CN111083696B

CN111083696B - Communication verification method and system, mobile terminal and vehicle machine side

Info

Publication number: CN111083696B
Application number: CN201911413942.1A
Authority: CN
Inventors: 赵江; 韦自升
Original assignee: Zhicheauto Technology Beijing Co ltd
Current assignee: Zhicheauto Technology Beijing Co ltd
Priority date: 2019-12-31
Filing date: 2019-12-31
Publication date: 2023-09-12
Anticipated expiration: 2039-12-31
Also published as: CN111083696A

Abstract

The embodiment of the application discloses a communication verification method and system, a mobile terminal and a vehicle terminal, wherein the method comprises the following steps: initiating identity verification to a vehicle terminal through pre-stored first encryption information; the first encryption information is obtained by encrypting a vehicle body part digital certificate through a first private key; responding to the authentication passing, and initiating a first key authentication to the vehicle-mounted terminal; responding to the first key verification, and enabling the vehicle-mounted terminal to enter a safety mode; according to the network condition of the vehicle-mounted terminal, the second key verification initiated by the vehicle-mounted terminal is received, and the verification result is determined.

Description

Communication verification method and system, mobile terminal and vehicle machine side

Technical Field

The application relates to a communication verification technology, in particular to a communication verification method and system, a mobile terminal and a vehicle terminal.

Background

With the application of technologies such as internet, artificial intelligence, wireless network, cloud computing, big data and the like, the intelligent and networking degree of automobiles is higher and higher today, and automobiles become intelligent terminal equipment which is accessed to the network in the everything interconnection age of everything.

Most automobiles at present have electronic systems, and electronic control units are connected through an in-car local area network and are simultaneously connected to external networks (such as 4G and 5G networks) so as to realize rich and various automobile services, such as Internet of vehicles and automatic driving; the development of the technology promotes the updating of products, the original mechanical key of an access system is changed into a remote control system, and then the remote control system is changed into a vehicle networking standard by a mobile intelligent terminal, so that the remote control system has the functions of remotely opening an air conditioner and a door lock, remotely starting a vehicle and the like; the safety of the mobile intelligent terminal indirectly influences the safety of the Internet of vehicles.

Disclosure of Invention

The embodiment of the application provides a communication verification technology.

According to an aspect of an embodiment of the present application, a communication authentication method is provided, which is applied to a mobile terminal, and includes:

initiating identity verification to a vehicle terminal through pre-stored first encryption information; the first encryption information is obtained by encrypting a vehicle body part digital certificate through a first private key;

responding to the authentication passing, and initiating a first key authentication to the vehicle-mounted terminal;

responding to the first key verification, and enabling the vehicle-mounted terminal to enter a safety mode;

and receiving a second key verification initiated by the vehicle-mounted terminal according to the network condition of the vehicle-mounted terminal, and determining a verification result.

Optionally, the initiating the authentication to the vehicle machine through the pre-stored first encryption information includes:

the first encryption information is sent to the vehicle-mounted terminal, and the identity of the mobile terminal is verified through the vehicle-mounted terminal according to the first encryption information;

receiving second encryption information which is fed back by the vehicle-mounted terminal and prestored in the vehicle-mounted terminal; the second encryption information is obtained by encrypting the terminal digital identity certificate through a second private key;

decrypting the second encrypted information through a pre-stored second public key, and confirming the identity of the vehicle terminal according to the obtained terminal digital identity certificate.

Optionally, the step of initiating identity verification to the vehicle machine side through the pre-stored first encryption information further includes:

decrypting the received second encryption information to obtain a communication encryption method and a communication encryption key confirmed by the vehicle-mounted terminal; and encrypting the communication information between the follow-up vehicle terminal and the vehicle terminal by using the communication encryption method and the communication encryption key.

Optionally, the responding to the authentication passing initiates key information authentication to the vehicle machine end, including:

responding to the authentication passing, and determining a current serial number based on a historical serial number corresponding to third historical encryption information used by the last key authentication;

Determining third encryption information of the communication based on the current serial number; the third encryption information is obtained by encrypting a key information certificate through a third public key;

and sending the third encrypted information to the vehicle-mounted terminal, and verifying the third encrypted information by the vehicle-mounted terminal to realize first key verification.

Optionally, before the identity authentication is initiated to the vehicle machine side through the pre-stored first encryption information, the method further comprises:

determining whether historical encryption information is included in the mobile terminal;

determining whether the historical encryption information is out of date or not in response to the inclusion of the historical encryption information, and requesting to update the historical encryption information from a cloud terminal if the historical encryption information is out of date; otherwise, the historical encryption information is used as the third encryption information;

and responding to the condition that the historical encryption information is not included, requesting the cloud end to acquire the third encryption information and storing the third encryption information.

Optionally, the requesting, from the cloud end, to obtain and store the third encrypted information includes:

sending an information request to the cloud;

receiving the third encryption information fed back by the cloud according to the information request;

storing the third encrypted information in a secure element.

Optionally, the network conditions of the vehicle-mounted terminal include: network normal conditions and weak network conditions;

the step of receiving the second key verification initiated by the vehicle-mounted terminal according to the network condition of the vehicle-mounted terminal, and determining the verification result comprises the following steps:

responding to the network condition of the vehicle-mounted terminal as the network normal condition, and realizing the second key verification of the vehicle-mounted terminal and the mobile terminal through the cloud;

and responding to the network condition of the vehicle-mounted terminal as the weak network condition, and realizing the second key verification of the vehicle-mounted terminal and the mobile terminal in a short message verification mode.

Optionally, the second key verification of the vehicle-mounted terminal and the mobile terminal by the short message verification method includes:

sending a verification request fed back by the vehicle machine side to a communication server side, and receiving a first verification code fed back by the communication server side according to the verification request;

and sending the first verification code to the vehicle-mounted terminal, and realizing the second key verification through the vehicle-mounted terminal.

Optionally, the sending the first verification code to the vehicle machine end includes:

encrypting the first verification code through the communication encryption key to obtain an encrypted verification code;

And sending the encrypted verification code to the vehicle-mounted terminal.

Optionally, the method further comprises:

responding to the verification result to pass verification, and controlling the vehicle-mounted terminal;

and responding to the verification result that the verification is not passed, enabling the vehicle-mounted terminal to enter a safety mode, and sending out prompt information by the vehicle-mounted terminal.

According to another aspect of the embodiment of the present application, a communication verification method is provided, which is applied to a vehicle-mounted terminal, and includes:

receiving first encryption information sent by a mobile terminal, and performing identity verification based on the first encryption information and pre-stored second encryption information; the first encryption information is obtained by encrypting the vehicle body digital certificate through a first private key, and the second encryption information is obtained by encrypting the terminal digital identity certificate through a second private key;

receiving a first key verification initiated by the mobile terminal in response to the authentication passing;

responsive to the first key verification passing, entering a secure mode;

and initiating a second key verification according to the network condition, and determining a verification result.

Optionally, the receiving the first encrypted information sent by the mobile terminal, performing identity verification based on the first encrypted information, includes:

The first encryption information sent by the mobile terminal is received, the first encryption information is decrypted according to a pre-stored first public key, and the identity of the mobile terminal is confirmed according to a vehicle body number digital certificate obtained through decryption;

and responding to the identity of the mobile terminal is legal, sending second encryption information to the mobile terminal, and verifying the identity of the vehicle terminal according to the second encryption information by the mobile terminal.

Optionally, the receiving the first encrypted information sent by the mobile terminal, and performing authentication based on the first encrypted information and the pre-stored second encrypted information, further includes:

decrypting the first encryption information to obtain a communication encryption method and a communication encryption key confirmed by the mobile terminal; and encrypting the communication information between the subsequent mobile terminal and the communication encryption method and the communication encryption key.

Optionally, the receiving the first key verification initiated by the mobile terminal in response to the authentication passing includes:

receiving third encryption information sent by the mobile terminal and decrypting by utilizing a pre-stored third private key to obtain a key information certificate; the third encryption information is obtained by encrypting a key information certificate through a third public key;

And verifying the key information certificate to realize first key verification.

Optionally, the key information certificate includes: a first key valid time encrypted by the third public key, private key index information encrypted by the third public key, and a second key valid time and key information encrypted by a fourth private key; wherein each private key index information corresponds to a fourth public key;

the verifying the key information certificate comprises the following steps:

obtaining the first key effective time and the private key index information in the key information certificate through decryption of the third public key;

searching and obtaining the fourth public key through the private key index information;

further decrypting the key information certificate through a fourth public key to obtain the second key effective time and the key information;

and verifying the key information based on the first key effective time and the second key effective time.

Optionally, the verifying the key information based on the first key valid time and the second key valid time includes:

comparing the first key effective time with the second key effective time;

Responding to the fact that the effective time of the first key is equal to the effective time of the second key, and determining whether the key information is in the effective time or not according to the effective time of the second key and the current time;

and confirming that the verification is passed within a valid time in response to the key information.

Optionally, before receiving the first encrypted information sent by the mobile terminal and performing identity verification based on the first encrypted information and the pre-stored second encrypted information, the method further includes:

determining whether the vehicle-mounted terminal comprises a history public key or not;

determining whether the history public key is out of date in response to the history public key being included, and requesting to update the history public key from a cloud terminal if the history public key is out of date; otherwise, taking the history public key as the fourth public key;

and in response to the fact that the history public key is not included, requesting the cloud to acquire the fourth public key and storing the fourth public key.

Optionally, the requesting the cloud to obtain and store the fourth public key includes:

sending an information request to the cloud;

receiving the fourth public key fed back by the cloud according to the information request;

storing said fourth public key in a secure element.

Optionally, the network condition includes: network normal conditions and weak network conditions;

Initiating a second key verification according to the network condition, and determining a verification result, wherein the method comprises the following steps:

responding to the network condition as the network normal condition, and realizing the second key verification of the vehicle terminal and the mobile terminal through the cloud;

and responding to the network condition as the weak network condition, and realizing the second key verification of the vehicle-mounted terminal and the mobile terminal in a short message verification mode.

Optionally, the implementing the second key verification between the vehicle terminal and the mobile terminal through the cloud includes:

transmitting a key information certificate received from the mobile terminal to the cloud;

decrypting the key information certificate through one public key of a plurality of public keys stored in the cloud to obtain key information;

and the second key verification is realized by confirming whether the key information is used key information.

sending a verification request to the mobile terminal;

receiving a second verification code fed back by the communication server according to the verification request and a first verification code sent by the mobile terminal;

Comparing the first verification code with the second verification code;

and determining that the second key passes verification in response to the first verification code and the second verification code being identical.

Optionally, the receiving the first verification code sent by the mobile terminal includes:

and receiving the encrypted verification code obtained by encrypting the communication encryption key sent by the mobile terminal, and decrypting the encrypted verification code by the communication encryption key to obtain the first verification code.

Optionally, the method further comprises:

receiving control of the mobile terminal in response to the verification result being passing verification;

and responding to the verification result that the verification is not passed, entering a safety mode and sending out prompt information.

According to still another aspect of the embodiment of the present application, there is provided a mobile terminal including:

the identity verification module is used for initiating identity verification to the vehicle machine end through the pre-stored first encryption information; the first encryption information is obtained by encrypting a vehicle body part digital certificate through a first private key;

the first key verification module is used for responding to the passing of the identity verification and initiating a first key verification to the vehicle-mounted terminal; responding to the first key verification, and enabling the vehicle-mounted terminal to enter a safety mode;

And the second key verification module is used for receiving the second key verification initiated by the vehicle terminal according to the network condition of the vehicle terminal and determining a verification result.

Optionally, the identity verification module is specifically configured to send the first encrypted information to the vehicle-mounted terminal, and verify, by the vehicle-mounted terminal, the identity of the mobile terminal according to the first encrypted information; receiving second encryption information which is fed back by the vehicle-mounted terminal and prestored in the vehicle-mounted terminal; the second encryption information is obtained by encrypting the terminal digital identity certificate through a second private key; decrypting the second encrypted information through a pre-stored second public key, and confirming the identity of the vehicle terminal according to the obtained terminal digital identity certificate.

Optionally, the identity verification module is further configured to decrypt the received second encrypted information to obtain a communication encryption method and a communication encryption key confirmed by the vehicle-mounted terminal; and encrypting the communication information between the follow-up vehicle terminal and the vehicle terminal by using the communication encryption method and the communication encryption key.

Optionally, the first key verification module is specifically configured to determine, in response to the authentication passing, a current serial number based on a historical serial number corresponding to third historical encryption information used by a previous key verification; determining third encryption information of the communication based on the current serial number; the third encryption information is obtained by encrypting a key information certificate through a third public key; and sending the third encrypted information to the vehicle-mounted terminal, and verifying the third encrypted information by the vehicle-mounted terminal to realize first key verification.

Optionally, the method further comprises:

an encryption information acquisition module, configured to determine whether historical encryption information is included in the mobile terminal; determining whether the historical encryption information is out of date or not in response to the inclusion of the historical encryption information, and requesting to update the historical encryption information from a cloud terminal if the historical encryption information is out of date; otherwise, the historical encryption information is used as the third encryption information; and responding to the condition that the historical encryption information is not included, requesting the cloud end to acquire the third encryption information and storing the third encryption information.

Optionally, when the encryption information acquisition module requests to the cloud to acquire and store the third encryption information, the encryption information acquisition module is configured to send an information request to the cloud; receiving the third encryption information fed back by the cloud according to the information request; storing the third encrypted information in a secure element.

the second key verification module is specifically configured to implement second key verification of the vehicle terminal and the mobile terminal through the cloud terminal in response to the network condition of the vehicle terminal being the network normal condition; and responding to the network condition of the vehicle-mounted terminal as the weak network condition, and realizing the second key verification of the vehicle-mounted terminal and the mobile terminal in a short message verification mode.

Optionally, when the second key verification module realizes the second key verification of the vehicle-mounted terminal and the mobile terminal in a short message verification manner, the second key verification module is configured to send a verification request fed back by the vehicle-mounted terminal to a communication server, and receive a first verification code fed back by the communication server according to the verification request; and sending the first verification code to the vehicle-mounted terminal, and realizing the second key verification through the vehicle-mounted terminal.

Optionally, when the second key verification module sends the first verification code to the vehicle machine end, the second key verification module is used for encrypting the first verification code through the communication encryption key to obtain an encrypted verification code; and sending the encrypted verification code to the vehicle-mounted terminal.

Optionally, the method further comprises:

the verification result module is used for controlling the vehicle-mounted terminal in response to the verification result being passing verification; and responding to the verification result that the verification is not passed, enabling the vehicle-mounted terminal to enter a safety mode, and sending out prompt information by the vehicle-mounted terminal.

According to still another aspect of the embodiment of the present application, there is provided a vehicle-mounted terminal, including:

the identity verification module is used for receiving first encryption information sent by the mobile terminal and carrying out identity verification based on the first encryption information and pre-stored second encryption information; the first encryption information is obtained by encrypting the vehicle body digital certificate through a first private key, and the second encryption information is obtained by encrypting the terminal digital identity certificate through a second private key;

The first key verification module is used for receiving a first key verification initiated by the mobile terminal in response to the authentication passing; responsive to the first key verification passing, entering a secure mode;

and the second key verification module is used for initiating second key verification according to the network condition and determining a verification result.

Optionally, the identity verification module is specifically configured to receive the first encrypted information sent by the mobile terminal, decrypt the first encrypted information according to a pre-stored first public key, and confirm the identity of the mobile terminal according to a vehicle body number digital certificate obtained by decryption; and responding to the identity of the mobile terminal is legal, sending second encryption information to the mobile terminal, and verifying the identity of the vehicle terminal according to the second encryption information by the mobile terminal.

Optionally, the identity verification module is further configured to decrypt the first encrypted information to obtain a communication encryption method and a communication encryption key confirmed by the mobile terminal; and encrypting the communication information between the subsequent mobile terminal and the communication encryption method and the communication encryption key.

Optionally, the first key verification module is specifically configured to receive third encrypted information sent by the mobile terminal and decrypt the third encrypted information with a pre-stored third private key to obtain a key information certificate; the third encryption information is obtained by encrypting a key information certificate through a third public key; and verifying the key information certificate to realize first key verification.

the first key verification module is used for obtaining the first key effective time and the private key index information in the key information certificate through decryption of the third public key when verifying the key information certificate to realize first key verification; searching and obtaining the fourth public key through the private key index information; further decrypting the key information certificate through a fourth public key to obtain the second key effective time and the key information; and verifying the key information based on the first key effective time and the second key effective time.

Optionally, the first key verification module is configured to compare the first key valid time with the second key valid time when verifying the key information based on the first key valid time and the second key valid time; responding to the fact that the effective time of the first key is equal to the effective time of the second key, and determining whether the key information is in the effective time or not according to the effective time of the second key and the current time; and confirming that the verification is passed within a valid time in response to the key information.

Optionally, the method further comprises:

the public key acquisition module is used for determining whether the vehicle-mounted terminal comprises a history public key or not; determining whether the history public key is out of date in response to the history public key being included, and requesting to update the history public key from a cloud terminal if the history public key is out of date; otherwise, taking the history public key as the fourth public key; and in response to the fact that the history public key is not included, requesting the cloud to acquire the fourth public key and storing the fourth public key.

Optionally, when the public key obtaining module requests to obtain and store the fourth public key from the cloud, the public key obtaining module is configured to send an information request to the cloud; receiving the fourth public key fed back by the cloud according to the information request; storing said fourth public key in a secure element.

the second key verification module is specifically configured to implement second key verification of the vehicle-mounted terminal and the mobile terminal through the cloud end in response to the network condition being the network normal condition; and responding to the network condition as the weak network condition, and realizing the second key verification of the vehicle-mounted terminal and the mobile terminal in a short message verification mode.

Optionally, the second key verification module is configured to send a key information certificate received from the mobile terminal to the cloud end when implementing second key verification between the vehicle terminal and the mobile terminal through the cloud end; decrypting the key information certificate through one public key of a plurality of public keys stored in the cloud to obtain key information; and the second key verification is realized by confirming whether the key information is used key information.

Optionally, the second key verification module is configured to send a verification request to the mobile terminal when implementing second key verification between the vehicle-mounted terminal and the mobile terminal in a short message verification manner; receiving a second verification code fed back by the communication server according to the verification request and a first verification code sent by the mobile terminal; comparing the first verification code with the second verification code; and determining that the second key passes verification in response to the first verification code and the second verification code being identical.

Optionally, when receiving the first verification code sent by the mobile terminal, the second key verification module is specifically configured to receive the encrypted verification code sent by the mobile terminal and obtained by encrypting the communication encryption key, and decrypt the encrypted verification code by the communication encryption key to obtain the first verification code.

Optionally, the method further comprises:

the verification result module is used for receiving the control of the mobile terminal in response to the verification result being passing verification; and responding to the verification result that the verification is not passed, entering a safety mode and sending out prompt information.

According to still another aspect of an embodiment of the present application, there is provided a communication authentication system including:

the mobile terminal according to any one of the embodiments and the vehicle terminal according to any one of the embodiments.

Optionally, the method further comprises:

the cloud end is used for sending the first encrypted information encrypted by the first private key, the third encrypted information encrypted by the third public key and the second public key to the mobile terminal, and sending the second encrypted information encrypted by the second private key, the third private key and the fourth public key to the vehicle terminal; and the key information certificate is used for receiving the key information certificate sent by the vehicle machine side, decrypting the key information certificate based on one of a plurality of stored public keys to obtain key information, and confirming whether the key information is used key information or not.

Based on the identity verification method and system, the mobile terminal and the vehicle terminal provided by the embodiment of the application, the identity verification is initiated to the vehicle terminal through the pre-stored first encryption information; the first encryption information is obtained by encrypting a vehicle body part digital certificate through a first private key; responding to the authentication passing, and initiating a first key authentication to the vehicle-mounted terminal; responding to the first key verification, and enabling the vehicle-mounted terminal to enter a safety mode; according to the network condition of the vehicle-mounted terminal, the second key verification initiated by the vehicle-mounted terminal is received, and the verification result is determined.

The technical scheme of the application is further described in detail through the drawings and the embodiments.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description, serve to explain the principles of the application.

The application may be more clearly understood from the following detailed description taken in conjunction with the accompanying drawings, in which:

Fig. 1 is a schematic flow chart of a communication verification method according to an embodiment of the present application.

Fig. 2 is a schematic flow chart of step 102 in the embodiment shown in fig. 1 of the present disclosure.

Fig. 3 is a schematic flow chart of step 104 in the embodiment shown in fig. 1 of the present disclosure.

Fig. 4 is another flow chart of a communication verification method according to an embodiment of the present application.

Fig. 5 is a schematic flow chart of step 402 in the embodiment shown in fig. 4 of the present disclosure.

Fig. 6 is a flow chart illustrating step 404 in the embodiment shown in fig. 4 of the present disclosure.

Fig. 7 is a schematic structural diagram of a mobile terminal according to an embodiment of the present application.

Fig. 8 is a schematic structural diagram of a vehicle-mounted device according to an embodiment of the present application.

Fig. 9 is a timing diagram of a mobile terminal and a vehicle terminal in the communication verification system according to the embodiment of the present application.

Detailed Description

Various exemplary embodiments of the present application will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present application unless it is specifically stated otherwise.

Meanwhile, it should be understood that the sizes of the respective parts shown in the drawings are not drawn in actual scale for convenience of description.

The following description of at least one exemplary embodiment is merely exemplary in nature and is in no way intended to limit the application, its application, or uses.

Techniques, methods, and apparatus known to one of ordinary skill in the relevant art may not be discussed in detail, but are intended to be part of the specification where appropriate.

It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further discussion thereof is necessary in subsequent figures.

Fig. 1 is a schematic flow chart of a communication verification method according to an embodiment of the present application. As shown in fig. 1, the method is applied to a mobile terminal, and the method of the embodiment includes:

step 102, initiating identity verification to the vehicle terminal through the pre-stored first encryption information.

The first encryption information is obtained by encrypting the vehicle body number digital certificate through a first private key.

Optionally, the first encrypted information in this embodiment may be obtained by encrypting the vehicle body part digital certificate with the first private key through the cloud end and then sending the encrypted information to the mobile terminal, and since the first encrypted information is encrypted with the private key, the vehicle body part needs to be decrypted with the public key corresponding to the first private key after receiving the first encrypted information, that is, in the authentication of this embodiment, the asymmetric encryption mode is adopted, so that the security of the vehicle body part digital certificate is ensured.

Step 104, in response to the passing of the identity verification, initiating a first key verification to the vehicle terminal.

Optionally, the embodiment may further include ending the authentication in response to the authentication not passing. In order to improve the security of the vehicle terminal, the vehicle terminal is not directly controlled to communicate with the mobile terminal after the authentication is passed, but the first key authentication is performed, and the key information in the mobile terminal is authenticated by the vehicle terminal in the key authentication process to determine whether the key information held by the mobile terminal is valid.

And step 106, responding to the first key verification, and entering a safety mode by the vehicle machine side.

Optionally, the embodiment may further include, in response to the first key verification failing, rejecting all the requests of the mobile terminal by the vehicle-mounted terminal, and ending the communication verification. The embodiment illustrates that only when the key information in the mobile terminal is valid, the vehicle terminal enters the security mode to perform the second key verification, so that the security of the communication between the two parties is further improved.

Alternatively, the safety mode in the present embodiment may be a mode in which a part of functions of the vehicle-side machine are limited, for example, the vehicle-side machine may open the door in the safety mode, but cannot perform other control.

And step 108, receiving a second key verification initiated by the vehicle terminal according to the network condition of the vehicle terminal, and determining a verification result.

In the prior art, when the mobile terminal communicates with the vehicle-mounted terminal, there is a requirement for the network condition, and when the network condition is weaker, the communication cannot be realized. In order to solve the problem of secure communication between the mobile terminal and the vehicle terminal under the weak network condition, the embodiment of the application needs to judge the network condition of the vehicle terminal before performing the second key verification, and respectively performs the second key verification according to the judging result (whether the network condition is a strong network condition or a weak network condition) so as to ensure that the mobile terminal and the vehicle terminal can be in secure communication under different network conditions without being limited by the network condition.

According to the identity verification method provided by the embodiment of the application, the identity verification is initiated to the vehicle terminal through the pre-stored first encryption information; the first encryption information is obtained by encrypting a vehicle body part digital certificate through a first private key; responding to the authentication passing, and initiating a first key authentication to the vehicle-mounted terminal; responding to the first key verification, and enabling the vehicle-mounted terminal to enter a safety mode; according to the network condition of the vehicle-mounted terminal, the second key verification initiated by the vehicle-mounted terminal is received, and the verification result is determined.

As shown in fig. 2, step 102 may include the following steps, based on the embodiment shown in fig. 1, described above:

and 1021, transmitting the first encrypted information to the vehicle-mounted terminal, and verifying the identity of the mobile terminal through the vehicle-mounted terminal according to the first encrypted information.

Because the first encryption information is encrypted with the vehicle body number certificate, the first encryption information is required to be sent to the corresponding vehicle body end for authentication so as to confirm the corresponding relationship between the vehicle body number certificate and the vehicle body end.

Step 1022, the receiver side feeds back the second encrypted information pre-stored in the receiver side.

The second encryption information is obtained by encrypting the terminal digital identity certificate through a second private key.

In this embodiment, the vehicle terminal stores the second encrypted information, optionally, the second encrypted information may be obtained by encrypting the terminal digital identity certificate with the second private key by the cloud terminal, and the cloud terminal sends the second encrypted information to the vehicle terminal for storage after encryption, and the vehicle terminal stores the terminal digital identity certificate, which indicates that the mobile terminal corresponding to the terminal digital identity certificate corresponds to the vehicle terminal.

Step 1023, decrypting the second encrypted information through a pre-stored second public key, and confirming the identity of the vehicle terminal according to the obtained terminal digital identity certificate.

In this embodiment, the second encrypted information is decrypted by using a second public key corresponding to the second private key of the encryption process, so as to realize asymmetric decryption, and the terminal digital identity certificate obtained by decryption is matched with the identity information in the mobile terminal, and when the terminal digital identity certificate is matched with the identity information in the mobile terminal, the vehicle-to-vehicle terminal sending the second encrypted information is indicated to correspond to the mobile terminal.

Optionally, step 102 includes, while performing authentication:

decrypting the received second encryption information to obtain a communication encryption method and a communication encryption key confirmed by the vehicle-mounted terminal; and encrypting the communication information between the follow-up vehicle terminal and the vehicle terminal by using a communication encryption method and a communication encryption key.

Optionally, in order to secure the communication process between the mobile terminal and the vehicle terminal, a symmetric encryption algorithm is required, but the process of negotiating the symmetric encryption algorithm needs to use an asymmetric encryption algorithm (in this embodiment, an authentication process) to secure the security, however, the process of directly using the asymmetric encryption is not secure, and there is a possibility that a public key is tampered with by a middle person, so in this embodiment, the mobile terminal and the vehicle terminal do not directly use a public key, but use a third party digital certificate authentication mechanism (certificate authority, CA) and a public key sent by the third party digital certificate authentication mechanism to secure the security of the asymmetric encryption process, for example, the cloud uses a first private key and a second private key to encrypt the vehicle body number certificate and the terminal identity digital certificate, respectively, and sends the first public key corresponding to the first private key to the vehicle terminal, and sends the second public key corresponding to the second private key to the mobile terminal. Negotiating a symmetric encryption algorithm through the asymmetric encryption algorithm, and encrypting all data transmitted through the communication key; therefore, other users on the network can hardly steal and tamper the data transmitted between the mobile terminal and the vehicle terminal, thereby ensuring the privacy and the integrity of the data, namely ensuring the safety of the communication content.

As shown in fig. 3, step 104 may include the following steps, based on the embodiment shown in fig. 1, described above:

step 1041, in response to the authentication passing, determining the current serial number based on the historical serial number corresponding to the third historical encryption information used by the last key authentication.

In this embodiment, the last unlocking refers to a process of sending a stored key information certificate to the vehicle machine end to request unlocking after the last passing of the first authentication; the mobile terminal stores a plurality of key information certificates, wherein each key information certificate can be applied only once, and other illegal unlocking behaviors caused by interception of a key can be effectively prevented; therefore, before the key information certificate is sent this time, the current serial number is determined by the historical serial number, for example, the current serial number is obtained by adding one to the historical serial number.

Optionally, the mobile terminal takes out the serial number (index) value of the last used key information certificate and adds 1, if no record is made, the mobile terminal starts from 0, for example, if the current index is equal to 0, reads the certificate with the serial number 1 in the plurality of key information certificates in the pre-stored Secure Element (SE), and sends the certificate to the vehicle machine side.

Step 1042, determining third encryption information of the present communication based on the current sequence number.

The third encryption information is obtained by encrypting the key information certificate through a third public key.

In order to ensure the safety of sending key information between the mobile terminal and the vehicle terminal, the embodiment transmits the key information certificate through an asymmetric encryption method.

Step 1043, transmitting the third encrypted information to the vehicle-mounted terminal, and verifying the third encrypted information by the vehicle-mounted terminal to realize the first key verification.

In this embodiment, a private key (corresponding to a third public key) and a plurality of public keys related to key information are stored in the vehicle-mounted terminal; the cloud end stores a public key corresponding to a private key of the vehicle-mounted terminal and a plurality of private keys related to key information; the mobile terminal stores a plurality of key information certificates issued by the cloud, and the key information certificates mainly comprise: the first key valid time encrypted by the third public key, the private key index information encrypted by the third public key, the second key valid time encrypted by the fourth private key, and the key information encrypted by the fourth private key.

In some alternative embodiments, prior to performing step 102, further comprising:

it is determined whether historical encryption information is included in the mobile terminal.

Determining whether the historical encryption information is out of date in response to the inclusion of the historical encryption information, and requesting the cloud to update the historical encryption information if the historical encryption information is out of date; otherwise, the historical encryption information is used as third encryption information.

And in response to the fact that the historical encryption information is not included, requesting the cloud to acquire third encryption information.

In this embodiment, the mobile terminal provides a trusted execution environment (Trusted Execution Environment, TEE) for the obtained key information certificate (in this embodiment, the encrypted third encrypted information of the key information certificate) by using the trusted execution environment, and the security of key storage is ensured by protecting confidentiality and integrity and controlling data access rights.

Optionally, requesting to obtain and store the third encrypted information from the cloud, including:

sending an information request to a cloud;

receiving third encryption information fed back by the cloud according to the information request;

the third encrypted information is stored in the secure element.

In this embodiment, when the mobile terminal does not include the third encryption information, the third party such as the cloud end needs to request to obtain the third encryption information, and store the obtained third encryption information in the secure element, where the secure element includes but is not limited to: the hardware TEE chip, the software TEE environment and the SE security element are preferably used, if the SE is not available, whether the SE can be stored in the hardware TEE is checked, if the SE is not available, whether the SE can be stored in the software TEE is checked, and therefore the secure storage of the third encrypted information is ensured.

In some alternative embodiments, the network conditions of the vehicle machine side include: network normal conditions and weak network conditions; step 106 may include, for different network conditions:

and responding to the network condition of the vehicle-mounted terminal as the network normal condition, and realizing the second key verification of the vehicle-mounted terminal and the mobile terminal through the cloud.

And responding to the condition that the network condition of the vehicle-mounted terminal is a weak network condition, and realizing the second key verification of the vehicle-mounted terminal and the mobile terminal in a short message verification mode.

In this embodiment, the second key verification is divided into two types according to the network strength of the current vehicle terminal: if the network state of the vehicle terminal is good, synchronizing the certificate sent by the intelligent terminal to the server for verification, and if the verification is passed, releasing the security mode and entering the normal mode; if the verification fails, notifying the vehicle owner of paying attention to the vehicle condition; another is to complete the verification for the third party SP short message service, for example, in the state of a 2G network capable of receiving and sending short message server, and then enter 5 minutes for timing. Within 5 minutes, the vehicle-mounted system requests to send advanced authority verification to the mobile intelligent terminal, after the mobile intelligent terminal receives the advanced authority verification, the popup prompts a user to select a safety mode and a normal mode, if the safety mode is selected, the vehicle-mounted system is informed of the direct timing end by the sending request, and the vehicle enters the safety mode; if the normal mode is selected, the mobile intelligent terminal sends a short message to the SP service to request to send a verification code, the SP service notifies the mobile intelligent terminal and the vehicle terminal after receiving the short message requesting to send the verification code, the vehicle terminal receives the verification code and stores the verification code, the mobile intelligent terminal sends the received verification code to the vehicle terminal, the vehicle terminal compares the verification code sent by the mobile intelligent terminal with the verification code stored after receiving the verification code, if the verification code is the same, the verification is passed, the vehicle terminal stops timing, and the vehicle enters the normal mode; if the verification codes are different, the vehicle-mounted system sends a request to feed back the intelligent terminal to prompt that the verification codes are wrong, the logic sequence is circulated until the verification codes pass verification. After 5 minutes, the vehicle-mounted system automatically enters a safety mode.

If the vehicle is in a network-free state, the vehicle automatically enters a safety mode; after the vehicle runs to a place with good network conditions, the certificate sent by the intelligent terminal is synchronously moved to a server for verification after the vehicle is connected to the internet, if the verification is passed, the security mode is released, and the normal mode is entered; if the verification fails, the vehicle owner is informed of paying attention to the vehicle condition.

Optionally, the short message authentication process may include:

sending a verification request fed back by the vehicle-mounted terminal to the communication server, and receiving a first verification code fed back by the communication server according to the verification request; and sending the first verification code to the vehicle machine end, and realizing the second key verification through the vehicle machine end.

In this embodiment, in order to improve the security of the transmission of the verification code between the mobile terminal and the vehicle-mounted terminal, optionally, the first verification code is encrypted by the communication encryption key to obtain an encrypted verification code; and sending the encrypted verification code to the vehicle machine side. The first verification code is encrypted by the symmetric encryption password obtained through asymmetric encryption negotiation during identity verification, and the encrypted encryption verification code is transmitted, so that the safety of the first verification code is enhanced.

In some optional embodiments, the method provided in this embodiment further includes:

Responding to the verification result as passing verification, and controlling the vehicle-mounted terminal;

In this embodiment, after the mobile terminal passes the key verification twice, the control right to the vehicle machine end is obtained, so as to realize the control to the vehicle machine end, for example, unlocking, starting an air conditioner and the like; safety control of the vehicle is realized; when the verification result shows that the vehicle is not verified, the vehicle end enters a safety mode to ensure the safety of the vehicle end, the vehicle is prevented from being controlled by the unauthorized terminal, the safety of the vehicle is improved, and meanwhile prompt information can be sent to a vehicle owner.

Fig. 4 is another flow chart of a communication verification method according to an embodiment of the present application. As shown in fig. 4, the method is applied to a vehicle machine, and the method in this embodiment includes:

step 402, receiving first encrypted information sent by the mobile terminal, and performing identity verification based on the first encrypted information and pre-stored second encrypted information.

The first encryption information is obtained by encrypting the vehicle body digital certificate through a first private key, and the second encryption information is obtained by encrypting the terminal digital identity certificate through a second private key.

Optionally, in this embodiment, the vehicle-mounted terminal verifies the identity of the mobile terminal according to the received first encrypted information, and sends second encrypted information to the mobile terminal for verification; the second encrypted information can be obtained by encrypting the terminal digital identity certificate through the cloud with the second private key and then sending the encrypted terminal digital identity certificate to the vehicle-mounted terminal, and because the second encrypted information is encrypted through the private key, the mobile terminal needs to decrypt the terminal digital identity certificate by using the public key corresponding to the second private key after receiving the second encrypted information, namely, in the authentication of the mobile terminal, the terminal digital identity certificate is achieved in an asymmetric encryption mode, and the security of the terminal digital identity certificate is guaranteed.

Step 404, in response to the authentication passing, receiving a first key authentication initiated by the mobile terminal.

Step 406, in response to the first key verification pass, entering a secure mode.

Step 408, according to the network condition, initiating a second key verification, and determining a verification result.

According to the identity verification method provided by the embodiment of the application, the first encrypted information sent by the mobile terminal is received, and the identity verification is performed based on the first encrypted information and the pre-stored second encrypted information; the first encryption information is obtained by encrypting the vehicle body digital certificate through a first private key, and the second encryption information is obtained by encrypting the terminal digital identity certificate through a second private key; receiving a first key verification initiated by the mobile terminal in response to the authentication passing; responsive to the first key verification passing, entering a secure mode; according to the network condition, the second key verification is initiated, and the verification result is determined, and through the identity verification and the two-time key verification, the embodiment verifies that the identities of both communication parties are legal, so that relevant information such as a communication key and a communication protocol at any one end is prevented from being leaked, and the situation that an attacker maliciously controls a vehicle to further cause a safety accident is avoided.

As shown in fig. 5, based on the embodiment shown in fig. 4, step 402 may include the following steps:

step 4021, receiving the first encrypted information sent by the mobile terminal, decrypting the first encrypted information according to the pre-stored first public key, and confirming the identity of the mobile terminal according to the number of digital certificates of the vehicle body obtained by decryption.

In step 4022, in response to the identity of the mobile terminal being legal, the second encryption information is sent to the mobile terminal, and the mobile terminal verifies the identity of the vehicle terminal according to the second encryption information.

Optionally, the method may further include stopping authentication in response to the identity of the mobile terminal being illegal, and may further send information to prompt the owner of the vehicle to access illegally.

In the embodiment, bidirectional identity verification is realized by storing the identity digital certificate of the vehicle machine at the mobile terminal and storing the identity digital certificate of the terminal at the vehicle machine end; the vehicle terminal compares the received vehicle body digital certificate with the local identifier to determine whether the identity of the terminal equipment sending the vehicle body digital certificate is legal, and only when the identity of the mobile terminal is legal, the vehicle terminal sends second encryption information to the mobile terminal, and the mobile terminal verifies the identity of the vehicle terminal according to the second encryption information.

Optionally, step 402 includes, while performing authentication:

decrypting the first encryption information to obtain a communication encryption method and a communication encryption key confirmed by the mobile terminal; and encrypting the communication information between the follow-up mobile terminal by using the communication encryption method and the communication encryption key.

In this embodiment, in order to ensure the security of the communication process between the mobile terminal and the vehicle terminal, a symmetric encryption algorithm is used, and in order to improve the security of the negotiation symmetric encryption algorithm process, an asymmetric encryption algorithm is used to perform algorithm negotiation, and the security of the secret key used in the asymmetric encryption process is solved by the security element. By means of the mechanisms, a symmetrical encryption algorithm and a secret key are negotiated during identity authentication, and subsequent communication security of the two parties is achieved.

As shown in fig. 6, on the basis of the embodiment shown in fig. 4, step 404 may include the following steps:

step 4041, the third encrypted information sent by the mobile terminal is received and decrypted by using the pre-stored third private key to obtain the key information certificate.

Step 4042, the key information certificate is verified, and the first key verification is implemented.

Optionally, the key information certificate includes: the first key valid time encrypted by the third public key, the private key index information encrypted by the third public key, and the second key valid time and key information encrypted by the fourth private key; wherein each private key index information corresponds to a fourth public key;

optionally, step 4042 includes:

obtaining first key effective time and private key index information in a key information certificate through third public key decryption;

searching and obtaining a fourth public key through the private key index information;

further decrypting the key information certificate through the fourth public key to obtain second key effective time and key information;

The key information is verified based on the first key valid time and the second key valid time.

Based on the secure communication, after the vehicle-mounted terminal receives the key information, decrypting the third encrypted information by using a third private key corresponding to the third public key, and obtaining the first effective time and private key index (index) information in the key information certificate after decrypting; and finding out a corresponding fourth public key according to the index, decrypting the key information certificate by using the fourth public key to obtain second key effective time and key information, determining whether the key information is effective by comparing whether the first key effective time and the second key effective time are consistent, and finishing the authentication of the key information to obtain the effective key information when the first key effective time and the second key effective time are consistent and the key information does not exceed the first key effective time (or the second key effective time).

Optionally, verifying the key information based on the first key valid time and the second key valid time includes:

comparing the effective time of the first key with the effective time of the second key;

responding to the fact that the effective time of the first key is equal to the effective time of the second key, and determining whether key information is in the effective time according to the effective time of the second key and the current time;

Verification is confirmed to pass within a valid time in response to the key information.

In some alternative embodiments, prior to performing step 402, further comprising:

and determining whether the history public key is included in the vehicle terminal.

In response to including the history public key, determining whether the history public key is expired, and if so, requesting the cloud to update the history public key; otherwise, the history public key is used as a fourth public key;

and in response to the history public key not being included, requesting the cloud to acquire and store a fourth public key.

In this embodiment, when the vehicle terminal and the mobile intelligent terminal are in normal network, the mobile intelligent terminal requests to acquire the cloud in advance to acquire a plurality of key information certificates (encrypted into third encrypted information) and stores the key information certificates in a secure environment; the vehicle machine side pre-acquires public keys corresponding to the key information certificates (fourth public keys corresponding to the third encryption information) through an SCP03 protocol in advance and stores the public keys in a safety environment, a hardware TEE chip, a software TEE environment and an SE safety element are safely stored, if the public keys are not available, the SE is preferentially used, whether the public keys can be stored in the hardware TEE is checked, if the public keys are not available, whether the public keys can be stored in the software TEE is checked, and the safety storage problem of the digital certificates is ensured. The SE safety element is provided with an encryption/decryption logic circuit, and the vehicle-mounted terminal obtains a cloud key certificate through an SCP03 protocol and stores a key in the SE safety element so as to ensure the key storage safety. Optionally, requesting the cloud to obtain and store the fourth public key includes:

Sending an information request to a cloud;

receiving a fourth public key fed back by the cloud according to the information request;

the fourth public key is stored in the secure element.

In some alternative embodiments, the network conditions of the vehicle machine side include: network normal conditions and weak network conditions; step 406 may include, for different network conditions:

and responding to the weak network condition, and realizing the second key verification of the vehicle machine end and the mobile terminal in a short message verification mode.

In this embodiment, the second key verification is divided into two types according to the network strength of the current vehicle terminal: if the network state of the vehicle terminal is good, synchronizing the certificate sent by the intelligent terminal to the server for verification, and if the verification is passed, releasing the security mode and entering the normal mode; if the verification fails, notifying the vehicle owner of paying attention to the vehicle condition; and the other is used for completing verification for the third party SP short message service.

Optionally, the second key verification is implemented through the cloud, including:

In this embodiment, when the network condition of the vehicle-mounted terminal is the network normal condition, the vehicle-mounted terminal initiates the second key verification, and at this time, the vehicle-mounted terminal sends the received key information certificate to the cloud for verification, so that the possibility that the local verification may be tampered is avoided, and the security and reliability of the key certificate verification are improved.

Optionally, the second key verification is implemented by means of short message verification, including:

sending a verification request to the mobile terminal;

comparing the first verification code with the second verification code;

and determining that the second key passes verification in response to the first verification code and the second verification code being the same.

In this embodiment, the second key verification at both ends is implemented through a verification code sent by a communication server (for example, SP service, etc.), the acquisition of the verification code is requested by the mobile terminal to the communication server, and the communication server feeds back the first verification code and the second verification code with the same content to the mobile terminal and the vehicle machine respectively; the vehicle machine side compares whether the first verification code received from the mobile terminal is identical to the second verification code received from the communication service side, and when the first verification code is identical to the second verification code, the identity verification is confirmed to pass.

Optionally, receiving the first verification code sent by the mobile terminal includes: the receiving mobile terminal sends the encrypted verification code obtained by encrypting the communication encryption key, and decrypts the encrypted verification code by the communication encryption key to obtain the first verification code.

Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the above method embodiments may be implemented by hardware associated with program instructions, where the foregoing program may be stored in a computer readable storage medium, and when executed, the program performs steps including the above method embodiments; and the aforementioned storage medium includes: various media that can store program code, such as ROM, RAM, magnetic or optical disks.

Fig. 7 is a schematic structural diagram of a mobile terminal according to an embodiment of the present application. The mobile terminal of this embodiment may be used to implement the above-described method embodiments of the present application. As shown in fig. 7, the mobile terminal of this embodiment includes:

the identity verification module 71 is configured to initiate identity verification to the vehicle terminal through the pre-stored first encryption information.

A first key verification module 72, configured to initiate a first key verification to the vehicle machine end in response to passing of the authentication; and responding to the first key verification, and entering a safety mode by the vehicle machine side.

And the second key verification module 73 is configured to receive the second key verification initiated by the vehicle terminal according to the network condition of the vehicle terminal, and determine a verification result.

The mobile terminal provided by the embodiment of the application initiates identity verification to the vehicle terminal through the prestored first encryption information; the first encryption information is obtained by encrypting the vehicle body part digital certificate through a first private key; responding to the passing of the identity verification, and initiating a first key verification to the vehicle-mounted terminal; responding to the first key verification, and enabling the vehicle-mounted terminal to enter a safety mode; according to the network condition of the vehicle-mounted terminal, the second key verification initiated by the vehicle-mounted terminal is received, and the verification result is determined.

In some alternative embodiments, the identity verification module 71 is specifically configured to send the first encrypted information to the vehicle-mounted terminal, and verify, by the vehicle-mounted terminal, the identity of the mobile terminal according to the first encrypted information; the receiving vehicle machine feeds back second encryption information pre-stored in the vehicle machine; the second encryption information is obtained by encrypting the terminal digital identity certificate through a second private key; decrypting the second encrypted information through a pre-stored second public key, and confirming the identity of the vehicle terminal according to the obtained terminal digital identity certificate.

Optionally, the identity verification module 71 is further configured to decrypt the received second encrypted information to obtain a communication encryption method and a communication encryption key confirmed by the vehicle-mounted terminal; and encrypting the communication information between the follow-up vehicle terminal and the vehicle terminal by using a communication encryption method and a communication encryption key.

Optionally, the first key verification module 72 is specifically configured to determine, in response to the authentication passing, a current serial number based on a historical serial number corresponding to the third historical encryption information used by the previous key verification; determining third encryption information of the communication based on the current sequence number; the third encryption information is obtained by encrypting the key information certificate through a third public key; and sending the third encrypted information to the vehicle-mounted terminal, and verifying the third encrypted information by the vehicle-mounted terminal to realize first key verification.

Optionally, the mobile terminal provided in this embodiment further includes:

the encryption information acquisition module is used for determining whether the mobile terminal comprises historical encryption information or not; determining whether the historical encryption information is out of date in response to the inclusion of the historical encryption information, and requesting the cloud to update the historical encryption information if the historical encryption information is out of date; otherwise, the historical encryption information is used as third encryption information; and in response to the fact that the historical encryption information is not included, requesting the cloud to acquire and store third encryption information.

Optionally, when the encryption information acquisition module requests to acquire and store the third encryption information from the cloud, the encryption information acquisition module is used for sending an information request to the cloud; receiving third encryption information fed back by the cloud according to the information request; the third encrypted information is stored in the secure element.

In some alternative embodiments, the network conditions of the vehicle machine side include: network normal conditions and weak network conditions;

the second key verification module 73 is specifically configured to implement, by the cloud, a second key verification of the vehicle-mounted terminal and the mobile terminal in response to the network condition of the vehicle-mounted terminal being a network normal condition; and responding to the condition that the network condition of the vehicle-mounted terminal is a weak network condition, and realizing the second key verification of the vehicle-mounted terminal and the mobile terminal in a short message verification mode.

Optionally, when the second key verification module 73 performs the second key verification of the vehicle-mounted terminal and the mobile terminal in the short message verification manner, the second key verification module is configured to send a verification request fed back by the vehicle-mounted terminal to the communication server, and receive a first verification code fed back by the communication server according to the verification request; and sending the first verification code to the vehicle machine end, and realizing the second key verification through the vehicle machine end.

Optionally, when the second key verification module 73 sends the first verification code to the vehicle machine end, the second key verification module is configured to encrypt the first verification code by using the communication encryption key to obtain an encrypted verification code; and sending the encrypted verification code to the vehicle machine side.

In some optional embodiments, the mobile terminal provided in this embodiment further includes:

Fig. 8 is a schematic structural diagram of a vehicle-mounted device according to an embodiment of the present application. The mobile terminal of this embodiment may be used to implement the above-described method embodiments of the present application. As shown in fig. 8, the vehicle-mounted device of this embodiment includes:

the authentication module 81 is configured to receive the first encrypted information sent by the mobile terminal, and perform authentication based on the first encrypted information and the pre-stored second encrypted information.

A first key verification module 82, configured to receive a first key verification initiated by the mobile terminal in response to the authentication passing; in response to the first key verification pass, a secure mode is entered.

The second key verification module 83 is configured to initiate a second key verification according to the network condition, and determine a verification result.

The vehicle-mounted terminal provided by the embodiment of the application receives the first encrypted information sent by the mobile terminal, and performs identity verification based on the first encrypted information and the pre-stored second encrypted information; the first encryption information is obtained by encrypting the vehicle body digital certificate through a first private key, and the second encryption information is obtained by encrypting the terminal digital identity certificate through a second private key; receiving a first key verification initiated by the mobile terminal in response to the authentication passing; in response to the first key verification pass, entering a secure mode; according to the network condition, the second key verification is initiated, and the verification result is determined, and through the identity verification and the two-time key verification, the embodiment verifies that the identities of both communication parties are legal, so that relevant information such as a communication key and a communication protocol at any one end is prevented from being leaked, and the situation that an attacker maliciously controls a vehicle to further cause a safety accident is avoided.

In some alternative embodiments, the identity verification module 81 is specifically configured to receive first encrypted information sent by the mobile terminal, decrypt the first encrypted information according to a pre-stored first public key, and confirm the identity of the mobile terminal according to the vehicle body number certificate obtained by decryption; and responding to the identity legitimacy of the mobile terminal, sending second encryption information to the mobile terminal, and verifying the identity of the vehicle terminal according to the second encryption information by the mobile terminal.

Optionally, the identity verification module 81 is further configured to decrypt the first encrypted information to obtain a communication encryption method and a communication encryption key confirmed by the mobile terminal; and encrypting the communication information between the follow-up mobile terminal by using the communication encryption method and the communication encryption key.

In some optional embodiments, the first key verification module 82 is specifically configured to receive the third encrypted information sent by the mobile terminal and decrypt the third encrypted information with a pre-stored third private key to obtain a key information certificate; the third encryption information is obtained by encrypting the key information certificate through a third public key; and verifying the key information certificate to realize the first key verification.

the first key verification module 82 is configured to obtain, when verifying the key information certificate and implementing the first key verification, the first key valid time and the private key index information in the key information certificate through decryption of the third public key; searching and obtaining a fourth public key through the private key index information; further decrypting the key information certificate through the fourth public key to obtain second key effective time and key information; the key information is verified based on the first key valid time and the second key valid time.

Optionally, the first key verification module 82 is configured to compare the first key valid time and the second key valid time when verifying the key information based on the first key valid time and the second key valid time; responding to the fact that the effective time of the first key is equal to the effective time of the second key, and determining whether key information is in the effective time according to the effective time of the second key and the current time; verification is confirmed to pass within a valid time in response to the key information.

Optionally, the vehicle-mounted device provided in this embodiment further includes:

the public key acquisition module is used for determining whether the vehicle machine side comprises a history public key or not; in response to including the history public key, determining whether the history public key is expired, and if so, requesting the cloud to update the history public key; otherwise, the history public key is used as a fourth public key; and in response to the history public key not being included, requesting the cloud to acquire and store a fourth public key.

Optionally, when the public key obtaining module requests to obtain and store the fourth public key from the cloud, the public key obtaining module is configured to send an information request to the cloud; receiving a fourth public key fed back by the cloud according to the information request; the fourth public key is stored in the secure element.

In some alternative embodiments, the network conditions include: network normal conditions and weak network conditions;

The second key verification module 83 is specifically configured to implement, by using the cloud, a second key verification of the vehicle-mounted terminal and the mobile terminal in response to the network condition being a network normal condition; and responding to the weak network condition, and realizing the second key verification of the vehicle machine end and the mobile terminal in a short message verification mode.

Optionally, the second key verification module 83 is configured to send the key information certificate received from the mobile terminal to the cloud end when implementing the second key verification of the vehicle end and the mobile terminal through the cloud end; decrypting the key information certificate through one public key of a plurality of public keys stored in the cloud to obtain key information; and the second key verification is realized by confirming whether the key information is used key information.

Optionally, the second key verification module 83 is configured to send a verification request to the mobile terminal when implementing a second key verification between the vehicle terminal and the mobile terminal in a short message verification manner; receiving a second verification code fed back by the communication server according to the verification request and a first verification code sent by the mobile terminal; comparing the first verification code with the second verification code; and determining that the second key passes verification in response to the first verification code and the second verification code being the same.

Optionally, the second key verification module 83 is specifically configured to, when receiving the first verification code sent by the mobile terminal, receive the encrypted verification code sent by the mobile terminal and encrypted by the communication encryption key, and decrypt the encrypted verification code by the communication encryption key to obtain the first verification code.

Optionally, the method further comprises:

According to another aspect of an embodiment of the present application, there is provided a communication authentication system including:

the mobile terminal provided by any one of the embodiments and the vehicle-mounted terminal provided by any one of the embodiments.

Fig. 9 is a timing diagram of a mobile terminal (mobile intelligent terminal) and a vehicle terminal in the communication verification system according to the embodiment of the present application. As shown in fig. 9, when the vehicle terminal or the mobile intelligent terminal is in a weak network environment, communication is performed through bluetooth.

The mobile intelligent terminal reads the number of the digital certificate of the identification vehicle body built in the TEE environment in advance and sends the number of the digital certificate to the vehicle body. The vehicle terminal verifies the certificate and confirms that the identity of the mobile intelligent terminal is legal; the vehicle terminal reads the digital certificate of the mobile terminal identity which is built in advance and sends the digital certificate to the mobile intelligent terminal, the mobile intelligent terminal verifies the certificate, the identity of the vehicle terminal is confirmed to be legal, the communication encryption algorithm is negotiated in the process, and the communication encryption algorithm is confirmed.

The mobile intelligent terminal takes out and records the serial number index value of the last used key information certificate plus 1, if not, for example, the current index is equal to 0, then reads the certificate with the sequence of 1 in a plurality of key information certificates stored in the SE safety element in advance, sends the certificate to the vehicle terminal, and the vehicle terminal receives the key information certificate and decrypts the public key encryption information in the key by using the private key to obtain the effective time in the key information and the index information of the public key and determine that the key information certificate is legal; and (3) confirming that the index is equal to lastIndex (index value passed by last verification is increased by 1), otherwise, failing to authenticate key information, if the index passes the verification, then reporting the lastIndex to the cloud, and if not, sending a short message to inform the vehicle owner whether the vehicle is safe. And then, finding out the corresponding public key according to the index, decrypting to obtain the key effective time encrypted by the private key, comparing the key information to be consistent, and confirming that the key is in the effective period to finish the key information authentication.

At this time, the vehicle (the vehicle-mounted device) enters a safety mode, and in order to ensure the safety of the vehicle, the key information needs to be confirmed for the second time. The secondary confirmation execution scheme is divided into two types according to the current vehicle network strength: the cloud verification is completed for the third party SP short message service.

If the vehicle network state is good, synchronizing the certificate sent by the mobile intelligent terminal to the cloud for verification, and if the verification is passed, releasing the security mode and entering the normal mode; if the verification fails, the vehicle owner is informed of paying attention to the vehicle condition.

If the network is in the state of a 2G network capable of receiving and transmitting short message server, the timing of 5 minutes is entered. Within 5 minutes, the vehicle-mounted system requests to send advanced authority verification to the mobile intelligent terminal, after the mobile intelligent terminal receives the advanced authority verification, the popup prompts a user to select a safety mode and a normal mode, if the safety mode is selected, the vehicle-mounted system is informed of the direct timing end by the sending request, and the vehicle enters the safety mode; if the normal mode is selected, the mobile intelligent terminal sends a short message to the SP service to request to send a verification code, the SP service notifies the mobile intelligent terminal and the vehicle terminal after receiving the short message requesting to send the verification code, the vehicle terminal receives the verification code and stores the verification code, the mobile intelligent terminal sends the received verification code to the vehicle terminal, the vehicle terminal compares the verification code sent by the mobile intelligent terminal with the verification code stored after receiving the verification code, if the verification code is the same, the verification is passed, the vehicle terminal stops timing, and the vehicle enters the normal mode; if the verification codes are different, the vehicle-mounted system sends a request to feed back the intelligent terminal to prompt that the verification codes are wrong, the logic sequence is circulated until the verification codes pass verification. After 5 minutes, the vehicle-mounted system automatically enters a safety mode.

Optionally, the communication verification system may further include:

the cloud end is used for sending the first encrypted information encrypted by the first private key, the third encrypted information encrypted by the third public key and the second public key to the mobile terminal, and sending the second encrypted information encrypted by the second private key, the third private key and the fourth public key to the vehicle terminal; and the key information certificate is used for receiving the key information certificate sent by the vehicle machine side, decrypting the key information certificate based on one of the stored public keys to obtain key information, and confirming whether the key information is used key information.

The method and apparatus of the present application may be implemented in a number of ways. For example, the methods and apparatus of the present application may be implemented by software, hardware, firmware, or any combination of software, hardware, firmware. The above-described sequence of steps for the method is for illustration only, and the steps of the method of the present application are not limited to the sequence specifically described above unless specifically stated otherwise. Furthermore, in some embodiments, the present application may also be embodied as programs recorded in a recording medium, the programs including machine-readable instructions for implementing the methods according to the present application. Thus, the present application also covers a recording medium storing a program for executing the method according to the present application.

The description of the present application has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the application in the form disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art. The embodiments were chosen and described in order to best explain the principles of the application and the practical application, and to enable others of ordinary skill in the art to understand the application for various embodiments with various modifications as are suited to the particular use contemplated.

Claims

1. A communication authentication method, applied to a mobile terminal, comprising:

responding to the first key verification, and enabling the vehicle-mounted terminal to enter a safety mode; the safety mode is a mode in which part of functions of a vehicle-mounted terminal are limited;

receiving a second key verification initiated by the vehicle-mounted terminal according to the network condition of the vehicle-mounted terminal, and determining a verification result; the network conditions of the vehicle-mounted terminal comprise: network normal conditions and weak network conditions;

responding to the network condition of the vehicle-mounted terminal as the weak network condition, and realizing the second key verification of the vehicle-mounted terminal and the mobile terminal in a short message verification mode;

the second key verification of the vehicle-mounted terminal and the mobile terminal is realized in a short message verification mode, and the method comprises the following steps:

2. The method of claim 1, wherein the initiating the authentication to the vehicle terminal through the pre-stored first encrypted information comprises:

3. The method according to claim 2, wherein the step of initiating authentication to the vehicle terminal through the pre-stored first encrypted information further comprises:

4. A method according to claim 3, wherein said initiating a first key verification to the vehicle-side in response to the authentication passing comprises:

5. The method of claim 4, further comprising, prior to initiating authentication to the vehicle side via the pre-stored first encrypted information:

6. The method of claim 5, wherein requesting the cloud to obtain and store the third encrypted information comprises:

sending an information request to the cloud;

storing the third encrypted information in a secure element.

7. The method according to any one of claims 3-6, wherein the sending the first verification code to the vehicle side includes:

and sending the encrypted verification code to the vehicle-mounted terminal.

8. The method of any one of claims 1-6, further comprising:

9. The communication verification method is characterized by being applied to a vehicle-mounted terminal and comprising the following steps of:

responsive to the first key verification passing, entering a secure mode; the safety mode is a mode in which part of functions of a vehicle-mounted terminal are limited;

Initiating a second key verification according to the network condition, and determining a verification result; the network conditions include: network normal conditions and weak network conditions;

responding to the network condition as the weak network condition, and realizing the second key verification of the vehicle-mounted terminal and the mobile terminal in a short message verification mode;

the second key verification of the vehicle terminal and the mobile terminal is realized through the cloud, and the method comprises the following steps:

10. The method of claim 9, wherein the receiving the first encrypted information sent by the mobile terminal, and performing authentication based on the first encrypted information, comprises:

11. The method of claim 10, wherein the receiving the first encrypted information sent by the mobile terminal, while performing authentication based on the first encrypted information and the pre-stored second encrypted information, further comprises:

12. The method of claim 11, wherein the receiving the first key verification initiated by the mobile terminal in response to the authentication passing comprises:

13. The method of claim 12, wherein the key information certificate includes: a first key valid time encrypted by the third public key, private key index information encrypted by the third public key, and a second key valid time and key information encrypted by a fourth private key; wherein each private key index information corresponds to a fourth public key;

the verifying the key information certificate comprises the following steps:

14. The method of claim 13, wherein the validating the key information based on the first key valid time and the second key valid time comprises:

Comparing the first key effective time with the second key effective time;

15. The method of claim 14, wherein prior to receiving the first encrypted information sent by the mobile terminal and performing authentication based on the first encrypted information and the pre-stored second encrypted information, further comprising:

16. The method of claim 15, wherein requesting the cloud to obtain and store the fourth public key comprises:

sending an information request to the cloud;

storing said fourth public key in a secure element.

17. The method according to any one of claims 12-16, wherein the implementing the second key verification between the vehicle-mounted terminal and the mobile terminal by means of short message verification includes:

sending a verification request to the mobile terminal;

comparing the first verification code with the second verification code;

18. The method of claim 17, wherein the receiving the first authentication code sent by the mobile terminal comprises:

and receiving an encryption verification code which is transmitted by the mobile terminal and is obtained by encryption through the communication encryption key, and decrypting the encryption verification code through the communication encryption key to obtain the first verification code.

19. The method according to any one of claims 9-16, further comprising:

20. A mobile terminal, comprising:

the first key verification module is used for responding to the passing of the identity verification and initiating a first key verification to the vehicle-mounted terminal; responding to the first key verification, and enabling the vehicle-mounted terminal to enter a safety mode; the safety mode is a mode in which part of functions of a vehicle-mounted terminal are limited;

the second key verification module is used for receiving a second key verification initiated by the vehicle terminal according to the network condition of the vehicle terminal and determining a verification result; the network conditions of the vehicle-mounted terminal comprise: network normal conditions and weak network conditions;

the second key verification module is specifically configured to implement second key verification of the vehicle terminal and the mobile terminal through the cloud terminal in response to the network condition of the vehicle terminal being the network normal condition; responding to the network condition of the vehicle-mounted terminal as the weak network condition, and realizing the second key verification of the vehicle-mounted terminal and the mobile terminal in a short message verification mode;

The second key verification module is used for sending a verification request fed back by the vehicle machine side to a communication service side and receiving a first verification code fed back by the communication service side according to the verification request when the vehicle machine side and the mobile terminal are subjected to second key verification in a short message verification mode; and sending the first verification code to the vehicle-mounted terminal, and realizing the second key verification through the vehicle-mounted terminal.

21. The mobile terminal according to claim 20, wherein the identity verification module is specifically configured to send the first encrypted information to the vehicle terminal, and verify, by the vehicle terminal, the identity of the mobile terminal according to the first encrypted information; receiving second encryption information which is fed back by the vehicle-mounted terminal and is pre-stored in the vehicle-mounted terminal; the second encryption information is obtained by encrypting the terminal digital identity certificate through a second private key; decrypting the second encrypted information through a pre-stored second public key, and confirming the identity of the vehicle terminal according to the obtained terminal digital identity certificate.

22. The mobile terminal according to claim 21, wherein the authentication module is further configured to decrypt the received second encrypted information to obtain a communication encryption method and a communication encryption key confirmed by the vehicle-mounted terminal; and encrypting the communication information between the follow-up vehicle terminal and the vehicle terminal by using the communication encryption method and the communication encryption key.

23. The mobile terminal of claim 22, wherein the first key verification module is specifically configured to determine, in response to the authentication passing, a current serial number based on a historical serial number corresponding to third historical encryption information used by a previous key verification; determining third encryption information of the communication based on the current serial number; the third encryption information is obtained by encrypting a key information certificate through a third public key; and sending the third encrypted information to the vehicle-mounted terminal, and verifying the third encrypted information by the vehicle-mounted terminal to realize first key verification.

24. The mobile terminal of claim 23, further comprising:

25. The mobile terminal according to claim 24, wherein the encrypted information obtaining module is configured to send an information request to the cloud end when the encrypted information obtaining module requests to obtain and store the third encrypted information from the cloud end; receiving the third encryption information fed back by the cloud according to the information request; storing the third encrypted information in a secure element.

26. The mobile terminal according to any one of claims 23-25, wherein the second key verification module is configured to encrypt the first verification code by the communication encryption key to obtain an encrypted verification code when sending the first verification code to the vehicle side; and sending the encrypted verification code to the vehicle-mounted terminal.

27. The mobile terminal according to any of the claims 20-25, further comprising:

28. A vehicle-mounted terminal, comprising:

The first key verification module is used for receiving a first key verification initiated by the mobile terminal in response to the authentication passing; responsive to the first key verification passing, entering a secure mode; the safety mode is a mode in which part of functions of a vehicle-mounted terminal are limited;

the second key verification module is used for initiating a second key verification according to the network condition and determining a verification result; the network conditions include: network normal conditions and weak network conditions;

the second key verification module is specifically configured to implement second key verification of the vehicle-mounted terminal and the mobile terminal through the cloud end in response to the network condition being the network normal condition; responding to the network condition as the weak network condition, and realizing the second key verification of the vehicle-mounted terminal and the mobile terminal in a short message verification mode;

the second key verification module is used for sending a key information certificate received from the mobile terminal to the cloud end when the second key verification of the vehicle machine end and the mobile terminal is realized through the cloud end; decrypting the key information certificate through one public key of a plurality of public keys stored in the cloud to obtain key information; and the second key verification is realized by confirming whether the key information is used key information.

29. The vehicle-mounted terminal according to claim 28, wherein the identity verification module is specifically configured to receive the first encrypted information sent by the mobile terminal, decrypt the first encrypted information according to a pre-stored first public key, and confirm the identity of the mobile terminal according to a vehicle-mounted digital certificate obtained by decryption; and responding to the identity of the mobile terminal is legal, sending second encryption information to the mobile terminal, and verifying the identity of the vehicle terminal according to the second encryption information by the mobile terminal.

30. The vehicle-mounted terminal according to claim 29, wherein the identity authentication module is further configured to decrypt the first encrypted information to obtain a communication encryption method and a communication encryption key confirmed by the mobile terminal; and encrypting the communication information between the subsequent mobile terminal and the communication encryption method and the communication encryption key.

31. The vehicle-mounted terminal according to claim 30, wherein the first key verification module is specifically configured to receive third encrypted information sent by the mobile terminal and decrypt the third encrypted information with a pre-stored third private key to obtain a key information certificate; the third encryption information is obtained by encrypting a key information certificate through a third public key; and verifying the key information certificate to realize first key verification.

32. The vehicle-mounted device according to claim 31, wherein the key information certificate includes: a first key valid time encrypted by the third public key, private key index information encrypted by the third public key, and a second key valid time and key information encrypted by a fourth private key; wherein each private key index information corresponds to a fourth public key;

33. The vehicle-mounted device of claim 32, wherein the first key verification module is configured to compare the first key validity time with the second key validity time when verifying the key information based on the first key validity time and the second key validity time; responding to the fact that the effective time of the first key is equal to the effective time of the second key, and determining whether the key information is in the effective time or not according to the effective time of the second key and the current time; and confirming that the verification is passed within a valid time in response to the key information.

34. The vehicle-mounted end of claim 33, further comprising:

35. The vehicle-mounted device of claim 34, wherein the public key obtaining module is configured to send an information request to the cloud end when obtaining and storing the fourth public key from the cloud end; receiving the fourth public key fed back by the cloud according to the information request; storing said fourth public key in a secure element.

36. The vehicle-mounted terminal according to any one of claims 31-35, wherein the second key verification module is configured to send a verification request to the mobile terminal when implementing a second key verification between the vehicle-mounted terminal and the mobile terminal by means of a short message verification; receiving a second verification code fed back by the communication server according to the verification request and a first verification code sent by the mobile terminal; comparing the first verification code with the second verification code; and determining that the second key passes verification in response to the first verification code and the second verification code being identical.

37. The vehicle-mounted terminal according to claim 36, wherein the second key verification module is configured to, when receiving the first verification code sent by the mobile terminal, specifically receive an encrypted verification code sent by the mobile terminal and obtained by encrypting the communication encryption key, and decrypt the encrypted verification code by using the communication encryption key to obtain the first verification code.

38. The vehicle-mounted end of any of claims 28-35, further comprising:

39. A communication verification system, comprising:

a mobile terminal as claimed in any one of claims 20 to 27 and a vehicle terminal as claimed in any one of claims 28 to 38.

40. The system of claim 39, further comprising:

the cloud end is used for sending the first encrypted information encrypted by the first private key, the third encrypted information encrypted by the third public key and the second public key to the mobile terminal, and sending the second encrypted information encrypted by the second private key, the third private key and the fourth public key to the vehicle terminal; and the key information certificate is used for receiving the key information certificate sent by the vehicle machine side, decrypting the key information certificate based on one public key in a plurality of stored public keys to obtain key information, and confirming whether the key information is used key information or not.