes through, then is sent to using session key editor's unlock instruction by lock end;
By lock end, for according to terminal public key and being generated by lock end authentication request by lock end private key by lock end cipher key pair Information, and be sent to terminal and verified, if being verified, generation is sent to terminal by lock end session key and is verified, If being verified, unlocked according to the unlock instruction that terminal is sent;
Offline communications module, for terminal and by the transmission of information between lock end.
2. virtual key two-way authentication system according to claim 1, which is characterized in that it further include key management apparatus, For generating terminal iidentification key pair according to Termination ID, and it is sent to terminal;It is also used to generate according to by lock end ID by lock end mark Know key pair, and is sent to by lock end;
Terminal, is also used to carry out received terminal iidentification key pair with the key pair that itself generates compound, obtains terminal key It is right;
It by lock end, is also used to be carried out received by lock end tagged keys pair with the key pair that itself generates compound, obtains being locked Hold key pair.
3. virtual key two-way authentication system according to claim 2, which is characterized in that key management apparatus is by Termination ID Perhaps matrix is preset using CPK Encryption Algorithm generation terminal iidentification key pair or by lock end by any substitution in lock end ID Any of tagged keys centering.
4. virtual key two-way authentication system according to claim 3, which is characterized in that offline communications module is bluetooth mould Block.
5. virtual key two-way authentication system according to claim 4, which is characterized in that terminal includes terminal identity verifying Solicited message edit cell, terminal authentication unit, terminal session Key generating unit and instruction edit cell, include quilt by lock end Lock end authentication request information compiling unit, by lock end authentication unit, by lock end session key generation unit and unlocking unit, Wherein,
Terminal identity checking solicited message edit cell, for according to raw by lock end public key and the terminal secret key of terminal key centering At terminal identity checking solicited message, and it is sent to by lock end authentication unit;
By lock end authentication unit, for whether being verified in received terminal identity checking solicited message according to terminal public key containing pre- If Termination ID and terminal signature it is whether correct, it is if errorless containing preset Termination ID and terminal signature, verifying is logical The information crossed is sent to by lock end authentication request information compiling unit;Being also used to verify in received terminal session key is It is no whether correct containing preset Termination ID and terminal signature, if errorless containing preset Termination ID and terminal signature, The information being verified is sent to by lock end session key generation unit;
By lock end authentication request information compiling unit, for according to terminal public key and by the private by lock end of lock end cipher key pair Key is generated by lock end authentication request information, and is sent to terminal authentication unit;
Terminal authentication unit, for whether being contained in lock end authentication request information according to by lock end public key verifications are received It is preset by lock end ID, and signed by lock end it is whether correct, if signing nothing containing preset by lock end ID, and by lock end Accidentally, then the verification result being verified is sent to terminal session Key generating unit;It is also used to verify received by lock end meeting Talk about whether containing preset by lock end ID in key, and signed by lock end it is whether correct, if containing preset by lock end ID, with And signed by lock end errorless, then the verification result being verified is sent to instruction edit cell;
Terminal session Key generating unit, for generating random number, and according to generating random number terminal session key be sent to by Lock end authentication unit;
By lock end session key generation unit, sent for generating random number, and according to generating random number by lock end session key To by terminal authentication unit;
Edit cell is instructed, for being sent to unlocking unit according to terminal session key editor's unlock instruction;
Unlocking unit is unlocked for unlock instruction based on the received.
6. a kind of virtual key mutual authentication method realized based on virtual key two-way authentication system described in claim 1, Characterized by comprising the following steps:
Terminal identity checking solicited message is generated according to by lock end public key and the terminal secret key of terminal key centering using terminal, and It is sent to and is verified by lock end, if being verified, generate terminal session key and be sent to and verified by lock end, if verifying Pass through, is then sent to using session key editor's unlock instruction by lock end;
It is generated by lock end private key by lock end authentication request using by lock end according to terminal public key and by lock end cipher key pair Information, and be sent to terminal and verified, if being verified, generation is sent to terminal by lock end session key and is verified, If being verified, unlocked according to the unlock instruction that terminal is sent;
Terminal is carried out using offline communications module and by the transmission of information between lock end.
7. virtual key mutual authentication method according to claim 6, which is characterized in that further comprising the steps of:
Terminal iidentification key pair is generated according to Termination ID using key management apparatus, and is sent to terminal;It is also used to according to being locked It holds ID to generate by lock end tagged keys pair, and is sent to by lock end;
Received terminal iidentification key pair carried out using terminal compound with the key pair that itself generates, obtains terminal key pair;
Using being carried out with the key pair that itself generates by lock end tagged keys pair compound by received by lock end, obtain close by lock end Key pair.
8. virtual key mutual authentication method according to claim 7, which is characterized in that key management apparatus is by Termination ID Perhaps matrix is preset using CPK Encryption Algorithm generation terminal iidentification key pair or by lock end by any substitution in lock end ID Any of tagged keys centering.
9. virtual key mutual authentication method according to claim 8, which is characterized in that offline communications module is bluetooth mould Block.
10. virtual key mutual authentication method according to claim 9, which is characterized in that terminal includes that terminal identity is tested Solicited message edit cell, terminal authentication unit, terminal session Key generating unit and instruction edit cell are demonstrate,proved, includes by lock end By lock end authentication request information compiling unit, by lock end authentication unit, single by lock end session key generation unit and unlock Member, wherein
Using terminal identity checking solicited message edit cell according to raw by lock end public key and the terminal secret key of terminal key centering At terminal identity checking solicited message, and it is sent to by lock end authentication unit;
It whether is verified in received terminal identity checking solicited message according to terminal public key containing pre- using by lock end authentication unit If Termination ID and terminal signature it is whether correct, it is if errorless containing preset Termination ID and terminal signature, verifying is logical The information crossed is sent to by lock end authentication request information compiling unit;It verifies and whether contains in received terminal session key Whether preset Termination ID and terminal signature are correct, will verifying if errorless containing preset Termination ID and terminal signature By information be sent to by lock end session key generation unit;
Using by lock end authentication request information compiling unit according to terminal public key and by lock end cipher key pair by lock end private Key is generated by lock end authentication request information, and is sent to terminal authentication unit;
Whether contained in lock end authentication request information using terminal authentication unit according to by lock end public key verifications are received It is preset by lock end ID, and signed by lock end it is whether correct, if signing nothing containing preset by lock end ID, and by lock end Accidentally, then the verification result being verified is sent to terminal session Key generating unit;It verifies received by lock end session key In whether containing preset by lock end ID, and signed by lock end it is whether correct, and if being locked containing preset by lock end ID End signature is errorless, then the verification result being verified is sent to instruction edit cell;
Random number is generated using terminal session Key generating unit, and is sent to and is locked according to generating random number terminal session key Hold authentication unit;
Random number is generated using by lock end session key generation unit, and is sent to according to generating random number by lock end session key By terminal authentication unit;
Unlocking unit is sent to according to terminal session key editor's unlock instruction using instruction edit cell;
Using unlocking unit, unlock instruction is unlocked based on the received.
CN201811106148.8A 2018-09-21 2018-09-21 Virtual key bidirectional authentication system and method Active CN109067549B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811106148.8A CN109067549B (en) 2018-09-21 2018-09-21 Virtual key bidirectional authentication system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811106148.8A CN109067549B (en) 2018-09-21 2018-09-21 Virtual key bidirectional authentication system and method

Publications (2)

Publication Number Publication Date
CN109067549A true CN109067549A (en) 2018-12-21
CN109067549B CN109067549B (en) 2021-11-12

Family

ID=64762416

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811106148.8A Active CN109067549B (en) 2018-09-21 2018-09-21 Virtual key bidirectional authentication system and method

Country Status (1)

Country Link
CN (1) CN109067549B (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109787769A (en) * 2018-12-25 2019-05-21 深圳市安信认证系统有限公司 Offline authentication method, user terminal and the device end of internet of things equipment
CN109819049A (en) * 2019-02-28 2019-05-28 钛马信息网络技术有限公司 The method, system and device of long-range control vehicle
CN110091829A (en) * 2019-05-16 2019-08-06 广州小鹏汽车科技有限公司 A kind of control method and device of car key
CN110136306A (en) * 2019-05-16 2019-08-16 广州小鹏汽车科技有限公司 Vehicle key control method and system
CN110167021A (en) * 2019-04-29 2019-08-23 江苏大学 A kind of Vehicular virtual key is realized and communication means
CN110177354A (en) * 2019-06-21 2019-08-27 湖北亿咖通科技有限公司 A kind of wireless control method and system of vehicle
CN111405537A (en) * 2020-03-23 2020-07-10 杭州涂鸦信息技术有限公司 Bidirectional security authentication method based on ble connection, system and equipment thereof
WO2020199391A1 (en) * 2019-03-29 2020-10-08 广州小鹏汽车科技有限公司 Vehicle unlocking authentication method and apparatus based on terminal device
CN112396735A (en) * 2020-11-27 2021-02-23 昕培科技(北京)有限公司 Internet automobile digital key safety authentication method and device
WO2021259015A1 (en) * 2020-06-24 2021-12-30 广州汽车集团股份有限公司 Method for connecting bluetooth key to vehicle, vehicle bluetooth system, and bluetooth key
US11433853B2 (en) 2019-03-29 2022-09-06 Guangzhou Xiaopeng Motors Technology Co., Ltd. Vehicle unlocking authentication method and apparatus based on terminal device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105539364A (en) * 2015-12-23 2016-05-04 奇瑞汽车股份有限公司 Vehicle control method and system
WO2016156681A1 (en) * 2015-04-01 2016-10-06 Valeo Comfort And Driving Assistance Method for loading a virtual key and associated user terminal
CN107563831A (en) * 2017-07-21 2018-01-09 重庆无线绿洲通信技术有限公司 Return the car processing and control method, car-mounted terminal, user terminal, platform of hiring a car
CN108122311A (en) * 2017-11-30 2018-06-05 北京九五智驾信息技术股份有限公司 Vehicle virtual key realization method and system
CN108206996A (en) * 2017-12-08 2018-06-26 中兴通讯股份有限公司 Auth method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016156681A1 (en) * 2015-04-01 2016-10-06 Valeo Comfort And Driving Assistance Method for loading a virtual key and associated user terminal
CN105539364A (en) * 2015-12-23 2016-05-04 奇瑞汽车股份有限公司 Vehicle control method and system
CN107563831A (en) * 2017-07-21 2018-01-09 重庆无线绿洲通信技术有限公司 Return the car processing and control method, car-mounted terminal, user terminal, platform of hiring a car
CN108122311A (en) * 2017-11-30 2018-06-05 北京九五智驾信息技术股份有限公司 Vehicle virtual key realization method and system
CN108206996A (en) * 2017-12-08 2018-06-26 中兴通讯股份有限公司 Auth method and device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
杨春颖: "《车联网身份认证技术的研究与实现》", 《中国优秀硕士学位论文全文数据库》 *

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109787769A (en) * 2018-12-25 2019-05-21 深圳市安信认证系统有限公司 Offline authentication method, user terminal and the device end of internet of things equipment
CN109819049A (en) * 2019-02-28 2019-05-28 钛马信息网络技术有限公司 The method, system and device of long-range control vehicle
CN109819049B (en) * 2019-02-28 2021-12-14 钛马信息网络技术有限公司 Method, system and device for remotely controlling vehicle
WO2020199391A1 (en) * 2019-03-29 2020-10-08 广州小鹏汽车科技有限公司 Vehicle unlocking authentication method and apparatus based on terminal device
US11433853B2 (en) 2019-03-29 2022-09-06 Guangzhou Xiaopeng Motors Technology Co., Ltd. Vehicle unlocking authentication method and apparatus based on terminal device
EP3806384A4 (en) * 2019-03-29 2022-01-19 Guangzhou Chengxing Zhidong Motors Technology Co., Ltd. Vehicle unlocking authentication method and apparatus based on terminal device
CN110167021A (en) * 2019-04-29 2019-08-23 江苏大学 A kind of Vehicular virtual key is realized and communication means
CN110136306A (en) * 2019-05-16 2019-08-16 广州小鹏汽车科技有限公司 Vehicle key control method and system
CN110091829A (en) * 2019-05-16 2019-08-06 广州小鹏汽车科技有限公司 A kind of control method and device of car key
CN110177354B (en) * 2019-06-21 2022-01-07 湖北亿咖通科技有限公司 Wireless control method and system for vehicle
CN110177354A (en) * 2019-06-21 2019-08-27 湖北亿咖通科技有限公司 A kind of wireless control method and system of vehicle
CN111405537A (en) * 2020-03-23 2020-07-10 杭州涂鸦信息技术有限公司 Bidirectional security authentication method based on ble connection, system and equipment thereof
WO2021259015A1 (en) * 2020-06-24 2021-12-30 广州汽车集团股份有限公司 Method for connecting bluetooth key to vehicle, vehicle bluetooth system, and bluetooth key
US12005861B2 (en) 2020-06-24 2024-06-11 Guangzhou Automobile Group Co., Ltd. Method for connecting bluetooth key to vehicle, vehicle bluetooth system, and bluetooth key
CN112396735A (en) * 2020-11-27 2021-02-23 昕培科技(北京)有限公司 Internet automobile digital key safety authentication method and device

Also Published As

Publication number Publication date
CN109067549B (en) 2021-11-12

Similar Documents

Publication Publication Date Title
CN109067549A (en) Virtual key two-way authentication system and method
CN109067548A (en) Virtual key share system and method
CN110336774B (en) Mixed encryption and decryption method, equipment and system
CN101300808B (en) Method and arrangement for secure autentication
CN110290525A (en) A kind of sharing method and system, mobile terminal of vehicle number key
CN109005538B (en) Message authentication method between unmanned vehicle and multi-mobile-edge computing server
CN111435913B (en) Identity authentication method and device for terminal of Internet of things and storage medium
CN109039628A (en) Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system
CN109040149A (en) Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system
CN110381075B (en) Block chain-based equipment identity authentication method and device
CN107493165B (en) Internet of vehicles authentication and key agreement method with strong anonymity
CN109361508A (en) Data transmission method, electronic equipment and computer readable storage medium
CN105450623B (en) A kind of access authentication method of electric car
CN102281143B (en) Remote unlocking system of intelligent card
CN113965328B (en) Authority transfer method and system for digital key offline condition of trusted execution environment
CN112165382A (en) Software authorization method and device, authorization server and terminal equipment
CN102546172A (en) Access control method of intelligent card, intelligent card, terminal and system
CN109583154A (en) A kind of system and method based on Web middleware access intelligent code key
CN108400989B (en) Security authentication equipment, method and system for shared resource identity authentication
CN110266653A (en) A kind of method for authenticating, system and terminal device
CN114666040B (en) Radio frequency identification authentication system and method based on quantum cryptography network
CN113591103A (en) Identity authentication method and system between intelligent terminals of power internet of things
CN104065483B (en) Identity-based cryptograph (IBC) classified using method of electronic communication identities
CN109547404A (en) The acquisition methods and server of data
Alshehri et al. Formally defining NFC M-coupon requirements, with a case study

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB03 Change of inventor or designer information
CB03 Change of inventor or designer information

Inventor after: Luo Yanjing

Inventor after: Liu Peng

Inventor before: Luo Yanjing

GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address
CP03 Change of name, title or address

Address after: A1501, 15 / F, No. 22, Zhongguancun Street, Haidian District, Beijing 100089

Patentee after: Beijing xinchangcheng Technology Development Co.,Ltd.

Address before: 100080 room 1505, 15 / F, block B, 3 Haidian Street, Haidian District, Beijing

Patentee before: BEIJING RENXINZHENG TECHNOLOGY CO.,LTD.