CN115915131B - Vehicle key bidirectional encryption authentication method and system, vehicle binding device and NFC card - Google Patents

Vehicle key bidirectional encryption authentication method and system, vehicle binding device and NFC card Download PDF

Info

Publication number
CN115915131B
CN115915131B CN202211291413.0A CN202211291413A CN115915131B CN 115915131 B CN115915131 B CN 115915131B CN 202211291413 A CN202211291413 A CN 202211291413A CN 115915131 B CN115915131 B CN 115915131B
Authority
CN
China
Prior art keywords
ciphertext
key
vehicle
nfc card
random number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211291413.0A
Other languages
Chinese (zh)
Other versions
CN115915131A (en
Inventor
彭雪城
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yuanfeng Technology Co Ltd
Original Assignee
Yuanfeng Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yuanfeng Technology Co Ltd filed Critical Yuanfeng Technology Co Ltd
Priority to CN202211291413.0A priority Critical patent/CN115915131B/en
Publication of CN115915131A publication Critical patent/CN115915131A/en
Application granted granted Critical
Publication of CN115915131B publication Critical patent/CN115915131B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The invention discloses a vehicle key bidirectional encryption authentication method, a system, a vehicle binding device and an NFC card, wherein in the vehicle key bidirectional encryption authentication method, the vehicle binding device and the NFC card are subjected to bidirectional encryption authentication based on random numbers and secret keys, so that the vehicle binding device and the NFC card can mutually decrypt and then send key ciphertext to the NFC card, after the NFC card successfully decrypts the key ciphertext, the vehicle binding device stores a first identifier of the NFC card to an identifier database, and because the encrypted ciphertext is sent between the vehicle binding device and the NFC card in the bidirectional encryption authentication and binding processes of the vehicle binding device and the NFC card, the communication safety of the vehicle binding device and the NFC card can be improved, and external attack can be prevented, so that the safety and the reliability of vehicle key binding are improved.

Description

Vehicle key bidirectional encryption authentication method and system, vehicle binding device and NFC card
Technical Field
The invention relates to the technical field of automobiles, in particular to a vehicle key bidirectional encryption authentication method and system, a vehicle binding device and an NFC card.
Background
At present, the automobile has become an indispensable part in people's life, and along with the rapid development of science and technology and the continuous promotion of consumption demand, each manufacturer begins gradually adopting NFC card to unlock vehicle binding device, in order to realize that NFC card is to unlock vehicle binding device, need bind the authentication to between NFC card and the vehicle binding device, bind the key data of vehicle binding device in NFC card to the binding authentication between NFC card and the vehicle binding device in prior art generally, when swiping the card with NFC card to vehicle binding device, NFC sends the key data of storage to vehicle binding device, vehicle binding device verifies whether key data carries out unblock after correct, the shutting, start, close etc. in order to guarantee the security when binding authentication, vehicle binding device can encrypt the ciphertext that produces with key data and send NFC card, NFC ciphertext is decrypted to obtain key data and is preserved. At present, the binding authentication only binds key data of a vehicle binding device on an NFC card, only encrypts the key data, and the NFC card is easy to crack by external attack, so that the safety and reliability are difficult to ensure.
Disclosure of Invention
The invention aims to provide a vehicle key bidirectional encryption authentication method, a system, a vehicle binding device and an NFC card, which can effectively improve the safety and reliability of the vehicle key during binding.
In order to achieve the above object, the present invention provides a vehicle key bidirectional encryption authentication method for binding a vehicle binding device with an NFC card, the bidirectional encryption authentication method being performed by the vehicle binding device, the bidirectional encryption authentication method comprising:
transmitting a first request to the NFC card, wherein the first request comprises a first random number;
receiving a first response sent by the NFC card based on the first request, wherein the first response comprises a first identifier and a second random number, and the first identifier is an identification code of the NFC card;
encrypting the second random number to generate a first ciphertext and transmitting the first ciphertext to the NFC card;
receiving a second ciphertext sent by the NFC card, wherein the second ciphertext is generated by encrypting the first random number when the NFC card decrypts the first ciphertext and is consistent with the second random number;
decrypting the second ciphertext and comparing the second ciphertext with the first random number;
if the comparison is consistent, generating a key ciphertext according to first data and sending the key ciphertext to the NFC card, wherein the first data comprises key data, and the key data is generated based on the first identifier and key parameters preset in the vehicle binding device;
And receiving a state signal sent by the NFC card, and determining whether to store the first identifier to an identifier database according to the state signal, wherein the state signal indicates that the NFC card successfully or unsuccessfully receives the first data.
Optionally, the encrypting the second random number to generate a first ciphertext and sending the first ciphertext to the NFC card includes:
generating a first key based on the first identification;
encrypting the second random number with the first key generates the first ciphertext.
Optionally, the second ciphertext is generated by the NFC card by encrypting the first random number according to a second key, and the second key is generated according to a key parameter preset in the NFC card.
Optionally, the bidirectional encryption authentication method further includes:
generating a check code according to the first data;
and the check code and the key ciphertext are transmitted to the NFC card together.
Optionally, the first data further includes a vehicle identification number; or (b)
The first data also includes a vehicle identification number and a number of binding cards.
Optionally, before the sending the first request to the NFC card, the bidirectional encryption authentication method further includes:
receiving an instruction sent by an upper computer and entering a binding mode according to the instruction;
The receiving the status signal sent by the NFC card further includes:
and generating a binding result signal according to the state signal and sending the binding result signal to the upper computer, wherein the binding result signal comprises a binding success signal and a binding failure signal.
Optionally, the first request further includes a second identifier, where the second identifier is an identifier code of the vehicle-end security chip.
In order to achieve the above object, the present invention further provides a vehicle key bidirectional encryption authentication method for binding a vehicle binding device with an NFC card, the bidirectional encryption authentication method being performed by the NFC card, the bidirectional encryption authentication method comprising:
receiving a first request sent by the vehicle binding device, wherein the first request comprises a first random number;
transmitting a first response to the vehicle binding device based on the first request, wherein the first response comprises a first identifier and a second random number, and the first identifier is an identification code of the NFC card;
receiving a first ciphertext, the first ciphertext generated by the vehicle binding apparatus encrypting the second random number;
decrypting the first ciphertext and comparing the first ciphertext with the second random number;
If the comparison is consistent, encrypting the first random number to generate a second ciphertext and transmitting the second ciphertext to the vehicle binding device;
receiving a key ciphertext sent by the vehicle binding device, wherein the key ciphertext is generated according to first data when the second ciphertext decrypted by the vehicle binding device is consistent with the first random number, and the first data comprises key data which is generated based on the first identifier and key parameters preset in the vehicle binding device;
decrypting the key ciphertext and verifying the decrypted data;
and generating a state signal according to the verification result and sending the state signal to the vehicle binding device, wherein the state signal indicates that the NFC card successfully or unsuccessfully receives the first data.
Optionally, the first ciphertext is generated by the vehicle binding apparatus encrypting the second random number according to a first key generated based on the first identity.
Optionally, the second ciphertext is generated by the NFC card by encrypting the first random number according to a second key, and the second key is generated according to a key parameter preset in the NFC card.
Optionally, the key ciphertext is generated by the vehicle binding device encrypting first data, where the first data includes key data obtained according to the first identifier.
Optionally, the receiving unit receives a key ciphertext sent by the vehicle binding device and also receives a check code, where the check code is generated according to the first data;
the decrypting the key ciphertext and verifying the decrypted data comprises:
decrypting the key ciphertext to obtain decrypted data;
calculating a verification code according to the decrypted data, and comparing the verification code with the verification code;
and if the comparison is consistent, storing the decrypted key data, and generating a state signal representing successful reception of the first data.
In order to achieve the above object, the present invention further provides a vehicle binding device, which includes a main module, a vehicle-end security chip, and an NFC slave module, where the main module is respectively in communication connection with the vehicle-end security chip and the NFC slave module, and the NFC slave module is configured to establish communication connection with an NFC card;
the master module sends a first request to the NFC card through the NFC slave module, wherein the first request comprises a first random number generated by the vehicle-end security chip;
the main module receives a first response sent by the NFC card based on the first request through the NFC slave module, wherein the first response comprises a first identifier and a second random number, and the first identifier is an identification code of the NFC card;
The vehicle-end security chip encrypts the second random number to generate a first ciphertext, and the master module sends the first ciphertext to the NFC card through the NFC slave module;
the main module receives a second ciphertext sent by the NFC card through the NFC slave module, and the second ciphertext is generated by encrypting the first random number when the NFC card decrypts the first ciphertext and is consistent with the second random number;
the vehicle-end security chip decrypts the second ciphertext and compares the second ciphertext with the first random number;
if the comparison is consistent, the vehicle-end security chip generates a key ciphertext according to the first data The master module sends the key ciphertext to the NFC card through the NFC slave moduleThe first data comprises key data, and the key data is generated based on the first identifier and key parameters preset in the vehicle binding device;
the main module receives a status signal sent by the NFC card through the NFC slave module and determines whether to store the first identifier to an identifier database according to the status signal, wherein the status signal indicates that the NFC card successfully or unsuccessfully receives the first data.
Optionally, the vehicle binding device further includes an upper computer, where the upper computer is in communication connection with the master module, and before the master module sends a first request to the NFC card through the NFC slave module, the upper computer sends an instruction to the master module, and the master module enters a binding mode according to the instruction;
after the main module receives the state signal sent by the NFC card through the NFC slave module, the main module generates a binding result signal according to the state signal and sends the binding result signal to the upper computer, wherein the binding result signal comprises a binding success signal and a binding failure signal.
In order to achieve the above object, the present invention further provides an NFC card, which includes a transceiver module and a card-end security chip, where the transceiver module is used for communication connection with a vehicle binding device;
the transceiver module receives a first request sent by the vehicle binding device, wherein the first request comprises a first random number;
the transceiver module sends a first response to the vehicle binding device based on the first request, wherein the first response comprises a first identifier and a second random number, and the first identifier is an identification code of the NFC card;
The receiving and transmitting module receives a first ciphertext, and the first ciphertext is generated by the vehicle binding device encrypting the second random number;
the card end security chip decrypts the first ciphertext and compares the first ciphertext with the second random number;
if the comparison is consistent, the card end security chip encrypts the first random number to generate a second ciphertext, and the receiving and transmitting module sends the second ciphertext to the vehicle binding device;
the receiving and transmitting module receives a key ciphertext sent by the vehicle binding device, and when the second ciphertext decrypted by the vehicle binding device is consistent with the first random number, the key ciphertext is generated according to first data, the first data comprises key data, and the key data is generated based on the first identifier and key parameters preset in the vehicle binding device;
the card end security chip decrypts the key ciphertext and verifies the decrypted data;
the card-end safety chip generates a status signal according to the verification result, the transceiver module sends the status signal to the vehicle binding device, and the status signal indicates that the NFC card successfully or unsuccessfully receives the first data.
In order to achieve the above purpose, the invention also provides a vehicle key bidirectional encryption authentication system, which comprises the vehicle binding device and the NFC card, wherein the NFC slave module and the transceiver module are in communication connection.
In order to achieve the above object, the present invention also provides an electronic device including:
one or more processors;
a memory;
and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the programs comprising instructions for performing the two-way cryptographic authentication method as described above.
To achieve the above object, the present invention also provides a computer-readable storage medium including a computer program executable by a processor to implement the bidirectional encryption authentication method as described above.
The present invention also provides a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the electronic device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions so that the electronic device performs the bidirectional cryptographic authentication method as described above.
According to the vehicle key bidirectional encryption authentication method, the vehicle binding device and the NFC card are subjected to bidirectional encryption authentication based on the random number and the secret key, the fact that the vehicle binding device and the NFC card can mutually decrypt and then send the key ciphertext to the NFC card is guaranteed, after the NFC card successfully decrypts the key ciphertext, the vehicle binding device stores a first identifier of the NFC card to the identifier database, and because encrypted ciphertext is sent between the vehicle binding device and the NFC card in the bidirectional encryption authentication and binding processes, the safety of communication between the vehicle binding device and the NFC card can be improved, external attack can be prevented, and therefore safety and reliability of vehicle key binding are improved.
Drawings
Fig. 1 is a flowchart of a vehicle key bidirectional encryption authentication method according to an embodiment of the present invention.
Fig. 2 is a flowchart of a vehicle key bidirectional encryption authentication method according to another embodiment of the present invention.
Fig. 3 is a flowchart of a vehicle key bidirectional encryption authentication method according to still another embodiment of the present invention.
Fig. 4 is a schematic block diagram of a vehicle binding apparatus according to an embodiment of the present invention.
Fig. 5 is a schematic block diagram of an NFC card according to an embodiment of the invention.
Fig. 6 is a schematic block diagram of a vehicle key bidirectional encryption authentication system according to an embodiment of the present invention.
Fig. 7 is a schematic block diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to explain the technical contents, the structural features and the effects of the present invention in detail, the following description will be made with reference to the embodiments and the accompanying drawings.
Referring to fig. 1 and 3, an embodiment of the present invention discloses a bidirectional encryption authentication method 100 for a vehicle key, which is used for binding a vehicle binding device with an NFC card, wherein the bidirectional encryption authentication method 100 is executed by the vehicle binding device, and the bidirectional encryption authentication method 100 includes the following steps:
110. a first request is sent to the NFC card, the first request including a first random number.
The first request may further include a second identifier (ReaderID), where the second identifier is an identifier of the vehicle-end security chip, and the first request may be understood as a binding request sent by the vehicle binding device to the NFC card. The vehicle-end safety chip is arranged on the vehicle binding device, so that the safety level of signal transmission can be improved.
120. And receiving a first response sent by the NFC card based on the first request, wherein the first response comprises a first identifier and a second random number, and the first identifier is an identification code of the NFC card.
Triggering the NFC Card to acquire a first identifier and a second random number rnd2 through a first request, and returning a first response comprising the first identifier (Card id) and the second random number rnd2 to the vehicle binding device. The NFC card may also be provided with a security chip, in which case the first response may comprise a third identification (CardSEID), which is the identification code of the security chip of the NFC card. The security chip is arranged in the NFC card, so that the security level of signal transmission can be improved.
130. And encrypting the second random number to generate a first ciphertext and transmitting the first ciphertext to the NFC card.
After receiving the first response, the vehicle binding device analyzes the first response, encrypts the analyzed second random number rnd2 number to generate a first ciphertext. Wherein, before encrypting the second random number rnd2, the vehicle binding device generates a first key based on the first identifier in the first response, and encrypts the second random number rnd2 with the first key to generate a first ciphertext. Specifically, the vehicle binding device generates a key parameter cpak according to the first identifier and a preset parameter cpmk, generates a first key sessionkey1 according to the key parameter, and encrypts a second random number by using the first key sessionkey1 to obtain a first ciphertext. The vehicle binding device may generate the key parameter cpak by using a KDFX963 algorithm, and encrypt the second random number rnd2 by using the first key and a keyUtils.
140. And receiving a second ciphertext sent by the NFC card, and encrypting and generating the first random number when the second ciphertext is decrypted by the NFC card and is consistent with the second random number.
The NFC card decrypts the first ciphertext, compares the decrypted second random number with the second random number rnd2 generated by the NFC card, and when the comparison is consistent, the NFC card decryption algorithm and the vehicle binding device encryption algorithm are symmetrical, namely the vehicle binding device passes the NFC card authentication. The second ciphertext is generated by the NFC card by encrypting the first random number rnd1 according to a second key, and the second key is generated according to a key parameter preset in the NFC card. Specifically, when the NFC card receives the first request, the NFC card is triggered to calculate a second key sessionkey2 according to a preset key parameter cpak, and when the first ciphertext decrypted by the NFC card is consistent with the second random number rnd2 generated by the first ciphertext, the NFC card encrypts the first random number rnd1 by using the second key sessionkey 2. The NFC card can decrypt the first ciphertext through a keyUtils/decrypt algorithm, and encrypt the first random number rnd1 through a second key and the keyUtils/decrypt algorithm to generate a second ciphertext.
150. The second ciphertext is decrypted and compared to the first random number.
160. If the comparison is consistent, a key ciphertext is generated according to first data and is sent to the NFC card, the first data comprises key data, and the key data is generated based on a first identifier and key parameters preset in the vehicle binding device.
The vehicle binding device decrypts the received second ciphertext, compares the decrypted first random number with the first random number rnd1 generated by the vehicle binding device, and indicates that the decryption algorithm of the vehicle binding device and the encryption algorithm of the NFC card are symmetrical when the comparison is consistent, namely the NFC card passes the authentication of the vehicle binding device, and the vehicle binding device also passes the authentication of the NFC card before the vehicle binding device passes the authentication of the NFC card. It can be understood that the encryption algorithm and the decryption algorithm of the vehicle binding device and the NFC card may be the same or different, and when the encryption algorithm and the decryption algorithm of the vehicle binding device and the NFC card are the same, the first key and the second key are also the same; in the embodiment of the invention, as long as the encryption algorithm of the vehicle binding device and the decryption algorithm of the NFC card are symmetrical, and the encryption algorithm of the NFC card and the decryption algorithm of the vehicle binding device are symmetrical, the vehicle binding device is ensured to be capable of decrypting the ciphertext sent by the NFC card, and the NFC card is ensured to be capable of decrypting the ciphertext sent by the vehicle binding device. Wherein the vehicle binding device may decrypt the second ciphertext via a keyUtils.
After the authentication is passed, the vehicle binding device generates a key ciphertext according to the first data and sends the key ciphertext to the NFC card.
Specifically, the vehicle binding device acquires key data Dkey according to the received first identifier and a preset key parameter vkey, and encrypts first data comprising the key data Dkey to generate a key ciphertext. The algorithm for encrypting the first data is the same as the encryption algorithm for the second random number in step 130, specifically, the vehicle binding device encrypts the first data with the first key sessionkey1 to generate a key ciphertext, and sends the key ciphertext to the NFC card, and the NFC card receives the key ciphertext and then decrypts the key ciphertext with the algorithm for decrypting the first ciphertext to obtain the first data including the key data.
In other specific examples, to ensure the integrity and accuracy of the signal transmission, the vehicle key two-way encryption authentication method 100 may further include:
generating a check code according to the first data;
the check code and the key ciphertext are transmitted to the NFC card together.
Specifically, the check code can be obtained through calculation of the first data and the aes128 algorithm, and the NFC card verifies the check code to judge the integrity of the key ciphertext. Of course, the algorithm of the check code can be obtained according to other existing algorithms.
In addition, the first data may further include a vehicle identification number or the first data may further include a vehicle identification number and a number of binding cards, and in general, one vehicle may set a plurality of NFC cards as keys, so that one vehicle may bind a plurality of NFC cards, and thus the number of binding cards of the vehicle binding device may be recorded, where the number of binding cards is the number of NFC cards that are bound by the vehicle binding device.
170. And receiving a status signal sent by the NFC card, and determining whether to store the first identifier in an identifier database according to the status signal, wherein the status signal indicates that the NFC card successfully or unsuccessfully receives the first data.
Specifically, the NFC card decrypts the key ciphertext to obtain first data, the NFC card verifies the check code, when verification passes, key data in the first data are stored, a state signal representing that key data transmission is successful is sent to the vehicle binding device, the vehicle binding device stores a first identifier representing an identification code of the NFC card to the identification database according to the state signal, the vehicle binding device binds information of the NFC card, otherwise, when verification fails, the NFC card sends a state signal representing that the NFC card does not successfully receive the first data to the vehicle binding device, the vehicle binding device does not store the identification code of the NFC card, the binding failure is indicated, and the NFC card is bound again or replaced.
As shown in fig. 3, prior to step 110, the vehicle key bidirectional encryption authentication method 100 may further include:
and receiving an instruction sent by the upper computer and entering a binding mode according to the instruction, namely, binding of the vehicle key can be controlled by the instruction sent by the upper computer.
Step 170 is followed by: and generating a binding result signal according to the state signal and sending the binding result signal to the upper computer, wherein the binding result signal comprises a binding success signal and a binding failure signal so as to report the binding result of the vehicle key to the upper computer, so that a worker or a user can timely acquire the binding result of the vehicle key.
It can be understood that the NFC card of the present invention may be an independent NFC card, or may be an NFC slave module that is built in a mobile electronic device, where the mobile electronic device may be an electronic device such as a mobile phone, a bracelet, or a watch.
In the vehicle key bidirectional encryption authentication method 100 of the embodiment of the invention, the vehicle binding device and the NFC card are subjected to bidirectional encryption authentication based on the random number and the secret key, so that the vehicle binding device and the NFC card can mutually decrypt and then send the key ciphertext to the NFC card, and after the NFC card successfully decrypts the key ciphertext, the vehicle binding device stores the first identifier of the NFC card in the identifier database.
The vehicle binding device is arranged on the vehicle and used for binding the vehicle and the NFC card.
As shown in fig. 2 and 3, another embodiment of the present invention further provides a vehicle key bidirectional encryption authentication method 200 for binding a vehicle binding device with an NFC card, where the bidirectional encryption authentication method 200 is performed by the NFC card, and includes the following steps:
210. a first request sent by a vehicle binding device is received, the first request including a first random number.
The first request may further include a second identifier, where the second identifier is an identifier code of the vehicle-end security chip, and the first request may be understood as a binding request sent by the vehicle binding device to the NFC card. The vehicle-end safety chip is arranged on the vehicle binding device, so that the safety level of signal transmission can be improved.
220. Based on the first request, a first response is sent to the vehicle binding device, the first response comprising a first identification and a second random number, the first identification being an identification code of the NFC card.
The NFC card responds to the first request, acquires a first identifier and a second random number rnd2 according to the first request, and sends a first response comprising the first identifier and the second random number to the vehicle binding device. The NFC card may also be provided with a security chip, in which case the first response may comprise a third identification, the third identification being an identification code of the security chip of the NFC card. The security chip is arranged in the NFC card, so that the security level of signal transmission can be further improved.
230. And receiving a first ciphertext, wherein the first ciphertext is generated by encrypting the second random number by the vehicle binding device.
After receiving the first response, the vehicle binding device analyzes the first response, and encrypts the analyzed second random number rnd2 to generate a first ciphertext. Wherein, before encrypting the second random number rnd2, the vehicle binding device generates a first key based on the first identifier in the first response, and encrypts the second random number rnd2 with the first key to generate a first ciphertext. Specifically, the vehicle binding device generates a key parameter cpak according to the first identifier and a preset parameter cpmk, generates a first key sessionkey1 according to the key parameter, and encrypts a second random number by using the first key sessionkey1 to obtain a first ciphertext.
240. The first ciphertext is decrypted and compared to the second random number.
250. And if the comparison is consistent, encrypting the first random number to generate a second ciphertext and transmitting the second ciphertext to the vehicle binding device.
The NFC card decrypts the first ciphertext, compares the second random number obtained by decrypting the first ciphertext with the second random number rnd2 generated before the second random number, and when the comparison is consistent, the NFC card decrypting algorithm and the vehicle binding device encrypting algorithm are symmetrical, namely the vehicle binding device passes the NFC card authentication, and then the vehicle binding device can authenticate the NFC card.
In step 250, the second ciphertext may be generated by the NFC card encrypting the first random number rnd1 according to a second key, which is generated according to a key parameter pre-set in the NFC card. Specifically, when the NFC card receives the first request, the NFC card is triggered to calculate a second key sessionkey2 according to a preset key parameter cpak, and when the first ciphertext decrypted by the NFC card is consistent with the second random number rnd2 generated by the first ciphertext, the NFC card encrypts the first random number rnd1 by using the second key sessionkey 2.
260. And receiving a key ciphertext sent by the vehicle binding device, wherein when a second ciphertext decrypted by the vehicle binding device is consistent with the first random number, the key ciphertext is generated according to first data, the first data comprises key data, and the key data is generated based on a first identifier and key parameters preset in the vehicle binding device.
It should be noted that, the vehicle binding device decrypts the received second ciphertext, compares the first random number rnd1 obtained by decrypting the second ciphertext with the first random number rnd1 generated before the first random number rnd1, and when the comparison is consistent, the decryption algorithm of the vehicle binding device and the encryption algorithm of the NFC card are symmetrical, that is, the NFC card passes the authentication of the vehicle binding device, and before that, the vehicle binding device also passes the authentication of the NFC card. It can be understood that the encryption algorithm and the decryption algorithm of the vehicle binding device and the NFC card may be the same or different, and when the encryption algorithm and the decryption algorithm of the vehicle binding device and the NFC card are the same, the first key and the second key are also the same; in the embodiment of the invention, as long as the encryption algorithm of the vehicle binding device and the decryption algorithm of the NFC card are symmetrical, and the encryption algorithm of the NFC card and the decryption algorithm of the vehicle binding device are symmetrical, the vehicle binding device is ensured to be capable of decrypting the ciphertext sent by the NFC card, and the NFC card is ensured to be capable of decrypting the ciphertext sent by the vehicle binding device.
After the authentication is passed, the vehicle binding device generates a key ciphertext according to first data and sends the key ciphertext to the NFC card, wherein the first data comprises key data generated according to a first identifier and key parameters preset in the vehicle binding device.
The first data may further include a vehicle identification number or the first data may further include a vehicle identification number and a number of binding cards.
The algorithm for generating the key ciphertext according to the first data is the same as the encryption algorithm for the second random number in step 130, specifically, the vehicle binding device encrypts the first data with the first key sessionkey1 to generate the key ciphertext, and sends the key ciphertext to the NFC card, and the NFC card receives the key ciphertext and can decrypt the key ciphertext with the algorithm for decrypting the first ciphertext to obtain the first data including the key data.
270. And decrypting the key ciphertext and verifying the decrypted data.
By verifying the decrypted data, the integrity and the accuracy of key ciphertext transmission between the NFC card and the vehicle binding device can be ensured.
280. And generating a state signal according to the verification result and sending the state signal to the vehicle binding device, wherein the state signal indicates that the NFC card successfully or unsuccessfully receives the first data.
It can be appreciated that when the status signal identifies that the first data is successfully received, the key data in the decrypted first data is stored in the NFC card for use in future NFC card and vehicle verification.
In some other specific examples, the step 260 receives the key ciphertext sent by the vehicle binding apparatus and also receives a check code, where the check code is generated according to the first data.
Decrypting the key ciphertext and verifying the decrypted data in step 270 includes:
271. and decrypting the key ciphertext to obtain decrypted data.
272. And calculating the verification code according to the decrypted data, and comparing the verification code with the verification code.
273. And if the comparison is consistent, storing the decrypted key data, and generating a state signal representing successful reception of the first data.
It can be understood that the algorithm for calculating the verification code according to the decrypted data in the NFC card is the same as the algorithm for calculating the verification code according to the first data in the vehicle binding device.
For example, the NFC card may calculate the verification code according to the decrypted first data and the aes128 algorithm, where the verification code is consistent with the verification code, which indicates that the decrypted first data is correct and can ensure the integrity of the transmitted key ciphertext.
In the vehicle key bidirectional encryption authentication method 200 of the other embodiment of the invention, the vehicle binding device and the NFC card are subjected to bidirectional encryption authentication based on the random number and the secret key, the vehicle binding device and the NFC card are ensured to mutually decrypt and then send the key ciphertext to the NFC card, the NFC card verifies the decrypted data, a status signal is generated according to the verification result and is sent to the vehicle binding device, and the encrypted ciphertext is sent between the vehicle binding device and the NFC card in the two-way encryption authentication and binding processes before the vehicle binding device and the NFC card are bound, so that the communication safety of the vehicle binding device and the NFC card can be improved, external attack can be prevented, and the safety and reliability of the vehicle key binding are improved.
Referring to fig. 3 and fig. 4, the embodiment of the present invention further provides a vehicle binding device 310, which includes a main module 311, a vehicle-end security chip 312, and an NFC slave module 313, where the main module 311 is respectively connected to the vehicle-end security chip 312 and the NFC slave module 313 in a communication manner, and the NFC slave module 313 is configured to establish a communication connection with an NFC card;
the main module 311 sends a first request to the NFC card through the NFC slave module 313, where the first request includes a first random number generated by the vehicle-end security chip 312;
The main module 311 receives a first response sent by the NFC card based on the first request through the NFC slave module 313, where the first response includes a first identifier and a second random number, and the first identifier is an identification code of the NFC card;
the vehicle-end security chip 312 encrypts the second random number to generate a first ciphertext, and the master module 311 sends the first ciphertext to the NFC card through the NFC slave module 313;
the main module 311 receives a second ciphertext sent by the NFC card through the NFC slave module 313, and the second ciphertext is generated by encrypting the first random number when the first ciphertext is decrypted by the NFC card and is consistent with the second random number;
the vehicle-end security chip 312 decrypts the second ciphertext and compares the second ciphertext with the first random number;
if the comparison is consistent, the vehicle-end security chip 312 generates a key ciphertext according to the first data The master module 311 sends the key ciphertext to the NFC card through the NFC slave module 313, where the first data includes key data, and the key data is generated based on the first identifier and a key parameter preset in the vehicle binding device;
the main module 311 receives a status signal sent by the NFC card from the NFC slave module 313, and determines whether to save the first identifier in the identifier database according to the status signal, where the status signal indicates that the NFC card successfully or unsuccessfully receives the first data.
Further, the vehicle binding device 310 further includes an upper computer (as shown in fig. 3), which is communicatively connected to the master module 311, and the upper computer issues an instruction to the master module 311 before the master module 311 sends a first request to the NFC card through the NFC slave module 313, and the master module 311 enters the binding mode according to the instruction. It may be appreciated that the vehicle binding apparatus may be configured with a plurality of different NFC card forms as keys, for example, a mobile phone or an NFC card form may be satisfied at the same time, in this case, after the main module 311 enters the binding mode according to an instruction sent by the host computer, the main module 311 may send a card binding instruction to the NFC slave module 313, and the NFC slave module 313 selects a corresponding application according to an application identifier poll of the card binding instruction, so as to be capable of performing communication connection with the NFC card in the corresponding form.
Further, after the master module 311 receives the status signal sent by the NFC card through the NFC slave module 312, the master module 311 generates a binding result signal according to the status signal and sends the binding result signal to the host computer. The binding result signals comprise binding success signals and binding failure signals, and the upper computer can display the binding result according to the binding result signals so as to be checked by staff.
As shown in fig. 5, the embodiment of the present invention further provides an NFC card 320, which includes a transceiver module 321 and a card-end security chip 322, where the transceiver module 321 is used for communication connection with a vehicle binding device;
the transceiver module 321 receives a first request sent by the vehicle binding device 310, where the first request includes a first random number;
the transceiver module 321 transmits a first response to the vehicle binding device 310 based on the first request, the first response including a first identifier and a second random number, the first identifier being an identification code of the NFC card;
the transceiver module 321 receives the first ciphertext, and the first ciphertext is generated by encrypting the second random number by the vehicle binding apparatus 310;
the card end security chip 322 decrypts the first ciphertext and compares the first ciphertext with the second random number;
if the comparison is consistent, the card-end security chip 322 encrypts the first random number to generate a second ciphertext, and the transceiver module 321 sends the second ciphertext to the vehicle binding device 310;
the transceiver module 321 receives a key ciphertext sent by the vehicle binding device 310, and when the second ciphertext decrypted by the vehicle binding device 310 is consistent with the first random number, the key ciphertext is generated according to first data, the first data comprises key data, and the key data is generated based on a first identifier and key parameters preset in the vehicle binding device 310;
The card-end security chip 322 decrypts the key ciphertext and verifies the decrypted data;
the card-end security chip 322 generates a status signal according to the verification result, and the transceiver module 321 sends the status signal to the vehicle binding device 310, where the status signal indicates that the NFC card successfully or unsuccessfully receives the first data. The card end security chip 322 is used for encryption, decryption and data analysis, so that the security level of NFC card signal transmission can be effectively improved.
As shown in fig. 3 and fig. 6, the embodiment of the present invention further provides a vehicle key bidirectional encryption and authentication system, which includes a vehicle binding device 310 as before and an NFC card 320 as before, where the NFC slave module 313 and the transceiver module 321 establish a communication connection. It will be appreciated that the NFC card 320 needs to enter the sensing area of the NFC slave 313 of the vehicle binding device 310 to establish a communication connection with the NFC slave 313.
As shown in fig. 7, an embodiment of the present invention also discloses an electronic device including one or more processors 400, a memory 410, and one or more programs, wherein the one or more programs are stored in the memory 410 and configured to be executed by the one or more processors 400, the programs including instructions for performing the bidirectional encryption authentication method 100 or the bidirectional encryption authentication method 200 as described above.
The embodiment of the application also discloses a computer readable storage medium, which comprises a computer program, wherein the computer program can be executed by a processor to realize the bidirectional encryption authentication method 100 or the bidirectional encryption authentication method 200.
Embodiments of the present application also disclose a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The computer instructions are read from the computer-readable storage medium by a processor of an electronic device, and executed by the processor, cause the electronic device to perform the two-way encryption authentication method 100 or the two-way encryption authentication method 200 as previously described.
It should be appreciated that in embodiments of the present application, the processor may be a central processing module (CentralProceing Unit, CPU), which may also be other general purpose processors, digital signal processors (Digitalignal Proceor, DP), application specific integrated circuits (Application pecific Integrated Circuit, AIC), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
Those skilled in the art will appreciate that implementing all or part of the above-described methods may be accomplished by hardware associated with computer program instructions, and that the computer program may be stored on a computer-readable storage medium, which when executed, may comprise the steps of embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The foregoing disclosure is illustrative of the present invention and is not to be construed as limiting the scope of the invention, but is for the convenience of those skilled in the art to understand and practice the invention, and therefore all of the equivalent variations as defined in the appended claims are intended to be encompassed by the present invention.

Claims (15)

1. A vehicle key bidirectional encryption authentication method for binding a vehicle binding device with an NFC card, the bidirectional encryption authentication method being performed by the vehicle binding device, the method comprising:
transmitting a first request to the NFC card, wherein the first request comprises a first random number;
receiving a first response sent by the NFC card based on the first request, wherein the first response comprises a first identifier and a second random number, and the first identifier is an identification code of the NFC card;
Encrypting the second random number to generate a first ciphertext and transmitting the first ciphertext to the NFC card;
receiving a second ciphertext sent by the NFC card, wherein the second ciphertext is generated by encrypting the first random number when the NFC card decrypts the first ciphertext and is consistent with the second random number;
decrypting the second ciphertext and comparing the second ciphertext with the first random number;
if the comparison is consistent, generating a key ciphertext according to first data and sending the key ciphertext to the NFC card, wherein the first data comprises key data, and the key data is generated based on the first identifier and key parameters preset in the vehicle binding device;
receiving a state signal sent by the NFC card and determining whether to store the first identifier to an identifier database according to the state signal, wherein the state signal indicates that the NFC card successfully or unsuccessfully receives the first data;
the encrypting the second random number to generate a first ciphertext and transmitting the first ciphertext to the NFC card comprises:
generating a first key based on the first identification;
encrypting the second random number with the first key generates the first ciphertext.
2. The vehicle key bidirectional encryption authentication method of claim 1, wherein the second ciphertext is generated by the NFC card by encrypting the first random number according to a second key, the second key being generated according to a key parameter pre-placed on the NFC card.
3. The vehicle key bidirectional encryption authentication method according to claim 1, characterized by further comprising:
generating a check code according to the first data;
and the check code and the key ciphertext are transmitted to the NFC card together.
4. The method for vehicle key mutual encryption authentication according to any one of claims 1 to 3, characterized in that,
the first data further includes a vehicle identification number; or (b)
The first data also includes a vehicle identification number and a number of binding cards.
5. The vehicle key bidirectional encryption authentication method according to claim 1, further comprising, before the sending of the first request to the NFC card:
receiving an instruction sent by an upper computer and entering a binding mode according to the instruction;
the receiving the status signal sent by the NFC card further includes:
and generating a binding result signal according to the state signal and sending the binding result signal to the upper computer, wherein the binding result signal comprises a binding success signal and a binding failure signal.
6. The vehicle key two-way encryption authentication method of claim 1, wherein the first request further includes a second identifier, the second identifier being an identification code of a vehicle-end security chip.
7. A vehicle key bidirectional encryption authentication method for binding a vehicle binding device with an NFC card, the bidirectional encryption authentication method being performed by the NFC card, the method comprising:
receiving a first request sent by the vehicle binding device, wherein the first request comprises a first random number;
transmitting a first response to the vehicle binding device based on the first request, wherein the first response comprises a first identifier and a second random number, and the first identifier is an identification code of the NFC card;
receiving a first ciphertext, the first ciphertext generated by the vehicle binding apparatus encrypting the second random number;
decrypting the first ciphertext and comparing the first ciphertext with the second random number;
if the comparison is consistent, encrypting the first random number to generate a second ciphertext and transmitting the second ciphertext to the vehicle binding device;
receiving a key ciphertext sent by the vehicle binding device, wherein the key ciphertext is generated according to first data when the second ciphertext decrypted by the vehicle binding device is consistent with the first random number, and the first data comprises key data which is generated based on the first identifier and key parameters preset in the vehicle binding device;
Decrypting the key ciphertext and verifying the decrypted data;
generating a status signal according to the verification result and sending the status signal to the vehicle binding device, wherein the status signal indicates that the NFC card successfully or unsuccessfully receives the first data;
the first ciphertext is generated by the vehicle binding apparatus encrypting the second random number according to a first key generated based on the first identification.
8. The vehicle key bidirectional encryption authentication method of claim 7, wherein the second ciphertext is generated by the NFC card encrypting the first random number according to a second key, the second key being generated according to a key parameter pre-placed on the NFC card.
9. The method for vehicle key two-way encryption authentication according to claim 7, wherein,
the method comprises the steps that a key ciphertext sent by the vehicle binding device is received, and a check code is received at the same time, and the check code is generated according to the first data;
the decrypting the key ciphertext and verifying the decrypted data comprises:
decrypting the key ciphertext to obtain decrypted data;
calculating a verification code according to the decrypted data, and comparing the verification code with the verification code;
And if the comparison is consistent, storing the decrypted key data, and generating a state signal representing successful reception of the first data.
10. The vehicle binding device is characterized by comprising a main module, a vehicle-end safety chip and an NFC slave module, wherein the main module is respectively in communication connection with the vehicle-end safety chip and the NFC slave module, and the NFC slave module is used for establishing communication connection with an NFC card;
the master module sends a first request to the NFC card through the NFC slave module, wherein the first request comprises a first random number generated by the vehicle-end security chip;
the main module receives a first response sent by the NFC card based on the first request through the NFC slave module, wherein the first response comprises a first identifier and a second random number, and the first identifier is an identification code of the NFC card;
the vehicle-end security chip encrypts the second random number to generate a first ciphertext, the master module sends the first ciphertext to the NFC card through the NFC slave module, and the first ciphertext is generated by the vehicle-end security chip by encrypting the second random number according to a first key generated based on the first identifier;
the main module receives a second ciphertext sent by the NFC card through the NFC slave module, and the second ciphertext is generated by encrypting the first random number when the NFC card decrypts the first ciphertext and is consistent with the second random number;
The vehicle-end security chip decrypts the second ciphertext and compares the second ciphertext with the first random number;
if the comparison is consistent, the vehicle-end security chip generates a key ciphertext according to the first data The master module sends the key ciphertext to the NFC card through the NFC slave module, the first data comprise key data, and the key data are generated based on the first identifier and key parameters preset in the vehicle binding device;
the main module receives a status signal sent by the NFC card through the NFC slave module and determines whether to store the first identifier to an identifier database according to the status signal, wherein the status signal indicates that the NFC card successfully or unsuccessfully receives the first data.
11. The binding apparatus of claim 10, further comprising a host computer communicatively coupled to the master module, the host computer issuing an instruction to the master module before the master module sends a first request to the NFC card via the NFC slave module, the master module entering a binding mode according to the instruction;
after the main module receives the state signal sent by the NFC card through the NFC slave module, the main module generates a binding result signal according to the state signal and sends the binding result signal to the upper computer, wherein the binding result signal comprises a binding success signal and a binding failure signal.
12. The NFC card is characterized by comprising a transceiver module and a card end safety chip connected with the transceiver module, wherein the transceiver module is used for being in communication connection with a vehicle binding device;
the transceiver module receives a first request sent by the vehicle binding device, wherein the first request comprises a first random number;
the transceiver module sends a first response to the vehicle binding device based on the first request, wherein the first response comprises a first identifier and a second random number, and the first identifier is an identification code of the NFC card;
the receiving and transmitting module receives a first ciphertext, wherein the first ciphertext is generated by the vehicle binding device by encrypting the second random number, and the first ciphertext is generated by the vehicle binding device by encrypting the second random number according to a first key generated based on the first identifier;
the card end security chip decrypts the first ciphertext and compares the first ciphertext with the second random number;
if the comparison is consistent, the card end security chip encrypts the first random number to generate a second ciphertext, and the receiving and transmitting module sends the second ciphertext to the vehicle binding device;
the receiving and transmitting module receives a key ciphertext sent by the vehicle binding device, and when the second ciphertext decrypted by the vehicle binding device is consistent with the first random number, the key ciphertext is generated according to first data, the first data comprises key data, and the key data is generated based on the first identifier and key parameters preset in the vehicle binding device;
The card end security chip decrypts the key ciphertext and verifies the decrypted data;
the card-end safety chip generates a status signal according to the verification result, the transceiver module sends the status signal to the vehicle binding device, and the status signal indicates that the NFC card successfully or unsuccessfully receives the first data.
13. A vehicle key two-way encryption authentication system comprising the vehicle binding apparatus of claim 10 or 11 and the NFC card of claim 12, wherein the NFC slave module establishes a communication connection with the transceiver module.
14. An electronic device, comprising:
one or more processors;
a memory;
and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the programs comprising instructions for performing the two-way cryptographic authentication method of any of claims 1-6 or any of claims 7-9.
15. A computer readable storage medium comprising a computer program, wherein the computer program is executable by a processor to implement the mutual encryption authentication method of any one of claims 1-6 or any one of claims 7-9.
CN202211291413.0A 2022-10-20 2022-10-20 Vehicle key bidirectional encryption authentication method and system, vehicle binding device and NFC card Active CN115915131B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211291413.0A CN115915131B (en) 2022-10-20 2022-10-20 Vehicle key bidirectional encryption authentication method and system, vehicle binding device and NFC card

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211291413.0A CN115915131B (en) 2022-10-20 2022-10-20 Vehicle key bidirectional encryption authentication method and system, vehicle binding device and NFC card

Publications (2)

Publication Number Publication Date
CN115915131A CN115915131A (en) 2023-04-04
CN115915131B true CN115915131B (en) 2023-11-10

Family

ID=86477510

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211291413.0A Active CN115915131B (en) 2022-10-20 2022-10-20 Vehicle key bidirectional encryption authentication method and system, vehicle binding device and NFC card

Country Status (1)

Country Link
CN (1) CN115915131B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116248280B (en) * 2023-05-09 2023-07-28 北京智芯微电子科技有限公司 Anti-theft method for security module without key issue, security module and device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109493488A (en) * 2018-11-23 2019-03-19 北京小米移动软件有限公司 Smart card authentication method, smart lock, smart card, system and device
CN110111472A (en) * 2019-05-16 2019-08-09 广州小鹏汽车科技有限公司 Vehicle key control method and device
CN111554008A (en) * 2020-04-22 2020-08-18 支付宝(杭州)信息技术有限公司 Digital key binding method, digital key verification method, mobile electronic equipment and near field communication device
CN111815813A (en) * 2020-06-22 2020-10-23 北京智辉空间科技有限责任公司 Electronic lock safety system
CN114419765A (en) * 2022-01-18 2022-04-29 上汽通用五菱汽车股份有限公司 Method and device for realizing vehicle safety control by NFC card and readable storage medium
CN114466357A (en) * 2022-02-28 2022-05-10 重庆长安汽车股份有限公司 Vehicle-mounted NFC card key binding system and method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200092087A1 (en) * 2018-09-14 2020-03-19 Qualcomm Incorporated Apparatus and methods for authentication using message exchange

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109493488A (en) * 2018-11-23 2019-03-19 北京小米移动软件有限公司 Smart card authentication method, smart lock, smart card, system and device
CN110111472A (en) * 2019-05-16 2019-08-09 广州小鹏汽车科技有限公司 Vehicle key control method and device
CN111554008A (en) * 2020-04-22 2020-08-18 支付宝(杭州)信息技术有限公司 Digital key binding method, digital key verification method, mobile electronic equipment and near field communication device
CN111815813A (en) * 2020-06-22 2020-10-23 北京智辉空间科技有限责任公司 Electronic lock safety system
CN114419765A (en) * 2022-01-18 2022-04-29 上汽通用五菱汽车股份有限公司 Method and device for realizing vehicle safety control by NFC card and readable storage medium
CN114466357A (en) * 2022-02-28 2022-05-10 重庆长安汽车股份有限公司 Vehicle-mounted NFC card key binding system and method

Also Published As

Publication number Publication date
CN115915131A (en) 2023-04-04

Similar Documents

Publication Publication Date Title
CA2554300C (en) System and method for encrypted smart card pin entry
US10142114B2 (en) ID system and program, and ID method
US10460314B2 (en) Pre-generation of session keys for electronic transactions and devices that pre-generate session keys for electronic transactions
US20110113241A1 (en) Ic card, ic card system, and method thereof
US20200074465A1 (en) Verification and provisioning of mobile payment applications
US10657519B2 (en) Facilitating secure transactions using a contactless interface
JP2008544710A (en) Method and apparatus for implementing encryption
CN113569223B (en) Security authentication method for offline equipment
JP2013545195A (en) Bound data card and mobile host authentication method, apparatus and system
CN115527292B (en) Mobile phone terminal remote vehicle unlocking method of security chip and security chip device
CN111860016A (en) Information display method and device for Near Field Communication (NFC) and electronic equipment
CN104618114A (en) Identity card information obtaining method, device and system
CN115915131B (en) Vehicle key bidirectional encryption authentication method and system, vehicle binding device and NFC card
CN114419765A (en) Method and device for realizing vehicle safety control by NFC card and readable storage medium
CN113099457A (en) Method and system for binding vehicle and mobile terminal
CN111510416A (en) Data information transmission method, electronic device and readable storage medium
CN104796266A (en) Authentication method, device and system
KR20200013494A (en) System and Method for Identification Based on Finanace Card Possessed by User
KR102551592B1 (en) Method for preventing mileage tampering of car and mileage recording device using the same
CN111758243A (en) Mobile storage device, storage system and storage method
KR101505735B1 (en) Method for Authenticating Near Field Communication Card by using Time Verification
JP2003125468A (en) Remote control system for household electrical appliance
JP2020004044A (en) Authentication system and authentication method
JP7105894B2 (en) Mutual authentication method and communication system
JP2009053877A (en) Authenticity assurance system for ic tag and data access system using ic tag

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant