CN113766450A - Vehicle virtual key sharing method, mobile terminal, server and vehicle - Google Patents

Vehicle virtual key sharing method, mobile terminal, server and vehicle Download PDF

Info

Publication number
CN113766450A
CN113766450A CN202010504513.1A CN202010504513A CN113766450A CN 113766450 A CN113766450 A CN 113766450A CN 202010504513 A CN202010504513 A CN 202010504513A CN 113766450 A CN113766450 A CN 113766450A
Authority
CN
China
Prior art keywords
authorization
vehicle
authorized
random number
authorized party
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010504513.1A
Other languages
Chinese (zh)
Inventor
邓利华
毛成林
刘娟
吴丽华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BYD Co Ltd
Original Assignee
BYD Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BYD Co Ltd filed Critical BYD Co Ltd
Priority to CN202010504513.1A priority Critical patent/CN113766450A/en
Publication of CN113766450A publication Critical patent/CN113766450A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication

Abstract

The embodiment of the invention provides a vehicle virtual key sharing method, which comprises the following steps: determining that the user is an authorized party or an authorized party; if the user is an authorized party, acquiring an authorized password and authorized information input by the user; generating an authorization ciphertext according to the authorization password, the authorization information and the root key; if the user is an authorized party, acquiring an authorized password input by the user; if the authorization password is verified, acquiring an authorization ciphertext; the authorization ciphertext is generated according to an authorization password, authorization information and a root key of an authorization party; and the authorized party uses the authorization ciphertext to verify the vehicle, and the authorized party has the control authority in the authorization information after the verification is passed. Corresponding mobile terminal, server and vehicle are also provided. The embodiment of the invention improves the safety and convenience of vehicle sharing.

Description

Vehicle virtual key sharing method, mobile terminal, server and vehicle
Technical Field
The invention relates to the field of vehicle internet of things, in particular to a vehicle virtual key sharing method, a mobile terminal for vehicle virtual key sharing, a server for vehicle virtual key sharing and a vehicle.
Background
The new automobile four-generation is gradually becoming the development direction of the automobile industry, and the new four-generation includes intellectualization and sharing. In short, if the conventional car key function can be integrated into a mobile phone or other smart devices, the intellectualization of the car key can be completed. The sharing is that authorized operation is carried out on the intelligent device, and authorized legal users can open the vehicle door and use the vehicle of the vehicle owner.
For automobile key sharing, the 3C alliance (car networking alliance) is building a corresponding technical solution, and each car enterprise also has its own idea. But currently there is no unified standard. The safest scheme is to use the certificate, write the private key of the certificate into the vehicle, issue the public key to the mobile phone, and share the public key to complete the vehicle borrowing operation. Because the vehicle is one certificate, the certificate can well identify the identity. However, the calculations involved in the certificates require the computational power of the onboard processors, which increases overall vehicle costs.
In the prior art, a method for sharing own automobiles to others exists, but a temporary authorization code mode is mostly adopted, which needs to provide account numbers or ID information of authorized parties, and also needs to borrow a root key of a vehicle to enable the authorized parties to be authorized, so that certain security risk is achieved.
And SE: secure element, usually provided in the form of a chip, having an encryption/decryption logic therein for protecting data security and preventing external malicious parsing attacks.
HSM: and the Hardware Security Module is used for protecting the life cycle of the secret key and processing encryption and decryption operations.
Disclosure of Invention
The invention aims to provide a vehicle virtual key sharing method and a corresponding hardware system, and aims to solve the problem of safety risk caused by only adopting account number verification in the conventional automobile borrowing.
In order to achieve the above object, in a first aspect of the present invention, there is provided a vehicle virtual key sharing method, including:
determining that the user is an authorized party or an authorized party;
if the user is an authorized party, acquiring an authorized password and authorized information input by the user; generating an authorization ciphertext according to the authorization password, the authorization information and the root key;
if the user is an authorized party, acquiring an authorized password input by the user; if the authorization password is verified, acquiring an authorization ciphertext; the authorization ciphertext is generated according to an authorization password, authorization information and a root key of an authorization party;
the authorized party uses the authorization ciphertext to verify the vehicle, and the authorized party has the control authority in the authorization information after the verification is passed;
wherein the authorized password is shared by the authorizing party and the authorized party, and the authorization information comprises the control authority of the authorized party to the vehicle within the authorization period.
Preferably, the generating an authorization ciphertext according to the authorization password, the authorization information, and the root key includes:
generating a random number a 1;
the authorized password and the random number A1 are spliced to calculate a check value B1,
after the authorized password, the random number A1 and the check value B1 are spliced, a ciphertext C1 is generated by encrypting the root key;
splicing the authorization information and the random number A1 to calculate a check value B2,
after the authorization information, the random number A1 and the check value B2 are spliced, a ciphertext C2 is generated by encrypting the root key;
the ciphertext C1 and the ciphertext C2 may be the authorization ciphertext.
Preferably, the authorization cryptogram is transmitted through a server, and the server is configured to:
receiving an authorization password input by an authorizer; verifying the authorization password input by the authorized party with the authorization password of the authorized party; and receiving the authorization ciphertext acquired by the authorizer, and sending the authorization ciphertext to the authorized party passing the verification.
Preferably, the authorized party uses the authorization ciphertext to authenticate with the vehicle, and the method includes:
the vehicle obtains the authorization cryptogram from the authorized party;
decrypting from the ciphertext C1 and the ciphertext C2 with a root key, respectively:
the authorization password, the random number A2, the check value B3 and authorization information, the random number A3 and the check value B4; the verification is passed if the following three conditions are met simultaneously:
the random number A2 is equal to the random number A3;
the check value B3 is correct and the check value B4 is correct;
determining that an end time of an authorization deadline in the authorization information is after a current time.
Preferably, after the verification is passed, the authorized party has the control right in the authorization information, including:
the vehicle encodes the authorized password into the same format as the root key to serve as a temporary root key, and the authorized party encodes the authorized password into the same temporary root key in the same encoding mode; and
an authorized party generates a random number R1 and a check value K1 thereof, and transmits the random number R1 and the check value K1 to the vehicle after being encrypted by the temporary root key;
after the vehicle is decrypted and verified, the random number R1, the vehicle-generated random number R2, and the calculated random number R1 and the verification value K2 of the random number R2 are encrypted by the temporary root key and then transmitted to the authorized party;
after decryption and verification by the authorized party, the random number R1 and the random number R2 are encrypted by using the temporary root key as a session key, and the session key is used for encrypting the control instruction sent to the vehicle by the authorized party.
In a second aspect of the present invention, there is also provided a mobile terminal for vehicle virtual key sharing, the mobile terminal including:
the determining module is used for determining whether the user belongs to an authorizing party or an authorized party;
the authorization password input module is used for inputting an authorization password by a user;
if the user is an authorized party, calling an authorization information input module, wherein the authorization information input module is used for inputting authorization information by the user and then calling an authorization ciphertext generating module, and the authorization ciphertext generating module is used for generating an authorization ciphertext according to the authorization password, the authorization information and the root key;
if the user is an authorized party, calling a vehicle verification module, wherein the vehicle verification module is used for verifying the acquired authorization information and the vehicle; then calling a vehicle control module, wherein the vehicle control module is used for an authorized party to implement the control authority in the authorization information;
the computing module is used for providing a computing processing function of data;
the communication module is used for providing a data interaction function of the mobile terminal and external equipment;
and the storage module is used for storing the program instruction and the data information of the mobile terminal.
In a third aspect of the present invention, there is also provided a server for virtual key sharing of a vehicle, the server being configured as a function of the aforementioned server.
Preferably, the server is further configured to:
verifying the identity of the authorizing party and the authorized party;
providing a reference time for the authorizer, the authorizee, and the vehicle;
after detecting that the authorization information provided by the authorizing party is changed, synchronizing the changed authorization information to the authorized party;
and deleting the temporary root key of the authorized party after detecting that the authorization period is over.
In a fourth aspect of the present invention, there is also provided a vehicle including a control module configured as a function possessed by the aforementioned vehicle and a communication module.
In a fifth aspect of the present invention, there is also provided a system for virtual key sharing for a vehicle, comprising: at least one mobile terminal, a server and a vehicle.
In a sixth aspect of the present invention, there is also provided a storage medium having stored therein instructions that, when run on a computer, cause the computer to execute the aforementioned vehicle virtual key sharing method.
The technical scheme provided by the invention has the following beneficial effects:
1) a secret message, for example, a 6-digit password message, is determined by the borrower and the owner of the vehicle. These data, together with the expiry time data, are then encrypted using the owner's root key, sent to the borrower together, and forwarded by the borrower to the vehicle for subsequent authentication. The method is simple and easy to realize on the premise of ensuring safety, and is low in cost.
2) The vehicle indirectly authenticates the root key of the vehicle owner. Due to the characteristics of the encryption algorithm (the same input can cause the same encryption and decryption result), the important root key of the owner does not need to be directly authenticated by the borrower.
3) The algorithm (symmetric encryption algorithm) is simple to realize, and can be suitable for the mobile phone end and the vehicle end to carry out operation, and the calculation is quick. The requirement on the mobile phone end is less, the development cost is reduced, and the development period is shortened.
Additional features and advantages of embodiments of the invention will be set forth in the detailed description which follows.
Drawings
The accompanying drawings, which are included to provide a further understanding of the embodiments of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the embodiments of the invention without limiting the embodiments of the invention. In the drawings:
fig. 1 is a schematic flowchart of a vehicle virtual key sharing method according to embodiment 1 of the present invention;
fig. 2 is a schematic diagram of a process of generating and transmitting an authorization cryptogram in embodiment 2 of the present invention;
FIG. 3 is a schematic diagram of the process of verifying the use of the authorization cryptogram by the authorized party and the vehicle in embodiment 4 of the present invention;
fig. 4 is an implementation flow of the authorized party having the control right in the authorization information in embodiment 5 of the present invention;
fig. 5 is a schematic structural diagram of a vehicle virtual key sharing system according to embodiment 6 of the present invention.
Detailed Description
In addition, the embodiments of the present invention and the features of the embodiments may be combined with each other without conflict.
The following detailed description of embodiments of the invention refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating embodiments of the invention, are given by way of illustration and explanation only, not limitation.
Example 1
Fig. 1 is a schematic flow chart illustrating a vehicle virtual key sharing method according to embodiment 1 of the present invention. As shown in fig. 1, a vehicle virtual key sharing method includes:
determining that the user is an authorized party or an authorized party; if the user is an authorized party, acquiring an authorized password and authorized information input by the user; generating an authorization ciphertext according to the authorization password, the authorization information and the root key; if the user is an authorized party, acquiring an authorized password input by the user; the check code of the vehicle borrowing in fig. 1 is an optional additional checking method. If the authorization password is verified, acquiring an authorization ciphertext; the authorization ciphertext is generated according to an authorization password, authorization information and a root key of an authorization party; the authorized party uses the authorization ciphertext to verify the vehicle, and the authorized party has the control authority in the authorization information after the verification is passed; wherein the authorized password is shared by the authorizing party and the authorized party, and the authorization information comprises the control authority of the authorized party to the vehicle within the authorization period.
According to the scheme, a piece of information for uniquely identifying the user is generated according to some information of the user, the length of the information can be 16 bytes, and the information is called root authentication information. Typically, such root information is involved in subsequent symmetric encryption and decryption operations, and the key length supported by these encryption and decryption algorithms is 16 bytes. So for the sake of uniformity, we refer to this string of 16 bytes of information that uniquely identifies the user as the root key. The root key needs to be stored in the user's smart device, and the vehicle interior should also have this root key information. The root key is preferably stored in the SE secure element or HSM hardware encryption module to secure the key storage and encryption/decryption process. For the application of the vehicle enterprise, a vehicle owner and a vehicle borrower both need to be capable of registering a digital intelligent key application account number of the vehicle enterprise, and data interaction is safe and reliable when the mobile authentication terminal device is connected with a vehicle enterprise cloud server background, which can be achieved by using an HTTPS protocol. Most of the conventional vehicle lending methods are realized by sharing the root key of the vehicle, but the lending of the root key of the vehicle is accompanied by the risk of leakage. In order to avoid this risk, the present embodiment enables sharing of the vehicle by secret information (e.g., an authorized password) agreed in advance by both parties. The authorization password may be in the form of a number, for example, of 6 bits in length (hereinafter also referred to as a PIN code). The authorization password is shared by the authorizing party and the authorized party, the sharing means that both parties know the authorization password, and the specific sharing mode comprises the following steps: the authorization password is generated by two parties in a negotiation mode, or transmitted by common communication modes such as a head-to-mouth relay, WeChat, short message and appointed signal between the two parties. Therefore, the vehicle is allowed to indirectly authenticate the root key of the owner, and the owner does not need to directly authenticate the important root key of the owner to the borrower because the owner and the borrower have the same PIN code. And the implementation mode uses a symmetric encryption algorithm, has low requirement on the computing capability of equipment, and has the advantages of quick calculation and simple development. Wherein determining that the user is an authorizer or an authorized party comprises: providing a selection box for the user to select, and confirming the default identity of the user through the user login ID, and the like.
Example 2
The present embodiment provides a specific method for generating an authorization ciphertext based on the previous embodiment. Fig. 2 is a schematic diagram of a process of generating and transmitting an authorization ciphertext according to embodiment 2 of the present invention, as shown in fig. 2. Generating an authorization ciphertext according to the authorization password, the authorization information and the root key comprises: generating a random number a 1; splicing the authorized password and the random number A1, calculating a check value B1, splicing the authorized password, the random number A1 and the check value B1, and encrypting by adopting the root key to generate a ciphertext C1; splicing the authorization information and the random number A1, calculating a check value B2, splicing the authorization information, the random number A1 and the check value B2, and encrypting by adopting the root key to generate a ciphertext C2; the ciphertext C1 and the ciphertext C2 may be the authorization ciphertext. Specifically, taking an authorizer as an owner and an authorized party as an owner of a vehicle, the process of generating the authentication message by the owner of the vehicle is as follows: the vehicle borrowing operation formally starts, a vehicle owner clicks a vehicle borrowing interface, account information (generally a mobile phone number) of the vehicle borrower is input, the vehicle borrowing expiration time and an authorization password (6-digit PIN code). The owner mobile phone generates a random number A, splices the PIN code and the random number A, and calculates a check value B1, wherein the check mode can use CRC32 or other check algorithms. And the three items of data of the PIN code, the random number A and the check value B1 are combined into a message, and the message is encrypted by using a root key to form a ciphertext C1. The owner mobile phone collects the expiration time information T input by the user before, splices the random number A, calculates the check value B2, similarly combines the three items of data (the expiration time T + the random number A + the check value B2) into a message, and encrypts the message by using the root key to generate a ciphertext C2. Here, the random number a has a role of giving a certain randomness to the ciphertext, and the ciphertexts C1 and C2 are certainly different even if the PIN codes are the same under the influence of the random number a. At the moment, the authorization ciphertext is prepared, and the mobile phone of the owner firstly sends the PIN code to a device or equipment for verifying the identity of the borrower according to the requirement. The authorization ciphertext generation mode in the embodiment has the advantages of good randomness and good reliability.
Example 3
The present embodiment provides a process for performing authorization ciphertext transmission by using a server on the basis of the foregoing embodiment. The authorization cryptogram is communicated by a server configured to: receiving an authorization password input by an authorizer, and verifying the authorization password input by the authorizer by the authorization password of the authorizer; and receiving the authorization ciphertext of the authorizing party, and sending the authorization ciphertext to the authorized party passing the verification. Wherein the step of receiving the authorization cryptogram of the authorizing party may occur at the same time as receiving the authorization password, or may occur after the step of verifying. The embodiment of receiving the authorization cryptogram of the authorized party after the authentication refers to the server part in fig. 2. Specifically, the process of the borrower receiving the authentication message is as follows: the server informs the borrower of the preparation of borrowing the bicycle, pops up the input box and requires the borrower to input the previously determined PIN code and upload the PIN code. The server compares the PIN code with the PIN code uploaded by the owner before. If the vehicle borrowing action is wrong, the current vehicle borrowing action needs to be input again or terminated, and the vehicle owner is informed of the failure of the vehicle borrowing. If the input is correct, the server requests the owner's application to upload two encrypted messages C1, C2, which are then sent to the borrower along with some necessary information about the borrower (e.g., who the owner is, how long the borrower is, basic information about the vehicle). The borrower saves this information while keeping the previously entered PIN code. At this time, the borrower already has two encrypted messages C1, C2 and a PIN code. The preparation data for the borrowing is already completed. The server mode is adopted for transmitting the authorization ciphertext, the method has the advantage of no distance limitation, and the verification and storage functions of the server can be utilized.
Example 4
On the basis of the foregoing embodiment, the present embodiment provides an authentication process between an authorized party and a vehicle, and has the advantages of simple calculation and good security. Fig. 3 is a schematic diagram of a verification process of an authorized party using an authorization ciphertext and a vehicle in embodiment 4 of the present invention, as shown in fig. 3. The authorized party uses the authorization ciphertext to authenticate with the vehicle, and the method comprises the following steps: the vehicle obtains the authorization cryptogram from the authorized party; decrypting from the ciphertext C1 and the ciphertext C2 with a root key, respectively: the authorization password, the random number A2, the check value B3 and authorization information, the random number A3 and the check value B4; the verification is passed if the following three conditions are met simultaneously: the random number A2 is equal to the random number A3; the check value B3 is correct and the check value B4 is correct; determining that an end time of an authorization deadline in the authorization information is after a current time. Specifically, the vehicle owner (authorized party) obtains the authentication information of the vehicle owner and starts the authentication of the vehicle. The borrower first sends messages C1 and C2 to the vehicle in their entirety. Since the two messages are themselves encrypted by the root key, the messages can also be decrypted by the same root key that the vehicle owns. The vehicle can then recover from C1 the PIN code + random number a2+ check value B3, in the normal case the random number a2 being equal to the aforementioned random number a1 and the check value B3 being equal to the aforementioned check value B1; similarly, the expiration time T + the random number A3+ the check value B4 is recovered from C2, and under normal conditions, the random number A3 is also equal to the random number a1, and the check value B4 should be equal to the check value B2. The vehicle needs to do three things with these data: it is determined that the random numbers of the two messages are the same, i.e., a 1-a 2-A3 is required. The check values B1, B2 were determined to be complete (calculated using the same check method). Determining that the expiration time is after the current system time. If the problems exist in the three points, the illegal borrowing verification data is illegal, and errors should be returned and the connection is disconnected. If the verification is correct, the vehicle returns positive response, and the application of the borrower saves the PIN code as the root information of the current communication needing authentication. The owner of the vehicle can also authenticate the owner of the vehicle by using the digital key. For the borrower at this time, he only needs to authenticate the PIN code. The authentication process of the borrower and the authentication process of the owner should be compatible.
Example 5
On the basis of the foregoing embodiments, the present embodiment provides an implementation manner in which an authorized party obtains vehicle operation authority, and has an advantage of replay resistance. Fig. 4 is a flow of implementing that the authorized party has the manipulation right in the authorization information in embodiment 5 of the present invention, as shown in fig. 4. After the verification is passed, the authorized party has the control authority in the authorization information, and the method comprises the following steps: the vehicle encodes the authorized password into the same format as the root key to serve as a temporary root key, and the authorized party encodes the authorized password into the same temporary root key in the same encoding mode; the authorized party generates a random number R1 and a check value K1 thereof, and transmits the random number R1 and the check value K1 to the vehicle after being encrypted by the temporary root key; after the vehicle is decrypted and verified, the random number R1, the random number R2 generated by the vehicle and the verification value K2 of the random number R2 and the random number R2 are encrypted by the temporary root key and then transmitted to the authorized party; after decryption and verification by the authorized party, the random number R1 and the random number R2 are encrypted by using the temporary root key as a session key, and the session key is used for encrypting the control instruction sent to the vehicle by the authorized party. As previously mentioned, the authentication process of the borrower and the authentication process of the owner should be compatible, and an embodiment of the authentication process is provided below. First, root information is expanded. The owner and the vehicle hold a 16-byte root key, and the borrower have a 6-bit digital PIN code when borrowing the vehicle, and the vehicle also has the 6-bit PIN code at this time. In order to make the unification possible, when the borrower interacts, the 6-digit PIN code of the borrower and the vehicle are subjected to an expansion operation (usually, MD5 or other digest algorithm can be used), and the 6-digit PIN code is changed into 16 bytes of information. In this case, the owner can use the 16 bytes of information of the owner or the expanded 16 bytes of information of the owner to collectively refer to the information as the root key. However, in order to distinguish the root key from the original root key, the root key expanded by the PIN code is referred to as a temporary root key. And secondly, generating a session key. The mobile phone terminal generates a random number R1, calculates a check value K1, and encrypts the check value K1 into a ciphertext E1 by using a root key. The vehicle end should have the same root key as the mobile phone end, and can decrypt the key E1 to obtain the random number R1 and the check value E1. The correctness and integrity of E1 are then checked, and if there is no error, the vehicle end itself also generates a random number R2 and calculates a check value K2. And encrypting the R2, the K2 and the K1 together to form a ciphertext E2, and transmitting the ciphertext E2 to the mobile phone terminal. The mobile phone terminal receives the data, decrypts the E2 by using the root key, and verifies whether the K1 and the K2 are accurate or not. If there is no problem, it indicates that the handset matches the vehicle it is communicating with. The handset encrypts the random numbers R1 and R2 using the root key to form the final session key. Any subsequent control instruction interaction needs to pass this encryption. And finally, the mobile phone end encrypts a handshake finishing instruction by using the session key and informs the vehicle end. After receiving the message, the vehicle side also needs to encrypt R1 and R2 by using the root key to form a session key for decrypting the message of the previous vehicle. If the message is confirmed to be the handshake completion message, the mobile phone is replied, and the handshake is really completed. The embodiment has the advantages of being capable of resisting replay attack, and the specific principle is as follows:
the replay attack allows an attacker to perform the same function as in the previous successful communication by repeatedly transmitting a message of the previous successful communication without having completed the communication flow. The solution to this threat is to add a random number of interactions at the time of the interactive handshake. The scheme can also resist replay attack. Assuming that an attacker can directly obtain a certain communication, the mobile phone sends all legal messages to the vehicle. He first sends a C1, C2 message to the vehicle. The vehicle first records the PIN code therein and the expiration time. The attacker sends an E1 message, the vehicle can also check and pass after receiving the E1 message, and meanwhile, the random number is generated, checked and encrypted to be sent to the attacker. At this time the attacker sends a handshake completion instruction for session key encryption. The vehicle cannot pass the verification of this message. Because the attacker's session key is based on the random numbers R1 and R2 of the last successful communication. However, since the random number R1 does not change but the random number R2 changes at the time of the current communication, the session key of the current vehicle communication changes, and the result of the previous encryption cannot be naturally analyzed. Subsequent time validation and unblocking instructions cannot be performed.
The authorization time limit in the authorization information is also important, and in general situations, for the vehicle owner, the above process is already finished, and the vehicle owner can directly encrypt the unlocking instruction to control the vehicle. But the borrower still needs to continue to authenticate the time information. Obviously, as long as the previous C1, C2 messages are sent, the controller should consider this to be a borrowing condition and if the encrypted unblocking command is sent directly, the controller should not respond. The mobile phone end needs to encrypt the current time by using the session key and sends the current time to the vehicle end. And the vehicle end decrypts by using the session key and compares the session key with the current vehicle internal system time. If the time is before the termination time, the currently connected equipment is confirmed to be a legal borrower, and the normal message is returned to the mobile phone when the borrowing time is within the allowed time period. At this time, the process of the person borrowing authentication is completely finished, and the mobile phone can send the unlocking instruction.
If any of the above processes have any check errors, or are aborted, the controller needs to have corresponding processing. For example, if several consecutive check errors occur, the connection needs to be terminated and an error is prompted.
Example 6
Fig. 5 is a schematic structural diagram of a vehicle virtual key sharing system according to embodiment 6 of the present invention, as shown in fig. 5. The present embodiment provides a system for vehicle virtual key sharing, including: at least one of the aforementioned mobile terminal, server, and vehicle. The mobile terminal, the server and the vehicle are connected in a networking mode through a wireless communication mode, wherein the mobile terminal and the vehicle are preferably connected through Bluetooth.
The following describes the modules in the system for virtual key sharing of a vehicle in embodiment 6, respectively:
a mobile terminal for vehicle virtual key sharing, the mobile terminal comprising:
the determining module is used for determining whether the user belongs to an authorizing party or an authorized party; the authorization password input module is used for inputting an authorization password by a user; if the user is an authorized party, calling an authorization information input module, wherein the authorization information input module is used for inputting authorization information by the user and then calling an authorization ciphertext generating module, and the authorization ciphertext generating module is used for generating an authorization ciphertext according to the authorization password, the authorization information and the root key; if the user is an authorized party, calling a vehicle verification module, wherein the vehicle verification module is used for verifying the acquired authorization information and the vehicle; then calling a vehicle control module, wherein the vehicle control module is used for an authorized party to implement the control authority in the authorization information; the computing module is used for providing a computing processing function of data; the communication module is used for providing a data interaction function of the mobile terminal and external equipment; and the storage module is used for storing the program instruction and the data information of the mobile terminal. A commonly used mobile terminal is a processor plus memory architecture, which is capable of running software programs. The computing module is a CPU in the mobile phone, the communication module and the storage module are existing hardware modules in the mobile phone, and the rest determining modules and the like are program modules, stored in the storage module of the mobile phone and presented in the mode of an APP of the mobile phone.
(ii) a server for sharing a virtual key of a vehicle, the server being configured as the function of the server in embodiment 3, and further configured to:
verifying the identity of the authorizing party and the authorized party; the authentication here includes login authentication of the server, authentication of an authorized password, and the like.
Providing a reference time for the authorizer, the authorizee, and the vehicle; the system is sensitive to time requirements. The borrower should use the network time as much as possible when verifying the time. The use of local time is only allowed if the system needs to be used without a network. For the vehicle, when the message of C2 is received, the expiration time needs to be compared, and if the expiration time is expired, the vehicle borrowing is not allowed. When the current time of the borrower is verified, the fact that whether the due time is expired or not and whether the current time is expired or not needs to be confirmed again is carried out, and if the due time is expired, the vehicle is not allowed to be used.
After detecting that the authorization information provided by the authorizing party is changed, synchronizing the changed authorization information to the authorized party; when the vehicle is in the authorization period, the owner can change the authorization information to implement the change of the authorization, so that the control right of the owner on the vehicle is enhanced.
And deleting the temporary root key of the authorized party after detecting that the authorization period is over. The virtual key application and the vehicle end virtual control module in the vehicle borrowing person mobile equipment are used for controlling the use authority and the vehicle control time limit of the vehicle borrowing person together, when the authority expires and the vehicle is in a flameout and vehicle locking state, the virtual key application and the vehicle end controller destroy the virtual key of the vehicle borrowing person.
And the control module is configured to be a function of the vehicle, can be used in cooperation with a mobile terminal and a server, and implements the vehicle virtual key sharing method. The vehicle may also have the following functions:
the vehicle refers to a virtual key which can be authorized to control a door lock, a vehicle window, start flameout and the like; the vehicle needs to be able to securely connect to the key service platform; the vehicle is provided with a virtual key antenna, a transceiver and a virtual key controller.
The control module in the vehicle has an in-vehicle virtual key control function (hereinafter referred to as an in-vehicle virtual key controller) and is used for managing a virtual key of a vehicle owner, supporting authentication, registration, deletion, forbidding and recovery, and managing a virtual key of a borrower, wherein the management comprises authority detection, key generation and key destruction;
the safe area of the virtual key controller in the automobile stores the owner secret key and the safe operation encryption and decryption algorithm; and the virtual key controller in the automobile analyzes the identity of the borrower, the automobile control authority and the automobile control time limit through the borrower authentication information, and stores and manages the information.
The in-vehicle virtual key controller is used for authenticating the identity of a vehicle owner, authenticating the identity information of a borrower through authentication information, detecting the service life of the borrower, refusing access if the authority is overdue, and destroying a virtual key of the borrower; the virtual key controller in the automobile can negotiate with the owner and the borrower to generate a temporary session password and carry out decryption and verification on the control instruction; only in response to the authorized function of the owner.
Example 7
In an embodiment of the present invention, a computer-readable storage medium is further provided, where instructions are stored in the storage medium, and when the instructions are executed on a computer, the instructions cause the computer to execute the vehicle virtual key sharing method.
Although the embodiments of the present invention have been described in detail with reference to the accompanying drawings, the embodiments of the present invention are not limited to the details of the above embodiments, and various simple modifications can be made to the technical solutions of the embodiments of the present invention within the technical idea of the embodiments of the present invention, and the simple modifications all belong to the protection scope of the embodiments of the present invention.
It should be noted that the various features described in the above embodiments may be combined in any suitable manner without departing from the scope of the invention. In order to avoid unnecessary repetition, the embodiments of the present invention do not describe every possible combination.
Those skilled in the art will understand that all or part of the steps in the method according to the above embodiments may be implemented by a program, which is stored in a storage medium and includes several instructions to enable a single chip, a chip, or a processor (processor) to execute all or part of the steps in the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In addition, any combination of various different implementation manners of the embodiments of the present invention is also possible, and the embodiments of the present invention should be considered as disclosed in the embodiments of the present invention as long as the combination does not depart from the spirit of the embodiments of the present invention.

Claims (10)

1. A vehicle virtual key sharing method is characterized by comprising the following steps:
determining that the user is an authorized party or an authorized party;
if the user is an authorized party, acquiring an authorized password and authorized information input by the user; generating an authorization ciphertext according to the authorization password, the authorization information and the root key;
if the user is an authorized party, acquiring an authorized password input by the user; if the authorization password is verified, acquiring an authorization ciphertext; the authorization ciphertext is generated according to an authorization password, authorization information and a root key of an authorization party;
the authorized party uses the authorization ciphertext to verify the vehicle, and the authorized party has the control authority in the authorization information after the verification is passed;
wherein the authorized password is shared by the authorizing party and the authorized party, and the authorization information comprises the control authority of the authorized party to the vehicle within the authorization period.
2. The method of claim 1, wherein generating an authorization cryptogram from the authorization password, authorization information, and a root key comprises:
generating a random number a 1;
the authorized password and the random number A1 are spliced to calculate a check value B1,
after the authorized password, the random number A1 and the check value B1 are spliced, a ciphertext C1 is generated by encrypting the root key;
splicing the authorization information and the random number A1 to calculate a check value B2,
after the authorization information, the random number A1 and the check value B2 are spliced, a ciphertext C2 is generated by encrypting the root key;
the ciphertext C1 and the ciphertext C2 may be the authorization ciphertext.
3. The method of claim 1, wherein the authorization cryptogram is communicated by a server configured to:
receiving an authorization password input by an authorizer;
verifying the authorization password input by the authorized party with the authorization password of the authorized party;
receiving the authorization cryptogram of the authorizer; and
and sending the authorization ciphertext to the authorized party passing the verification.
4. The method of claim 2, wherein the authorized party uses the authorization cryptogram to authenticate with a vehicle, comprising:
the vehicle obtains the authorization cryptogram from the authorized party;
decrypting from the ciphertext C1 and the ciphertext C2 with a root key, respectively:
the authorization password, the random number A2, the check value B3 and authorization information, the random number A3 and the check value B4; the verification is passed if the following three conditions are met simultaneously:
the random number A2 is equal to the random number A3;
the check value B3 is correct and the check value B4 is correct;
determining that an end time of an authorization deadline in the authorization information is after a current time.
5. The method of claim 4, wherein the authorized party has the control right in the authorization information after the verification is passed, and the method comprises:
the vehicle encodes the authorized password into the same format as the root key to serve as a temporary root key, and the authorized party encodes the authorized password into the same temporary root key in the same encoding mode; and
an authorized party generates a random number R1 and a check value K1 of the random number R1, and transmits the random number R1 and the check value K1 to the vehicle after being encrypted by the temporary root key;
after the vehicle is decrypted and verified, the random number R1, the vehicle-generated random number R2, and the calculated random number R1 and the verification value K2 of the random number R2 are encrypted by the temporary root key and then transmitted to the authorized party;
after decryption and verification by the authorized party, the random number R1 and the random number R2 are encrypted by using the temporary root key as a session key, and the session key is used for encrypting the control instruction sent to the vehicle by the authorized party.
6. A mobile terminal for vehicle virtual key sharing, the mobile terminal comprising:
the determining module is used for determining whether the user belongs to an authorizing party or an authorized party;
the authorization password input module is used for inputting an authorization password by a user;
if the user is an authorized party, calling an authorization information input module, wherein the authorization information input module is used for inputting authorization information by the user and then calling an authorization ciphertext generating module, and the authorization ciphertext generating module is used for generating an authorization ciphertext according to the authorization password, the authorization information and the root key;
if the user is an authorized party, calling a vehicle verification module, wherein the vehicle verification module is used for verifying the acquired authorization information and the vehicle; then calling a vehicle control module, wherein the vehicle control module is used for an authorized party to implement the control authority in the authorization information;
the computing module is used for providing a computing processing function of data;
the communication module is used for providing a data interaction function of the mobile terminal and external equipment;
and the storage module is used for storing the program instruction and the data information of the mobile terminal.
7. A server for virtual key sharing of a vehicle, characterized in that the server is configured as a function possessed by the server of claim 3.
8. The server of claim 7, wherein the server is further configured to:
verifying the identity of the authorizing party and the authorized party;
providing a reference time for the authorizer, the authorizee, and the vehicle;
after detecting that the authorization information provided by the authorizing party is changed, synchronizing the changed authorization information to the authorized party;
and deleting the temporary root key of the authorized party after detecting that the authorization period is over.
9. A vehicle, characterized in that the vehicle comprises a control module and a communication module, the control module being configured as a function of the vehicle in claim 4 or 5.
10. A vehicle virtual key sharing system, comprising: at least one of the mobile terminal of claim 6, the server of claim 7 or 8 and the vehicle of claim 9.
CN202010504513.1A 2020-06-05 2020-06-05 Vehicle virtual key sharing method, mobile terminal, server and vehicle Pending CN113766450A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010504513.1A CN113766450A (en) 2020-06-05 2020-06-05 Vehicle virtual key sharing method, mobile terminal, server and vehicle

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010504513.1A CN113766450A (en) 2020-06-05 2020-06-05 Vehicle virtual key sharing method, mobile terminal, server and vehicle

Publications (1)

Publication Number Publication Date
CN113766450A true CN113766450A (en) 2021-12-07

Family

ID=78783955

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010504513.1A Pending CN113766450A (en) 2020-06-05 2020-06-05 Vehicle virtual key sharing method, mobile terminal, server and vehicle

Country Status (1)

Country Link
CN (1) CN113766450A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115512468A (en) * 2022-09-13 2022-12-23 辽宁科大物联科技有限公司 Authorization management method and system for digital key
WO2024026587A1 (en) * 2022-07-30 2024-02-08 华为技术有限公司 Communication method and related device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024026587A1 (en) * 2022-07-30 2024-02-08 华为技术有限公司 Communication method and related device
CN115512468A (en) * 2022-09-13 2022-12-23 辽宁科大物联科技有限公司 Authorization management method and system for digital key

Similar Documents

Publication Publication Date Title
CN108064440B (en) FIDO authentication method, device and system based on block chain
US10382485B2 (en) Blockchain-assisted public key infrastructure for internet of things applications
CN111049660B (en) Certificate distribution method, system, device and equipment, and storage medium
US9847882B2 (en) Multiple factor authentication in an identity certificate service
CN106452782B (en) Method and system for generating secure communication channel for terminal device
CN111131313B (en) Safety guarantee method and system for replacing ECU (electronic control Unit) of intelligent networked automobile
CA2357792C (en) Method and device for performing secure transactions
US8590024B2 (en) Method for generating digital fingerprint using pseudo random number code
CN110708388B (en) Vehicle body safety anchor node device, method and network system for providing safety service
US20180270052A1 (en) Cryptographic key distribution
CN110990827A (en) Identity information verification method, server and storage medium
CN107733636B (en) Authentication method and authentication system
CN112235235A (en) SDP authentication protocol implementation method based on state cryptographic algorithm
CN113781678B (en) Vehicle Bluetooth key generation and authentication method and system in networking-free environment
CN112396735B (en) Internet automobile digital key safety authentication method and device
CN101841525A (en) Secure access method, system and client
CN111224784B (en) Role separation distributed authentication and authorization method based on hardware trusted root
CN113766450A (en) Vehicle virtual key sharing method, mobile terminal, server and vehicle
KR101996317B1 (en) Block chain based user authentication system using authentication variable and method thereof
CN111127715A (en) Bluetooth key replacement method and device
CN112423298B (en) Identity authentication system and method for road traffic signal management and control facility
KR102288445B1 (en) On-boarding method, apparatus and program of authentication module for organization
KR102288444B1 (en) Firmware updating method, apparatus and program of authentication module
KR102145529B1 (en) Payment method using mobile application and device for the same
CN111682941A (en) Centralized identity management, distributed authentication and authorization method based on cryptography

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination