CN115195661A

CN115195661A - Method and device for preventing relay attack

Info

Publication number: CN115195661A
Application number: CN202110377865.XA
Authority: CN
Inventors: 王思善; 高帅鸿; 韩业飞
Original assignee: Huawei Technologies Co Ltd
Current assignee: Huawei Technologies Co Ltd
Priority date: 2021-04-08
Filing date: 2021-04-08
Publication date: 2022-10-18
Also published as: WO2022213902A1

Abstract

The application provides a method and a device for preventing relay attack. According to the technical scheme, N pieces of motion data of the mobile terminal device from the parking time to the second time when the mobile terminal device is connected to the vehicle again or receives the instruction for indicating the relay attack prevention operation are obtained, M pieces of motion data are obtained through a motion sensor in the mobile terminal device in the N pieces of motion data, then the moving track of the mobile terminal device is determined through the N pieces of motion data, the distance difference between the position of the mobile terminal device at the second time and the stop position of the vehicle is determined through the moving track, and if the distance difference exceeds a preset safety threshold, the relay attack is determined to possibly exist. The method can effectively prevent relay attack between the vehicle end and the mobile terminal device under the condition that accurate geographical position information does not need to be obtained.

Description

Method and device for preventing relay attack

Technical Field

The present application relates to the field of vehicle control technologies, and in particular, to a method and an apparatus for preventing relay attack.

Background

The passive entry and start (PEPS) system is a system that broadcasts a signal at a vehicle end, and a key end sends information to the vehicle end after receiving the signal. And after receiving the information sent by the key end, the vehicle end authenticates the key end and judges whether the key end is positioned in a preset range. If the key end is successfully authenticated and the key end is located in the preset range, the vehicle can be unlocked. However, the current PEPS system faces a very high risk of relay attack, and even if the key terminal authorized for the vehicle terminal is located outside the effective distance of the vehicle, when an attacker uses a relay device to relay information between the key terminal and the vehicle terminal and further enlarge the communication distance, the goal of opening the vehicle door and starting the vehicle for theft may be realized without the knowledge of the user from a long distance.

One way to prevent a relay attack between the vehicle end and the key end is as follows: the key end obtains the geographic position of the key end at the unlocking moment (the key end receives a signal sent by the vehicle end) through the global positioning system, calculates the distance between the address position and the geographic position where the vehicle stops, and when the distance is greater than the safety distance, the relay attack is considered to possibly exist, and at the moment, the key end can cut off the connection with the signal, so that the relay attack is prevented.

However, this method is dependent on the external environment, and cannot be used in any scene, and thus cannot effectively prevent relay attack. As an example, the location of the key tip cannot be determined in a weak area where the key tip is located in a signal of a global positioning system (e.g., in an underground garage), and thus a relay attack cannot be effectively prevented.

Therefore, how to effectively prevent the relay attack between the vehicle end and the key end is a technical problem to be solved urgently.

Disclosure of Invention

The application provides a method and a device for preventing relay attack, which can effectively prevent relay attack existing between a vehicle end and a key end under the condition of not depending on external environment.

In a first aspect, the present application provides a method for preventing relay attack, where the method is applied to a passive entry and start PEPS system, the PEPS system includes a first subsystem and a second subsystem, the first subsystem is deployed in a vehicle, and the second subsystem is deployed in a mobile terminal device, and the method includes: acquiring M pieces of motion data acquired by a motion sensor in mobile terminal equipment, wherein the M pieces of motion data correspond to M time periods one by one, each piece of motion data in the M pieces of motion data comprises a motion direction and a displacement used for acquiring the motion direction and the displacement of the mobile terminal equipment in the time period corresponding to each piece of motion data, and M is a positive integer; determining a movement track of a mobile terminal device in a target time interval according to N pieces of movement data, wherein the N pieces of movement data comprise M pieces of movement data, the target time interval is a time interval from a first time when a vehicle stops to a second time when the vehicle stops, the second time comprises a time when the mobile terminal device establishes connection with the vehicle again or a time when an instruction for instructing to perform a relay attack prevention operation is received, the target time interval comprises N time intervals, the M time intervals are M time intervals in the N time intervals, N is a positive integer, and M is less than or equal to N positive integers; according to the moving track, determining a distance difference value between the position of the mobile terminal device at the second moment and the position of the vehicle at the first moment; and under the condition that a target condition is met, determining that the vehicle has relay attack, wherein the target condition comprises that the distance difference exceeds a preset safety threshold.

According to the technical scheme, when the mobile terminal device is connected to the vehicle again or receives the instruction for indicating the relay attack prevention operation, the distance difference between the mobile terminal device and the stop position of the vehicle can be determined through the movement track formed by the movement data of different time periods in the mobile terminal device, so that the relay attack between the vehicle end and the mobile terminal device can be effectively prevented under the condition that accurate geographical position information does not need to be obtained. That is to say, the method for preventing relay attack provided by the application is completely independent of the surrounding environment and is not interfered by the air wireless signal environment.

For example, for a relay prevention method based on a geographic location, if there is no GNSS signal in a certain period of time, a network positioning method is used to obtain an approximate location of a mobile terminal device, which results in an inaccurate determined distance between the mobile terminal device and a vehicle stop location, and thus, relay attack cannot be effectively prevented. If the moving track is used to determine the distance between the mobile terminal device and the vehicle stop position, even if there is no GNSS signal in the certain period, the mobile terminal device may obtain a corresponding track vector through the motion sensor, and further, a distance difference between the mobile terminal device and the vehicle stop position may be determined based on the track vector, thereby effectively preventing a relay attack between the vehicle end and the mobile terminal device.

With reference to the first aspect, in a possible implementation manner, M is less than N, where the method further includes: acquiring N-M motion data, wherein the N-M motion data correspond to N-M time periods in a one-to-one manner, the N-M time periods comprise time periods except M time periods in the N time periods, the N-M motion data comprise motion data except M motion data in the N motion data, and each motion in the N-M motion data comprises positioning information of a Global Navigation Satellite System (GNSS) of a mobile terminal device at the starting time of the corresponding time period and positioning information of the GNSS at the ending time of the corresponding time period.

In the method for preventing relay attack, when the mobile terminal device can detect a GNSS signal in the whole moving process, the track vector is obtained by using the information of the GNSS, so that the power consumption of the mobile terminal device can be further reduced.

With reference to the first aspect, in one possible implementation manner, M is equal to N.

With reference to the first aspect, in a possible implementation manner, each piece of motion data in the N pieces of motion data further includes information used for obtaining a height of the mobile terminal device from a specified plane in a time period corresponding to each piece of motion data.

With reference to the first aspect, in a possible implementation manner, the determining, according to the movement trajectory, a distance between the position of the mobile terminal device at the second time and the position of the vehicle at the first time includes: acquiring position information determined by mobile terminal equipment through a Bluetooth technology and/or a wireless local area network communication technology; optimizing the moving track according to the position information to obtain a target moving track; and determining a distance difference value between the position of the mobile terminal device at the second moment and the position of the vehicle at the first moment according to the target movement track.

With reference to the first aspect, in a possible implementation manner, the method further includes: disconnecting the connection with the vehicle.

In a second aspect, the present application provides an apparatus for preventing relay attack, the apparatus being applied in a passive entry and start PEPS system, the PEPS system including a first subsystem and a second subsystem, the first subsystem being deployed in a vehicle, the second subsystem being deployed in a mobile terminal device, the apparatus comprising: the mobile terminal device comprises a first acquisition module, a second acquisition module and a control module, wherein the first acquisition module is used for acquiring M pieces of motion data acquired by a motion sensor in the mobile terminal device, the M pieces of motion data correspond to M time intervals one by one, each piece of motion data in the M pieces of motion data comprises a motion direction and displacement of the mobile terminal device in the time interval corresponding to each piece of motion data, and M is a positive integer; a moving track module, configured to determine a moving track of a mobile terminal device in a target time period according to N pieces of motion data, where the N pieces of motion data include the M pieces of motion data, the target time period is a time period from a first time when a vehicle stops to a second time when the vehicle stops, the second time includes a time when the mobile terminal device establishes a connection with the vehicle again or a time when an instruction for instructing a relay attack prevention operation is received, the target time period includes N time periods, the M time periods are M time periods of the N time periods, N is a positive integer, and M is less than or equal to N positive integers; the determining module is used for determining a distance difference value between the position of the mobile terminal device at the second moment and the position of the vehicle at the first moment according to the moving track; the determining module is further configured to determine that the vehicle has a relay attack when a target condition is met, where the target condition includes that the distance difference exceeds a preset safety threshold.

With reference to the second aspect, in a possible implementation manner, M is less than N, where the apparatus further includes: a second obtaining module, configured to obtain N-M pieces of motion data, where the N-M pieces of motion data are in one-to-one correspondence with N-M time periods, where the N-M time periods include time periods other than the M time periods among the N time periods, the N-M pieces of motion data include motion data other than the M pieces of motion data among the N pieces of motion data, and each motion in the N-M pieces of motion data includes positioning information of a global navigation satellite system GNSS of the mobile terminal device at a start time of the corresponding time period and positioning information of the GNSS at an end time of the corresponding time period.

With reference to the second aspect, in one possible implementation manner, M is equal to N.

With reference to the second aspect, in a possible implementation manner, each of the N pieces of motion data further includes information used for obtaining a height of the mobile terminal device from a specified plane in a time period corresponding to each piece of motion data.

With reference to the second aspect, in a possible implementation manner, the determining module is further configured to: acquiring position information determined by the mobile terminal equipment through a Bluetooth technology and/or a wireless local area network communication technology; optimizing the moving track according to the position information to obtain a target moving track; and determining a distance difference between the position of the mobile terminal device at the second moment and the position of the vehicle at the first moment according to the target movement track.

With reference to the second aspect, in one possible implementation manner, the apparatus further includes an output module configured to disconnect the vehicle.

In a third aspect, the present application provides an apparatus for preventing relay attack, including: a memory and a processor; the memory is to store program instructions; the processor is configured to invoke program instructions in the memory to perform the method for preventing a relay attack as described in the first aspect or any one of the possible implementations.

In a fourth aspect, the present application provides a chip, which includes at least one processor and a communication interface, where the communication interface and the at least one processor are interconnected by a line, and the at least one processor is configured to execute a computer program or instructions to perform the method for preventing a relay attack as described in the first aspect or any one of the possible implementation manners.

In a fifth aspect, the present application provides a computer-readable medium storing program code for execution by a device, where the program code includes instructions for performing a method for preventing a relay attack as described in the first aspect or any one of the possible implementations thereof.

In a sixth aspect, the present application provides a computer program product containing instructions, where the computer program product includes computer program code, and when the computer program code runs on a computer, the computer is caused to execute the method for preventing a relay attack according to the first aspect or any one of the possible implementation manners.

Drawings

Fig. 1 is a schematic diagram of a PEPS system provided in an embodiment of the present application;

fig. 2 is a schematic diagram of an architecture of a PEPS system according to an embodiment of the present application;

fig. 3 is a schematic diagram illustrating an operating principle of a PEPS system according to an embodiment of the present application;

fig. 4 is a schematic diagram of a relay attack system according to an embodiment of the present application;

fig. 5 is a schematic flowchart of a method for preventing a relay attack according to an embodiment of the present application;

fig. 6 is a schematic flow chart of a method for preventing a relay attack according to another embodiment of the present application;

FIG. 7 is a schematic diagram of a structure for determining relative distance according to another embodiment of the present application;

fig. 8 is a schematic flow chart of a method for preventing a relay attack according to another embodiment of the present application;

FIG. 9 is a schematic structural diagram of determining relative distances provided by yet another embodiment of the present application;

fig. 10 is a schematic structural diagram of an apparatus for preventing a relay attack according to an embodiment of the present application;

fig. 11 is a schematic structural diagram of an apparatus for preventing a relay attack according to another embodiment of the present application.

Detailed Description

For understanding, the relevant terminology referred to in this application will be first described.

1. Digital key

With the accelerated popularization of automobile networking, digital automobile key (or called as digital key) products have come into existence, functions of unlocking and starting an engine of an automobile are realized through mobile terminals such as mobile phones and wearable devices, and functions of remote management of a life cycle of the digital automobile key, sharing of the key and the like are realized through a wireless communication module of an intelligent networking automobile. On the basis, the subdivision scenes of parent-friend sharing, time-sharing leasing, automobile sharing, fleet management, express vehicle entering, designated driving and the like can be expanded.

The digital key may be divided into a Remote Key (RKE) key function, a Near Field Communication (NFC) key function, and a passive entry start (PEPS) key function according to a short-range communication technology and a use experience. After short-distance communication is established between the RKE key function and a vehicle through a mobile terminal, a user initiates corresponding function control operation in an Application (APP), and the whole process is independent of a network; the NFC key function does not need a user to operate the mobile terminal, and related processes can be triggered only by placing the mobile terminal in an NFC card reading area of the vehicle; the PEPS key function is best in experience, a user does not need to perform any operation, the mobile terminal does not need to be in network connection, the automobile positions the mobile terminal under the condition that the mobile terminal is in short-distance communication connection with the automobile, and the user can automatically execute related control functions when the user carries the mobile terminal to move to the preset range of the automobile. The PEPS key function can be further divided into a non-inductive entry and a non-inductive start according to the scene. For the PEPS, the problem of the distance measurement and positioning accuracy of the vehicle to the mobile terminal with the key function needs to be solved, and certain requirements are imposed on the distance measurement accuracy in consideration of user experience and safety.

The digital key is mainly used for identifying the mobile terminal by the vehicle and judging conditions corresponding to related operations. For example, the vehicle usually combines three conditions of key authentication, positioning and relay authentication prevention, and the three conditions need to be simultaneously satisfied in the authentication of the PEPS key function. For the remote control key, the vehicle usually needs to confirm that the key authentication is passed, the user verification is passed, and the operation corresponding to the vehicle control command is executed after the corresponding vehicle control command verification is passed.

2. Relay attack

The first unauthorized person is equipped with a transceiver and is located near the target vehicle, and when an authorized vehicle user leaves the target vehicle, the first unauthorized person receives a signal originally transmitted to an authorized electronic key from the target vehicle, and then transmits the signal to another transceiver located at a longer distance and equipped by a second unauthorized person, and the other transceiver transmits the received signal to the authorized electronic key. At this time, the authorized electronic key receives the signal and then responds with a valid signal that can be received by the passive entry system of the target vehicle. Thus, a short-distance and a long-distance unauthorized transmitting and receiving device can relay signals between the target vehicle and the authorized electronic key, thereby effectively increasing the transmission range of the signals. When the passive entry system of the target vehicle receives the valid signal, a first unauthorized person located near the target vehicle can enter the vehicle.

Fig. 1 is a schematic diagram of a PEPS system according to an embodiment of the present disclosure. As shown in fig. 1, the PEPS system of the present application may include a vehicle end 10 and a key end 20. In the embodiment of the present application, the key end 20 may also be referred to as a mobile terminal device, and may be, for example, a smart phone, a tablet computer, or another device capable of performing wireless communication.

As shown in FIG. 2, the vehicle end 10 includes a first subsystem that may include: a signal transmitting unit 101, a signal receiving unit 102, an authentication unit 103, and a judgment unit 104. The signal transmitting unit 101 is configured to generate a signal and transmit the signal to the key end 20. The signal receiving unit 102 is used for receiving the signal transmitted by the key terminal 20. The authentication unit 103 is used to authenticate the key end 20. The determining unit 104 is used for determining whether the key end 20 enters a predetermined range.

The key-tip 20 includes a second subsystem that may include: a signal receiving unit 201, a signal transmitting unit 202, and an authentication unit 203. The signal receiving unit 201 is used for receiving the signal transmitted by the signal transmitting unit 101 of the vehicle terminal 10. The signal transmitting unit 202 is used for transmitting a signal to the vehicle end 10. The authentication unit 203 is configured to send authentication information capable of proving an identity to the vehicle end 10.

For the PEPS entry system shown in FIG. 1, the logic for its operation is generally as follows: the vehicle end 10 broadcasts wirelessly in real time to send a radio signal within a certain range, when the signal receiving unit 201 of the key end 20 scans the radio signal, the signal sending unit 202 sends a response signal to the vehicle end 10, the signal receiving unit 102 of the vehicle end 10 sends request information for obtaining the identity of the key end 20 to the key end 20 through the signal sending unit 101 after receiving the response signal sent by the key end 20, and the key end 20 sends authentication information capable of proving the identity to the vehicle end 10 through the authentication unit 203 after receiving the request information. When the authentication unit 103 of the vehicle terminal 10 receives the authentication information, the key terminal 20 is authenticated based on the authentication information. Further, the vehicle end 10 determines whether the distance between the key end 20 and the vehicle end 10 is within a preset range according to the position of the key end 20, and if the distance is within the preset range of the vehicle end 10, the vehicle end 10 may be unlocked.

As an example, fig. 3 is a schematic diagram illustrating an operation principle of a PEPS system according to an embodiment of the present application. As shown in fig. 3, the vehicle end 10 sends a radio response signal within a certain range (point P1 in the figure), when at least one key end 20 (for example, the mobile phone 1, the mobile phone 2, and the mobile phone 3 in the figure) is at the point P1, the radio signal sent by the vehicle end 10 can be scanned, when the vehicle end 10 detects a plurality of key ends 20, the vehicle end 10 firstly authenticates the plurality of key ends 20, and when the vehicle end 10 identifies that there is a legal key end 20, it is determined whether the position of the legal key end 20 is within a preset range. If the legal key end 20 is within the preset range of unlocking, the vehicle end 10 is automatically unlocked.

However, with the PEPS system shown in fig. 1, the relay attack is easily applied between the vehicle terminal 10 and the key terminal 20, resulting in a problem of low security. As shown in fig. 4, the attacker implements a remote attack through the relay 403 and the relay 404. For example, the key terminal 20 is located a relatively long distance from the vehicle terminal 10, that is, it is not within the range of the radio response signal transmitted from the vehicle terminal 10, and if no relay is used, even if the key terminal is legal, it is not within the range of the radio response signal transmitted from the vehicle terminal 10, and thus the vehicle terminal 10 is not unlocked. However, if the relay 403 and the relay 404 are used, the radio response signal sent by the vehicle 10 can be sent to the key 20 through a route, the key 20 sends the authentication information after scanning the radio response signal, and the authentication information is sent to the vehicle 10 through the relay 404 and the relay 403, because the vehicle 10 is the authentication information received from the relay 403, when the authentication information is legal, it is determined whether the position of the relay 403 is within the preset range, and if the authentication information is within the preset range, the automatic unlocking of the vehicle 10 can also be realized. In this case, the communication distance is greatly increased, and the key terminal 20 sends the authentication information between the vehicle terminals 10 without any tampering, so long as the purpose of remotely controlling the vehicle terminals 10 is achieved through two relayed signal routes. Therefore, through the attack of the relay, the attacker can realize the operation and control of the vehicle end 10, such as opening a vehicle door and starting a vehicle for theft, under the condition that a driver is completely unaware, and the attacker has huge threat and low safety.

It should be noted that the two relays shown in fig. 4 are only one example, and the number of relays may be other numbers, which is not limited in the embodiment of the present application.

Currently, relay attack between the vehicle terminal 10 and the key terminal 20 can be prevented based on the geographic location, and in this implementation, the key terminal avoids the scenario of most long-distance relays by calculating the distance between the geographic location of the unlocking time and the geographic location of the vehicle stopping time. As an example, taking fig. 4 as an example, when the vehicle end 10 is turned off, there is a key-off position (or referred to as a vehicle stop position) information, such as coordinate information, and then when an authorized user who owns the key end 20 leaves the vehicle end 10 and is located a distance greater than a certain distance away from the vehicle end 10, when the key end receives a trigger signal (for example, the key end receives a signal sent from the vehicle end or receives an instruction for instructing to perform a relay attack prevention operation), the position information of the key end 20 at the triggered time is recorded as the second position information. If an attacker uses the relay 403 and the relay 404 to attack, the key-end 20 can receive the signal transmitted from the relay 404 from the vehicle-end 10 even in a long distance, and when the key-end 20 is connected to the signal, the key-end 20 can determine whether the distance between the current second position information and the flameout position information is greater than the safety distance. If the distance between the second position information and the initial position information is larger than the safe distance, the relay attack phenomenon can be judged to exist. At this time, the key terminal 20 may cut off the connection with the signal transmitted from the vehicle terminal 10 by the relay 404, so that the vehicle terminal 10 is not automatically unlocked.

However, the method for preventing relay attack based on the geographical location needs to obtain accurate geographical location information of the key end. A commonly used method is to obtain the geographic position information of the key end by using a Global Navigation Satellite System (GNSS), but in many areas, the GNSS signal of the key end is very weak, which results in inaccurate obtained geographic position information, or the key end even cannot receive the GNSS signal, which results in incapability of determining the geographic position information of the key end; under the condition of no GNSS signal, one method for determining the geographic position information of the key end is to use network positioning, for example, to obtain the approximate position information of the key end through base station information or wireless fidelity (Wifi) information near the key end, but the accuracy of this method is very low, and it cannot provide effective prevention for preventing relay attack between the vehicle end and the key end.

In view of this, the present application provides a new method for preventing relay attack. According to the technical scheme, the capability of judging the moving track by using the motion sensor in the mobile terminal equipment is used, and the moving track of the mobile terminal equipment away from the end of the vehicle with the parking position (or flameout position) as the original point is recorded. And then when the mobile terminal equipment receives a response signal sent by the vehicle end, judging the relative distance between the current position of the mobile terminal equipment and the vehicle stop position through the moving track, and if the relative distance exceeds a certain safe distance, judging that relay attack possibly exists, thereby preventing.

Further, in the technical solution of the present application, in order to reduce power consumption of the mobile terminal device, in a time period in which the mobile terminal device can receive the GNSS satellite signal, a GNSS coordinate at a starting time when the GNSS satellite signal is received and a GNSS coordinate at an ending time when the GNSS satellite signal is about to be lost are recorded, and then a moving trajectory vector in the time period is obtained through the GNSS coordinate at the starting time and the GNSS coordinate at the ending time, and a moving trajectory when the mobile terminal device receives a response signal sent by the vehicle end is further obtained.

Fig. 5 is a schematic flowchart of a method for preventing a relay attack according to an embodiment of the present application. As shown in fig. 5, the method of the present embodiment may include S501, S502, S503, and S504. The method for preventing relay attack can be executed by the key terminal in the PEPS system shown in fig. 1.

S501, M pieces of motion data collected by a motion sensor in the mobile terminal device are obtained, the M pieces of motion data correspond to M time intervals one by one, each piece of motion data in the M pieces of motion data comprises information used for obtaining the motion direction and displacement of the mobile terminal device in the time interval corresponding to each piece of motion data, and M is a positive integer.

In this embodiment, the M pieces of motion data are collected by a motion sensor in the mobile terminal device. For example, the motion sensor may include an Inertial Measurement Unit (IMU), an accelerometer, a gyroscope, a gravimeter, a magnetometer, a barometer, etc. in the mobile terminal device.

The motion direction and the displacement of the mobile terminal equipment in the corresponding time period can be obtained through the motion data acquired by the motion sensor. It can be understood that the two features of the motion direction and the displacement may describe motion information of the mobile terminal device in a certain period, and in this embodiment, a vector composed of a plurality of features such as the motion direction and the displacement is also referred to as a trajectory vector.

It will also be appreciated that the direction of movement and the displacement may be different for a mobile terminal device when it is moving, at different time periods. Therefore, through the motion data in the M periods, the motion information of the mobile terminal device in different periods can be represented.

In one implementation, the direction of movement may be obtained using sensors such as electronic compasses or gyroscopes or IMUs. The displacement may be obtained by multiplying the step number by the step size or integrating the speed, where the step size may be obtained by performing big data learning on a large amount of user data, and this embodiment is not described in detail again.

There are several ways in which the sensor in the mobile terminal device can determine the direction of movement. Illustratively, the first is based on compass principle, which is mainly to measure and combine magnetic field and gravitational acceleration to get direction with compass principle; the other is based on the principle of a gyroscope, and the method integrates the angular velocity obtained by the gyroscope to obtain the angular change increment, so that the direction of each moment is obtained under the condition of a given initial angle.

The mobile terminal equipment can also calculate the posture of the object based on the IMU, and further calculate the displacement by using the posture. The inertial measurement unit is usually composed of three single-axis accelerometers and three single-axis gyroscopes, and some IMUs also have magnetometers. The accelerometer detects acceleration signals of an object on three independent axes of a carrier coordinate system, and the gyroscope detects angular velocity signals of the carrier relative to a navigation coordinate system. The specific implementation process may be described with reference to related technologies, and is not described herein again.

It should be noted that each piece of motion data in the M pieces of motion data may further include height information for obtaining the mobile terminal device in a time period corresponding to each piece of motion data, which is not limited in this embodiment of the present application.

S502, determining a moving track of the mobile terminal device in a target time interval according to N pieces of motion data, wherein the N pieces of motion data comprise M pieces of motion data, the target time interval is a time interval from a first time when the vehicle stops to a second time when the vehicle stops, the second time comprises a time when the mobile terminal device establishes connection with the vehicle again or a time when an instruction for instructing to perform a relay attack prevention operation is received, the target time interval comprises N time intervals, the M time intervals are M time intervals in the N time intervals, N is a positive integer, and M is a positive integer smaller than or equal to N.

In this embodiment, the N pieces of motion data are motion data of the mobile terminal device in N time periods from when the vehicle stops to when the mobile terminal device establishes connection with the vehicle again or receives an instruction for instructing to perform a relay attack prevention operation. Wherein, of the N pieces of motion data, M pieces of motion data are collected by the motion sensor.

The motion data in each time interval may be used to obtain a trajectory vector of the mobile terminal device in the time interval, such as a motion direction and a displacement. Therefore, through the N pieces of motion data, the N track vectors of the mobile terminal device in N time periods from the time when the mobile terminal device stops the vehicle to the time when the mobile terminal device establishes connection with the vehicle again or receives an instruction for instructing to perform the relay attack prevention operation can be known, and therefore the moving track of the mobile terminal device can be known.

As an example, when a user holding a mobile terminal device starts moving after a vehicle stops, sequentially passes through a hospital, a supermarket, a company, and a place where the user lives, at this time, if the user establishes connection with the vehicle again at the place where the user lives, the mobile terminal device may determine, from the time of connection, a movement trajectory from the time when the vehicle stops to the time when the mobile terminal device establishes connection with the vehicle again, based on the obtained movement data during the time period when the parking position moves to the hospital, the movement data during the time period when the hospital moves to the supermarket, the movement data during the time period when the supermarket moves to the company, and the movement data between the time when the mobile terminal device moves to the place where the company stays.

It should be understood that the N pieces of motion data in the embodiment of the present application may also be updated continuously, that is, the movement track may also be updated continuously, which is not limited in the embodiment of the present application.

S503, according to the moving track, determining a distance difference value between the position of the mobile terminal device at the second moment and the position of the vehicle at the first moment.

Since the N pieces of motion data are pieces of motion information obtained from the first time when the vehicle stops to the time when a connection is established again with the vehicle or an instruction for instructing a relay attack prevention operation is received. Accordingly, the movement trajectory describes the displacement and direction of movement of the mobile terminal device over N periods of time from the first time to the second time. Therefore, after the movement trajectory of the mobile terminal device is obtained, the distance difference between the position where the mobile terminal device establishes connection with the vehicle again or receives the instruction for instructing the relay attack prevention operation to the position of the vehicle at the first time can be obtained through the movement trajectory.

In an implementation manner, since the moving track is obtained by N pieces of motion data, the track vectors corresponding to the N pieces of motion data may be vector-added to obtain a vector between the position of the first time and the position of the second time, where a modulus of the vector is a distance difference between the position of the mobile terminal device at the second time and the position of the vehicle at the first time.

In another implementation manner, for N trajectory vectors corresponding to N pieces of motion data, a distance difference between the position of the mobile terminal device at the second time and the position of the vehicle at the first time may be obtained through a real-time calculation. For example, there are three periods from the first time to the second time, after obtaining the trajectory vector of the first period, the trajectory vector of the second period may be obtained by the trajectory vector of the first period and the motion data of the second period, and after obtaining the trajectory vector of the second period, the trajectory vector of the third period may be obtained by the trajectory vector of the second period and the motion data of the third period, that is, the motion data of the latest period may be continuously superimposed on the trajectory vector, so as to generate the latest trajectory vector.

S504, under the condition that target conditions are met, the fact that the vehicle has relay attack is determined, and the target conditions include that the distance difference value exceeds a preset safety threshold value.

In the embodiment of the application, whether relay attack possibly exists is judged by setting a preset safety threshold. For example, the safety threshold may be a set distance threshold, which is not limited in the embodiment of the present application.

Taking the example that the mobile terminal device is connected with the vehicle again, after the vehicle stops, the mobile terminal device moves all the time and the distance between the mobile terminal device and the vehicle end is larger than a certain distance, if an attacker uses the relay to attack, the mobile terminal device can receive a signal of the vehicle end transmitted by the relay even under the condition of long distance so as to be connected with the vehicle, at the moment, the mobile terminal device obtains moving tracks of N time periods through recorded motion data from the vehicle stopping moment to the moment when the mobile terminal device is connected with the vehicle again, and then whether the distance difference between the position information of the mobile terminal device at the current moment and the position information of the vehicle stopping moment is larger than a safety threshold value is calculated based on the moving tracks. If the distance is greater than the safety threshold, it indicates that the signal received by the mobile terminal device may not be sent out by the vehicle, and then there may be a relay attack phenomenon.

Alternatively, when the mobile terminal device determines that the vehicle may have a relay attack, the mobile terminal device may output prompt information for prompting that an attack exists between the vehicle and the mobile terminal. For example, the prompt message may be a vibration or voice prompt of the mobile terminal device that a relay attack exists between the vehicle and the mobile terminal device, or a user interface is displayed to a user of the mobile terminal device to allow the user to confirm whether to operate the vehicle. The embodiment of the present application does not limit this.

In the method for preventing relay attack provided by the embodiment of the application, at the moment when the mobile terminal device is connected to the vehicle again or an instruction for instructing to perform the operation for preventing relay attack is received, the track vectors determined by the N pieces of motion data are obtained firstly, and M pieces of motion data in the N pieces of motion data are obtained through the motion sensor in the mobile terminal device. And then determining the movement track of the mobile terminal equipment through the N pieces of movement data, determining the distance between the position of the mobile terminal equipment at the moment of connecting to the vehicle again and the stop position of the vehicle through the movement track, and determining that relay attack may exist if the distance is greater than a preset safety distance threshold value.

According to the technical scheme, when the mobile terminal device is connected to the vehicle again, the distance difference between the mobile terminal device and the stop position of the vehicle can be determined through the movement track formed by the movement data of different time periods in the mobile terminal device, so that relay attack of a vehicle end and a key end can be effectively prevented under the condition that accurate geographical position information does not need to be obtained. That is to say, the method for preventing relay attack provided by the application is completely independent of the surrounding environment and is not interfered by the air wireless signal environment.

For example, for a relay prevention method based on a geographic location, if there is no GNSS signal in a certain period of time, a network positioning method is used to obtain an approximate location of a mobile terminal device, which results in an inaccurate determined distance between the mobile terminal device and a vehicle stop location, and thus, relay attack cannot be effectively prevented. If the moving track is used to determine the distance between the mobile terminal device and the vehicle stop position, even if there is no GNSS signal in the certain period, the mobile terminal device may obtain a corresponding track vector through the motion sensor, and further, may determine the relative distance between the mobile terminal device and the vehicle stop position based on the track vector, thereby effectively preventing the relay attack of the vehicle end and the key end.

Optionally, S503 in the embodiment shown in fig. 5 may include: acquiring position information determined by mobile terminal equipment through a Bluetooth technology and/or a wireless local area network communication technology; optimizing the moving track according to the position information to obtain a target moving track; and determining the distance from the position of the mobile terminal equipment at the second moment to the position of the vehicle at the first moment according to the target movement track.

In this embodiment, after the movement track is obtained, the movement track may be optimized by using the position information determined by the bluetooth technology and/or the wireless local area network communication technology, for example, a public Wifi or a hot spot when parking is used as a reference, or a bluetooth ranging performed by a mobile phone on a signal source is used as a reference, so as to obtain a more accurate movement track. And then determining the distance from the position of the mobile terminal device at the second moment to the position of the vehicle at the first moment through the optimized moving track.

It is described herein how to optimize the movement track using the position information determined by the bluetooth technology and/or the wireless lan communication technology to obtain a more accurate movement track, which may refer to the description of the related art and is not described herein again.

As an alternative embodiment, M is equal to N in the embodiment shown in fig. 5.

Taking M equal to N as an example, a method for preventing relay attack according to another embodiment of the present application is described in detail with reference to fig. 6.

As shown in fig. 6, the method of the present embodiment may include S601, S602, S603, S604, and S605. The method for preventing relay attack can be executed by the key terminal in the PEPS system shown in fig. 1.

S601, the mobile terminal device obtains vehicle stop information.

In this embodiment, the mobile terminal device obtains motion data in different periods from the time when the vehicle stops. Therefore, the mobile terminal device needs to know information whether the vehicle is stopped before obtaining the motion data in different periods.

In one possible embodiment, the vehicle can send a notification of a change in the vehicle state or a change in the vehicle lock to the mobile terminal. For example, the vehicle end sends a message to the mobile terminal that a navigation destination has been reached or that the vehicle has been switched off or locked.

And S602, the mobile terminal device starts to record the moving track of the mobile terminal device after parking by using the motion sensor.

In the present embodiment, the motion data of each time period is obtained by a motion sensor. For example, if the mobile terminal device includes N time periods in total from the time of leaving the parking location to the time of reconnecting to the vehicle, N pieces of motion data may be obtained by the motion sensor, and then a trajectory vector determined by the N pieces of motion data may be obtained, and then a moving trajectory of the mobile terminal device after leaving the parking location may be known by the trajectory vector, and the specific implementation process may refer to the description in the embodiment shown in fig. 5.

And S603, when the mobile terminal equipment is connected to the vehicle again, triggering anti-relay detection, and determining the relative distance between the position and the parking position when the mobile terminal equipment is connected to the vehicle again based on the recorded moving track of the mobile terminal equipment.

As an example, as shown in fig. 7, after the vehicle stops, the trajectory vector of the mobile terminal device in the first time period, the trajectory vector of the second time period, the trajectory vector of the third time period, the trajectory vector of the fourth time period, and the trajectory vector of the fifth time period are respectively shown in the figure, where the trajectory vector in each time period includes a direction and a displacement of the mobile terminal device moving in the time period, and specifically, the description may refer to the embodiment shown in fig. 5, and details are not repeated here. When a certain position (such as a re-approach point position in the figure) to which the mobile terminal device moves at a certain moment is connected to the vehicle, anti-relay detection is triggered, namely, the relative distance between the mobile terminal device at the approach point position and the vehicle stop position is determined based on the track vector of the first time period, the track vector of the second time period, the track vector of the third time period, the track vector of the fourth time period, the track vector of the fifth time period and the track vector of the sixth time period of the time period in which the re-approach point is located.

In one implementation, the trajectory vector of the first period, the trajectory vector of the second period, the trajectory vector of the third period, the trajectory vector of the fourth period, the trajectory vector of the fifth period, and the trajectory vector of the sixth period may be added to obtain the relative distance, as indicated by the dashed line in fig. 7, between the re-approach point and the vehicle stop position.

It should be noted that, in the embodiment of the present application, the triggering of the anti-relay detection is described by taking the mobile terminal device as an example to connect to the vehicle again, or an instruction of the anti-relay operation may be received at the mobile terminal device, which is not limited in the present application.

S604, determining whether a relay attack may exist according to a preset safety threshold, for example, if the safety threshold is a safety distance threshold, and if a relative distance between a location where the mobile terminal device is located and a parking location at the time when the mobile terminal device is connected to the vehicle again is greater than the preset safety distance threshold, the relay attack may exist. The specific process can refer to the description in the embodiment shown in fig. 5.

And S605, after the relay attack is detected, reminding the user or requiring the user to confirm or authenticate the identity or cut off the connection with the vehicle.

For example, after the mobile terminal device detects that there may be a relay attack, the mobile terminal device reminds the user in a vibration or ring mode, or the user performs confirmation or identity authentication through a User Interface (UI) interface of the mobile terminal device, so as to prevent the relay attack. Or the connection with the vehicle is cut off, so that the vehicle cannot receive the authentication information transmitted by the mobile terminal device, thereby preventing the relay attack. The specific implementation manner of the method can be described with reference to S504 in the embodiment shown in fig. 5, and is not described herein again.

In the relay attack prevention method provided by the embodiment of the application, at the moment when the mobile terminal device is connected to the vehicle again, all the N pieces of motion data are obtained through the motion sensor in the mobile terminal device, so that in the whole moving process, the position information of the mobile terminal device does not need to be determined, and the position information of the vehicle does not need to be known, namely, only the motion data collected through the motion sensor is needed, whether a relay attack phenomenon exists can be judged, namely, the dependence on external environment conditions and the vehicle side is small.

As an alternative embodiment, M in the embodiment shown in fig. 5 is smaller than N, and the method further includes: the method comprises the steps of obtaining N-M motion data, wherein the N-M motion data correspond to N-M time periods in a one-to-one mode, the N-M time periods comprise time periods except M time periods in the N time periods, the N-M motion data comprise motion data except M motion data in the N motion data, and each motion data in the N-M motion data comprises positioning information of a Global Navigation Satellite System (GNSS) of the mobile terminal device at the starting time of the corresponding time period and positioning information of the GNSS at the ending time of the corresponding time period.

In the embodiment, in N periods from the first time when the vehicle is parked to the time when the mobile terminal device establishes the connection with the vehicle again, in addition to M periods of motion data obtained by the motion sensor, N-M periods of motion data are not obtained by the motion sensor, and the N-M periods of motion data include positioning information of the GNSS of the mobile terminal device at the start time of the corresponding period and positioning information of the GNSS at the end time of the corresponding period.

Taking N-M equal to 1 as an example, a detailed description will be given below of the method for preventing relay attack when M is smaller than N in conjunction with fig. 8.

As shown in fig. 8, the method of the present embodiment may include S801, S802, S803, S804, S805, S806, S807, and S809. The method for preventing relay attack can be executed by the key terminal in the PEPS system shown in fig. 1.

S801, the mobile terminal device acquires vehicle stop information.

The implementation of this step may refer to S601 in the embodiment shown in fig. 6, and details are not repeated here.

S802, with the parking position as an origin, obtaining motion data in different periods through a motion sensor of the mobile terminal device.

In this embodiment, after obtaining the message that the vehicle stops, the mobile terminal device starts to obtain the motion data in different time periods through the motion sensor, in this embodiment, there are M motion data recorded through the motion sensor, and a specific implementation process thereof may refer to the description of the embodiment shown in fig. 5.

And S803, after the mobile terminal device detects a sufficiently strong GNSS signal, recording positioning information of the GNSS signal at the starting moment of the corresponding time period and stopping recording track vectors obtained based on the motion sensor.

S804, when the mobile terminal device detects that the GNSS signal is about to be lost, the positioning information of the GNSS signal at the end time of the corresponding time period is recorded, and simultaneously the track vector obtained based on the motion sensor is started to be recorded.

In this embodiment, if the mobile terminal device detects a GNSS signal that is strong enough, the recording of the trajectory vector obtained based on the motion sensor is stopped in a time period corresponding to the GNSS signal, and the positioning information at the start time when the GNSS signal is detected, that is, the initial GNSS coordinate is recorded. And when the mobile terminal device detects that the GNSS signal is about to be lost, for example, when the number of satellites decreases and the signal-to-noise ratio becomes worse to a certain degree, the mobile terminal device is triggered to record positioning information of the GNSS signal at the end time of the corresponding time period, that is, GNSS coordinates at the end time, and simultaneously the mobile terminal device is triggered to record a track vector obtained based on the motion sensor.

As an example, as shown in fig. 9, starting at the time when the vehicle stops, the mobile terminal device does not detect a GNSS signal in the first three periods of motion, so that the motion data of each period collected by the motion sensor in the mobile terminal device is used to obtain a trajectory vector of the first period, a trajectory vector of the second period and a trajectory vector of the third period. When the mobile terminal device moves to the initial time of the fourth time period and detects a GNSS signal, the initial GNSS coordinate may be recorded and the recording of the moving track may be stopped, and when the mobile terminal device continues to move and detects that the GNSS signal is about to be lost, the GNSS coordinate of the end time may be recorded and the track vector recorded by the motion sensor may be restarted, for example, at the fifth time period, the motion sensor continues to be used to obtain the track vector corresponding to the time period.

And S805, obtaining a track vector of the mobile terminal device in the presence of the GNSS signal according to the positioning information of the GNSS signal at the starting time of the corresponding time interval and the positioning information of the GNSS signal at the ending time of the corresponding time interval.

In one implementation, a vector difference between the initial GNSS coordinates and the GNSS coordinates at the end time within the corresponding time period may be calculated to obtain a trajectory vector corresponding to the time period with GNSS signals. As shown in fig. 9, there is a GNSS signal in the fourth time period, and after the initial GNSS coordinates and the GNSS coordinates at the end time of the fourth time period are obtained, the vector difference between two points can be calculated to obtain the trajectory vector of the mobile terminal device in the fourth time period, as indicated by the two-dot chain line in fig. 9.

And S806, when the mobile terminal device is connected to the vehicle again, triggering anti-relay detection, and determining the relative distance between the position and the parking position at the moment when the mobile terminal device is connected to the vehicle again based on the track vectors of all the time intervals recorded by the motion sensor and the track vectors obtained under the condition of GNSS signals.

When a certain position (such as a re-approach point position in the figure) to which the mobile terminal device moves at a certain moment is connected to the vehicle, the anti-relay detection is triggered, namely, the relative distance between the mobile terminal device at the approach point position and the vehicle stop position is determined based on the track vector of the first time period, the track vector of the second time period, the track vector of the third time period, the track vector of the fourth time period and the track vector of the time period in which the re-approach point is located.

The implementation manner of determining the relative distance between the approaching point position and the vehicle stopping position of the mobile terminal device according to the trajectory vector may be described with reference to the embodiment shown in fig. 5 or fig. 6, and is not described herein again.

And S807, judging whether relay attack possibly exists according to a preset safety threshold.

The process of this step can refer to the description of S604 in the embodiment shown in fig. 6, and is not described herein again.

And S808, after the relay attack is detected, reminding the user or requiring the user to confirm or authenticate the identity or cut off the connection with the vehicle.

The process of this step can refer to the description of S605 in the embodiment shown in fig. 6, and is not described herein again.

It should be noted that, in the embodiment of the present application, only one GNSS-enabled time segment is illustrated, and there may be multiple GNSS-enabled time segments, which are implemented in a manner similar to that of the embodiment of the present application, and the embodiment of the present application does not limit this.

In the method for preventing relay attack provided by the embodiment of the application, the mobile terminal device obtains the track vector by using the information of the GNSS when the GNSS signal can be detected in the whole moving process, so that the power consumption of the mobile terminal device can be further reduced.

Optionally, after S808 in the above embodiment, S809 may further be included: and sending prompt information to the vehicle to enable the vehicle to know that the relay attack phenomenon possibly exists, so that the operation of preventing the relay attack is carried out.

Optionally, each piece of motion data in the N pieces of motion data in the above embodiment may further include information for obtaining a height of the mobile terminal device from a specified plane in a time period corresponding to each piece of motion data.

As an implementation manner, a barometer and the like may be used to record a change in height, so as to enrich a scene, and further, whether a relay attack exists may be determined by the change in height, which is not limited in the embodiment of the present application.

It is noted that, in the embodiment of the present application, after the trajectory vector between the position of the mobile terminal device at the second time and the parking origin is obtained by moving the trajectory, in addition to obtaining the distance difference between the current position at the second time and the vehicle end, the direction angle between the current position at the second time and the vehicle end may also be obtained, that is, the specific position of the vehicle end may be determined, and further, the relative position between the vehicle and the terminal device may be prompted by the mobile terminal device, so that the user may find the vehicle conveniently.

Fig. 10 is a schematic structural diagram of an apparatus for preventing a relay attack according to an embodiment of the present application. The apparatus for preventing relay attack shown in fig. 10 can be used to perform the method for preventing relay attack according to any of the foregoing embodiments.

As shown in fig. 10, the apparatus 1000 for preventing relay attack of the present embodiment includes: a first acquiring module 1001, a moving track module 1002 and a determining module 1003.

The first obtaining module 1001 is configured to obtain M pieces of motion data collected by a motion sensor in the mobile terminal device, where the M pieces of motion data correspond to M time periods one to one, each piece of motion data in the M pieces of motion data includes a motion direction and a displacement of the mobile terminal device in the time period corresponding to each piece of motion data, and M is a positive integer.

The moving trajectory module 1002 is configured to determine a moving trajectory of the mobile terminal device in a target time period according to N pieces of motion data, where the N pieces of motion data include the M pieces of motion data, the target time period is a time period from a first time when the vehicle stops to a second time when the vehicle stops, the second time includes a time when the mobile terminal device establishes connection with the vehicle again or a time when an instruction for instructing to perform a relay attack prevention operation is received, the target time period includes N time periods, the M time periods are M time periods of the N time periods, N is a positive integer, and M is less than or equal to N positive integers.

A determining module 1003, configured to determine, according to the moving track, a distance difference between a position of the mobile terminal at the second time and a position of the vehicle at the first time; the determining module is further configured to determine that the vehicle has a relay attack when a target condition is met, where the target condition includes that the distance difference exceeds a preset safety threshold.

As an example, the first obtaining module 1001 may be configured to perform the step of obtaining the motion data collected by the motion sensor in the method for preventing a relay attack described in any one of fig. 5 to 8. For example, the obtaining module 1001 is configured to execute S501.

As another example, the movement trace module 1002 may be configured to perform the step of determining a movement trace within the target time period in the method for preventing relay attack described in any one of fig. 5 to 8. For example, the movement trace module 1002 is configured to execute S503 or S602.

As still another example, the determining module 1003 may be configured to execute the step of determining the relative distance (or distance difference) between the parking position and the position where the mobile terminal device is located when being connected to the vehicle again in the method for preventing relay attack described in any one of fig. 5 to 8. For example, the determining module 1003 is configured to execute S503 or S603.

In one possible implementation manner, M is smaller than N, wherein the apparatus further includes: a second obtaining module 1004, configured to obtain N-M pieces of motion data, where the N-M pieces of motion data correspond to N-M time periods in a one-to-one manner, where the N-M time periods include time periods other than the M time periods in the N time periods, the N-M pieces of motion data include motion data other than the M pieces of motion data in the N pieces of motion data, and each motion in the N-M pieces of motion data includes positioning information of a global navigation satellite system GNSS of the mobile terminal device at a start time of the corresponding time period and positioning information of the GNSS at an end time of the corresponding time period.

In one possible implementation, M is equal to N.

In a possible implementation manner, each of the N pieces of motion data further includes information for obtaining a height of the mobile terminal device from a specified plane in a period corresponding to each piece of motion data.

In a possible implementation manner, the determining module 1003 is further configured to: acquiring position information determined by mobile terminal equipment through a Bluetooth technology and/or a wireless local area network communication technology; optimizing the moving track according to the position information to obtain a target moving track; and determining the distance from the position of the mobile terminal device at the second moment to the position of the vehicle at the first moment according to the target movement track.

In one possible implementation, the apparatus 1000 further includes an output module 1005 for disconnecting from the vehicle.

Fig. 11 is a schematic structural diagram of an apparatus for preventing a relay attack according to another embodiment of the present application. The apparatus shown in fig. 11 may be used to execute the method for preventing relay attack according to any of the foregoing embodiments.

As shown in fig. 11, the apparatus 1100 of the present embodiment includes: memory 1101, processor 1102, communication interface 1103, and bus 1104. The memory 1101, the processor 1102 and the communication interface 1103 are communicatively connected to each other through a bus 1104.

The memory 1101 may be a Read Only Memory (ROM), a static memory device, a dynamic memory device, or a Random Access Memory (RAM). The memory 1101 may store a program that, when executed by the processor 1102, the processor 1102 is configured to perform the steps of the method illustrated in fig. 5.

The processor 1102 may be a general Central Processing Unit (CPU), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more integrated circuits, configured to execute related programs to implement the lane inference method or the lane inference model training method according to the embodiment of the present disclosure.

The processor 1102 may also be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the method of planning an autonomous vehicle of the embodiments of the application may be performed by instructions in the form of hardware integrated logic circuits or software in the processor 1102.

The processor 1102 may also be a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, or discrete hardware components. The various methods, steps, and logic blocks disclosed in the embodiments of the present application may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

The steps of the method disclosed in connection with the embodiments of the present application may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software modules in the decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in the memory 1101, and the processor 1102 reads the information in the memory 1101, and completes the functions required to be performed by the units included in the thermometry apparatus according to the application in combination with the hardware thereof, for example, the steps/functions of the embodiments shown in fig. 5 or fig. 8 may be performed.

The communication interface 1103 may enable communication between the apparatus 1100 and other devices or communication networks using, but not limited to, transceiver devices.

Bus 1104 may include a path that transfers information between various components of apparatus 1100 (e.g., memory 1101, processor 1102, communication interface 1103).

It should be understood that the apparatus 1100 shown in the embodiments of the present application may be an electronic device, or may also be a chip configured in an electronic device.

It should be understood that the processor in the embodiments of the present application may be a Central Processing Unit (CPU), and the processor may also be other general purpose processors, digital Signal Processors (DSPs), application Specific Integrated Circuits (ASICs), field Programmable Gate Arrays (FPGAs) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

It will also be appreciated that the memory in the embodiments of the subject application may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The non-volatile memory may be a read-only memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable PROM (EEPROM), or a flash memory. Volatile memory can be Random Access Memory (RAM), which acts as external cache memory. By way of example, but not limitation, many forms of Random Access Memory (RAM) are available, such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDR SDRAM), enhanced SDRAM (ESDRAM), synchlink DRAM (SLDRAM), and direct bus RAM (DR RAM).

The above embodiments may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, the above-described embodiments may be implemented in whole or in part in the form of a computer program product. The computer program product comprises one or more computer instructions or computer programs. The procedures or functions according to the embodiments of the present application are wholly or partially generated when the computer instructions or the computer program are loaded or executed on a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another computer readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by wire (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, data center, etc., that contains one or more collections of available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium. The semiconductor medium may be a solid state disk.

It should be understood that the term "and/or" herein is merely one type of association relationship that describes an associated object, meaning that three relationships may exist, e.g., a and/or B may mean: a exists alone, A and B exist simultaneously, and B exists alone, wherein A and B can be singular or plural. In addition, the "/" in this document generally indicates that the former and latter associated objects are in an "or" relationship, but may also indicate an "and/or" relationship, which may be understood with particular reference to the former and latter text.

In this application, "at least one" means one or more, "a plurality" means two or more. "at least one of the following" or similar expressions refer to any combination of these items, including any combination of the singular or plural items. For example, at least one (one) of a, b, or c, may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or multiple.

It should be understood that, in the various embodiments of the present application, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.

Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the technical solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.

In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one position, or may be distributed on multiple network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.

The functions may be stored in a computer-readable storage medium if they are implemented in the form of software functional units and sold or used as separate products. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: u disk, removable hard disk, read only memory, random access memory, magnetic or optical disk, etc. for storing program codes.

The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily think of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims

1. A method for preventing relay attack is applied to a passive entry and start PEPS system, the PEPS system comprises a first subsystem and a second subsystem, the first subsystem is deployed in a vehicle, the second subsystem is deployed in a mobile terminal device, and the method comprises the following steps:

acquiring M pieces of motion data acquired by a motion sensor in the mobile terminal device, wherein the M pieces of motion data correspond to M time periods one by one, each piece of motion data in the M pieces of motion data comprises information used for acquiring the motion direction and displacement of the mobile terminal device in the time period corresponding to each piece of motion data, and M is a positive integer;

determining a movement track of the mobile terminal device in a target time period according to N pieces of movement data, wherein the N pieces of movement data comprise the M pieces of movement data, the target time period refers to a time period from a first time when the vehicle stops to a second time when the vehicle stops, the second time comprises a time when the mobile terminal device establishes connection with the vehicle again or a time when an instruction for instructing to perform a relay attack prevention operation is received, the target time period comprises N time periods, the M time periods are M time periods in the N time periods, N is a positive integer, and M is less than or equal to N positive integers;

according to the moving track, determining a distance difference value between the position of the mobile terminal device at the second moment and the position of the vehicle at the first moment;

and determining that the vehicle has relay attack under the condition that a target condition is met, wherein the target condition comprises that the distance difference exceeds a preset safety threshold.

2. The method of claim 1, wherein M is less than N, wherein the method further comprises:

acquiring N-M motion data, wherein the N-M motion data correspond to N-M time periods in a one-to-one manner, the N-M time periods comprise time periods except the M time periods in the N time periods, the N-M motion data comprise motion data except the M motion data in the N motion data, and each motion in the N-M motion data comprises positioning information of a Global Navigation Satellite System (GNSS) of the mobile terminal device at the starting time of the corresponding time period and positioning information of the GNSS at the ending time of the corresponding time period.

3. The method of claim 1, wherein M is equal to N.

4. The method according to any one of claims 1 to 3, wherein each of the N pieces of motion data further comprises information for obtaining the height of the mobile terminal device from a specified plane in a period corresponding to the each piece of motion data.

5. The method according to claim 4, wherein the determining the distance from the position of the mobile terminal device at the second time to the position of the vehicle at the first time according to the movement trajectory comprises:

acquiring position information determined by the mobile terminal equipment through a Bluetooth technology and/or a wireless local area network communication technology;

optimizing the moving track according to the position information to obtain a target moving track;

and determining a distance difference between the position of the mobile terminal device at the second moment and the position of the vehicle at the first moment according to the target movement track.

6. The method according to any one of claims 1 to 5, further comprising:

disconnecting the connection to the vehicle.

7. An apparatus for protecting against relay attacks, characterized in that the apparatus comprises functional modules for performing the method according to any one of claims 1 to 6.

8. An apparatus for preventing relay attacks, comprising: a memory and a processor;

the memory is to store program instructions;

the processor is configured to invoke program instructions in the memory to perform the method of preventing relay attacks according to any one of claims 1 to 6.

9. A chip comprising at least one processor and a communication interface, the communication interface and the at least one processor interconnected by a line, the at least one processor being configured to execute a computer program or instructions to perform the method of any of claims 1 to 6.

10. A computer-readable medium, characterized in that the computer-readable medium stores program code for computer execution, the program code comprising instructions for performing the method of any one of claims 1 to 6.

11. A computer program product comprising computer program code which, when run on a computer, causes the computer to implement the method of any one of claims 1 to 6.