CN111083696A - Communication verification method and system, mobile terminal and vehicle terminal - Google Patents

Communication verification method and system, mobile terminal and vehicle terminal Download PDF

Info

Publication number
CN111083696A
CN111083696A CN201911413942.1A CN201911413942A CN111083696A CN 111083696 A CN111083696 A CN 111083696A CN 201911413942 A CN201911413942 A CN 201911413942A CN 111083696 A CN111083696 A CN 111083696A
Authority
CN
China
Prior art keywords
key
verification
information
vehicle
vehicle end
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911413942.1A
Other languages
Chinese (zh)
Other versions
CN111083696B (en
Inventor
赵江
韦自升
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhicheauto Technology Beijing Co ltd
Original Assignee
Zhicheauto Technology Beijing Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhicheauto Technology Beijing Co ltd filed Critical Zhicheauto Technology Beijing Co ltd
Priority to CN201911413942.1A priority Critical patent/CN111083696B/en
Publication of CN111083696A publication Critical patent/CN111083696A/en
Application granted granted Critical
Publication of CN111083696B publication Critical patent/CN111083696B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys

Abstract

The embodiment of the application discloses a communication verification method and system, a mobile terminal and a vehicle terminal, wherein the method comprises the following steps: initiating identity verification to a vehicle terminal through prestored first encrypted information; the first encrypted information is obtained by encrypting the vehicle identity digital certificate through a first private key; responding to the identity authentication, and initiating first key authentication to the vehicle end; in response to the first key verification passing, the vehicle end enters a safe mode; according to the network condition of the vehicle end, the second key verification initiated by the vehicle end is received, and the verification result is determined.

Description

Communication verification method and system, mobile terminal and vehicle terminal
Technical Field
The present application relates to communication verification technologies, and in particular, to a communication verification method and system, a mobile terminal, and a vehicle terminal.
Background
With the application of technologies such as internet, artificial intelligence, wireless network, cloud computing and big data, the degree of intellectualization and networking of automobiles is higher and higher nowadays, and the automobiles become true intelligent terminal equipment for accessing to the network in the world of everything interconnection.
At present, most automobiles are provided with electronic systems, and electronic control units are connected through an in-automobile local area network and are simultaneously connected to external networks (such as 4G and 5G networks) so as to realize abundant and various automobile services, such as Internet of vehicles and automatic driving; the development of the technology promotes the updating of products, the original mechanical key is changed into a remote control system when the products enter the system, and then the remote control system is changed into the internet of vehicles standard distribution when the products enter the system, and the system has the functions of remotely opening an air conditioner and a door lock, remotely starting a vehicle and the like; the safety of the Internet of vehicles is indirectly influenced by the safety of the mobile intelligent terminal.
Disclosure of Invention
The embodiment of the application provides a communication verification technology.
According to an aspect of the embodiments of the present application, a communication verification method is provided, which is applied to a mobile terminal, and includes:
initiating identity verification to a vehicle terminal through prestored first encrypted information; the first encrypted information is obtained by encrypting the vehicle identity digital certificate through a first private key;
responding to the identity authentication, and initiating first key authentication to the vehicle end;
in response to the first key verification passing, the vehicle end enters a safe mode;
and receiving the second key verification initiated by the vehicle end according to the network condition of the vehicle end, and determining a verification result.
Optionally, the initiating the identity verification to the vehicle terminal through the pre-stored first encrypted information includes:
sending the first encrypted information to the vehicle end, and verifying the identity of the mobile terminal through the vehicle end according to the first encrypted information;
receiving second encrypted information which is fed back by the vehicle end and pre-stored in the vehicle end; the second encrypted information is obtained by encrypting the terminal digital identity card through a second private key;
and decrypting the second encrypted information through a prestored second public key, and confirming the identity of the vehicle terminal according to the obtained terminal digital identity certificate.
Optionally, the method, while initiating the identity authentication to the vehicle end through the pre-stored first encrypted information, further includes:
decrypting the received second encrypted information to obtain a communication encryption method and a communication encryption key confirmed by the vehicle end; and encrypting subsequent communication information between the vehicle end and the vehicle end by using the communication encryption method and the communication encryption key.
Optionally, the initiating key information verification to the vehicle end in response to the identity verification passing includes:
responding to the identity authentication passing, and determining a current serial number based on a historical serial number corresponding to third history encryption information used in the last key authentication;
determining third encryption information of the communication based on the current serial number; the third encrypted information is obtained by encrypting the key information certificate through a third public key;
and sending the third encrypted information to the vehicle end, and verifying the third encrypted information by the vehicle end to realize the first key verification.
Optionally, before initiating the identity authentication to the vehicle end through the pre-stored first encrypted information, the method further includes:
determining whether historical encryption information is included in the mobile terminal;
in response to the historical encryption information, determining whether the historical encryption information is expired, and if so, requesting the cloud end to update the historical encryption information; otherwise, taking the historical encryption information as the third encryption information;
and responding to the request that the historical encryption information is not included, and requesting the cloud end to acquire and store the third encryption information.
Optionally, the requesting, from the cloud, to obtain and store the third encryption information includes:
sending an information request to the cloud;
receiving the third encryption information fed back by the cloud according to the information request;
and storing the third encryption information into the secure element.
Optionally, the network condition at the vehicle end includes: network normal and weak network conditions;
the receiving, according to the network condition of the vehicle end, a second key verification initiated by the vehicle end, and determining a verification result include:
responding to the network condition of the vehicle end as the network normal condition, and realizing second key verification of the vehicle end and the mobile terminal through a cloud end;
and responding to the weak network condition of the vehicle end, and realizing the second key verification between the vehicle end and the mobile terminal in a short message verification mode.
Optionally, the second key verification between the vehicle end and the mobile terminal is realized in a short message verification manner, and the method includes:
sending a verification request fed back by the vehicle end to a communication server end, and receiving a first verification code fed back by the communication server end according to the verification request;
and sending the first verification code to the vehicle end, and realizing the second key verification through the vehicle end.
Optionally, the sending the first verification code to the vehicle end includes:
encrypting the first verification code through the communication encryption key to obtain an encrypted verification code;
and sending the encrypted verification code to the vehicle end.
Optionally, the method further comprises:
controlling the vehicle end in response to the verification result being that the vehicle end passes the verification;
and responding to the verification result that the vehicle end is not verified, the vehicle end enters a safety mode, and the vehicle end sends prompt information.
According to another aspect of the embodiments of the present application, a communication verification method is provided, which is applied to a vehicle end, and includes:
receiving first encryption information sent by a mobile terminal, and performing identity authentication based on the first encryption information and pre-stored second encryption information; the first encrypted information is obtained by encrypting the vehicle-mounted identity digital certificate through a first private key, and the second encrypted information is obtained by encrypting the terminal digital identity certificate through a second private key;
receiving first key verification initiated by the mobile terminal in response to the identity verification passing;
entering a secure mode in response to the first key verification pass;
and initiating second key verification according to the network condition, and determining a verification result.
Optionally, the receiving first encryption information sent by the mobile terminal, and performing identity authentication based on the first encryption information includes:
receiving the first encrypted information sent by the mobile terminal, decrypting the first encrypted information according to a prestored first public key, and confirming the identity of the mobile terminal according to a vehicle identity digital certificate obtained through decryption;
and responding to the legality of the identity of the mobile terminal, sending second encrypted information to the mobile terminal, and verifying the identity of the vehicle terminal by the mobile terminal according to the second encrypted information.
Optionally, the receiving first encryption information sent by the mobile terminal, and performing identity authentication based on the first encryption information and pre-stored second encryption information, further includes:
decrypting the first encrypted information to obtain a communication encryption method and a communication encryption key confirmed by the mobile terminal; and encrypting subsequent communication information between the mobile terminal and the communication encryption method and the communication encryption key.
Optionally, the receiving, in response to the authentication passing, the first key authentication initiated by the mobile terminal includes:
receiving third encrypted information sent by the mobile terminal and decrypting the third encrypted information by using a prestored third private key to obtain a key information certificate; the third encrypted information is obtained by encrypting the key information certificate through a third public key;
and verifying the key information certificate to realize the first key verification.
Optionally, the key information certificate includes: a first key validity time encrypted by the third public key, private key index information encrypted by the third public key, and a second key validity time and key information encrypted by a fourth private key; each piece of private key index information corresponds to a fourth public key;
the verifying the key information certificate includes:
decrypting through the third public key to obtain the first key valid time and the private key index information in the key information certificate;
searching and obtaining the fourth public key through the private key index information;
further decrypting the key information certificate through a fourth public key to obtain the second key valid time and the key information;
verifying the key information based on the first key validity time and the second key validity time.
Optionally, the verifying the key information based on the first key validity time and the second key validity time includes:
comparing the first key valid time with the second key valid time;
in response to the first key valid time being equal to the second key valid time, determining whether the key information is within the valid time according to the second key valid time and the current time;
and confirming that the verification is passed in response to the key information within the valid time.
Optionally, before receiving first encryption information sent by the mobile terminal and performing identity authentication based on the first encryption information and pre-stored second encryption information, the method further includes:
determining whether a historical public key is included in the vehicle end;
in response to the historical public key, determining whether the historical public key is expired, and if so, requesting the cloud end to update the historical public key; otherwise, taking the historical public key as the fourth public key;
and responding to the request that the historical public key is not included, and requesting the cloud end to acquire and store the fourth public key.
Optionally, the requesting, from the cloud, to obtain and store the fourth public key includes:
sending an information request to the cloud;
receiving the fourth public key fed back by the cloud according to the information request;
and storing the fourth public key into the secure element.
Optionally, the network condition comprises: network normal and weak network conditions;
the initiating the second key verification according to the network condition and determining the verification result comprises:
responding to the network condition as the normal network condition, and realizing second key verification between the vehicle end and the mobile terminal through a cloud end;
and responding to the weak network condition, and realizing the second key verification between the vehicle terminal and the mobile terminal in a short message verification mode.
Optionally, the second key verification between the vehicle end and the mobile terminal is realized through a cloud, including:
sending the key information certificate received from the mobile terminal to the cloud;
decrypting the key information certificate through one public key in a plurality of public keys stored in the cloud end to obtain key information;
the second key verification is achieved by confirming whether the key information is used key information.
Optionally, the second key verification between the vehicle end and the mobile terminal is realized in a short message verification manner, and the method includes:
sending a verification request to the mobile terminal;
receiving a second verification code fed back by the communication server according to the verification request and a first verification code sent by the mobile terminal;
comparing the first verification code with the second verification code;
determining that the second key verification passes in response to the first verification code and the second verification code being the same.
Optionally, the receiving the first verification code sent by the mobile terminal includes:
and receiving an encrypted verification code which is sent by the mobile terminal and encrypted by the communication encryption key, and decrypting the encrypted verification code by the communication encryption key to obtain the first verification code.
Optionally, the method further comprises:
receiving control of the mobile terminal in response to the verification result being a pass verification;
and in response to the verification result being that the verification is not passed, entering a safety mode and sending out prompt information.
According to another aspect of the embodiments of the present application, there is provided a mobile terminal including:
the identity authentication module is used for initiating identity authentication to the vehicle terminal through prestored first encrypted information; the first encrypted information is obtained by encrypting the vehicle identity digital certificate through a first private key;
the first key verification module is used for responding to the passing of the identity verification and initiating the first key verification to the vehicle machine end; in response to the first key verification passing, the vehicle end enters a safe mode;
and the second key verification module is used for receiving second key verification initiated by the vehicle end according to the network condition of the vehicle end and determining a verification result.
Optionally, the identity authentication module is specifically configured to send the first encrypted information to the vehicle end, and authenticate the identity of the mobile terminal according to the first encrypted information through the vehicle end; receiving second encrypted information which is fed back by the vehicle end and pre-stored in the vehicle end; the second encrypted information is obtained by encrypting the terminal digital identity card through a second private key; and decrypting the second encrypted information through a prestored second public key, and confirming the identity of the vehicle terminal according to the obtained terminal digital identity certificate.
Optionally, the identity authentication module is further configured to decrypt the received second encrypted information to obtain a communication encryption method and a communication encryption key confirmed by the vehicle end; and encrypting subsequent communication information between the vehicle end and the vehicle end by using the communication encryption method and the communication encryption key.
Optionally, the first key verification module is specifically configured to determine, in response to the identity verification being passed, a current serial number based on a historical serial number corresponding to third history encryption information used in the last key verification; determining third encryption information of the communication based on the current serial number; the third encrypted information is obtained by encrypting the key information certificate through a third public key; and sending the third encrypted information to the vehicle end, and verifying the third encrypted information by the vehicle end to realize the first key verification.
Optionally, the method further comprises:
the encryption information acquisition module is used for determining whether the mobile terminal comprises historical encryption information; in response to the historical encryption information, determining whether the historical encryption information is expired, and if so, requesting the cloud end to update the historical encryption information; otherwise, taking the historical encryption information as the third encryption information; and responding to the request that the historical encryption information is not included, and requesting the cloud end to acquire and store the third encryption information.
Optionally, the encrypted information obtaining module is configured to send an information request to the cloud when requesting to obtain and store the third encrypted information from the cloud; receiving the third encryption information fed back by the cloud according to the information request; and storing the third encryption information into the secure element.
Optionally, the network condition at the vehicle end includes: network normal and weak network conditions;
the second key verification module is specifically used for responding to the network condition of the vehicle end as the normal network condition, and realizing second key verification between the vehicle end and the mobile terminal through a cloud end; and responding to the weak network condition of the vehicle end, and realizing the second key verification between the vehicle end and the mobile terminal in a short message verification mode.
Optionally, the second key verification module is configured to send a verification request fed back by the vehicle end to a communication server and receive a first verification code fed back by the communication server according to the verification request when the second key verification between the vehicle end and the mobile terminal is realized in a short message verification manner; and sending the first verification code to the vehicle end, and realizing the second key verification through the vehicle end.
Optionally, when the second key verification module sends the first verification code to the vehicle end, the second key verification module is configured to encrypt the first verification code with the communication encryption key to obtain an encrypted verification code; and sending the encrypted verification code to the vehicle end.
Optionally, the method further comprises:
the verification result module is used for responding to the verification result that the vehicle end is verified to be passed and controlling the vehicle end; and responding to the verification result that the vehicle end is not verified, the vehicle end enters a safety mode, and the vehicle end sends prompt information.
According to another aspect of the embodiments of the present application, there is provided a vehicle end, including:
the identity authentication module is used for receiving first encryption information sent by the mobile terminal and carrying out identity authentication on the basis of the first encryption information and prestored second encryption information; the first encrypted information is obtained by encrypting the vehicle-mounted identity digital certificate through a first private key, and the second encrypted information is obtained by encrypting the terminal digital identity certificate through a second private key;
the first key verification module is used for responding to the passing of the identity verification and receiving the first key verification initiated by the mobile terminal; entering a secure mode in response to the first key verification pass;
and the second key verification module is used for initiating second key verification according to the network condition and determining a verification result.
Optionally, the identity authentication module is specifically configured to receive the first encrypted information sent by the mobile terminal, decrypt the first encrypted information according to a prestored first public key, and confirm the identity of the mobile terminal according to a car-mounted identity digital certificate obtained through decryption; and responding to the legality of the identity of the mobile terminal, sending second encrypted information to the mobile terminal, and verifying the identity of the vehicle terminal by the mobile terminal according to the second encrypted information.
Optionally, the identity authentication module is further configured to decrypt the first encrypted information to obtain a communication encryption method and a communication encryption key confirmed by the mobile terminal; and encrypting subsequent communication information between the mobile terminal and the communication encryption method and the communication encryption key.
Optionally, the first key verification module is specifically configured to receive third encrypted information sent by the mobile terminal and decrypt the third encrypted information by using a prestored third private key to obtain a key information certificate; the third encrypted information is obtained by encrypting the key information certificate through a third public key; and verifying the key information certificate to realize the first key verification.
Optionally, the key information certificate includes: a first key validity time encrypted by the third public key, private key index information encrypted by the third public key, and a second key validity time and key information encrypted by a fourth private key; each piece of private key index information corresponds to a fourth public key;
the first key verification module is used for verifying the key information certificate and obtaining the first key valid time and the private key index information in the key information certificate through decryption of the third public key when the first key verification is realized; searching and obtaining the fourth public key through the private key index information; further decrypting the key information certificate through a fourth public key to obtain the second key valid time and the key information; verifying the key information based on the first key validity time and the second key validity time.
Optionally, the first key verification module is configured to compare the first key validity time with the second key validity time when verifying the key information based on the first key validity time and the second key validity time; in response to the first key valid time being equal to the second key valid time, determining whether the key information is within the valid time according to the second key valid time and the current time; and confirming that the verification is passed in response to the key information within the valid time.
Optionally, the method further comprises:
the public key acquisition module is used for determining whether the vehicle end comprises a historical public key; in response to the historical public key, determining whether the historical public key is expired, and if so, requesting the cloud end to update the historical public key; otherwise, taking the historical public key as the fourth public key; and responding to the request that the historical public key is not included, and requesting the cloud end to acquire and store the fourth public key.
Optionally, the public key obtaining module is configured to send an information request to the cloud when requesting to obtain and store the fourth public key from the cloud; receiving the fourth public key fed back by the cloud according to the information request; and storing the fourth public key into the secure element.
Optionally, the network condition comprises: network normal and weak network conditions;
the second key verification module is specifically used for responding to the network condition as the normal network condition, and realizing second key verification between the vehicle machine end and the mobile terminal through a cloud end; and responding to the weak network condition, and realizing the second key verification between the vehicle terminal and the mobile terminal in a short message verification mode.
Optionally, the second key verification module is configured to send a key information certificate received from the mobile terminal to a cloud when a second key verification between the vehicle end and the mobile terminal is implemented through the cloud; decrypting the key information certificate through one public key in a plurality of public keys stored in the cloud end to obtain key information; the second key verification is achieved by confirming whether the key information is used key information.
Optionally, the second key verification module is configured to send a verification request to the mobile terminal when the second key verification between the vehicle end and the mobile terminal is achieved through short message verification; receiving a second verification code fed back by the communication server according to the verification request and a first verification code sent by the mobile terminal; comparing the first verification code with the second verification code; determining that the second key verification passes in response to the first verification code and the second verification code being the same.
Optionally, when receiving the first verification code sent by the mobile terminal, the second key verification module is specifically configured to receive an encrypted verification code sent by the mobile terminal and encrypted by the communication encryption key, and decrypt the encrypted verification code by the communication encryption key to obtain the first verification code.
Optionally, the method further comprises:
the verification result module is used for responding to the verification result that the verification is passed and receiving the control of the mobile terminal; and in response to the verification result being that the verification is not passed, entering a safety mode and sending out prompt information.
According to another aspect of the embodiments of the present application, there is provided a communication verification system, including:
a mobile terminal as in any preceding embodiment and a vehicle end as in any preceding embodiment.
Optionally, the method further comprises:
the cloud end is used for sending first encryption information encrypted by a first private key, third encryption information encrypted by a third public key and a second public key to the mobile terminal, and sending second encryption information encrypted by the second private key, the third private key and a fourth public key to the vehicle end; and the key information certificate is used for receiving the key information certificate sent by the vehicle terminal, decrypting the key information certificate based on one supply in a plurality of stored public keys to obtain key information, and confirming whether the key information is used key information.
Based on the identity authentication method and system, the mobile terminal and the vehicle end provided by the embodiment of the application, the identity authentication is initiated to the vehicle end through the pre-stored first encrypted information; the first encrypted information is obtained by encrypting the vehicle identity digital certificate through a first private key; responding to the identity authentication, and initiating first key authentication to the vehicle end; in response to the first key verification passing, the vehicle end enters a safe mode; according to the network condition of the vehicle end, the second key verification initiated by the vehicle end is received, and the verification result is determined.
The technical solution of the present application is further described in detail by the accompanying drawings and examples.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description, serve to explain the principles of the application.
The present application may be more clearly understood from the following detailed description with reference to the accompanying drawings, in which:
fig. 1 is a schematic flowchart of a communication verification method according to an embodiment of the present application.
FIG. 2 is a schematic flow chart of step 102 in the embodiment shown in FIG. 1 of the present disclosure.
Fig. 3 is a schematic flow chart of step 104 in the embodiment shown in fig. 1 of the present disclosure.
Fig. 4 is another schematic flow chart of a communication verification method according to an embodiment of the present application.
Fig. 5 is a schematic flow chart of step 402 in the embodiment shown in fig. 4 of the present disclosure.
Fig. 6 is a schematic flow chart of step 404 in the embodiment shown in fig. 4 of the present disclosure.
Fig. 7 is a schematic structural diagram of a mobile terminal according to an embodiment of the present application.
Fig. 8 is a schematic structural diagram of a vehicle end provided in an embodiment of the present application.
Fig. 9 is a timing diagram of a mobile terminal and a vehicle end in a communication verification system according to an embodiment of the present disclosure.
Detailed Description
Various exemplary embodiments of the present application will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, the numerical expressions, and numerical values set forth in these embodiments do not limit the scope of the present application unless specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the application, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
Fig. 1 is a schematic flowchart of a communication verification method according to an embodiment of the present application. As shown in fig. 1, the method is applied to a mobile terminal, and the method of the embodiment includes:
and 102, initiating identity authentication to the vehicle terminal through the pre-stored first encrypted information.
The first encrypted information is obtained by encrypting the vehicle identity digital certificate through a first private key.
Optionally, the first encrypted information in this embodiment may be obtained by encrypting the in-vehicle machine identity digital certificate with the first private key through the cloud and then sending the encrypted in-vehicle machine identity digital certificate to the mobile terminal, and since the first encrypted information is encrypted with the private key, the in-vehicle machine end needs to decrypt the encrypted in-vehicle machine identity digital certificate with the public key corresponding to the first private key after receiving the encrypted in-vehicle machine identity digital certificate.
And 104, responding to the passing of the identity authentication, and initiating the first key authentication to the vehicle terminal.
Optionally, this embodiment may further include ending the authentication this time in response to the authentication failing. In order to improve the security of the vehicle end, the vehicle end is not directly controlled to communicate with the mobile terminal after the identity authentication is passed, but a first key authentication is performed, and the vehicle end verifies the key information in the mobile terminal in the key authentication process to determine whether the key information held by the mobile terminal is valid.
And step 106, responding to the first key verification, and enabling the vehicle end to enter a safety mode.
Optionally, the embodiment may further include that, in response to the first key verification failing, the vehicle end rejects all requests of the mobile terminal, and ends the communication verification. This embodiment shows that only when the key information in the mobile terminal is valid, the vehicle-mounted terminal enters the security mode to perform the second key verification, thereby further improving the security of the two-party communication.
Alternatively, the safety mode in this embodiment may be a mode in which a part of functions of the vehicle end is limited, for example, the vehicle end may open the vehicle door in the safety mode but cannot perform other control.
And step 108, receiving the second key verification initiated by the vehicle end according to the network condition of the vehicle end, and determining a verification result.
In the prior art, when a mobile terminal is communicated with a vehicle end, requirements are made on network conditions, and when the network conditions are weak, communication cannot be achieved. In order to solve the problem that the mobile terminal and the vehicle end are in safe communication under the weak network condition, the network condition of the vehicle end needs to be judged before the second key verification, and the second key verification is respectively carried out according to the judgment result (whether the network condition is a strong network condition or a weak network condition) so as to ensure that the mobile terminal and the vehicle end can be in safe communication under different network conditions and are not limited by the network condition.
According to the identity authentication method provided by the embodiment of the application, identity authentication is initiated to a vehicle terminal through prestored first encrypted information; the first encrypted information is obtained by encrypting the vehicle identity digital certificate through a first private key; responding to the identity authentication, and initiating first key authentication to the vehicle end; in response to the first key verification passing, the vehicle end enters a safe mode; according to the network condition of the vehicle end, receiving second key verification initiated by the vehicle end, and determining a verification result.
As shown in fig. 2, based on the embodiment shown in fig. 1, step 102 may include the following steps:
step 1021, the first encrypted information is sent to the vehicle end, and the identity of the mobile terminal is verified through the vehicle end according to the first encrypted information.
Since the encrypted first encryption information is the vehicle-mounted device identity digital certificate, the encrypted first encryption information needs to be sent to a corresponding vehicle-mounted device end for authentication, so as to confirm the corresponding relationship between the vehicle-mounted device identity digital certificate and the vehicle-mounted device end.
And step 1022, the receiving vehicle end feeds back second encrypted information prestored in the vehicle end.
And the second encrypted information is obtained by encrypting the terminal digital identity card through a second private key.
In this embodiment, the vehicle end stores second encrypted information, optionally, the second encrypted information may be obtained by encrypting the terminal digital identity certificate with a second private key through the cloud end, and the cloud end sends the second encrypted information to the vehicle end for storage after encryption, and the vehicle end stores the terminal digital identity certificate, which indicates that the mobile terminal corresponding to the terminal digital identity certificate corresponds to the vehicle end.
And 1023, decrypting the second encrypted information through a prestored second public key, and confirming the identity of the vehicle terminal according to the obtained terminal digital identity certificate.
In this embodiment, the second encrypted information is decrypted by the second public key corresponding to the encrypted second private key, so as to implement asymmetric decryption, the terminal digital identity certificate obtained through decryption is matched with the identity information in the mobile terminal, and when the terminal digital identity certificate is matched with the identity information in the mobile terminal, it is indicated that the vehicle end that sends the second encrypted information corresponds to the mobile terminal.
Optionally, the step 102, while performing the identity authentication, further includes:
decrypting the received second encrypted information to obtain a communication encryption method and a communication encryption key confirmed by the vehicle end; and encrypting subsequent communication information between the vehicle terminal and the vehicle terminal by using a communication encryption method and a communication encryption key.
Alternatively, in order to ensure the safety during the communication process between the mobile terminal and the vehicle end, a symmetric encryption algorithm must be used, however, the process of negotiating the symmetric encryption algorithm needs to use the asymmetric encryption algorithm (the identity authentication process in this embodiment) to ensure security, but the process of directly using the asymmetric encryption algorithm is also not secure, and there is a possibility that a man in the middle may tamper with the public key, so that the mobile terminal and the vehicle end do not directly use the public key in this embodiment, but rather uses a third party digital Certificate Authority (CA) and its transmitted public key to secure the asymmetric encryption process itself, for example, the cloud end respectively uses the first private key and the second private key to encrypt the vehicle identity digital certificate and the terminal identity digital certificate, and sending a first public key corresponding to the first private key to the vehicle terminal, and sending a second public key corresponding to the second private key to the mobile terminal. A symmetric encryption algorithm is negotiated through an asymmetric encryption algorithm, and all data transmitted later are encrypted through a communication key; therefore, other users on the network can hardly steal and tamper the data transmitted between the mobile terminal and the vehicle terminal, thereby ensuring the privacy and integrity of the data, namely ensuring the safety of communication contents.
As shown in fig. 3, based on the embodiment shown in fig. 1, step 104 may include the following steps:
in step 1041, in response to the authentication passing, the current serial number is determined based on the historical serial number corresponding to the third history encryption information used in the last key authentication.
In the embodiment, the last unlocking finger sends the stored key information certificate to the vehicle terminal to request unlocking after passing the first identity authentication for the last time; the mobile terminal stores a plurality of key information certificates, wherein each key information certificate can be applied only once, so that other illegal unlocking behaviors caused by interception of the key can be effectively prevented; therefore, before the key information certificate is sent this time, the current serial number is determined by the historical serial number, for example, the current serial number is obtained by adding one to the historical serial number.
Alternatively, the mobile terminal extracts the value of the serial number (index) recording the last used key information certificate and adds 1, and if the value is not recorded, starts from 0, for example, if the current index is equal to 0, reads the certificate with the sequence 1 from the plurality of key information certificates stored in advance in the Secure Element (SE), and sends the certificate to the vehicle end.
And 1042, determining third encryption information of the communication based on the current serial number.
And the third encrypted information is obtained by encrypting the key information certificate through a third public key.
In order to ensure the security of sending key information between the mobile terminal and the vehicle end, the embodiment transmits the key information certificate through an asymmetric encryption method.
And 1043, sending the third encrypted information to the vehicle end, and verifying the third encrypted information by the vehicle end to realize the first key verification.
In this embodiment, a private key (corresponding to the third public key) and a plurality of key information related public keys are stored in the vehicle end; the cloud end stores a public key corresponding to the vehicle end private key and a plurality of key information related private keys; the mobile terminal stores a plurality of key information certificates issued by the cloud, and the key information certificates mainly comprise: the first key validity time encrypted by the third public key, the private key index information encrypted by the third public key, the second key validity time encrypted by the fourth private key, and the key information encrypted by the fourth private key.
In some optional embodiments, before performing step 102, further comprising:
it is determined whether historical encryption information is included in the mobile terminal.
Responding to the historical encryption information, determining whether the historical encryption information is expired, and if so, requesting the cloud end to update the historical encryption information; otherwise, the historical encryption information is used as third encryption information.
And responding to the fact that the historical encryption information is not included, and requesting to obtain third encryption information from the cloud.
In this embodiment, the mobile terminal provides a Trusted operating Environment for the acquired key information certificate (in this embodiment, the third encrypted information obtained by encrypting the key information certificate) by using a Trusted Execution Environment (TEE), and ensures security of key storage by protecting confidentiality and integrity and controlling data access authority.
Optionally, requesting to obtain and store third encryption information from the cloud, including:
sending an information request to a cloud;
receiving third encryption information fed back by the cloud according to the information request;
and storing the third encryption information in the secure element.
In this embodiment, when the mobile terminal does not include the third encryption information, it is necessary to request a third party such as a cloud to acquire the third encryption information, and store the acquired third encryption information in the secure element, where optionally, the secure element includes but is not limited to: if the SE is preferentially used, whether the SE can be stored in the hardware TEE is checked, and if the SE does not have the hardware TEE, whether the SE can be stored in the software TEE is checked, so that the safe storage of the third encrypted information is ensured.
In some optional embodiments, the network conditions at the vehicle end include: network normal and weak network conditions; step 106 may include, for different network situations:
and responding to the network condition of the vehicle end as the network normal condition, and realizing the second key verification of the vehicle end and the mobile terminal through the cloud end.
And responding to the weak network condition of the vehicle end, and realizing the second key verification of the vehicle end and the mobile terminal in a short message verification mode.
In this embodiment, the second key verification is divided into two types according to the network strength of the current vehicle end: a cloud end check is characterized in that if the network state of a vehicle end is good, a certificate sent by an intelligent terminal is synchronously moved to a server for verification, if the verification is passed, a safety mode is released, and a normal mode is entered; if the verification fails, informing the vehicle owner of the vehicle condition; another method is to complete the verification for the third party SP sms, for example, if the SP sms is in a state of being able to send and receive sms in the 2G network, the SP sms is timed for 5 minutes. Within 5 minutes, the vehicle-mounted machine system requests to send advanced permission verification to the mobile intelligent terminal, after the mobile intelligent terminal receives the advanced permission verification, the mobile intelligent terminal prompts a user to select a safe mode and a normal mode through a popup window, if the mobile intelligent terminal selects the safe mode, the vehicle-mounted machine system is notified of the end of direct timing through the popup window, and the vehicle enters the safe mode; if the normal mode is selected, the mobile intelligent terminal sends a short message to the SP service to request to issue a verification code, after the SP service receives the short message requesting to issue the verification code, the short message informs the mobile intelligent terminal and the vehicle end, the vehicle end receives the verification code and then stores the verification code, the mobile intelligent end sends the received verification code to the vehicle end, the vehicle end compares the verification code sent by the mobile intelligent end with the verification code which is received and stored by the vehicle end, if the verification code is the same as the verification code, the vehicle end stops timing, and the vehicle enters the normal mode; if the verification codes are different, the vehicle-mounted machine system sends a request to feed back the intelligent terminal to prompt that the verification codes are wrong, the verification codes are input again, and the logic sequence is circulated until the verification codes pass verification. After 5 minutes, the car machine system automatically enters a safe mode.
If the vehicle is in the network-free state, the vehicle automatically enters a safety mode; when the vehicle runs to a section with good network conditions, after the vehicle is connected to the internet, synchronously moving a certificate sent by the intelligent terminal to a server for verification, and if the certificate passes the verification, removing the safety mode and entering a normal mode; and if the verification fails, informing the vehicle owner of the vehicle condition.
Optionally, the short message verification process may include:
sending a verification request fed back by a vehicle end to a communication server end, and receiving a first verification code fed back by the communication server end according to the verification request; and sending the first verification code to the vehicle end, and realizing the second key verification through the vehicle end.
In this embodiment, in order to improve the security of the verification code transmitted between the mobile terminal and the vehicle end, optionally, the first verification code is encrypted by a communication encryption key to obtain an encrypted verification code; and sending the encrypted verification code to the vehicle end. Namely, the first verification code is encrypted through a symmetric encryption password obtained through asymmetric encryption negotiation during identity authentication, and the encrypted encryption verification code is transmitted, so that the security of the first verification code is enhanced.
In some optional embodiments, the method provided in this embodiment further includes:
controlling the vehicle end in response to the verification result being that the verification is passed;
and responding to the verification result that the verification is not passed, the vehicle end enters a safety mode, and the vehicle end sends prompt information.
In this embodiment, after the mobile terminal passes the key verification twice, the mobile terminal obtains the control right of the vehicle end to realize the control of the vehicle end, such as unlocking, opening an air conditioner, and the like; the safety control of the vehicle is realized; when the verification result shows that the vehicle end fails to pass the verification, the vehicle end enters a safety mode to ensure the safety of the vehicle end, the vehicle end is prevented from being controlled by the non-authority terminal, the safety of the vehicle is improved, and meanwhile, prompt information can be sent to a vehicle owner.
Fig. 4 is another schematic flow chart of a communication verification method according to an embodiment of the present application. As shown in fig. 4, the method is applied to a vehicle end, and the method of the embodiment includes:
and 402, receiving first encryption information sent by the mobile terminal, and performing identity authentication based on the first encryption information and pre-stored second encryption information.
The first encryption information is obtained by encrypting the vehicle-mounted identity digital certificate through a first private key, and the second encryption information is obtained by encrypting the terminal digital identity certificate through a second private key.
Optionally, in this embodiment, the vehicle end verifies the identity of the mobile terminal according to the received first encryption information, and sends the second encryption information to the mobile terminal for verification; the second encrypted information can be obtained by encrypting the terminal digital identity certificate through the cloud end by using the second private key and then sending the encrypted terminal digital identity certificate to the vehicle end, and the second encrypted information is encrypted by using the private key, so that the mobile terminal needs to decrypt the encrypted terminal digital identity certificate by using the public key corresponding to the second private key after receiving the encrypted terminal digital identity certificate.
And step 404, responding to the passing of the identity authentication, and receiving the first key authentication initiated by the mobile terminal.
Optionally, this embodiment may further include ending the authentication this time in response to the authentication failing. In order to improve the security of the vehicle end, the vehicle end is not directly controlled to communicate with the mobile terminal after the identity authentication is passed, but a first key authentication is performed, and the vehicle end verifies the key information in the mobile terminal in the key authentication process to determine whether the key information held by the mobile terminal is valid.
In response to the first key verification pass, a security mode is entered, step 406.
Optionally, the embodiment may further include that, in response to the first key verification failing, the vehicle end rejects all requests of the mobile terminal, and ends the communication verification. This embodiment shows that only when the key information in the mobile terminal is valid, the vehicle-mounted terminal enters the security mode to perform the second key verification, thereby further improving the security of the two-party communication.
And step 408, initiating second key verification according to the network condition, and determining a verification result.
In the authentication method provided by the above embodiment of the present application, first encryption information sent by a mobile terminal is received, and authentication is performed based on the first encryption information and pre-stored second encryption information; the first encrypted information is obtained by encrypting the vehicle-mounted identity digital certificate through a first private key, and the second encrypted information is obtained by encrypting the terminal digital identity certificate through a second private key; receiving first key verification initiated by the mobile terminal in response to passing of the identity verification; entering a secure mode in response to the first key verification pass; according to the network condition, the second key verification is initiated to determine the verification result, the identity of both communication parties is verified through the identity verification and the two key verifications, the leakage of relevant information such as a communication key and a communication protocol at any end is avoided, and the safety accident caused by the fact that an attacker maliciously controls the vehicle is avoided.
As shown in fig. 5, based on the embodiment shown in fig. 4, step 402 may include the following steps:
step 4021, receiving first encrypted information sent by the mobile terminal, decrypting the first encrypted information according to a prestored first public key, and confirming the identity of the mobile terminal according to the vehicle-mounted identity digital certificate obtained through decryption.
Step 4022, responding to the identity of the mobile terminal is legal, sending second encrypted information to the mobile terminal, and verifying the identity of the vehicle terminal by the mobile terminal according to the second encrypted information.
Optionally, the embodiment may further include stopping the identity authentication in response to the identity of the mobile terminal being illegal, and sending a message to prompt the vehicle owner that illegal access occurs.
In the embodiment, bidirectional identity verification is realized by storing the vehicle-mounted identity digital certificate at the mobile terminal and storing the terminal identity digital certificate at the vehicle-mounted end; the vehicle end compares the received vehicle identity digital certificate with the local identification, so that whether the identity of the terminal equipment sending the vehicle identity digital certificate is legal or not can be determined, only when the identity of the mobile terminal is legal, the vehicle end sends second encrypted information to the mobile terminal, and the mobile terminal verifies the identity of the vehicle end according to the second encrypted information.
Optionally, step 402, while performing the identity authentication, further includes:
decrypting the first encrypted information to obtain a communication encryption method and a communication encryption key confirmed by the mobile terminal; and encrypting the communication information between the subsequent mobile terminal and the mobile terminal by using the communication encryption method and the communication encryption key.
In this embodiment, in order to ensure the security of the communication process between the mobile terminal and the vehicle end, a symmetric encryption algorithm needs to be used. Through the mechanisms, a symmetric encryption algorithm and a key are negotiated while identity authentication is carried out, so that the subsequent communication security of the two parties is solved.
As shown in fig. 6, based on the embodiment shown in fig. 4, step 404 may include the following steps:
step 4041, receiving the third encrypted information sent by the mobile terminal and decrypting the third encrypted information by using a prestored third private key to obtain a key information certificate.
And the third encrypted information is obtained by encrypting the key information certificate through a third public key.
Step 4042, the key information certificate is verified to implement the first key verification.
In this embodiment, a private key (corresponding to the third public key) and a plurality of key information related public keys are stored in the vehicle end; the cloud end stores a public key corresponding to the vehicle end private key and a plurality of key information related private keys; the mobile terminal stores a plurality of key information certificates issued by the cloud, and the key information certificates mainly comprise: the first key validity time encrypted by the third public key, the private key index information encrypted by the third public key, the second key validity time encrypted by the fourth private key, and the key information encrypted by the fourth private key.
Optionally, the key information certificate includes: the first key valid time encrypted by the third public key, the private key index information encrypted by the third public key, and the second key valid time and key information encrypted by the fourth private key; each private key index information corresponds to a fourth public key;
optionally, step 4042 includes:
decrypting through the third public key to obtain the first key valid time and the private key index information in the key information certificate;
searching and obtaining a fourth public key through private key index information;
the key information certificate is further decrypted through the fourth public key to obtain the valid time of the second key and key information;
the key information is verified based on the first key validity time and the second key validity time.
Based on the secure communication, after the vehicle end receives the key information, the third encrypted information is decrypted by using a third private key corresponding to a third public key, and the first valid time and private key index (index) information in the key information certificate are obtained after decryption; and finding a corresponding fourth public key according to the index, decrypting the key information certificate by using the fourth public key to obtain second key effective time and key information, determining whether the key information is effective or not by comparing whether the first key effective time is consistent with the second key effective time, and finishing the authentication of the key information when the first key effective time is consistent with the second key effective time and the key information does not exceed the first key effective time (or the second key effective time) to obtain effective key information.
Optionally, verifying the key information based on the first key validity time and the second key validity time includes:
comparing the first key valid time with the second key valid time;
in response to the first key valid time being equal to the second key valid time, determining whether the key information is within the valid time according to the second key valid time and the current time;
and confirming the verification passing in the valid time in response to the key information.
In some optional embodiments, before performing step 402, further comprising:
it is determined whether the historical public key is included in the vehicle end.
In response to the historical public key, determining whether the historical public key is expired, and if so, requesting the cloud end to update the historical public key; otherwise, taking the historical public key as a fourth public key;
and in response to the fact that the historical public key is not included, requesting the cloud end to acquire and store a fourth public key.
In the embodiment, when the vehicle end and the mobile intelligent terminal are in a normal network, the mobile intelligent terminal requests the acquisition cloud end to acquire a plurality of key information certificates (encrypted to be third encrypted information) in advance and stores the key information certificates in the secure environment; the vehicle terminal obtains a plurality of public keys corresponding to key information certificates (a fourth public key corresponding to third encryption information) in advance through an SCP03 protocol and stores the public keys in a safety environment, a hardware TEE chip, a software TEE environment and an SE safety element are stored safely, if the SE is not used preferentially, whether the SE can be stored in the hardware TEE or not is checked, if the SE is not used, whether the SE can be stored in the software TEE or not is checked again, and the problem of safe storage of the digital certificates is solved. The SE safety element is provided with an encryption/decryption logic circuit, and the vehicle terminal acquires a cloud key certificate through an SCP03 protocol and stores a key in the SE safety element, so that the key storage safety can be ensured. Optionally, requesting to obtain and store the fourth public key from the cloud, including:
sending an information request to a cloud;
receiving a fourth public key fed back by the cloud according to the information request;
and storing the fourth public key into the secure element.
In some optional embodiments, the network conditions at the vehicle end include: network normal and weak network conditions; step 406 may include, for different network scenarios:
responding to the network condition as a network normal condition, and realizing secondary key verification of the automobile end and the mobile terminal through the cloud end;
and responding to the weak network condition, and realizing the second key verification between the vehicle terminal and the mobile terminal in a short message verification mode.
In this embodiment, the second key verification is divided into two types according to the network strength of the current vehicle end: a cloud end check is characterized in that if the network state of a vehicle end is good, a certificate sent by an intelligent terminal is synchronously moved to a server for verification, if the verification is passed, a safety mode is released, and a normal mode is entered; if the verification fails, informing the vehicle owner of the vehicle condition; another is to perform verification for a third party SP sms.
Optionally, the second key verification is implemented through a cloud, including:
sending the key information certificate received from the mobile terminal to the cloud;
decrypting the key information certificate through one public key in a plurality of public keys stored in the cloud end to obtain key information;
the second key verification is performed by confirming whether the key information is used key information.
In this embodiment, when the network condition of the vehicle end is the normal network condition, the vehicle end initiates the second key verification, and at this time, the vehicle end sends the received key information certificate to the cloud for verification, so that the possibility that the local verification is possibly tampered is avoided, and the security and reliability of the key certificate verification are improved.
Optionally, the second key verification is implemented by a short message verification method, including:
sending a verification request to the mobile terminal;
receiving a second verification code fed back by the communication server according to the verification request and a first verification code sent by the mobile terminal;
comparing the first verification code with the second verification code;
and determining that the second key verification passes in response to the first verification code being the same as the second verification code.
In this embodiment, the second key verification at both ends is implemented by using a verification code sent by a communication server (for example, SP service, etc.), the mobile terminal requests the communication server to acquire the verification code, and the communication server feeds back a first verification code and a second verification code with the same content to the mobile terminal and the vehicle end respectively; the vehicle terminal determines that the identity authentication is passed by comparing whether the first verification code received from the mobile terminal is the same as the second verification code received from the communication server terminal or not and when the first verification code is the same as the second verification code.
Optionally, receiving the first verification code sent by the mobile terminal includes: and the receiving mobile terminal encrypts the received first verification code through the communication encryption key to obtain an encrypted verification code, and decrypts the encrypted verification code through the communication encryption key to obtain the first verification code.
In this embodiment, in order to improve the security of the verification code transmitted between the mobile terminal and the vehicle end, optionally, the first verification code is encrypted by a communication encryption key to obtain an encrypted verification code; and sending the encrypted verification code to the vehicle end. Namely, the first verification code is encrypted through a symmetric encryption password obtained through asymmetric encryption negotiation during identity authentication, and the encrypted encryption verification code is transmitted, so that the security of the first verification code is enhanced.
In some optional embodiments, the method provided in this embodiment further includes:
receiving control of the mobile terminal in response to the verification result being a pass verification;
and in response to the verification result being that the verification is not passed, entering a safety mode and sending out prompt information.
In this embodiment, after the mobile terminal passes the key verification twice, the mobile terminal obtains the control right of the vehicle end to realize the control of the vehicle end, such as unlocking, opening an air conditioner, and the like; the safety control of the vehicle is realized; when the verification result shows that the vehicle end fails to pass the verification, the vehicle end enters a safety mode to ensure the safety of the vehicle end, the vehicle end is prevented from being controlled by the non-authority terminal, the safety of the vehicle is improved, and meanwhile, prompt information can be sent to a vehicle owner.
Those of ordinary skill in the art will understand that: all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Fig. 7 is a schematic structural diagram of a mobile terminal according to an embodiment of the present application. The mobile terminal of this embodiment may be used to implement the above-mentioned method embodiments of the present application. As shown in fig. 7, the mobile terminal of this embodiment includes:
and the identity authentication module 71 is used for initiating identity authentication to the vehicle terminal through the prestored first encrypted information.
The first encrypted information is obtained by encrypting the vehicle identity digital certificate through a first private key.
The first key verification module 72 is used for responding to the passing of the identity verification and initiating the first key verification to the vehicle end; and responding to the first key verification, and enabling the vehicle end to enter a safety mode.
And the second key verification module 73 is used for receiving second key verification initiated by the vehicle end according to the network condition of the vehicle end and determining a verification result.
According to the mobile terminal provided by the embodiment of the application, the identity authentication is initiated to the vehicle terminal through the pre-stored first encrypted information; the first encrypted information is obtained by encrypting the vehicle identity digital certificate through a first private key; responding to the identity authentication, and initiating first key authentication to the vehicle terminal; responding to the first key verification, and enabling the vehicle end to enter a safety mode; according to the network condition of the vehicle end, the second key verification initiated by the vehicle end is received, and the verification result is determined.
In some optional embodiments, the identity authentication module 71 is specifically configured to send the first encrypted information to the vehicle end, and authenticate the identity of the mobile terminal according to the first encrypted information through the vehicle end; the vehicle end is received to feed back second encrypted information prestored in the vehicle end; the second encrypted information is obtained by encrypting the terminal digital identity card through a second private key; and decrypting the second encrypted information through a prestored second public key, and confirming the identity of the vehicle terminal according to the obtained terminal digital identity certificate.
Optionally, the identity authentication module 71 is further configured to decrypt the received second encrypted information to obtain a communication encryption method and a communication encryption key confirmed by the vehicle end; and encrypting subsequent communication information between the vehicle terminal and the vehicle terminal by using a communication encryption method and a communication encryption key.
Optionally, the first key verification module 72 is specifically configured to determine, in response to the identity verification being passed, a current serial number based on a historical serial number corresponding to third history encryption information used in the last key verification; determining third encryption information of the communication based on the current serial number; the third encrypted information is obtained by encrypting the key information certificate through a third public key; and sending the third encrypted information to the vehicle end, and verifying the third encrypted information by the vehicle end to realize the first key verification.
Optionally, the mobile terminal provided in this embodiment further includes:
the encryption information acquisition module is used for determining whether the mobile terminal comprises historical encryption information; responding to the historical encryption information, determining whether the historical encryption information is expired, and if so, requesting the cloud end to update the historical encryption information; otherwise, the historical encryption information is used as third encryption information; and responding to the fact that the historical encryption information is not included, and requesting to obtain and store third encryption information from the cloud.
Optionally, the encrypted information obtaining module is configured to send an information request to the cloud when requesting to obtain and store third encrypted information from the cloud; receiving third encryption information fed back by the cloud according to the information request; and storing the third encryption information in the secure element.
In some optional embodiments, the network conditions at the vehicle end include: network normal and weak network conditions;
the second key verification module 73 is specifically configured to, in response to that the network condition of the vehicle end is a network normal condition, implement second key verification between the vehicle end and the mobile terminal through the cloud; and responding to the weak network condition of the vehicle end, and realizing the second key verification of the vehicle end and the mobile terminal in a short message verification mode.
Optionally, the second key verification module 73 is configured to send a verification request fed back by the vehicle end to the communication server and receive a first verification code fed back by the communication server according to the verification request when the second key verification between the vehicle end and the mobile terminal is realized in a short message verification manner; and sending the first verification code to the vehicle end, and realizing the second key verification through the vehicle end.
Optionally, the second key verification module 73 is configured to encrypt the first verification code with a communication encryption key to obtain an encrypted verification code when the first verification code is sent to the vehicle end; and sending the encrypted verification code to the vehicle end.
In some optional embodiments, the mobile terminal provided in this embodiment further includes:
the verification result module is used for responding to the verification result that the verification is passed and controlling the vehicle terminal; and responding to the verification result that the verification is not passed, the vehicle end enters a safety mode, and the vehicle end sends prompt information.
Fig. 8 is a schematic structural diagram of a vehicle end provided in an embodiment of the present application. The mobile terminal of this embodiment may be used to implement the above-mentioned method embodiments of the present application. As shown in fig. 8, the vehicle end of this embodiment includes:
and the identity authentication module 81 is configured to receive the first encryption information sent by the mobile terminal, and perform identity authentication based on the first encryption information and pre-stored second encryption information.
The first encryption information is obtained by encrypting the vehicle-mounted identity digital certificate through a first private key, and the second encryption information is obtained by encrypting the terminal digital identity certificate through a second private key.
The first key verification module 82 is used for responding to the passing of the identity verification and receiving the first key verification initiated by the mobile terminal; and entering a security mode in response to the first key verification passing.
And the second key verification module 83 is configured to initiate second key verification according to a network condition, and determine a verification result.
The vehicle terminal provided by the above embodiment of the application receives first encrypted information sent by the mobile terminal, and performs identity authentication based on the first encrypted information and pre-stored second encrypted information; the first encrypted information is obtained by encrypting the vehicle-mounted identity digital certificate through a first private key, and the second encrypted information is obtained by encrypting the terminal digital identity certificate through a second private key; receiving first key verification initiated by the mobile terminal in response to passing of the identity verification; entering a secure mode in response to a first key authentication pass; according to the network condition, the second key verification is initiated to determine the verification result, the identity of both communication parties is verified through the identity verification and the two key verifications, the leakage of relevant information such as a communication key and a communication protocol at any end is avoided, and the safety accident caused by the fact that an attacker maliciously controls the vehicle is avoided.
In some optional embodiments, the identity authentication module 81 is specifically configured to receive first encrypted information sent by the mobile terminal, decrypt the first encrypted information according to a prestored first public key, and confirm the identity of the mobile terminal according to a vehicle-mounted identity digital certificate obtained through decryption; and responding to the identity of the mobile terminal to be legal, sending second encrypted information to the mobile terminal, and verifying the identity of the vehicle terminal by the mobile terminal according to the second encrypted information.
Optionally, the identity authentication module 81 is further configured to decrypt the first encrypted information to obtain a communication encryption method and a communication encryption key confirmed by the mobile terminal; and encrypting the communication information between the subsequent mobile terminal and the mobile terminal by using the communication encryption method and the communication encryption key.
In some optional embodiments, the first key verification module 82 is specifically configured to receive third encrypted information sent by the mobile terminal and decrypt the third encrypted information by using a prestored third private key to obtain a key information certificate; the third encrypted information is obtained by encrypting the key information certificate through a third public key; and verifying the key information certificate to realize the first key verification.
Optionally, the key information certificate includes: the first key valid time encrypted by the third public key, the private key index information encrypted by the third public key, and the second key valid time and key information encrypted by the fourth private key; each private key index information corresponds to a fourth public key;
the first key verification module 82 is configured to obtain the first key validity time and the private key index information in the key information certificate through decryption of the third public key when verifying the key information certificate to realize the first key verification; searching and obtaining a fourth public key through private key index information; the key information certificate is further decrypted through the fourth public key to obtain the valid time of the second key and key information; the key information is verified based on the first key validity time and the second key validity time.
Optionally, the first key verification module 82 is configured to compare the first key validity time with the second key validity time when verifying the key information based on the first key validity time and the second key validity time; in response to the first key valid time being equal to the second key valid time, determining whether the key information is within the valid time according to the second key valid time and the current time; and confirming the verification passing in the valid time in response to the key information.
Optionally, the vehicle end provided in this embodiment further includes:
the public key acquisition module is used for determining whether a historical public key is included in the vehicle end; in response to the historical public key, determining whether the historical public key is expired, and if so, requesting the cloud end to update the historical public key; otherwise, taking the historical public key as a fourth public key; and in response to the fact that the historical public key is not included, requesting the cloud end to acquire and store a fourth public key.
Optionally, the public key obtaining module is configured to send an information request to the cloud when requesting to obtain and store the fourth public key from the cloud; receiving a fourth public key fed back by the cloud according to the information request; and storing the fourth public key into the secure element.
In some optional embodiments, the network conditions include: network normal and weak network conditions;
the second key verification module 83 is specifically configured to respond to the network condition being a network normal condition, and implement second key verification between the vehicle end and the mobile terminal through the cloud; and responding to the weak network condition, and realizing the second key verification between the vehicle terminal and the mobile terminal in a short message verification mode.
Optionally, the second key verification module 83 is configured to send the key information certificate received from the mobile terminal to the cloud when the second key verification between the vehicle end and the mobile terminal is implemented through the cloud; decrypting the key information certificate through one public key in a plurality of public keys stored in the cloud end to obtain key information; the second key verification is performed by confirming whether the key information is used key information.
Optionally, the second key verification module 83 is configured to send a verification request to the mobile terminal when the second key verification between the vehicle end and the mobile terminal is implemented in a short message verification manner; receiving a second verification code fed back by the communication server according to the verification request and a first verification code sent by the mobile terminal; comparing the first verification code with the second verification code; and determining that the second key verification passes in response to the first verification code being the same as the second verification code.
Optionally, the second key verification module 83 is specifically configured to, when receiving the first verification code sent by the mobile terminal, send the first verification code that is obtained by encrypting with the communication encryption key and is decrypted with the communication encryption key, so as to obtain the first verification code.
Optionally, the method further comprises:
the verification result module is used for responding to the verification result that the verification is passed and receiving the control of the mobile terminal; and in response to the verification result being that the verification is not passed, entering a safety mode and sending out prompt information.
According to another aspect of the embodiments of the present application, there is provided a communication verification system, including:
a mobile terminal as provided in any of the above embodiments and a vehicle end as provided in any of the above embodiments.
Fig. 9 is a timing diagram of a mobile terminal (mobile intelligent terminal) and a vehicle end in the communication verification system according to the embodiment of the present application. As shown in fig. 9, when the car end or the mobile intelligent terminal is in a weak network environment, communication is performed through bluetooth.
And the mobile intelligent terminal reads the identification vehicle machine identity digital certificate which is pre-arranged in the TEE environment and sends the identification vehicle machine identity digital certificate to a vehicle machine end. The vehicle end verifies the certificate and confirms that the identity of the mobile intelligent terminal is legal; the vehicle end reads a digital certificate of the identity of a mobile end which is pre-built in, and sends the digital certificate to the mobile intelligent terminal, the mobile intelligent terminal verifies the certificate, confirms that the identity of the vehicle end is legal, negotiates a communication encryption algorithm in the process, and determines the communication encryption algorithm, so that the communication environment basically ensures safety.
The mobile intelligent terminal takes out and records the serial number index value of the key information certificate used last time plus 1, if the serial number index value is not recorded, the serial number index value is started from 0, for example, the current index is equal to 0, the certificate with the sequence of 1 in a plurality of key information certificates stored in an SE security element in advance is read and sent to a vehicle end, the vehicle end receives the key information certificate and decrypts public key encryption information in a key by using a private key, effective time and public key index information in the key information are obtained, and the validity of the key information certificate is determined; and confirming that the index is equal to lastIndex (the index value passing the last verification is added with 1), otherwise, failing to authenticate the key information, if the index passes the verification and then verifies that the lastIndex is reported to the cloud, and if not, sending a short message to inform the owner of whether the concerned vehicle is safe. And finding out the corresponding public key according to the index, decrypting to obtain the key valid time encrypted by the private key, comparing the key information with the key information and confirming that the key is in the valid period, and finishing the key information authentication.
At this time, the vehicle (vehicle end) enters a security mode, and key information needs to be confirmed for the second time in order to better ensure the vehicle security. The secondary confirmation execution scheme is divided into two types according to the strength of the current vehicle network: one cloud check is performed for the SP SMS service of the third party.
If the vehicle network state is good, synchronously moving a certificate sent by the intelligent terminal to a cloud terminal for verification, and if the verification is passed, releasing the security mode and entering a normal mode; and if the verification fails, informing the vehicle owner of the vehicle condition.
If the vehicle is in the network-free state, the vehicle automatically enters a safety mode; when the vehicle runs to a section with good network conditions, after the vehicle is connected to the internet, synchronously moving a certificate sent by the intelligent terminal to a server for verification, and if the certificate passes the verification, removing the safety mode and entering a normal mode; and if the verification fails, informing the vehicle owner of the vehicle condition.
If the state is in the state that the 2G network can receive and send the short message server, the timing is started for 5 minutes. Within 5 minutes, the vehicle-mounted machine system requests to send advanced permission verification to the mobile intelligent terminal, after the mobile intelligent terminal receives the advanced permission verification, the mobile intelligent terminal prompts a user to select a safe mode and a normal mode through a popup window, if the mobile intelligent terminal selects the safe mode, the vehicle-mounted machine system is notified of the end of direct timing through the popup window, and the vehicle enters the safe mode; if the normal mode is selected, the mobile intelligent terminal sends a short message to the SP service to request to issue a verification code, after the SP service receives the short message requesting to issue the verification code, the short message informs the mobile intelligent terminal and the vehicle end, the vehicle end receives the verification code and then stores the verification code, the mobile intelligent end sends the received verification code to the vehicle end, the vehicle end compares the verification code sent by the mobile intelligent end with the verification code which is received and stored by the vehicle end, if the verification code is the same as the verification code, the vehicle end stops timing, and the vehicle enters the normal mode; if the verification codes are different, the vehicle-mounted machine system sends a request to feed back the intelligent terminal to prompt that the verification codes are wrong, the verification codes are input again, and the logic sequence is circulated until the verification codes pass verification. After 5 minutes, the car machine system automatically enters a safe mode.
Optionally, the communication verification system may further include:
the cloud end is used for sending first encryption information encrypted by the first private key, third encryption information encrypted by the third public key and the second public key to the mobile terminal, and sending second encryption information encrypted by the second private key, the third private key and the fourth public key to the vehicle end; and the key information certificate is used for receiving the key information certificate sent by the vehicle terminal, decrypting the key information certificate based on one supply in the stored public keys to obtain key information, and confirming whether the key information is used key information.
The methods and apparatus of the present application may be implemented in a number of ways. For example, the methods and apparatus of the present application may be implemented by software, hardware, firmware, or any combination of software, hardware, and firmware. The above-described order for the steps of the method is for illustration only, and the steps of the method of the present application are not limited to the order specifically described above unless specifically stated otherwise. Further, in some embodiments, the present application may also be embodied as a program recorded in a recording medium, the program including machine-readable instructions for implementing a method according to the present application. Thus, the present application also covers a recording medium storing a program for executing the method according to the present application.
The description of the present application has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the application in the form disclosed. Many modifications and variations will be apparent to practitioners skilled in this art. The embodiment was chosen and described in order to best explain the principles of the application and the practical application, and to enable others of ordinary skill in the art to understand the application for various embodiments with various modifications as are suited to the particular use contemplated.

Claims (10)

1. A communication verification method is applied to a mobile terminal and comprises the following steps:
initiating identity verification to a vehicle terminal through prestored first encrypted information; the first encrypted information is obtained by encrypting the vehicle identity digital certificate through a first private key;
responding to the identity authentication, and initiating first key authentication to the vehicle end;
in response to the first key verification passing, the vehicle end enters a safe mode;
and receiving the second key verification initiated by the vehicle end according to the network condition of the vehicle end, and determining a verification result.
2. The method according to claim 1, wherein the initiating the authentication to the vehicle end through the pre-stored first encrypted information comprises:
sending the first encrypted information to the vehicle end, and verifying the identity of the mobile terminal through the vehicle end according to the first encrypted information;
receiving second encrypted information which is fed back by the vehicle end and pre-stored in the vehicle end; the second encrypted information is obtained by encrypting the terminal digital identity card through a second private key;
and decrypting the second encrypted information through a prestored second public key, and confirming the identity of the vehicle terminal according to the obtained terminal digital identity certificate.
3. The method according to claim 2, wherein the method, while initiating the authentication to the vehicle side through the pre-stored first encrypted information, further comprises:
decrypting the received second encrypted information to obtain a communication encryption method and a communication encryption key confirmed by the vehicle end; and encrypting subsequent communication information between the vehicle end and the vehicle end by using the communication encryption method and the communication encryption key.
4. The method of any of claims 1-3, wherein said initiating key information verification to said vehicle end in response to said authentication passing comprises:
responding to the identity authentication passing, and determining a current serial number based on a historical serial number corresponding to third history encryption information used in the last key authentication;
determining third encryption information of the communication based on the current serial number; the third encrypted information is obtained by encrypting the key information certificate through a third public key;
and sending the third encrypted information to the vehicle end, and verifying the third encrypted information by the vehicle end to realize the first key verification.
5. The method of claim 4, before initiating the authentication to the vehicle end through the pre-stored first encrypted information, further comprising:
determining whether historical encryption information is included in the mobile terminal;
in response to the historical encryption information, determining whether the historical encryption information is expired, and if so, requesting the cloud end to update the historical encryption information; otherwise, taking the historical encryption information as the third encryption information;
and responding to the request that the historical encryption information is not included, and requesting the cloud end to acquire and store the third encryption information.
6. The method of claim 5, wherein the requesting the cloud for obtaining and storing the third encrypted information comprises:
sending an information request to the cloud;
receiving the third encryption information fed back by the cloud according to the information request;
and storing the third encryption information into the secure element.
7. A communication verification method is applied to a vehicle end and comprises the following steps:
receiving first encryption information sent by a mobile terminal, and performing identity authentication based on the first encryption information and pre-stored second encryption information; the first encrypted information is obtained by encrypting the vehicle-mounted identity digital certificate through a first private key, and the second encrypted information is obtained by encrypting the terminal digital identity certificate through a second private key;
receiving first key verification initiated by the mobile terminal in response to the identity verification passing;
entering a secure mode in response to the first key verification pass;
and initiating second key verification according to the network condition, and determining a verification result.
8. A mobile terminal, comprising:
the identity authentication module is used for initiating identity authentication to the vehicle terminal through prestored first encrypted information; the first encrypted information is obtained by encrypting the vehicle identity digital certificate through a first private key;
the first key verification module is used for responding to the passing of the identity verification and initiating the first key verification to the vehicle machine end; in response to the first key verification passing, the vehicle end enters a safe mode;
and the second key verification module is used for receiving second key verification initiated by the vehicle end according to the network condition of the vehicle end and determining a verification result.
9. A vehicle end, comprising:
the identity authentication module is used for receiving first encryption information sent by the mobile terminal and carrying out identity authentication on the basis of the first encryption information and prestored second encryption information; the first encrypted information is obtained by encrypting the vehicle-mounted identity digital certificate through a first private key, and the second encrypted information is obtained by encrypting the terminal digital identity certificate through a second private key;
the first key verification module is used for responding to the passing of the identity verification and receiving the first key verification initiated by the mobile terminal; entering a secure mode in response to the first key verification pass;
and the second key verification module is used for initiating second key verification according to the network condition and determining a verification result.
10. A communication authentication system, comprising:
a mobile terminal as claimed in claim 8 and a vehicle end as claimed in claim 9.
CN201911413942.1A 2019-12-31 2019-12-31 Communication verification method and system, mobile terminal and vehicle machine side Active CN111083696B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911413942.1A CN111083696B (en) 2019-12-31 2019-12-31 Communication verification method and system, mobile terminal and vehicle machine side

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911413942.1A CN111083696B (en) 2019-12-31 2019-12-31 Communication verification method and system, mobile terminal and vehicle machine side

Publications (2)

Publication Number Publication Date
CN111083696A true CN111083696A (en) 2020-04-28
CN111083696B CN111083696B (en) 2023-09-12

Family

ID=70320711

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911413942.1A Active CN111083696B (en) 2019-12-31 2019-12-31 Communication verification method and system, mobile terminal and vehicle machine side

Country Status (1)

Country Link
CN (1) CN111083696B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111601280A (en) * 2020-05-14 2020-08-28 中国联合网络通信集团有限公司 Access verification method and device
CN114374950A (en) * 2022-01-14 2022-04-19 重庆长安汽车股份有限公司 Bluetooth-based short-range vehicle control system, vehicle control method and vehicle
CN115527292A (en) * 2022-11-25 2022-12-27 广州万协通信息技术有限公司 Mobile phone terminal remote vehicle unlocking method of security chip and security chip device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108340876A (en) * 2018-01-24 2018-07-31 江苏德瑞博新能源汽车制造有限公司 A kind of new-energy automobile keyless access system
CN109774653A (en) * 2019-01-31 2019-05-21 上海小蓦智能科技有限公司 A kind of dynamic adjusting method and device of Hierarchical Identity authentication mechanism
CN109858213A (en) * 2019-01-31 2019-06-07 上海小蓦智能科技有限公司 A kind of quick identity authentication method and device
JP6571847B1 (en) * 2018-09-03 2019-09-04 笠▲衆▼實業有限公司 Intelligent vehicle electronic key system
CN110290525A (en) * 2019-06-21 2019-09-27 湖北亿咖通科技有限公司 A kind of sharing method and system, mobile terminal of vehicle number key

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108340876A (en) * 2018-01-24 2018-07-31 江苏德瑞博新能源汽车制造有限公司 A kind of new-energy automobile keyless access system
JP6571847B1 (en) * 2018-09-03 2019-09-04 笠▲衆▼實業有限公司 Intelligent vehicle electronic key system
CN109774653A (en) * 2019-01-31 2019-05-21 上海小蓦智能科技有限公司 A kind of dynamic adjusting method and device of Hierarchical Identity authentication mechanism
CN109858213A (en) * 2019-01-31 2019-06-07 上海小蓦智能科技有限公司 A kind of quick identity authentication method and device
CN110290525A (en) * 2019-06-21 2019-09-27 湖北亿咖通科技有限公司 A kind of sharing method and system, mobile terminal of vehicle number key

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111601280A (en) * 2020-05-14 2020-08-28 中国联合网络通信集团有限公司 Access verification method and device
CN111601280B (en) * 2020-05-14 2022-08-19 中国联合网络通信集团有限公司 Access verification method and device
CN114374950A (en) * 2022-01-14 2022-04-19 重庆长安汽车股份有限公司 Bluetooth-based short-range vehicle control system, vehicle control method and vehicle
CN115527292A (en) * 2022-11-25 2022-12-27 广州万协通信息技术有限公司 Mobile phone terminal remote vehicle unlocking method of security chip and security chip device

Also Published As

Publication number Publication date
CN111083696B (en) 2023-09-12

Similar Documents

Publication Publication Date Title
CN108122311B (en) Vehicle virtual key implementation method and system
CN107650863B (en) Vehicle sharing method and system
CN109862040B (en) Security authentication method and authentication system
CN110637328B (en) Vehicle access method based on portable equipment
CN111194028B (en) Safety control method based on vehicle
US11167723B2 (en) Method for access management of a vehicle
CN111447601B (en) Implementation method and device of automobile Bluetooth key
CN111131313B (en) Safety guarantee method and system for replacing ECU (electronic control Unit) of intelligent networked automobile
JP6731887B2 (en) Maintenance system and maintenance method
JP5031994B2 (en) Authority delegation system, control device, and authority delegation method
TW201927601A (en) Method for generating and using virtual key of vehicle, system for same, and user terminal
CN108141444B (en) Improved authentication method and authentication device
CN111083696B (en) Communication verification method and system, mobile terminal and vehicle machine side
CN107277033B (en) Charging and battery replacing equipment and authentication method and system for object to be charged and battery replaced
CN111376865B (en) Vehicle digital key activation method, system and storage medium
CN106912046B (en) One-way key fob and vehicle pairing
CN112396735B (en) Internet automobile digital key safety authentication method and device
CN111267774B (en) Virtual key authorization method and device
CN111845624B (en) Method for starting vehicle without key
KR20160093764A (en) Secure communication system of ecu utilizing otp rom
CN113766450A (en) Vehicle virtual key sharing method, mobile terminal, server and vehicle
CN106559378A (en) Automobile door lock tripper, system and method and intelligent terminal
JP2020088836A (en) Vehicle maintenance system, maintenance server device, management server device, on-vehicle device, maintenance tool, computer program, and vehicle maintenance method
CN112423298B (en) Identity authentication system and method for road traffic signal management and control facility
JP6723422B1 (en) Authentication system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant