CN115690955A - Security authentication method and device for digital key, vehicle and digital key equipment - Google Patents

Security authentication method and device for digital key, vehicle and digital key equipment Download PDF

Info

Publication number
CN115690955A
CN115690955A CN202211334015.2A CN202211334015A CN115690955A CN 115690955 A CN115690955 A CN 115690955A CN 202211334015 A CN202211334015 A CN 202211334015A CN 115690955 A CN115690955 A CN 115690955A
Authority
CN
China
Prior art keywords
vehicle
key
digital key
preset
digital
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211334015.2A
Other languages
Chinese (zh)
Inventor
宁廷聪
汪向阳
张贤
谭成宇
张科强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing Changan Automobile Co Ltd
Original Assignee
Chongqing Changan Automobile Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing Changan Automobile Co Ltd filed Critical Chongqing Changan Automobile Co Ltd
Priority to CN202211334015.2A priority Critical patent/CN115690955A/en
Publication of CN115690955A publication Critical patent/CN115690955A/en
Pending legal-status Critical Current

Links

Images

Abstract

The application relates to the technical field of automobiles, in particular to a security authentication method and device of a digital key, a vehicle and digital key equipment, wherein the method comprises the following steps: extracting a channel characteristic value of wireless communication between the vehicle and the digital key device; generating an equipment fingerprint according to the channel characteristic value, and establishing a preset safety channel between the vehicle and the digital key equipment after verifying that the digital key is a preset legal key based on the equipment fingerprint; and receiving a conversation maintaining message sent by the digital key equipment at intervals with preset duration, and maintaining the preset security channel in a preset conversation state after verifying that the digital key is a preset legal key according to the conversation maintaining message, otherwise, disconnecting the preset security channel. Therefore, the problems that the data safety and privacy in the vehicle cannot be guaranteed and the like when the vehicle is connected with an illegal digital key to carry out vehicle control operation are solved.

Description

Security authentication method and device for digital key, vehicle and digital key equipment
Technical Field
The present application relates to the field of automotive technologies, and in particular, to a method and an apparatus for security authentication of a digital key, a vehicle, and a digital key device.
Background
The automobile key goes through development stages such as a mechanical key, a chip key, a remote control key and an intelligent key, and each development stage is developed towards the direction of convenience and intelligence of a user. The vehicle is more and more convenient to use due to a remote control key, an intelligent starting system, a digital key APP (Application) and the like generated based on the automobile electronic equipment.
The digital car key is used as a standing technology under the intelligent centi-leather of the car, can enable a car owner to unlock the car through an intelligent internal machine, wearable equipment and the like, carries out associated car control operation on the car, improves the convenience of the car, and is thus subject to more and more kinds of attention and interests of car enterprises.
However, in a current scenario of using a digital key, the validity of the user identity cannot be ensured, an illegal user may pretend to be another legal user to obtain the related authority, so that data is illegally stolen and read in communication, and meanwhile, a vehicle control instruction cannot be correctly executed.
Disclosure of Invention
The application provides a security authentication method and device for a digital key, a vehicle and a digital key device, which are used for solving the problems that the security and privacy of data in the vehicle cannot be guaranteed and the like because an illegal digital key is connected with the vehicle to carry out vehicle control operation.
The embodiment of the first aspect of the application provides a security authentication method of a digital key, which is applied to a vehicle and comprises the following steps: extracting a channel characteristic value of the vehicle in wireless communication with the digital key device; generating an equipment fingerprint according to the channel characteristic value, and establishing a preset safety channel between the vehicle and the digital key equipment after verifying that the digital key is a preset legal key based on the equipment fingerprint; and receiving a session maintaining message sent by the digital key equipment at intervals of preset duration, and maintaining the preset security channel in a preset session state after verifying that the digital key is a preset legal key according to the session maintaining message, otherwise, disconnecting the preset security channel.
According to the technical means, the device fingerprint can be generated according to the channel characteristic value of wireless communication between the vehicle and the digital key, the security channel is established by using the device fingerprint, then standard authentication is carried out, one more layer of security channel establishment is added on the basis of the traditional security authentication, vehicle control operation of an illegal user is avoided, and the information security and privacy in the communication process are improved.
Optionally, the session maintenance message includes a random number, a timestamp, and an id check code MAC value of the digital key, and after the digital key is verified to be a preset legal key according to the session maintenance message, the preset secure channel is maintained in a preset session state, otherwise, the preset secure channel is disconnected, further including: checking whether the timestamp meets a preset condition; if the timestamp meets the preset condition, performing MAC calculation according to the random number and the timestamp to obtain an actual MAC value; and if the actual MAC value is consistent with the MAC value of the session keeping message, verifying that the digital key is a preset legal key, keeping the preset secure channel in a preset session state, otherwise, verifying that the digital key is a preset illegal key, and disconnecting the preset secure channel.
According to the technical means, the embodiment of the application can calculate the MAC (media authentication Code) value according to the random number and the timestamp, compare the MAC value with the MAC value of the session maintenance message to judge whether the MAC value is consistent, judge whether the digital key is legal or not, establish the safety channel and avoid an illegal user from connecting the vehicle to perform vehicle control operation.
Optionally, after verifying that the digital key is a preset legal key based on the device fingerprint, establishing a preset security channel between the vehicle and the digital key device, further includes: encrypting a first identifier of the digital key device by using the device fingerprint to obtain key information; the key information is sent to the vehicle, wherein the vehicle decrypts the key information according to the equipment fingerprint to obtain the first identification, a first preset white list is inquired according to the first identification, and if the digital key is obtained through inquiry, the vehicle identification of the vehicle is encrypted through the equipment fingerprint to obtain vehicle information; and receiving the vehicle information, decrypting the vehicle information by using the device fingerprint to obtain the vehicle identification, inquiring a second preset white list according to the vehicle identification, and if the vehicle is inquired, establishing a preset safety channel between the vehicle and the digital key device.
According to the technical means, the first identification sent by the digital key can be decrypted by the device fingerprint to obtain the key information, the vehicle device inquires the key information in the white list, if the key information exists, the device fingerprint is used for encrypting the vehicle identification, the device fingerprint is used for decrypting the vehicle information, the white list is inquired, after the key information exists, the safety channel is established through double encryption and decryption, and the safety of vehicle connection is ensured.
Optionally, before receiving the session maintenance message sent by the digital key device at an interval of a preset duration, the method further includes: transmitting a vehicle-side random number and an IV value to the digital key device, and receiving an application identifier of the digital key, a key-side random number, key information and a key ciphertext generated by encrypting based on the vehicle-side random number and the key-side random number, which are transmitted by the digital key device; calculating a digital key according to the application identifier, the key side random number and the key information, deriving a communication key from the digital key, decrypting the key ciphertext by using the communication key, and encrypting and generating a vehicle end ciphertext according to counting information of a key counter of the digital key and the vehicle side random number if information obtained by decryption is consistent with the vehicle side random number and the key side random number; sending the vehicle-side ciphertext to the digital key device, wherein the digital key device derives a communication key from a digital key, decrypts the vehicle-side ciphertext by using the communication key, completes the identity security authentication of the vehicle on the key side if the decrypted information is consistent with the counting information of the key counter and the vehicle-side random number, calculates a key-side session key according to the communication key, the IV value and the hash value of the vehicle-side random number, and encrypts the vehicle-side random number by using the key-side session key to obtain a session ciphertext; and calculating a vehicle side session key according to the communication key, the IV value and the hash value of the vehicle side random number, decrypting the session ciphertext by using the vehicle side session key, and finishing the identity security authentication of the digital key at the vehicle side if the decrypted information is consistent with the vehicle side random number.
According to the technical means, the embodiment of the application can generate a session key for encryption/decryption of the vehicle control instruction through bidirectional identity authentication of the vehicle side and the key side, can realize identity security authentication of the vehicle and the digital key, avoids illegal users from connecting, improves the security of vehicle data, and ensures information security in a double-layer mode.
Optionally, before extracting the channel characteristic value of the vehicle in wireless communication with the digital key device, the method further includes: receiving a pairing request of a digital key device; and pairing with the digital key device according to the pairing request.
According to the technical means, the embodiment of the application needs to be paired with the digital key device according to the pairing request of the digital key, so that the channel characteristic value of the communication between the vehicle and the digital key device is extracted for subsequent security authentication.
The embodiment of the second aspect of the present application provides a security authentication method of a digital key, which is applied to a digital key device, and the method includes the following steps: extracting a channel characteristic value of a vehicle in wireless communication with the digital key device; generating a device fingerprint according to the channel characteristic value, and establishing a preset safety channel between the vehicle and the digital key device after verifying that the vehicle is a preset legal vehicle based on the device fingerprint; and sending a conversation maintaining message to the vehicle at intervals of preset duration, wherein the vehicle maintains the preset security channel in a preset conversation state after verifying that the digital key is a preset legal key according to the conversation maintaining message, and otherwise, the preset security channel is disconnected.
The embodiment of the third aspect of the present application provides a security authentication device for a digital key, which is applied to a vehicle, and comprises: a first extraction module for extracting a channel characteristic value of the vehicle wirelessly communicating with the digital key device; the first establishing module is used for generating an equipment fingerprint according to the channel characteristic value, and establishing a preset safety channel between the vehicle and the digital key equipment after verifying that the digital key is a preset legal key based on the equipment fingerprint; the first verification module is used for receiving a session maintenance message sent by the digital key device at intervals of preset duration, maintaining the preset security channel in a preset session state after verifying that the digital key is a preset legal key according to the session maintenance message, and otherwise disconnecting the preset security channel.
An embodiment of a fourth aspect of the present application provides a security authentication apparatus for a digital key, where the apparatus is applied to a digital key device, and the apparatus includes: the second extraction module is used for extracting a channel characteristic value of the vehicle in wireless communication with the digital key device; the second establishing module is used for generating an equipment fingerprint according to the channel characteristic value, and establishing a preset safety channel between the vehicle and the digital key equipment after the vehicle is verified to be a preset legal vehicle based on the equipment fingerprint; and the second verification module is used for sending a conversation maintaining message to the vehicle at intervals of preset time length, wherein the vehicle maintains the preset security channel in a preset conversation state after verifying that the digital key is a preset legal key according to the conversation maintaining message, and otherwise, the preset security channel is disconnected.
An embodiment of a fifth aspect of the present application provides a vehicle, comprising: the system comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor executes the program to realize the security authentication method of the digital key according to the embodiment.
An embodiment of a sixth aspect of the present application provides a digital key apparatus comprising: the system comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor executes the program to realize the security authentication method of the digital key according to the embodiment.
Therefore, the application has at least the following beneficial effects:
(1) According to the method and the device, the device fingerprint can be generated according to the channel characteristic value of the wireless communication between the vehicle and the digital key, the security channel is established by using the device fingerprint, then the standard authentication is carried out, one more layer of security channel establishment is carried out on the basis of the traditional security authentication, the vehicle control operation of an illegal user is avoided, and the information security and privacy in the communication process are improved.
(2) According to the embodiment of the application, the MAC value can be calculated according to the random number and the timestamp, and the MAC value is compared with the MAC value of the session keeping message to judge whether the MAC value is consistent or not, so that whether the digital key is legal or not is judged, a safety channel is established, and an illegal user can be prevented from connecting a vehicle to perform vehicle control operation.
(3) According to the embodiment of the application, the key information can be acquired by utilizing the first identification sent by the equipment fingerprint decryption digital key, the vehicle equipment inquires the key information in the white list, if the key information exists, the equipment fingerprint is used for encrypting the vehicle identification, the equipment fingerprint is utilized for decrypting the vehicle information, the white list is inquired, after the key information exists, the safety channel is established through double encryption and decryption, and the safety of vehicle connection is ensured.
(4) The embodiment of the application can generate a session key for the encryption/decryption of the vehicle control command through the bidirectional identity authentication of the vehicle side and the key side, can realize the identity security authentication of the vehicle and the digital key, avoids illegal users from connecting, improves the security of vehicle data, and ensures the information security in a double-layer manner.
(5) According to the embodiment of the application, the vehicle and the digital key equipment need to be paired according to the pairing request of the digital key, so that the channel characteristic value of the communication between the vehicle and the digital key equipment is extracted for subsequent security authentication.
Additional aspects and advantages of the present application will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the present application.
Drawings
The foregoing and/or additional aspects and advantages of the present application will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
fig. 1 is a flowchart of a security authentication method for a digital key according to an embodiment of the present application;
FIG. 2 is a flowchart of a digital key security authentication and encryption method according to an embodiment of the present application;
FIG. 3 is a flow chart of establishing a digital key and a vehicle security channel according to an embodiment of the present application;
FIG. 4 is a flow chart illustrating standard security authentication of a digital key with a vehicle according to an embodiment of the present application;
FIG. 5 is a flow chart of a method for secure authentication of a digital key according to an embodiment of the present application;
FIG. 6 is a block diagram of an example of a security authentication device for a digital key according to an embodiment of the present application;
FIG. 7 is a block diagram of an example of a security authentication device for a digital key according to an embodiment of the present application;
FIG. 8 is a schematic diagram of a vehicle structure provided in accordance with an embodiment of the present application.
Detailed Description
Reference will now be made in detail to embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary and intended to be used for explaining the present application and should not be construed as limiting the present application.
The related art realizes the security authentication of the digital key by the following method:
(1) Based on a Public Key Infrastructure (PKI) technology, in the verification process of both parties, a signature algorithm is adopted to extract an abstract of a digital key, the abstract and the digital key are encrypted and decrypted respectively by using keys of both parties, the corresponding relation between the abstract obtained by authentication and decryption and the digital key is compared, whether the decrypted digital key is consistent with the digital key recorded in a local database is judged, and the purpose of identity security authentication is achieved.
(2) And protecting the user password by using the equipment fingerprint, and generating a new local secret key by using a message digest algorithm for network management message authentication and encryption. In the message authentication process, a new local secret key is adopted to calculate a message verification code for the message, message signature authentication is completed, and in the message encryption process, the new local secret key is adopted to encrypt a message data unit, so that communication privacy is protected.
However, none of the above methods involve the establishment of a secure channel and the dual verification of the digital key and the identity of the vehicle.
A method and apparatus for security authentication of a digital key, a vehicle, and a digital key device according to embodiments of the present application are described below with reference to the accompanying drawings. In order to solve the problem that the legality of the user identity cannot be confirmed in the scene that the user uses the digital key in the background technology, an illegal user may be counterfeited as a legal user to obtain related authority, a vehicle is operated, and the safety of vehicle data cannot be guaranteed, the application provides the safety authentication method of the digital key. Therefore, the problems that the safety and privacy of vehicle data and information cannot be guaranteed due to the fact that an illegal digital key is connected with a vehicle and performs vehicle control operation are solved.
Specifically, fig. 1 is a schematic flowchart of a security authentication method for a digital key according to an embodiment of the present application.
As shown in fig. 1, the method for authenticating the security of the digital key is applied to a vehicle, and comprises the following steps:
in step S101, a channel characteristic value of the vehicle in wireless communication with the digital key apparatus is extracted.
In the embodiment of the present application, before extracting the channel characteristic value of the vehicle in wireless communication with the digital key device, the method further includes: receiving a pairing request of a digital key device; and pairing with the digital key device according to the pairing request.
It can be understood that, after receiving the pairing request of the digital key, the embodiment of the application can extract the channel characteristic value of the vehicle in wireless communication with the digital key device for subsequent security authentication.
In step S102, a device fingerprint is generated according to the channel characteristic value, and after the digital key is verified as a preset valid key based on the device fingerprint, a preset security channel between the vehicle and the digital key device is established.
The device fingerprint is to extract the channel characteristic value according to the difference of signals in the wireless channel to generate a unique identification code, and has uniqueness, inherent property and tamper resistance.
It can be understood that the embodiment of the application verifies the validity of the digital key according to the device fingerprint, and further establishes the secure channel.
In this application embodiment, after verifying that the digital key is a preset legal key based on the device fingerprint, establishing a preset security channel between the vehicle and the digital key device, further includes: encrypting a first identifier of the digital key device by using the device fingerprint to obtain key information; the key information is sent to the vehicle, wherein the vehicle decrypts the key information according to the device fingerprint to obtain a first identifier, a first preset white list is inquired according to the first identifier, and if the digital key is obtained through inquiry, the vehicle identifier of the vehicle is encrypted through the device fingerprint to obtain the vehicle information; and receiving the vehicle information, decrypting the vehicle information by using the device fingerprint to obtain a vehicle identifier, inquiring a second preset white list according to the vehicle identifier, and if the vehicle is inquired, establishing a preset safety channel between the vehicle and the digital key device.
The device fingerprint can encrypt the device and decrypt the information of the device; the first identification refers to information that can identify the digital key device, and can be set as the ID of the digital key device; the vehicle identification means information that can identify the vehicle device, and can be set as an ID of the vehicle device; the first preset white list refers to a list library for storing digital key information; the second preset white list refers to a list library storing vehicle information.
It can be understood that, in the embodiment of the present application, the device fingerprint is generated by collecting the feature value of the channel by the vehicle device, the device fingerprint is used as an algorithm key, data sent by the digital key is decrypted, the device ID of the digital key is obtained, the vehicle device queries key information in the first preset white list, if the device fingerprint exists, the device ID value of the vehicle is encrypted by using the device fingerprint as the key, the digital key is sent, otherwise, the connection is disconnected, the digital key obtains the device ID of the vehicle, if the device ID exists, the device ID value is queried in the second preset white list, if the device ID value exists, the device ID value is established as a security channel, and subsequent operations are performed, otherwise, the connection is disconnected. Through the double check of the digital key information and the vehicle information of the vehicle equipment and the digital key, the legality of the equipment can be ensured, and a safe communication channel is constructed.
In step S103, a session maintenance message sent by the digital key device at intervals of a preset duration is received, and after the digital key is verified to be a preset legal key according to the session maintenance message, the preset security channel is maintained in a preset session state, otherwise, the preset security channel is disconnected.
In this embodiment of the present application, before receiving a session maintenance message sent by a digital key device at a preset interval, the method further includes: the method comprises the steps of sending a vehicle-side random number and an IV value to a digital key device, and receiving an application identifier, a key-side random number, key information and a key ciphertext generated by encrypting based on the vehicle-side random number and the key-side random number, which are sent by the digital key device; calculating a digital key according to the application identifier, the key side random number and the key information, deriving a communication key from the digital key, decrypting a key ciphertext by using the communication key, and encrypting to generate a vehicle end ciphertext according to counting information of a key counter of the digital key and the vehicle side random number if the decrypted information is consistent with the vehicle side random number and the key side random number; the vehicle-side session key is obtained by the digital key device through calculation according to the communication key, the IV value and the hash value of the vehicle-side random number, and the vehicle-side random number is encrypted by the key-side session key to obtain a session ciphertext; and calculating a vehicle side session key according to the communication key, the IV value and the hash value of the vehicle side random number, decrypting a session ciphertext by using the vehicle side session key, and completing the identity security authentication of the digital key at the vehicle side if the decrypted information is consistent with the vehicle side random number.
It can be understood that in the embodiment of the present application, first, a random number is obtained from the vehicle for authentication of the digital key, the vehicle end transmits the vehicle-side random number and the IV value to the key side, obtains the application identifier, the random number, and the key information of the key, and meanwhile, the key side may derive a communication secret key through the digital secret key, encrypt the key-side random number and the vehicle-side random number into a ciphertext through a symmetric algorithm (AES 128), and send the ciphertext to the vehicle end. Secondly, the vehicle end adopts a decentralized algorithm, calculates a digital secret key by using the application identifier, the random number and the key information acquired from the key, derives a communication secret key from the digital secret key, decrypts the key ciphertext for comparison, and if the comparison is successful, forms a ciphertext by the key counter and the key random number and sends the ciphertext to the digital key. And finally, generating a session key for encrypting/decrypting the vehicle control command through the mutual authentication of the vehicle side and the key side. The key utilizes the communication secret key to decrypt the vehicle-side ciphertext and compares the vehicle-side ciphertext with the communication secret key to know, if the data is correct, the communication secret key is used for decrypting, the IV value and the hash value of the vehicle-side random number are used for calculating a session secret key, the session secret key is used for encrypting the vehicle-side random number and sending the vehicle-side random number to the vehicle side, the vehicle side adopts the communication secret key, the IV value and the hash value of the vehicle-side random number to calculate the session secret key, the ciphertext of the key is decrypted and compared, if the vehicle-side random number is correct, the safety certification is successful, and if the vehicle-side random number is not correct, the certification is failed. In conclusion, the legality of the digital key access is ensured through the bidirectional identity authentication of the vehicle side and the key side, the illegal digital key is prevented from accessing the vehicle, and the safety of vehicle data is ensured.
In this embodiment of the present application, the session maintenance message includes a random number, a timestamp, and an id check code MAC value of the digital key, and after the digital key is verified as a preset legal key according to the session maintenance message, the preset secure channel is maintained in a preset session state, otherwise, the preset secure channel is disconnected, further including: checking whether the timestamp meets a preset condition; if the timestamp meets the preset condition, performing MAC calculation according to the random number and the timestamp to obtain an actual MAC value; and if the actual MAC value is consistent with the MAC value of the session keeping message, verifying that the digital key is a preset legal key, keeping the preset secure channel in a preset session state, otherwise, verifying that the digital key is a preset illegal key, and disconnecting the preset secure channel.
The session maintenance message is composed of a random number, a timestamp and an MAC value, and the MAC value can be generated by performing MAC calculation on the random number and the timestamp by using a session key.
It can be understood that, after the vehicle end obtains the session maintenance message, the timestamp is verified, if the verification is successful, the MAC calculation is performed on the random number and the timestamp, the received MAC value and the generated MAC value are compared, if the received MAC value and the generated MAC value are consistent, the verification is successful, the digital key is determined to be a legal key, the vehicle end maintains the connection state with the key, and otherwise, the connection is disconnected.
It should be noted that, the vehicle after passing the security authentication may periodically receive the session maintenance message sent by the digital key and perform verification until the connection is closed, so as to prevent the vehicle from simulating a legal key to send an illegal vehicle control command after passing the authentication.
The following describes a method for security authentication of a digital key according to an embodiment, as shown in fig. 2, the steps are as follows:
step S11: preparation phase for pairing digital key and vehicle
When using the digital key, APP can be in BLEKINFO inside the bluetooth of drawing the target vehicle and mate information and search for target vehicle bluetooth equipment, in case search the target vehicle, cell-phone APP can accomplish the bluetooth data automatically and pair.
Step S12: secure channel establishment of digital key and vehicle
As shown in fig. 3, the digital key establishes a secure channel with the vehicle, including:
step S21: digital key generating device fingerprint, transmitting key information
And the digital key acquires the characteristic value of the channel to generate a device fingerprint, the device fingerprint is used as a symmetric algorithm key to encrypt the device ID, and the ciphertext is sent to the vehicle device.
Step S22: vehicle generating device fingerprint to obtain key information
The vehicle equipment acquires the characteristic value of the channel to generate equipment fingerprint, the equipment fingerprint is used as an algorithm key, data sent by the digital key are decrypted, and the equipment ID of the digital key is obtained.
Step S23: vehicle equipment checking digital key information
And the vehicle equipment inquires key information in the equipment white list, if the key information exists, the equipment fingerprint is used as the key to encrypt the ID value of the vehicle equipment, and the digital key is sent, otherwise, the connection is disconnected.
Step S24: digital key checking vehicle information
And the digital key acquires the ID of the vehicle equipment, inquires whether the ID exists in the white list, completes the establishment of a safety channel and performs standard safety certification if the ID exists, and otherwise disconnects the connection.
Step S13: standard safety certification of digital key and vehicle
As shown in fig. 4, the digital key performs standard security authentication with the vehicle according to the authentication request, including:
step S31: select safety application for vehicle selection
Select is used to Select a security application in the vehicle-end container by AID.
Step S32: key-chosen secure application-Select
Select is used to Select a secure application in the key container by AID.
Step S33: obtaining random number-GetChallenge of vehicle end
GetChallenge is used to obtain a random number (ReaderRnd) from a security application for authentication of a digital key.
Step S34: get processed data-GetProcessData
GetProcessData is used to obtain one or more base objects from the key. In the process, the vehicle side transmits the vehicle side random number and the IV value to the key side to obtain an application identifier, the random number and key information of the key, meanwhile, the key side can derive a communication key through a digital key, and the key side random number and the vehicle side random number are encrypted into a ciphertext through a symmetric algorithm (AES 128) and sent to the vehicle side.
Step S35: verification process data-VerifyProcessData
The VerifyProcessData is used to validate the process data returned by the key side. In the process, the vehicle end adopts a dispersion algorithm, calculates a digital key by using an application identifier, a random number and key information acquired from a key, derives a communication key from the digital key, decrypts a key ciphertext for comparison, and forms a ciphertext by using counting information of a key counter and the key random number if the comparison is successful, and sends the ciphertext to the digital key.
Step S36: get authentication data-GetAuthData
GetAuthData is used for finishing the bidirectional identity authentication of the vehicle side and the key side, and generating a session key for encrypting/decrypting the vehicle control command. In the process, the key decrypts the vehicle end ciphertext by using the communication key and compares the vehicle end ciphertext with the vehicle end ciphertext, and if the data is correct, the session key is calculated by using the hash value of the communication key, the IV finger and the vehicle side random number and is used for encrypting the vehicle side random number and sending the vehicle side random number to the vehicle end.
Step S37: verification authentication data-VerifyAuthData
The VerifyAuthData is used for finishing the bidirectional identity authentication of the vehicle side and the key side and generating a session key for encrypting/decrypting the vehicle control command. In the process, the vehicle end calculates a session key by adopting a hash value of a communication key, an IV finger and a vehicle side random number, decrypts and compares ciphertext of the key, if the ciphertext is correct, the security authentication is successfully returned, and if the ciphertext is incorrect, the session is ended.
Step S14: after successful authentication, session between the digital key and the vehicle is maintained
And the vehicle after passing the security authentication can periodically receive the session maintenance message sent by the Bluetooth digital key and check the session maintenance message until the connection is closed.
According to the security authentication method of the digital key, provided by the embodiment of the application, the device fingerprint can be generated according to the channel characteristic value of wireless communication between the vehicle and the digital key, the security channel is established by using the device fingerprint, then standard authentication is performed, one more layer of security channel establishment is performed on the basis of the traditional security authentication, the vehicle control operation of an illegal user is avoided, and the information security and privacy in the communication process are improved; the MAC value can be calculated according to the random number and the timestamp, and the MAC value is compared with the MAC value of the session maintenance message to judge whether the MAC value is consistent or not, so that whether the digital key is legal or not is judged, a safety channel is established, and the condition that an illegal user is connected with a vehicle to perform vehicle control operation can be avoided; the first identification sent by the digital key can be decrypted by using the device fingerprint to obtain key information, the vehicle device inquires the key information in a white list, if the key information exists, the vehicle identification is encrypted by using the device fingerprint, the vehicle information is decrypted by using the device fingerprint, the white list is inquired, after the key information exists, a safety channel is established, and the safety of vehicle connection is ensured by establishing the safety channel through double encryption and decryption; can generate a conversation secret key through the two-way authentication of car side and key side and be used for the encryption/decryption of car accuse instruction, can realize the identity security authentication of vehicle and digital key, avoid illegal user to connect, improve the security of vehicle data, the double-deck information security of guaranteeing.
Based on the method for authenticating the digital key described in the above embodiment, a method for authenticating the digital key is described below, which is applied to a digital key device, and as shown in fig. 5, the method includes the following steps:
in step S201, a channel characteristic value of the vehicle in wireless communication with the digital key apparatus is extracted.
In step S202, a device fingerprint is generated according to the channel feature value, and after the vehicle is verified to be a preset legal vehicle based on the device fingerprint, a preset security channel between the vehicle and the digital key device is established.
The device fingerprint has already been described in the above embodiments, and is not described here again.
It can be understood that, in the embodiment of the application, the legality of the vehicle needs to be verified based on the device fingerprint, and when the vehicle is a legal vehicle, a preset safety channel between the vehicle and the digital key device is established, so that when the vehicle is an illegal vehicle, wrong connection is performed, and the safety of information in the vehicle cannot be guaranteed.
In step S203, a session maintenance message is sent to the vehicle at intervals of a preset duration, wherein after the vehicle verifies that the digital key is a preset legal key according to the session maintenance message, the preset security channel is maintained in a preset session state, and otherwise, the preset security channel is disconnected.
It can be understood that the digital key sends the session maintenance message to the vehicle at a preset time interval, and the vehicle may verify the validity of the key according to the session maintenance message, where the verification method has been described in the above embodiments, and is not described herein again.
According to the security authentication method of the digital key, provided by the embodiment of the application, the channel characteristic value can be used as the equipment fingerprint according to the difference of the wireless communication channel, the identity validity of the digital key access is verified based on the equipment fingerprint, the illegal digital key is prevented from accessing the vehicle, illegal operation and control are performed, and after the digital key passes the authentication, a session maintenance message needs to be periodically sent to the vehicle, the continuous identity verification is performed, and the illegal vehicle control command is prevented from being sent by simulating the legal key after the authentication passes.
Next, a security authentication apparatus for a digital key according to an embodiment of the present application will be described with reference to the drawings.
Fig. 6 is a block diagram schematically illustrating a security authentication apparatus for a digital key according to an embodiment of the present application.
As shown in fig. 6, the digital key security authentication device 10 applied to a vehicle includes: a first extraction module 101, a first creation module 102 and a first verification module 103.
The first extraction module 101 is configured to extract a channel characteristic value of a vehicle in wireless communication with a digital key device; the first establishing module 102 is configured to generate an apparatus fingerprint according to the channel feature value, and establish a preset security channel between the vehicle and the digital key apparatus after verifying that the digital key is a preset valid key based on the apparatus fingerprint; the first verification module 103 is configured to receive a session maintenance message sent by the digital key device at intervals of a preset duration, maintain the preset security channel in a preset session state after verifying that the digital key is a preset legal key according to the session maintenance message, and otherwise disconnect the preset security channel.
It should be noted that the above explanation of the embodiment of the method for authenticating a digital key is also applicable to the apparatus for authenticating a digital key of this embodiment, and will not be described herein again.
According to the security authentication device of the digital key, provided by the embodiment of the application, the device fingerprint can be generated according to the channel characteristic value of wireless communication between the vehicle and the digital key, the security channel is established by using the device fingerprint, then standard authentication is performed, one more layer of security channel establishment is performed on the basis of the traditional security authentication, the vehicle control operation of an illegal user is avoided, and the information security and privacy in the communication process are improved; the MAC value can be calculated according to the random number and the timestamp, and the MAC value is compared with the MAC value of the session maintenance message to judge whether the MAC value is consistent or not, so that whether the digital key is legal or not is judged, a safety channel is established, and the condition that an illegal user is connected with a vehicle to perform vehicle control operation can be avoided; the first identification sent by the digital key can be decrypted by using the device fingerprint to obtain key information, the vehicle device inquires the key information in a white list, if the key information exists, the vehicle identification is encrypted by using the device fingerprint, the vehicle information is decrypted by using the device fingerprint, the white list is inquired, after the key information exists, a safety channel is established, and the safety of vehicle connection is ensured by establishing the safety channel through double encryption and decryption; can generate a conversation secret key through the two-way authentication of car side and key side and be used for the encryption/decryption of car accuse instruction, can realize the identity security authentication of vehicle and digital key, avoid illegal user to connect, improve the security of vehicle data, the double-deck information security of guaranteeing.
Fig. 7 is a block diagram schematically illustrating a security authentication apparatus for a digital key according to an embodiment of the present application.
As shown in fig. 7, the security authentication device 20 for a digital key, applied to a digital key, includes: a second extraction module 201, a second creation module 202 and a second verification module 203.
The second extraction module 201 extracts a channel characteristic value of the vehicle in wireless communication with the digital key device; the second establishing module 202 generates a device fingerprint according to the channel characteristic value, and establishes a preset safety channel between the vehicle and the digital key device after verifying that the vehicle is a preset legal vehicle based on the device fingerprint; the second verification module 203 sends a conversation keeping message to the vehicle at intervals of a preset time length, wherein the vehicle keeps the preset security channel in a preset conversation state after verifying that the digital key is a preset legal key according to the conversation keeping message, and otherwise, the preset security channel is disconnected.
It should be noted that the above explanation of the embodiment of the security authentication method for a digital key is also applicable to the security authentication apparatus for a digital key of the embodiment, and is not repeated herein.
According to the security authentication device of the digital key, provided by the embodiment of the application, the channel characteristic value can be used as the equipment fingerprint according to the difference of the wireless communication channel, the identity validity of the digital key access is verified based on the equipment fingerprint, the illegal digital key is prevented from accessing the vehicle, illegal operation and control are performed, and after the digital key passes the authentication, a session keeping message needs to be periodically sent to the vehicle, the continuous identity verification is performed, and the illegal vehicle control command is prevented from being sent by simulating the legal key after the authentication passes.
Fig. 8 is a schematic structural diagram of a vehicle according to an embodiment of the present application. The vehicle may include:
a memory 801, a processor 802, and a computer program stored on the memory 801 and executable on the processor 802.
The processor 802, when executing the program, implements the method for secure authentication of a digital key provided in the above-described embodiments.
Further, the vehicle further includes:
a communication interface 803 for communicating between the memory 801 and the processor 802.
A memory 801 for storing computer programs operable on the processor 802.
The Memory 801 may include a high-speed RAM (Random Access Memory) Memory, and may also include a non-volatile Memory, such as at least one disk Memory.
If the memory 801, the processor 802, and the communication interface 803 are implemented independently, the communication interface 803, the memory 801, and the processor 802 may be connected to each other via a bus and perform communication with each other. The bus may be an ISA (Industry Standard Architecture) bus, a PCI (Peripheral Component interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 8, but this is not intended to represent only one bus or type of bus.
Optionally, in a specific implementation, if the memory 801, the processor 802, and the communication interface 803 are integrated on one chip, the memory 801, the processor 802, and the communication interface 803 may complete mutual communication through an internal interface.
The processor 802 may be a Central Processing Unit (CPU), an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits configured to implement embodiments of the present Application.
The embodiment of the present application further provides a digital key device, which includes: the digital key authentication method includes a memory, a processor and a computer program stored in the memory and capable of running on the processor, wherein the processor executes the program to implement the digital key authentication method of the above embodiment. .
In the description herein, reference to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the application. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or N embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present application, "N" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more N executable instructions for implementing steps of a custom logic function or process, and alternate implementations are included within the scope of the preferred embodiment of the present application in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of implementing the embodiments of the present application.
It should be understood that portions of the present application may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the N steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. If implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a programmable gate array, a field programmable gate array, or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
Although embodiments of the present application have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present application, and that variations, modifications, substitutions and alterations may be made to the above embodiments by those of ordinary skill in the art within the scope of the present application.

Claims (10)

1. A security authentication method of a digital key, wherein the method is applied to a vehicle, wherein the method comprises the steps of:
extracting a channel characteristic value of the vehicle in wireless communication with the digital key device;
generating an equipment fingerprint according to the channel characteristic value, and establishing a preset safety channel between the vehicle and the digital key equipment after verifying that the digital key is a preset legal key based on the equipment fingerprint;
and receiving a session maintenance message sent by the digital key equipment at intervals of a preset duration, and after verifying that the digital key is a preset legal key according to the session maintenance message, maintaining the preset security channel in a preset session state, otherwise, disconnecting the preset security channel.
2. The method according to claim 1, wherein the session maintenance message includes a random number, a timestamp, and an id check code MAC value of the digital key, and the method further comprises, after verifying that the digital key is a predetermined legal key according to the session maintenance message, maintaining the predetermined secure channel in a predetermined session state, otherwise disconnecting the predetermined secure channel:
checking whether the timestamp meets a preset condition;
if the timestamp meets the preset condition, performing MAC calculation according to the random number and the timestamp to obtain an actual MAC value;
and if the actual MAC value is consistent with the MAC value of the session keeping message, verifying that the digital key is a preset legal key, keeping the preset secure channel in a preset session state, otherwise, verifying that the digital key is a preset illegal key, and disconnecting the preset secure channel.
3. The method of claim 1, wherein establishing a predetermined secure channel between the vehicle and the digital key device after verifying that the digital key is a predetermined legitimate key based on the device fingerprint further comprises:
encrypting a first identifier of the digital key device by using the device fingerprint to obtain key information;
the key information is sent to the vehicle, wherein the vehicle decrypts the key information according to the equipment fingerprint to obtain the first identifier, a first preset white list is inquired according to the first identifier, and if the digital key is obtained through inquiry, the vehicle identifier of the vehicle is encrypted through the equipment fingerprint to obtain vehicle information;
and receiving the vehicle information, decrypting the vehicle information by using the device fingerprint to obtain the vehicle identifier, inquiring a second preset white list according to the vehicle identifier, and if the vehicle is inquired, establishing a preset safety channel between the vehicle and the digital key device.
4. The method according to claim 1, wherein before receiving the session maintenance message sent by the digital key device at intervals of a preset duration, further comprising:
transmitting a vehicle-side random number and an IV value to the digital key device, and receiving an application identifier of the digital key, a key-side random number, key information and a key ciphertext generated by encrypting based on the vehicle-side random number and the key-side random number, which are transmitted by the digital key device;
calculating a digital key according to the application identifier, the key side random number and the key information, deriving a communication key from the digital key, decrypting the key ciphertext by using the communication key, and encrypting and generating a vehicle end ciphertext according to counting information of a key counter of the digital key and the vehicle side random number if information obtained by decryption is consistent with the vehicle side random number and the key side random number;
sending the vehicle-side ciphertext to the digital key device, wherein the digital key device derives a communication key from a digital key, decrypts the vehicle-side ciphertext by using the communication key, completes the identity security authentication of the vehicle on the key side if the decrypted information is consistent with the counting information of the key counter and the vehicle-side random number, calculates a key-side session key according to the communication key, the IV value and the hash value of the vehicle-side random number, and encrypts the vehicle-side random number by using the key-side session key to obtain a session ciphertext;
and calculating a vehicle side session key according to the communication key, the IV value and the hash value of the vehicle side random number, decrypting the session ciphertext by using the vehicle side session key, and finishing the identity security authentication of the digital key at the vehicle side if the decrypted information is consistent with the vehicle side random number.
5. The method according to any one of claims 1 to 4, characterized by, before extracting the channel characteristic value of the vehicle wirelessly communicating with the digital key device, further comprising:
receiving a pairing request of a digital key device;
and pairing with the digital key device according to the pairing request.
6. A method for secure authentication of a digital key, the method being applied to a digital key device, wherein the method comprises the steps of:
extracting a channel characteristic value of a vehicle in wireless communication with the digital key device;
generating a device fingerprint according to the channel characteristic value, and establishing a preset safety channel between the vehicle and the digital key device after verifying that the vehicle is a preset legal vehicle based on the device fingerprint;
and sending a conversation maintaining message to the vehicle at intervals of preset duration, wherein the vehicle maintains the preset security channel in a preset conversation state after verifying that the digital key is a preset legal key according to the conversation maintaining message, and otherwise, the preset security channel is disconnected.
7. A security authentication apparatus for a digital key, the apparatus being applied to a vehicle, wherein the apparatus comprises:
a first extraction module for extracting a channel characteristic value of the vehicle wirelessly communicating with the digital key device;
the first establishing module is used for generating an equipment fingerprint according to the channel characteristic value, and establishing a preset safety channel between the vehicle and the digital key equipment after the digital key is verified to be a preset legal key based on the equipment fingerprint;
the first verification module is used for receiving a session maintenance message sent by the digital key device at intervals of preset duration, maintaining the preset security channel in a preset session state after verifying that the digital key is a preset legal key according to the session maintenance message, and otherwise disconnecting the preset security channel.
8. A security authentication device for a digital key, the device being applied to a digital key apparatus, wherein the device comprises:
the second extraction module is used for extracting a channel characteristic value of a vehicle in wireless communication with the digital key device;
the second establishing module is used for generating an equipment fingerprint according to the channel characteristic value, and establishing a preset safety channel between the vehicle and the digital key equipment after the vehicle is verified to be a preset legal vehicle based on the equipment fingerprint;
and the second verification module is used for sending a conversation maintaining message to the vehicle at intervals of preset time length, wherein the vehicle maintains the preset security channel in a preset conversation state after verifying that the digital key is a preset legal key according to the conversation maintaining message, and otherwise, the preset security channel is disconnected.
9. A vehicle, characterized by comprising: memory, a processor and a computer program stored on the memory and executable on the processor, the processor executing the program to implement the method of secure authentication of a digital key according to any one of claims 1 to 5.
10. A digital key apparatus, comprising: memory, a processor and a computer program stored on the memory and executable on the processor, the processor executing the program to implement the method of secure authentication of a digital key according to claim 6.
CN202211334015.2A 2022-10-28 2022-10-28 Security authentication method and device for digital key, vehicle and digital key equipment Pending CN115690955A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211334015.2A CN115690955A (en) 2022-10-28 2022-10-28 Security authentication method and device for digital key, vehicle and digital key equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211334015.2A CN115690955A (en) 2022-10-28 2022-10-28 Security authentication method and device for digital key, vehicle and digital key equipment

Publications (1)

Publication Number Publication Date
CN115690955A true CN115690955A (en) 2023-02-03

Family

ID=85045448

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211334015.2A Pending CN115690955A (en) 2022-10-28 2022-10-28 Security authentication method and device for digital key, vehicle and digital key equipment

Country Status (1)

Country Link
CN (1) CN115690955A (en)

Similar Documents

Publication Publication Date Title
CN109076078B (en) Method for establishing and updating a key for secure on-board network communication
US10708062B2 (en) In-vehicle information communication system and authentication method
CN107800539B (en) Authentication method, authentication device and authentication system
CN110572418B (en) Vehicle identity authentication method and device, computer equipment and storage medium
CN105516103B (en) Method, device and system for binding intelligent household electrical appliance
WO2018050081A1 (en) Device identity authentication method and apparatus, electric device, and storage medium
US7552322B2 (en) Using a portable security token to facilitate public key certification for devices in a network
CN111447601B (en) Implementation method and device of automobile Bluetooth key
JP6260067B1 (en) Management system, key generation device, in-vehicle computer, management method, and computer program
CN111131313B (en) Safety guarantee method and system for replacing ECU (electronic control Unit) of intelligent networked automobile
CN110990827A (en) Identity information verification method, server and storage medium
CN112396735B (en) Internet automobile digital key safety authentication method and device
JP2008547246A (en) Method for comprehensive authentication and management of service provider, terminal and user identification module, and system and terminal apparatus using the method
JP2019009688A (en) Maintenance system and maintenance method
CN110650478B (en) OTA method, system, device, SE module, program server and medium
CN111083696B (en) Communication verification method and system, mobile terminal and vehicle machine side
CN114499876B (en) Internet of things data storage and verification method based on blockchain and NB-IoT chip
CN113115255A (en) Certificate issuing method, secret key authentication method, vehicle unlocking method, equipment and storage medium
CN108352982B (en) Communication device, communication method, and recording medium
CN114696998A (en) Identity authentication method, device and system
KR102415628B1 (en) Method and apparatus for authenticating drone using dim
CN113676478B (en) Data processing method and related equipment
CN113115309B (en) Data processing method and device for Internet of vehicles, storage medium and electronic equipment
CN113676330B (en) Digital certificate application system and method based on secondary secret key
CN115690955A (en) Security authentication method and device for digital key, vehicle and digital key equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination