CN110855616B - Digital key generation system - Google Patents

Digital key generation system Download PDF

Info

Publication number
CN110855616B
CN110855616B CN201910974430.6A CN201910974430A CN110855616B CN 110855616 B CN110855616 B CN 110855616B CN 201910974430 A CN201910974430 A CN 201910974430A CN 110855616 B CN110855616 B CN 110855616B
Authority
CN
China
Prior art keywords
key
white
box
encryption
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910974430.6A
Other languages
Chinese (zh)
Other versions
CN110855616A (en
Inventor
南洋
董馨
陈博
李木犀
刘晓东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
FAW Group Corp
Original Assignee
FAW Group Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by FAW Group Corp filed Critical FAW Group Corp
Priority to CN201910974430.6A priority Critical patent/CN110855616B/en
Publication of CN110855616A publication Critical patent/CN110855616A/en
Application granted granted Critical
Publication of CN110855616B publication Critical patent/CN110855616B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00571Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by interacting with a central unit
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00817Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the lock can be programmed
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • G07C2009/00412Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks the transmitted data signal being encrypted
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00817Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the lock can be programmed
    • G07C2009/00825Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the lock can be programmed remotely by lines or wireless communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/16Obfuscation or hiding, e.g. involving white box

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Lock And Its Accessories (AREA)

Abstract

The invention discloses a digital key generation system. The system comprises: a client, a private cloud and a public cloud; the client is used for uploading vehicle encryption information to the private cloud end and acquiring a digital key issued by the private cloud end; the private cloud end is used for generating a primary key according to the vehicle encryption information uploaded by the client end and encrypting the primary key according to a white box key issued by the public cloud end to generate a digital key; and the public cloud is used for generating a white box key according to the key number of the primary key uploaded by the private cloud. According to the technical scheme of the embodiment of the invention, the generation process of the digital key is realized by the private cloud and the public cloud together, and the private data of the user is only processed at the private cloud, so that the private data is prevented from being leaked, and the safety of the generation process of the digital key is improved.

Description

Digital key generation system
Technical Field
The embodiment of the invention relates to the technical field of information security, in particular to a digital key generation system.
Background
With the rapid development of vehicle informatization technology, digital keys gradually replace traditional mechanical keys, remote control keys and intelligent keys. The digital key can realize the connection with the vehicle Bluetooth and realize the functions of identity authentication, vehicle positioning, vehicle control and the like. Since the digital key contains the privacy data of the vehicle information, the information use and data transmission of the digital key play a significant role in the safety of the vehicle.
When the prior art generates a digital key, the encryption process of the digital key is realized at a public cloud end, private data including a user, a vehicle, a Bluetooth module and the like need to be uploaded to the public cloud end, and the private data has a leakage risk.
Disclosure of Invention
The invention provides a digital key generation system, which is used for efficiently generating a digital key, improving the safety of the digital key and reducing the leakage risk of private data.
In a first aspect, an embodiment of the present invention provides a digital key generation system, where the system includes:
a client, a private cloud and a public cloud;
the client is used for uploading vehicle encryption information to the private cloud end and acquiring a digital key issued by the private cloud end;
the private cloud end is used for generating a primary key according to the vehicle encryption information uploaded by the client end and encrypting the primary key according to a white box key issued by the public cloud end to generate a digital key;
and the public cloud is used for generating a white box key according to the key number of the primary key uploaded by the private cloud.
Further, the private cloud end is configured to generate a primary key according to the vehicle encryption information uploaded by the client end, and includes:
the private cloud acquires vehicle information, user information and Bluetooth equipment information uploaded by the client as vehicle encryption information;
and the private cloud end inputs the vehicle encryption information into a private encryption module in the private cloud end to generate a primary key.
Further, the private encryption module in the private cloud comprises a hardware cipher machine, and a private encryption rule is preset in the hardware cipher machine and is used for encrypting the vehicle encryption information into a primary key.
Further, the private cloud is configured to encrypt the primary key according to a white-box key issued by the public cloud to generate a digital key, and includes:
the private cloud encrypts the primary key through the white box key according to a preset encryption rule to generate a digital key;
the private cloud end generates authority information according to the authority identity information in the vehicle encryption information;
and the private cloud adds the authority information into a digital key to generate a digital key.
Further, the private cloud is further configured to perform a hash operation on the primary key and the vehicle encryption information to generate a key number.
Further, the public cloud end is used for generating a white-box key according to the key number of the primary key uploaded by the private cloud end, and includes:
the public cloud end acquires the key number uploaded by the private cloud end;
and the public cloud end is used for encrypting the key number according to a preset white box encryption rule to generate a white box key.
Further, the public cloud is further configured to issue the white-box key to a private cloud.
Further, the public cloud encrypts the key number according to a preset white-box encryption rule to generate a white-box key, including:
the public cloud end obtains a preset white box encryption rule corresponding to the client end;
and the public cloud end encrypts the key number according to the preset white box encryption rule to generate a white box key.
Further, the preset white-box encryption rules in the public cloud comprise symmetric grouping encryption rules.
Further, a white-box decryption rule is preset in the client, wherein the white-box decryption rule is matched with the white-box encryption rule of the public cloud.
According to the technical scheme, the digital key generation system is composed of the client, the private cloud and the public cloud, the client is used for uploading vehicle encryption information to the private cloud and receiving the digital key generated by the private cloud, the private cloud is used for generating the primary key according to the vehicle encryption information uploaded by the client, the primary key is encrypted according to the white box key issued by the public cloud to generate the digital key, and the public cloud is used for generating the white box key according to the key number of the primary key uploaded by the private cloud, so that the efficient generation of the digital key is realized, the safety of the digital key is improved, and the leakage risk of private data can be reduced.
Drawings
Fig. 1 is a schematic structural diagram of a digital key generation system according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a digital key generation system according to a second embodiment of the present invention;
fig. 3 is a diagram illustrating an example of a digital key generation system according to a second embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be noted that, for convenience of description, only a part of the structures related to the present invention, not all of the structures, are shown in the drawings, and furthermore, embodiments of the present invention and features of the embodiments may be combined with each other without conflict.
Example one
Fig. 1 is a schematic structural diagram of a digital key generation system according to an embodiment of the present invention, where the present embodiment is applicable to a case of generating a digital key for a vehicle, and the method may be executed by the digital key generation system, and the digital key generation system may be implemented by using hardware and/or software, and referring to fig. 1, the digital key generation system implemented by the present invention specifically includes: a client 101, a private cloud 102, and a public cloud 103.
The client 101 is configured to upload vehicle encryption information to the private cloud 102 and obtain a digital key issued by the private cloud 102.
The client 101 may be an intelligent terminal for storing a digital key and unlocking a vehicle according to the digital key, application software may be installed in the client 101 for supporting unlocking of the vehicle by the digital key, and the vehicle encryption information may be privacy information for generating the digital key, and may include user information, vehicle information, bluetooth module information, and the like. The private cloud 102 may be a cloud server for generating a digital key according to vehicle encryption information, the private cloud 102 may be operated by a vehicle manufacturer, the vehicle manufacturer has control rights of the cloud server and infrastructure, and the digital key may be a virtual vehicle key, which may control a vehicle, for example, unlock a vehicle door, open an air conditioner, and light a headlight.
Specifically, the client 101 may be connected to the private cloud 102 in a wired and wireless manner, and the client 101 may send the vehicle encryption information to the private cloud 102, and the private cloud 102 may generate a digital key according to the uploaded vehicle encryption information, and further, the client 101 may receive the digital key generated by the private cloud 102, and the client 101 may control the vehicle according to the digital key.
And the private cloud end 102 is configured to generate a primary key according to the vehicle encryption information uploaded by the client 101, and encrypt the primary key according to a white-box key issued by the public cloud end 103 to generate a digital key.
In the embodiment of the invention, the public cloud 103 can be connected with the private cloud 102, data is transmitted to the client 101 through the private cloud 102, and the client 101 and the public cloud 103 are in an isolated state, so that the risk of data leakage can be reduced; the primary key can be a key generated by the private cloud 102 according to the vehicle encryption information, and can be used for generating a digital key, the vehicle encryption information is encrypted by the private cloud 102 to generate the primary key, the primary key may not include characteristic data of the vehicle encryption information, and when the primary key is sent to the public cloud 103 for processing, the vehicle encryption information data cannot be leaked, and the data security is enhanced; the white-box key may be a key generated by the public cloud 103 according to a public white-box encryption rule, the public cloud 103 may encrypt the primary key to generate the white-box key, and the encryption rule in the public cloud for generating the white-box key may include symmetric encryption, asymmetric encryption, and the like, such as an RSA encryption algorithm, an SHA256 encryption algorithm, and the like.
In the embodiment of the present invention, the private cloud 102 generates the primary key according to the vehicle encryption information, for example, a hardware encryption machine may be built in the private cloud 102, the vehicle encryption information may be used as an input of the hardware encryption machine, an encryption result output by the hardware encryption machine is used as the primary key, further, the private cloud may further obtain a white box key issued by the public cloud 103, and encrypt and generate the primary key through the white box key, so as to improve the security of the primary key, and the primary key encrypted by the white box key may be used as a digital key. It is understood that the digital key may include authority information, such as user identification information, validity time information, etc., which may improve the security of the digital key.
And the public cloud 103 is used for generating a white-box key according to the key number of the primary key uploaded by the private cloud 102.
The public cloud end 103 can be used for generating a white box key according to information uploaded by the private cloud end, the primary key can be encrypted according to the white box key, the safety of the digital key is improved, the encryption rule set in the public cloud end 103 can be a public encryption rule, and the leakage of vehicle encryption information cannot be caused when the public cloud end 103 encrypts desensitized data acquired by the public cloud end 103.
In the embodiment of the present invention, the key number may be desensitization information generated according to a primary key, the key number may not include characteristic data of vehicle encryption information, the public cloud 103 may obtain the key number without causing a security threat to the vehicle encryption information of a user, the key number may be a data column with a fixed number of bits, and may be obtained by performing hash operation on the primary key, the private cloud 102 may perform hash operation on the primary key to determine the key number, the public cloud 103 may obtain the key number sent by the private cloud 102, and the public cloud 103 may perform encryption operation on the key number to generate a white box key.
According to the technical scheme, the digital key generation system is composed of the client, the private cloud and the public cloud, wherein the client is used for sending vehicle encryption information to the private cloud and obtaining the digital key generated by the private cloud, the private cloud is used for generating the primary key according to the vehicle encryption information and generating the digital key according to the primary key encrypted by the white box key issued by the public cloud, and the public cloud generates the white box key according to the key number of the primary key, so that the vehicle encryption information is only processed by the private cloud in the digital key generation process, the information processed by the public cloud is desensitized key number, isolation of private data is achieved, the vehicle encryption information is prevented from being leaked to a third-party service provider, the safety of the digital key generation process is improved, and the private data are prevented from being leaked.
Example two
Fig. 2 is a schematic structural diagram of a digital key generation system according to a second embodiment of the present invention, which is embodied based on the second embodiment, and referring to fig. 2, the digital key generation system according to the second embodiment of the present invention includes: a client 201, a private cloud 202, and a public cloud 203. The client 201 is configured to upload vehicle encryption information to the private cloud 202 and obtain a digital key issued by the private cloud 202. And the private cloud 202 is configured to generate a primary key according to the vehicle encryption information uploaded by the client 201, and encrypt the primary key according to a white-box key issued by the public cloud 203 to generate a digital key. And the public cloud 203 is used for generating a white-box key according to the key number of the primary key uploaded by the private cloud 202.
The private cloud 202 acquires vehicle information, user information and Bluetooth device information uploaded by the client 201 as vehicle encryption information; the private cloud 201 inputs the vehicle encryption information into a private encryption module 221 in the private cloud 201 to generate a primary key.
Wherein, vehicle information can be with the relevant privacy information of vehicle, can include the car frame number and the vehicle model etc. of vehicle, user information can be vehicle user's privacy information, can include user name, contact means and individual biological characteristic information etc, bluetooth device information can be the vehicle and the equipment information that the customer end is connected to use, private encryption module 221 can be the software and hardware module that is used for encrypting vehicle encryption information that the car manufacturer set up, private encryption module 221 can set up in advance in private cloud 201, wherein can be provided with the encryption rule, private encryption module 221's encryption rule can not be public encryption rule.
Specifically, the client 201 may be connected to the private cloud 202 in a wireless connection manner, the client 201 may send the vehicle information, the user information, and the bluetooth device information to the private cloud 202, the private cloud may use the acquired vehicle information, the acquired user information, and the acquired bluetooth device information as input of the private encryption module 221, and may use an output result of the private encryption module 221 as a primary key.
Further, the private encryption module 221 in the private cloud 202 includes a hardware cryptographic engine, and the hardware cryptographic engine is preset with a private encryption rule and is used for encrypting the vehicle encryption information into a primary key.
The hardware crypto engine may be a computer hardware device providing an encryption operation, and the hardware crypto engine may be directly connected to the private cloud 202 in the form of an expansion card or an external device.
In the embodiment of the present invention, the private cloud 202 may be provided with a hardware cryptographic engine, and may generate the primary key according to the vehicle encryption information through the set private encryption rule. It is understood that the private encryption module 221 may further include a software encryption module, and the primary key may be generated according to the vehicle encryption information according to a preset encryption rule.
The private cloud 202 encrypts the primary key through the white-box key according to a preset encryption rule to generate a digital key; the private cloud 202 generates authority information according to the authority identity information in the vehicle encryption information; the private cloud 202 adds the rights information to a digital key to generate a digital key.
The preset encryption rule may be a preset rule for encrypting the primary key, specifically may be an AES256 encryption rule, the authority identification information may be information for setting the authority of the digital key, and may include a user identifier, a usage time limit, a usage location limit, and the like, and the authority information may be information of valid time of the digital key.
Specifically, the private cloud 202 may encrypt the primary key according to the received white-box key by using an AES256 encryption rule to generate a digital key, and the private cloud 202 may extract authority identification information related to vehicle usage authority in the vehicle encryption information to generate authority information of the digital key, and may use the digital key and the authority information together as the digital key.
Further, the private cloud 202 is further configured to perform a hash operation on the primary key and the vehicle encryption information to generate a key number.
In the embodiment of the present invention, when the private cloud 202 generates the key number of the primary key, hash operation may be performed according to the primary key and the vehicle encryption information, for example, the key number may be obtained by using a formula HMACSHA256(CMPK, SHA256(VCKINFO)), where HMACSHA256 may be a hash operation rule, CMPK may be the primary key, VCKINFO may be the vehicle encryption information, and SHA256 may be a secure hash operation rule.
The public cloud 203 acquires the key number uploaded by the private cloud 202; the public cloud 203 is configured to encrypt the key number according to a preset white-box encryption rule to generate a white-box key.
The public cloud 203 can be connected to the private cloud 202 in a wireless connection mode, key numbers uploaded by the private cloud can be obtained, the public cloud 203 can generate white-box keys according to the key numbers and preset white-box encryption rules, it can be understood that the white-box encryption rules can be existing public encryption rules and private encryption rules customized by automobile manufacturers, and the key numbers do not contain characteristic information of vehicle encryption information, so that the private data cannot be leaked when the public cloud 203 processes the key numbers.
Further, the public cloud 203 is further configured to issue the white-box key to the private cloud 202.
In the embodiment of the present invention, after the public cloud 203 generates the white-box key, the generated white-box key may be issued to the private cloud 202 of the vehicle manufacturer, and the private cloud 202 may generate the digital key according to the white-box key and the primary key.
Further, the public cloud encrypts the key number according to a preset white-box encryption rule to generate a white-box key, including:
the public cloud 203 acquires a preset white-box encryption rule corresponding to the client 201; and the public cloud end 203 encrypts the key number according to the preset white-box encryption rule to generate a white-box key.
Specifically, the preset white box encryption rule in the public cloud 203 can correspond to the client 201, the client 201 can decrypt data generated by the public cloud 203 according to the preset white box encryption rule, that is, the preset white box encryption rule in the public cloud 203 can be matched with the decryption rule in the client 201, the public cloud 203 can determine the corresponding preset white box encryption rule according to the client 201, it can be understood that the white box encryption rule in the public cloud 203 can be various, the corresponding white box encryption rule can be determined according to the difference of the decryption rule in the client 201 to be the preset white box encryption rule, and the public cloud 203 can encrypt key numbers according to the preset white box encryption rule to generate a white box key.
Further, the preset white-box encryption rules in the public cloud 203 include symmetric block encryption rules. The client 201 also has a white-box decryption rule preset therein, wherein the white-box decryption rule matches with the white-box encryption rule of the public cloud 203.
In the embodiment of the present invention, the white-box encryption rule in the public cloud 203 may specifically be a symmetric block encryption rule, such as an AES256 encryption rule. The client 201 may have preset the white-box decryption rule and may decrypt the data encrypted according to the white-box key, for example, the digital key may be decrypted so that the digital key is verified, the white-box decryption rule and the white-box encryption rule match, and the client 201 may decrypt the white-box key generated by the public cloud 203.
According to the technical scheme, the private cloud end is used as vehicle encryption information according to vehicle information, user information and Bluetooth device information uploaded by the client end, the private cloud end inputs the vehicle encryption information to the private encryption module in the private cloud end to generate a primary key, the private cloud end determines a key number according to the primary key, the public cloud end encrypts the key number to generate a white box key and sends the white box key to the private cloud end, the private cloud end determines a digital key according to the white box key and the primary key and sends the digital key to the client end, generation of the digital key is achieved, the vehicle encryption information containing private data in the digital key generation process does not enter the public cloud end, and data security of the digital key generation process is improved.
Fig. 3 is an exemplary diagram of a digital key generation system according to a second embodiment of the present invention, and referring to fig. 3, a digital key generation process involves a client 301, a private cloud 302, and a public cloud 303. The client 301 needs to store a decryption component of the white-box key service to decrypt the encrypted digital key information issued by the encrypted service platform. The encryption service platform is deployed at the private cloud end 302 and used as a private server of a car factory, the private cloud end 302 is accessed through a 'special line' of a mobile core network, data does not need to be interacted with the internet of things, and safe storage and calculation of user private data can be guaranteed. The white-box key service is deployed in the public cloud 302 and is mainly used for initialization of client white-box components, white-box key distribution, key security management and the like. Because the white box key algorithm is relatively complex, the minimum time period of the white box key algorithm is not 90 days, the white box key service can ensure the safety of the digital key information. The private cloud 302 generates digital key information by using the element data "VCKInfo" and the hardware crypto, but does not send the entire digital key information to the whitepack key service platform, but only numbers the digital key information and sends the key number to the public cloud 303 running the whitepack key service platform. The public cloud 303 generates a white box key according to the key number through the white box key service platform, and sends the white box key to the private cloud 302 of the encryption service platform. And the encryption service platform encrypts the digital key information by using the white box key. The encrypted digital key is sent over the bi-directional TLS secure link between the private cloud 302 and the client 301, and the digital key can be stored at the client 301. In the process of security initialization, the client mobile phone application software can also obtain the white-box key decryption component in a client-encryption service platform-white-box key service platform manner so as to obtain the digital key information.
It should be noted that, in the embodiment of the digital key generation system, the units and modules included in the embodiment are merely divided according to the functional logic, but are not limited to the above division as long as the corresponding functions can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (9)

1. A digital key generation system, comprising:
a client, a private cloud and a public cloud;
the client is used for uploading vehicle encryption information to the private cloud end and acquiring a digital key issued by the private cloud end;
the private cloud end is used for generating a primary key according to the vehicle encryption information uploaded by the client end and encrypting the primary key according to a white box key issued by the public cloud end to generate a digital key;
the public cloud end is used for generating a white box key according to the key number of the primary key uploaded by the private cloud end;
wherein the key number is desensitization information generated from the primary key, the key number not including characteristic data of the vehicle encryption information.
2. The system of claim 1, wherein the private cloud is configured to generate a primary key according to the vehicle encryption information uploaded by the client, and comprises:
the private cloud acquires vehicle information, user information and Bluetooth equipment information uploaded by the client as vehicle encryption information;
and the private cloud end inputs the vehicle encryption information into a private encryption module in the private cloud end to generate a primary key.
3. The system according to claim 2, wherein the private encryption module in the private cloud comprises a hardware cryptographic engine, and the hardware cryptographic engine is preset with a private encryption rule and is used for encrypting the vehicle encryption information into a primary key.
4. The system of claim 1, wherein the private cloud is configured to encrypt the primary key according to a white-box key issued by the public cloud to generate a digital key, and the system comprises:
the private cloud encrypts the primary key through the white box key according to a preset encryption rule to generate a digital key;
the private cloud end generates authority information according to the authority identity information in the vehicle encryption information;
and the private cloud adds the authority information into a digital key to generate a digital key.
5. The system of claim 1, wherein the private cloud is further configured to hash the primary key and the vehicle encryption information to generate a key number.
6. The system of claim 1, wherein the public cloud is configured to generate a white-box key according to a key number of the primary key uploaded by the private cloud, and the white-box key comprises:
the public cloud end acquires the key number uploaded by the private cloud end;
and the public cloud end is used for encrypting the key number according to a preset white box encryption rule to generate a white box key.
7. The system of claim 6, wherein the public cloud encrypting the key number according to a preset white-box encryption rule to generate a white-box key comprises:
the public cloud end obtains a preset white box encryption rule corresponding to the client end;
and the public cloud end encrypts the key number according to the preset white box encryption rule to generate a white box key.
8. The system of claim 7, wherein the predetermined white-box encryption rules within the public cloud comprise symmetric block encryption rules.
9. The system according to claim 7, wherein a white-box decryption rule is preset in the client, wherein the white-box decryption rule matches with a white-box encryption rule of the public cloud.
CN201910974430.6A 2019-10-14 2019-10-14 Digital key generation system Active CN110855616B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910974430.6A CN110855616B (en) 2019-10-14 2019-10-14 Digital key generation system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910974430.6A CN110855616B (en) 2019-10-14 2019-10-14 Digital key generation system

Publications (2)

Publication Number Publication Date
CN110855616A CN110855616A (en) 2020-02-28
CN110855616B true CN110855616B (en) 2021-11-23

Family

ID=69596646

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910974430.6A Active CN110855616B (en) 2019-10-14 2019-10-14 Digital key generation system

Country Status (1)

Country Link
CN (1) CN110855616B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR3121525B1 (en) * 2021-04-02 2023-06-23 Idemia France Authentication of a device by cryptographic processing
CN113347613B (en) * 2021-04-15 2024-01-30 奇瑞商用车(安徽)有限公司 Bluetooth digital key-based secure communication method and system
CN115482606A (en) * 2021-06-16 2022-12-16 厦门通通超软件科技有限公司 Master key system and using method
CN116566594A (en) * 2022-01-30 2023-08-08 华为技术有限公司 Equipment control method, equipment and distributed digital key system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105015489A (en) * 2015-07-14 2015-11-04 杭州万好万家新能源科技有限公司 Intelligent vehicle control system based on digital key
CN108023943A (en) * 2017-11-23 2018-05-11 李党 APP controls Vehicular system
CN109472906A (en) * 2018-12-26 2019-03-15 上海银基信息安全技术股份有限公司 Digital key generation method, application method, device, system, terminal and medium
CN109808643A (en) * 2019-03-04 2019-05-28 重庆长安汽车股份有限公司 Bluetooth electronic key system and its control method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10505917B2 (en) * 2017-06-05 2019-12-10 Amazon Technologies, Inc. Secure device-to-device process for granting access to a physical space

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105015489A (en) * 2015-07-14 2015-11-04 杭州万好万家新能源科技有限公司 Intelligent vehicle control system based on digital key
CN108023943A (en) * 2017-11-23 2018-05-11 李党 APP controls Vehicular system
CN109472906A (en) * 2018-12-26 2019-03-15 上海银基信息安全技术股份有限公司 Digital key generation method, application method, device, system, terminal and medium
CN109808643A (en) * 2019-03-04 2019-05-28 重庆长安汽车股份有限公司 Bluetooth electronic key system and its control method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
数字车钥匙的设计与安全性研究;姚俊;《汽车电器 工程科技II辑 汽车工业》;20190620;第4-8页 *

Also Published As

Publication number Publication date
CN110855616A (en) 2020-02-28

Similar Documents

Publication Publication Date Title
CN110855616B (en) Digital key generation system
US11606213B2 (en) On-vehicle authentication system, communication device, on-vehicle authentication device, communication device authentication method and communication device manufacturing method
CN108496322B (en) Vehicle-mounted computer system, vehicle, key generation device, management method, key generation method, and computer-readable recording medium
CN106357400B (en) Establish the method and system in channel between TBOX terminal and TSP platform
US10015159B2 (en) Terminal authentication system, server device, and terminal authentication method
JP4545197B2 (en) Wireless network system and communication method using the same
CN102510333B (en) Authorization method and system
CN106572106B (en) Method for transmitting message between TBOX terminal and TSP platform
US8495383B2 (en) Method for the secure storing of program state data in an electronic device
JP5380583B1 (en) Device authentication method and system
KR102450811B1 (en) System for key control for in-vehicle network
CN107453880B (en) Cloud data secure storage method and system
CN104094267A (en) Method, device, and system for securely sharing media content from a source device
CN110690956B (en) Bidirectional authentication method and system, server and terminal
CN107733652B (en) Unlocking method and system for shared vehicle and vehicle lock
CN106506149B (en) Key generation method and system between a kind of TBOX terminal and TSP platform
CN104412273A (en) Method and system for activation
CN109274500B (en) Secret key downloading method, client, password equipment and terminal equipment
CN111401901B (en) Authentication method and device of biological payment device, computer device and storage medium
CN115396121A (en) Security authentication method for security chip OTA data packet and security chip device
US20210288806A1 (en) Authentication system
KR20190112959A (en) Operating method for machine learning model using encrypted data and apparatus based on machine learning model
KR101358375B1 (en) Prevention security system and method for smishing
CN110383755A (en) The network equipment and trusted third party's equipment
CN112182551B (en) PLC equipment identity authentication system and PLC equipment identity authentication method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant