CN111970115A - Method, device, system and terminal for checking digital key - Google Patents
Method, device, system and terminal for checking digital key Download PDFInfo
- Publication number
- CN111970115A CN111970115A CN201910419145.8A CN201910419145A CN111970115A CN 111970115 A CN111970115 A CN 111970115A CN 201910419145 A CN201910419145 A CN 201910419145A CN 111970115 A CN111970115 A CN 111970115A
- Authority
- CN
- China
- Prior art keywords
- digital key
- key
- terminal
- information
- digital
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 61
- 238000012795 verification Methods 0.000 claims abstract description 39
- 239000000284 extract Substances 0.000 claims abstract description 8
- 238000010586 diagram Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 2
- 238000003672 processing method Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Abstract
The invention discloses a method, a device, a system and a terminal for checking a digital key, wherein the method comprises the following steps: the control server sends a first digital key to a second terminal based on the first terminal; the second terminal decrypts the first digital key and extracts first key information, wherein the first key information comprises control information of the second terminal; the control server sends a second digital key to the second terminal based on the first terminal; the second terminal judges whether the second digital key meets a non-first-time use condition; if so, the second terminal decrypts the second digital key to obtain second key information; the second terminal verifies the second key information and judges whether the second key information is the same as the first key information or not; if yes, the second terminal receives control of the second digital key; the invention can enable the second terminal to receive the digital key in a network-free state, reduce the verification time delay and increase the available scenes.
Description
Technical Field
The invention relates to the technical field of digital key verification, in particular to a digital key verification method, a digital key verification device, a digital key verification system and a digital key verification terminal.
Background
The digital key service is a key basic service of the internet of vehicles and is responsible for helping a user to open and close the door of the vehicle, allowing the vehicle to start and the like by using a mobile phone. The digital key service of the internet of vehicles usually requires the participation of components such as an internet of vehicles cloud Control server, an intelligent terminal, and an Electronic Control Unit (ECU) of the vehicle;
most of the existing digital key services can only issue digital keys in a vehicle networking state, and are difficult to meet the functional scene of sharing vehicles, for example, vehicle owners start vehicle sharing in mobile phones, and shared user mobile phones can control vehicles in a vehicle network-free environment (such as underground parking lots) after receiving the digital keys. In addition, because the digital key is checked every time, the whole digital key is required to be transmitted to the vehicle from the intelligent terminal, the key attribute information can be continuously transmitted repeatedly, the time delay of Bluetooth transmission is caused, and the actual vehicle control experience of a user is influenced.
Disclosure of Invention
In order to solve the technical problems, the invention discloses a digital key verification method, which can enable a second terminal to receive a digital key in a network-free state by acquiring the digital key through a first terminal, and reduce the digital key verification time delay, thereby effectively expanding the available scenes of the digital key and optimizing the user experience.
In order to achieve the above object, the present invention provides a method for verifying a digital key, the method comprising:
the control server sends a first digital key to a second terminal based on the first terminal;
the second terminal decrypts the first digital key and extracts first key information, wherein the first key information comprises control information of the second terminal;
the control server sends a second digital key to the second terminal based on the first terminal;
the second terminal judges whether the second digital key meets a non-first-time use condition;
if so, the second terminal decrypts the second digital key to obtain second key information;
the second terminal verifies the second key information and judges whether the second key information is the same as the first key information or not;
if yes, the second terminal accepts control of the second digital key.
The invention also provides a method for verifying the digital key, which comprises the following steps:
acquiring a first digital key based on a first terminal;
decrypting the first digital key and extracting first key information of the first digital key, wherein the first key information comprises control information of a second terminal;
acquiring a second digital key based on the first terminal;
judging whether the second digital key meets a non-first-time use condition;
if yes, decrypting the second digital key to obtain second key information;
checking the second key information and judging whether the second key information is the same as the first key information or not;
if so, control of the second digital key is accepted.
Further, after determining whether the second digital key satisfies the condition of non-first use, the method further includes:
if the first terminal does not meet the first requirement, acquiring a second digital key signature, a second digital key abstract and attribute information of the second digital key based on the first terminal;
judging whether the second digital key signature and the second digital key abstract meet a first preset condition;
if so, storing the attribute information of the second digital key, and decrypting the second digital key to obtain second key information of the second digital key;
checking second key information of the second digital key, and judging whether the second key information is the same as the first key information;
if so, control of the second digital key is accepted.
Further, the determining whether the second digital key signature and the second digital key digest satisfy a first preset condition includes:
reading a first digital key certificate to obtain a digest and a signature corresponding to the first digital key certificate;
judging whether the second digital key signature and the second digital key abstract are the same as the abstract and the signature corresponding to the first digital key certificate;
and if so, judging that the second digital key signature and the second digital key abstract meet a first preset condition.
Further, before decrypting the first digital key, the method further comprises:
acquiring a first digital key signature and a first digital key abstract;
judging whether the first digital key signature and the first digital key abstract meet a third preset condition;
if yes, the first digital key is decrypted.
Further, the determining whether the second digital key satisfies a condition of non-first use includes:
acquiring a second digital key serial number, and acquiring second data attribute information corresponding to the second digital key serial number according to the second digital key serial number;
judging whether the second data attribute information meets a second preset condition or not;
and if so, determining that the second digital key meets the condition of non-first-time use.
Further, the determining whether the second data attribute information satisfies a second preset condition includes:
reading pre-stored attribute information of the digital key;
judging whether the attribute information of the second digital key is the same as the attribute information of a pre-stored digital key or not;
and if so, judging that the second data attribute information meets a second preset condition.
The invention provides a checking device of a digital key, which comprises:
the first digital key acquisition module is used for acquiring a first digital key based on a first terminal;
the first digital key decryption module is used for decrypting the first digital key and extracting first key information of the first digital key, wherein the first key information comprises control information of a second terminal;
the second digital key acquisition module is used for acquiring a second digital key based on the first terminal;
the first judgment module is used for judging whether the second digital key meets the non-first-time use condition;
the second digital key decryption module is used for decrypting the second digital key to obtain second key information;
the verification judging module is used for verifying the second key information and judging whether the second key information is the same as the first key information;
and the execution module is used for receiving the control of the second digital key.
The invention provides a digital key checking system, which comprises a control server, a first terminal and a second terminal,
the control server is used for sending the first digital key and the second digital key to the first terminal;
the first terminal is used for sending a first digital key and a second digital key to the second terminal;
the second terminal is used for decrypting the first digital key and extracting first key information of the first digital key, wherein the first key information comprises control information of the second terminal; and for determining whether the second digital key satisfies a non-first use condition; and for decrypting the second digital key if satisfied to obtain second key information; the second key information is used for verifying the second key information and judging whether the second key information is the same as the first key information or not; and for accepting control of the second digital key if so.
The invention provides a digital key checking terminal, which comprises a processor and a memory, wherein the processor is used for processing a digital key;
the processor adapted to implement one or more instructions;
the memory stores one or more instructions, and the one or more instructions are suitable for being loaded and executed by the processor to realize the digital key verification method.
The embodiment of the invention has the following beneficial effects:
according to the digital key verification method disclosed by the invention, the digital key is obtained through the first terminal, so that the second terminal can receive the digital key in a network-free state, and the digital key verification time delay is reduced, thereby effectively expanding the available scene of the digital key and optimizing the user experience.
Drawings
In order to more clearly illustrate the method, device, system and terminal for verifying a digital key according to the present invention, the drawings required for the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a schematic flowchart of a method for verifying a digital key according to an embodiment of the present invention;
FIG. 2 is a schematic flowchart of a method for verifying a preferred digital key according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating a second method for determining a digital key according to an embodiment of the present invention;
FIG. 4 is a schematic flow chart illustrating another preferred method for verifying a digital key according to an embodiment of the present invention;
fig. 5 is a flowchart illustrating a second method for determining a digest and a signature of a digital key according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a verification apparatus for a digital key according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a verification terminal of a digital key according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or server that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
The invention can be applied to the control of the digital key to the vehicle; especially, the digital key is used for controlling the vehicle in a netless state of the vehicle.
Referring to fig. 1, which is a flow chart illustrating a method for verifying a digital key according to an embodiment of the present invention, the present specification provides the method operation steps as described in the embodiment or the flow chart, but may include more or less operation steps based on conventional or non-inventive labor. The sequence of steps recited in the embodiments is only one of the execution sequences of the steps, and does not represent the only execution sequence, and when the vehicle is in a netless state in practice, the steps can be executed according to the method sequence shown in the embodiments or the figures. Specifically, as shown in fig. 1, the method includes:
s101, a control server sends a first digital key to a second terminal based on a first terminal;
in the embodiment of the present specification, the control Server may be a Cloud control Server of an internet of vehicles, which may be referred to as Cloud-Server in the present application;
the first terminal can be an intelligent mobile terminal such as a smart phone; hereinafter, this application may be referred to as Mobile;
the second terminal may be a vehicle terminal;
specifically, the second terminal may be an ECU (Electronic Control Unit) at the vehicle end, which is responsible for receiving the first digital key, and may be referred to as a Download-ECU in the following of the application;
the second terminal may be an ECU (electronic control unit) which is responsible for receiving and controlling the vehicle terminal by the vehicle terminal, and may be referred to as Target-ECU in the present application;
the first digital key may be an encrypted digital key, which may be referred to hereinafter as DK-D;
in the embodiment of the present specification, the Download-ECU, which may be a vehicle side, acquires the first digital key DK-D transmitted from the Cloud-Server through the Mobile.
S103, the second terminal decrypts the first digital key and extracts first key information, wherein the first key information comprises control information of the second terminal;
in the embodiment of the specification, the second terminal, which may be a Download-ECU at the vehicle end, decrypts the first digital key, DK-D; so as to obtain the decrypted first digital key DK-DP and extract key information (which can be recorded as DK-DP-KeyInfo in the following of the application) required by the vehicle control end from the DK-DP; and the downlink-ECU at the vehicle end transmits the DK-DP-KeyInfo to the Target-ECU at the vehicle end and stores the DK-DP-KeyInfo.
S105, the control server sends a second digital key to the second terminal based on the first terminal;
in the embodiment of the present specification, the second digital key may be an encrypted digital key, which may be referred to as DK-N in the following of the present application;
the second terminal can be an ECU (electronic control unit) which is used for receiving the second digital key at the vehicle end, and the second terminal can be called as a NearField-ECU in the application;
specifically, in the embodiment of the present specification, the NearField-ECU on the vehicle side acquires the second digital key DK-N transmitted from the Cloud-Server through the Mobile.
S107, the second terminal judges whether the second digital key meets the non-first-time use condition;
in the embodiment of the specification, a NearField-ECU at the vehicle end acquires a second digital key serial number; judging whether attribute information of a second digital key corresponding to the second digital key serial number exists at the vehicle end;
and if so, judging that the second digital key DK-N meets the condition of non-first use.
In a preferred embodiment of the present description, if not present, the second digital key does not satisfy the non-first-use condition;
specifically, the second digital key may be DK-N, and at this time, the NearField-ECU at the vehicle end acquires the digest and the signature of the second digital key, and determines whether the digest and the signature of the second digital key are the same as the digest and the signature corresponding to the first digital key certificate; if yes, the NearField-ECU at the vehicle end decrypts the second digital key DK-N to obtain the decrypted second digital key DK-NP, extracts attribute information (which can be recorded as DK-NP-Attrinfo hereinafter) of the digital key from the DK-NP to check, stores the attribute information into the NearField-ECU at the vehicle end for key management after the attribute information passes the check, extracts key information (which can be recorded as DK-NP-KeyInfo hereinafter) required by controlling the vehicle from the DK-NP, and transmits the DK-NP-KeyInfo to the Target-ECU at the vehicle end to request the check.
S109, if yes, the second terminal decrypts the second digital key to obtain second key information;
in the embodiment of the specification, the second digital key may be DK-Lite-N, in this case, the NearField-ECU at the vehicle end collates the attribute information of the DK-Lite-N with the attribute information prestored in the NearField-ECU, and if the collated result is consistent, the NearField-ECU is used to decrypt the DK-Lite-N, so as to directly obtain the key information DK-NP-KeyInfo required for controlling the vehicle, and the NearField-ECU transmits the DK-NP-KeyInfo to the Target-ECU at the vehicle end to request the verification.
S111, the second terminal verifies the second key information and judges whether the second key information is the same as the first key information or not;
in the examples of the present specification, DK-NP-Attrinfo and DK-DP-KeyInfo were used for the calibration; judging whether the DK-NP-Attrinfo and the DK-DP-KeyInfo are the same or not;
and S113, if yes, the second terminal receives the control of the second digital key.
In the embodiment of the specification, the second terminal can be a vehicle terminal which allows the control of the second digital key DK-N; in particular, the vehicle door may be controlled as well as the ignition of the vehicle.
Referring to fig. 2, which is a schematic flow chart illustrating a method for verifying a preferred digital key according to an embodiment of the present invention, the present specification provides the method operation steps as described in the embodiment or the flow chart, but may include more or less operation steps based on conventional or non-inventive labor. The sequence of steps recited in the embodiments is only one of the execution sequences of the steps, and does not represent the only execution sequence, and when the vehicle is in a netless state in practice, the steps can be executed according to the method sequence shown in the embodiments or the figures. Specifically, as shown in fig. 2, the method includes:
s201, acquiring a first digital key based on a first terminal;
it should be noted that, in the embodiment of the present specification, the first terminal may be a smart phone Mobile;
the first digital key may be DK-D;
s203, decrypting the first digital key and extracting first key information of the first digital key, wherein the first key information comprises control information of a second terminal;
in an embodiment of the present specification, before decrypting the first digital key, the method further includes:
a1, acquiring a first digital key signature and a first digital key abstract;
a2, judging whether the first digital key signature and the first digital key abstract meet a third preset condition;
in an embodiment of the present specification, the third preset condition may be that the first digital key signature and the first digital key digest are the same as a digest and a signature corresponding to a preset digital key certificate;
specifically, the preset digital key certificate may be a digital key certificate corresponding to a digital key capable of controlling the second terminal.
A3, if yes, decrypting the first digital key.
S205, acquiring a second digital key based on the first terminal;
s207, judging whether the second digital key meets a non-first-use condition;
as shown in fig. 3, in the embodiment of the present disclosure, fig. 3 is a schematic flowchart of a second method for determining a digital key according to an embodiment of the present disclosure; specifically, the following is:
s301, acquiring a second digital key serial number, and acquiring second data attribute information corresponding to the second digital key serial number according to the second digital key serial number;
s303, judging whether the second data attribute information meets a second preset condition;
in the embodiment of the present specification, the second preset condition may be that the attribute information of the second digital key is the same as the pre-stored attribute information of the digital key; judging whether the attribute information of the second digital key is the same as the attribute information of the pre-stored digital key; the pre-stored attribute information of the digital key may be attribute information of the second digital key that is stored when the second digital key is first verified and that passes the first verification.
In an embodiment of this specification, the determining whether the second data attribute information satisfies a second preset condition includes:
s1, reading the pre-stored attribute information of the digital key;
in the embodiment of the specification, the second terminal (which may be a vehicle terminal) obtains attribute information of the first-verified digital key sent by the control Server (which may be a Cloud-Server) in advance through the first terminal (which may be a Mobile);
s2, judging whether the attribute information of the second digital key is the same as the attribute information of a pre-stored digital key;
specifically, prestored digital key attribute information existing in a second terminal, namely a NearField-ECU of a vehicle end is read, and whether the attribute information of the second digital key is the same as the prestored digital key attribute information is judged.
S3, if yes, judging that the second data attribute information meets a second preset condition;
and S305, if yes, judging that the second digital key meets the condition of non-first use.
S209, if yes, decrypting the second digital key to obtain second key information;
specifically, the second digital key can be decrypted by using a NearField-ECU at the vehicle end;
s211, verifying the second key information and judging whether the second key information is the same as the first key information;
and S213, if yes, receiving the control of the second digital key.
As can be seen from the embodiments of the method, the device, the system and the terminal for verifying a digital key provided by the present invention, the embodiment of the present invention obtains a first digital key based on a first terminal; decrypting the first digital key and extracting first key information of the first digital key, wherein the first key information comprises control information of a second terminal; acquiring a second digital key based on the first terminal; judging whether the second digital key meets a non-first-time use condition; if yes, decrypting the second digital key to obtain second key information; checking the second key information and judging whether the second key information is the same as the first key information or not; if yes, the control of the second digital key is accepted; by utilizing the technical scheme provided by the embodiment of the specification, the digital key is acquired through the first terminal, so that the second terminal can receive the digital key in a network-free state, and the time delay of digital key verification is reduced, thereby effectively expanding the available scene of the digital key and optimizing the user experience.
As shown in fig. 4, in another preferred embodiment of the present disclosure, fig. 4 is a schematic flow chart illustrating another preferred digital key verification method provided in an embodiment of the present invention; specifically, the following is:
s401, acquiring a first digital key based on a first terminal;
s403, decrypting the first digital key and extracting first key information of the first digital key, wherein the first key information comprises control information of a second terminal;
s405, acquiring a second digital key based on the first terminal;
s407, judging whether the second digital key meets a non-primary use condition;
s409, if the first terminal does not meet the requirement, acquiring a second digital key signature, a second digital key abstract and attribute information of the second digital key based on the first terminal;
in the embodiment of the specification, the second terminal (which may be a vehicle side) obtains the second digital key signature, the second digital key digest and the attribute information of the second digital key sent by the control Server (which may be a Cloud-Server) through the first terminal (which may be a Mobile);
s411, judging whether the second digital key signature and the second digital key abstract meet a first preset condition;
the first preset condition may be that the second digital key signature and the second digital key digest are the same as the digest and signature corresponding to the first digital key certificate;
specifically, as shown in fig. 5, in the embodiment of the present specification, fig. 5 is a schematic flow chart of a second digital key digest and signature determination method provided in the embodiment of the present invention; specifically, the following is:
501, reading a first digital key certificate to obtain a digest and a signature corresponding to the first digital key certificate;
in the embodiment of the present specification, the second terminal reads the first digital key certificate in the second terminal (which may be a NearField-ECU of the second terminal);
503, determining whether the second digital key signature and the second digital key digest are the same as the digest and the signature corresponding to the first digital key certificate;
and 505, if yes, determining that the second digital key signature and the second digital key abstract meet a first preset condition.
S413, if yes, saving the attribute information of the second digital key, and decrypting the second digital key to obtain second key information of the second digital key;
the attribute information of the second digital key is the digital key attribute information prestored at the vehicle side.
S415, verifying second key information of the second digital key, and determining whether the second key information is the same as the first key information;
and S417, if yes, receiving the control of the second digital key.
In a preferred embodiment of the present specification, in a vehicle wireless environment, a Download-ECU that transmits a digital key to a vehicle side is taken as an example: selecting an AES algorithm to encrypt key information (KeyInfo) of the digital key, selecting an ECC algorithm to encrypt a random key (SecretKey), selecting an SHA256 algorithm to calculate a digital key abstract, and selecting an ECDSA algorithm to generate a digital key signature; specifically, the following is:
a control Server (which can be Cloud-Server) randomly generates a random key (which can be secret key) for encrypting the key information of the digital key;
the Cloud-Server encrypts the SecretKey through the Download-ECU public key to obtain an Encrypted SecretKey;
the Cloud-Server encrypts key information (KeyInfo) of the digital key through the SecretKey to obtain Encrypted Keylnfo;
the Cloud-Server generates a digital key Digest (Digest) by using an SHA256 algorithm according to the serial number ID, Attrinfo, Encrypted KeyInfo and Encrypted SecretKey of the first digital key;
the Cloud-Server generates a digital key Signature (Signature) by adopting an ECDSA algorithm according to a private key corresponding to the digital key certificate and the digital key abstract;
the Cloud-Server transmits the digital key { ID, AtttrInfo, Encrypted KeyInfo, Encrypted SecretKey, Digest, Signature } to the first terminal (Mobile); the Mobile sends the digital key to a NearField-ECU of the vehicle end, and then the digital key is forwarded to a Download-ECU of the vehicle end through the NearField-ECU;
the Download-ECU adopts a digital key certificate to verify the abstract and the signature of the received digital key; if the abstract and the signature of the digital key pass verification, decrypting the Encrypted SecretKey by using a private key of a Download-ECU to obtain the SecretKey;
the Download-ECU decrypts Encrypted KeyInfo by using SecretKey to obtain KeyInfo;
and the Download-ECU transmits the obtained KeyInfo to a Target-ECU at the vehicle end for storage.
In another preferred embodiment of the present specification, in the present application, regarding the processing method for performing the first verification of the digital key in the vehicle wireless environment, the difference from the above-mentioned downlink-ECU transmitting the digital key to the vehicle side is that,
when the first verification is carried out, the secret key of the NearField-ECU is encrypted through the public key, the secret key of the NearField-ECU is decrypted through the private key of the NearField-ECU, the NearField-ECU is used for receiving and verifying the digital key, and meanwhile, the attribute information Attrinfo of the digital key is stored, so that the subsequent verification of the digital key is facilitated.
In another preferred embodiment of the present specification, in the present application, in a vehicle wireless environment, regarding a processing method for verifying the digital key for the second time or more, the digital key at this time may be defined as a lightweight digital key; the method comprises the following specific steps:
the Cloud-Server randomly generates a random key SecretKey of the key information of the digital key.
The Cloud-Server uses the NearField-ECU public key to encrypt the secretKey to obtain an Encrypted secretKey;
the Cloud-Server encrypts digital key information KeyInfo by using the SecretKey to obtain Encrypted KeyInfo;
the Cloud-Server issues the lightweight digital key { ID, Encrypted KeyInfo, Encrypted SecretKey } to Mobile.
Mobile forwards the lightweight digital key to the NearField-ECU.
The NearField-ECU confirms and checks the Attrinfo corresponding to the digital key ID, and decrypts Encrypted SecretKey by using the private key of the NearField-ECU to obtain the SecretKey:
the NearField-ECU decrypts Encrypted KeyInfo using secretekey to get KeyInfo:
the Download-ECU transmits KeyInfo to the Target-ECU check.
The Target-ECU compares whether KeyInfo is consistent with KeyInfo stored in advance, and if the KeyInfo is consistent with the KeyInfo, the vehicle is allowed to be controlled.
The embodiment of the present invention further provides a verification apparatus for a digital key, as shown in fig. 6, which is a schematic structural diagram of the verification apparatus for a digital key provided in the embodiment of the present invention; specifically, the device comprises:
a first digital key acquisition module 610, configured to acquire a first digital key based on a first terminal;
a first digital key decryption module 620, configured to decrypt the first digital key and extract first key information of the first digital key, where the first key information includes control information of a second terminal;
a second digital key acquisition module 630, configured to acquire a second digital key based on the first terminal;
a first determining module 640, configured to determine whether the second digital key meets a non-first-use condition;
a second digital key decryption module 650 for decrypting the second digital key to obtain second key information;
a verification judging module 660, configured to verify the second key information and judge whether the second key information is the same as the first key information;
and an execution module 670 for accepting control of the second digital key.
In the embodiment of this specification, still include:
the first acquisition module is used for acquiring a second digital key signature, a second digital key abstract and attribute information of a second digital key based on a first terminal;
the second judgment module is used for judging whether the second digital key signature and the second digital key abstract meet a first preset condition or not;
the first control module is used for storing the attribute information of the second digital key and decrypting the second digital key to obtain second key information of the second digital key;
the third judgment module is used for verifying second key information of the second digital key and judging whether the second key information is the same as the first key information;
and the second execution module is used for receiving the control of the second digital key.
In an embodiment of the present specification, the second determination module includes:
the first reading unit is used for reading a first digital key certificate so as to obtain a digest and a signature corresponding to the first digital key certificate;
the first judgment unit is used for judging whether the second digital key signature and the second digital key abstract are the same as the abstract and the signature corresponding to the first digital key certificate;
and the first judgment unit is used for judging that the second digital key signature and the second digital key abstract meet a first preset condition.
In the embodiment of this specification, still include:
and the second decryption module is used for decrypting the first digital key to obtain the first digital key signature.
In this embodiment, the first determining module 640 includes:
the first acquisition unit is used for acquiring a second digital key number and second data attribute information corresponding to the second digital key number;
a second judging unit, configured to judge whether the second data attribute information satisfies a second preset condition;
and a second determination unit configured to determine that the second digital key satisfies a non-primary use condition.
In an embodiment of the present specification, the second determination unit includes:
the first reading subunit is used for reading prestored digital key attribute information;
the first judgment subunit is used for judging whether the attribute information of the second digital key is the same as the attribute information of a pre-stored digital key;
and the first judging subunit is used for judging that the second data attribute information meets a second preset condition.
The embodiment of the invention also provides a system for checking the digital key, which is characterized in that: the system comprises a control server, a first terminal and a second terminal,
the control server is used for sending the first digital key and the second digital key to the first terminal;
the first terminal is used for sending a first digital key and a second digital key to the second terminal;
the second terminal is used for decrypting the first digital key and extracting first key information of the first digital key, wherein the first key information comprises control information of the second terminal; and for determining whether the second digital key satisfies a non-first use condition; and for decrypting the second digital key if satisfied to obtain second key information; the second key information is used for verifying the second key information and judging whether the second key information is the same as the first key information or not; and for accepting control of the second digital key if so.
The embodiment of the invention provides a digital key verification terminal, which comprises a processor and a memory;
the processor adapted to implement one or more instructions; the memory stores one or more instructions suitable for being loaded and executed by the processor to realize the digital key verification method according to the method embodiment.
The memory may be used to store software programs and modules, and the processor may execute various functional applications and data processing by operating the software programs and modules stored in the memory. The memory can mainly comprise a program storage area and a data storage area, wherein the program storage area can store an operating system, application programs needed by functions and the like; the storage data area may store data created according to use of the apparatus, and the like. Further, the memory may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. Accordingly, the memory may also include a memory controller to provide the processor access to the memory.
Fig. 7 is a schematic structural diagram of a verification terminal of a digital key according to an embodiment of the present invention, where the internal configuration of the verification terminal of the digital key may include, but is not limited to: the processor, the network interface and the memory in the verification terminal of the digital key may be connected by a bus or in other manners, and the connection by the bus is taken as an example in fig. 7 shown in the embodiment of the present specification.
The processor (or CPU) is a computing core and a control core of the verification terminal of the digital key. The network interface may optionally include a standard wired interface, a wireless interface (e.g., WI-FI, mobile communication interface, etc.). The Memory (Memory) is a Memory device in the verification terminal of the digital key and is used for storing programs and data. It is understood that the memory herein may be a high-speed RAM storage device, or may be a non-volatile storage device (non-volatile memory), such as at least one magnetic disk storage device; optionally, at least one memory device located remotely from the processor. The memory provides a storage space storing an operating system of the verification terminal of the digital key, which may include but is not limited to: windows system (an operating system), Linux (an operating system), etc., which are not limited thereto; also, one or more instructions, which may be one or more computer programs (including program code), are stored in the memory space and are adapted to be loaded and executed by the processor. In this embodiment, the processor loads and executes one or more instructions stored in the memory to implement the method for verifying the digital key provided in the above method embodiment.
Embodiments of the present invention also provide a storage medium, which may be disposed in a verification terminal of a digital key to store at least one instruction, at least one program, a code set, or an instruction set related to implementing a verification method of the digital key in the method embodiments, where the at least one instruction, the at least one program, the code set, or the instruction set may be loaded and executed by a processor of an electronic device to implement the verification method of the digital key provided in the method embodiments.
Optionally, in this embodiment, the storage medium may include, but is not limited to: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
As can be seen from the embodiments of the method, the device, the system and the terminal for verifying a digital key provided by the present invention, the embodiment of the present invention obtains a first digital key based on a first terminal; decrypting the first digital key and extracting first key information of the first digital key, wherein the first key information comprises control information of a second terminal; decrypting the first digital key to obtain a first digital key signature; acquiring a second digital key based on the first terminal; judging whether the second digital key meets a non-first-time use condition; specifically, a second digital key number and second data attribute information corresponding to the second digital key number are obtained; judging whether the second data attribute information meets a second preset condition or not; specifically, reading pre-stored attribute information of the digital key; judging whether the attribute information of the second digital key is the same as the attribute information of a pre-stored digital key or not; and if so, judging that the second data attribute information meets a second preset condition. And if so, determining that the second digital key meets the condition of non-first-time use. If yes, decrypting the second digital key to obtain second key information; checking the second key information and judging whether the second key information is the same as the first key information or not; if so, control of the second digital key is accepted.
If the first terminal does not meet the first requirement, acquiring a second digital key signature, a second digital key abstract and attribute information of the second digital key based on the first terminal; judging whether the second digital key signature and the second digital key abstract meet a first preset condition; specifically, a first digital key certificate is read to obtain a digest and a signature corresponding to the first digital key certificate; judging whether the second digital key signature and the second digital key abstract are the same as the abstract and the signature corresponding to the first digital key certificate; and if so, judging that the second digital key signature and the second digital key abstract meet a first preset condition. If so, storing the attribute information of the second digital key, and decrypting the second digital key to obtain second key information of the second digital key; checking second key information of the second digital key, and judging whether the second key information is the same as the first key information; if yes, the control of the second digital key is accepted; by utilizing the technical scheme provided by the embodiment of the specification, the digital key is acquired through the first terminal, so that the second terminal can receive the digital key in a network-free state, and the time delay of digital key verification is reduced, thereby effectively expanding the available scene of the digital key and optimizing the user experience.
It should be noted that: the precedence order of the above embodiments of the present invention is only for description, and does not represent the merits of the embodiments. And specific embodiments thereof have been described above. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. Especially, as for the device and terminal embodiments, since they are basically similar to the method embodiments, the description is relatively simple, and for the relevant points, refer to the partial description of the method embodiments.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
While the invention has been described in connection with what is presently considered to be the most practical and preferred embodiment, it is to be understood that the invention is not to be limited to the disclosed embodiment, but on the contrary, is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
Claims (10)
1. A method for verifying a digital key, comprising: the method comprises the following steps:
the control server sends a first digital key to a second terminal based on the first terminal;
the second terminal decrypts the first digital key and extracts first key information, wherein the first key information comprises control information of the second terminal;
the control server sends a second digital key to the second terminal based on the first terminal;
the second terminal judges whether the second digital key meets a non-first-time use condition;
if so, the second terminal decrypts the second digital key to obtain second key information;
the second terminal verifies the second key information and judges whether the second key information is the same as the first key information or not;
if yes, the second terminal accepts control of the second digital key.
2. A method for verifying a digital key, comprising: the method comprises the following steps:
acquiring a first digital key based on a first terminal;
decrypting the first digital key and extracting first key information of the first digital key, wherein the first key information comprises control information of a second terminal;
acquiring a second digital key based on the first terminal;
judging whether the second digital key meets a non-first-time use condition;
if yes, decrypting the second digital key to obtain second key information;
checking the second key information and judging whether the second key information is the same as the first key information or not;
if so, control of the second digital key is accepted.
3. The method for verifying a digital key according to claim 2, wherein: after the determining whether the second digital key satisfies the condition of non-first use, the method further includes:
if the first terminal does not meet the first requirement, acquiring a second digital key signature, a second digital key abstract and attribute information of the second digital key based on the first terminal;
judging whether the second digital key signature and the second digital key abstract meet a first preset condition;
if so, storing the attribute information of the second digital key, and decrypting the second digital key to obtain second key information of the second digital key;
checking second key information of the second digital key, and judging whether the second key information is the same as the first key information;
if so, control of the second digital key is accepted.
4. The method for verifying a digital key according to claim 3, wherein: the determining whether the second digital key signature and the second digital key digest satisfy a first preset condition includes:
reading a first digital key certificate to obtain a digest and a signature corresponding to the first digital key certificate;
judging whether the second digital key signature and the second digital key abstract are the same as the abstract and the signature corresponding to the first digital key certificate;
and if so, judging that the second digital key signature and the second digital key abstract meet a first preset condition.
5. The method for verifying a digital key according to claim 2, wherein: before decrypting the first digital key, the method further comprises:
acquiring a first digital key signature and a first digital key abstract;
judging whether the first digital key signature and the first digital key abstract meet a third preset condition;
if yes, the first digital key is decrypted.
6. The method for verifying a digital key according to claim 2, wherein: the judging whether the second digital key meets the condition of non-first use includes:
acquiring a second digital key serial number, and acquiring second data attribute information corresponding to the second digital key serial number according to the second digital key serial number;
judging whether the second data attribute information meets a second preset condition or not;
and if so, determining that the second digital key meets the condition of non-first-time use.
7. The method for verifying a digital key according to claim 6, wherein: the judging whether the second data attribute information meets a second preset condition includes:
reading pre-stored attribute information of the digital key;
judging whether the attribute information of the second digital key is the same as the attribute information of a pre-stored digital key or not;
and if so, judging that the second data attribute information meets a second preset condition.
8. A digital key verification device is characterized in that: the device comprises:
the first digital key acquisition module is used for acquiring a first digital key based on a first terminal;
the first digital key decryption module is used for decrypting the first digital key and extracting first key information of the first digital key, wherein the first key information comprises control information of a second terminal;
the second digital key acquisition module is used for acquiring a second digital key based on the first terminal;
the first judgment module is used for judging whether the second digital key meets the non-first-time use condition;
the second digital key decryption module is used for decrypting the second digital key to obtain second key information;
the verification judging module is used for verifying the second key information and judging whether the second key information is the same as the first key information;
and the execution module is used for receiving the control of the second digital key.
9. A system for verifying a digital key, comprising: the system comprises a control server, a first terminal and a second terminal,
the control server is used for sending the first digital key and the second digital key to the first terminal;
the first terminal is used for sending a first digital key and a second digital key to the second terminal;
the second terminal is used for decrypting the first digital key and extracting first key information of the first digital key, wherein the first key information comprises control information of the second terminal; and for determining whether the second digital key satisfies a non-first use condition; and for decrypting the second digital key if satisfied to obtain second key information; the second key information is used for verifying the second key information and judging whether the second key information is the same as the first key information or not; and for accepting control of the second digital key if so.
10. A check terminal of a digital key, characterized in that: the terminal comprises a processor and a memory;
the processor adapted to implement one or more instructions;
the memory storing one or more instructions adapted to be loaded and executed by the processor to implement the method of verifying a digital key according to any one of claims 2 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910419145.8A CN111970115B (en) | 2019-05-20 | 2019-05-20 | Digital key verification method, device, system and terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910419145.8A CN111970115B (en) | 2019-05-20 | 2019-05-20 | Digital key verification method, device, system and terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111970115A true CN111970115A (en) | 2020-11-20 |
| CN111970115B CN111970115B (en) | 2024-02-02 |
Family
ID=73358154
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910419145.8A Active CN111970115B (en) | 2019-05-20 | 2019-05-20 | Digital key verification method, device, system and terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111970115B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2003343133A (en) * | 2002-03-20 | 2003-12-03 | Matsushita Electric Ind Co Ltd | System and device for digital key |
| JP2012172325A (en) * | 2011-02-18 | 2012-09-10 | Kddi Corp | Smart key system of vehicle, vehicle operation method by smart key, and program |
| CN106301781A (en) * | 2016-07-27 | 2017-01-04 | 山东尼格电子技术有限公司 | A kind of Digital Automobile cloud key share system |
| CN106408702A (en) * | 2016-08-31 | 2017-02-15 | 长城汽车股份有限公司 | Authorization method of virtual keys, server and authorization system |
| CN106553617A (en) * | 2015-09-25 | 2017-04-05 | 上海汽车集团股份有限公司 | Control method for vehicle, sharing method and device |
| CN107689098A (en) * | 2017-09-05 | 2018-02-13 | 上海博泰悦臻电子设备制造有限公司 | The implementation method and system of bluetooth car key |
| CN109515384A (en) * | 2018-11-15 | 2019-03-26 | 浙江吉利汽车研究院有限公司 | Vehicle shared system and method based on digital key |
| CN112440935A (en) * | 2019-09-04 | 2021-03-05 | 宁波吉利汽车研究开发有限公司 | Vehicle Bluetooth key authorization method, device, system and storage medium |
| CN115396893A (en) * | 2022-08-26 | 2022-11-25 | 江苏先安科技有限公司 | Digital key issuing and verifying method and system |
-
2019
- 2019-05-20 CN CN201910419145.8A patent/CN111970115B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2003343133A (en) * | 2002-03-20 | 2003-12-03 | Matsushita Electric Ind Co Ltd | System and device for digital key |
| JP2012172325A (en) * | 2011-02-18 | 2012-09-10 | Kddi Corp | Smart key system of vehicle, vehicle operation method by smart key, and program |
| CN106553617A (en) * | 2015-09-25 | 2017-04-05 | 上海汽车集团股份有限公司 | Control method for vehicle, sharing method and device |
| CN106301781A (en) * | 2016-07-27 | 2017-01-04 | 山东尼格电子技术有限公司 | A kind of Digital Automobile cloud key share system |
| CN106408702A (en) * | 2016-08-31 | 2017-02-15 | 长城汽车股份有限公司 | Authorization method of virtual keys, server and authorization system |
| CN107689098A (en) * | 2017-09-05 | 2018-02-13 | 上海博泰悦臻电子设备制造有限公司 | The implementation method and system of bluetooth car key |
| CN109515384A (en) * | 2018-11-15 | 2019-03-26 | 浙江吉利汽车研究院有限公司 | Vehicle shared system and method based on digital key |
| CN112440935A (en) * | 2019-09-04 | 2021-03-05 | 宁波吉利汽车研究开发有限公司 | Vehicle Bluetooth key authorization method, device, system and storage medium |
| CN115396893A (en) * | 2022-08-26 | 2022-11-25 | 江苏先安科技有限公司 | Digital key issuing and verifying method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111970115B (en) | 2024-02-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3723399A1 (en) | Identity verification method and apparatus | |
| US10708062B2 (en) | In-vehicle information communication system and authentication method | |
| US9515829B2 (en) | Information distribution method, information distribution system and in-vehicle terminal | |
| CN109471865B (en) | Offline data management method, system, server and storage medium | |
| EP3648396B1 (en) | Maintenance system and maintenance method | |
| CN108762791B (en) | Firmware upgrading method and device | |
| CN110719173B (en) | Information processing method and device | |
| CN111107073B (en) | Application automatic login method and device, computer equipment and storage medium | |
| CN112559993B (en) | Identity authentication method, device and system and electronic equipment | |
| CN109145628B (en) | Data acquisition method and system based on trusted execution environment | |
| CN107733652B (en) | Unlocking method and system for shared vehicle and vehicle lock | |
| CN111586671B (en) | Embedded user identification card configuration method and device, communication equipment and storage medium | |
| WO2017206524A1 (en) | Electronic device control method, terminal and control system | |
| CN106131021B (en) | Request authentication method and system | |
| CN110690956A (en) | Bidirectional authentication method and system, server and terminal | |
| CN113329041A (en) | Method, apparatus, electronic device and storage medium for controlling a secure element | |
| EP2829996A1 (en) | Authentication method, authentication apparatus and authentication device | |
| CN111405016A (en) | User information acquisition method and related equipment | |
| CN107818255B (en) | Method for enhancing system security based on fingerprint identification encryption | |
| KR102389727B1 (en) | Method and apparatus for evaluating security of electronic controller in vehicle | |
| CN111444496A (en) | Application control method, device, equipment and storage medium | |
| CN115527292B (en) | Mobile phone terminal remote vehicle unlocking method of security chip and security chip device | |
| CN113542187A (en) | File uploading and downloading method and device, computer device and medium | |
| CN105100030B (en) | Access control method, system and device | |
| CN111970115B (en) | Digital key verification method, device, system and terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |