CN111200496B - Digital key implementation method based on vehicle - Google Patents

Digital key implementation method based on vehicle Download PDF

Info

Publication number
CN111200496B
CN111200496B CN201911069314.6A CN201911069314A CN111200496B CN 111200496 B CN111200496 B CN 111200496B CN 201911069314 A CN201911069314 A CN 201911069314A CN 111200496 B CN111200496 B CN 111200496B
Authority
CN
China
Prior art keywords
vehicle
terminal equipment
key
information
cloud server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911069314.6A
Other languages
Chinese (zh)
Other versions
CN111200496A (en
Inventor
储长青
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Mingrui Internet Of Things Technology Co ltd
Original Assignee
Guangzhou Mingrui Internet Of Things Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Mingrui Internet Of Things Technology Co ltd filed Critical Guangzhou Mingrui Internet Of Things Technology Co ltd
Priority to CN201911069314.6A priority Critical patent/CN111200496B/en
Publication of CN111200496A publication Critical patent/CN111200496A/en
Application granted granted Critical
Publication of CN111200496B publication Critical patent/CN111200496B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W76/00Connection management
    • H04W76/10Connection setup
    • H04W76/14Direct-mode setup
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • G07C2009/00412Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks the transmitted data signal being encrypted
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention provides a digital key implementation method based on a vehicle, which comprises the following steps: the terminal equipment sends the vehicle using request and the vehicle identification information to the cloud server by adopting a private key of the terminal equipment; the cloud server looks up a table according to the vehicle identification information to obtain a corresponding Bluetooth pairing code, generates a verification factor according to the vehicle using request, and binds and prestores the verification factor and a public key of the terminal equipment; the cloud server sends the Bluetooth pairing code and the verification factor to the terminal equipment; the terminal equipment is connected with the vehicle in a Bluetooth pairing mode based on the Bluetooth pairing code; the terminal equipment encrypts and signs the verification factor by adopting a private key of the terminal equipment to generate second signature information, and packages and sends the verification factor and the second signature information to the vehicle; the vehicle verifies the verification factor by means of the cloud server, and the control instruction of the terminal equipment can be received and executed after the verification is successful. The invention realizes the digital key scheme based on the vehicle and promotes the rapid development of the vehicle rental industry.

Description

Digital key implementation method based on vehicle
Technical Field
The invention relates to the field of automobiles, in particular to a digital key implementation method based on a vehicle.
Background
At present, the door control systems applied to automobiles mainly include a mechanical key door control system, a Remote control door control system RKE (Remote key Entry) and a Keyless door control system (PKE, passive key Entry). For the RKE system, compared with the mechanical key system, besides obvious convenience, the technology of the RKE for unlocking the automobile brake device also has the anti-theft function; for PKE, the PKE is developed on the basis of RKE, and is gradually developing and becoming stronger as a new generation of anti-theft technology, and has already gradually entered the medium-grade vehicle market from the high-grade vehicle market at present. Compared with a traditional key, the PKE can be called a smart key, and is similar to a smart card. When the driver steps into the designated range, the system judges through identification, if the driver is legally authorized, the system automatically opens the door. However, in the above systems, there is no separation from a separate physical key, and the owner needs to carry and keep the physical key. The popularization of business modes such as automobile sharing and automatic leasing is not helpful.
Nowadays, mobile phones have become a very small portable communication tool in people's daily life. How to realize the security scheme of the automobile digital key by using the mobile phone becomes a problem to be solved urgently at present.
Disclosure of Invention
In order to achieve the above object, the present invention provides a vehicle-based digital key implementation method, including:
the method comprises the steps that a terminal device encrypts and signs a vehicle using request and vehicle identification information by adopting a private key of the terminal device to generate first signature information, and the first signature information is sent to a cloud server;
the cloud server receives the first signature information, and decrypts and verifies the signature by adopting a public key of the terminal equipment to obtain a vehicle using request and vehicle identification information;
the cloud server looks up a table according to the vehicle identification information to obtain a corresponding Bluetooth pairing code, generates a verification factor according to the vehicle using request, and binds and prestores the verification factor and a public key of the terminal equipment;
the cloud server encrypts the Bluetooth pairing code and the verification factor by adopting a public key of the terminal equipment to obtain first ciphertext information, and sends the first ciphertext information to the terminal equipment;
the terminal equipment receives the first ciphertext information and decrypts by adopting a private key of the terminal equipment to obtain the Bluetooth pairing code and the verification factor;
the terminal equipment is connected with the vehicle in a Bluetooth pairing mode based on the Bluetooth pairing code;
after the pairing is successful, the terminal equipment adopts a private key of the terminal equipment to carry out encryption signature on the verification factor so as to generate second signature information, and the verification factor and the second signature information are packaged and sent to the vehicle;
the vehicle receives the verification factor and the second signature information and sends the verification factor to the cloud server;
the cloud server searches a public key of the terminal device having a binding relation with the verification factor according to the received verification factor, and returns the public key of the terminal device to the vehicle;
the vehicle decrypts and verifies the signature of the second signature information according to the received public key of the terminal device, and the information obtained by decryption and verification is paired with the verification factor;
and if the pair is consistent, the vehicle receives and executes the control command of the terminal equipment.
Further, before the terminal device encrypts and signs the vehicle use request and the vehicle identification information by using its own private key to generate the first signature information, the method further includes:
the terminal equipment is preset with a private and public key pair; the cloud server is preset with a public and private key pair, all vehicle identification information, bluetooth pairing codes and public keys of all terminal devices; the vehicle is preset with a private and public key pair of the vehicle and a public key of the cloud server.
Further, after the vehicle receives the verification factor and the second signature information, the method further includes:
the vehicle encrypts the verification factor by using a public key of the cloud server to obtain second ciphertext information, and sends the second ciphertext information to the cloud server;
the cloud server receives the second ciphertext information, decrypts the second ciphertext information by using a private key of the cloud server to obtain the verification factor, and searches a terminal equipment public key having a binding relationship with the verification factor according to the verification factor;
the cloud server encrypts the terminal equipment public key by adopting the public key of the vehicle to obtain third ciphertext information, and sends the third ciphertext information to the vehicle;
the vehicle receives the third ciphertext information and decrypts the third ciphertext information by using a private key of the vehicle to obtain the public key of the terminal equipment;
the vehicle decrypts and verifies the signature of the second signature information according to the public key of the terminal device, and compares the information obtained by decryption and verification with the verification factor;
and if the comparison is consistent, the vehicle receives and executes the control instruction of the terminal equipment.
Further, the vehicle receives and executes the control instruction of the terminal device, and specifically includes:
the terminal equipment and the vehicle perform key agreement to obtain a session key;
the terminal equipment generates a control instruction, encrypts the control instruction by adopting the session key to obtain fourth ciphertext information, and sends the fourth ciphertext information to the vehicle;
the vehicle receives the fourth ciphertext message and decrypts by using the session key to obtain the control instruction;
and the vehicle performs corresponding execution actions according to the control command.
Further, the key agreement between the terminal device and the vehicle to obtain the session key specifically includes:
the terminal equipment selects a random secret number a 1
Figure BDA0002260435370000041
Respectively calculate S A =a 1 (x A +y A ) -1 、Q A =a 2 (X B +Y B +P Pub h B ) And U A =H 2 (ID A ,ID B ,a 1 P,a 2 P) wherein h B =H 1 (ID B ,X B ,Y B );
The terminal device sends a message (ID) A ,ID B ,U A ,S A ,Q A ) Providing the vehicle;
the vehicle receives a message (ID) A ,ID B ,U A ,S A ,Q A ) Then, P is calculated B,1 =S A (X A +Y A +P Pub h A ) And P B,2 =(x B +y B ) -1 Q A If there is equation U A =H 2 (ID A ,ID B ,P B,1 ,P B,2 ) If the terminal device passes the identity validity verification of the vehicle, and the vehicle verifies the validity of the message, that is, the message is confirmed to be the key agreement message sent by the terminal device; if not, the terminal is terminated;
after the identity and the message validity of the terminal equipment are verified, the vehicle randomly selects a secret number b 1
Figure BDA0002260435370000042
Respectively calculate S B =b 1 (x B +y B ) -1 、Q B =b 2 (X A +Y A +P Pub h A ) And U B =H 2 (ID A ,ID B ,b 1 P,b 2 P) in which h A =H 1 (ID A ,X A ,Y A );
The vehicle sends a message (ID) A ,ID B ,U B ,S B ,Q B ) To the terminal device, the vehicle calculates a shared secret:
Figure BDA0002260435370000043
the session key K calculated by the vehicle BA Comprises the following steps:
Figure BDA0002260435370000044
the terminal device receives a message (ID) A ,ID B ,U B ,S B ,Q B ) Then, P is calculated A,1 =S B (X B +Y B +P Pub h B ) And P A,2 =(x A +y A ) -1 Q B If there is equation U B =H 2 (ID A ,ID B ,P A,1 ,P A,2 ) If the vehicle passes the identity validity verification of the vehicle by the terminal equipment, and the terminal equipment verifies the validity of the message, namely the message is confirmed to be the key agreement message sent by the vehicle; if not, terminating;
after the vehicle identity and message validity are verified, the terminal device calculates a shared secret:
Figure BDA0002260435370000051
the session key K calculated by the vehicle BA Comprises the following steps:
Figure BDA0002260435370000052
further, after the vehicle receives and executes the control instruction of the terminal device, the method further includes:
the terminal equipment sends a car returning request to the cloud server;
the cloud server calculates according to the vehicle using time period to obtain consumption bill information and feeds the consumption bill information back to the terminal equipment;
the terminal equipment pays money through a third party payment platform;
after the payment amount is successful, the cloud server destroys the verification factor and sends verification factor failure information to the vehicle;
and the vehicle stops receiving and executing the control instruction of the terminal equipment when receiving the verification factor failure information.
Further, generating a verification factor according to the vehicle using request specifically includes:
and randomly generating the verification factor according to the current time node of the vehicle using request.
Further, before the terminal device encrypts and signs the vehicle use request and the vehicle identification information by using its own private key to generate the first signature information, the method further includes:
and the terminal equipment scans the preset position of the vehicle through a camera to acquire the vehicle identification information.
Further, the vehicle identification information includes any one or more of a license plate number, a two-dimensional code and a bar code.
Further, the terminal device and the vehicle are respectively in network communication with the cloud server, and the network communication mode includes any one or more of 3G, 4G and 5G.
According to the invention, the terminal equipment and the cloud server are mutually matched to form the digital key for controlling the vehicle, so that the traditional mechanical key is replaced, the convenience degree of using the vehicle by a user is effectively improved, and the rapid development of the vehicle rental industry is further promoted.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
FIG. 1 illustrates a vehicle-based digital key application scenario of the present invention;
fig. 2 shows a flow chart of a vehicle-based digital key implementation method of the present invention.
Detailed Description
In order that the above objects, features and advantages of the present invention can be more clearly understood, a more particular description of the invention will be rendered by reference to the appended drawings. It should be noted that the embodiments and features of the embodiments of the present application may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, however, the present invention may be practiced in other ways than those specifically described herein, and therefore the scope of the present invention is not limited by the specific embodiments disclosed below.
Referring to fig. 1 and fig. 2, the present invention provides a method for implementing a digital key based on a vehicle, the method comprising:
the method comprises the steps that a terminal device encrypts and signs a vehicle using request and vehicle identification information by adopting a private key of the terminal device to generate first signature information, and the first signature information is sent to a cloud server;
the cloud server receives the first signature information and decrypts and verifies the signature by adopting a public key of the terminal equipment to obtain a vehicle using request and vehicle identification information;
the cloud server looks up a table according to the vehicle identification information to obtain a corresponding Bluetooth pairing code, generates a verification factor according to the vehicle using request, and binds and prestores the verification factor and a public key of the terminal equipment;
the cloud server encrypts the Bluetooth pairing code and the verification factor by adopting a public key of the terminal equipment to obtain first ciphertext information, and sends the first ciphertext information to the terminal equipment;
the terminal equipment receives the first ciphertext information and decrypts the first ciphertext information by adopting a private key of the terminal equipment to obtain the Bluetooth pairing code and the verification factor;
the terminal equipment is connected with the vehicle in a Bluetooth pairing mode based on the Bluetooth pairing code;
after the pairing is successful, the terminal equipment adopts a private key of the terminal equipment to carry out encryption signature on the verification factor so as to generate second signature information, and the verification factor and the second signature information are packaged and sent to the vehicle;
the vehicle receives the verification factor and the second signature information and sends the verification factor to the cloud server;
the cloud server searches a public key of the terminal device having a binding relation with the verification factor according to the received verification factor, and returns the public key of the terminal device to the vehicle;
the vehicle decrypts and verifies the signature of the second signature information according to the received public key of the terminal device, and compares the information obtained by decryption and verification with the verification factor;
and if the comparison is consistent, the vehicle receives and executes the control instruction of the terminal equipment.
Specifically, the technical solution of the present invention is applicable to the vehicle rental industry, and the terminal device may be any one or more of a mobile phone, an IPAD, and a PC, but is not limited thereto. The cloud server may be embodied as a vehicle rental platform.
In practical application, if a user wants to use a vehicle in front, the license plate number of the vehicle can be scanned and identified through a mobile phone carried with the user, a vehicle using request and the license plate number are sent to a vehicle renting platform, then the vehicle renting platform generates a corresponding verification factor according to the vehicle using request, the verification factor and a Bluetooth pairing code are sent to the mobile phone, and then the mobile phone can perform Bluetooth communication with the vehicle through the Bluetooth pairing code. Only Bluetooth communication between the mobile phone and the vehicle is established at the moment, but the vehicle cannot be controlled by using the mobile phone, because the vehicle does not know whether the mobile phone is authorized by the vehicle renting platform, and in order to further verify whether the mobile phone is authorized by the vehicle renting platform, the vehicle can send the verification factor to the vehicle renting platform after receiving the verification factor and the second signature information; the vehicle renting platform searches a mobile phone public key with a binding relation with the vehicle renting platform according to the received verification factor and returns the mobile phone public key to the vehicle; the vehicle decrypts and checks the signature of the second signature information according to the received mobile phone public key, and performs the pair on the information obtained by decrypting and checking the signature and the verification factor; if the pair is consistent, the mobile phone can be verified to be authorized by the vehicle rental platform.
Further, if the cloud server does not search the public key of the terminal device having a binding relationship with the verification factor according to the received verification factor, the cloud server returns search failure information, and the vehicle can interrupt receiving and execute the control instruction of the terminal device after receiving the search failure information.
According to the embodiment of the invention, before the terminal device uses its own private key to encrypt and sign the vehicle using request and the vehicle identification information to generate the first signature information, the method further comprises:
the terminal equipment is preset with a private and public key pair; the cloud server is preset with a public and private key pair, all vehicle identification information, bluetooth pairing codes and public keys of all terminal devices; the vehicle is preset with a private and public key pair of the vehicle and a public key of the cloud server.
According to an embodiment of the invention, after the vehicle receives the verification factor and the second signature information, the method further comprises:
the vehicle encrypts the verification factor by using a public key of the cloud server to obtain second ciphertext information, and sends the second ciphertext information to the cloud server;
the cloud server receives the second ciphertext information, decrypts the second ciphertext information by adopting a private key of the cloud server to obtain the verification factor, and searches a terminal device public key in a binding relationship with the verification factor according to the verification factor;
the cloud server encrypts the terminal equipment public key by adopting the public key of the vehicle to obtain third ciphertext information, and sends the third ciphertext information to the vehicle;
the vehicle receives the third ciphertext information and decrypts the third ciphertext information by using a private key of the vehicle to obtain the public key of the terminal equipment;
the vehicle decrypts and verifies the signature of the second signature information according to the public key of the terminal device, and the information obtained by decryption and verification is paired with the verification factor;
and if the pair is consistent, the vehicle receives and executes the control instruction of the terminal equipment.
It should be noted that, by means of public key encryption and private key decryption, the communication security between the cloud server and the vehicle is ensured, and a third party is effectively prevented from stealing the communication data between the cloud server and the vehicle.
According to an embodiment of the present invention, the receiving and executing of the control instruction of the terminal device by the vehicle specifically includes:
the terminal equipment and the vehicle perform key agreement to obtain a session key;
the terminal equipment generates a control instruction, encrypts the control instruction by adopting the session key to obtain fourth ciphertext information, and sends the fourth ciphertext information to the vehicle;
the vehicle receives the fourth ciphertext message and decrypts by using the session key to obtain the control instruction;
and the vehicle performs corresponding execution actions according to the control command.
It should be noted that, on the basis of the bluetooth connection between the terminal device and the vehicle, key agreement is performed to obtain a session key, and data transmitted between the terminal device and the vehicle is encrypted by the session key to ensure communication security.
Further, the performing, by the terminal device, key agreement with the vehicle to obtain a session key specifically includes:
the terminal equipment selects a random secret number a 1
Figure BDA0002260435370000101
Respectively calculate S A =a 1 (x A +y A ) -1 、Q A =a 2 (X B +Y B +P Pub h B ) And U A =H 2 (ID A ,ID B ,a 1 P,a 2 P) wherein h B =H 1 (ID B ,X B ,Y B );
The terminal device sends a message (ID) A ,ID B ,U A ,S A ,Q A ) Providing the vehicle;
the vehicle receives a message (ID) A ,ID B ,U A ,S A ,Q A ) Then, P is calculated B,1 =S A (X A +Y A +P Pub h A ) And P B,2 =(x B +y B ) -1 Q A If there is equation U A =H 2 (ID A ,ID B ,P B,1 ,P B,2 ) If the terminal device passes the identity validity verification of the vehicle, and the vehicle verifies the validity of the message, that is, the message is confirmed to be the key agreement message sent by the terminal device; if not, terminating;
after the identity and the message validity of the terminal equipment are verified, the vehicle randomly selects a secret number b 1
Figure BDA0002260435370000102
Respectively calculate S B =b 1 (x B +y B ) -1 、Q B =b 2 (X A +Y A +P Pub h A ) And U B =H 2 (ID A ,ID B ,b 1 P,b 2 P) in which h A =H 1 (ID A ,X A ,Y A );
The vehicle sends a message (ID) A ,ID B ,U B ,S B ,Q B ) To the terminal device, the vehicle calculates a shared secret:
Figure BDA0002260435370000111
the vehicle calculated session key K BA Comprises the following steps:
Figure BDA0002260435370000112
the terminal device receives the message (ID) A ,ID B ,U B ,S B ,Q B ) Then, P is calculated A,1 =S B (X B +Y B +P Pub h B ) And P A,2 =(x A +y A ) -1 Q B If there is equation U B =H 2 (ID A ,ID B ,P A,1 ,P A,2 ) If the vehicle passes the identity validity verification of the vehicle by the terminal equipment, and the terminal equipment verifies the validity of the message, namely the message is confirmed to be the key agreement message sent by the vehicle; if not, terminating;
after the vehicle identity and message validity are verified, the terminal device calculates a shared secret:
Figure BDA0002260435370000113
the session key K calculated by the vehicle BA Comprises the following steps:
Figure BDA0002260435370000114
note that ID A The identity of the terminal equipment is identified; x A Public parameters of the terminal equipment are set; ID (identity) B An identity of the vehicle; x B Is a public parameter of the vehicle.
It should be noted that, before key agreement, system establishment is required, and group G is a large prime number q (q > 2) of the order k K is a security parameter), P is a generator of group G; selecting collision resistant one-way hash function
Figure BDA0002260435370000121
H:{0,1} * →{0,1} k Wherein L is the length of the (terminal device or vehicle) identity; KGC (Key Generation center) randomly selects master key
Figure BDA0002260435370000123
Computing system public key P Pub = sP and discloses system parameters, params =<q,P,G,P Pub ,H 1 ,H 2 ,H>S is kept secret.
Randomly selecting secret value x by terminal equipment or vehicle A Or
Figure BDA0002260435370000124
Calculating the public parameter X A =x A P or X B =x B P, and sends an identity ID A Or ID B Public parameter X A Or X B The KGC was given. Giving the terminal device or the vehicle identification ID A Or ID B Public parameter X A Or X B KGC randomly selects a secret number r A Or
Figure BDA0002260435370000122
And calculate Y A =r A P or Y B =r B P,y A =r A +sH 1 (ID A ,X A ,Y A ) Or y B =r B +sH 1 (ID B ,X B ,Y B ) And y is transmitted through a secure channel A Or y B 、Y A Or Y B And returning to the terminal equipment or the vehicle.
According to an embodiment of the present invention, after the vehicle receives and executes the control instruction of the terminal device, the method further includes:
the terminal equipment sends a car returning request to the cloud server;
the cloud server calculates according to the vehicle using time period to obtain consumption bill information and feeds the consumption bill information back to the terminal equipment;
the terminal equipment pays money through a third party payment platform;
after the payment amount is successful, the cloud server destroys the verification factor and sends verification factor failure information to the vehicle;
and the vehicle stops receiving and executing the control instruction of the terminal equipment when receiving the verification factor failure information.
According to the embodiment of the invention, generating the verification factor according to the vehicle using request specifically comprises:
and randomly generating the verification factor according to the current time node of the vehicle using request.
It should be noted that the present invention can randomly generate the verification factor in combination with the time point, and the verification factor generated in different time periods for different users is different. In other embodiments, the verification factor may also be randomly generated in combination with the current time node and the current location.
According to the embodiment of the invention, before the terminal device adopts the private key thereof to carry out encryption signature on the vehicle using request and the vehicle identification information so as to generate the first signature information, the method further comprises the following steps:
and the terminal equipment scans the preset position of the vehicle through a camera to acquire the vehicle identification information.
Preferably, the vehicle identification information includes any one or more of a license plate number, a two-dimensional code and a bar code. But is not limited thereto
Further, the terminal device and the vehicle are respectively in network communication with the cloud server, and the network communication mode includes any one or more of 3G, 4G and 5G.
According to the invention, the terminal equipment and the cloud server are mutually matched to form the digital key for controlling the vehicle, so that the traditional mechanical key is replaced, the convenience degree of using the vehicle by a user is effectively improved, and the rapid development of the vehicle rental industry is further promoted.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily think of the changes or substitutions within the technical scope of the present invention, and shall cover the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.

Claims (8)

1. A vehicle-based digital key implementation method, the method comprising:
a private and public key pair is preset in the terminal equipment; the cloud server is preset with a public and private key pair, all vehicle identification information, bluetooth pairing codes and public keys of all terminal equipment; the vehicle is preset with a private and public key pair of the vehicle and a public key of the cloud server;
the method comprises the steps that a terminal device encrypts and signs a vehicle using request and vehicle identification information by adopting a private key of the terminal device to generate first signature information, and the first signature information is sent to a cloud server;
the cloud server receives the first signature information and decrypts and verifies the signature by adopting a public key of the terminal equipment to obtain a vehicle using request and vehicle identification information;
the cloud server checks a table according to the vehicle identification information to obtain a corresponding Bluetooth pairing code, generates a verification factor according to the vehicle using request, and binds and prestores the verification factor and a public key of the terminal device;
the cloud server encrypts the Bluetooth pairing code and the verification factor by adopting a public key of the terminal equipment to obtain first ciphertext information, and sends the first ciphertext information to the terminal equipment;
the terminal equipment receives the first ciphertext information and decrypts the first ciphertext information by adopting a private key of the terminal equipment to obtain the Bluetooth pairing code and the verification factor;
the terminal equipment is connected with the vehicle in a Bluetooth pairing mode based on the Bluetooth pairing code;
after the pairing is successful, the terminal equipment adopts a private key of the terminal equipment to carry out encryption signature on the verification factor so as to generate second signature information, and the verification factor and the second signature information are packaged and sent to the vehicle;
the vehicle receives the verification factor and the second signature information, encrypts the verification factor by using a public key of the cloud server to obtain second ciphertext information, and sends the second ciphertext information to the cloud server;
the cloud server receives the second ciphertext information, decrypts the second ciphertext information by adopting a private key of the cloud server to obtain the verification factor, and searches a terminal device public key in a binding relationship with the verification factor according to the verification factor;
the cloud server encrypts the terminal equipment public key by adopting the public key of the vehicle to obtain third ciphertext information, and sends the third ciphertext information to the vehicle;
the vehicle receives the third ciphertext information and decrypts by adopting a private key of the vehicle to obtain the public key of the terminal equipment;
the vehicle decrypts and checks the signature of the second signature information according to the received public key of the terminal device, and compares the information obtained by decryption and checking the signature with the verification factor;
and if the comparison is consistent, the vehicle receives and executes the control instruction of the terminal equipment.
2. The vehicle-based digital key implementation method according to claim 1, wherein the vehicle receives and executes the control command of the terminal device, and specifically comprises:
the terminal equipment and the vehicle perform key agreement to obtain a session key;
the terminal equipment generates a control instruction, encrypts the control instruction by adopting the session key to obtain fourth ciphertext information, and sends the fourth ciphertext information to the vehicle;
the vehicle receives the fourth ciphertext message and decrypts by using the session key to obtain the control instruction;
and the vehicle performs corresponding execution actions according to the control command.
3. The vehicle-based digital key implementation method according to claim 2, wherein the key agreement between the terminal device and the vehicle to obtain the session key specifically includes:
the terminal device selects a random secret number
Figure FDA0003726301460000021
Respectively calculate S A =a 1 (x A +y A ) -1 、Q A =a 2 (X B +Y B +P Pub h B ) And U A =H 2 (ID A ,ID B ,a 1 P,a 2 P) wherein h B =H 1 (ID B ,X B ,Y B );
The terminal device sends a message (ID) A ,ID B ,U A ,S A ,Q A ) Providing the vehicle;
the vehicle receives a message (ID) A ,ID B ,U A ,S A ,Q A ) Then, P is calculated B,1 =S A (X A +Y A +P Pub h A ) And P B,2 =(x B +y B ) -1 Q A If there is the equation U A =H 2 (ID A ,ID B ,P B,1 ,P B,2 ) If the terminal device passes the identity validity verification of the vehicle, and the vehicle verifies the validity of the message, that is, the message is confirmed to be the key agreement message sent by the terminal device; otherwise, terminating;
after the identity of the terminal equipment and the validity of the message are verified, the vehicle randomly selects a secret number
Figure FDA0003726301460000037
Respectively calculate S B =b 1 (x B +y B ) -1 、Q B =b 2 (X A +Y A +P Pub h A ) And U B =H 2 (ID A ,ID B ,b 1 P,b 2 P) wherein h A =H 1 (ID A ,X A ,Y A );
The vehicle sends a message (D) A ,D B ,U B ,S B ,Q B ) To the terminal device, the vehicle calculates a shared secret:
Figure FDA0003726301460000032
Figure FDA0003726301460000033
Figure FDA0003726301460000034
the session key K calculated by the vehicle BA Comprises the following steps:
Figure FDA0003726301460000035
the terminal device receives the message (ID) A ,ID B ,U B ,S B ,Q B ) Then, P is calculated A,1 =S B (X B +Y B +P Pub h B ) And P A,2 =(x A +y A ) -1 Q B If there is equation U B =H 2 (ID A ,ID B ,P A,1 ,P A,2 ) If the vehicle passes the identity validity verification of the vehicle by the terminal equipment, and the terminal equipment verifies the validity of the message, namely the message is confirmed to be the key agreement message sent by the vehicle; otherwise, terminating;
after the vehicle identity and message validity are verified, the terminal device calculates a shared secret:
Figure FDA0003726301460000036
Figure FDA0003726301460000041
Figure FDA0003726301460000042
the session key K calculated by the vehicle AB Comprises the following steps:
Figure FDA0003726301460000043
4. the vehicle-based digital key implementation method of claim 1, wherein after the vehicle receives and executes the control command of the terminal device, the method further comprises:
the terminal equipment sends a car returning request to the cloud server;
the cloud server calculates according to the vehicle using time period to obtain consumption bill information and feeds the consumption bill information back to the terminal equipment;
the terminal equipment pays money through a third party payment platform;
after the payment amount is successful, the cloud server destroys the verification factor and sends verification factor failure information to the vehicle;
and the vehicle stops receiving and executing the control instruction of the terminal equipment when receiving the verification factor failure information.
5. The method of claim 1, wherein generating a verification factor according to the vehicle use request comprises:
and randomly generating the verification factor according to the current time node of the vehicle using request.
6. The vehicle-based digital key implementation method of claim 1, wherein before the terminal device uses its own private key to cryptographically sign the vehicle use request and the vehicle identification information to generate the first signature information, the method further comprises:
and the terminal equipment scans the preset position of the vehicle through a camera to acquire the vehicle identification information.
7. The vehicle-based digital key implementation method of claim 1, wherein the vehicle identification information comprises any one or more of a license plate number, a two-dimensional code, and a bar code.
8. The vehicle-based digital key implementation method according to claim 1, wherein the terminal device and the vehicle are in network communication with the cloud server respectively, and the network communication mode includes any one or more of 3G, 4G and 5G.
CN201911069314.6A 2019-11-05 2019-11-05 Digital key implementation method based on vehicle Active CN111200496B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911069314.6A CN111200496B (en) 2019-11-05 2019-11-05 Digital key implementation method based on vehicle

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911069314.6A CN111200496B (en) 2019-11-05 2019-11-05 Digital key implementation method based on vehicle

Publications (2)

Publication Number Publication Date
CN111200496A CN111200496A (en) 2020-05-26
CN111200496B true CN111200496B (en) 2022-10-14

Family

ID=70746385

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911069314.6A Active CN111200496B (en) 2019-11-05 2019-11-05 Digital key implementation method based on vehicle

Country Status (1)

Country Link
CN (1) CN111200496B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111669399B (en) * 2020-06-17 2022-04-22 上海越域智能科技有限公司 Symmetric encryption system and method for vehicle Bluetooth key identity authentication mode
CN111923863B (en) * 2020-08-25 2021-09-17 东信和平科技股份有限公司 Vehicle control method based on digital vehicle key
CN112396735B (en) * 2020-11-27 2022-09-02 昕培科技(北京)有限公司 Internet automobile digital key safety authentication method and device
CN112396738B (en) * 2020-12-01 2022-11-04 深圳市汇顶科技股份有限公司 Unlocking method of shared device and related device
CN113442871A (en) * 2021-06-30 2021-09-28 重庆长安新能源汽车科技有限公司 NFC-based keyless entry method and system
CN113709695B (en) * 2021-08-04 2024-04-09 一汽解放汽车有限公司 Authorization method and system for vehicle use
CN115966038A (en) * 2021-10-13 2023-04-14 华为技术有限公司 Digital key opening method, equipment and system
WO2023151582A1 (en) * 2022-02-14 2023-08-17 华为技术有限公司 Secure communication method for vehicle, related apparatus and communication system
CN115938022B (en) * 2022-12-12 2023-11-24 远峰科技股份有限公司 Vehicle entity key safety authentication method and system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105015489A (en) * 2015-07-14 2015-11-04 杭州万好万家新能源科技有限公司 Intelligent vehicle control system based on digital key
CN105279832A (en) * 2015-12-01 2016-01-27 北京卡多宝信息技术有限公司 Intelligent door lock system and control method thereof
CN105991643A (en) * 2015-03-20 2016-10-05 现代自动车美国技术研究所 Method and apparatus for performing secure Bluetooth communication
WO2016170834A1 (en) * 2015-04-20 2016-10-27 株式会社ディー・エヌ・エー System and method for managing vehicle
CN107689098A (en) * 2017-09-05 2018-02-13 上海博泰悦臻电子设备制造有限公司 The implementation method and system of bluetooth car key
CN108122311A (en) * 2017-11-30 2018-06-05 北京九五智驾信息技术股份有限公司 Vehicle virtual key realization method and system
CN110290525A (en) * 2019-06-21 2019-09-27 湖北亿咖通科技有限公司 A kind of sharing method and system, mobile terminal of vehicle number key

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105991643A (en) * 2015-03-20 2016-10-05 现代自动车美国技术研究所 Method and apparatus for performing secure Bluetooth communication
WO2016170834A1 (en) * 2015-04-20 2016-10-27 株式会社ディー・エヌ・エー System and method for managing vehicle
CN105015489A (en) * 2015-07-14 2015-11-04 杭州万好万家新能源科技有限公司 Intelligent vehicle control system based on digital key
CN105279832A (en) * 2015-12-01 2016-01-27 北京卡多宝信息技术有限公司 Intelligent door lock system and control method thereof
CN107689098A (en) * 2017-09-05 2018-02-13 上海博泰悦臻电子设备制造有限公司 The implementation method and system of bluetooth car key
CN108122311A (en) * 2017-11-30 2018-06-05 北京九五智驾信息技术股份有限公司 Vehicle virtual key realization method and system
CN110290525A (en) * 2019-06-21 2019-09-27 湖北亿咖通科技有限公司 A kind of sharing method and system, mobile terminal of vehicle number key

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
一种改进的无证书两方认证密钥协商协议;周彦伟等;《计算机学报》;20170531;第40卷(第5期);第4-5页 *

Also Published As

Publication number Publication date
CN111200496A (en) 2020-05-26

Similar Documents

Publication Publication Date Title
CN111200496B (en) Digital key implementation method based on vehicle
CN110637328B (en) Vehicle access method based on portable equipment
CN111194028B (en) Safety control method based on vehicle
CN108698563B (en) Secure smartphone-based access and start authorization system for vehicles
CN108551455B (en) Configuration method and device of smart card
CN1714529B (en) Domain-based digital-rights management system with easy and secure device enrollment
JP5031994B2 (en) Authority delegation system, control device, and authority delegation method
TW201927601A (en) Method for generating and using virtual key of vehicle, system for same, and user terminal
CN109895734B (en) Authorized Bluetooth key activation method and system, storage medium and T-BOX
US20140075186A1 (en) Multiple Access Key Fob
US11722529B2 (en) Method and apparatus for policy-based management of assets
CN111572493B (en) Vehicle keyless entry and starting system and method based on Internet of vehicles
CN110148239A (en) A kind of authorization method and system of Intelligent key
CN110182171A (en) Digital car key system and vehicle based on block chain technology
CN110598469B (en) Information processing method, device and computer storage medium
CN104702566B (en) Authorized use method and device of virtual equipment
CN111083696A (en) Communication verification method and system, mobile terminal and vehicle terminal
CN111080856A (en) Bluetooth entrance guard unlocking method
CN113115309B (en) Data processing method and device for Internet of vehicles, storage medium and electronic equipment
JP7489310B2 (en) Electronic Key System
CN112348998A (en) Method and device for generating one-time password, intelligent door lock and storage medium
CN106603486B (en) Method and system for security authorization of mobile terminal
JP6723422B1 (en) Authentication system
CN112214753A (en) Authentication method and device, electronic equipment and storage medium
WO2024013925A1 (en) Car-sharing system, sharing method, vehicle-mounted server device, and program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20220921

Address after: Room 605, Tian'an Exchange Center, Panyu Energy-saving Technology Park, No. 555 North Panyu Avenue, Donghuan Street, Panyu District, Guangzhou City, Guangdong Province, 510000

Applicant after: Guangzhou Mingrui Internet of things Technology Co.,Ltd.

Address before: 418400 Xinwu group, Chengjiao village, Feishan Township, Jingzhou Miao and Dong Autonomous County, Huaihua City, Hunan Province

Applicant before: Chu Changqing

GR01 Patent grant
GR01 Patent grant