CN113099457A - Method and system for binding vehicle and mobile terminal - Google Patents
Method and system for binding vehicle and mobile terminal Download PDFInfo
- Publication number
- CN113099457A CN113099457A CN202110434966.6A CN202110434966A CN113099457A CN 113099457 A CN113099457 A CN 113099457A CN 202110434966 A CN202110434966 A CN 202110434966A CN 113099457 A CN113099457 A CN 113099457A
- Authority
- CN
- China
- Prior art keywords
- vehicle
- mobile terminal
- authentication password
- authentication
- session key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 130
- 238000004891 communication Methods 0.000 claims abstract description 66
- 238000012795 verification Methods 0.000 claims description 13
- 238000004364 calculation method Methods 0.000 claims description 6
- 238000010586 diagram Methods 0.000 description 12
- 230000005540 biological transmission Effects 0.000 description 6
- 238000004519 manufacturing process Methods 0.000 description 4
- 230000002457 bidirectional effect Effects 0.000 description 3
- 238000003860 storage Methods 0.000 description 2
- 238000005242 forging Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
Abstract
The invention provides a method and a system for binding a vehicle and a mobile terminal, wherein the method comprises the following steps: providing a vehicle, wherein the vehicle is in near field communication with a mobile terminal; the vehicle sets a session key based on a predetermined cryptographic algorithm; the vehicle determines a first authentication password, encrypts the first authentication password by using the session key and then sends the first authentication password to the mobile terminal; or the vehicle receives an encrypted first authentication password sent by the mobile terminal, and decrypts the encrypted first authentication password by using the session key to obtain a first authentication password; and the vehicle performs mutual trust authentication with the mobile terminal based on the first authentication password, and executes binding operation after the authentication is passed. The method and the system for binding the vehicle and the mobile terminal have the advantages of wide application range and high safety.
Description
Technical Field
The invention relates to the technical field of automobiles, in particular to a method and a system for binding a vehicle and a mobile terminal.
Background
In the technical field of automobiles, a mobile terminal and a vehicle are generally bound, and the vehicle is controlled through the mobile terminal, so that the vehicle is controlled more conveniently, and the user experience is improved.
In the related art, a method for binding a vehicle and a mobile terminal comprises the following steps: and respectively sending authentication passwords to the mobile terminal and the vehicle to be bound by the cloud platform, authenticating by the mobile terminal and the vehicle to be bound based on the authentication passwords, and binding the mobile terminal and the vehicle to be bound after the authentication is passed.
However, in the related art, the binding method has limitations and a small application range if the binding method needs to have a network signal. Meanwhile, in the prior art, an attacker is very easy to intercept the authentication password and forge a legal mobile terminal to try to bind with a vehicle, so that the security of the binding method is poor.
Disclosure of Invention
The invention aims to provide a method and a system for binding a vehicle and a mobile terminal, and aims to solve the problems that in the prior art, the safety of the method and the system for binding the vehicle and the mobile terminal is low, and the application range is small.
In order to solve the above technical problem, in a first aspect, the present invention provides a method for binding a vehicle and a mobile terminal, where the method includes:
providing a vehicle, wherein the vehicle is in near field communication with a mobile terminal;
the vehicle sets a session key based on a predetermined cryptographic algorithm;
the vehicle determines a first authentication password, encrypts the first authentication password by using the session key and then sends the first authentication password to the mobile terminal; or the vehicle receives an encrypted first authentication password sent by the mobile terminal, and decrypts the encrypted first authentication password by using the session key to obtain a first authentication password, wherein the encrypted first authentication password is obtained by encrypting the first authentication password by using the session key by the mobile terminal;
and the vehicle performs mutual trust authentication with the mobile terminal based on the first authentication password, and executes binding operation after the authentication is passed.
Optionally, the session key is pre-agreed between the vehicle and the mobile terminal.
Optionally, the predetermined cryptographic algorithm comprises a symmetric cryptographic algorithm.
Optionally, the method for setting the session key by the vehicle includes:
the vehicle generates a first random number and acquires a first secret key, so that the vehicle encrypts the first random number by using the first secret key to obtain the session key.
Optionally, the method further includes setting, by the mobile terminal, a session key based on a predetermined cryptographic algorithm;
the method for setting the session key by the mobile terminal comprises the following steps:
and the mobile terminal acquires the first random number and the first key, and performs encryption calculation on the first random number by using the first key to obtain the session key.
Optionally, the method for determining the first authentication password by the vehicle includes: and the vehicle generates a third random number, and the third random number is used as a first authentication password.
Optionally, after the vehicle encrypts the first authentication password with the session key and sends the first authentication password to the mobile terminal, the method further includes: and the mobile terminal receives the encrypted first authentication password sent by the vehicle, acquires the session key, and decrypts the received encrypted first authentication password by using the session key to acquire the first authentication password.
Optionally, the method for the vehicle to perform mutual trust authentication with the mobile terminal based on the first authentication password includes:
the vehicle generates a fourth random number and sends the fourth random number to the mobile terminal, so that the mobile terminal encrypts the fourth random number by using the first authentication password to generate a response code;
the vehicle receives the response code, encrypts the fourth random number by using the first authentication password, takes the encrypted fourth random number as a comparison code, compares whether the comparison code is consistent with the response code, and determines that the vehicle passes the authentication with the mobile terminal when the comparison code is consistent with the response code.
Optionally, the predetermined encryption algorithm comprises an asymmetric encryption algorithm.
Optionally, the method for setting the session key by the vehicle includes:
the vehicle generates a fifth random number and generates a session key based on the fifth random number using a predetermined protocol.
Optionally, the method further includes: the mobile terminal sets a session key based on a predetermined cryptographic algorithm;
the method for setting the session key by the mobile terminal comprises the following steps:
and the mobile terminal acquires the fifth random number and generates a session key based on the fifth random number by using a preset protocol.
Optionally, the method further includes: the vehicle is provided with a pair of public key and private key;
the mobile terminal is provided with a pair of public key and private key.
Optionally, before the vehicle receives the encrypted first authentication password sent by the mobile terminal, the method further includes the steps that the mobile terminal determines the first authentication password and encrypts the first authentication password by using the session key and then sends the first authentication password to the vehicle;
the method for determining the first authentication password and encrypting the first authentication password by using the session key and then sending the first authentication password to the vehicle by the mobile terminal comprises the following steps:
the mobile terminal determines a public key of the mobile terminal as a first authentication password, signs the public key of the mobile terminal by using a private key of the mobile terminal to obtain first signature data, encrypts the first signature data and the public key of the mobile terminal by using the session key to obtain an encrypted first authentication password, and sends the encrypted first authentication password to the vehicle.
Optionally, the method for decrypting, by the vehicle, the encrypted first authentication password by using the session key to obtain the first authentication password includes:
decrypting the encrypted first authentication password sent by the mobile terminal by using the session key to obtain first signature data and a public key of the mobile terminal;
and verifying the first signature data by using the public key of the mobile terminal, and storing the public key of the mobile terminal as a first authentication password when the first signature data passes verification.
Optionally, after the vehicle performs the decryption operation, the method further includes:
the vehicle determines a second authentication password, encrypts the second authentication password by using the session key and then sends the second authentication password to the mobile terminal;
the method for determining the second authentication password by the vehicle, encrypting the second authentication password by using the session key and then sending the second authentication password to the mobile terminal comprises the following steps:
the vehicle determines the public key of the vehicle as a second authentication password, signs the public key of the vehicle by using the private key of the vehicle to obtain second signature data, encrypts the second signature data and the public key of the vehicle by using the session key to obtain an encrypted second authentication password, and sends the encrypted second authentication password to the mobile terminal.
Optionally, the method further includes: the mobile terminal receives the encrypted second authentication password sent by the vehicle and decrypts the encrypted second authentication password by using the session key to obtain second signature data and a public key of the vehicle;
and the mobile terminal verifies the second signature data by using the public key of the vehicle, and stores the public key of the vehicle as a second authentication password when the verification is passed.
Optionally, the vehicle performs mutual trust authentication with the mobile terminal based on the first authentication password and the second authentication password;
and the method for mutual trust authentication between the mobile terminal and the vehicle based on the first authentication password and the second authentication password comprises the following steps:
the vehicle generates a seventh random number, encrypts the seventh random number by using the first authentication password, signs the seventh random number by using a private key of the vehicle to obtain a first data packet, and sends the first data packet to the mobile terminal;
the vehicle acquires a second data packet sent by the mobile terminal, wherein the second data packet is obtained after the mobile terminal acquires the first data packet and the signature of the first data packet is verified by using the second authentication password, the first data packet is decrypted by using a private key of the mobile terminal to obtain third data, the third data is encrypted by using the second authentication password, and the third data is signed by using the private key of the mobile terminal;
and the vehicle verifies the signature of the second data packet by using the first authentication password, decrypts the second data packet by using a private key of the vehicle after the signature of the second data packet passes the verification to obtain fourth data, compares whether the fourth data is consistent with the seventh random number or not, and determines that the vehicle passes the authentication with the mobile terminal when the fourth data is consistent with the seventh random number.
In a second aspect, the present invention also provides a vehicle comprising:
a first determination module for setting a session key based on a predetermined cryptographic algorithm and determining a first authentication password;
the first communication module is used for encrypting the first authentication password by using a session key and sending the first authentication password to the mobile terminal;
the first communication module is also used for carrying out mutual trust authentication with the mobile terminal based on the first authentication password;
or the vehicle comprises a fourth communication module, a second communication module and a third communication module, wherein the fourth communication module is used for setting a session key based on a preset cryptographic algorithm, receiving an encrypted first authentication password sent by a mobile terminal, and performing decryption operation on the encrypted first authentication password by using the session key to obtain the first authentication password; and the fourth communication module is also used for carrying out mutual communication authentication with the mobile terminal based on the first authentication password.
In a third aspect, the present invention provides a mobile terminal, including:
the second communication module is used for setting a session key based on a preset cryptographic algorithm and receiving an encrypted first authentication password sent by a vehicle, and decrypting the encrypted first authentication password by using the session key to obtain the first authentication password; and the second communication module is also used for carrying out mutual communication authentication with the vehicle based on the first authentication password.
Or, the mobile terminal includes:
a second determination module for setting a session key based on a predetermined cryptographic algorithm and determining a first authentication password;
the third communication module is used for encrypting the first authentication password by using a session key and sending the first authentication password to the vehicle; and the third communication module is also used for carrying out mutual communication authentication with the vehicle based on the first authentication password.
Optionally, the second communication module or the third communication module is further configured to: and after the mutual trust authentication of the vehicle and the mobile terminal is passed, sending a control instruction to the vehicle.
In a fourth aspect, the present invention provides a system for binding a vehicle and a mobile terminal, the system comprising: the mobile terminal and the vehicle are in near field communication with each other, wherein the vehicle and the mobile terminal are bound by adopting the binding method of the vehicle and the mobile terminal according to the first aspect.
In summary, in the method and system for binding a vehicle and a mobile terminal provided by the present invention, the mobile terminal and the vehicle perform near field communication with each other. In the method for binding the vehicle and the mobile terminal, a first authentication password is determined by one end of the vehicle and the mobile terminal, the first authentication password is encrypted by a preset session key and then is sent to the other end of the vehicle and the mobile terminal, which is not determined by the first authentication password, so that the other end receives the encrypted first authentication password and executes a first decryption operation to obtain the first authentication password. And then, the mobile terminal and the vehicle can perform mutual trust authentication based on the first authentication password, and when the authentication is passed, the vehicle and the mobile terminal are bound so as to control the vehicle through the mobile terminal.
That is, in the present invention, the first authentication password encrypted by the session key is transmitted between the mobile terminal and the vehicle, so that other terminals can be prevented from intercepting the first authentication password, and the transmission security of the first authentication password is ensured, thereby ensuring the security of the binding method between the vehicle and the mobile terminal. Meanwhile, because the vehicle and the mobile terminal are in near field communication, the vehicle and the mobile terminal can interact with each other in the same way even under the condition of no network signal, and the application range is wide.
Drawings
Fig. 1 is a flowchart of a method for binding a vehicle and a mobile terminal according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for binding a vehicle and a mobile terminal according to an embodiment of the present invention;
fig. 3 is a flowchart of a method for binding a vehicle and a mobile terminal according to a second embodiment of the present invention;
fig. 4 is a flowchart of a method for binding a vehicle and a mobile terminal according to a third embodiment of the present invention;
fig. 5 is a flowchart of a method for binding a vehicle and a mobile terminal according to a fourth embodiment of the present invention;
fig. 6 is a flowchart of a method for binding a vehicle and a mobile terminal according to a fifth embodiment of the present invention;
FIG. 7 is a schematic structural diagram of a vehicle according to an embodiment of the present invention;
FIG. 8 is a schematic structural diagram of another vehicle provided in accordance with an embodiment of the present invention;
FIG. 9 is a schematic structural diagram of another vehicle according to an embodiment of the present invention;
fig. 10 is a schematic structural diagram of a mobile terminal according to an embodiment of the present invention;
fig. 11 is a schematic structural diagram of another mobile terminal according to an embodiment of the present invention;
fig. 12 is a schematic structural diagram of a binding system between a vehicle and a mobile terminal according to an embodiment of the present invention.
Detailed Description
The following describes the method and system for binding a vehicle and a mobile terminal according to the present invention in further detail with reference to the accompanying drawings and specific embodiments. The advantages and features of the present invention will become more apparent from the following description. It is to be noted that the drawings are in a very simplified form and are not to precise scale, which is merely for the purpose of facilitating and distinctly claiming the embodiments of the present invention.
Fig. 1 is a flowchart of a method for binding a vehicle and a mobile terminal according to an embodiment of the present invention, as shown in fig. 1, the method includes:
In this embodiment, the session key is specifically generated by a predetermined agreement between the vehicle and the mobile terminal, and the session key of the vehicle is the same as the session key of the mobile terminal.
103, the vehicle determines a first authentication password, encrypts the first authentication password by using the session key and then sends the first authentication password to the mobile terminal, so that the mobile terminal obtains the first authentication password; or the vehicle receives the encrypted first authentication password sent by the mobile terminal and decrypts the encrypted first authentication password by using the session key to acquire the first authentication password.
The encrypted first authentication password sent by the mobile terminal to the vehicle may be obtained by encrypting the first authentication password by the mobile terminal using a session key, and the session key is preset by the mobile terminal based on a predetermined cryptographic algorithm.
And 104, the vehicle performs mutual communication authentication with the mobile terminal based on the first authentication password, and executes binding operation after the authentication is passed.
In summary, in the method for binding a vehicle and a mobile terminal provided by the present invention, the mobile terminal and the vehicle perform near field communication. In the method for binding a vehicle and a mobile terminal according to the present invention, a first authentication password may be determined by any one of the vehicle and the mobile terminal, the first authentication password may be encrypted by a preset session key, and the encrypted first authentication password may be transmitted to the other end of the vehicle and the mobile terminal, at which the first authentication password is not determined, so that the other end receives the encrypted first authentication password and performs a decryption operation to obtain the first authentication password. And then, the mobile terminal and the vehicle can perform mutual trust authentication based on the first authentication password, and when the authentication is passed, the vehicle and the mobile terminal are bound so as to control the vehicle through the mobile terminal.
That is, in the present invention, the first authentication password encrypted by the session key is transmitted between the mobile terminal and the vehicle, so that other terminals can be prevented from intercepting the first authentication password, and the transmission security of the first authentication password is ensured, thereby ensuring the security of the binding method between the vehicle and the mobile terminal. Meanwhile, the vehicle and the mobile terminal are in near field communication, so that the vehicle and the mobile terminal can interact with each other even under the condition of no network signal, and the application range is wide.
The above-mentioned binding method between the vehicle and the mobile terminal is further described in detail below.
In this embodiment, when the step 102 is executed, the adopted predetermined cryptographic algorithm may include multiple kinds, for example, any one of a symmetric cryptographic algorithm and an asymmetric cryptographic algorithm may be used. It should be noted that, when the adopted predetermined cryptographic algorithms are different, the specific execution methods of the subsequent steps 102 to 104 are also different. In this embodiment, the method for binding the vehicle and the mobile terminal is specifically described in detail by taking the predetermined cryptographic algorithm as a symmetric cryptographic algorithm and an asymmetric cryptographic algorithm, respectively, as an example.
Example one
The predetermined cryptographic algorithm is a symmetric cryptographic algorithm. In the first embodiment, the vehicle determines a first authentication password, encrypts the first authentication password based on the session key, and transmits the encrypted first authentication password to the mobile terminal. Specifically, fig. 2 is a flowchart of a method for binding a vehicle and a mobile terminal according to an embodiment of the present invention, and as shown in fig. 2, the method for binding a vehicle and a mobile terminal includes:
In step 202, the vehicle sets a session key based on a predetermined cryptographic algorithm.
And the vehicle sets the session key and the mobile terminal also sets the session key at the same time. Specifically, the method for setting the session key by the vehicle and the mobile terminal may include, but is not limited to, the following two methods:
the first method comprises the following steps:
at step 2021, the vehicle generates a first random number, which may be, for example, a string of numbers or characters.
The first random number may be specifically generated by triggering of the vehicle based on a preset operation, where the preset operation may be a click operation, for example, the preset operation may be a click of preset software or a click of a preset button, and the preset software may be an application program downloaded in the vehicle in advance. Specifically, the operator may enter the vehicle first, and click a preset button or click preset software on a display screen of the vehicle, so that the vehicle generates a first random number.
And after the vehicle generates the first random number, the first random number is displayed on a display screen of the vehicle, wherein the first random number can be directly displayed on the display screen of the vehicle, or a two-dimensional code or a bar code is generated after the first random number is encoded, and the two-dimensional code or the bar code is displayed on the display screen of the vehicle.
Step 2022, the mobile terminal obtains the first random number.
In this embodiment one, the manner for the mobile terminal to obtain the first random number may be: and inputting the first random number into the mobile terminal by an operator, or scanning and identifying the first random number or the two-dimensional code or the bar code displayed by the vehicle by using the mobile terminal to obtain the first random number.
Step 2023, the vehicle and the mobile terminal respectively obtain a first key.
Specifically, in this embodiment, the operator may determine a first key, and input the first key into the vehicle and the mobile terminal respectively; a first key may also be preset through a production line of the vehicle (that is, when the vehicle is produced, a first key is preset and stored in a storage module of the vehicle), and when a session key is to be set, the first key is sent to the mobile terminal through a cloud, so that the vehicle and the mobile terminal respectively obtain the first key; or, respectively setting encryption and decryption key pairs at a vehicle and a mobile terminal, after a first key is preset on a production line of the vehicle, when a session key is to be set, the vehicle encrypts the first key through the encryption key and sends the encrypted first key to the mobile terminal, and the mobile terminal decrypts the encrypted first key by using the decryption key to obtain the first key, so that the vehicle and the mobile terminal respectively obtain the first key.
Step 2024, the vehicle and the mobile terminal perform encryption calculation on the first random number by using the first key respectively to obtain the session key.
In the first embodiment, the vehicle and the mobile terminal may perform encryption calculation on the first random number by using the first key based on, for example, an AES encryption algorithm to obtain a session key.
And the second method comprises the following steps:
step 2025, the mobile terminal generates a second random number, or provides a serial number of the mobile terminal.
The second random number may be specifically generated by the mobile terminal being triggered based on a preset operation, where the preset operation may be a click operation, for example, the preset operation may be a click of preset software or a click of a preset button, and the preset software may be an application program downloaded in the mobile terminal in advance. And after the mobile terminal generates the second random number, the second random number is displayed on a display screen of the mobile terminal, specifically, the second random number may be directly displayed on the display screen of the mobile terminal, or a two-dimensional code or a barcode generated after the second random number is encoded may be displayed on the display screen of the mobile terminal.
In addition, it should be noted that the mobile terminal may not have a UI interface, for example, the mobile terminal is an NFC card, and at this time, an operator may obtain a serial number of the mobile terminal, where the serial number is generally printed on a surface of the mobile terminal.
Step 2026, the vehicle obtains the second random number or the serial number.
Specifically, the second random number or the serial number may be input into the vehicle by an operator, or the first random number or the two-dimensional code or the barcode displayed by the mobile terminal, or the serial number printed on the surface of the mobile terminal may be placed in front of a camera of the vehicle, so that the vehicle scans and identifies the first random number or the two-dimensional code or the barcode displayed by the mobile terminal, or the serial number printed on the surface of the mobile terminal to obtain the first random number or the serial number.
Step 2027, the vehicle and the mobile terminal respectively obtain a second key.
In this embodiment, the operator may determine a second key, and input the second key into the vehicle and the mobile terminal respectively; a second key may also be preset through a production line of the vehicle (that is, when the vehicle is produced, a second key is preset and stored in a storage module of the vehicle), and when a session key is to be set, the second key is sent to the mobile terminal through a cloud, so that the vehicle and the mobile terminal respectively obtain the second key; or, respectively setting encryption and decryption key pairs at the vehicle and the mobile terminal, after presetting a second key on a production line of the vehicle, when a session key is to be set, the vehicle encrypts the second key through the encryption key and sends the second key to the mobile terminal, and the mobile terminal decrypts by using the decryption key to obtain the second key, so that the vehicle and the mobile terminal respectively obtain the second key.
Step 2028, the vehicle and the mobile terminal perform encryption calculation on the second random number or the serial number by using the second key to obtain the session key, respectively.
In the first embodiment, the vehicle and the mobile terminal may perform encryption calculation on the second random number by using the second key based on, for example, an AES encryption algorithm to obtain a session key.
And in step 202 of the first embodiment, the session keys generated by the mobile terminal and the vehicle are the same.
Then, step 203 may be executed, in which the vehicle determines a first authentication password, encrypts the first authentication password based on the session key, and sends the first authentication password to the mobile terminal.
Specifically, the vehicle may generate a third random number, use the third random number as a first authentication password, acquire the session key, encrypt the first authentication password by using the session key to obtain an encrypted first authentication password, and send the encrypted first authentication password to the mobile terminal.
Next, step 204 may be executed, in which the mobile terminal receives the encrypted first authentication password sent by the vehicle, acquires the session key, and decrypts the received encrypted first authentication password by using the session key to acquire the first authentication password.
Finally, step 205 may be executed, where the vehicle performs mutual communication authentication with the mobile terminal based on the first authentication password, and performs a binding operation after the authentication is passed.
Specifically, the mutual trust authentication method may include: the vehicle generates a fourth random number and sends the fourth random number to the mobile terminal; the mobile terminal encrypts the fourth random number by using the first authentication password and then sends the fourth random number as a response code to the vehicle; the vehicle receives the response code, encrypts the fourth random number by using the first authentication password, takes the encrypted fourth random number as a comparison code, compares whether the comparison code is consistent with the response code, and determines that the vehicle passes the authentication with the mobile terminal when the comparison code is consistent with the response code.
Example two
The predetermined cryptographic algorithm is a symmetric cryptographic algorithm. And the second embodiment is different from the first embodiment in that, in the second embodiment, the vehicle does not determine the first authentication password, but the mobile terminal determines the first authentication password, the vehicle receives the encrypted first authentication password sent by the mobile terminal, and the vehicle performs a decryption operation on the encrypted first authentication password based on the session key to acquire the first authentication password. Specifically, fig. 3 is a flowchart of a method for binding a vehicle and a mobile terminal according to a second embodiment of the present invention, and as shown in fig. 3, the method for binding a vehicle and a mobile terminal includes:
In this embodiment, when the vehicle sets the session key, the mobile terminal may also set the session key synchronously, and the method for the vehicle and the mobile terminal to set the session key is the same as the method for the vehicle and the mobile terminal to set the session key in step 202 of the above embodiment one, and for detailed description, reference is made to steps 2021 to 2028 in step 202 of the above embodiment one, which is not repeated herein. In addition, in the second embodiment, the session key of the vehicle is the same as the session key of the mobile terminal.
Wherein the method for the vehicle to perform the decryption operation comprises: the vehicle acquires the session key and decrypts the encrypted first authentication password by using the session key to obtain a first authentication password.
And 305, the vehicle performs mutual trust authentication with the mobile terminal based on the first authentication password, and executes binding operation after the authentication is passed.
The mutual trust authentication method is the same as the mutual trust authentication method in step 205 of the first embodiment, and details of the second embodiment are not described herein.
In summary, in the vehicle binding methods provided in the first and second embodiments of the present invention, the cloud platform does not need to send the authentication passwords to the vehicle and the mobile terminal, but one end of the vehicle and the mobile terminal determines the first authentication password, and then sends the first authentication password to the other end of the vehicle and the mobile terminal, so that the subsequent vehicle and the mobile terminal perform mutual trust authentication. In addition, the mobile terminal and the vehicle are in near field communication with each other, so that the mobile terminal and the vehicle can still transmit the first authentication password and communicate with each other even in an environment without network signals, and the method for binding the vehicle and the mobile terminal is wide in applicability. In addition, the vehicle and the mobile terminal are encrypted for transmission when transmitting the first authentication password, so that the transmission safety of the first authentication password is greatly improved, and the safety of the vehicle binding method is improved.
EXAMPLE III
The predetermined encryption algorithm comprises an asymmetric encryption algorithm. In the third embodiment, the first authentication password is determined not by the vehicle, but by the mobile terminal, the vehicle receives the encrypted first authentication password sent by the mobile terminal, and performs the first decryption operation on the encrypted first authentication password based on the session key to obtain the first authentication password. Fig. 4 is a flowchart of a method for binding a vehicle and a mobile terminal according to a third embodiment of the present invention, and as shown in fig. 4, the method includes:
At step 402, the vehicle sets a session key based on a predetermined cryptographic algorithm.
Specifically, the method for setting the session key by the mobile terminal and the vehicle may include, but is not limited to, the following two methods:
the method comprises the following steps:
step 4021, the vehicle generates a fifth random number, and generates a session key based on the fifth random number by using a preset protocol, where the fifth random number may be a string of numbers or characters.
The generation manner of the fifth random number may refer to the generation manner of the first random number in step 2021 in embodiment one, and details of this embodiment three are not described herein. And the preset protocol may be, for example, a space 2+ protocol or an ECDHE protocol.
In addition, in the third embodiment, after the vehicle generates the fifth random number, the fifth random number is also displayed on the display screen of the vehicle, wherein the fifth random number may be directly displayed on the display screen of the vehicle, or the fifth random number may be displayed in a form of a two-dimensional code or a barcode.
Step 4022, the mobile terminal obtains the fifth random number, and generates a session key based on the fifth random number by using a preset protocol.
The manner in which the mobile terminal obtains the fifth random number may refer to the manner in which the mobile terminal obtains the first random number in step 2022 in embodiment one, and details of this embodiment three are not described herein.
In this step 4022, the preset protocol may be, for example, a space 2+ protocol or an ECDHE protocol, and it should be noted that the preset protocols adopted by the vehicle and the mobile terminal should be the same, so that the vehicle and the mobile terminal generate the same session key.
The second method comprises the following steps:
step 4023, the mobile terminal generates a sixth random number, or provides a serial number of the mobile terminal, and generates a session key based on the sixth random number or the serial number by using a preset protocol.
The generation manner of the sixth random number is the same as the generation manner of the second random number in step 2025 of this embodiment, and details of this embodiment are not repeated here. Please refer to step 2025 in the first embodiment for providing detailed descriptions of the mobile terminal serial number, which is not described herein again in the third embodiment.
Step 4024, the vehicle acquires the sixth random number or the serial number, and generates a session key based on the sixth random number or the serial number by using a preset protocol.
The manner in which the vehicle acquires the sixth random number or the serial number is similar to the manner in which the vehicle acquires the second random number or the serial number in step 2026 of this embodiment, which is not described herein again.
The preset protocol in steps 4023 and 4024 may be, for example, the space 2+ protocol or the ECDHE protocol. And the preset protocols adopted by the vehicle and the mobile terminal are the same, so that the vehicle and the mobile terminal generate the same session key.
Then, as can be seen from the above, in step 402, the vehicle sets a session key of the vehicle based on the preset cryptographic algorithm, and at the same time, the mobile terminal also sets a session key of the mobile terminal based on the preset cryptographic algorithm, and the session keys of the two are the same.
Thereafter, step 403 is performed, and the vehicle sets a pair of public and private keys.
Specifically, the mobile terminal may determine the public key of the mobile terminal as a first authentication password, and sign the public key of the mobile terminal with the private key of the mobile terminal to obtain first signature data. And then, the mobile terminal encrypts the first signature data and the public key of the mobile terminal by using the session key and sends the first signature data and the public key of the mobile terminal to the vehicle.
Next, step 406 is performed, the vehicle receives the encrypted first authentication password and performs a decryption operation to obtain the first authentication password.
Specifically, the vehicle receives the encrypted first signature data and the public key of the mobile terminal, which are sent by the mobile terminal, and decrypts the encrypted first signature data and the public key of the mobile terminal by using the session key to obtain the first signature data and the public key of the mobile terminal, and then the vehicle verifies the first signature data by using the public key of the mobile terminal, and when the verification is passed, the public key of the mobile terminal is stored as the first authentication password.
The method for verifying the first signature data by the vehicle by using the public key of the mobile terminal comprises the following steps: the vehicle decrypts the first signature data by using a public key of the mobile terminal to obtain first data, and meanwhile, calculates the public key of the mobile terminal by using a preset algorithm to obtain first comparison data, compares whether the first data is consistent with the first comparison data, if so, indicates that a sending end of the first signature data is the mobile terminal to be bound and is not the mobile terminal counterfeited by an attacker, at the moment, the vehicle stores the public key of the mobile terminal as a first authentication password, and executes step 407; if the first signature data is not consistent with the second signature data, or the first signature data is decrypted by the public key of the received mobile terminal to obtain a string of random codes, it is indicated that the sending end of the first signature data is not the mobile terminal to be bound, and is probably an illegally forged mobile terminal, and the vehicle should not care about the mobile terminal.
Specifically, the vehicle determines the public key of the vehicle as a second authentication password, signs the public key of the vehicle by using the private key of the vehicle to obtain second signature data, encrypts the second signature data and the public key of the vehicle by using the session key, and sends the second signature data and the public key of the vehicle to the mobile terminal.
And step 408, the mobile terminal receives the encrypted second authentication password and decrypts the received data by using the session key to obtain the second authentication password.
Specifically, the mobile terminal may obtain encrypted second signature data and a public key of the vehicle, which are sent by the vehicle, and the mobile terminal may decrypt the received data by using the session key to obtain the second signature data and the public key of the vehicle, and then, the mobile terminal may verify the second signature data by using the public key of the vehicle, and when the verification passes, the public key of the vehicle is stored as a second authentication password.
The method for verifying the signature comprises the following steps: decrypting the second signature data by using the acquired public key of the vehicle to obtain second data, calculating the public key of the vehicle by using a preset algorithm to obtain second comparison data, comparing whether the second data is consistent with the second comparison data, if so, indicating that a sending end of the second signature data is a vehicle to be bound but not other vehicles, and at the moment, storing the public key of the vehicle as a second authentication password by the mobile terminal, and executing a step 409; if the first signature data is inconsistent with the second signature data, or the second signature data is decrypted by the mobile terminal through the public key of the vehicle to obtain a string of random codes, it is indicated that the sending end of the second signature data is not the vehicle to be bound, and the mobile terminal should not reckon the vehicle.
The steps 403 to 409 are substantially bidirectional authentication of the identities of the vehicle and the mobile terminal to be bound, that is, whether the vehicle is authenticated and whether the mobile terminal is the mobile terminal to be bound are authenticated, so that the situation that an attacker forges a legal mobile terminal to try to bind with the vehicle can be avoided, and the security of the method for binding the vehicle and the mobile terminal is greatly improved.
And after the bidirectional authentication is performed on the vehicle to be bound and the mobile terminal to be bound, step 409 may be performed, in which the vehicle performs mutual communication authentication with the mobile terminal based on the first authentication password and the second authentication password, and after the authentication is passed, the binding operation is performed.
The first authentication password is substantially a public key of the mobile terminal, and the second authentication password is substantially a public key of the vehicle. And, the mutual trust authentication method may specifically be:
and the vehicle generates a seventh random number, encrypts the seventh random number by using the first authentication password, signs the seventh random number by using a private key of the vehicle to obtain a first data packet, and sends the first data packet to the mobile terminal.
After the mobile terminal obtains the first data packet, the signature of the first data packet is verified by using the second authentication password, when the first data packet passes the verification, the first data packet is decrypted by using a private key of the mobile terminal to obtain third data, then the third data is encrypted by using the second authentication password, the third data is signed by using the private key of the mobile terminal to obtain a second data packet, and the second data packet is sent to the vehicle.
And the vehicle receives the second data packet, verifies the signature of the second data packet by using the first authentication password, decrypts the second data packet by using a private key of the vehicle to obtain fourth data when the signature of the second data packet passes the verification, compares whether the fourth data is consistent with the seventh random number, and determines that the vehicle passes the authentication with the mobile terminal when the fourth data is consistent with the seventh random number.
The above method for verifying the signature is similar to the method for verifying the signature in steps 406 and 408, and details of this embodiment three are not described herein.
In summary, the vehicle binding method provided in the third embodiment of the present invention has the advantages of wide application range and safe transmission of the first authentication password. In the third embodiment, before mutual trust authentication is performed between the vehicle and the mobile terminal, bidirectional identity authentication is also performed between the vehicle and the mobile terminal to authenticate whether the opposite party is the vehicle to be bound or the mobile terminal to be bound, so that the situation that an attacker forges a legal mobile terminal to try to perform mutual trust authentication with the vehicle is avoided, and the security of the method for binding the vehicle and the mobile terminal is further ensured.
In addition, in the third embodiment, a first authentication password may be determined by the vehicle, and a second authentication password may be determined by the mobile terminal, where the first authentication password is a public key of the vehicle and the second authentication password is a public key of the mobile terminal. Moreover, when the first authentication password is determined by using the vehicle and the second authentication password is determined by using the mobile terminal, the binding method is similar to the binding method between the vehicle and the mobile terminal in the third embodiment, and the instruction execution subject is different, which is not described herein again.
Example four
In the fourth embodiment, the predetermined encryption algorithm includes an asymmetric encryption algorithm, and the example is described in which the vehicle determines not the first authentication password but the mobile terminal determines the first authentication password, the vehicle receives the encrypted first authentication password sent by the mobile terminal, and performs a first decryption operation on the encrypted first authentication password based on the session key to obtain the first authentication password. The fourth embodiment is different from the third embodiment in that steps 407 to 409 in the third embodiment are not present in the fourth embodiment. Further, fig. 5 is a flowchart of a method for binding a vehicle and a mobile terminal according to a fourth embodiment of the present invention, and as shown in fig. 5, the method for binding a vehicle and a mobile terminal specifically includes:
The steps 501 to 504 in the fourth embodiment are the same as the execution methods of the steps 401 to 404 in the third embodiment, and the description of the fourth embodiment is omitted here.
And, the fourth embodiment is different from the third embodiment in that:
in the fourth embodiment, after the step 504 is executed, the step 505 is directly executed, that is: and the vehicle performs mutual trust authentication with the mobile terminal based on the first authentication password, and executes binding operation after the authentication is passed.
Specifically, the mutual trust authentication method may be: the vehicle generates an eighth random number, encrypts the eighth random number by using the first authentication password (i.e., the public key of the mobile terminal), and sends the encrypted eighth random number to the mobile terminal. And after receiving the encrypted eighth random number, the mobile terminal decrypts the received data by using the private key of the mobile terminal, encrypts the decrypted data by using the private key of the mobile terminal to obtain first encrypted data and sends the first encrypted data to the vehicle. After the vehicle receives the first encrypted data, decrypting the first encrypted data by using the first authentication password to obtain first decrypted data, comparing whether the first decrypted data is consistent with the eighth random number or not, and if so, passing the authentication, and determining that the mobile terminal is a to-be-bound mobile terminal by the vehicle and executing the binding operation; otherwise, the vehicle disregards the mobile terminal.
It can be seen from the above that, in the fourth embodiment, instead of performing the mutual trust authentication between the vehicle and the mobile terminal, the two parties perform the mutual authentication on their identities as in the third embodiment, "only the vehicle performs the one-way authentication on the identity of the mobile terminal before the mutual trust authentication between the vehicle and the mobile terminal", so as to prevent an attacker from forging a legal mobile terminal to bind with the vehicle, thereby threatening the security of the method for binding the vehicle and the mobile terminal.
EXAMPLE five
The predetermined encryption algorithm includes an asymmetric encryption algorithm, and in the fifth embodiment, for example, the vehicle determines a first authentication password, encrypts the first authentication password based on the session key, and sends the first authentication password to the mobile terminal, and steps 407 to 409 in the third embodiment also do not exist in the fifth embodiment. Fig. 6 is a flowchart of a method for binding a vehicle and a mobile terminal according to a fifth embodiment of the present invention, and as shown in fig. 6, the method for binding a vehicle and a mobile terminal specifically includes:
The specific method for setting the session key by the vehicle and the mobile terminal may refer to step 402 in the third embodiment, and details of this embodiment are not described herein.
Specifically, the vehicle may determine a public key of the vehicle as a first authentication password, and sign the public key of the vehicle with a private key of the vehicle to obtain fourth signature data. Then, the vehicle encrypts the public key of the vehicle and the fourth signature data with a session key and transmits the encrypted public key and the fourth signature data to the mobile terminal.
Specifically, the mobile terminal decrypts the received data by using the session key to obtain a public key of the vehicle and fourth signature data, then verifies the fourth signature data by using the public key of the vehicle, and stores the public key of the vehicle as the first authentication password when the verification is passed.
Wherein the verification method may include: the vehicle decrypts the fourth signature data by using the public key of the vehicle to obtain sixth data, calculates the public key of the vehicle by using a preset algorithm to obtain third comparison data, compares whether the sixth data is consistent with the third comparison data, if so, indicates that the sending end of the fourth signature data is the vehicle to be bound but not other vehicles, at this time, the verification is determined to be passed, and the mobile terminal stores the public key of the vehicle as a first authentication password and executes step 605; if the signature data is not consistent with the signature data, or the signature data is decrypted by the mobile terminal through the received public key of the vehicle to obtain a string of messy codes, it is indicated that the sending end of the fourth signature data is not the vehicle to be bound, and the mobile terminal should not reckon the vehicle.
And 605, the mobile terminal performs mutual trust authentication based on the first authentication password, and binds the vehicle and the mobile terminal after the authentication is passed.
Specifically, the mobile terminal may generate a ninth random number, encrypt the ninth random number by using the first authentication password (that is, the public key of the vehicle), and send the ninth random number to the vehicle. And the vehicle receives the encrypted ninth data, decrypts the received data by using the first authentication password, then encrypts the decrypted data by using a private key of the vehicle to obtain second encrypted data, and sends the second encrypted data to the mobile terminal. After the vehicle receives the second encrypted data, decrypting the second encrypted data by using the first authentication password to obtain second decrypted data, comparing whether the second decrypted data is consistent with the ninth random number or not, and if so, passing the authentication, determining the vehicle as the vehicle to be bound by the mobile terminal, and executing the binding operation; otherwise, the mobile terminal disregards the vehicle.
It can be seen from the above that, in the fifth embodiment, not "the two parties perform mutual authentication on their identities before performing mutual authentication on the vehicle and the mobile terminal" as in the third embodiment, nor "the vehicle performs only one-way authentication on the identity of the mobile terminal before performing mutual authentication on the vehicle and the mobile terminal" as in the fourth embodiment, but "the mobile terminal performs only one-way authentication on the identity of the vehicle before performing mutual authentication on the vehicle and the mobile terminal" to prevent the mobile terminal from being bound with other vehicles, thereby ensuring correct binding between the mobile terminal and the vehicle and ensuring accuracy of the binding method between the vehicle and the mobile terminal.
The present invention further provides a vehicle, and optionally, fig. 7 is a schematic structural diagram of a vehicle according to an embodiment of the present invention, as shown in fig. 7, the vehicle includes a first determining module B1 and a first communication module B2, where the first determining module B1 is configured to determine a first authentication password; the first communication module B2 is configured to encrypt the first authentication password with a session key that is pre-agreed between the vehicle and the mobile terminal and to transmit the encrypted first authentication password to the mobile terminal, and the first communication module B2 is further configured to mutually authenticate the vehicle and the mobile terminal based on the first authentication password and, when authentication is passed, to bind the vehicle and the mobile terminal.
And fig. 8 is a schematic structural diagram of another vehicle according to an embodiment of the present invention, and as shown in fig. 8, the vehicle includes a fourth communication module B3, where the fourth communication module B3 is configured to receive an encrypted first authentication password sent by a mobile terminal, and perform a decryption operation on the encrypted first authentication password by using the session key to obtain the first authentication password.
Optionally, fig. 9 is a schematic structural diagram of another vehicle according to an embodiment of the present invention, and as shown in fig. 9, the vehicle further includes a control module B4, configured to receive a control instruction sent by the mobile terminal, and execute a corresponding operation (for example, a vehicle start operation or a vehicle door opening operation or a vehicle door closing operation) based on the control instruction, where the control instruction is sent to the vehicle by the mobile terminal after the mobile terminal and the vehicle trust authentication pass.
Optionally, fig. 10 is a schematic structural diagram of a mobile terminal according to an embodiment of the present invention, as shown in fig. 10, the mobile terminal includes a second communication module a1, where the second communication module is configured to receive an encrypted first authentication password, and decrypt the encrypted first authentication password with the session key to obtain the first authentication password; and the second communication module a1 is further configured to perform mutual communication authentication on the vehicle and the mobile terminal based on the first authentication password, and when the authentication is passed, to cause the vehicle and the mobile terminal to bind.
Optionally, fig. 11 is a schematic structural diagram of another mobile terminal according to an embodiment of the present invention, as shown in fig. 11, the mobile terminal includes a second determining module a2 and a third communication module A3, where the second determining module a2 is configured to determine a first authentication password, the third communication module A3 is configured to encrypt the first authentication password by using a session key and send the first authentication password to the vehicle, and the session key is agreed between the vehicle and the mobile terminal in advance based on a predetermined encryption algorithm. And the third communication module a3 is further configured to perform mutual trust authentication between the vehicle and the mobile terminal based on the first authentication password.
Optionally, the second communication module a2 or the third communication module A3 is further configured to send a control command to the vehicle after the vehicle is bound with the mobile terminal.
In addition, the present invention further provides a system for binding a vehicle and a mobile terminal, where fig. 12 is a schematic structural diagram of the system for binding a vehicle and a mobile terminal provided in an embodiment of the present invention, as shown in fig. 12, the system may include: a mobile terminal a and a vehicle B for near field communication. The mobile terminal a may be a mobile device such as a smart phone or a tablet computer or a wearable device or an NFC card, the mobile terminal may be, for example, the mobile terminal shown in fig. 10 or 11, and the vehicle may be the vehicle shown in any one of fig. 7 to 9, where the mobile terminal and the vehicle are configured to execute the binding method of the vehicle and the mobile terminal according to any one of the first to fifth embodiments to bind each other.
In summary, in the method and system for binding a vehicle and a mobile terminal provided by the present invention, the mobile terminal and the vehicle perform near field communication with each other. In the method for binding a vehicle and a mobile terminal according to the present invention, a first authentication password may be determined by any one of the vehicle and the mobile terminal, the first authentication password may be encrypted by a preset session key, and the encrypted first authentication password may be transmitted to the other end of the vehicle and the mobile terminal, at which the first authentication password is not determined, so that the other end receives the encrypted first authentication password and performs a first decryption operation to obtain the first authentication password. And then, the mobile terminal and the vehicle can perform mutual trust authentication based on the first authentication password, and when the authentication is passed, the vehicle and the mobile terminal are bound so as to control the vehicle through the mobile terminal.
That is, in the present invention, the first authentication password encrypted by the session key is transmitted between the mobile terminal and the vehicle, so that other terminals can be prevented from intercepting the first authentication password, and the transmission security of the first authentication password is ensured, thereby ensuring the security of the binding method between the vehicle and the mobile terminal. Meanwhile, because the vehicle and the mobile terminal are in near field communication, the vehicle and the mobile terminal can interact with each other in the same way even under the condition of no network signal, and the application range is wide.
The above description is only for the purpose of describing the preferred embodiments of the present invention, and is not intended to limit the scope of the present invention, and any variations and modifications made by those skilled in the art based on the above disclosure are within the scope of the appended claims.
Claims (20)
1. A method for binding a vehicle and a mobile terminal, the method comprising:
providing a vehicle, wherein the vehicle is in near field communication with a mobile terminal;
the vehicle sets a session key based on a predetermined cryptographic algorithm;
the vehicle determines a first authentication password, encrypts the first authentication password by using the session key and then sends the first authentication password to the mobile terminal; or the vehicle receives an encrypted first authentication password sent by the mobile terminal, and decrypts the encrypted first authentication password by using the session key to obtain a first authentication password, wherein the encrypted first authentication password is obtained by encrypting the first authentication password by using the session key by the mobile terminal;
and the vehicle performs mutual trust authentication with the mobile terminal based on the first authentication password, and executes binding operation after the authentication is passed.
2. The vehicle and mobile terminal binding method of claim 1, wherein the session key is pre-agreed upon by the vehicle and the mobile terminal.
3. The vehicle-to-mobile terminal binding method according to claim 2, wherein the predetermined cryptographic algorithm comprises a symmetric cryptographic algorithm.
4. The vehicle and mobile terminal binding method according to claim 3, wherein the method for the vehicle to set the session key comprises:
the vehicle generates a first random number and acquires a first secret key, so that the vehicle encrypts the first random number by using the first secret key to obtain the session key.
5. The vehicle-to-mobile terminal binding method according to claim 4, further comprising the mobile terminal setting a session key based on a predetermined cryptographic algorithm;
the method for setting the session key by the mobile terminal comprises the following steps:
and the mobile terminal acquires the first random number and the first key, and performs encryption calculation on the first random number by using the first key to obtain the session key.
6. The vehicle-to-mobile terminal binding method of claim 3, wherein the method for the vehicle to determine the first authentication password comprises: and the vehicle generates a third random number, and the third random number is used as a first authentication password.
7. The vehicle-to-mobile terminal binding method of claim 3, wherein after the vehicle encrypts the first authentication password with the session key and sends the first authentication password to the mobile terminal, the method further comprises: and the mobile terminal receives the encrypted first authentication password sent by the vehicle, acquires the session key, and decrypts the received encrypted first authentication password by using the session key to acquire the first authentication password.
8. The method for binding a vehicle and a mobile terminal according to claim 3, wherein the method for the vehicle to perform mutual trust authentication with the mobile terminal based on the first authentication password comprises:
the vehicle generates a fourth random number and sends the fourth random number to the mobile terminal, so that the mobile terminal encrypts the fourth random number by using the first authentication password to generate a response code;
the vehicle receives the response code, encrypts the fourth random number by using the first authentication password, takes the encrypted fourth random number as a comparison code, compares whether the comparison code is consistent with the response code, and determines that the vehicle passes the authentication with the mobile terminal when the comparison code is consistent with the response code.
9. The vehicle-to-mobile terminal binding method according to claim 2, wherein the predetermined encryption algorithm comprises an asymmetric encryption algorithm.
10. The vehicle and mobile terminal binding method according to claim 9, wherein the method for the vehicle to set the session key comprises:
the vehicle generates a fifth random number and generates a session key based on the fifth random number using a predetermined protocol.
11. The vehicle-to-mobile terminal binding method of claim 10, further comprising: the mobile terminal sets a session key based on a predetermined cryptographic algorithm;
the method for setting the session key by the mobile terminal comprises the following steps:
and the mobile terminal acquires the fifth random number and generates a session key based on the fifth random number by using a preset protocol.
12. The vehicle-to-mobile terminal binding method of claim 9, further comprising:
the vehicle is provided with a pair of public key and private key;
the mobile terminal is provided with a pair of public key and private key.
13. The vehicle-to-mobile terminal binding method of claim 12, wherein before the vehicle receives the encrypted first authentication password sent by the mobile terminal, the method further comprises the mobile terminal determining the first authentication password and encrypting the first authentication password with the session key before sending to the vehicle;
the method for determining the first authentication password and encrypting the first authentication password by using the session key and then sending the first authentication password to the vehicle by the mobile terminal comprises the following steps:
the mobile terminal determines a public key of the mobile terminal as a first authentication password, signs the public key of the mobile terminal by using a private key of the mobile terminal to obtain first signature data, encrypts the first signature data and the public key of the mobile terminal by using the session key to obtain an encrypted first authentication password, and sends the encrypted first authentication password to the vehicle.
14. The vehicle-to-mobile terminal binding method of claim 13, wherein the method for the vehicle to decrypt the encrypted first authentication password using the session key to obtain the first authentication password comprises:
decrypting the encrypted first authentication password sent by the mobile terminal by using the session key to obtain first signature data and a public key of the mobile terminal;
and verifying the first signature data by using the public key of the mobile terminal, and storing the public key of the mobile terminal as a first authentication password when the first signature data passes verification.
15. The vehicle-to-mobile terminal binding method of claim 14, wherein after the vehicle performs the decryption operation, the method further comprises:
the vehicle determines a second authentication password, encrypts the second authentication password by using the session key and then sends the second authentication password to the mobile terminal;
the method for determining the second authentication password by the vehicle, encrypting the second authentication password by using the session key and then sending the second authentication password to the mobile terminal comprises the following steps:
the vehicle determines the public key of the vehicle as a second authentication password, signs the public key of the vehicle by using the private key of the vehicle to obtain second signature data, encrypts the second signature data and the public key of the vehicle by using the session key to obtain an encrypted second authentication password, and sends the encrypted second authentication password to the mobile terminal.
16. The vehicle-to-mobile terminal binding method of claim 15, wherein said method further comprises: the mobile terminal receives the encrypted second authentication password sent by the vehicle and decrypts the encrypted second authentication password by using the session key to obtain second signature data and a public key of the vehicle;
and the mobile terminal verifies the second signature data by using the public key of the vehicle, and stores the public key of the vehicle as a second authentication password when the verification is passed.
17. The vehicle-to-mobile terminal binding method according to claim 15, wherein the vehicle performs mutual trust authentication with the mobile terminal based on the first authentication password and the second authentication password;
and the method for mutual trust authentication between the mobile terminal and the vehicle based on the first authentication password and the second authentication password comprises the following steps:
the vehicle generates a seventh random number, encrypts the seventh random number by using the first authentication password, signs the seventh random number by using a private key of the vehicle to obtain a first data packet, and sends the first data packet to the mobile terminal;
the vehicle acquires a second data packet sent by the mobile terminal, wherein the second data packet is obtained after the mobile terminal acquires the first data packet, the signature of the first data packet is verified by using the second authentication password, the first data packet is decrypted by using a private key of the mobile terminal to obtain third data, the third data is encrypted by using the second authentication password, and the third data is signed by using the private key of the mobile terminal;
and the vehicle verifies the signature of the second data packet by using the first authentication password, decrypts the second data packet by using a private key of the vehicle after the signature of the second data packet passes the verification to obtain fourth data, compares whether the fourth data is consistent with the seventh random number or not, and determines that the vehicle passes the authentication with the mobile terminal when the fourth data is consistent with the seventh random number.
18. A vehicle, characterized by comprising:
a first determination module for setting a session key based on a predetermined cryptographic algorithm and determining a first authentication password;
the first communication module is used for encrypting the first authentication password by using a session key and sending the first authentication password to the mobile terminal;
the first communication module is also used for carrying out mutual trust authentication with the mobile terminal based on the first authentication password;
or the vehicle comprises a fourth communication module, a second communication module and a third communication module, wherein the fourth communication module is used for setting a session key based on a preset cryptographic algorithm, receiving an encrypted first authentication password sent by a mobile terminal, and performing decryption operation on the encrypted first authentication password by using the session key to obtain the first authentication password; and the fourth communication module is also used for carrying out mutual communication authentication with the mobile terminal based on the first authentication password.
19. A mobile terminal, comprising:
the second communication module is used for setting a session key based on a preset cryptographic algorithm and receiving an encrypted first authentication password sent by a vehicle, and decrypting the encrypted first authentication password by using the session key to obtain the first authentication password; and the second communication module is also used for carrying out mutual communication authentication with the vehicle based on the first authentication password.
Or, the mobile terminal includes:
a second determination module for setting a session key based on a predetermined cryptographic algorithm and determining a first authentication password;
the third communication module is used for encrypting the first authentication password by using a session key and sending the first authentication password to the vehicle; and the third communication module is also used for carrying out mutual communication authentication with the vehicle based on the first authentication password.
20. A vehicle and mobile terminal binding system, the system comprising: a mobile terminal and a vehicle in near field communication with each other, wherein the vehicle and the mobile terminal are bound by using the binding method of the vehicle and the mobile terminal according to any one of claims 1 to 17.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110434966.6A CN113099457A (en) | 2021-04-22 | 2021-04-22 | Method and system for binding vehicle and mobile terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110434966.6A CN113099457A (en) | 2021-04-22 | 2021-04-22 | Method and system for binding vehicle and mobile terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113099457A true CN113099457A (en) | 2021-07-09 |
Family
ID=76679241
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110434966.6A Pending CN113099457A (en) | 2021-04-22 | 2021-04-22 | Method and system for binding vehicle and mobile terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113099457A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2024017255A1 (en) * | 2022-07-22 | 2024-01-25 | 蔚来汽车科技(安徽)有限公司 | Vehicle communication method, terminal, vehicle and computer-readable storage medium |
| WO2024017256A1 (en) * | 2022-07-22 | 2024-01-25 | 蔚来汽车科技(安徽)有限公司 | Vehicle communication method and terminal, and vehicle and computer-readable storage medium |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20050094318A (en) * | 2004-03-22 | 2005-09-27 | 삼성전자주식회사 | Authentication between a device and a portable storage |
| CN102880897A (en) * | 2011-07-14 | 2013-01-16 | 中国移动通信集团公司 | Application data sharing method of smart card and smart card |
| CN102892102A (en) * | 2011-07-19 | 2013-01-23 | 中国移动通信集团公司 | Method, system and device for binding mobile terminal and smart card in mobile network |
| CN106788960A (en) * | 2016-12-01 | 2017-05-31 | 北京信安世纪科技有限公司 | A kind of method and device of key agreement |
| CN108206996A (en) * | 2017-12-08 | 2018-06-26 | 中兴通讯股份有限公司 | Auth method and device |
| CN109327307A (en) * | 2018-10-24 | 2019-02-12 | 东南(福建)汽车工业有限公司 | CAN bus based automobile remote control method |
| CN109728899A (en) * | 2017-10-30 | 2019-05-07 | 北京长城华冠汽车科技股份有限公司 | A kind of pure electric vehicle authentication key method for managing security and system |
| CN110177354A (en) * | 2019-06-21 | 2019-08-27 | 湖北亿咖通科技有限公司 | A kind of wireless control method and system of vehicle |
| CN111835752A (en) * | 2020-07-09 | 2020-10-27 | 国网山西省电力公司信息通信分公司 | Lightweight authentication method based on equipment identity and gateway |
-
2021
- 2021-04-22 CN CN202110434966.6A patent/CN113099457A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20050094318A (en) * | 2004-03-22 | 2005-09-27 | 삼성전자주식회사 | Authentication between a device and a portable storage |
| CN102880897A (en) * | 2011-07-14 | 2013-01-16 | 中国移动通信集团公司 | Application data sharing method of smart card and smart card |
| CN102892102A (en) * | 2011-07-19 | 2013-01-23 | 中国移动通信集团公司 | Method, system and device for binding mobile terminal and smart card in mobile network |
| CN106788960A (en) * | 2016-12-01 | 2017-05-31 | 北京信安世纪科技有限公司 | A kind of method and device of key agreement |
| CN109728899A (en) * | 2017-10-30 | 2019-05-07 | 北京长城华冠汽车科技股份有限公司 | A kind of pure electric vehicle authentication key method for managing security and system |
| CN108206996A (en) * | 2017-12-08 | 2018-06-26 | 中兴通讯股份有限公司 | Auth method and device |
| CN109327307A (en) * | 2018-10-24 | 2019-02-12 | 东南(福建)汽车工业有限公司 | CAN bus based automobile remote control method |
| CN110177354A (en) * | 2019-06-21 | 2019-08-27 | 湖北亿咖通科技有限公司 | A kind of wireless control method and system of vehicle |
| CN111835752A (en) * | 2020-07-09 | 2020-10-27 | 国网山西省电力公司信息通信分公司 | Lightweight authentication method based on equipment identity and gateway |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2024017255A1 (en) * | 2022-07-22 | 2024-01-25 | 蔚来汽车科技(安徽)有限公司 | Vehicle communication method, terminal, vehicle and computer-readable storage medium |
| WO2024017256A1 (en) * | 2022-07-22 | 2024-01-25 | 蔚来汽车科技(安徽)有限公司 | Vehicle communication method and terminal, and vehicle and computer-readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110380852B (en) | Bidirectional authentication method and communication system | |
| CN107409049B (en) | Method and apparatus for securing mobile applications | |
| EP3602991B1 (en) | Mechanism for achieving mutual identity verification via one-way application-device channels | |
| EP3723399A1 (en) | Identity verification method and apparatus | |
| CN107358441B (en) | Payment verification method and system, mobile device and security authentication device | |
| CN111615105B (en) | Information providing and acquiring method, device and terminal | |
| US11544365B2 (en) | Authentication system using a visual representation of an authentication challenge | |
| CN107743067B (en) | Method, system, terminal and storage medium for issuing digital certificate | |
| CN110990827A (en) | Identity information verification method, server and storage medium | |
| JP2012530311A5 (en) | ||
| CN109495445A (en) | Identity identifying method, device, terminal, server and medium based on Internet of Things | |
| CN110690956B (en) | Bidirectional authentication method and system, server and terminal | |
| CN108959990B (en) | Two-dimensional code verification method and device | |
| CN105323063B (en) | The auth method of mobile terminal and fixed intelligent terminal based on two dimensional code | |
| CN113099457A (en) | Method and system for binding vehicle and mobile terminal | |
| CN103905388A (en) | Authentication method, authentication device, smart card, and server | |
| KR101113446B1 (en) | System and method for transmiting certificate to mobile apparatus and system and method for transmiting and certifying data using multi-dimensional code | |
| CN108401494B (en) | Method and system for transmitting data | |
| CN110838919B (en) | Communication method, storage method, operation method and device | |
| CN114338201B (en) | Data processing method and device, electronic equipment and storage medium | |
| CN112348998B (en) | Method and device for generating one-time password, intelligent door lock and storage medium | |
| CN112351043A (en) | Vehicle navigation factory setting password management method and system | |
| CN115801287A (en) | Signature authentication method and device | |
| CN110968878A (en) | Information transmission method, system, electronic device and readable medium | |
| JP6723422B1 (en) | Authentication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |