CN115447533B - NFC key binding method and device, binding equipment and storage medium - Google Patents
NFC key binding method and device, binding equipment and storage medium Download PDFInfo
- Publication number
- CN115447533B CN115447533B CN202211044794.2A CN202211044794A CN115447533B CN 115447533 B CN115447533 B CN 115447533B CN 202211044794 A CN202211044794 A CN 202211044794A CN 115447533 B CN115447533 B CN 115447533B
- Authority
- CN
- China
- Prior art keywords
- nfc
- nfc chip
- digital key
- key controller
- instruction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 238000003860 storage Methods 0.000 title claims abstract description 21
- 238000003745 diagnosis Methods 0.000 claims abstract description 48
- 238000001514 detection method Methods 0.000 claims abstract description 27
- 238000012795 verification Methods 0.000 claims abstract description 24
- 238000004891 communication Methods 0.000 claims abstract description 19
- 238000007689 inspection Methods 0.000 claims abstract description 18
- 230000004044 response Effects 0.000 claims description 36
- 238000004590 computer program Methods 0.000 claims description 9
- 238000012360 testing method Methods 0.000 claims description 8
- 238000004458 analytical method Methods 0.000 claims description 5
- 230000005540 biological transmission Effects 0.000 abstract description 8
- 238000004519 manufacturing process Methods 0.000 abstract description 8
- 239000002699 waste material Substances 0.000 abstract description 4
- 238000004422 calculation algorithm Methods 0.000 description 9
- 101100019673 Ascaris suum CAPK gene Proteins 0.000 description 7
- 238000010586 diagram Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- VIEYMVWPECAOCY-UHFFFAOYSA-N 7-amino-4-(chloromethyl)chromen-2-one Chemical compound ClCC1=CC(=O)OC2=CC(N)=CC=C21 VIEYMVWPECAOCY-UHFFFAOYSA-N 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000006978 adaptation Effects 0.000 description 2
- 238000005429 filling process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- B—PERFORMING OPERATIONS; TRANSPORTING
- B60—VEHICLES IN GENERAL
- B60R—VEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
- B60R25/00—Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
- B60R25/20—Means to switch the anti-theft system on or off
- B60R25/24—Means to switch the anti-theft system on or off using electronic identifiers containing a code not memorised by the user
- B60R25/248—Electronic key extraction prevention
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0433—Key management protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
Abstract
The invention provides an NFC key binding method, an NFC key binding device, binding equipment and a storage medium, and relates to the technical field of near field transmission systems. In the binding equipment, the binding equipment comprises a key management server, a record platform, an NFC chip, a digital key controller and an electric detection/diagnosis component, wherein the key management server is in communication connection with the record platform, the record platform is respectively in communication connection with the NFC chip and the digital key controller, and the electric detection/diagnosis component is in communication connection with the digital key controller. The preset data stored in the NFC chip is changed in a covering mode, so that the NFC chip can repeatedly learn, waste caused by the fact that the NFC chip can only edit and learn one kind of verification information is reduced, and further, the NFC chip is repeatedly learned and bound in a vehicle production electric inspection environment or an after-sale link, and the NFC chip can be matched with a digital key control on a vehicle after the vehicle is off line.
Description
Technical Field
The invention belongs to the technical field of near field transmission systems, and particularly relates to an NFC key binding method, an NFC key binding device, binding equipment and a storage medium.
Background
In recent years, with the rapid development of intelligent and new energy automobiles, many automobiles now use a digital key of NFC technology as a standard configuration of automobiles. The user can use the NFC chip to unlock the vehicle, start and the like. In the production manufacturing process, because the NFC chip and the vehicle ECU are not provided in a matched mode, the NFC chip is not necessarily matched with the vehicle after the vehicle is off line, and therefore the NFC chip key and the vehicle can be bound in a vehicle electric detection link generally. Referring to NFC card making processes in other non-automobile industries, an external card reader is often used for writing data into an NFC chip, and the scheme brings about incapability of repeated learning and waste of the NFC chip; and the investment of new production line equipment can be increased, and a certain cost is increased. There is a need for a highly reusable, low cost, safe learning solution.
For example, similar patents such as "CN 113306525A-automobile NFC digital key implementation system, method and medium, automobile NFC digital key", "CN113002483 a-a non-contact automobile key implementation method and apparatus" mainly describe a method for card swiping and vehicle control after binding learning, most of which use a symmetric algorithm, and the security level is not enough, and there is no problem related to how to safely bind and learn NFC chips and vehicles in the electric inspection link and after-sales link of a production line of a vehicle factory.
Disclosure of Invention
The purpose of the invention is that: aims to provide an NFC key binding method which is used for solving the problem that the prior NFC chip can not repeatedly learn binding,
In order to achieve the technical purpose, the invention adopts the following technical scheme:
In a first aspect, this embodiment provides an NFC key binding method, applied to and bound to a device, where the binding device includes a key management server, a recording platform, an NFC chip, a digital key controller, and an electric detection/diagnosis component, the key management server is in communication connection with the recording platform, the recording platform is respectively in communication connection with the NFC chip and the digital key controller, and the electric detection/diagnosis component is in communication connection with the digital key controller, and the method includes:
s1: when an NFC chip is produced, a first application is sent to a filing platform, and the filing platform obtains first preset data from a key management server based on the received first application and fills the first preset data into the NFC chip;
s2: when the digital key controller is produced, a second application is sent to a filing platform, and the filing platform obtains second preset data from a key management server based on the received second application and fills the second preset data into the digital key controller;
S3: repeated binding learning of NFC chips is performed based on the electronic inspection/diagnostic component when electronic inspection or after-sale is performed.
With reference to the first aspect, in some optional embodiments, the docket platform generates and sends an nfc_tuid matching the NFC chip to the key management server based on the received first application, the key management server generates a first NFC ciphertext based on the nfc_tuid and returns to the docket platform, the docket platform generates a second NFC ciphertext based on the nfc_tuid and the first NFC ciphertext and encrypts the second NFC ciphertext into a third NFC ciphertext, and sends the third NFC ciphertext to the NFC chip, and the first preset data obtained by decrypting the third NFC ciphertext is filled into the NFC chip, where the nfc_tuid includes vendor information, application time, a random number and a test value.
With reference to the first aspect, in some optional embodiments, the docket platform generates and sends DKMaste _tuid matching the digital key controller to the key management server based on the received second application, the key management server generates a first digital key controller ciphertext based on DKMaste _tuid and returns to the docket platform, the docket platform generates a second digital key controller ciphertext based on DKMaste _tuid and the first digital key controller ciphertext and encrypts the second digital key controller ciphertext into a third digital key controller ciphertext, and sends the third digital key controller ciphertext decrypted second prefabricated data to the digital key controller, wherein DKMaster _tuid includes vendor information, application time, a random number and a check value.
With reference to the first aspect, in some optional embodiments, the binding device further includes an NFC access module and an NFC start module, and the step of repeating the binding learning includes:
S305: the digital key controller sends an NFC chip application selection instruction to the NFC access module and the NFC starting module based on the CAN line, and the NFC access module and the NFC starting module forward the NFC chip application selection instruction to the NFC chip;
S306: after receiving the NFC chip application selection instruction, the NFC chip selects an NFC chip application instruction response based on NFC communication reply, and the NFC access module and the NFC starting module transmit the NFC chip application instruction selection response to the digital key controller; the NFC chip application instruction response is selected to at least comprise an NFC_TUID parameter and an NFC_TUID_SIG parameter;
s307: after receiving the response of the NFC chip application instruction selection, the digital key controller performs signature verification, if the signature verification is successful, the NFC chip learning instruction is internally acquired or generated, the step S is carried out, and if the signature verification fails, the electronic detection/diagnosis equipment learning failure is replied;
S308: the digital key controller sends NFC chip learning instructions to the NFC access module and the NFC starting module based on the CAN line, and the NFC access module and the NFC starting module are forwarded to the NFC chip;
S309: after the NFC chip receives and acquires the NFC chip learning instruction, the NFC chip checks and analyzes the instruction, and replies a response corresponding to the NFC chip learning instruction through NFC communication, and the NFC access module and the NFC starting module transmit the response to the digital key controller, wherein the NFC chip learning instruction response parameters at least comprise: cardRnd, cardATC (ciphertext) and READERRND (ciphertext).
S310: after receiving the NFC chip learning instruction response, the digital key controller verifies whether the received instruction is legal, and if the verification fails, the digital key controller replies that the electric detection/diagnosis equipment fails to learn; if the verification is successful, entering the step S;
S311: the digital key controller internally calculates and generates an NFC chip learning completion instruction, and sends the instruction to the NFC access module and the NFC starting module based on the CAN, and the NFC access module and the NFC starting module are forwarded to the NFC chip, wherein the NFC chip learning completion instruction at least comprises the following parameters: cardMAC x (ciphertext), DKey x (ciphertext), and CardInfo x (ciphertext);
S312: after receiving the NFC chip learning instruction completion, the NFC chip verifies the analysis instruction, replies a response corresponding to the NFC chip learning instruction completion, and the NFC access module and the NFC starting module transmit the NFC chip learning instruction completion response to the digital key controller;
S313: after receiving the NFC chip learning instruction response, the digital key controller verifies that the received instruction is successfully learned, stores NFC_TUID and CardID as NFC chip key whitelist to be used if learning is successful, uses new coverage if NFC_TUID and CardID exist in the digital key controller, and returns failure to the electric inspection/diagnosis equipment if learning failure.
With reference to the first aspect, in some optional embodiments, the binding method further includes:
S301: the electric detection/diagnosis device sends a diagnosis instruction to the digital key controller;
S302: after receiving the diagnosis judging instruction, the digital key controller judges whether the diagnosis instruction passes the first-level security authentication, if yes, the electric inspection/diagnosis equipment is returned based on the diagnosis instruction to enter a learning mode, and if not, the electric inspection/diagnosis equipment is returned based on the diagnosis instruction to fail to learn;
S303: after receiving a successful response of the learning mode, the electric detection/diagnosis equipment prompts to place the NFC chip in the card swiping area;
S304: and after the NFC chip is detected by any module in the NFC access module or the NFC starting module, the digital key controller is notified through the CAN line.
In a second aspect, an embodiment of the present application provides an NFC key binding device, where the application and the binding device include a key management server, a record platform, an NFC chip, a digital key controller, and an electrical detection/diagnosis component, where the key management server is communicatively connected to the record platform, the record platform is communicatively connected to the NFC chip and the digital key controller, and the electrical detection/diagnosis component is communicatively connected to the digital key controller, and the device includes:
A first filling unit: when an NFC chip is produced, a first application is sent to a filing platform, and the filing platform obtains first preset data from a key management server based on the received first application and fills the first preset data into the NFC chip;
And a second filling unit: when the digital key controller is produced, a second application is sent to a filing platform, and the filing platform obtains second preset data from a key management server based on the received second application and fills the second preset data into the digital key controller;
binding learning unit: repeated binding learning of NFC chips is performed based on the electronic inspection/diagnostic component when electronic inspection or after-sale is performed.
With reference to the third aspect, in some optional embodiments, the first filling unit and the second filling unit are coupled on a docket platform, and the binding learning unit is coupled to the electrical inspection/diagnostic assembly.
In a third aspect, an embodiment of the present application provides a binding device, where the binding device includes a key management server, a recording platform, an NFC chip, a digital key controller, an electric detection/diagnosis component, and a storage module, where the key management server is communicatively connected to the recording platform, the recording platform is communicatively connected to the NFC chip and the digital key controller, the electric detection/diagnosis component is communicatively connected to the digital key controller, and a computer program is stored in the storage, and when the computer program is executed by the recording platform or the digital key controller, the binding device executes the method described above.
With reference to the third aspect, in some optional embodiments, the device further includes an NFC access module and an NFC enabled module, where the NFC access module and the NFC enabled module are communicatively connected with the NFC chip and the digital key controller, respectively.
In a fourth aspect, embodiments of the present application provide a computer program stored in a computer readable storage medium, which when run on a computer causes the computer to perform the above method.
The invention adopting the technical scheme has the following advantages:
In the scheme, the preset data stored in the NFC chip 300 is changed in a covering manner, so that the NFC chip 300 can repeatedly learn, waste caused by that the NFC chip can only edit and learn one type of verification information is reduced, and further, the NFC chip 300 is repeatedly learned and bound in a vehicle production electric inspection environment or an after-sale link, so that the NFC chip can be matched with the digital key control 400 on the vehicle after the vehicle is off line. Compared with the existing symmetric algorithm, the NFC chip binding learning method based on the encryption verification transmission mode is used for completing the NFC chip binding learning through the encryption verification transmission mode for multiple times, and has extremely high use safety and algorithm confidentiality.
Drawings
The invention can be further illustrated by means of non-limiting examples given in the accompanying drawings;
FIG. 1 is a system architecture diagram of the present invention;
fig. 2 is an overall flowchart of NFC key binding learning according to the present invention;
fig. 3 is a flow chart of NFC chip application & filling preset data according to the present invention;
FIG. 4 is a flow chart of the digital key controller application & filling pre-form data of the present invention;
Fig. 5 is a flowchart of NFC chip key binding learning according to the present invention;
The main reference numerals are as follows:
100: a key management server; 200: a recording platform; 210: a first filling unit; 220: a second filling unit; 300: NFC card; 400: a digital key controller; 500: NFC entry module; 600: an NFC starting module; 700: a gateway; 800: an electrical detection/diagnostic assembly; 810: and binding the learning unit.
Detailed Description
The present invention will be described in detail below with reference to the drawings and the specific embodiments, wherein like or similar parts are designated by the same reference numerals throughout the drawings or the description, and implementations not shown or described in the drawings are in a form well known to those of ordinary skill in the art. In addition, directional terms such as "upper", "lower", "top", "bottom", "left", "right", "front", "rear", etc. in the embodiments are merely directions with reference to the drawings, and are not intended to limit the scope of the present invention.
As shown in fig. 1, the present embodiment provides a binding device, which includes a key management server 100, a record platform 200, an NFC chip 300, a digital key controller 400, and an electrical inspection/diagnosis component 800, where the key management server 100 is communicatively connected to the record platform 200, the record platform 200 is communicatively connected to the NFC chip 300 and the digital key controller 400, and the electrical inspection/diagnosis component 800 is communicatively connected to the digital key controller 400.
In this embodiment, the key management server 100 is used for managing and generating keys, signatures, etc. of the NFC chip 300 and the digital key controller 400. The docket platform 200 is responsible for generating a TUID (terminal serial number) of the NFC chip 300 and the digital key controller 400, managing an association relationship between the TUID and the key ID, and applying a key signature or the like to the key management server 400. The NFC chip 300 is configured to store nfc_tuid (NFC terminal serial number), a key, a signature, and the like. The digital key controller 400 is used to store DKMaster _tuid (digital key controller terminal serial number), key, etc. messages. The electrical inspection/diagnosis component 800 is used for repeated binding learning of the NFC chip 300 by the external device.
In this embodiment, the docket platform 200 maintains access with the key management server 100 by logging in to an intranet or lan. The filing platform 200 can be in communication connection with the NFC chip 300 or the digital key controller 400 by wireless transmission or manual data transfer and then perform data offline filling. The docket platform 200 and key management server 100 may preferably be provided on a cloud server to facilitate the receipt and transmission of data. The NFC chip 300 may be provided on a portable device such as a mobile phone, a bracelet, or on a conventional car key.
As an optional implementation manner, the binding device further includes an NFC access module 500, an NFC start module 600, a gateway 700, and a storage module. The NFC access module 500 and the NFC start module 600 are used for connection communication between the NFC chip 300 and the digital key controller 100. Gateway 700 is used to enable a communication connection between digital key controller 400 and electrical test/diagnostic assembly 800. The NFC access module 500 and the NFC start module 600 are capable of transmitting a data stream between the NFC chip 300 and the digital key controller. Gateway 700 is capable of relaying CAN messages between digital key controller 400 and electrical test/diagnostic assembly 800. Specifically, the NFC chip 300 is connected to the NFC access module 500 and the NFC start module 600 through wireless communication. The NFC access module 500 and the NFC start module 600 are connected to the digital controller 400 through CAN lines. The two communication interfaces of the gateway 700 are connected to the digital key controller 400 and the electric checking/diagnosing assembly 800 through CAN lines, respectively. The NFC access module 500, the NFC enabled module 600, the digital key controller 400, and the gateway 700 are preferably disposed on a whole vehicle assembly for the purpose of controlling the switching of the corresponding devices. The electrical inspection/diagnosis device 800 is used for performing safe binding learning on the NFC chip and the vehicle in a line-of-production wire link or an after-sales link of a vehicle factory.
It should be noted that the binding device of the present invention is not limited to binding an automobile NFC chip and an automobile, but may be used in any device that needs NFC binding and control, such as an NFC access control, an NFC traffic card, or an NFC bank card.
The memory module stores a computer program that, when executed by the docket platform 200 or the digital key controller 400, enables the binding device to perform the corresponding steps in the NFC key binding method described below.
In this embodiment, referring to fig. 2-5, the present application further provides an NFC key binding method. The NFC key binding method may include the steps of:
s1: when the NFC chip 300 is produced, a first application is sent to the docketing platform 200, and the docketing platform 200 obtains first preset data from the key management server 100 based on the received first application and fills the first preset data into the NFC chip 300;
S2: when the digital key controller 400 is produced, a second application is sent to the filing platform 200, and the filing platform obtains second preset data from the key management server 100 based on the received second application and fills the second preset data into the digital key controller 400;
S3: repeated binding learning of NFC chip 300 is performed based on the electronic test/diagnostic component 800 at the time of electronic test or after-sale.
In the above embodiment, the NFC chip 300 and the digital key controller 400 after the first offline filling via the docket platform 200 may complete repeated learning and matching by the electronic check/diagnosis module 800.
According to an alternative embodiment, as shown in fig. 3, the filling procedure of the NFC chip 300 in step S1 is as follows,
S101: the production direction proposal platform 200 of the NFC chip 300 initiates a first application;
S102: the docket platform 200 generates an nfc_tuid unique to each NFC chip 300, and obtains a first NFC ciphertext from the key management server 100 using the nfc_tuid; the NFC_TUID comprises vendor information, application time, random numbers, check values and the like;
S103: the key management server 100 generates CARDWRITEKEY, NFC _tuid_sig using nfc_tuid calculation and returns the first NFC ciphertext: nfc_tuid_ SIG, cardWriteKey _ ID, cardWriteKey (ciphertext) to the docket platform 200; preferably, the return calculation method is as follows :CardWriteKey=AES_CMAC(CardWriteKeyMaster,SHA256(NFC_TUID)).NFC_TUID_SIG==ECC_sign(NFC_CASK,SHA256(NFC_TUID)).
S104: the docketing platform 200 associates, stores the second NFC ciphertext: nfc_tuid, nfc_tuid_ SIG, cardWriteKey _id, and combine the third NFC ciphertext: nfc_tuid, nfc_tuid_ SIG, cardWriteKey (ciphertext) are returned to the manufacturer of NFC chip 300;
s105: after decrypting CARDWRITEKEY x (ciphertext) in the third NFC key, the manufacturer of the NFC chip 300 obtains the first preset data: nfc_tuid, nfc_tuid_ SIG, cardWriteKey are filled into the NFC chip.
According to an alternative embodiment. As shown in fig. 4, the filling process of the digital key controller 400 in step S2 is as follows,
S201: the digital key controller 400 initiates a second application to the docket platform 200;
S202: the docketing platform generates a unique DKMaster _TUID for each digital key controller 400 and obtains the first digital key controller ciphertext using DKMaster _ TUID, cardWriteKeyMaster _ID, NFC_ CAPK _ID to the key management server 100; wherein DKMaster _TUID contains vendor information, application time, random number, check value, etc.;
S203: the key management server 100 generates and returns the first digital key controller ciphertext from the internal calculation based on the input data: CARDWRITEKEYMASTER _ ID, cardWriteKeyMaster (ciphertext), CMDkey _id, CMDkey (ciphertext), nfc_ CAPK _id, nfc_ CAPK, veh_sk (ciphertext), veh_pk (ciphertext), vehKeyID. The generation method comprises the following steps:
CARDWRITEKEYMASTER, NFC _ CAPK is platform unique data. CMDkey is randomly generated. Veh_sk, veh_pk are derived from the upper root.
S204: the docketing platform 200 associates, stores the second digital key controller ciphertext: DKMaster _TUID, CMDkey_ ID, cardWriteKeyMaster _ID, NFC_ CAPK _ID, vehKeyID, and control the ciphertext with the third digital key: DKMaster _TUID, CMDkey, CARDWRITEKEYMASTER, NFC_CAPK, veh_SK, and Veh_PK are returned to the digital key controller producer;
S205: after decrypting CMDkey x (ciphertext), CARDWRITEKEYMASTER x (ciphertext), veh_sk x (ciphertext), veh_pk x (ciphertext) in the third digital key control secret, the manufacturer of the digital key controller 400 loads the second preset data DKMaster _ TUID, CMDkey, cardWriteKeyMaste, NFC _ CAPK into the digital key controller 400.
According to an alternative embodiment, as shown in fig. 5, the repeated binding learning procedure of the NFC chip 300 in step S3 is as follows,
S301: the electric inspection/diagnosis device 400 sends a diagnosis instruction to the digital key controller 400 based on the gateway 700, and notifies the digital key controller 400 to enter the NFC chip key learning mode;
S302: after receiving the diagnosis judging instruction, the digital key controller 400 judges whether the diagnosis instruction passes the first-level security authentication, if the diagnosis instruction passes the first-level security authentication, the digital key controller returns the electric checking/diagnosing device 800 to enter the NFC chip key learning mode successfully through the diagnosis instruction, and enters the step S303, otherwise, the digital key controller enters the step S315;
s303: after receiving a successful response to enter the NFC chip key learning mode, the electrical detection/diagnosis device 800 prompts: placing the NFC chip 300 in the swipe area;
S304: after the NFC chip 300 is detected by any module in the NFC access module 500 or the NFC start module 600, the digital key controller 400 is notified to detect the NFC chip 300 through the CAN line;
s305: the digital key controller 400 sends an NFC chip application selection instruction to the NFC access module 500 and the NFC start module 600 through the CAN line, and the NFC access module 500 and the NFC start module 600 are forwarded to the NFC chip 300;
S306: after receiving the instruction for selecting the NFC chip application, the NFC chip 300 replies a corresponding response through NFC communication, and the NFC access module 500 and the NFC start module 600 transmit the response to the digital key controller 400, where the instruction response for selecting the NFC chip application mainly includes parameters such as nfc_tuid and nfc_tuid_sig;
S307: after receiving the response of the NFC chip application selection instruction, the digital key controller 400 uses nfc_ CAPK to perform signature verification nfc_tuid_sig, and if the signature verification is successful, obtains or generates an NFC chip learning instruction internally: DKMaster _ TUID, cardID, VIN, readerRnd, and the like, and proceeding to step S308, otherwise proceeding to step S315;
S308: the digital key controller 400 sends and obtains NFC chip learning instructions to the NFC access module 500 and the NFC starting module 600 through the CAN, and the NFC access module 500 and the NFC starting module 600 are forwarded to the NFC chip;
S309: after receiving the instruction for acquiring the learning instruction of the NFC chip, the NFC chip 300 verifies the analysis instruction, replies a corresponding response through NFC communication, and the NFC access module 500 and the NFC start module 600 transmit the response to the digital key controller 400, so as to acquire main parameters of the response of the learning instruction of the NFC chip as follows: cardRnd, cardATC (ciphertext), READERRND (ciphertext)
The calculation algorithm is as follows:
1.SessionKey=AES_CMAC(CardWriteKey,SHA256(ReaderRnd||CardRnd))。
2.SessionIV=ReaderRnd||CardRnd。
Cardatc (ciphertext) || READERRND (ciphertext) =aes 128_cbc (SessionKey, sessionIV, cardATC || READERRND).
S310: after receiving the NFC chip learning instruction response, the digital key controller 400 verifies whether the received instruction is legal, and if the verification fails, step S15 is performed; if the verification is successful, the step S311 is performed, and the verification method is as follows:
1.CardWriteKey=AES_CMAC(CardWriteKeyMaster,SHA256(NFC_TUID))。
2.SessionKey=AES_CMAC(CardWriteKey,SHA256(ReaderRnd||CardRnd))。
3.SessionIV=ReaderRnd||CardRnd。
Cardatc READERRND = AES128 CBC (SessionKey, sessionIV, cardATC (ciphertext) READERRND (ciphertext)).
5. Comparing whether the decrypted READERRND is consistent with the sent result in the step S7, if so, considering that the verification is successful, otherwise, the verification is failed.
S311: the digital key controller 400 internally calculates and generates an NFC chip learning completion instruction, and sends the instruction to the NFC access module 500 and the NFC start module 600 through the CAN, and the NFC access module 500 and the NFC start module 600 forward the instruction to the NFC chip 300, so that the main parameters of the NFC chip learning completion instruction are as follows: cardMAC (ciphertext), DKey (ciphertext), cardInfo (ciphertext)
The calculation algorithm is as follows:
Cardmac (ciphertext) || DKey (ciphertext) | CardInfo (ciphertext) =
AES128_CBC(SessionKey,SessionIV,SHA256(CardATC||ReaderRnd||CardRnd)||DKey||CardInfo)。
S312: after receiving the NFC chip learning instruction, the NFC chip 300 verifies the analysis instruction, replies a corresponding response through NFC communication, and then the NFC access/start module transmits the response to the digital key controller 400;
The calculation algorithm is as follows:
1.SHA256(CardATC||ReaderRnd||CardRnd)||DKey||CardInfo=
AES128 CBC (SessionKey, sessionIV, cardMAC (ciphertext) || DKey (ciphertext) | CardInfo (ciphertext)).
2. And calculating SHA256 (CardATC READERRND CardRnd) by using CardATC, readerRnd sent by S9, comparing whether the SHA256 is consistent with the received SHA256, storing DKey, cardInfo and the like for use as a future normal card swiping if the SHA256 is consistent with the received SHA256, and using a new coverage if the NFC chip is learned to be successful, i.e. DKey, cardInfo and the like.
S313: after receiving the response of completing the NFC chip learning instruction, the digital key controller 400 verifies that the received instruction is successfully learned, if the learning is successful, the step S14 is performed, NFC_TUID, cardID and the like are stored as NFC chip key white lists for use, if NFC_TUID, cardID and the like exist in the digital key controller 400, new coverage is used, and if the learning is failed, the step S15 is performed;
S314: the digital key controller 400 replies to the learning success through the diagnostic command reply electric examination/diagnosis apparatus 800.
S315: the digital key main controller 400 replies a failure error code to the electric checking/diagnosing apparatus 800 through the diagnosis instruction, and the electric checking/diagnosing apparatus 800 prompts the failure reason according to the error code, wherein the failure error code comprises but is not limited to the following errors:
1. the primary security authentication fails;
NFC chip response error;
3. Signature verification fails;
4. acquiring NFC chip learning instruction response verification failure;
5. Learning overtime;
In a third aspect, an embodiment of the present application further provides an NFC key binding apparatus, where the NFC key binding apparatus includes at least one software function module stored in a storage module in the form of software or Firmware (Firmware) or cured in an Operating System (OS) of a binding device. The docket platform 200 and the digital key controller 400 are configured to execute executable modules stored in a storage module, such as a software function module and a computer program module included in the NFC key binding device.
The NFC key binding device includes a first filling unit 210, a second filling unit 220, and a binding learning unit 810, where the first filling unit 210 and the second filling unit 220 may be coupled to the docket platform 200, the binding learning unit 810 is coupled to the electrical inspection/diagnostic assembly 800, and the functions of each unit may be as follows:
First filling unit 210: when the NFC chip 300 is produced, a first application is sent to the docketing platform 200, and the docketing platform 200 obtains first preset data from the key management server 100 based on the received first application and fills the first preset data into the NFC chip 300;
The second filling unit 220: when the digital key controller 400 is produced, a second application is sent to the filing platform 200, and the filing platform obtains second preset data from the key management server 100 based on the received second application and fills the second preset data into the digital key controller 400;
binding learning unit 810: repeated binding learning of NFC chip 300 is performed based on the electronic test/diagnostic component 800 at the time of electronic test or after-sale.
In this embodiment, the memory module may be, but is not limited to, a random access memory, a read-only memory, a programmable read-only memory, an erasable programmable read-only memory, an electrically erasable programmable read-only memory, etc. In this embodiment, the storage module may be used to store ciphertext, algorithms, data, etc. on the docket platform 200 and the digital key controller 400. Of course, the storage module may also be used to store a program, and the processing module executes the program after receiving the execution instruction.
It will be appreciated that the binding device structure shown in fig. 1 is only a schematic structure, and that the binding device may also include more components than those shown in fig. 1. The components shown in fig. 1 may be implemented in hardware, software, or a combination thereof.
It should be noted that, for convenience and brevity of description, the above-described data filling process and repeated learning process of the NFC chip 300 and the digital key controller 400 may refer to the corresponding process of each step in the foregoing method, and will not be described in detail herein.
In a fourth aspect, embodiments of the present application also provide a computer-readable storage medium. The computer readable storage medium has stored therein a computer program which, when run on a computer, causes the computer to perform the NFC key binding method as described in the above embodiments.
From the foregoing description of the embodiments, it will be apparent to those skilled in the art that the present application may be implemented in hardware, or by means of software plus a necessary general hardware platform, and based on this understanding, the technical solution of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disc, a mobile hard disk, etc.), and includes several instructions for causing a computer device (may be a personal computer, a binding device, or a network device, etc.) to execute the method described in the respective implementation scenario of the present application.
In summary, the embodiments of the present application provide a method, an apparatus, a binding device, and a storage medium for binding NFC keys. In this scheme, through changing the first preset data stored in the NFC chip 300 in a coverage manner, the NFC chip 300 can repeatedly learn, so that the waste caused by that the NFC chip can only edit and learn one type of verification information is reduced. Compared with the existing symmetric algorithm, the NFC chip binding learning method based on the encryption transmission mode is used for completing binding learning of the NFC chip in a multiple encryption transmission mode, and has extremely high use safety and algorithm confidentiality.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus, system and method may be implemented in other manners as well. The above-described apparatus, system, and method embodiments are merely illustrative, for example, flow charts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions. In addition, functional modules in the embodiments of the present application may be integrated together to form a single part, or each module may exist alone, or two or more modules may be integrated to form a single part.
The method, the device, the binding equipment and the storage medium for binding NFC keys provided by the invention are described in detail. The description of the specific embodiments is only intended to aid in understanding the method of the present invention and its core ideas. It should be noted that it will be apparent to those skilled in the art that various modifications and adaptations of the invention can be made without departing from the principles of the invention and these modifications and adaptations are intended to be within the scope of the invention as defined in the following claims.
Claims (10)
1. An NFC key binding method, characterized by an application and a binding device, where the binding device includes a key management server (100), a record platform (200), an NFC chip (300), a digital key controller (400), and an electrical detection/diagnosis component (800), where the key management server (100) is communicatively connected to the record platform (200), the record platform (200) is communicatively connected to the NFC chip (300) and the digital key controller (400) respectively, and the electrical detection/diagnosis component (800) is communicatively connected to the digital key controller (400), and the method includes:
s1: sending a first application to the filing platform (200), wherein the filing platform (200) obtains first preset data from the key management server (100) based on the received first application and fills the first preset data into the NFC chip (300);
S2: sending a second application to the filing platform (200), wherein the filing platform obtains second preset data from the key management server (100) based on the received second application and fills the second preset data into the digital key controller (400);
s3: repeating binding learning of the NFC chip (300) based on the electrical detection/diagnostic component (800),
The binding device further comprises an NFC access module (500) and an NFC start module (600), the step of repeating binding learning comprising:
S307: after receiving the response of the NFC chip application instruction selection, the digital key controller (400) performs signature verification, if the signature verification is successful, an NFC chip learning instruction is internally acquired or generated, and the step S308 is performed, and if the signature verification fails, the electronic detection/diagnosis assembly (800) fails to learn;
s308: the digital key controller (400) sends the NFC chip learning instruction to the NFC access module (500) and the NFC start module (600), and the NFC access module (500) and the NFC start module (600) are forwarded to the NFC chip (300);
S309: after receiving the NFC chip learning instruction, the NFC chip (300) checks the analysis instruction and replies a corresponding NFC chip learning instruction response, and the NFC access module (500) and the NFC starting module (600) transmit the NFC chip learning instruction response to the digital key controller (400);
s310: after receiving the NFC chip learning instruction response, the digital key controller (400) verifies whether the received instruction is legal, and if the verification fails, the digital key controller replies that the electric detection/diagnosis assembly (800) fails to learn; if the verification is successful, the step S311 is entered;
S311: the digital key controller (400) internally calculates and generates an NFC chip learning instruction, and sends the instruction to the NFC access module (500) and the NFC starting module (600), and the NFC access module (500) and the NFC starting module (600) are forwarded to the NFC chip (300);
S312: after receiving the NFC chip learning instruction, the NFC chip (300) checks the analysis instruction and replies a response corresponding to the NFC chip learning instruction, and the NFC access module (500) and the NFC starting module (600) transmit the response of the NFC chip learning instruction to the digital key controller (400);
S313: after the digital key controller (400) receives the NFC chip learning instruction completion response, the received instruction is verified to be successfully learned, if the instruction is successfully learned, the NFC_TUID and the CardID are stored to be used as an NFC chip key white list, if the NFC_TUID and the CardID exist in the digital key controller (400), new coverage is used, and if the instruction is failed, the electronic inspection/diagnosis component (800) replies that the instruction is failed to learn.
2. The binding method according to claim 1, wherein the docket platform (200) generates and sends an NFC terminal serial number matching the NFC chip (300) to the key management server (100) based on the received first application, the key management server (100) generates a first NFC ciphertext based on the NFC terminal serial number and returns the first NFC ciphertext to the docket platform (200), the docket platform (200) generates a second NFC ciphertext based on the NFC terminal serial number and the first NFC ciphertext and encrypts the second NFC ciphertext into a third NFC ciphertext, and sends the third NFC ciphertext to the NFC chip (300), and the first preset data obtained by decrypting the third NFC ciphertext is filled into the NFC chip (300).
3. The binding method according to claim 1, wherein the docket platform (200) generates and transmits a key controller terminal serial number matching the digital key controller (400) to the key management server (100) based on the received second application, the key management server (100) generates a first digital key controller ciphertext based on the key controller terminal serial number and returns to the docket platform (200), the docket platform (200) generates a second digital key controller ciphertext based on the key controller terminal serial number and the first digital key controller ciphertext and encrypts the second digital key controller ciphertext into a third digital key controller ciphertext and transmits the third digital key controller ciphertext to the digital key controller (400), and the second preset data obtained by decrypting the third digital key controller ciphertext is filled into the digital key controller (400).
4. A binding method according to claim 3, wherein the step of repeating binding learning further comprises:
s305: the digital key controller (400) sends an NFC chip application selection instruction to the NFC access module (500) and the NFC start module (600), and the NFC access module (500) and the NFC start module (600) forward the NFC chip application selection instruction to the NFC chip (300);
S306: the NFC chip (300) replies a selection NFC chip application instruction response after receiving the selection NFC chip application instruction, and the NFC access module (500) and the NFC starting module (600) transmit the selection NFC chip application instruction response to the digital key controller (400) in a transparent manner.
5. The binding method of claim 4, further comprising:
S301: the electrical test/diagnostic assembly (800) sends diagnostic instructions to the digital key controller (400);
S302: the digital key controller (400) receives a diagnosis judging instruction and judges whether the diagnosis instruction passes the primary security authentication, if yes, the electric detection/diagnosis component (800) is returned to enter a learning mode based on the diagnosis instruction, and if not, the electric detection/diagnosis component (800) is returned to fail to learn based on the diagnosis instruction;
s303: after the electric detection/diagnosis component (800) receives a successful response of entering a learning mode, prompting to place the NFC chip (300) in a card swiping area;
S304: and after the NFC chip (300) is detected by any module in the NFC access module (500) or the NFC starting module (600), notifying the digital key controller (400) through a CAN line.
6. An NFC key binding device, wherein, an application and a binding device, the binding device includes a key management server (100), a record platform (200), an NFC chip (300), a digital key controller (400) and an electrical detection/diagnosis component (800), the key management server (100) is in communication connection with the record platform (200), the record platform (200) is respectively in communication connection with the NFC chip (300) and the digital key controller (400), the electrical detection/diagnosis component (800) is in communication connection with the digital key controller (400), and the device includes:
A first filling unit (210): sending a first application to the filing platform (200), wherein the filing platform (200) obtains first preset data from the key management server (100) based on the received first application and fills the first preset data into the NFC chip (300);
A second filling unit (220): sending a second application to the filing platform (200), wherein the filing platform (200) obtains second preset data from the key management server (100) based on the received second application and fills the second preset data into the digital key controller (400);
Binding learning unit (810): repeated binding learning of the NFC chip (300) is performed based on the electrical detection/diagnostic component (800).
7. The NFC key binding device according to claim 6, wherein the first filling unit (210) and the second filling unit (220) are coupled to the docket platform (200), the binding learning unit (810) being coupled to the electrical detection/diagnostic assembly (800).
8. Binding device, characterized in that it comprises a key management server (100), a docket platform (200), an NFC chip (300), a digital key controller (400), an electrical checking/diagnosing component (800) and a storage module, wherein the key management server (100) is communicatively connected to the docket platform (200), the docket platform (200) is communicatively connected to the NFC chip (300) and the digital key controller (400), respectively, the electrical checking/diagnosing component (800) is communicatively connected to the digital key controller (400), and the storage module stores a computer program therein, which when executed by the docket platform (200) or the digital key controller (400) causes the binding device to perform the method according to any of claims 1-5.
9. The binding device of claim 8, further comprising an NFC access module (500) and an NFC start module (600), the NFC access module (500) and the NFC start module (600) being communicatively connected to the NFC chip (300) and the digital key controller (400), respectively.
10. A computer readable storage medium, characterized in that the computer readable storage medium has stored therein a computer program which, when run on a computer, causes the computer to perform the method of any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211044794.2A CN115447533B (en) | 2022-08-30 | 2022-08-30 | NFC key binding method and device, binding equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211044794.2A CN115447533B (en) | 2022-08-30 | 2022-08-30 | NFC key binding method and device, binding equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115447533A CN115447533A (en) | 2022-12-09 |
| CN115447533B true CN115447533B (en) | 2024-04-23 |
Family
ID=84300571
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211044794.2A Active CN115447533B (en) | 2022-08-30 | 2022-08-30 | NFC key binding method and device, binding equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115447533B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019109727A1 (en) * | 2017-12-08 | 2019-06-13 | 西安中兴新软件有限责任公司 | Identity verification method and apparatus |
| CN111376865A (en) * | 2018-12-29 | 2020-07-07 | 上海银基信息安全技术股份有限公司 | Vehicle digital key activation method, system and storage medium |
| WO2020228444A1 (en) * | 2019-05-16 | 2020-11-19 | 广州小鹏车联网科技有限公司 | Automobile control method and device based on nfc automobile key, automobile and storage medium |
| WO2020228442A1 (en) * | 2019-05-16 | 2020-11-19 | 广州小鹏车联网科技有限公司 | Car key control method and apparatus |
| CN113306525A (en) * | 2021-07-12 | 2021-08-27 | 上海瓶钵信息科技有限公司 | Automobile NFC digital key implementation system, method and medium and automobile NFC digital key |
| WO2022104592A1 (en) * | 2020-11-18 | 2022-05-27 | 浙江吉利控股集团有限公司 | Digital key authentication method, mobile terminal, and computer storage medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11062297B2 (en) * | 2018-10-29 | 2021-07-13 | 7-Eleven, Inc. | Validation using key pairs and interprocess communications |
| CN111698664B (en) * | 2019-03-12 | 2023-09-15 | 广州小鹏汽车科技有限公司 | Virtual key binding method and system |
-
2022
- 2022-08-30 CN CN202211044794.2A patent/CN115447533B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019109727A1 (en) * | 2017-12-08 | 2019-06-13 | 西安中兴新软件有限责任公司 | Identity verification method and apparatus |
| CN111376865A (en) * | 2018-12-29 | 2020-07-07 | 上海银基信息安全技术股份有限公司 | Vehicle digital key activation method, system and storage medium |
| WO2020228444A1 (en) * | 2019-05-16 | 2020-11-19 | 广州小鹏车联网科技有限公司 | Automobile control method and device based on nfc automobile key, automobile and storage medium |
| WO2020228442A1 (en) * | 2019-05-16 | 2020-11-19 | 广州小鹏车联网科技有限公司 | Car key control method and apparatus |
| WO2022104592A1 (en) * | 2020-11-18 | 2022-05-27 | 浙江吉利控股集团有限公司 | Digital key authentication method, mobile terminal, and computer storage medium |
| CN113306525A (en) * | 2021-07-12 | 2021-08-27 | 上海瓶钵信息科技有限公司 | Automobile NFC digital key implementation system, method and medium and automobile NFC digital key |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115447533A (en) | 2022-12-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108122311B (en) | Vehicle virtual key implementation method and system | |
| CN109624919B (en) | Vehicle anti-theft system configuration method, computer-readable storage medium, and terminal | |
| CN111835689B (en) | Identity authentication method of digital key, terminal device and medium | |
| CN113645590B (en) | Method, device, equipment and medium for remotely controlling vehicle based on encryption algorithm | |
| US10423401B2 (en) | Method for updating software of a control device of a vehicle | |
| CN108162913A (en) | A kind of long-range car locking emergency release method and device | |
| CN104424679A (en) | Authorization method and authorization system of intelligent key in wireless terminal as well as terminal and server | |
| CN107277033B (en) | Charging and battery replacing equipment and authentication method and system for object to be charged and battery replaced | |
| CN104158819A (en) | Safety authentication method of vehicle-mounted information entertainment terminal | |
| CN104348715A (en) | Gateway apparatus and message routing method | |
| CN109389709A (en) | Unlocking control system and unlocking control method | |
| CN105844738A (en) | Electronic key registration system | |
| CN113401000A (en) | Intelligent battery replacement control method and system for electric truck | |
| CN103370713B (en) | For the method programming mobile terminal device chip | |
| JP2001502627A (en) | Vehicle security system-security equipment | |
| CN110189434B (en) | Vehicle safety checking method and related equipment thereof | |
| CN115447533B (en) | NFC key binding method and device, binding equipment and storage medium | |
| KR101675223B1 (en) | Watchdog, security system and method for watchdog | |
| US20210012033A1 (en) | Method for the computer-aided parameterisation of a technical system | |
| CN115019421A (en) | Vehicle control method | |
| CN111130007B (en) | Sequential power transmission line field operation method and system | |
| CN113704106A (en) | Off-line detection system, method, equipment and medium for automobile digital key | |
| CN113415255A (en) | Vehicle remote encryption and unlocking control method and system and vehicle | |
| CN111092843A (en) | Data desensitization and security authorization system for Internet of vehicles | |
| CN113823015B (en) | Electric vehicle control system and electric vehicle control method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |