CN111669399A - Symmetric encryption system and method for vehicle Bluetooth key identity authentication mode - Google Patents

Symmetric encryption system and method for vehicle Bluetooth key identity authentication mode Download PDF

Info

Publication number
CN111669399A
CN111669399A CN202010554675.6A CN202010554675A CN111669399A CN 111669399 A CN111669399 A CN 111669399A CN 202010554675 A CN202010554675 A CN 202010554675A CN 111669399 A CN111669399 A CN 111669399A
Authority
CN
China
Prior art keywords
key
bluetooth
vehicle
vck
bluekey
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010554675.6A
Other languages
Chinese (zh)
Other versions
CN111669399B (en
Inventor
吕晓建
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Yueyu Intelligent Technology Co ltd
Original Assignee
Shanghai Yueyu Intelligent Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Yueyu Intelligent Technology Co ltd filed Critical Shanghai Yueyu Intelligent Technology Co ltd
Priority to CN202010554675.6A priority Critical patent/CN111669399B/en
Publication of CN111669399A publication Critical patent/CN111669399A/en
Application granted granted Critical
Publication of CN111669399B publication Critical patent/CN111669399B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R25/00Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
    • B60R25/10Fittings or systems for preventing or indicating unauthorised use or theft of vehicles actuating a signalling device
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R25/00Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
    • B60R25/20Means to switch the anti-theft system on or off
    • B60R25/24Means to switch the anti-theft system on or off using electronic identifiers containing a code not memorised by the user
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00658Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by passive electrical keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • H04L63/0838Network architectures or network communication protocols for network security for authentication of entities using passwords using one-time-passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mechanical Engineering (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to the technical field of identity authentication, in particular to a symmetric encryption system and a symmetric encryption method for an identity authentication mode of a vehicle Bluetooth key, wherein an intelligent Bluetooth module SBM and a Bluetooth key BlueKey are arranged, and the intelligent Bluetooth module SBM and the Bluetooth key BlueKey realize data transparent transmission through a low-power Bluetooth BLE; when the vehicle is produced, the intelligent Bluetooth module SBM is deployed on the vehicle and is connected with a key distribution center KDC through a LAN or 4G network to obtain and generate a vehicle master key CMPK; after sale, the Bluetooth key BlueKey is connected with a key distribution center KDC through a 4G network, a digital key VCK is generated after acquisition, the attached VCKINO information is sent back to the Bluetooth key BlueKey, and a functional relation exists between the generated vehicle master key CMPK and the digital key VCK; the invention solves the problem of information leakage, prevents the threat of replay attack without reducing the running speed, avoids the missing check and the replay attack, and has higher safety and wider applicability.

Description

Symmetric encryption system and method for vehicle Bluetooth key identity authentication mode
Technical Field
The invention relates to the technical field of identity authentication, in particular to a symmetric encryption system and method for a vehicle Bluetooth key identity authentication mode.
Background
The simplest identity authentication is an identity authentication system based on a Challenge/Response (Challenge/Response) mode, and a typical identity authentication process mainly comprises sequential processes of plaintext identity information exchange, bidirectional identity authentication, session key generation and bidirectional symmetric key communication. In the first step of identity authentication, identity information can be sent only in a plaintext mode, and technologies such as signature and the like are added to play an anti-counterfeiting role. Because the identity of the other party is not known yet at this time, no shared secret exists, and because the identity information is sent in a plaintext mode, the problem of information leakage exists, and the risk of replay attack exists.
The invention solves the problem of information leakage, an illegal user or an attacker can not acquire the information of a legal user any more, and can only acquire the fingerprint information, and the identity information plaintext can not be restored due to the irreversibility of the fingerprint data. The fourth step is to encrypt the data, and the encryption key is a one-time pad, so that an illegal user or attacker cannot implement replay attack.
Disclosure of Invention
Aiming at the defects of the prior art, the invention discloses a symmetric encryption system and a symmetric encryption method of a vehicle Bluetooth key identity authentication mode, which are used for solving the problems that information is leaked, an illegal user or an attacker can not obtain information of a legal user any more and can only obtain fingerprint information, the identity information plaintext cannot be restored due to the irreversibility of fingerprint data, and the illegal user or the attacker cannot implement replay attack because an encryption key is a one-time pad.
The invention is realized by the following technical scheme:
the invention discloses a symmetric encryption system of a vehicle Bluetooth key identity authentication mode, which is provided with an intelligent Bluetooth module SBM and a Bluetooth key BlueKey, wherein the intelligent Bluetooth module SBM and the Bluetooth key BlueKey realize data transparent transmission through a low-power Bluetooth BLE; when the vehicle is produced, the intelligent Bluetooth module SBM is deployed on the vehicle and is connected with a key distribution center KDC through a LAN or 4G network to obtain and generate a vehicle master key CMPK; after sale, the Bluetooth key BlueKey is connected with a key distribution center KDC through a 4G network, a digital key VCK is generated after acquisition, the attached VCKINO information is sent back to the Bluetooth key BlueKey, and a functional relation exists between the generated vehicle master key CMPK and the digital key VCK.
Further, a functional relationship between the vehicle master key CMPK and the digital key VCK exists between the digital key VCK and the digital key VCK, where F is a one-way hash message authentication code HMAC function and H is a one-way hash function.
Further, the VCKINFO information includes: VCKINFO ═ user ID, authority, key start time, key expiration time, vehicle characteristics, user mobile phone characteristics }; key fingerprint information; { DF ═ SHA256(VkeyInfo), eDF ═ ecdsa (DF) }.
Furthermore, the intelligent Bluetooth module SBM requests to acquire a vehicle master key CMPK, a key distribution center KDC generates the vehicle master key CMPK after agreeing with the request, the Bluetooth key BlueKey requests a digital key VCK, and the key distribution center KDC generates the digital key VCK after agreeing with the request and sends the information of the attached digital key VCKINO back to the Bluetooth key BlueKey.
Furthermore, the system is provided with a micro control unit MCU or a safety element SE, when the micro control unit MCU is arranged, safety logic is on the MCU, and an algorithm and a secret key are in a safety SDK on the MCU; when the secure element SE is set, the algorithm and the key are on the SE.
In a second aspect, the present invention discloses a symmetric encryption method for vehicle bluetooth key authentication, wherein the symmetric encryption system for vehicle bluetooth key authentication in the first aspect is used in the encryption method, and the symmetric encryption method comprises the following steps:
s1, when the vehicle is produced, the intelligent Bluetooth module SBM requests a key distribution center KDC to obtain and generate a vehicle master key CMPK;
s2, after sale, requesting the intelligent Bluetooth module SBM to carry out a plaintext handshaking process through the Bluetooth key, and simultaneously sending the vehicle information IDv and a random number N1 to the Bluetooth key by the intelligent Bluetooth module SBM to complete handshaking;
s3 requests the intelligent Bluetooth module SBM to perform bidirectional identity authentication through a Bluetooth key BlueKey, and checks and judges whether the identity authentication passes through a vehicle master key CMPK, a DF function and an F function;
s4 Bluetooth key receives the successful status of two-way identity authentication, enters into session key agreement, starts to generate random number N2/N3, uses the first digital key VCK to encrypt the mobile phone number information IDp/N2/N3, and sends to the intelligent Bluetooth module SBM;
the S5 intelligent Bluetooth module SBM decrypts information by using a second digital key VCK to obtain IDp/N2/N3, generates a first session key SK by using N2/N4, generates a first initial vector SSC by using N3/N5, and then encrypts IDv/N4/N5 by using the digital key VCK and sends the encrypted information back to a Bluetooth key BlueKey;
s6 Bluetooth key blue Key uses the first digital key VCK to decrypt IDv/N4/N5, uses N2/N4 to generate the second session key SK, and uses N3/N5 to generate the second initial vector SSC; encrypting the digital key VCKINFO through a second session key SK and a second initial vector SSC, and sending the encrypted digital key VCKINFO to the intelligent Bluetooth module SBM;
the S7 smart bluetooth module SBM decrypts the first session key SK and the first initial vector SSC to obtain VCKINFO, verifies DF ═ h (VCKINFO), and verifies all attributes of the key, returns to a successful state after the DF ═ h (VCKINFO), and completes the encryption after the key negotiation process is successful.
Furthermore, in S2, when performing a plaintext handshaking process, the bluetooth key bluetooth sends the mobile phone number information IDp to the smart bluetooth module SBM; the bluetooth module SBM stores in memory a copy of the vehicle information IDv and a random number N1N 1.
Furthermore, in S3, the bluetooth key requests the SBM to start a bidirectional authentication process, finds the first digital key VCK matching with the first digital key IDv, and sends the DF/eDF with N1 encrypted with the VCK to the smart bluetooth module SBM.
Furthermore, the intelligent Bluetooth module SBM uses the stored vehicle master keys CMPK and DF to calculate and store a second digital key VCK by using an F function; check eDF whether the DF is the correct signature; checking that the digital key VCK is not in the blacklist; decrypting N1' by using a digital key VCK, and checking whether the copy stored by the digital key VCK is matched with the copy stored by the digital key VCK; if all the checks are successful, the successful state is returned, and if any one of the checks is failed, the identity authentication process is stopped, and the error state is returned.
Further, in the encryption method, the symmetric encryption and decryption process is started by using the session key SK and the initial vector SSC by two parties, and the SSC is increased in each encryption.
The invention has the beneficial effects that:
1. the invention adopts the one-time pad technology, the key of each session is changed, the VCK is not directly utilized, the attacker is more difficult to crack, and even if the crack only affects one session (dozens of minutes), the security of the system is not greatly threatened;
2. the invention exchanges the fingerprint information of the key in the plaintext handshake stage, and utilizes the non-repudiation of the asymmetric signature (ECDSA) to prove that the key can only be issued by the owner KDC of the private key, thereby having higher security.
3. The vehicle control instruction utilizes an AES256CBC mode under the combined action of the session key and the initial vector, and the Nth instruction and the (N + 1) th instruction are different, so that the threat of replay attack is prevented.
4. The invention avoids the plaintext leakage of the entity information by the way of verifying the fingerprint first and then the entity, and the entity information ciphertext is encrypted and then transmitted, the fingerprint is generated again after decryption, and the secondary verification avoids the missing verification and the replay attack.
5. The invention does not reduce the operation efficiency of the original scheme and improves the safety.
6. The invention is suitable for the process of plaintext entity information exchange, replaces the process with the process of fingerprint information exchange and the subsequent ciphertext identity information verification process with the secret key, and has wide applicability.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a schematic diagram of a symmetric encryption system for vehicle Bluetooth key identity authentication;
FIG. 2 is a schematic step diagram of a symmetric encryption method for vehicle Bluetooth key authentication;
FIG. 3 is a schematic step diagram illustrating a vehicle transition concept according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a micro control unit MCU or a secure element SE according to an embodiment of the present invention;
fig. 5 is a diagram of an Sd online GATT interaction process according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
The embodiment discloses a symmetric encryption system of a vehicle bluetooth key identity authentication mode as shown in fig. 1, wherein the system is provided with an intelligent bluetooth module SBM and a bluetooth key BlueKey, and the intelligent bluetooth module SBM and the bluetooth key BlueKey realize data transparent transmission through a low-power-consumption bluetooth BLE; when the vehicle is produced, the intelligent Bluetooth module SBM is deployed on the vehicle and is connected with a key distribution center KDC through a LAN or 4G network to obtain and generate a vehicle master key CMPK; after sale, the Bluetooth key BlueKey is connected with a key distribution center KDC through a 4G network, a digital key VCK is generated after acquisition, the attached VCKINO information is sent back to the Bluetooth key BlueKey, and a functional relation exists between the generated vehicle master key CMPK and the digital key VCK.
There is a functional relationship between the vehicle master key CMPK and the digital key VCK, where F is a one-way hash message authentication code HMAC function and H is a one-way hash function, of the digital key VCK — F (CMPK, DF), and DF — H (vckinfo).
The VCKINFO information includes: VCKINFO ═ user ID, authority, key start time, key expiration time, vehicle characteristics, user mobile phone characteristics }; key fingerprint information; { DF ═ SHA256(VkeyInfo), eDF ═ ecdsa (DF) }.
The intelligent Bluetooth module SBM requests to acquire a vehicle master key CMPK, a key distribution center KDC generates the vehicle master key CMPK after agreeing with the request, the Bluetooth key BlueKey requests a digital key VCK, the key distribution center KDC generates the digital key VCK after agreeing with the request, and sends the information of the attached digital key VCKINO back to the Bluetooth key BlueKey.
The system is provided with a micro control unit MCU or a safety element SE, when the micro control unit MCU is arranged, referring to the figure 4, the safety logic is on the MCU, and the algorithm and the secret key are in the safety SDK on the MCU; when the secure element SE is set, the algorithm and the key are on the SE.
The embodiment solves the problems that information is leaked, an illegal user or an attacker can not obtain the information of a legal user any more and can only obtain fingerprint information, identity information plaintext cannot be restored due to the irreversibility of fingerprint data, and the illegal user or the attacker cannot carry out replay attack because an encryption key is a one-time pad
Example 2
The embodiment discloses a symmetric encryption method of a vehicle bluetooth key identity authentication mode as shown in fig. 2, which comprises the following steps:
s1, when the vehicle is produced, the intelligent Bluetooth module SBM requests a key distribution center KDC to obtain and generate a vehicle master key CMPK;
s2, after sale, requesting the intelligent Bluetooth module SBM to carry out a plaintext handshaking process through the Bluetooth key, and simultaneously sending the vehicle information IDv and a random number N1 to the Bluetooth key by the intelligent Bluetooth module SBM to complete handshaking;
s3 requests the intelligent Bluetooth module SBM to perform bidirectional identity authentication through a Bluetooth key BlueKey, and checks and judges whether the identity authentication passes through a vehicle master key CMPK, a DF function and an F function;
s4 Bluetooth key receives the successful status of two-way identity authentication, enters into session key agreement, starts to generate random number N2/N3, uses the first digital key VCK to encrypt the mobile phone number information IDp/N2/N3, and sends to the intelligent Bluetooth module SBM;
the S5 intelligent Bluetooth module SBM decrypts information by using a second digital key VCK to obtain IDp/N2/N3, generates a first session key SK by using N2/N4, generates a first initial vector SSC by using N3/N5, and then encrypts IDv/N4/N5 by using the digital key VCK and sends the encrypted information back to a Bluetooth key BlueKey;
s6 Bluetooth key blue Key uses the first digital key VCK to decrypt IDv/N4/N5, uses N2/N4 to generate the second session key SK, and uses N3/N5 to generate the second initial vector SSC; encrypting the digital key VCKINFO through a second session key SK and a second initial vector SSC, and sending the encrypted digital key VCKINFO to the intelligent Bluetooth module SBM;
the S7 smart bluetooth module SBM decrypts the first session key SK and the first initial vector SSC to obtain VCKINFO, verifies DF ═ h (VCKINFO), and verifies all attributes of the key, returns to a successful state after the DF ═ h (VCKINFO), and completes the encryption after the key negotiation process is successful.
In S2, when a plaintext handshaking process is carried out, the Bluetooth key BlueKey sends the mobile phone number information IDp to the intelligent Bluetooth module SBM; the bluetooth module SBM stores in memory a copy of the vehicle information IDv and a random number N1N 1.
In S3, the Bluetooth key BlueKey requests the SBM to start the bidirectional identity authentication process, finds the first digital key VCK matched according to IDv, and sends the DF/eDF with the VCK encrypted N1 to the intelligent Bluetooth module SBM.
The intelligent Bluetooth module SBM uses the stored vehicle master keys CMPK and DF, and calculates and stores a second digital key VCK by using an F function; check eDF whether the DF is the correct signature; checking that the digital key VCK is not in the blacklist; decrypting N1' by using a digital key VCK, and checking whether the copy stored by the digital key VCK is matched with the copy stored by the digital key VCK; if all the checks are successful, the successful state is returned, and if any one of the checks is failed, the identity authentication process is stopped, and the error state is returned.
In the encryption method, a symmetric encryption and decryption process is started by using a session key SK and an initial vector SSC by two parties, and the SSC is increased in each encryption.
The safe remote control method is characterized in that a Bluetooth Low Energy (BLE) technology is utilized, a 2.4GHz frequency band and an operating frequency (2.400GHz-2.4835GHz-ISM frequency band) are adopted, and 40 2-MHz channels are used.
In the embodiment, the encryption key of the vehicle control command is generated by using a random number, in the embodiment, the one-time pad technology is adopted for N2/N3/N4/N5, the key changes every time a session is carried out, instead of directly using VCK, an attacker is more difficult to crack, even if the crack only affects one session (dozens of minutes), and the security of the system is not greatly threatened.
The fingerprint information of the key is exchanged in the plaintext handshake stage, and the undeniability of the asymmetric signature (ECDSA) is utilized to prove that the key can only be issued by the owner KDC of the private key, so that the security is higher.
The vehicle control command utilizes an AES256CBC mode of the combined action of a session key and an initial vector, and the Nth command and the (N + 1) th command are different, so that the threat of replay attack is prevented.
The plaintext of the entity information is prevented from being leaked through a verification mode of firstly carrying out fingerprint verification and then carrying out entity verification, an entity information ciphertext is encrypted and then transmitted, the fingerprint is generated again after decryption, secondary verification is carried out, and verification missing and replay attack are avoided.
The method is suitable for the process of information exchange of the plain text entities, replaces the process of information exchange of the plain text entities with the process of fingerprint information exchange and subsequent ciphertext identity information verification with the secret key, and has wide applicability.
Example 3
The present embodiment discloses a system, which designs that a relationship of VCK ═ F (CMPK, DF), DF ═ H (vckinfo), exists between CMPK and VCK, where F is a one-way Hash Message Authentication Code (HMAC) function and H is a one-way hash function;
on a vehicle factory production line, the SBM and the KDC are connected through a LAN or a 4G network, the SBM requests to acquire a vehicle master key (CMPK), and the KDC agrees to the request to generate the CMPK.
After the automobile is sold, the Bluetooth key BlueKey and the KDC are connected through a 4G network, the BlueKey requests a digital key (VCK), the KDC agrees to the request, the VCK is generated, and the information of the VCKINO is attached to the VCK and sent back to the BlueKey.
The VCKINFO information includes: VCKINFO ═ user ID, authority, key start time, key expiration time, vehicle characteristics, user mobile phone characteristics }; key fingerprint information (ECDSA method) { DF ═ SHA256(VkeyInfo), eDF ═ ECDSA (DF) }
The BlueKey and the SBM are connected through BLE after automobile sales, and bidirectional identity authentication and conversation are carried out according to the steps in the figure 3:
(1) and the BlueKey requests the SBM to start a plaintext handshaking process and sends the mobile phone number information IDp to the SBM.
(2) The SBM sends the vehicle information IDv and a random number N1 to the BlueKey and saves a copy of N1 in memory to complete the handshaking process.
(3) The BlueKey requests the SBM to start a bidirectional identity authentication process, finds the matched first digital key VCK according to IDv, and sends the DF/eDF with N1 encrypted by the VCK to the SBM.
(4) The SBM uses the stored CMPK and the DF in the step 3, and uses an F function to calculate and store a second digital key VCK; check eDF whether the DF is the correct signature; checking that the VCK is not in the blacklist; decrypting N1' by using VCK, and checking whether the copy stored by the VCK is matched with the copy stored by the VCK; if all the checks are successful, the successful state is returned, and if any one of the checks is failed, the identity authentication process is stopped, and the error state is returned.
(5) When the BlueKey receives the status return of the successful bidirectional identity authentication, the session key agreement process is started, two random numbers N2/N3 are generated, the first digital key VCK is used for encrypting the mobile phone number information IDp/N2/N3, and the encrypted mobile phone number information IDp/N2/N3 is sent to the SBM.
(6) The SBM decrypts the information by using the second digital key VCK to obtain IDp/N2/N3, checks the IDp stored in the step 1, and generates two random numbers N4/N5 when matching; the first session key SK is generated using N2/N4, N3/N5 generates a first initial vector SSC and IDv/N4/N5 is sent back to the BlueKey using VCK encryption.
(7) The BlueKey is decrypted by using the first digital key VCK to obtain IDv/N4/N5, and whether the copy IDv saved in the step 2 is matched is checked; the second session key SK is generated using N2/N4 and N3/N5 generates a second initial vector SSC.
(8) The BlueKey encrypts VCKINFO by using a second session key SK and a second initial vector SSC and sends the VCKINFO to the SBM;
(9) the SBM decrypts the session key using the first session key SK and the first initial vector SSC to obtain VCKINFO, verifies DF ═ h (VCKINFO), verifies all attributes of the key, returns a success status after the DF ═ h (VCKINFO) is correct, and identifies that the session key agreement process is successful.
(10) The two parties start the symmetric encryption and decryption process by using the session key SK and the initial vector SSC, and the SSC is increased every time encryption is carried out, so that replay attack is prevented.
Example 4
This embodiment discloses a specific implementation process, as shown in fig. 5, steps 2 and 4 are an identity fingerprint information exchange process, step 4 is a bidirectional identity authentication process in the second half, step 6 is a session key agreement process, step 8 is a ciphertext identity information verification process, and step 10 and later are bidirectional symmetric key communication processes.
In the implementation process, the state transition of each step is clearly defined, and finally 6 states are defined. The encryption and decryption of the vehicle control instruction are implemented by deforming AES256CBC, the initial vector is Hash deformation of SSC, and the condition that accumulation only affects a few bytes after encryption and all bytes after deformation are avoided.
In the embedded system, due to limited computing resources, if there is no SE, the asymmetric signature operation with large computation amount is transformed into the symmetric signature operation, and HMAC-SHA256 is adopted in the implementation.
In conclusion, the invention adopts the one-time pad technology, the session key changes every time, the VCK is not directly utilized, the attacker is more difficult to crack, and even if the crack only affects one session (dozens of minutes), the security of the system is not greatly threatened; fingerprint information of the key is exchanged in a plaintext handshake stage, and the undeniability of the asymmetric signature (ECDSA) is utilized to prove that the key can only be issued by a KDC which is the owner of the private key, so that the security is higher.
The vehicle control command utilizes an AES256CBC mode of the combined action of a session key and an initial vector, and the Nth command and the (N + 1) th command are different, so that the threat of replay attack is prevented. The plaintext of the entity information is prevented from being leaked through a verification mode of firstly carrying out fingerprint verification and then carrying out entity verification, an entity information ciphertext is encrypted and then transmitted, the fingerprint is generated again after decryption, secondary verification is carried out, and verification missing and replay attack are avoided. The method is suitable for the process of information exchange of the plain text entities, replaces the process of information exchange of the plain text entities with the process of fingerprint information exchange and subsequent ciphertext identity information verification with the secret key, and has wide applicability.
The above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. A symmetric encryption system of a vehicle Bluetooth key identity authentication mode is characterized in that the system is provided with an intelligent Bluetooth module SBM and a Bluetooth key BlueKey, and the intelligent Bluetooth module SBM and the Bluetooth key BlueKey realize data transparent transmission through a low-power Bluetooth BLE; when the vehicle is produced, the intelligent Bluetooth module SBM is deployed on the vehicle and is connected with a key distribution center KDC through a LAN or 4G network to obtain and generate a vehicle master key CMPK; after sale, the Bluetooth key BlueKey is connected with a key distribution center KDC through a 4G network, a digital key VCK is generated after acquisition, the attached VCKINO information is sent back to the Bluetooth key BlueKey, and a functional relation exists between the generated vehicle master key CMPK and the digital key VCK.
2. The symmetric encryption system for vehicle bluetooth key identity authentication according to claim 1, wherein a functional relationship between the vehicle master key CMPK and the digital key VCK is digital key VCK (CMPK, DF), DF (H) (vckinfo), where F is a one-way hash message authentication code HMAC function and H is a one-way hash function.
3. The symmetric encryption system for vehicle bluetooth key authentication according to claim 1, wherein the VCKINFO information includes: VCKINFO ═ user ID, authority, key start time, key expiration time, vehicle characteristics, user mobile phone characteristics }; key fingerprint information; { DF ═ SHA256(VkeyInfo), eDF ═ ecdsa (DF) }.
4. The symmetric encryption system for the vehicle Bluetooth key identity authentication mode according to claim 1, wherein the SBM requests to obtain a vehicle master key CMPK, the key distribution center KDC generates the vehicle master key CMPK after agreeing with the request, the Bluetooth key BlueKey requests a digital key VCK, the key distribution center KDC generates the digital key VCK after agreeing with the request, and sends back the information of the attached digital key VCKINO to the Bluetooth key BlueKey.
5. The symmetric encryption system for the vehicle Bluetooth key identity authentication mode according to claim 1, wherein the system is provided with a Micro Control Unit (MCU) or a Secure Element (SE), when the MCU is arranged, the security logic is on the MCU, and the algorithm and the secret key are in a security SDK on the MCU; when the secure element SE is set, the algorithm and the key are on the SE.
6. A symmetric encryption method of a vehicle bluetooth key authentication method, the encryption method being performed using the symmetric encryption system of the vehicle bluetooth key authentication method according to any one of claims 1 to 5, the method comprising the steps of:
s1, when the vehicle is produced, the intelligent Bluetooth module SBM requests a key distribution center KDC to obtain and generate a vehicle master key CMPK;
s2, after sale, requesting the intelligent Bluetooth module SBM to carry out a plaintext handshaking process through the Bluetooth key, and simultaneously sending the vehicle information IDv and a random number N1 to the Bluetooth key by the intelligent Bluetooth module SBM to complete handshaking;
s3 requests the intelligent Bluetooth module SBM to perform bidirectional identity authentication through a Bluetooth key BlueKey, and checks and judges whether the identity authentication passes through a vehicle master key CMPK, a DF function and an F function;
s4 Bluetooth key receives the successful status of two-way identity authentication, enters into session key agreement, starts to generate random number N2/N3, uses the first digital key VCK to encrypt the mobile phone number information IDp/N2/N3, and sends to the intelligent Bluetooth module SBM;
the S5 intelligent Bluetooth module SBM decrypts information by using a second digital key VCK to obtain IDp/N2/N3, generates a first session key SK by using N2/N4, generates a first initial vector SSC by using N3/N5, and then encrypts IDv/N4/N5 by using the digital key VCK and sends the encrypted information back to a Bluetooth key BlueKey;
s6 Bluetooth key blue Key uses the first digital key VCK to decrypt IDv/N4/N5, uses N2/N4 to generate the second session key SK, and uses N3/N5 to generate the second initial vector SSC; encrypting the digital key VCKINFO through a second session key SK and a second initial vector SSC, and sending the encrypted digital key VCKINFO to the intelligent Bluetooth module SBM;
the S7 smart bluetooth module SBM decrypts the first session key SK and the first initial vector SSC to obtain VCKINFO, verifies DF ═ h (VCKINFO), and verifies all attributes of the key, returns to a successful state after the DF ═ h (VCKINFO), and completes the encryption after the key negotiation process is successful.
7. The symmetric encryption method for the vehicle bluetooth key identity authentication mode according to claim 6, wherein in S2, when performing a plaintext handshake process, the bluetooth key sends the mobile phone number information IDp to the smart bluetooth module SBM; the bluetooth module SBM stores in memory a copy of the vehicle information IDv and a random number N1N 1.
8. The symmetric encryption method for vehicle Bluetooth key authentication according to claim 6, wherein in S3, the Bluetooth key BlueKey requests the SBM to start the two-way authentication process, finds the first digital key VCK matching according to IDv, and sends DF/eDF with N1 encrypted by VCK to the smart Bluetooth module SBM.
9. The symmetric encryption method for vehicle bluetooth key identity authentication according to claim 8, wherein the intelligent bluetooth module SBM uses the stored vehicle master keys CMPK and DF to calculate and store the second digital key VCK using the F function; check eDF whether the DF is the correct signature; checking that the digital key VCK is not in the blacklist; decrypting N1' by using a digital key VCK, and checking whether the copy stored by the digital key VCK is matched with the copy stored by the digital key VCK; if all the checks are successful, the successful state is returned, and if any one of the checks is failed, the identity authentication process is stopped, and the error state is returned.
10. The symmetric encryption method for vehicle Bluetooth key identity authentication according to claim 6, wherein the symmetric encryption and decryption process is started by both parties using the session key SK and the initial vector SSC, and the SSC is incremented every time of encryption.
CN202010554675.6A 2020-06-17 2020-06-17 Symmetric encryption system and method for vehicle Bluetooth key identity authentication mode Active CN111669399B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010554675.6A CN111669399B (en) 2020-06-17 2020-06-17 Symmetric encryption system and method for vehicle Bluetooth key identity authentication mode

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010554675.6A CN111669399B (en) 2020-06-17 2020-06-17 Symmetric encryption system and method for vehicle Bluetooth key identity authentication mode

Publications (2)

Publication Number Publication Date
CN111669399A true CN111669399A (en) 2020-09-15
CN111669399B CN111669399B (en) 2022-04-22

Family

ID=72388329

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010554675.6A Active CN111669399B (en) 2020-06-17 2020-06-17 Symmetric encryption system and method for vehicle Bluetooth key identity authentication mode

Country Status (1)

Country Link
CN (1) CN111669399B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113347303A (en) * 2021-05-20 2021-09-03 一汽奔腾轿车有限公司 Information safety design method and system based on remote control parking
CN113709696A (en) * 2021-08-13 2021-11-26 支付宝(杭州)信息技术有限公司 Vehicle remote control method and device and key initialization method and device
CN113781678A (en) * 2021-09-01 2021-12-10 上汽通用五菱汽车股份有限公司 Vehicle Bluetooth key generation and authentication method and system under network-free environment
CN114267100A (en) * 2021-11-11 2022-04-01 北京智芯微电子科技有限公司 Unlocking authentication method and device, security chip and electronic key management system
CN114999031A (en) * 2022-05-26 2022-09-02 重庆长安汽车股份有限公司 Key management method for Bluetooth key safety vehicle control
CN115019423A (en) * 2022-06-27 2022-09-06 无锡融卡科技有限公司 Bluetooth vehicle key distribution system and implementation method thereof
CN115102726A (en) * 2022-06-07 2022-09-23 东风柳州汽车有限公司 Double-authentication matching method, device, system and equipment for remote control key
CN115565268A (en) * 2022-08-30 2023-01-03 星汉智能科技股份有限公司 Automobile control method and system based on wireless automobile key, electronic equipment and storage medium

Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104933793A (en) * 2015-06-11 2015-09-23 宁波飞拓电器有限公司 Two-dimension code electronic key implementation method based on digital signature
CN105577613A (en) * 2014-10-11 2016-05-11 电信科学技术研究院 Secret key information transmitting method, secret key information receiving method, equipment and system thereof
CN107040368A (en) * 2015-10-16 2017-08-11 大众汽车有限公司 Method for the guarded communication of vehicle
CN107914665A (en) * 2017-11-13 2018-04-17 南京汽车集团有限公司 A kind of vehicle remote security remote-control system and remote control thereof
CN108471351A (en) * 2018-06-27 2018-08-31 西南交通大学 Car networking certifiede-mail protocol method based on no certificate aggregate signature
CN109685961A (en) * 2019-03-04 2019-04-26 北京车联天下信息技术有限公司 Virtual vehicle key management device and electronic equipment
CN109874125A (en) * 2019-01-29 2019-06-11 上海博泰悦臻网络技术服务有限公司 The car owner's authorization method and system of bluetooth key, storage medium and vehicle Cloud Server
CN110167021A (en) * 2019-04-29 2019-08-23 江苏大学 A kind of Vehicular virtual key is realized and communication means
WO2019227933A1 (en) * 2018-06-01 2019-12-05 Beijing Didi Infinity Technology And Development Co., Ltd. Systems and methods for managing an item
CN110582056A (en) * 2019-09-25 2019-12-17 一汽轿车股份有限公司 vehicle starting control and vehicle management system and method based on virtual key
US20200099522A1 (en) * 2017-05-18 2020-03-26 Huawei International Pte. Ltd. Smartphones based vehicle access
CN111028397A (en) * 2019-05-28 2020-04-17 上海银基信息安全技术股份有限公司 Authentication method and device, and vehicle control method and device
CN111186414A (en) * 2019-12-31 2020-05-22 深圳前海智安信息科技有限公司 Automobile Bluetooth key safety management system and method
CN111200496A (en) * 2019-11-05 2020-05-26 储长青 Digital key implementation method based on vehicle

Patent Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105577613A (en) * 2014-10-11 2016-05-11 电信科学技术研究院 Secret key information transmitting method, secret key information receiving method, equipment and system thereof
CN104933793A (en) * 2015-06-11 2015-09-23 宁波飞拓电器有限公司 Two-dimension code electronic key implementation method based on digital signature
CN107040368A (en) * 2015-10-16 2017-08-11 大众汽车有限公司 Method for the guarded communication of vehicle
US20200099522A1 (en) * 2017-05-18 2020-03-26 Huawei International Pte. Ltd. Smartphones based vehicle access
CN107914665A (en) * 2017-11-13 2018-04-17 南京汽车集团有限公司 A kind of vehicle remote security remote-control system and remote control thereof
WO2019227933A1 (en) * 2018-06-01 2019-12-05 Beijing Didi Infinity Technology And Development Co., Ltd. Systems and methods for managing an item
CN108471351A (en) * 2018-06-27 2018-08-31 西南交通大学 Car networking certifiede-mail protocol method based on no certificate aggregate signature
CN109874125A (en) * 2019-01-29 2019-06-11 上海博泰悦臻网络技术服务有限公司 The car owner's authorization method and system of bluetooth key, storage medium and vehicle Cloud Server
CN109685961A (en) * 2019-03-04 2019-04-26 北京车联天下信息技术有限公司 Virtual vehicle key management device and electronic equipment
CN110167021A (en) * 2019-04-29 2019-08-23 江苏大学 A kind of Vehicular virtual key is realized and communication means
CN111028397A (en) * 2019-05-28 2020-04-17 上海银基信息安全技术股份有限公司 Authentication method and device, and vehicle control method and device
CN110582056A (en) * 2019-09-25 2019-12-17 一汽轿车股份有限公司 vehicle starting control and vehicle management system and method based on virtual key
CN111200496A (en) * 2019-11-05 2020-05-26 储长青 Digital key implementation method based on vehicle
CN111186414A (en) * 2019-12-31 2020-05-22 深圳前海智安信息科技有限公司 Automobile Bluetooth key safety management system and method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
A. MARS AND W. ADI: ""Clone-Resistant Entities for Vehicular Security"", 《2018 INTERNATIONAL CONFERENCE ON INNOVATIONS IN INFORMATION TECHNOLOGY (IIT)》 *
姚俊: ""数字车钥匙的设计与安全性研究"", 《汽车电器》 *

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113347303A (en) * 2021-05-20 2021-09-03 一汽奔腾轿车有限公司 Information safety design method and system based on remote control parking
CN113709696B (en) * 2021-08-13 2023-12-29 支付宝(杭州)信息技术有限公司 Vehicle remote control method and device, and key initialization method and device
CN113709696A (en) * 2021-08-13 2021-11-26 支付宝(杭州)信息技术有限公司 Vehicle remote control method and device and key initialization method and device
CN113781678A (en) * 2021-09-01 2021-12-10 上汽通用五菱汽车股份有限公司 Vehicle Bluetooth key generation and authentication method and system under network-free environment
CN114267100A (en) * 2021-11-11 2022-04-01 北京智芯微电子科技有限公司 Unlocking authentication method and device, security chip and electronic key management system
CN114267100B (en) * 2021-11-11 2024-05-14 北京智芯微电子科技有限公司 Unlocking authentication method and device, security chip and electronic key management system
CN114999031A (en) * 2022-05-26 2022-09-02 重庆长安汽车股份有限公司 Key management method for Bluetooth key safety vehicle control
CN115102726A (en) * 2022-06-07 2022-09-23 东风柳州汽车有限公司 Double-authentication matching method, device, system and equipment for remote control key
CN115102726B (en) * 2022-06-07 2024-04-05 东风柳州汽车有限公司 Dual authentication matching method, device, system and equipment for remote key
CN115019423A (en) * 2022-06-27 2022-09-06 无锡融卡科技有限公司 Bluetooth vehicle key distribution system and implementation method thereof
CN115019423B (en) * 2022-06-27 2023-10-24 无锡融卡科技有限公司 Bluetooth car key distribution system and implementation method thereof
CN115565268A (en) * 2022-08-30 2023-01-03 星汉智能科技股份有限公司 Automobile control method and system based on wireless automobile key, electronic equipment and storage medium
CN115565268B (en) * 2022-08-30 2024-04-05 星汉智能科技股份有限公司 Automobile control method and system based on wireless automobile key, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN111669399B (en) 2022-04-22

Similar Documents

Publication Publication Date Title
CN111669399B (en) Symmetric encryption system and method for vehicle Bluetooth key identity authentication mode
CN110177354B (en) Wireless control method and system for vehicle
CN110380852B (en) Bidirectional authentication method and communication system
EP0977396B1 (en) Method for establishing a key using over-the-air communication and password protocol
EP0651533B1 (en) Method and apparatus for privacy and authentication in a mobile wireless network
CN111464301B (en) Key management method and system
US8526606B2 (en) On-demand secure key generation in a vehicle-to-vehicle communication network
CN101640590B (en) Method for obtaining a secret key for identifying cryptographic algorithm and cryptographic center thereof
CN102572817B (en) Method and intelligent memory card for realizing mobile communication confidentiality
JP2002532985A (en) Improved subscriber authentication protocol
CN101340443A (en) Session key negotiating method, system and server in communication network
CN113781678B (en) Vehicle Bluetooth key generation and authentication method and system in networking-free environment
CN113630248B (en) Session key negotiation method
CN101090316A (en) Identify authorization method between storage card and terminal equipment at off-line state
CN113612610B (en) Session key negotiation method
CN114765534B (en) Private key distribution system and method based on national secret identification cryptographic algorithm
US20020199102A1 (en) Method and apparatus for establishing a shared cryptographic key between energy-limited nodes in a network
CN117081736A (en) Key distribution method, key distribution device, communication method, and communication device
CN113676448B (en) Offline equipment bidirectional authentication method and system based on symmetric key
CN114650173A (en) Encryption communication method and system
KR20010047563A (en) Public key based mutual authentication method in wireless communication system
CN113676330B (en) Digital certificate application system and method based on secondary secret key
CN113422753B (en) Data processing method, device, electronic equipment and computer storage medium
CN114386020A (en) Quick secondary identity authentication method and system based on quantum security
EP3185504A1 (en) Security management system for securing a communication between a remote server and an electronic device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant