CN111970115B - Digital key verification method, device, system and terminal - Google Patents
Digital key verification method, device, system and terminal Download PDFInfo
- Publication number
- CN111970115B CN111970115B CN201910419145.8A CN201910419145A CN111970115B CN 111970115 B CN111970115 B CN 111970115B CN 201910419145 A CN201910419145 A CN 201910419145A CN 111970115 B CN111970115 B CN 111970115B
- Authority
- CN
- China
- Prior art keywords
- digital key
- key
- terminal
- information
- digital
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 67
- 238000012795 verification Methods 0.000 title claims abstract description 60
- 239000000284 extract Substances 0.000 claims abstract description 7
- 238000010586 diagram Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 2
- 230000006855 networking Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000003672 processing method Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00309—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Lock And Its Accessories (AREA)
Abstract
The invention discloses a verification method, a verification device, a verification system and a verification terminal of a digital key, wherein the verification method comprises the following steps: the control server sends a first digital key to a second terminal based on the first terminal; the second terminal decrypts the first digital key and extracts first key information, wherein the first key information comprises control information of the second terminal; the control server sends a second digital key to the second terminal based on the first terminal; the second terminal judges whether the second digital key meets a non-first use condition or not; if yes, the second terminal decrypts the second digital key to obtain second key information; the second terminal checks the second key information and judges whether the second key information is identical to the first key information; if yes, the second terminal receives control of the second digital key; the invention can receive the digital key under the non-network state by the second terminal, reduce the verification time delay and increase the usable scene.
Description
Technical Field
The present invention relates to the field of digital key verification technologies, and in particular, to a digital key verification method, device, system, and terminal.
Background
The digital key service is a key basic service of the internet of vehicles, and is responsible for helping users open and close automobile doors by using a mobile phone, allowing the automobile to start and the like. The digital key service of the internet of vehicles generally requires the participation of components such as an internet of vehicles cloud control server, an intelligent terminal, an ECU (Electronic Control Unit ) of the vehicle and the like;
most of the existing digital key services can only send the digital key in a vehicle networking state, and cannot meet the function scene of sharing vehicles, for example, vehicle owners start vehicle sharing through mobile phones, and the shared user mobile phones can control vehicles in a vehicle networking environment (such as an underground parking lot) after receiving the digital key. In addition, because the whole digital key is required to be transmitted from the intelligent terminal to the vehicle every time the digital key is checked, key attribute information can be repeatedly transmitted continuously, so that the delay of Bluetooth transmission is caused, and the actual vehicle control verification of a user is influenced.
Disclosure of Invention
In order to solve the technical problems, the invention discloses a verification method of a digital key, which aims at the problems, and the digital key is acquired through a first terminal, so that a second terminal can receive the digital key in a netless state, the verification time delay of the digital key is reduced, the available scene of the digital key is effectively expanded, and the user experience is optimized.
In order to achieve the above object, the present invention provides a verification method for a digital key, the method comprising:
the control server sends a first digital key to a second terminal based on the first terminal;
the second terminal decrypts the first digital key and extracts first key information, wherein the first key information comprises control information of the second terminal;
the control server sends a second digital key to the second terminal based on the first terminal;
the second terminal judges whether the second digital key meets a non-first use condition or not;
if yes, the second terminal decrypts the second digital key to obtain second key information;
the second terminal checks the second key information and judges whether the second key information is identical to the first key information;
if yes, the second terminal receives control of the second digital key.
The invention also provides a verification method of the digital key, which comprises the following steps:
acquiring a first digital key based on a first terminal;
decrypting the first digital key and extracting first key information of the first digital key, wherein the first key information comprises control information of a second terminal;
Acquiring a second digital key based on the first terminal;
judging whether the second digital key meets a non-first use condition or not;
if yes, decrypting the second digital key to obtain second key information;
checking the second key information and judging whether the second key information is identical with the first key information;
if so, the control of the second digital key is accepted.
Further, after the determining whether the second digital key meets the non-first use condition, the method further includes:
if the digital key signature is not satisfied, acquiring the second digital key signature, the second digital key abstract and attribute information of the second digital key based on the first terminal;
judging whether the second digital key signature and the second digital key abstract meet a first preset condition or not;
if yes, the attribute information of the second digital key is saved, and the second digital key is decrypted to obtain second key information of the second digital key;
checking second key information of the second digital key and judging whether the second key information is identical with the first key information;
if so, the control of the second digital key is accepted.
Further, the determining whether the second digital key signature and the second digital key digest meet a first preset condition includes:
Reading a first digital key certificate to obtain a digest and a signature corresponding to the first digital key certificate;
judging whether the second digital key signature and the second digital key digest are the same as the digest and the signature corresponding to the first digital key certificate;
if yes, judging that the second digital key signature and the second digital key abstract meet a first preset condition.
Further, before decrypting the first digital key, the method further includes:
acquiring a first digital key signature and a first digital key abstract;
judging whether the first digital key signature and the first digital key abstract meet a third preset condition or not;
if yes, the first digital key is decrypted.
Further, the determining whether the second digital key meets a non-first use condition includes:
acquiring a second digital key sequence number, and acquiring second data attribute information corresponding to the second digital key sequence number according to the second digital key sequence number;
judging whether the second data attribute information meets a second preset condition or not;
if yes, judging that the second digital key meets the non-first use condition.
Further, the determining whether the second data attribute information meets a second preset condition includes:
Reading pre-stored digital key attribute information;
judging whether the attribute information of the second digital key is the same as the pre-stored attribute information of the digital key;
if yes, judging that the second data attribute information meets a second preset condition.
The invention provides a checking device of a digital key, which comprises:
the first digital key acquisition module is used for acquiring a first digital key based on the first terminal;
the first digital key decryption module is used for decrypting the first digital key and extracting first key information of the first digital key, wherein the first key information comprises control information of a second terminal;
the second digital key acquisition module is used for acquiring a second digital key based on the first terminal;
the first judging module is used for judging whether the second digital key meets the non-first use condition or not;
the second digital key decryption module is used for decrypting the second digital key to obtain second key information;
the verification judging module is used for verifying the second key information and judging whether the second key information is identical to the first key information or not;
and the execution module is used for receiving the control of the second digital key.
The invention provides a verification system of a digital key, which comprises a control server, a first terminal and a second terminal,
the control server is used for sending the first digital key and the second digital key to the first terminal;
the first terminal is used for sending a first digital key and a second digital key to the second terminal;
the second terminal is used for decrypting the first digital key and extracting first key information of the first digital key, wherein the first key information comprises control information of the second terminal; the method comprises the steps of judging whether the second digital key meets a non-first use condition or not; and for decrypting the second digital key to obtain second key information if satisfied; and the second key information is used for checking the second key information and judging whether the second key information is the same as the first key information or not; and the control unit is used for receiving the control of the second digital key if yes.
The invention provides a verification terminal of a digital key, which comprises a processor and a memory, wherein the processor is used for storing the digital key;
the processor is suitable for realizing one or more instructions;
the memory stores one or more instructions adapted to be loaded and executed by the processor to implement the digital key verification method as described above.
The embodiment of the invention has the following beneficial effects:
according to the digital key verification method disclosed by the invention, the digital key is acquired through the first terminal, so that the second terminal can receive the digital key in a netless state, the digital key verification time delay is reduced, the available scene of the digital key is effectively expanded, and the user experience is optimized.
Drawings
In order to more clearly illustrate the verification method, device, system and terminal of the digital key according to the present invention, the drawings required by the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic flow chart of a verification method for a digital key according to an embodiment of the present invention;
FIG. 2 is a schematic flow chart of a verification method for a preferred digital key according to an embodiment of the present invention;
FIG. 3 is a flowchart of a second method for determining a digital key according to an embodiment of the present invention;
FIG. 4 is a flow chart of another preferred digital key verification method according to an embodiment of the present invention;
FIG. 5 is a flowchart of a second digital key digest and signature determination method according to an embodiment of the present invention;
FIG. 6 is a schematic structural diagram of a checking device for a digital key according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a verification terminal of a digital key according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present invention and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or server that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
The invention can be applied to the control of the digital key to the vehicle; and particularly, the control of the digital key on the vehicle is realized under the condition that the vehicle is in a non-net state.
Referring to fig. 1, a flow chart of a verification method for a digital key according to an embodiment of the present invention is shown, and the present specification provides the method operation steps described in the embodiment or the flow chart, but may include more or fewer operation steps based on conventional or non-creative labor. The sequence of steps recited in the embodiments is only one of a plurality of execution sequences of steps, and does not represent a unique execution sequence, and may be executed in the sequence of the method shown in the embodiments or the drawings when the vehicle is in a non-net state in practice. As shown in fig. 1, the method includes:
s101, a control server sends a first digital key to a second terminal based on the first terminal;
in this embodiment of the present disclosure, the control Server may be a Cloud control Server of the internet of vehicles, which may be hereinafter referred to as a Cloud-Server;
the first terminal can be an intelligent mobile terminal such as an intelligent mobile phone; this application may be referred to hereinafter as Mobile;
the second terminal may be a vehicle terminal;
specifically, the second terminal may be an ECU (Electronic Control Unit ) that the vehicle end is responsible for receiving the first digital key, and may be hereinafter referred to as a downlink-ECU;
The second terminal, which may be an ECU that the vehicle end is responsible for receiving and controlling the vehicle end, may be hereinafter referred to as a Target-ECU;
the first digital key may be an encrypted digital key, hereinafter referred to as DK-D;
in the embodiment of the present specification, the downlink-ECU at the vehicle end may acquire the first digital key DK-D sent by the Cloud-Server through the Mobile.
S103, the second terminal decrypts the first digital key and extracts first key information, wherein the first key information comprises control information of the second terminal;
in the embodiment of the present specification, the second terminal may be a downlink-ECU at the vehicle end, which decrypts the first digital key, DK-D; to obtain the decrypted first digital key DK-DP, and extract key information (hereinafter referred to as DK-DP-KeyInfo) needed by the vehicle control end from the DK-DP; and the downlink-ECU at the vehicle end transmits the DK-DP-KeyInfo to the Target-ECU at the vehicle end and stores the DK-DP-KeyInfo.
S105, the control server sends a second digital key to the second terminal based on the first terminal;
in the present embodiment, the second digital key may be an encrypted digital key, which may be hereinafter referred to as DK-N;
The second terminal, which may be the ECU responsible for receiving the second digital key at the vehicle end, may be referred to hereinafter as the NearField-ECU;
specifically, in the embodiment of the present specification, the second digital key DK-N transmitted from the Cloud-Server is obtained by the needlefield-ECU at the vehicle end through the Mobile.
S107, the second terminal judges whether the second digital key meets a non-first use condition;
in the embodiment of the present specification, the NearField-ECU at the vehicle end acquires the second digital key number; judging whether attribute information of a second digital key corresponding to the second digital key serial number exists at the vehicle end or not;
if so, judging that the second digital key DK-N meets the non-first use condition.
In a preferred embodiment of the present description, the second digital key does not satisfy the non-primary use condition if not present;
specifically, the second digital key may be DK-N, and at this time, the NearField-ECU at the vehicle end obtains the digest and the signature of the second digital key, and determines whether the digest and the signature of the second digital key are the same as the digest and the signature corresponding to the first digital key certificate; if yes, the NearField-ECU at the vehicle end decrypts the second digital key DK-N to obtain the decrypted second digital key DK-NP, and the NearField-ECU extracts attribute information (which may be hereinafter referred to as DK-NP-AttrInfo) of the digital key from the DK-NP for verification, and after the verification passes, the information is stored in the NearField-ECU at the vehicle end for key management, and key information (which may be hereinafter referred to as DK-NP-KeyInfo) required for controlling the vehicle is extracted from the DK-NP, and the NearField-ECU transmits the DK-NP-KeyInfo to the Target-ECU at the vehicle end for verification.
S109, if yes, the second terminal decrypts the second digital key to obtain second key information;
in this embodiment of the present disclosure, the second digital key may be DK-Lite-N, where the sparfield-ECU at the vehicle end checks the attribute information of DK-Lite-N with the attribute information pre-stored by the sparfield-ECU, and if the check result is consistent, the sparfield-ECU decrypts the DK-Lite-N to directly obtain the key information DK-NP-KeyInfo, nearField-ECU required for controlling the vehicle, and transmits the DK-NP-KeyInfo to the Target-ECU at the vehicle end for verification.
S111, a second terminal checks the second key information and judges whether the second key information is identical with the first key information;
in the embodiment of the specification, DK-NP-AttrInfo and DK-DP-KeyInfo are adopted for verification; judging whether the DK-NP-AttrInfo and the DK-DP-KeyInfo are the same;
and S113, if yes, the second terminal receives control of the second digital key.
In the embodiment of the present specification, the second terminal may be a control that allows the second digital key DK-N to be used by the vehicle end; in particular, the vehicle door and ignition of the vehicle may be controlled.
Referring to fig. 2, a flow chart of a verification method for a preferred digital key according to an embodiment of the present invention is shown, and the present specification provides the method operation steps described in the examples or the flow chart, but may include more or less operation steps based on conventional or non-inventive labor. The sequence of steps recited in the embodiments is only one of a plurality of execution sequences of steps, and does not represent a unique execution sequence, and may be executed in the sequence of the method shown in the embodiments or the drawings when the vehicle is in a non-net state in practice. As shown in fig. 2, the method includes:
S201, acquiring a first digital key based on a first terminal;
in the embodiment of the present disclosure, the first terminal may be a Mobile phone;
the first digital key may be DK-D;
s203, decrypting the first digital key and extracting first key information of the first digital key, wherein the first key information comprises control information of a second terminal;
in an embodiment of the present disclosure, before decrypting the first digital key, the method further includes:
a1, acquiring a first digital key signature and a first digital key abstract;
a2, judging whether the first digital key signature and the first digital key abstract meet a third preset condition or not;
in this embodiment of the present disclosure, the third preset condition may be that the first digital key signature and the digest and signature of the first digital key are the same as those corresponding to the preset digital key certificate;
specifically, the preset digital key certificate may be a digital key certificate corresponding to a digital key capable of controlling the second terminal.
And A3, if yes, decrypting the first digital key.
S205, acquiring a second digital key based on the first terminal;
s207, judging whether the second digital key meets a non-first use condition;
As shown in fig. 3, in the embodiment of the present disclosure, fig. 3 is a schematic flow chart of a second digital key determination method according to an embodiment of the present disclosure; specifically, the following are adopted:
s301, acquiring a second digital key sequence number, and acquiring second data attribute information corresponding to the second digital key sequence number according to the second digital key sequence number;
s303, judging whether the second data attribute information meets a second preset condition;
in this embodiment of the present disclosure, the second preset condition may be that attribute information of the second digital key is the same as pre-stored attribute information of the digital key; that is, whether the attribute information of the second digital key is the same as the pre-stored attribute information of the digital key is judged; the pre-stored digital key attribute information may be attribute information of the second digital key that is stored when the second digital key is first checked and passed the first check.
In an embodiment of the present disclosure, the determining whether the second data attribute information meets a second preset condition includes:
s1, reading pre-stored digital key attribute information;
in the embodiment of the present specification, the second terminal (may be a vehicle end) obtains, through the first terminal (may be a Mobile), attribute information of the first verified digital key sent in advance by the control Server (may be a Cloud-Server);
S2, judging whether the attribute information of the second digital key is identical to the pre-stored attribute information of the digital key;
specifically, the attribute information of the pre-stored digital key existing in the second terminal, namely the NearField-ECU at the vehicle end, is read, and whether the attribute information of the second digital key is identical with the attribute information of the pre-stored digital key is judged.
S3, if yes, judging that the second data attribute information meets a second preset condition;
and S305, if yes, judging that the second digital key meets the non-first use condition.
S209, if yes, decrypting the second digital key to obtain second key information;
specifically, the second digital key may be decrypted using the vehicle-side NearField-ECU;
s211, checking the second key information and judging whether the second key information is identical to the first key information;
s213, if yes, the control of the second digital key is accepted.
The embodiments of the method, the device, the system and the terminal for verifying the digital key provided by the invention can be seen that the embodiment of the invention obtains the first digital key based on the first terminal; decrypting the first digital key and extracting first key information of the first digital key, wherein the first key information comprises control information of a second terminal; acquiring a second digital key based on the first terminal; judging whether the second digital key meets a non-first use condition or not; if yes, decrypting the second digital key to obtain second key information; checking the second key information and judging whether the second key information is identical with the first key information; if yes, receiving control of a second digital key; by utilizing the technical scheme provided by the embodiment of the specification, the digital key is acquired through the first terminal, so that the second terminal can receive the digital key in a non-network state, the verification time delay of the digital key is reduced, the available scene of the digital key is effectively expanded, and the user experience is optimized.
Referring to fig. 4, in another preferred embodiment of the present disclosure, fig. 4 is a schematic flow chart of a verification method of another preferred digital key according to an embodiment of the present disclosure; specifically, the following are adopted:
s401, acquiring a first digital key based on a first terminal;
s403, decrypting the first digital key and extracting first key information of the first digital key, wherein the first key information comprises control information of a second terminal;
s405, acquiring a second digital key based on the first terminal;
s407, judging whether the second digital key meets a non-first use condition;
s409, if not, acquiring a second digital key signature, a second digital key abstract and attribute information of a second digital key based on the first terminal;
in the embodiment of the present disclosure, the second terminal (may be a vehicle end) obtains, through the first terminal (may be a Mobile), a second digital key signature, a second digital key digest, and attribute information of the second digital key, which are sent by the control Server (may be a Cloud-Server);
s411, judging whether the second digital key signature and the second digital key abstract meet a first preset condition;
the first preset condition may be that the second digital key signature and the second digital key digest are the same as the digest and the signature corresponding to the first digital key certificate;
Specifically, as shown in fig. 5, in the embodiment of the present disclosure, fig. 5 is a schematic flow diagram of a second digital key digest and signature determination method provided in the embodiment of the present disclosure; specifically, the following are adopted:
501, reading a first digital key certificate to obtain a digest and a signature corresponding to the first digital key certificate;
in the present embodiment, the second terminal reads the first digital key certificate in the second terminal (which may be the second terminal's sparfield-ECU);
503, judging whether the second digital key signature and the second digital key digest are identical to the digest and the signature corresponding to the first digital key certificate;
and 505, if so, judging that the second digital key signature and the second digital key digest meet a first preset condition.
S413, if yes, storing the attribute information of the second digital key, and decrypting the second digital key to obtain second key information of the second digital key;
the attribute information of the second digital key is the attribute information of the digital key prestored at the vehicle end.
S415, checking second key information of the second digital key, and judging whether the second key information is identical with the first key information;
S417, if yes, control of the second digital key is accepted.
In a preferred embodiment of the present description, in a vehicle internet-free environment, a downlink-ECU that transmits a digital key to a vehicle side is exemplified: selecting key information (KeyInfo) of an AES algorithm for encrypting the digital key, selecting an ECC algorithm for encrypting a random key (secretKey), selecting an SHA256 algorithm for calculating a digital key abstract, and selecting an ECDSA algorithm for generating a digital key signature; specifically, the following are adopted:
the control Server (may be a Cloud-Server) randomly generates a random key (may be a SecretKey) for encrypting key information of the digital key;
the Cloud-Server encrypts the secretKey through the downlink-ECU public key to obtain Encrypted SecretKey;
the Cloud-Server encrypts key information (KeyInfo) of the digital key through the secretKey to obtain Encrypted Keylnfo;
the Cloud-Server generates a digital key Digest (Digest) by adopting an SHA256 algorithm according to the serial numbers ID, attrInfo, encrypted KeyInfo and Encrypted SecretKey of the first digital key;
the Cloud-Server generates a digital key Signature (Signature) by adopting an ECDSA algorithm according to a private key corresponding to the digital key certificate and the digital key abstract;
the Cloud-Server sends the digital key { ID, attrInfo, encryptedKeyInfo, encrypted SecretKey, digest, signature } to the first terminal (Mobile); the Mobile sends the digital key to the NearField-ECU of the vehicle end, and then forwards the digital key to the downlink-ECU of the vehicle end through the NearField-ECU;
The Download-ECU adopts the digital key certificate to verify the abstract and signature of the received digital key; if the digest and signature of the digital key pass the verification, decrypting Encrypted SecretKey by using the private key of the downlink-ECU to obtain a SecretKey;
the downlink-ECU uses the SecretKey to decrypt Encrypted KeyInfo to obtain KeyInfo;
and the downlink-ECU transmits the obtained KeyInfo to the Target-ECU at the vehicle end for storage.
In another preferred embodiment of the present specification, the processing method for first verification of a digital key in the vehicle-networking environment in the present application is different from the above-described Download-ECU that transmits the digital key to the vehicle side,
when the first verification is carried out, the secret key is encrypted through the public key of the NearField-ECU, the secret key is decrypted through the private key of the NearField-ECU, the NearField-ECU is used for receiving and verifying the digital key, and meanwhile, attribute information AttrInfo of the digital key is stored, so that the verification of the subsequent digital key is facilitated.
In another preferred embodiment of the present specification, in the present application, in a vehicle netless environment, regarding a processing method of performing verification of a digital key a second time or more, the digital key at this time may be defined as a lightweight digital key; the method comprises the following steps:
The Cloud-Server randomly generates a random key SecretKey for key information of the digital key.
The Cloud-Server encrypts the secretKey using the NearField-ECU public key to get Encrypted SecretKey;
the Cloud-Server encrypts digital key information KeyInfo by using the secretKey to obtain Encrypted KeyInfo;
the Cloud-Server issues the lightweight digital key { ID, encrypted KeyInfo, encrypted SecretKey } to Mobile.
Mobile forwards the lightweight digital key to the nearfieldecu.
The needlefield-ECU confirms the AttrInfo corresponding to the check digital key ID, decrypts Encrypted SecretKey using the secret key of the needlefield-ECU to obtain the SecretKey:
the needlefield-ECU decrypts Encrypted KeyInfo using the SecretKey to obtain KeyInfo:
the downlink-ECU transmits the KeyInfo to the Target-ECU for verification.
The Target-ECU compares whether the KeyInfo is identical to the prestored KeyInfo, and if so, allows control of the vehicle.
The embodiment of the invention also provides a verification device of the digital key, as shown in fig. 6, which is a schematic structural diagram of the verification device of the digital key provided by the embodiment of the invention; specifically, the device comprises:
a first digital key acquisition module 610 for acquiring a first digital key based on a first terminal;
A first digital key decryption module 620, configured to decrypt the first digital key and extract first key information of the first digital key, where the first key information includes control information of a second terminal;
a second digital key acquisition module 630, configured to acquire a second digital key based on the first terminal;
a first judging module 640, configured to judge whether the second digital key meets a non-first use condition;
a second digital key decryption module 650 for decrypting the second digital key to obtain second key information;
a verification judging module 660, configured to verify the second key information, and judge whether the second key information is the same as the first key information;
and an execution module 670, configured to accept control of the second digital key.
In this embodiment of the present specification, further includes:
the first acquisition module is used for acquiring the second digital key signature, the second digital key abstract and attribute information of the second digital key based on the first terminal;
the second judging module is used for judging whether the second digital key signature and the second digital key abstract meet a first preset condition or not;
the first control module is used for storing the attribute information of the second digital key and decrypting the second digital key to obtain second key information of the second digital key;
The third judging module is used for checking second key information of the second digital key and judging whether the second key information is identical with the first key information or not;
and the second execution module is used for receiving the control of the second digital key.
In an embodiment of the present disclosure, the second determining module includes:
the first reading unit is used for reading the first digital key certificate to obtain a digest and a signature corresponding to the first digital key certificate;
the first judging unit is used for judging whether the second digital key signature and the second digital key digest are the same as the digest and the signature corresponding to the first digital key certificate or not;
and the first judging unit is used for judging that the second digital key signature and the second digital key abstract meet a first preset condition.
In this embodiment of the present specification, further includes:
and the second decryption module is used for decrypting the first digital key to acquire the first digital key signature.
In the embodiment of the present disclosure, the first determining module 640 includes:
the first acquisition unit is used for acquiring a second digital key serial number and second data attribute information corresponding to the second digital key serial number;
the second judging unit is used for judging whether the second data attribute information meets a second preset condition or not;
And the second judging unit is used for judging that the second digital key meets the non-first use condition.
In an embodiment of the present specification, the second judging unit includes:
the first reading subunit is used for reading pre-stored digital key attribute information;
the first judging subunit is used for judging whether the attribute information of the second digital key is the same as the pre-stored attribute information of the digital key;
and the first judging subunit is used for judging that the second data attribute information meets a second preset condition.
The embodiment of the invention also provides a verification system of the digital key, which is characterized in that: the system comprises a control server, a first terminal and a second terminal,
the control server is used for sending the first digital key and the second digital key to the first terminal;
the first terminal is used for sending a first digital key and a second digital key to the second terminal;
the second terminal is used for decrypting the first digital key and extracting first key information of the first digital key, wherein the first key information comprises control information of the second terminal; the method comprises the steps of judging whether the second digital key meets a non-first use condition or not; and for decrypting the second digital key to obtain second key information if satisfied; and the second key information is used for checking the second key information and judging whether the second key information is the same as the first key information or not; and the control unit is used for receiving the control of the second digital key if yes.
The embodiment of the invention provides a verification terminal of a digital key, which comprises a processor and a memory;
the processor is suitable for realizing one or more instructions; the memory stores one or more instructions adapted to be loaded and executed by the processor to implement the method for verifying a digital key as described in the method embodiments above.
The memory may be used to store software programs and modules that the processor executes to perform various functional applications and data processing by executing the software programs and modules stored in the memory. The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, application programs required for functions, and the like; the storage data area may store data created according to the use of the device, etc. In addition, the memory may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device. Accordingly, the memory may also include a memory controller to provide access to the memory by the processor.
Fig. 7 is a schematic structural diagram of a verification terminal of a digital key according to an embodiment of the present invention, where the internal structure of the verification terminal of the digital key may include, but is not limited to: the processor, network interface and memory in the verification terminal of the digital key may be connected by a bus or other means, and in fig. 7 shown in the embodiment of the present specification, the connection by the bus is exemplified.
The processor (or CPU (Central Processing Unit, central processing unit)) is a computing core and a control core of the verification terminal of the digital key. The network interface may optionally include a standard wired interface, a wireless interface (e.g., WI-FI, mobile communication interface, etc.). A Memory (Memory) is a Memory device in the verification terminal of the digital key for storing programs and data. It will be appreciated that the memory herein may be a high speed RAM memory device or a non-volatile memory device, such as at least one magnetic disk memory device; optionally, at least one memory device located remotely from the processor. The memory provides a storage space that stores an operating system of the verification terminal of the digital key, which may include, but is not limited to: windows (an operating system), linux (an operating system), etc., as the present invention is not limited in this regard; also stored in the memory space are one or more instructions, which may be one or more computer programs (including program code), adapted to be loaded and executed by the processor. In the embodiment of the present disclosure, the processor loads and executes one or more instructions stored in the memory to implement the method for verifying the digital key provided in the above method embodiment.
Embodiments of the present invention also provide a storage medium that may be disposed in a verification terminal of a digital key to store at least one instruction, at least one program, a code set, or an instruction set related to a verification method for implementing one of the digital keys in the method embodiments, where the at least one instruction, the at least one program, the code set, or the instruction set may be loaded and executed by a processor of an electronic device to implement the verification method of the digital key provided in the method embodiments.
Alternatively, in the present embodiment, the storage medium may include, but is not limited to: a U-disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The embodiments of the method, the device, the system and the terminal for verifying the digital key provided by the invention can be seen that the embodiment of the invention obtains the first digital key based on the first terminal; decrypting the first digital key and extracting first key information of the first digital key, wherein the first key information comprises control information of a second terminal; decrypting the first digital key to obtain a first digital key signature; acquiring a second digital key based on the first terminal; judging whether the second digital key meets a non-first use condition or not; specifically, a second digital key sequence number and second data attribute information corresponding to the second digital key sequence number are obtained; judging whether the second data attribute information meets a second preset condition or not; specifically, pre-stored digital key attribute information is read; judging whether the attribute information of the second digital key is the same as the pre-stored attribute information of the digital key; if yes, judging that the second data attribute information meets a second preset condition. If yes, judging that the second digital key meets the non-first use condition. If yes, decrypting the second digital key to obtain second key information; checking the second key information and judging whether the second key information is identical with the first key information; if so, the control of the second digital key is accepted.
If the digital key signature is not satisfied, acquiring the second digital key signature, the second digital key abstract and attribute information of the second digital key based on the first terminal; judging whether the second digital key signature and the second digital key abstract meet a first preset condition or not; specifically, a first digital key certificate is read to obtain a digest and a signature corresponding to the first digital key certificate; judging whether the second digital key signature and the second digital key digest are the same as the digest and the signature corresponding to the first digital key certificate; if yes, judging that the second digital key signature and the second digital key abstract meet a first preset condition. If yes, the attribute information of the second digital key is saved, and the second digital key is decrypted to obtain second key information of the second digital key; checking second key information of the second digital key and judging whether the second key information is identical with the first key information; if yes, receiving control of a second digital key; by utilizing the technical scheme provided by the embodiment of the specification, the digital key is acquired through the first terminal, so that the second terminal can receive the digital key in a non-network state, the verification time delay of the digital key is reduced, the available scene of the digital key is effectively expanded, and the user experience is optimized.
It should be noted that: the sequence of the embodiments of the present invention is only for description, and does not represent the advantages and disadvantages of the embodiments. And the foregoing description has been directed to specific embodiments of this specification. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for the device and terminal embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments for relevant points.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program for instructing relevant hardware, where the program may be stored in a computer readable storage medium, and the storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The above disclosure is only a preferred embodiment of the present invention, and it is needless to say that the scope of the invention is not limited thereto, and therefore, the equivalent changes according to the claims of the present invention still fall within the scope of the present invention.
Claims (10)
1. A verification method of a digital key is characterized in that: the method comprises the following steps:
the control server sends a first digital key to a second terminal based on the first terminal; the second terminal is a vehicle terminal;
the second terminal decrypts the first digital key and extracts first key information, wherein the first key information comprises control information of the second terminal;
the control server sends a second digital key to the second terminal based on the first terminal;
the second terminal judges whether the second digital key meets a non-first use condition or not;
if the digital key signature is not satisfied, the second terminal acquires the second digital key signature, the second digital key abstract and attribute information of the second digital key based on the first terminal;
the second terminal reads a first digital key certificate to obtain a digest and a signature corresponding to the first digital key certificate; judging whether the second digital key signature and the second digital key digest are the same as the digest and the signature corresponding to the first digital key certificate;
If yes, the second terminal stores the attribute information of the second digital key and decrypts the second digital key to obtain second key information of the second digital key;
the second terminal checks second key information of the second digital key and judges whether the second key information is identical with the first key information;
if yes, the second terminal receives control of the second digital key.
2. The method for verifying a digital key according to claim 1, wherein: the method further comprises the steps of:
if yes, the second terminal decrypts the second digital key to obtain second key information;
the second terminal checks the second key information and judges whether the second key information is identical to the first key information;
if yes, the second terminal receives control of the second digital key.
3. A verification method of a digital key is characterized in that: the method comprises the following steps:
acquiring a first digital key based on a first terminal;
decrypting the first digital key and extracting first key information of the first digital key, wherein the first key information comprises control information of a second terminal; the second terminal is a vehicle terminal;
Acquiring a second digital key based on the first terminal;
judging whether the second digital key meets a non-first use condition or not;
if the digital key signature is not satisfied, acquiring the second digital key signature, the second digital key abstract and attribute information of the second digital key based on the first terminal;
reading a first digital key certificate to obtain a digest and a signature corresponding to the first digital key certificate; judging whether the second digital key signature and the second digital key digest are the same as the digest and the signature corresponding to the first digital key certificate;
if yes, the attribute information of the second digital key is stored, and the second digital key is decrypted to obtain second key information of the second digital key;
checking second key information of the second digital key and judging whether the second key information is identical with the first key information;
if so, the control of the second digital key is accepted.
4. A method of verifying a digital key as defined in claim 3, wherein: after the judging whether the second digital key meets the non-first use condition, the method further comprises the following steps:
if yes, decrypting the second digital key to obtain second key information;
Checking the second key information and judging whether the second key information is identical with the first key information;
if so, the control of the second digital key is accepted.
5. A method of verifying a digital key as defined in claim 3, wherein: before decrypting the first digital key, the method further comprises:
acquiring a first digital key signature and a first digital key abstract;
judging whether the first digital key signature and the first digital key abstract meet a third preset condition or not;
if yes, the first digital key is decrypted.
6. A method of verifying a digital key as defined in claim 3, wherein: the judging whether the second digital key meets the non-first use condition comprises the following steps:
acquiring a second digital key sequence number, and acquiring second data attribute information corresponding to the second digital key sequence number according to the second digital key sequence number;
judging whether the second data attribute information meets a second preset condition or not;
if yes, judging that the second digital key meets the non-first use condition.
7. The method for verifying a digital key according to claim 6, wherein: the judging whether the second data attribute information meets a second preset condition comprises the following steps:
Reading pre-stored digital key attribute information;
judging whether the attribute information of the second digital key is the same as the pre-stored attribute information of the digital key;
if yes, judging that the second data attribute information meets a second preset condition.
8. The utility model provides a verifying attachment of digital key which characterized in that: the device comprises:
the first digital key acquisition module is used for acquiring a first digital key based on the first terminal;
the first digital key decryption module is used for decrypting the first digital key and extracting first key information of the first digital key, wherein the first key information comprises control information of a second terminal; the second terminal is a vehicle terminal;
the second digital key acquisition module is used for acquiring a second digital key based on the first terminal;
the first judging module is used for judging whether the second digital key meets the non-first use condition or not;
the second digital key decryption module is used for acquiring a second digital key signature, a second digital key abstract and attribute information of a second digital key based on the first terminal if the second digital key signature and the attribute information of the second digital key are not met; reading a first digital key certificate to obtain a digest and a signature corresponding to the first digital key certificate; judging whether the second digital key signature and the second digital key digest are the same as the digest and the signature corresponding to the first digital key certificate; if yes, the attribute information of the second digital key is stored, and the second digital key is decrypted to obtain second key information of the second digital key;
The verification judging module is used for verifying second key information of the second digital key and judging whether the second key information is identical to the first key information or not;
and the execution module is used for receiving the control of the second digital key.
9. A verification system for a digital key, characterized by: the system comprises a control server, a first terminal and a second terminal, wherein the second terminal is a vehicle end;
the control server is used for sending the first digital key and the second digital key to the first terminal;
the first terminal is used for sending a first digital key and a second digital key to the second terminal;
the second terminal is used for decrypting the first digital key and extracting first key information of the first digital key, wherein the first key information comprises control information of the second terminal; the method comprises the steps of judging whether the second digital key meets a non-first use condition or not; if the digital key signature is not satisfied, acquiring the second digital key signature, the second digital key abstract and attribute information of the second digital key based on the first terminal; reading a first digital key certificate to obtain a digest and a signature corresponding to the first digital key certificate; judging whether the second digital key signature and the second digital key digest are the same as the digest and the signature corresponding to the first digital key certificate; if yes, the attribute information of the second digital key is stored, and the second digital key is decrypted to obtain second key information of the second digital key; and second key information for checking the second digital key, and judging whether the second key information is the same as the first key information; and the control unit is used for receiving the control of the second digital key if yes.
10. The utility model provides a check-up terminal of digital key which characterized in that: the terminal comprises a processor and a memory;
the processor is suitable for realizing one or more instructions;
the memory storing one or more instructions adapted to be loaded and executed by the processor to implement the method of verifying a digital key as claimed in any one of claims 3 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910419145.8A CN111970115B (en) | 2019-05-20 | 2019-05-20 | Digital key verification method, device, system and terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910419145.8A CN111970115B (en) | 2019-05-20 | 2019-05-20 | Digital key verification method, device, system and terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111970115A CN111970115A (en) | 2020-11-20 |
| CN111970115B true CN111970115B (en) | 2024-02-02 |
Family
ID=73358154
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910419145.8A Active CN111970115B (en) | 2019-05-20 | 2019-05-20 | Digital key verification method, device, system and terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111970115B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2003343133A (en) * | 2002-03-20 | 2003-12-03 | Matsushita Electric Ind Co Ltd | System and device for digital key |
| JP2012172325A (en) * | 2011-02-18 | 2012-09-10 | Kddi Corp | Smart key system of vehicle, vehicle operation method by smart key, and program |
| CN106301781A (en) * | 2016-07-27 | 2017-01-04 | 山东尼格电子技术有限公司 | A kind of Digital Automobile cloud key share system |
| CN106408702A (en) * | 2016-08-31 | 2017-02-15 | 长城汽车股份有限公司 | Authorization method of virtual keys, server and authorization system |
| CN106553617A (en) * | 2015-09-25 | 2017-04-05 | 上海汽车集团股份有限公司 | Control method for vehicle, sharing method and device |
| CN107689098A (en) * | 2017-09-05 | 2018-02-13 | 上海博泰悦臻电子设备制造有限公司 | The implementation method and system of bluetooth car key |
| CN109515384A (en) * | 2018-11-15 | 2019-03-26 | 浙江吉利汽车研究院有限公司 | Vehicle shared system and method based on digital key |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112440935A (en) * | 2019-09-04 | 2021-03-05 | 宁波吉利汽车研究开发有限公司 | Vehicle Bluetooth key authorization method, device, system and storage medium |
| CN115396893A (en) * | 2022-08-26 | 2022-11-25 | 江苏先安科技有限公司 | Digital key issuing and verifying method and system |
-
2019
- 2019-05-20 CN CN201910419145.8A patent/CN111970115B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2003343133A (en) * | 2002-03-20 | 2003-12-03 | Matsushita Electric Ind Co Ltd | System and device for digital key |
| JP2012172325A (en) * | 2011-02-18 | 2012-09-10 | Kddi Corp | Smart key system of vehicle, vehicle operation method by smart key, and program |
| CN106553617A (en) * | 2015-09-25 | 2017-04-05 | 上海汽车集团股份有限公司 | Control method for vehicle, sharing method and device |
| CN106301781A (en) * | 2016-07-27 | 2017-01-04 | 山东尼格电子技术有限公司 | A kind of Digital Automobile cloud key share system |
| CN106408702A (en) * | 2016-08-31 | 2017-02-15 | 长城汽车股份有限公司 | Authorization method of virtual keys, server and authorization system |
| CN107689098A (en) * | 2017-09-05 | 2018-02-13 | 上海博泰悦臻电子设备制造有限公司 | The implementation method and system of bluetooth car key |
| CN109515384A (en) * | 2018-11-15 | 2019-03-26 | 浙江吉利汽车研究院有限公司 | Vehicle shared system and method based on digital key |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111970115A (en) | 2020-11-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3723399A1 (en) | Identity verification method and apparatus | |
| CN112771826B (en) | Application program login method, application program login device and mobile terminal | |
| US10708062B2 (en) | In-vehicle information communication system and authentication method | |
| EP3648396B1 (en) | Maintenance system and maintenance method | |
| CN105376216B (en) | A kind of remote access method, proxy server and client | |
| US9515829B2 (en) | Information distribution method, information distribution system and in-vehicle terminal | |
| CN111181928B (en) | Vehicle diagnosis method, server, and computer-readable storage medium | |
| CN108762791B (en) | Firmware upgrading method and device | |
| CN110138744B (en) | Method, device and system for replacing communication number, computer equipment and storage medium | |
| CN110719173B (en) | Information processing method and device | |
| CN109448195B (en) | Authentication method and device for vehicle virtual key | |
| CN109895734B (en) | Authorized Bluetooth key activation method and system, storage medium and T-BOX | |
| CN112559993B (en) | Identity authentication method, device and system and electronic equipment | |
| CN107733652B (en) | Unlocking method and system for shared vehicle and vehicle lock | |
| CN111565182B (en) | Vehicle diagnosis method and device and storage medium | |
| CN106131021B (en) | Request authentication method and system | |
| CN111586671B (en) | Embedded user identification card configuration method and device, communication equipment and storage medium | |
| CN113329041B (en) | Method, apparatus, electronic device and storage medium for controlling a secure element | |
| CN110690956A (en) | Bidirectional authentication method and system, server and terminal | |
| CN105577619B (en) | Client login method, client and system | |
| CN115527292B (en) | Mobile phone terminal remote vehicle unlocking method of security chip and security chip device | |
| CN111444496A (en) | Application control method, device, equipment and storage medium | |
| CN109743283B (en) | Information transmission method and equipment | |
| CN107818255B (en) | Method for enhancing system security based on fingerprint identification encryption | |
| CN111970115B (en) | Digital key verification method, device, system and terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |