CN111572493A

CN111572493A - Vehicle keyless entry and starting system and method based on Internet of vehicles

Info

Publication number: CN111572493A
Application number: CN202010382014.XA
Authority: CN
Inventors: 李平; 李鑫; 廖正赟; 孙晓鹏; 彭金辉; 李顶占
Original assignee: Zhengzhou Xinda Jiean Information Technology Co Ltd
Current assignee: Zhengzhou Xinda Jiean Information Technology Co Ltd
Priority date: 2020-05-08
Filing date: 2020-05-08
Publication date: 2020-08-25
Anticipated expiration: 2040-05-08
Also published as: CN111572493B

Abstract

The invention provides a vehicle keyless entry and starting system and method based on an internet of vehicles, which comprises a cloud, at least one vehicle end and at least one intelligent terminal, wherein the cloud is connected with the vehicle end through a network; the cloud end comprises a trusted cloud server, a certificate server and a third security module; the vehicle end comprises a vehicle entering and starting control module, a vehicle end short-range communication module and a second safety module; the intelligent terminal comprises an intelligent terminal control module, a terminal short-range communication module and a first safety module; when the cloud end, the vehicle end and the intelligent terminal perform identity authentication, the cloud end is used for respectively performing identity authentication on the vehicle end and the intelligent terminal, and then the vehicle end and the intelligent terminal perform identity authentication on the cloud end respectively; the method avoids direct mutual authentication between the intelligent terminal and the vehicle terminal, reduces the consumption of storage and calculation resources of the intelligent terminal, and solves the problem that the vehicle key is not universal between vehicles of different brands.

Description

Vehicle keyless entry and starting system and method based on Internet of vehicles

Technical Field

The invention relates to the technical field of vehicle keyless entry and starting, in particular to a vehicle keyless entry and starting system and method based on an internet of vehicles.

Background

With the increasing popularization of automobiles, people have higher and higher requirements on the aspects of intellectualization, comfort, convenience and the like of the automobiles. Against this background, a Passive Entry Passive Start (PEPS) system for vehicles has come into play. The keyless entry and starting technology enables a vehicle user to finish automatic unlocking entry and starting of the vehicle without operating a vehicle key, and is very convenient to use. However, the current mainstream vehicle keyless entry and start scheme still requires the user to carry the corresponding vehicle key with him, which makes it problematic, for example: (1) the risk that the communication between the vehicle key and the vehicle is cracked exists, so that the vehicle is easy to be stolen or stolen; (2) when the car key is stolen or lost, if the car key needs to be reconfigured, a car user can only go to a professional service station to manufacture a matched new key again, the process is time-consuming and labor-consuming, and particularly certain brands of cars can manufacture the new key only by going to other places or abroad, and the cycle is long; in addition, the key is stolen or lost, so that lawless persons can easily steal the vehicle by using the stolen vehicle key or the picked vehicle key, and the situation can be solved only by adopting a vehicle-changing lock mode at present, and the vehicle-changing lock is more time-consuming and labor-consuming; (3) when the vehicle is stolen, at present, only the insurance can be reported and reported, and then discovery or claim settlement is waited for; (4) each vehicle is usually only provided with two keys, which is very inconvenient for users who own a plurality of vehicles and the same vehicle which often needs to be driven by a plurality of users, and for users who own a plurality of vehicles, the users either need to remind the users of taking the corresponding vehicle key each time or take the vehicle key of all vehicles each time or need to drive which vehicle each time, and for the situation that the same vehicle often needs to be driven by a plurality of users, the users can only take the vehicle key back and forth, and in any case, the situations are very inconvenient; (5) vehicle keys are not commonly used between vehicles of different brands.

The concept of the internet of vehicles is derived from the internet of things, namely the internet of vehicles, and by means of a new generation of information communication technology, network connection between vehicles and everything (namely, between vehicles, people, roads and service platforms) is realized, the overall intelligent driving level of the vehicles is improved, safe, comfortable, intelligent and efficient driving feeling and traffic service are provided for users, meanwhile, the traffic operation efficiency is improved, and the intelligent level of social traffic service is improved. Smart terminals represented by smart phones have also become widespread, and many smart phones have security modules such as built-in security chips and short-range communication modules represented by NFC.

How to get into and start the above-mentioned problem of system according to the vehicle keyless, combine the car networking with take the intelligent terminal of security module for the vehicle keyless entering and the start that carry out the safety based on the car networking is both safe and reliable simple high-efficient, can give the better use experience of vehicle user again, is the problem that needs to solve at present urgently.

The invention content is as follows:

the invention aims to overcome the defects of the prior art, and provides a vehicle keyless entry and starting system and method based on the Internet of vehicles, so that the vehicle keyless entry and starting based on the safety of the Internet of vehicles is safe, reliable, simple and efficient, and better use experience can be provided for vehicle users.

In order to achieve the purpose, the invention adopts the technical scheme that: a vehicle keyless entry and starting system based on the Internet of vehicles comprises a cloud, at least one vehicle end and at least one intelligent terminal; the cloud end comprises a trusted cloud server, a certificate server and a third security module; the vehicle end comprises a vehicle entering and starting control module, a vehicle end short-range communication module and a second safety module; the intelligent terminal comprises an intelligent terminal control module, a terminal short-range communication module and a first safety module; the trusted cloud server is respectively connected with the certificate server and the third security module; the vehicle entering and starting control module is respectively connected with the vehicle-end short-range communication module and the second safety module; the intelligent terminal control module is respectively connected with the terminal short-range communication module and the first safety module; the trusted cloud server is in communication connection with at least one vehicle entry and start control module; the vehicle-end short-range communication module is in communication connection with at least one terminal short-range communication module; the terminal short-range communication module is in communication connection with at least one vehicle-end short-range communication module;

the certificate server generates and stores public key certificates for the cloud end, the vehicle end and the intelligent terminal respectively; the first security module, the second security module and the third security module are used for providing a password service function and a secure storage function; the cryptographic service function comprises random number generation, signature operation, encryption and decryption operation and session key generation; the terminal short-range communication module is used for carrying out two-way communication with the vehicle-end short-range communication module; the vehicle entering and starting control module and the intelligent terminal control module are communicated through the vehicle end short-range communication module and the terminal short-range communication module respectively; the intelligent terminal control module calls a corresponding password service function and a corresponding safe storage function provided by the first safe module; the vehicle entering and starting control module calls a corresponding password service function and a corresponding safe storage function provided by the second safety module; the vehicle entering and starting control module is also communicated with the credible cloud server to receive, transmit and process information and data required by authentication; the trusted cloud server is in communication with the vehicle entry and launch control module; the trusted cloud server calls a corresponding cryptographic service function provided by the third security module; the trusted cloud server is also in communication with the certificate server to obtain digital certificate services; the intelligent terminal control module is also used for generating a keyless entry confirmation instruction and a keyless start confirmation instruction; the vehicle entering and starting control module is also used for generating a keyless entering request instruction and executing the keyless entering confirmation instruction; the vehicle entering and starting control module is also used for generating a keyless starting request instruction and executing the keyless starting confirmation instruction;

a vehicle end information storage area is arranged in the credible cloud server of the cloud end, and information stored in the vehicle end information storage area comprises vehicle end information to be subjected to keyless entry and starting; the vehicle end information comprises a vehicle end number; an intelligent terminal information storage area is arranged in the trusted cloud server of the cloud end, and information stored in the intelligent terminal information storage area comprises intelligent terminal information allowing keyless entry and starting of corresponding vehicles; the intelligent terminal information comprises an intelligent terminal number; the trusted cloud server of the cloud maintains correspondence and association between the vehicle side information and the intelligent terminal information; the vehicle end comprises a keyless entry switch and a keyless starting switch; when the cloud end, the vehicle end and the intelligent terminal perform identity authentication, the cloud end is used for respectively performing identity authentication on the vehicle end and the intelligent terminal, and then the vehicle end and the intelligent terminal perform identity authentication on the cloud end respectively;

preferably, the method comprises a preparation stage, an identity authentication stage and a safe keyless entry and starting stage;

preparation phase

Registering the vehicle side information with the trusted cloud server of the cloud side, wherein the trusted cloud server stores the vehicle side information in the vehicle side information storage area; registering the intelligent terminal information with the trusted cloud server at the cloud end, wherein the trusted cloud server stores the intelligent terminal information in the intelligent terminal information storage area; establishing correspondence and association between the vehicle-side information and the intelligent terminal information in the trusted cloud server;

the certificate server respectively generates and stores respective public key certificates for the cloud terminal, the vehicle terminal and the intelligent terminal; the certificate server writes the public key certificate of the cloud end into the first security module of the intelligent terminal in an off-line mode; the certificate server writes the public key certificate of the cloud end into the second safety module of the vehicle end; the cloud end, the vehicle end and the intelligent terminal respectively store private keys corresponding to public keys in corresponding public key certificates; the private key of the cloud is stored in a security storage area of the certificate server or the third security module; the private key of the vehicle end is stored in a safe storage area of a second safety module; the private key of the intelligent terminal is stored in a security storage area of the first security module;

setting an intelligent terminal session key safe storage area, an intelligent terminal session key existence flag bit and a vehicle end number storage area in the first safety module of the intelligent terminal; the intelligent terminal session key safe storage area is used for storing a session key and is used for carrying out safe encrypted communication with the vehicle end; the intelligent terminal session key existence zone bit is used for identifying whether a session key for carrying out secure encrypted communication with the vehicle end exists or not, and when the value of the intelligent terminal session key existence zone bit is true or 1, the intelligent terminal session key indicates that a session key for carrying out secure encrypted communication with the vehicle end exists; the initial value of the intelligent terminal session key existence flag bit is set to be false or 0; the vehicle end number storage area is used for storing a vehicle end number of the vehicle end which communicates with the intelligent terminal;

a vehicle-end session key safe storage area, a vehicle-end session key existence flag bit and an intelligent terminal number storage area are arranged in the second safety module of the vehicle end; the vehicle-side session key safe storage area is used for storing a session key and is used for carrying out safe encrypted communication with the intelligent terminal; the vehicle-end session key existence zone bit is used for identifying whether a session key for carrying out secure encrypted communication with the intelligent terminal exists or not, and when the value of the vehicle-end session key existence zone bit is true or 1, the vehicle-end session key existence zone bit indicates that a session key for carrying out secure encrypted communication with the intelligent terminal exists; the initial value of the session key existence flag bit of the vehicle end is set to be false or 0; the intelligent terminal number storage area is used for storing an intelligent terminal number of the intelligent terminal which is communicated with the vehicle end;

identity authentication phase

The authentication protocol is as follows:

C->T: N_CT;

T->C: {N_CT||PE_S(N_TS,ID_T,SIG_T(N_CT))};

C->S: {PE_S(N_CS,N_CT,ID_C,SIG_C(N_CT))||PE_S(N_TS,ID_T,SIG_T(N_CT))};

S->C: {PE_C(K_CT,ID_T,SIG_S(N_CS))||PE_T(K_CT,ID_C,SIG_S(N_TS))};

C->T: PE_T(K_CT,ID_C,SIG_S(N_TS));

wherein S represents a cloud end, C represents a vehicle end, T represents an intelligent terminal, and ID_TIndicating the number, ID, of the intelligent terminal_CIndicating vehicle end number, PE_SIndicating encryption with the public key of S, PE_CRepresenting encryption with the public key of C, PE_TRepresenting encryption with the public key of T, SIG_SSignature by private key of S, SIG_CRepresenting signature by the private key of C, SIG_TRepresenting a signature by a private key of T, K_CTDenotes a session key, N, for secure encrypted communication between C and T, distributed by S_CTAnd N_CSDenotes the verification factor, N, generated by C_TSRepresenting a verification factor generated by T, and representing splicing operation by | l;

the vehicle terminal number ID_CMay be a vehicle identification code VINC and/or a license plate number;

firstly, the intelligent terminal approaches to the vehicle end, and then triggers the keyless entry switch or the keyless starting switch on the vehicle end; the vehicle end judges the value of the flag bit of the session key of the vehicle end, if the value of the flag bit of the session key of the vehicle end is true or 1, the safe keyless entry and starting stage is entered, and the identity authentication process is terminated; otherwise, the vehicle end sends a randomly generated verification factor N to the intelligent terminal_CT；

Secondly, the intelligent terminal receives a verification factor N sent by the vehicle terminal_CTThen, firstly, judging the value of the zone bit of the session key of the intelligent terminal, if the value of the zone bit of the session key of the intelligent terminal is true or 1, entering a safe keyless entry and starting stage, and terminating the identity authentication process; otherwise, the intelligent terminal verifies the factor N by using the private key pair of the intelligent terminal_CTSignature operation is carried out to obtain SIG_T(N_CT) Then, the intelligent terminal randomly generates a verification factor N_TSThen, searching the public key certificate of the cloud end stored in the first security module, and using the public key of the cloud end to convert N into N_TSAnd the intelligent terminal ID of the intelligent terminal_TAnd SIG_T(N_CT) Encrypting to obtain PE_S(N_TS,ID_T,SIG_T(N_CT) Then verify factor N) is applied_CTAnd PE_S(N_TS,ID_T,SIG_T(N_CT) The spliced data is sent to the vehicle end;

thirdly, the vehicle end receives the N sent by the intelligent terminal_CT||PE_S(N_TS,ID_T,SIG_T(N_CT) B) first judges the received N_CTWhether the value of (A) is equal to N sent to the intelligent terminal in the first step_CTThe values of (A) are the same; if two N_CTIf the values are different, the identity authentication process is terminated; if two N_CTIf the values are the same, the vehicle end uses the private key of the vehicle end to verify the factor N_CTSignature operation is carried out to obtain SIG_C(N_CT) Then a new verification factor N is generated_CSThen, the public key certificate of the cloud end stored in the second security module is searched, and a verification factor N is obtained by using the public key of the cloud end_CSVerifying factor N_CTThe vehicle end number ID of the vehicle end_CAnd a signature value SIG_C(N_CT) Encrypting to obtain PE_S(N_CS,N_CT,ID_C,SIG_C(N_CT) ) and then PE_S(N_CS,N_CT,ID_C,SIG_C(N_CT) ) and PE_S(N_TS,ID_T,SIG_T(N_CT) ) send to the cloud after splicing;

fourthly, the cloud end receives the { PE transmitted by the vehicle end_S(N_CS,N_CT,ID_C,SIG_C(N_CT))||PE_S(N_TS,ID_T,SIG_T(N_CT) Etc. } then decrypt the PE with its own private key, respectively_S(N_CS,N_CT,ID_C,SIG_C(N_CT) ) and PE_S(N_TS,ID_T,SIG_T(N_CT) To obtain N)_CS、N_CT、ID_C、SIG_C(N_CT) And N_TS、ID_TAnd SIG_T(N_CT) (ii) a The cloud end is according to the vehicle end number ID of the vehicle end_CSearching whether the vehicle end is registered in the vehicle end information storage area in the credible cloud server at the cloud end, and if not, terminating the identity authentication process; if the intelligent terminal ID is registered, the cloud end continues to code the intelligent terminal ID according to the intelligent terminal_TSearching whether the intelligent terminal is registered in the intelligent terminal information storage area in the trusted cloud server at the cloud end, and if not, terminating the identity authentication process; if the vehicle end ID is registered, the cloud end continues to use the vehicle end ID according to the vehicle end number of the vehicle end_CFinding out the public key certificate corresponding to the vehicle terminal from the certificate server, and then using the public key in the public key certificate to SIG_C(N_CT) Operating to decrypt SIG_C(N_CT) N in (1)_CTThen the value of N_CTWith the just-from-PE_S(N_CS,N_CT,ID_C,SIG_C(N_CT) N obtained in (1)_CTComparing the values, if the values are different, indicating that the identity authentication of the vehicle end is not passed, terminating the identity authentication process; if the values are the same, the cloud end continues to use the intelligent terminal serial number ID of the intelligent terminal_TFinding out the public key certificate corresponding to the intelligent terminal from the certificate server, and then using the public key in the public key certificate to SIG_T(N_CT) Perform operation and solutionSealed SIG_T(N_CT) N in (1)_CTThen the value of N_CTWith the just-from-PE_S(N_CS,N_CT,ID_C,SIG_C(N_CT) N obtained in (1)_CTComparing the values, if the values are different, indicating that the identity authentication of the intelligent terminal is not passed, terminating the identity authentication process; if the values are the same, the cloud calls the third safety module to generate a session key K for the communication between the vehicle end and the intelligent terminal_CTAnd respectively pairing N with own private keys_CSAnd N_TSSigning to obtain SIG_S(N_CS) And SIG_S(N_TS) Then, the session key K is used_CTVehicle end number ID_CSignature value SIG_S(N_TS) Obtaining PE after encrypting by the public key of the intelligent terminal_T(K_CT,ID_C,SIG_S(N_TS) Next, the cloud end uses the public key pair K of the vehicle end_CT、ID_TAnd SIG_S(N_CS) Carrying out encryption to obtain PE_C(K_CT,ID_T,SIG_S(N_CS) Then, the cloud will PE_C(K_CT,ID_T,SIG_S(N_CS) ) and PE_T(K_CT,ID_C,SIG_S(N_TS) The spliced data is sent to the vehicle end;

fifthly, the vehicle end receives the { PE from the cloud end_C(K_CT,ID_T,SIG_S(N_CS))||PE_T(K_CT,ID_C,SIG_S(N_TS) ) } then the PE is paired with its own private key_C(K_CT,ID_T,SIG_S(N_CS) Carry out decryption operation to obtain a session key K_CTID of intelligent terminal_T、SIG_S(N_CS) (ii) a Then, the vehicle end searches the public key certificate of the cloud end stored in the second security module, and uses the public key of the cloud end to pair SIG_S(N_CS) Performing operation to obtain N_CSThen the N is_CSAnd in the third stepN sent to the cloud_CSComparing the values, if the values are different, indicating that the identity authentication on the cloud end is not passed, terminating the identity authentication process; if the values are the same, the vehicle end sends a session key K_CTStoring the session key into the vehicle-end session key safe storage area, and setting the flag bit of the vehicle-end session key to be true or 1; the vehicle end numbers the intelligent terminal ID_TStoring the intelligent terminal number storage area and establishing an intelligent terminal number ID_TWith session key K_CTSuch that ID is numbered by the smart terminal_TCan find the session key K_CT(ii) a The vehicle end then sends the PE_T(K_CT,ID_C,SIG_S(N_TS) Forward to the intelligent terminal;

sixthly, the intelligent terminal receives the PE forwarded by the vehicle terminal_T(K_CT,ID_C,SIG_S(N_TS) After that), the PE is paired with its own private key_T(K_CT,ID_C,SIG_S(N_TS) Carry out decryption operation to obtain K_CT、ID_CAnd SIG_S(N_TS) Then, the intelligent terminal searches the public key certificate of the cloud end stored in the first security module, and uses the public key of the cloud end to pair SIG_S(N_TS) Performing operation to obtain N_TSThen the N is_TSAnd N generated in the second step_TSComparing the values, if the values are different, indicating that the identity authentication on the cloud end is not passed, terminating the identity authentication process; if the values are the same, the intelligent terminal sends a session key K_CTStoring the session key into the secure storage area of the intelligent terminal, and setting the flag bit of the session key of the intelligent terminal to be true or 1; the intelligent terminal numbers the vehicle terminal_CStoring the serial number into the serial number storage area of the vehicle end and establishing the serial number ID of the vehicle end_CWith session key K_CTBy the association of vehicle-side numbers ID_CCan find the session key K_CT(ii) a At this point, the identity authentication is successfully completed;

secure keyless entry and start phase

After the identity authentication is successful and a session key is established, the vehicle end and the intelligent terminal pass through a session key K_CTCarrying out secure encrypted communication; in the communication process, the vehicle end passes through the intelligent terminal number ID stored in the intelligent terminal number storage area_TFinding out the session key K associated with the session key K and stored in the vehicle-side session key safe storage area_CT(ii) a The intelligent terminal passes through the vehicle end number ID stored in the vehicle end number storage area_CFinding out the session key K which is associated with the session key K and stored in the secure storage area of the session key of the intelligent terminal_CT；

The safe keyless entry and starting stage comprises a safe keyless entry stage and a safe keyless starting stage;

secure keyless entry stage

The process of the secure keyless entry stage is as follows:

triggering the keyless entry switch on the vehicle end;

the vehicle end judges the value of the flag bit of the session key of the vehicle end, and if the value of the flag bit of the session key of the vehicle end is true or 1, the next step is continued; otherwise, entering an identity authentication stage, and terminating the safe keyless entry process;

the vehicle end generates a keyless entry request instruction and then uses the session key K_CTEncrypting the keyless entry request instruction, and sending the obtained keyless entry request instruction ciphertext to the intelligent terminal;

after receiving the keyless entry request command ciphertext, the intelligent terminal firstly judges the value of the intelligent terminal session key existing zone bit, and if the value of the intelligent terminal session key existing zone bit is true or 1, the next step is continued; otherwise, entering an identity authentication stage, and terminating the safe keyless entry process;

the session key K for the intelligent terminal_CTDecrypting the keyless entry request command ciphertext to obtain the keyless entry request command；

The intelligent terminal responds to the keyless entry request instruction to generate a keyless entry confirmation instruction, and then uses the session key K_CTEncrypting the keyless entry confirmation instruction, and sending the obtained keyless entry confirmation instruction ciphertext to the vehicle end;

after the vehicle end receives the keyless entry confirmation instruction ciphertext, the session key K is used_CTDecrypting to obtain the keyless entry confirmation instruction;

the vehicle end executes the keyless entry confirmation instruction, and the vehicle door is unlocked;

safe keyless start phase

The process of the secure keyless start phase is as follows:

triggering the keyless start switch on the vehicle end;

the vehicle end judges the value of the flag bit of the session key of the vehicle end, and if the value of the flag bit of the session key of the vehicle end is true or 1, the next step is continued; otherwise, entering an identity authentication stage, and terminating the safe keyless starting process;

the vehicle end generates a keyless start request instruction and then uses the session key K_CTEncrypting the keyless starting request instruction, and sending the obtained keyless starting request instruction ciphertext to the intelligent terminal;

after receiving the keyless start request command ciphertext, the intelligent terminal firstly judges the value of the intelligent terminal session key existing zone bit, and if the value of the intelligent terminal session key existing zone bit is true or 1, the next step is continued; otherwise, entering an identity authentication stage, and terminating the safe keyless starting process;

the session key K for the intelligent terminal_CTDecrypting the keyless starting request command ciphertext to obtain the keyless starting request command;

the intelligent terminal responds to the keyless start request instruction to generate a keyless start confirmation instruction, and then uses the session key K_CTEncrypting the keyless starting confirmation instruction, and sending the obtained keyless starting confirmation instruction ciphertext to the vehicle end;

after the vehicle end receives the keyless start confirmation instruction ciphertext, the session key K is used_CTDecrypting to obtain the keyless starting confirmation instruction;

and the vehicle end executes the keyless starting confirmation instruction, so that the vehicle is started.

Preferably, the communication between the vehicle end and the intelligent terminal means that the vehicle entering and starting control module of the vehicle end and the intelligent terminal control module of the intelligent terminal communicate with each other through the vehicle end short-range communication module and the terminal short-range communication module, respectively, and the communication content includes receiving and sending authentication data and encryption and decryption data;

the vehicle end communicates with the cloud end, specifically, the vehicle entering and starting control module of the vehicle end communicates with the trusted cloud server of the cloud end, and communication content comprises receiving and sending authentication data and encryption and decryption data;

the session key generation, the signature operation and the encryption and decryption operation performed by the cloud end specifically mean that the trusted cloud server of the cloud end calls a corresponding cryptographic service function provided by the third security module;

the random number generation, signature operation and encryption and decryption operation performed by the vehicle end specifically mean that the vehicle entering and starting control module of the vehicle end calls a corresponding password service function provided by the second security module;

the random number generation, signature operation and encryption and decryption operation performed by the intelligent terminal specifically mean that the intelligent terminal control module of the intelligent terminal calls a corresponding password service function provided by the first security module;

the vehicle end generates the keyless entry request instruction and executes the keyless entry confirmation instruction, specifically, the vehicle end generates the keyless entry request instruction and executes the keyless entry confirmation instruction by the vehicle entry and start control module;

the vehicle end generates the keyless start request instruction and executes the keyless start confirmation instruction, specifically, the vehicle access and start control module of the vehicle end generates the keyless start request instruction and executes the keyless start confirmation instruction;

the intelligent terminal generates the keyless entry confirmation instruction and the keyless start confirmation instruction, specifically, the intelligent terminal control module of the intelligent terminal generates the keyless entry confirmation instruction and the keyless start confirmation instruction;

setting a vehicle-side session key duration storage area in the second security module of the vehicle side; the vehicle terminal session key storage area is used for storing a vehicle terminal session key storage time value, the vehicle terminal starts to count down by the vehicle terminal session key storage time value from the time when the value of the vehicle terminal session key storage flag bit is set to true or 1, and when the count down is zero, the vehicle terminal sets the value of the vehicle terminal session key storage flag bit to false or 0; the vehicle terminal session key duration value is automatically specified by the vehicle terminal, or specified by the cloud terminal, or determined by negotiation between the vehicle terminal and the intelligent terminal;

setting an intelligent terminal session key storage duration storage area in the first security module of the intelligent terminal; the intelligent terminal session key storage area is used for storing an intelligent terminal session key storage time value, the intelligent terminal starts to count down by the intelligent terminal session key storage time value from the time when the intelligent terminal session key storage flag bit value is set to be true or 1, and when the count down is zero, the intelligent terminal sets the intelligent terminal session key storage flag bit value to be false or 0; the intelligent terminal session key duration value is automatically specified by the intelligent terminal, or specified by the cloud, or determined by negotiation between the intelligent terminal and the vehicle terminal.

Preferably, the first security module, the second security module and the third security module are security smart chips, the commercial cryptographic algorithms supported by the security smart chips include at least one of SM1, SM2 and SM3, and the supported international common cryptographic algorithms include at least one of 3DES, AES, RSA, SHA-1 and SHA-256; the secure intelligent chip supports storing a digital certificate; the safety intelligent chip provides a safety storage area and supports the safety storage of important information; the safety intelligent chip supports generation of random numbers; the certificate server maintains a certificate revocation list and provides a certificate revocation list query function; the terminal short-range communication module and the vehicle-end short-range communication module are one of an NFC communication module, an RFID communication module, a Bluetooth communication module, a WIFI communication module or an infrared communication module; the intelligent terminal is a smart phone, a smart key, a smart card, a tablet computer or a notebook computer.

Preferably, when there are a plurality of vehicle terminals, the vehicle terminal session key secure storage area, the vehicle terminal session key existence flag bit, the intelligent terminal number storage area and the vehicle terminal session key duration storage area are also correspondingly set to a plurality of corresponding groups; when a plurality of intelligent terminals are arranged, the intelligent terminal session key safe storage area, the intelligent terminal session key existing flag bit, the vehicle end number storage area and the intelligent terminal session key duration storage area are correspondingly arranged into a plurality of corresponding groups;

when the intelligent terminal is communicated with the vehicle end, firstly, the value of the zone bit of the session key of the intelligent terminal is judged, and if the value of the zone bit of the session key of the intelligent terminal is true or 1, a safe keyless entry and starting stage is started; otherwise, entering an identity authentication stage;

when the vehicle end communicates with the intelligent terminal, firstly, the value of the zone bit of the session key of the vehicle end is judged, and if the value of the zone bit of the session key of the vehicle end is true or 1, a safe keyless entry and starting stage is started; otherwise, entering into the identity authentication stage.

Based on the vehicle keyless entry and starting system based on the Internet of vehicles, the invention also provides a safe vehicle keyless entry and starting method based on the Internet of vehicles, which comprises a preparation stage, an identity authentication stage and a safe keyless entry and starting stage;

preparation phase

the certificate server generates and stores public key certificates for the cloud end, the vehicle end and the intelligent terminal respectively; the certificate server writes the public key certificate of the cloud end into the first security module of the intelligent terminal in an off-line mode; the certificate server writes the public key certificate of the cloud end into the second safety module of the vehicle end; the cloud end, the vehicle end and the intelligent terminal respectively store private keys corresponding to public keys in corresponding public key certificates; the private key of the cloud is stored in a security storage area of the certificate server or the third security module; the private key of the vehicle end is stored in a safe storage area of a second safety module; the private key of the intelligent terminal is stored in a security storage area of the first security module;

identity authentication phase

The authentication protocol is as follows:

C->T: N_CT;

T->C: {N_CT||PE_S(N_TS,ID_T,SIG_T(N_CT))};

C->S: {PE_S(N_CS,N_CT,ID_C,SIG_C(N_CT))||PE_S(N_TS,ID_T,SIG_T(N_CT))};

S->C: {PE_C(K_CT,ID_T,SIG_S(N_CS))||PE_T(K_CT,ID_C,SIG_S(N_TS))};

C->T: PE_T(K_CT,ID_C,SIG_S(N_TS));

wherein S represents a cloud end, C represents a vehicle end, T represents an intelligent terminal, and ID_TIndicating the number, ID, of the intelligent terminal_CIndicating vehicle end number, PE_SPublic key representing the expression SEncryption, PE_CRepresenting encryption with the public key of C, PE_TRepresenting encryption with the public key of T, SIG_SSignature by private key of S, SIG_CRepresenting signature by the private key of C, SIG_TRepresenting a signature by a private key of T, K_CTDenotes a session key, N, for secure encrypted communication between C and T, distributed by S_CTAnd N_CSDenotes the verification factor, N, generated by C_TSRepresenting a verification factor generated by T, and representing splicing operation by | l;

the authentication protocol performs the following detailed steps:

Secondly, the intelligent terminal receives a verification factor N sent by the vehicle terminal_CTThen, firstly, judging the value of the zone bit of the session key of the intelligent terminal, if the value of the zone bit of the session key of the intelligent terminal is true or 1, entering a safe keyless entry and starting stage, and terminating the identity authentication process; otherwise, the intelligent terminal verifies the factor N by using the private key pair of the intelligent terminal_CTSignature operation is carried out to obtain SIG_T(N_CT) Then, the intelligent terminal randomly generates a verification factor N_TSThen, searching the public key certificate of the cloud end stored in the first security module, and using the public key of the cloud end to convert N into N_TSAnd the intelligent terminal ID of the intelligent terminal_T、SIG_T(N_CT) Encrypting to obtain PE_S(N_TS,ID_T,SIG_T(N_CT) Then verify factor N) is applied_CTAnd PE_S(N_TS,ID_T,SIG_T(N_CT) The spliced data is sent to the vehicle end;

thirdly, the vehicle end receives the N sent by the intelligent terminal_CT||PE_S(N_TS,ID_T,SIG_T(N_CT) B) first judges the received N_CTWhether the value of (A) is equal to N sent to the intelligent terminal in the first step_CTThe values of (A) are the same; if two N_CTIf the values are different, terminating the identity authentication process; if two N_CTIf the values are the same, the vehicle end uses the private key of the vehicle end to verify the factor N_CTSignature operation is carried out to obtain SIG_C(N_CT) Then a new verification factor N is generated_CSThen, the public key certificate of the cloud end stored in the second security module is searched, and a verification factor N is obtained by using the public key of the cloud end_CSVerifying factor N_CTThe vehicle end number ID of the vehicle end_CAnd a signature value SIG_C(N_CT) Encrypting to obtain PE_S(N_CS,N_CT,ID_C,SIG_C(N_CT) ) and then PE_S(N_CS,N_CT,ID_C,SIG_C(N_CT) ) and PE_S(N_TS,ID_T,SIG_T(N_CT) ) send to the cloud after splicing;

fourthly, the cloud end receives the { PE transmitted by the vehicle end_S(N_CS,N_CT,ID_C,SIG_C(N_CT))||PE_S(N_TS,ID_T,SIG_T(N_CT) Etc. } then decrypt the PE with its own private key, respectively_S(N_CS,N_CT,ID_C,SIG_C(N_CT) ) and PE_S(N_TS,ID_T,SIG_T(N_CT) To obtain N)_CS、N_CT、ID_C、SIG_C(N_CT) And N_TS、ID_TAnd SIG_T(N_CT) (ii) a The cloud end is according to the vehicle end number ID of the vehicle end_CSearching whether the vehicle end is registered in the vehicle end information storage area in the credible cloud server at the cloud end, and if not, terminating the identity authentication process; if it is registeredThe cloud end continues to number the ID according to the intelligent terminal of the intelligent terminal_TSearching whether the intelligent terminal is registered in the intelligent terminal information storage area in the trusted cloud server at the cloud end, and if not, terminating the identity authentication process; if the vehicle end ID is registered, the cloud end continues to use the vehicle end ID according to the vehicle end number of the vehicle end_CFinding out the public key certificate corresponding to the vehicle terminal from the certificate server, and then using the public key in the public key certificate to SIG_C(N_CT) Operating to decrypt SIG_C(N_CT) N in (1)_CTThen the value of N_CTWith the just-from-PE_S(N_CS,N_CT,ID_C,SIG_C(N_CT) N obtained in (1)_CTComparing the values, if the values are different, indicating that the identity authentication of the vehicle end is not passed, terminating the identity authentication process; if the values are the same, the cloud end continues to use the intelligent terminal serial number ID of the intelligent terminal_TFinding out the public key certificate corresponding to the intelligent terminal from the certificate server, and then using the public key in the public key certificate to SIG_T(N_CT) Operating to decrypt SIG_T(N_CT) N in (1)_CTThen the value of N_CTWith the just-from-PE_S(N_CS,N_CT,ID_C,SIG_C(N_CT) N obtained in (1)_CTComparing the values, if the values are different, indicating that the identity authentication of the intelligent terminal is not passed, terminating the identity authentication process; if the values are the same, the cloud calls the third safety module to generate a session key K for the communication between the vehicle end and the intelligent terminal_CTAnd respectively pairing N with own private keys_CSAnd N_TSSigning to obtain SIG_S(N_CS) And SIG_S(N_TS) Then, the session key K is used_CTVehicle end number ID_CSignature value SIG_S(N_TS) Obtaining PE after encrypting by the public key of the intelligent terminal_T(K_CT,ID_C,SIG_S(N_TS) Next, the cloudPublic key pair K of vehicle end for end_CT、ID_TAnd SIG_S(N_CS) Carrying out encryption to obtain PE_C(K_CT,ID_T,SIG_S(N_CS) Then, the cloud will PE_C(K_CT,ID_T,SIG_S(N_CS) ) and PE_T(K_CT,ID_C,SIG_S(N_TS) The spliced data is sent to the vehicle end;

fifthly, the vehicle end receives the { PE from the cloud end_C(K_CT,ID_T,SIG_S(N_CS))||PE_T(K_CT,ID_C,SIG_S(N_TS) ) } then the PE is paired with its own private key_C(K_CT,ID_T,SIG_S(N_CS) Carry out decryption operation to obtain a session key K_CTID of intelligent terminal_TAnd SIG_S(N_CS) (ii) a Then, the vehicle end searches the public key certificate of the cloud end stored in the second security module, and uses the public key of the cloud end to pair SIG_S(N_CS) Performing operation to obtain N_CSThen the N is_CSAnd N sent to the cloud in the third step_CSComparing the values, if the values are different, indicating that the identity authentication on the cloud end is not passed, terminating the identity authentication process; if the values are the same, the vehicle end sends a session key K_CTStoring the session key into the vehicle-end session key safe storage area, and setting the flag bit of the vehicle-end session key to be true or 1; the vehicle end numbers the intelligent terminal ID_TStoring the intelligent terminal number storage area and establishing an intelligent terminal number ID_TWith session key K_CTSuch that ID is numbered by the smart terminal_TCan find the session key K_CT(ii) a The vehicle end then sends the PE_T(K_CT,ID_C,SIG_S(N_TS) Forward to the intelligent terminal;

sixthly, the intelligent terminal receives the PE forwarded by the vehicle terminal_T(K_CT,ID_C,SIG_S(N_TS))Then, the PE is paired with its own private key_T(K_CT,ID_C,SIG_S(N_TS) Carry out decryption operation to obtain K_CT、ID_CAnd SIG_S(N_TS) Then, the intelligent terminal searches the public key certificate of the cloud end stored in the first security module, and uses the public key of the cloud end to pair SIG_S(N_TS) Performing operation to obtain N_TSThen the N is_TSAnd N generated in the second step_TSComparing the values, if the values are different, indicating that the identity authentication on the cloud end is not passed, terminating the identity authentication process; if the values are the same, the intelligent terminal sends a session key K_CTStoring the session key into the secure storage area of the intelligent terminal, and setting the flag bit of the session key of the intelligent terminal to be true or 1; the intelligent terminal numbers the vehicle terminal_CStoring the serial number into the serial number storage area of the vehicle end and establishing the serial number ID of the vehicle end_CWith session key K_CTBy the association of vehicle-side numbers ID_CCan find the session key K_CT(ii) a At this point, the identity authentication is successfully completed;

secure keyless entry and start phase

After the identity authentication is successful and a session key is established, the vehicle end and the intelligent terminal pass through the session key K_CTCarrying out secure encrypted communication; in the communication process, the vehicle end passes through the intelligent terminal number ID stored in the intelligent terminal number storage area_TFinding out the session key K associated with the session key K and stored in the vehicle-side session key safe storage area_CT(ii) a The intelligent terminal passes through the vehicle end number ID stored in the vehicle end number storage area_CFinding out the session key K which is associated with the session key K and stored in the secure storage area of the session key of the intelligent terminal_CT；

secure keyless entry stage

The specific steps of the secure keyless entry stage are as follows:

a first step of triggering the keyless entry switch on the vehicle side;

secondly, the vehicle end judges the value of the flag bit of the session key of the vehicle end, and if the value of the flag bit of the session key of the vehicle end is true or 1, the next step is continued; otherwise, entering an identity authentication stage, and terminating the safe keyless entry process;

thirdly, the vehicle end generates a keyless entry request instruction and then uses the session key K_CTEncrypting the keyless entry request instruction, and sending the obtained keyless entry request instruction ciphertext to the intelligent terminal;

fourthly, after receiving the keyless entry request command ciphertext, the intelligent terminal firstly judges the value of the intelligent terminal session key existence zone bit, and if the value of the intelligent terminal session key existence zone bit is true or 1, the next step is continued; otherwise, entering an identity authentication stage, and terminating the safe keyless entry process;

fifthly, the intelligent terminal uses the session key K_CTDecrypting the keyless entry request command ciphertext to obtain the keyless entry request command;

sixthly, the intelligent terminal responds to the keyless entry request instruction to generate a keyless entry confirmation instruction, and then the session key K is used_CTEncrypting the keyless entry confirmation instruction, and sending the obtained keyless entry confirmation instruction ciphertext to the vehicle end;

seventhly, after the vehicle end receives the keyless entry confirmation instruction ciphertext, using the session key K_CTDecrypting to obtain the keyless entry confirmation instruction;

eighthly, the vehicle end executes the keyless entry confirmation instruction, and the vehicle door is unlocked;

safe keyless start phase

The specific steps of the safe keyless start phase are as follows:

a first step of triggering the keyless start switch on the vehicle side;

secondly, the vehicle end judges the value of the flag bit of the session key of the vehicle end, and if the value of the flag bit of the session key of the vehicle end is true or 1, the next step is continued; otherwise, entering an identity authentication stage, and terminating the safe keyless starting process;

thirdly, the vehicle end generates a keyless starting request instruction and then uses the session key K_CTEncrypting the keyless starting request instruction, and sending the obtained keyless starting request instruction ciphertext to the intelligent terminal;

fourthly, after receiving the keyless start request command ciphertext, the intelligent terminal firstly judges the value of the intelligent terminal session key existence zone bit, and if the value of the intelligent terminal session key existence zone bit is true or 1, the next step is continued; otherwise, entering an identity authentication stage, and terminating the safe keyless starting process;

fifthly, the intelligent terminal uses the session key K_CTDecrypting the keyless starting request command ciphertext to obtain the keyless starting request command;

sixthly, the intelligent terminal responds to the keyless start request instruction to generate a keyless start confirmation instruction, and then the session key K is used_CTEncrypting the keyless starting confirmation instruction, and sending the obtained keyless starting confirmation instruction ciphertext to the vehicle end;

seventhly, after the vehicle end receives the keyless start confirmation instruction ciphertext, using the session key K_CTDecrypting to obtain the keyless starting confirmation instruction;

and eighthly, executing the keyless starting confirmation instruction by the vehicle end, and starting the vehicle.

The invention has the following positive effects:

according to the invention, authentication is carried out through the cloud end, the vehicle end and the intelligent terminal, firstly, the legal safety of the three-party identity can be ensured, secondly, a session key for encrypting the communication between the vehicle end and the intelligent terminal can be generated by the cloud end in the authentication process, a new session key can be generated in each identity authentication, the risk that the communication between the vehicle key and the vehicle is cracked can be greatly reduced by frequent updating of the session key, and further, the risk that the vehicle is stolen or stolen can be reduced;

by using the intelligent terminal, an original vehicle key can be saved, and the original vehicle key can be stored in a safe place, so that the vehicle key can be prevented from being stolen or lost, and certainly, the intelligent terminal can also be stolen or lost; if the vehicle is stolen, because the legal vehicle end is registered at the cloud end, if the vehicle is stolen, the registration of the stolen vehicle end is cancelled by contacting the cloud end, the vehicle end cannot pass identity authentication next time, so that the vehicle cannot enter or start again, the vehicle cannot be used even if the vehicle is stolen, the vehicle theft rate can be effectively reduced, and the problem that the vehicle is stolen can be partially solved;

according to the authentication of the cloud, the vehicle end and the intelligent terminal are respectively authenticated by the cloud, and then the vehicle end and the intelligent terminal respectively authenticate the cloud, so that the direct mutual authentication of the intelligent terminal and the vehicle end is specially avoided, a public key certificate of the cloud is only required to be stored in a security module of the intelligent terminal, a large amount of public key certificates of different vehicle ends and/or other information related to security authentication and communication are avoided being greatly stored or frequently negotiated and exchanged in the intelligent terminal, and the consumption of storage and calculation resources of the intelligent terminal is reduced; because only the public key certificate of the cloud end needs to be stored in the intelligent terminal, the association and the correspondence between the intelligent terminal and the vehicle are realized by registering the corresponding vehicle and the intelligent terminal at the cloud end, the access and the starting of a plurality of vehicles under the permission of the cloud end by one intelligent terminal can be realized, and the access and the starting of one vehicle by a plurality of intelligent terminals can also be realized, namely, the one-to-many and many-to-one relationship between the intelligent terminal and the vehicle end is realized, so that the problem that the existing vehicle is usually provided with two keys, and the two conditions that a user with a plurality of vehicles and the same vehicle are often driven by a plurality of users are very inconvenient is solved; if vehicles of different brands are registered in the same cloud, the same intelligent terminal can enter and start the vehicles of different brands, so that the problem that vehicle keys are not universal among the vehicles of different brands is solved from the side;

in addition, proper session key storage time is respectively set at the vehicle end and the intelligent terminal, after the identity authentication is successful and the session key is obtained, the vehicle end and the intelligent terminal can encrypt and decrypt mutual communication through the session key for many times, when the session key storage time is counted down to zero, the identity authentication and the distribution of a new session key are required to be carried out again in the next communication, the situation that the session key information of the vehicle end and the intelligent terminal is not changed for a long time can be avoided, the use convenience can be considered, and the communication safety can be ensured. In conclusion, the vehicle keyless entry and starting system and method based on the internet of vehicles, provided by the invention, have the advantages that the safe vehicle keyless entry and starting based on the internet of vehicles is safe, reliable, simple and efficient, better use experience can be provided for vehicle users, and outstanding substantive characteristics and remarkable progress are realized.

Drawings

Fig. 1 is a schematic architecture diagram of a vehicle keyless entry and start system based on the internet of vehicles according to an embodiment of the invention.

Fig. 2 is another schematic diagram of the architecture of the keyless entry and start system of the vehicle based on the internet of vehicles according to one embodiment of the invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.

The embodiment of the invention provides a vehicle keyless entry and starting system based on an internet of vehicles, which comprises a cloud end, a vehicle end and an intelligent terminal, as shown in figure 1; the cloud end comprises a trusted cloud server, a certificate server and a third security module; the vehicle end comprises a vehicle entering and starting control module, a vehicle end short-range communication module and a second safety module; the intelligent terminal comprises an intelligent terminal control module, a terminal short-range communication module and a first safety module; the trusted cloud server is respectively connected with the certificate server and the third security module; the vehicle entering and starting control module is respectively connected with the vehicle-end short-range communication module and the second safety module; the intelligent terminal control module is respectively connected with the terminal short-range communication module and the first safety module; the trusted cloud server is in communication connection with the vehicle entry and start control module; the vehicle-end short-range communication module is in communication connection with the terminal short-range communication module; the certificate server respectively generates and stores public key certificates for the cloud end, the vehicle end and the intelligent terminal;

the first security module, the second security module and the third security module are used for providing a password service function and a secure storage function; the cryptographic service function comprises random number generation, signature operation, encryption and decryption operation and session key generation; the terminal short-range communication module is used for carrying out two-way communication with the vehicle-end short-range communication module; the vehicle entering and starting control module and the intelligent terminal control module are communicated through the vehicle end short-range communication module and the terminal short-range communication module respectively; the intelligent terminal control module calls a corresponding password service function and a corresponding safe storage function provided by the first safe module; the vehicle entering and starting control module calls a corresponding password service function and a corresponding safe storage function provided by the second safety module; the vehicle entering and starting control module is also communicated with the credible cloud server to receive, transmit and process information and data required by authentication; the trusted cloud server is in communication with the vehicle entry and launch control module; the trusted cloud server calls a corresponding cryptographic service function provided by the third security module; the trusted cloud server is also in communication with the certificate server to obtain digital certificate services; the intelligent terminal control module is also used for generating a keyless entry confirmation instruction and a keyless start confirmation instruction; the vehicle entering and starting control module is also used for generating a keyless entering request instruction and executing the keyless entering confirmation instruction; the vehicle entering and starting control module is also used for generating a keyless starting request instruction and executing the keyless starting confirmation instruction;

a vehicle end information storage area is arranged in the credible cloud server of the cloud end, and information stored in the vehicle end information storage area comprises vehicle end information to be subjected to keyless entry and starting; the vehicle end information comprises a vehicle end number; an intelligent terminal information storage area is arranged in the trusted cloud server of the cloud end, and information stored in the intelligent terminal information storage area comprises intelligent terminal information allowing keyless entry and starting of corresponding vehicles; the intelligent terminal information comprises an intelligent terminal number; the trusted cloud server of the cloud maintains correspondence and association between the vehicle side information and the intelligent terminal information; the vehicle end comprises a keyless entry switch and a keyless starting switch; the cloud end, the vehicle end and the intelligent terminal adopt a mode that the cloud end firstly respectively performs identity authentication on the vehicle end and the intelligent terminal, and then the vehicle end and the intelligent terminal respectively perform identity authentication on the cloud end.

As shown in fig. 2, the vehicle end is one or more; one or more intelligent terminals are provided; the vehicle-end short-range communication module of the vehicle end is in bidirectional communication with the terminal short-range communication modules of one or more intelligent terminals; the terminal short-range communication module of the intelligent terminal is in two-way communication with the vehicle-end short-range communication module of one or more vehicle ends; the trusted cloud server of the cloud communicates with the vehicle entry and launch control modules of one or more of the vehicle ends.

In one embodiment, the method comprises a preparation phase, an identity authentication phase and a safe keyless entry and starting phase;

preparation phase

identity authentication phase

The authentication protocol is as follows:

C->T: N_CT;

T->C: {N_CT||PE_S(N_TS,ID_T,SIG_T(N_CT))};

C->S: {PE_S(N_CS,N_CT,ID_C,SIG_C(N_CT))||PE_S(N_TS,ID_T,SIG_T(N_CT))};

S->C: {PE_C(K_CT,ID_T,SIG_S(N_CS))||PE_T(K_CT,ID_C,SIG_S(N_TS))};

C->T: PE_T(K_CT,ID_C,SIG_S(N_TS));

thirdly, the vehicle end receives the N sent by the intelligent terminal_CT||PE_S(N_TS,ID_T,SIG_T(N_CT) B) first judges the received N_CTWhether the value of (A) is equal to N sent to the intelligent terminal in the first step_CTThe values of (A) are the same; if two N_CTIf the values are different, the identity authentication process is terminated; if two N_CTIf the values are the same, the vehicle end uses the private key of the vehicle end to checkSyndrome factor N_CTSignature operation is carried out to obtain SIG_C(N_CT) Then a new verification factor N is generated_CSThen, the public key certificate of the cloud end stored in the second security module is searched, and a verification factor N is obtained by using the public key of the cloud end_CSVerifying factor N_CTThe vehicle end number ID of the vehicle end_CAnd a signature value SIG_C(N_CT) Encrypting to obtain PE_S(N_CS,N_CT,ID_C,SIG_C(N_CT) ) and then PE_S(N_CS,N_CT,ID_C,SIG_C(N_CT) ) and PE_S(N_TS,ID_T,SIG_T(N_CT) ) send to the cloud after splicing;

fourthly, the cloud end receives the { PE transmitted by the vehicle end_S(N_CS,N_CT,ID_C,SIG_C(N_CT))||PE_S(N_TS,ID_T,SIG_T(N_CT) Etc. } then decrypt the PE with its own private key, respectively_S(N_CS,N_CT,ID_C,SIG_C(N_CT) ) and PE_S(N_TS,ID_T,SIG_T(N_CT) To obtain N)_CS、N_CT、ID_C、SIG_C(N_CT) And N_TS、ID_TAnd SIG_T(N_CT) (ii) a The cloud end is according to the vehicle end number ID of the vehicle end_CSearching whether the vehicle end is registered in the vehicle end information storage area in the credible cloud server at the cloud end, and if not, terminating the identity authentication process; if the intelligent terminal ID is registered, the cloud end continues to code the intelligent terminal ID according to the intelligent terminal_TSearching whether the intelligent terminal is registered in the intelligent terminal information storage area in the trusted cloud server at the cloud end, and if not, terminating the identity authentication process; if the vehicle end ID is registered, the cloud end continues to use the vehicle end ID according to the vehicle end number of the vehicle end_CFinding out the public key certificate corresponding to the vehicle terminal from the certificate server, and then using the public key in the public key certificateKey pair SIG_C(N_CT) Operating to decrypt SIG_C(N_CT) N in (1)_CTThen the value of N_CTWith the just-from-PE_S(N_CS,N_CT,ID_C,SIG_C(N_CT) N obtained in (1)_CTComparing the values, if the values are different, indicating that the identity authentication of the vehicle end is not passed, terminating the identity authentication process; if the values are the same, the cloud end continues to use the intelligent terminal serial number ID of the intelligent terminal_TFinding out the public key certificate corresponding to the intelligent terminal from the certificate server, and then using the public key in the public key certificate to SIG_T(N_CT) Operating to decrypt SIG_T(N_CT) N in (1)_CTThen the value of N_CTWith the just-from-PE_S(N_CS,N_CT,ID_C,SIG_C(N_CT) N obtained in (1)_CTComparing the values, if the values are different, indicating that the identity authentication of the intelligent terminal is not passed, terminating the identity authentication process; if the values are the same, the cloud calls the third safety module to generate a session key K for the communication between the vehicle end and the intelligent terminal_CTAnd respectively pairing N with own private keys_CSAnd N_TSSigning to obtain SIG_S(N_CS) And SIG_S(N_TS) Then, the session key K is used_CTVehicle end number ID_CSignature value SIG_S(N_TS) Obtaining PE after encrypting by the public key of the intelligent terminal_T(K_CT,ID_C,SIG_S(N_TS) Next, the cloud end uses the public key pair K of the vehicle end_CT、ID_TAnd SIG_S(N_CS) Carrying out encryption to obtain PE_C(K_CT,ID_T,SIG_S(N_CS) Then, the cloud will PE_C(K_CT,ID_T,SIG_S(N_CS) ) and PE_T(K_CT,ID_C,SIG_S(N_TS) The spliced data is sent to the vehicle end;

the fifth stepThe vehicle end receives { PE from the cloud end_C(K_CT,ID_T,SIG_S(N_CS))||PE_T(K_CT,ID_C,SIG_S(N_TS) ) } then the PE is paired with its own private key_C(K_CT,ID_T,SIG_S(N_CS) Carry out decryption operation to obtain a session key K_CTID of intelligent terminal_T、SIG_S(N_CS) (ii) a Then, the vehicle end searches the public key certificate of the cloud end stored in the second security module, and uses the public key of the cloud end to pair SIG_S(N_CS) Performing operation to obtain N_CSThen the N is_CSAnd N sent to the cloud in the third step_CSComparing the values, if the values are different, indicating that the identity authentication on the cloud end is not passed, terminating the identity authentication process; if the values are the same, the vehicle end sends a session key K_CTStoring the session key into the vehicle-end session key safe storage area, and setting the flag bit of the vehicle-end session key to be true or 1; the vehicle end numbers the intelligent terminal ID_TStoring the intelligent terminal number storage area and establishing an intelligent terminal number ID_TWith session key K_CTSuch that ID is numbered by the smart terminal_TCan find the session key K_CT(ii) a The vehicle end then sends the PE_T(K_CT,ID_C,SIG_S(N_TS) Forward to the intelligent terminal;

secure keyless entry and start phase

secure keyless entry stage

The process of the secure keyless entry stage is as follows:

triggering the keyless entry switch on the vehicle end;

the vehicle end generates a keyless entry request command and then enablesUsing said session key K_CTEncrypting the keyless entry request instruction, and sending the obtained keyless entry request instruction ciphertext to the intelligent terminal;

the session key K for the intelligent terminal_CTDecrypting the keyless entry request command ciphertext to obtain the keyless entry request command;

safe keyless start phase

The process of the secure keyless start phase is as follows:

triggering the keyless start switch on the vehicle end;

In one embodiment, the communication between the vehicle end and the intelligent terminal means that the vehicle entering and starting control module of the vehicle end and the intelligent terminal control module of the intelligent terminal communicate with each other through the vehicle end short-range communication module and the terminal short-range communication module, respectively, and the communication content includes receiving and sending authentication data and encryption and decryption data;

In one embodiment, the first security module, the second security module and the third security module are security smart chips, the commercial cryptographic algorithms supported by the security smart chips include at least one of SM1, SM2 and SM3, and the supported international common cryptographic algorithms include at least one of 3DES, AES, RSA, SHA-1 and SHA-256; the secure intelligent chip supports storing a digital certificate; the safety intelligent chip provides a safety storage area and supports the safety storage of important information; the safety intelligent chip supports generation of random numbers; the certificate server maintains a certificate revocation list and provides a certificate revocation list query function; the terminal short-range communication module and the vehicle-end short-range communication module are one of an NFC communication module, an RFID communication module, a Bluetooth communication module, a WIFI communication module or an infrared communication module; the intelligent terminal is a smart phone, a smart key, a smart card, a tablet computer or a notebook computer.

In one embodiment, when the number of the vehicle terminals is multiple, the vehicle terminal session key secure storage area, the vehicle terminal session key existence flag bit, the intelligent terminal number storage area and the vehicle terminal session key existence time storage area are correspondingly set to be a corresponding plurality of groups; when a plurality of intelligent terminals are arranged, the intelligent terminal session key safe storage area, the intelligent terminal session key existing flag bit, the vehicle end number storage area and the intelligent terminal session key duration storage area are correspondingly arranged into a plurality of corresponding groups;

Based on the vehicle keyless entry and start system based on the internet of vehicles, the embodiment of the invention also provides a vehicle keyless entry and start method based on the safety of the internet of vehicles, which can be applied to the environments shown in fig. 1 and 2 and comprises a preparation stage, an identity authentication stage and a safety keyless entry and start stage;

preparation phase

identity authentication phase

The authentication protocol is as follows:

C->T: N_CT;

T->C: {N_CT||PE_S(N_TS,ID_T,SIG_T(N_CT))};

C->S: {PE_S(N_CS,N_CT,ID_C,SIG_C(N_CT))||PE_S(N_TS,ID_T,SIG_T(N_CT))};

S->C: {PE_C(K_CT,ID_T,SIG_S(N_CS))||PE_T(K_CT,ID_C,SIG_S(N_TS))};

C->T: PE_T(K_CT,ID_C,SIG_S(N_TS));

the authentication protocol performs the following detailed steps:

Secondly, the intelligent terminal receives a verification factor N sent by the vehicle terminal_CTThen, firstly, judging the value of the zone bit of the session key of the intelligent terminal, if the value of the zone bit of the session key of the intelligent terminal isIf true or 1, entering a safe keyless entry and starting stage, and terminating the identity authentication process; otherwise, the intelligent terminal verifies the factor N by using the private key pair of the intelligent terminal_CTSignature operation is carried out to obtain SIG_T(N_CT) Then, the intelligent terminal randomly generates a verification factor N_TSThen, searching the public key certificate of the cloud end stored in the first security module, and using the public key of the cloud end to convert N into N_TSAnd the intelligent terminal ID of the intelligent terminal_T、SIG_T(N_CT) Encrypting to obtain PE_S(N_TS,ID_T,SIG_T(N_CT) Then verify factor N) is applied_CTAnd PE_S(N_TS,ID_T,SIG_T(N_CT) The spliced data is sent to the vehicle end;

fourthly, the cloud end receives the { PE transmitted by the vehicle end_S(N_CS,N_CT,ID_C,SIG_C(N_CT))||PE_S(N_TS,ID_T,SIG_T(N_CT) Etc. } then decrypt the PE with its own private key, respectively_S(N_CS,N_CT,ID_C,SIG_C(N_CT) ) and PE_S(N_TS,ID_T,SIG_T(N_CT) To obtain N)_CS、N_CT、ID_C、SIG_C(N_CT) And N_TS、ID_TAnd SIG_T(N_CT) (ii) a The cloud end is according to the vehicle end number ID of the vehicle end_CSearching whether the vehicle end is registered in the vehicle end information storage area in the credible cloud server at the cloud end, and if not, terminating the identity authentication process; if the intelligent terminal ID is registered, the cloud end continues to code the intelligent terminal ID according to the intelligent terminal_TSearching whether the intelligent terminal is registered in the intelligent terminal information storage area in the trusted cloud server at the cloud end, and if not, terminating the identity authentication process; if the vehicle end ID is registered, the cloud end continues to use the vehicle end ID according to the vehicle end number of the vehicle end_CFinding out the public key certificate corresponding to the vehicle terminal from the certificate server, and then using the public key in the public key certificate to SIG_C(N_CT) Operating to decrypt SIG_C(N_CT) N in (1)_CTThen the value of N_CTWith the just-from-PE_S(N_CS,N_CT,ID_C,SIG_C(N_CT) N obtained in (1)_CTComparing the values, if the values are different, indicating that the identity authentication of the vehicle end is not passed, terminating the identity authentication process; if the values are the same, the cloud end continues to use the intelligent terminal serial number ID of the intelligent terminal_TFinding out the public key certificate corresponding to the intelligent terminal from the certificate server, and then using the public key in the public key certificate to SIG_T(N_CT) Operating to decrypt SIG_T(N_CT) N in (1)_CTThen the value of N_CTWith the just-from-PE_S(N_CS,N_CT,ID_C,SIG_C(N_CT) N obtained in (1)_CTComparing the values, if the values are different, indicating that the identity authentication of the intelligent terminal is not passed, terminating the identity authentication process; if the values are the same, the cloud calls the third safety module to generate a session key K for the communication between the vehicle end and the intelligent terminal_CTAnd respectively pairing N with own private keys_CSAnd N_TSSigning to obtain SIG_S(N_CS) And SIG_S(N_TS) Then, the session key K is used_CTVehicle end number ID_CSignature value SIG_S(N_TS) Obtaining PE after encrypting by the public key of the intelligent terminal_T(K_CT,ID_C,SIG_S(N_TS) Next, the cloud end uses the public key pair K of the vehicle end_CT、ID_TAnd SIG_S(N_CS) Carrying out encryption to obtain PE_C(K_CT,ID_T,SIG_S(N_CS) Then, the cloud will PE_C(K_CT,ID_T,SIG_S(N_CS) ) and PE_T(K_CT,ID_C,SIG_S(N_TS) The spliced data is sent to the vehicle end;

fifthly, the vehicle end receives the { PE from the cloud end_C(K_CT,ID_T,SIG_S(N_CS))||PE_T(K_CT,ID_C,SIG_S(N_TS) ) } then the PE is paired with its own private key_C(K_CT,ID_T,SIG_S(N_CS) Carry out decryption operation to obtain a session key K_CTID of intelligent terminal_TAnd SIG_S(N_CS) (ii) a Then, the vehicle end searches the public key certificate of the cloud end stored in the second security module, and uses the public key of the cloud end to pair SIG_S(N_CS) Performing operation to obtain N_CSThen the N is_CSAnd N sent to the cloud in the third step_CSIf the values are different, the identity authentication of the cloud is not passed, and then the cloud identity authentication is endedTerminating the identity authentication process; if the values are the same, the vehicle end sends a session key K_CTStoring the session key into the vehicle-end session key safe storage area, and setting the flag bit of the vehicle-end session key to be true or 1; the vehicle end numbers the intelligent terminal ID_TStoring the intelligent terminal number storage area and establishing an intelligent terminal number ID_TWith session key K_CTSuch that ID is numbered by the smart terminal_TCan find the session key K_CT(ii) a The vehicle end then sends the PE_T(K_CT,ID_C,SIG_S(N_TS) Forward to the intelligent terminal;

secure keyless entry and start phase

After the identity authentication is successful and the session key is established, the vehicle end is communicated with the intelligent terminalPassing the session key K_CTCarrying out secure encrypted communication; in the communication process, the vehicle end passes through the intelligent terminal number ID stored in the intelligent terminal number storage area_TFinding out the session key K associated with the session key K and stored in the vehicle-side session key safe storage area_CT(ii) a The intelligent terminal passes through the vehicle end number ID stored in the vehicle end number storage area_CFinding out the session key K which is associated with the session key K and stored in the secure storage area of the session key of the intelligent terminal_CT；

secure keyless entry stage

The specific steps of the secure keyless entry stage are as follows:

a first step of triggering the keyless entry switch on the vehicle side;

in the sixth step, the first step is carried out,the intelligent terminal responds to the keyless entry request instruction to generate a keyless entry confirmation instruction, and then uses the session key K_CTEncrypting the keyless entry confirmation instruction, and sending the obtained keyless entry confirmation instruction ciphertext to the vehicle end;

safe keyless start phase

The specific steps of the safe keyless start phase are as follows:

a first step of triggering the keyless start switch on the vehicle side;

sixthly, the intelligent terminal responds to the keyless starting request instruction to generate a keyless starting requestA key-actuated confirmation command, then using said session key K_CTEncrypting the keyless starting confirmation instruction, and sending the obtained keyless starting confirmation instruction ciphertext to the vehicle end;

The embodiments of the present invention have been described in detail with reference to the drawings, but the present invention is not limited to the above embodiments, and various changes can be made within the knowledge of those skilled in the art without departing from the gist of the present invention, and these are within the scope of the present invention. Therefore, the protection scope of the present invention should be subject to the appended claims.

Claims

1. The utility model provides a vehicle does not have key entering and start-up system based on car networking which characterized in that: the system comprises a cloud end, at least one vehicle end and at least one intelligent terminal; the cloud end comprises a trusted cloud server, a certificate server and a third security module; the vehicle end comprises a vehicle entering and starting control module, a vehicle end short-range communication module and a second safety module; the intelligent terminal comprises an intelligent terminal control module, a terminal short-range communication module and a first safety module; the trusted cloud server is respectively connected with the certificate server and the third security module; the vehicle entering and starting control module is respectively connected with the vehicle-end short-range communication module and the second safety module; the intelligent terminal control module is respectively connected with the terminal short-range communication module and the first safety module; the trusted cloud server is in communication connection with at least one vehicle entry and start control module; the vehicle-end short-range communication module is in communication connection with at least one terminal short-range communication module; the terminal short-range communication module is in communication connection with at least one vehicle-end short-range communication module;

the certificate server respectively generates and stores public key certificates for the cloud end, the vehicle end and the intelligent terminal; the first security module, the second security module and the third security module are used for providing a password service function and a secure storage function; the cryptographic service function comprises random number generation, signature operation, encryption and decryption operation and session key generation; the terminal short-range communication module is used for carrying out two-way communication with the vehicle-end short-range communication module; the vehicle entering and starting control module and the intelligent terminal control module are communicated through the vehicle end short-range communication module and the terminal short-range communication module respectively; the intelligent terminal control module calls a corresponding password service function and a corresponding safe storage function provided by the first safe module; the vehicle entering and starting control module calls a corresponding password service function and a corresponding safe storage function provided by the second safety module; the vehicle entering and starting control module is also communicated with the credible cloud server to receive, transmit and process information and data required by authentication; the trusted cloud server is in communication with the vehicle entry and launch control module; the trusted cloud server calls a corresponding cryptographic service function provided by the third security module; the trusted cloud server is also in communication with the certificate server to obtain digital certificate services; the intelligent terminal control module is also used for generating a keyless entry confirmation instruction and a keyless start confirmation instruction; the vehicle entering and starting control module is also used for generating a keyless entering request instruction and executing the keyless entering confirmation instruction; the vehicle entering and starting control module is also used for generating a keyless starting request instruction and executing the keyless starting confirmation instruction;

a vehicle end information storage area is arranged in the credible cloud server of the cloud end, and information stored in the vehicle end information storage area comprises vehicle end information to be subjected to keyless entry and starting; the vehicle end information comprises a vehicle end number; an intelligent terminal information storage area is arranged in the trusted cloud server of the cloud end, and information stored in the intelligent terminal information storage area comprises intelligent terminal information allowing keyless entry and starting of corresponding vehicles; the intelligent terminal information comprises an intelligent terminal number; the trusted cloud server of the cloud maintains correspondence and association between the vehicle side information and the intelligent terminal information; the vehicle end comprises a keyless entry switch and a keyless starting switch;

the cloud end, the vehicle end and the intelligent terminal adopt a mode that the cloud end firstly respectively performs identity authentication on the vehicle end and the intelligent terminal, and then the vehicle end and the intelligent terminal respectively perform identity authentication on the cloud end.

2. The internet-of-vehicles based vehicle keyless entry and start system of claim 1, wherein: the method comprises a preparation stage, an identity authentication stage and a safe keyless entry and starting stage;

preparation phase

identity authentication phase

The authentication protocol is as follows:

C->T: N_CT;

T->C: {N_CT||PE_S(N_TS,ID_T,SIG_T(N_CT))};

C->S: {PE_S(N_CS,N_CT,ID_C,SIG_C(N_CT))||PE_S(N_TS,ID_T,SIG_T(N_CT))};

S->C: {PE_C(K_CT,ID_T,SIG_S(N_CS))||PE_T(K_CT,ID_C,SIG_S(N_TS))};

C->T: PE_T(K_CT,ID_C,SIG_S(N_TS));

wherein S represents a cloud end, C represents a vehicle end,t denotes a smart terminal, ID_TIndicating the number, ID, of the intelligent terminal_CIndicating vehicle end number, PE_SIndicating encryption with the public key of S, PE_CRepresenting encryption with the public key of C, PE_TRepresenting encryption with the public key of T, SIG_SSignature by private key of S, SIG_CRepresenting signature by the private key of C, SIG_TRepresenting a signature by a private key of T, K_CTDenotes a session key, N, for secure encrypted communication between C and T, distributed by S_CTAnd N_CSDenotes the verification factor, N, generated by C_TSRepresenting a verification factor generated by T, and representing splicing operation by | l;

Secondly, the intelligent terminal receives a verification factor N sent by the vehicle terminal_CTThen, firstly, judging the value of the zone bit of the session key of the intelligent terminal, if the value of the zone bit of the session key of the intelligent terminal is true or 1, entering a safe keyless entry and starting stage, and terminating the identity authentication process; otherwise, the intelligent terminal verifies the factor N by using the private key pair of the intelligent terminal_CTSignature operation is carried out to obtain SIG_T(N_CT) Then, the intelligent terminal randomly generates a verification factor N_TSThen, searching the public key certificate of the cloud end stored in the first security module, and using the public key of the cloud end to convert N into N_TSAnd the intelligent terminal ID of the intelligent terminal_TAnd SIG_T(N_CT) Encrypting to obtain PE_S(N_TS,ID_T,SIG_T(N_CT) Then verify factor N) is applied_CTAnd PE_S(N_TS,ID_T,SIG_T(N_CT) ) spellingThen sending the data to the vehicle end;

fourthly, the cloud end receives the { PE transmitted by the vehicle end_S(N_CS,N_CT,ID_C,SIG_C(N_CT))||PE_S(N_TS,ID_T,SIG_T(N_CT) Etc. } then decrypt the PE with its own private key, respectively_S(N_CS,N_CT,ID_C,SIG_C(N_CT) ) and PE_S(N_TS,ID_T,SIG_T(N_CT) To obtain N)_CS、N_CT、ID_C、SIG_C(N_CT) And N_TS、ID_TAnd SIG_T(N_CT) (ii) a The cloud end is according to the vehicle end number ID of the vehicle end_CSearching whether the vehicle end is registered in the vehicle end information storage area in the credible cloud server at the cloud end, if not,terminating the identity authentication process; if the intelligent terminal ID is registered, the cloud end continues to code the intelligent terminal ID according to the intelligent terminal_TSearching whether the intelligent terminal is registered in the intelligent terminal information storage area in the trusted cloud server at the cloud end, and if not, terminating the identity authentication process; if the vehicle end ID is registered, the cloud end continues to use the vehicle end ID according to the vehicle end number of the vehicle end_CFinding out the public key certificate corresponding to the vehicle terminal from the certificate server, and then using the public key in the public key certificate to SIG_C(N_CT) Operating to decrypt SIG_C(N_CT) N in (1)_CTThen the value of N_CTWith the just-from-PE_S(N_CS,N_CT,ID_C,SIG_C(N_CT) N obtained in (1)_CTComparing the values, if the values are different, indicating that the identity authentication of the vehicle end is not passed, terminating the identity authentication process; if the values are the same, the cloud end continues to use the intelligent terminal serial number ID of the intelligent terminal_TFinding out the public key certificate corresponding to the intelligent terminal from the certificate server, and then using the public key in the public key certificate to SIG_T(N_CT) Operating to decrypt SIG_T(N_CT) N in (1)_CTThen the value of N_CTWith the just-from-PE_S(N_CS,N_CT,ID_C,SIG_C(N_CT) N obtained in (1)_CTComparing the values, if the values are different, indicating that the identity authentication of the intelligent terminal is not passed, terminating the identity authentication process; if the values are the same, the cloud calls the third safety module to generate a session key K for the communication between the vehicle end and the intelligent terminal_CTAnd respectively pairing N with own private keys_CSAnd N_TSSigning to obtain SIG_S(N_CS) And SIG_S(N_TS) Then, the session key K is used_CTVehicle end number ID_CSignature value SIG_S(N_TS) Obtaining PE after encrypting by the public key of the intelligent terminal_T(K_CT,ID_C,SIG_S(N_TS) Next, the cloud end uses the public key pair K of the vehicle end_CT、ID_TAnd SIG_S(N_CS) Carrying out encryption to obtain PE_C(K_CT,ID_T,SIG_S(N_CS) Then, the cloud will PE_C(K_CT,ID_T,SIG_S(N_CS) ) and PE_T(K_CT,ID_C,SIG_S(N_TS) The spliced data is sent to the vehicle end;

fifthly, the vehicle end receives the { PE from the cloud end_C(K_CT,ID_T,SIG_S(N_CS))||PE_T(K_CT,ID_C,SIG_S(N_TS) ) } then the PE is paired with its own private key_C(K_CT,ID_T,SIG_S(N_CS) Carry out decryption operation to obtain a session key K_CTID of intelligent terminal_T、SIG_S(N_CS) (ii) a Then, the vehicle end searches the public key certificate of the cloud end stored in the second security module, and uses the public key of the cloud end to pair SIG_S(N_CS) Performing operation to obtain N_CSThen the N is_CSAnd N sent to the cloud in the third step_CSComparing the values, if the values are different, indicating that the identity authentication on the cloud end is not passed, terminating the identity authentication process; if the values are the same, the vehicle end sends a session key K_CTStoring the session key into the vehicle-end session key safe storage area, and setting the flag bit of the vehicle-end session key to be true or 1; the vehicle end numbers the intelligent terminal ID_TStoring the intelligent terminal number storage area and establishing an intelligent terminal number ID_TWith session key K_CTSuch that ID is numbered by the smart terminal_TCan find the session key K_CT(ii) a The vehicle end then sends the PE_T(K_CT,ID_C,SIG_S(N_TS) Forward to the intelligent terminal;

secure keyless entry and start phase

secure keyless entry stage

The process of the secure keyless entry stage is as follows:

triggering the keyless entry switch on the vehicle end;

safe keyless start phase

The process of the secure keyless start phase is as follows:

triggering the keyless start switch on the vehicle end;

3. The internet-of-vehicles based vehicle keyless entry and start system of claim 2, wherein: the communication between the vehicle end and the intelligent terminal specifically means that the vehicle entering and starting control module of the vehicle end and the intelligent terminal control module of the intelligent terminal are communicated through the vehicle end short-range communication module and the terminal short-range communication module respectively, and the communication content comprises receiving and sending authentication data and encryption and decryption data;

4. The internet-of-vehicles based vehicle keyless entry and start system according to any one of claims 1 to 3, wherein: the first security module, the second security module and the third security module are all security intelligent chips, the commercial cryptographic algorithm supported by the security intelligent chips comprises at least one of SM1, SM2 and SM3, and the supported international common cryptographic algorithm comprises at least one of 3DES, AES, RSA, SHA-1 and SHA-256; the secure intelligent chip supports storing a digital certificate; the safety intelligent chip provides a safety storage area and supports the safety storage of important information; the safety intelligent chip supports generation of random numbers; the certificate server maintains a certificate revocation list and provides a certificate revocation list query function; the terminal short-range communication module and the vehicle-end short-range communication module are one of an NFC communication module, an RFID communication module, a Bluetooth communication module, a WIFI communication module or an infrared communication module; the intelligent terminal is a smart phone, a smart key, a smart card, a tablet computer or a notebook computer.

5. The internet-of-vehicles based vehicle keyless entry and start system according to claim 3, wherein: when a plurality of vehicle terminals are arranged, the vehicle terminal session key safe storage area, the vehicle terminal session key existing flag bit, the intelligent terminal number storage area and the vehicle terminal session key duration storage area are correspondingly arranged into a plurality of corresponding groups; when a plurality of intelligent terminals are arranged, the intelligent terminal session key safe storage area, the intelligent terminal session key existing flag bit, the vehicle end number storage area and the intelligent terminal session key duration storage area are correspondingly arranged into a plurality of corresponding groups;

6. A vehicle keyless entry and start method based on the vehicle keyless entry and start system based on the vehicle networking according to claim 1, characterized in that: the method comprises a preparation stage, an identity authentication stage and a safe keyless entry and starting stage;

preparation phase

identity authentication phase

The authentication protocol is as follows:

C->T: N_CT;

T->C: {N_CT||PE_S(N_TS,ID_T,SIG_T(N_CT))};

C->S: {PE_S(N_CS,N_CT,ID_C,SIG_C(N_CT))||PE_S(N_TS,ID_T,SIG_T(N_CT))};

S->C: {PE_C(K_CT,ID_T,SIG_S(N_CS))||PE_T(K_CT,ID_C,SIG_S(N_TS))};

C->T: PE_T(K_CT,ID_C,SIG_S(N_TS));

the authentication protocol performs the following detailed steps:

the fifth step, the vehicleThe vehicle end receives the PE from the cloud end_C(K_CT,ID_T,SIG_S(N_CS))||PE_T(K_CT,ID_C,SIG_S(N_TS) ) } then the PE is paired with its own private key_C(K_CT,ID_T,SIG_S(N_CS) Carry out decryption operation to obtain a session key K_CTID of intelligent terminal_TAnd SIG_S(N_CS) (ii) a Then, the vehicle end searches the public key certificate of the cloud end stored in the second security module, and uses the public key of the cloud end to pair SIG_S(N_CS) Performing operation to obtain N_CSThen the N is_CSAnd N sent to the cloud in the third step_CSComparing the values, if the values are different, indicating that the identity authentication on the cloud end is not passed, terminating the identity authentication process; if the values are the same, the vehicle end sends a session key K_CTStoring the session key into the vehicle-end session key safe storage area, and setting the flag bit of the vehicle-end session key to be true or 1; the vehicle end numbers the intelligent terminal ID_TStoring the intelligent terminal number storage area and establishing an intelligent terminal number ID_TWith session key K_CTSuch that ID is numbered by the smart terminal_TCan find the session key K_CT(ii) a The vehicle end then sends the PE_T(K_CT,ID_C,SIG_S(N_TS) Forward to the intelligent terminal;

sixthly, the intelligent terminal receives the PE forwarded by the vehicle terminal_T(K_CT,ID_C,SIG_S(N_TS) After that), the PE is paired with its own private key_T(K_CT,ID_C,SIG_S(N_TS) Carry out decryption operation to obtain K_CT、ID_CAnd SIG_S(N_TS) Then, the intelligent terminal searches the public key certificate of the cloud end stored in the first security module, and uses the public key of the cloud end to pair SIG_S(N_TS) Performing operation to obtain N_TSThen the N is_TSAnd N generated in the second step_TSValue of (A) intoComparing, if the values are different, indicating that the identity authentication on the cloud end is not passed, terminating the identity authentication process; if the values are the same, the intelligent terminal sends a session key K_CTStoring the session key into the secure storage area of the intelligent terminal, and setting the flag bit of the session key of the intelligent terminal to be true or 1; the intelligent terminal numbers the vehicle terminal_CStoring the serial number into the serial number storage area of the vehicle end and establishing the serial number ID of the vehicle end_CWith session key K_CTBy the association of vehicle-side numbers ID_CCan find the session key K_CT(ii) a At this point, the identity authentication is successfully completed;

secure keyless entry and start phase

secure keyless entry stage

The specific steps of the secure keyless entry stage are as follows:

a first step of triggering the keyless entry switch on the vehicle side;

thirdly, the vehicle end generates a keyless entry requestInstruct and then use the session key K_CTEncrypting the keyless entry request instruction, and sending the obtained keyless entry request instruction ciphertext to the intelligent terminal;

safe keyless start phase

The specific steps of the safe keyless start phase are as follows:

a first step of triggering the keyless start switch on the vehicle side;

thirdly, the vehicle end generates a keyless starting request instruction and then uses the session key K_CTThe keyless start request is referred toEncrypting and sending the obtained keyless starting request command ciphertext to the intelligent terminal;

7. The vehicle keyless entry and start method based on the internet of vehicles of claim 6, wherein: the communication between the vehicle end and the intelligent terminal specifically means that the vehicle entering and starting control module of the vehicle end and the intelligent terminal control module of the intelligent terminal are communicated through the vehicle end short-range communication module and the terminal short-range communication module respectively, and the communication content comprises receiving and sending authentication data and encryption and decryption data;

8. The vehicle keyless entry and start method according to claim 6 or 7, wherein: the first security module, the second security module and the third security module are all security intelligent chips, the commercial cryptographic algorithm supported by the security intelligent chips comprises at least one of SM1, SM2 and SM3, and the supported international common cryptographic algorithm comprises at least one of 3DES, AES, RSA, SHA-1 and SHA-256; the secure intelligent chip supports storing a digital certificate; the safety intelligent chip provides a safety storage area and supports the safety storage of important information; the safety intelligent chip supports generation of random numbers; the certificate server maintains a certificate revocation list and provides a certificate revocation list query function; the terminal short-range communication module and the vehicle-end short-range communication module are one of an NFC communication module, an RFID communication module, a Bluetooth communication module, a WIFI communication module or an infrared communication module; the intelligent terminal is a smart phone, a smart key, a smart card, a tablet computer or a notebook computer.

9. The vehicle keyless entry and start method based on the internet of vehicles of claim 7, wherein: when a plurality of vehicle terminals are arranged, the vehicle terminal session key safe storage area, the vehicle terminal session key existing flag bit, the intelligent terminal number storage area and the vehicle terminal session key duration storage area are correspondingly arranged into a plurality of corresponding groups; when a plurality of intelligent terminals are arranged, the intelligent terminal session key safe storage area, the intelligent terminal session key existing flag bit, the vehicle end number storage area and the intelligent terminal session key duration storage area are correspondingly arranged into a plurality of corresponding groups;