CN117040724A

CN117040724A - Digital key authorization method and device, electronic equipment and readable storage medium

Info

Publication number: CN117040724A
Application number: CN202310692766.XA
Authority: CN
Inventors: 卢熠婷; 陈政; 汪兴; 黄云飞
Original assignee: Zhejiang Geely Holding Group Co Ltd; Zhejiang Remote Commercial Vehicle R&D Co Ltd; Zhejiang Geely Remote New Energy Commercial Vehicle Group Co Ltd
Current assignee: Zhejiang Geely Holding Group Co Ltd; Zhejiang Remote Commercial Vehicle R&D Co Ltd; Zhejiang Geely Remote New Energy Commercial Vehicle Group Co Ltd
Priority date: 2023-06-12
Filing date: 2023-06-12
Publication date: 2023-11-10

Abstract

The application discloses a digital key authorization method, a device, electronic equipment and a readable storage medium, which are applied to the technical field of automobile digital keys and comprise the following steps: acquiring a digital key authorization request sent by a user terminal to be authorized based on a user terminal session key; generating a platform temporary key pair according to digital key authorization information carried by the digital key authorization request, wherein the temporary key pair comprises a first platform temporary key and a second platform temporary key; issuing a first platform temporary key to a user terminal to be authorized based on the user terminal session key, and issuing a second platform temporary key to a target vehicle terminal corresponding to the user terminal to be authorized based on the vehicle terminal session key; when the first platform temporary key and the second platform temporary key are detected to be successfully matched, the vehicle-end digital key of the target vehicle-end is sent to the user end to be authorized, so that the target vehicle-end authorizes the vehicle-end digital key to the user end to be authorized. The application solves the technical problem of low authorization security of digital key authorization.

Description

Digital key authorization method and device, electronic equipment and readable storage medium

Technical Field

The present application relates to the field of automobile digital keys, and in particular, to a digital key authorization method, device, electronic apparatus, and readable storage medium.

Background

Along with the continuous development of technology, digital keys are increasingly widely applied in the field of automobiles by virtue of the characteristics of comfort, intelligence, convenience and the like, and when the digital keys are used, a plurality of processes such as close-range data transmission, cloud interaction and the like are generally involved, so that the information security for guaranteeing the authorized use of the digital keys is particularly important.

At present, a simple encryption mode is generally adopted to carry out signature encryption on data related to a digital key between a vehicle end and a user end, for example, a third party certificate authentication mode, a data encryption mode, a channel encryption mode and the like are used to ensure that the data are effective and are not tampered, but because a single encryption mode is only used for encrypting a data transmission path, the risk of data leakage caused by certain key leakage still exists in the digital key authorization process, and therefore, the authorization security of the current digital key authorization is low.

Disclosure of Invention

The application mainly aims to provide a digital key authorization method, a digital key authorization device, electronic equipment and a readable storage medium, and aims to solve the technical problem of low authorization security of digital key authorization in the prior art.

In order to achieve the above object, the present application provides a digital key authorization method applied to a digital key platform, the digital key authorization method comprising:

acquiring a digital key authorization request sent by a user terminal to be authorized based on a user terminal session key;

generating a platform temporary key pair according to the digital key authorization information carried by the digital key authorization request, wherein the platform temporary key pair comprises a first platform temporary key and a second platform temporary key;

issuing the first platform temporary key to the user terminal to be authorized based on the user terminal session key, and issuing the second platform temporary key to a target vehicle terminal corresponding to the user terminal to be authorized based on the vehicle terminal session key;

and when the first platform temporary key and the second platform temporary key are detected to be successfully matched, authorizing the vehicle-end digital key of the target vehicle-end to the user-end to be authorized.

In order to achieve the above object, the present application further provides a digital key authorization device applied to a digital key platform, the digital key authorization device comprising:

the acquisition module is used for acquiring a digital key authorization request sent by a user terminal to be authorized based on a user terminal session key;

The generation module is used for generating a platform temporary key pair according to the digital key authorization information carried by the digital key authorization request, wherein the platform temporary key pair comprises a first platform temporary key and a second platform temporary key;

the issuing module is used for issuing the first platform temporary key to the user side to be authorized based on the user side session key and issuing the second platform temporary key to a target vehicle side corresponding to the user side to be authorized based on the vehicle side session key;

and the authorization module is used for authorizing the vehicle-end digital key of the target vehicle end to the user end to be authorized when the first platform temporary key and the second platform temporary key are successfully matched.

The application also provides an electronic device comprising: at least one processor and a memory communicatively coupled to the at least one processor, the memory storing instructions executable by the at least one processor to enable the at least one processor to perform the steps of the digital key authorization method as described above.

The present application also provides a computer-readable storage medium having stored thereon a program for implementing a digital key authorization method, which when executed by a processor implements the steps of the digital key authorization method as described above.

The application also provides a computer program product comprising a computer program which when executed by a processor implements the steps of a digital key authorization method as described above.

The application provides a digital key authorization method, a device, electronic equipment and a readable storage medium, namely, a digital key authorization request sent by a user terminal to be authorized based on a user terminal session key is obtained; generating a platform temporary key pair according to the digital key authorization information carried by the digital key authorization request, wherein the platform temporary key pair comprises a first platform temporary key and a second platform temporary key; issuing the first platform temporary key to the user terminal to be authorized based on the user terminal session key, and issuing the second platform temporary key to a target vehicle terminal corresponding to the user terminal to be authorized based on the vehicle terminal session key; and when the first platform temporary key and the second platform temporary key are detected to be successfully matched, authorizing the vehicle-end digital key of the target vehicle-end to the user-end to be authorized.

When the digital key authorization is carried out on the user terminal to be authorized, a digital key authorization request sent by the user terminal to be authorized based on a user terminal session key is firstly obtained, and then a platform temporary key pair is generated for the digital key authorization request in a targeted manner through digital authorization information carried by the digital key authorization request, and then a first platform temporary key and a second platform temporary key of the platform temporary key pair are respectively issued based on the user terminal session key and the vehicle terminal session key, finally when the first platform temporary key and the second platform temporary key are detected to be successfully matched, the vehicle terminal data key of the target vehicle terminal is sent to the user terminal to be authorized, so that the authorization of the vehicle terminal digital key is carried out on the user terminal to be authorized by the target terminal, namely, the target vehicle terminal is enabled to carry out digital key authorization on the user terminal to be authorized safely through multi-layer security keys.

Because the target vehicle end and the user end to be authorized respectively carry out data interaction with the digital key platform based on session keys of the corresponding ends, and the digital key platform also generates a temporary key pair for the digital key authorization request in a targeted manner, further, the digital key authorization request can be encrypted again on the basis of encrypting a data transmission path, namely, the digital key platform can carry out encryption management by setting different security keys for different links through a plurality of types of security keys controlled, and the aim of improving the security level of the digital key authorization process can be achieved.

Based on the method, the digital key platform is used as a digital key authorization intermediary between the target vehicle end and the user end to be authorized, and the encryption management of the digital key authorization process is carried out by utilizing the security key in a targeted manner, so that the aim of improving the security level of the digital key authorization process is fulfilled, namely, the technical defect that only the data transmission path is encrypted in a single encryption mode, and further, the risk of data leakage caused by certain key leakage still exists in the digital key authorization process is overcome, and therefore, the authorization security of the digital key authorization is improved.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application.

In order to more clearly illustrate the embodiments of the application or the technical solutions of the prior art, the drawings which are used in the description of the embodiments or the prior art will be briefly described, and it will be obvious to a person skilled in the art that other drawings can be obtained from these drawings without inventive effort.

Fig. 1 is a flowchart of a digital key authorization method according to a first embodiment of the present application;

fig. 2 is a schematic diagram of a security architecture of a digital key according to a digital key authorization method according to an embodiment of the application;

fig. 3 is a schematic diagram of a vehicle-end key generated by a production line of a digital key authorization method according to an embodiment of the present application;

fig. 4 is a schematic diagram of reading internet of vehicles key information according to a digital key authorization method provided in an embodiment of the present application;

FIG. 5 is a timing chart of digital key downloading of a digital key authorization method according to an embodiment of the present application;

fig. 6 is a timing chart of digital key sharing of a digital key authorization method according to an embodiment of the application;

Fig. 7 is a timing chart of digital key revocation sharing of the digital key authorization method according to the first embodiment of the present application;

FIG. 8 is a schematic diagram of a key system of a digital key authorization method according to a first embodiment of the present application;

fig. 9 is a flow chart of a digital key authorization method according to a second embodiment of the application;

fig. 10 is a schematic structural diagram of a digital key authorization device according to a third embodiment of the present application;

fig. 11 is a schematic structural diagram of an electronic device according to a fourth embodiment of the present application.

The achievement of the objects, functional features and advantages of the present application will be further described with reference to the accompanying drawings, in conjunction with the embodiments.

Detailed Description

In order to make the above objects, features and advantages of the present application more comprehensible, the following description of the embodiments accompanied with the accompanying drawings will be given in detail. It will be apparent that the described embodiments are only some, but not all, embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.

Example 1

In a first embodiment of the digital key authorization method of the present application, referring to fig. 1, the digital key authorization method includes:

step S10, a digital key authorization request sent by a user terminal to be authorized based on a user terminal session key is obtained;

step S20, generating a platform temporary key pair according to digital key authorization information carried by the digital key authorization request, wherein the platform temporary key pair comprises a first platform temporary key and a second platform temporary key;

step S30, the first platform temporary key is issued to the user side to be authorized based on the user side session key, and the second platform temporary key is issued to a target vehicle side corresponding to the user side to be authorized based on the vehicle side session key;

and step S40, when the first platform temporary key and the second platform temporary key are successfully matched, the vehicle end digital key of the target vehicle end is authorized to the user end to be authorized.

In this embodiment, it should be noted that although fig. 1 shows a logical sequence, in some cases, the steps shown or described may be performed in a different order than that shown or described herein, the digital key authorization method is applied to a digital key platform for performing encryption management on a digital key authorization process, which is provided with a plurality of types of keys, it should be understood that a plurality of different stages and links are involved in the digital key authorization process, for example, in one embodiment, the overall business flow of the digital key includes a production line stage, a general sales stage, a use stage, and an after-market stage, wherein the production line stage includes production line filling, in particular, a digital key filling instruction is initiated by a production line/after-market diagnostic device, and then a vehicle end key is generated and uploaded on a vehicle, through TSP (Telematics Service Provider, the remote service provider) gateway forwards the uploaded vehicle-end key information, and then verifies the vehicle information through the digital key platform and stores the vehicle-end key, the general sales stage comprises personnel-vehicle relation binding, namely service/platform operators submit personnel-vehicle relation binding and send the personnel-vehicle relation binding to the digital key platform for storing and synchronizing the personnel-vehicle relation binding, the vehicle use stage mainly comprises digital key activation, digital key sharing/sharing-canceling and downloading, vehicle control use and vehicle digital key service cancellation, and the digital key activation can be initiated by a user, service identity authentication is initiated through a terminal, identity authentication processing is performed in a digital key service module, a digital key activation request is initiated by the terminal, the digital key service module forwards the digital key activation request, and further the digital key platform performs personnel-vehicle relation verification, the method comprises the steps of generating a key, issuing the key and issuing the key, when the digital key is shared/shared in a revocation way and downloaded, initiating the digital key sharing by a user, transmitting a digital key sharing request by a terminal application program and a digital key service module, further performing safety verification by the digital key platform, generating key information and pushing shared information, wherein the digital key is also capable of being used for transmitting the digital key downloading actively or automatically by initiating the digital key in revocation and receiving a sharing pushing message by the user, further transmitting the digital key downloading request by the terminal application program, transmitting the digital key in revocation request and the digital key downloading request by the terminal application program, finally initiating a vehicle control operation by the digital key platform, canceling the key, synchronously canceling information to a vehicle end and a mobile phone, and issuing the key, further initiating a vehicle control operation by the terminal application program, further performing identity authentication by the digital key service module, transmitting the digital key service request by the terminal application program, finally transmitting the digital key service cancellation request by the digital key platform, performing safety verification by the digital key cancellation platform, unbinding a person relation and the key, synchronously canceling information to the vehicle end and the mobile phone, mainly comprising a member, a device and a user terminal after-sale device, a user terminal, a vehicle after-sale device and a user terminal, a diagnosis device, a vehicle after-sale device, a vehicle customer terminal, a diagnosis device and a diagnosis device, and a user terminal, etc., and a diagnosis device, and a key-service device, and issuing a vehicle-end key to a piece-changing device, wherein the digital key platform can change the device state, change the key state and the synchronous key state when processing tasks such as device loss/unhooking/cancellation and the like, and a user initiates a passing request when a vehicle passes a household, so that user identity is checked, passing service operation is initiated, the service is accepted by a digital key service module, the passing service is synchronized, finally, the vehicle-end and the vehicle management key are unbinding through the digital key platform, the synchronous key state and the rebinding relation are achieved, a service/platform operator initiates user account cancellation service operation when the user cancels, the service is accepted through a digital key service module, the synchronous user account cancellation service is finally, all keys of the user are unbinding through the digital key platform, and the synchronous key state is achieved, for example, the digital key platform is disposed with a safe architecture diagram of the digital key, the digital key platform is respectively communicated with the vehicle end and the mobile phone end through a cloud end (Secure Sockets Layer safe socket protocol), and the digital key platform can be disposed in a relevant interpretation that all functions are effected in the figure.

In addition, it should be noted that, the user terminal to be authorized is a user terminal waiting for digital key authorization, and may be a mobile phone or a personal PC, etc., where the digital key platform is provided with a platform key pair, a vehicle terminal master key, a terminal key identity key, a communication key, a TLS server certificate and a key pair, where the platform key pair is used to sign a platform service response message, ensure validity and integrity of the service response message, the vehicle terminal master key is used to distribute the mobile phone key identity key according to a distribution factor, the vehicle terminal stores the vehicle terminal master key, and can implement new control of a vehicle user based on the key identity key of a computing terminal such as a mobile phone id, etc. (each user mobile phone identity key is different), the key is generated by the vehicle terminal and then safely uploaded to the platform, the terminal key identity key is used to the mobile phone terminal and the vehicle terminal to negotiate an authentication key, and is used to calculate an MAC to perform identity authentication when a vehicle owner performs a service such as key sharing and a revocation, the platform side digital key platform calculates the terminal identity key through a distribution algorithm, and then safely downloads the terminal identity key to the platform through a bluetooth key to the mobile phone terminal, and sends the key to the service certificate when the mobile phone is connected to the service terminal certificate, and the TLS is subsequently connected to the service terminal certificate when the mobile phone terminal is used to make a secret key is connected to the service terminal for a subsequent certificate. The system is characterized in that the system is generally configured in gateway equipment or a web server, a key of a user terminal to be authorized comprises a terminal key identity key, a communication key, an authentication key, a session key, a temporary protection key, a platform public key, a mobile phone terminal TLS client certificate and a key pair, wherein the terminal key identity key is used for negotiating the authentication key between the mobile phone terminal and a vehicle terminal, and is used for calculating MAC (media access control) for carrying out identity authentication when a vehicle owner carries out key sharing, withdrawal sharing and other services, the platform side calculates the mobile phone key identity key through a dispersion algorithm and then safely transmits the mobile phone key to the mobile phone terminal, the vehicle terminal calculates the mobile phone key identity key through the dispersion algorithm and then safely transmits the mobile phone key to the mobile phone terminal, the communication key is used for carrying out connection authentication when the mobile phone terminal and the vehicle terminal are connected in a Bluetooth pairing mode, the key is generated by the vehicle terminal and then safely uploaded to the platform, the digital key is transmitted to the vehicle terminal in a subsequent mode, the authentication key is used for calculating the session key, and is generated through the mobile phone terminal random factor, the vehicle terminal random factor, the mobile phone terminal random factor and the like, the session key is used for encrypting and calculating the MAC, the vehicle control instruction is safely transmitted and the vehicle control instruction, the mobile phone key is calculated through the security key, the encryption and the security key is greatly encrypted, and the security is greatly encrypted, and a security key is greatly encrypted. The session key is cached in a session stage, the session is finished and can be erased, the temporary protection key is used for protecting the safe downloading of data such as a digital key, a key and the like, the mobile phone terminal generates a temporary protection key pair which carries a temporary protection public key to carry out digital key activation, downloading and other services, the platform uses the temporary protection public key to encrypt the data such as the digital key, the key and the like and returns the data to the mobile phone terminal, the mobile phone terminal uses the temporary protection private key to decrypt the data, the temporary protection key can be erased after the temporary protection key is used, the platform public key is used for carrying out signature verification operation on a platform service response message, the service response message is ensured to be legal and complete, a TLS client certificate and key pair are used for constructing a TLS channel between the mobile phone terminal and the platform, a TLS client certificate private key signature represents the client identity, the certificate and key pair are only needed during bidirectional TLS authentication, the certificate and the key pair is not needed during unidirectional authentication, the certificate and the key pair are optional, the certificate and the key pair can be configured according to actual conditions, and the vehicle terminal key comprises a vehicle terminal master key, a communication key, an authentication key, a session key, a public key, a key and a TLS client and a key is used for dispersing the key and a key. The vehicle end stores a vehicle end master key, can calculate a mobile phone key identity key based on MobileID, DKID and the like, can realize a new controlled vehicle user without updating a key (the mobile phone identity key of each user is different), the key is generated by the vehicle end and then is safely uploaded to the platform, the terminal key identity key is used for negotiating an authentication key between the mobile phone end and the vehicle end, on the one hand, the terminal key identity key is used for calculating MAC (media access control) for carrying out identity authentication when a vehicle owner carries out key sharing, withdrawal sharing and other services, the platform side calculates the mobile phone key identity key through a dispersion algorithm and then safely transmits the mobile phone key identity key to the mobile phone end, the vehicle end calculates the mobile phone key identity key through the dispersion algorithm, the vehicle end does not carry out lasting storage on the mobile phone key identity key, can be erased after the authentication key is calculated, the authentication key is used for calculating a session key, the authentication key is generated through the mobile phone key identity key, the vehicle end random factor, the mobile phone end random factor and the like, and other keys are used for reference, and are not repeated here, different keys can be generated through different key algorithms, for example, a platform key pair is generated through RSA and SM2 cipher algorithm, a communication key is generated through AES and SM4 algorithm and the like, and the session key is generated through AES and SM4 algorithm.

Additionally, it should be noted that, the key in the digital key authorization process has a life cycle, and specifically includes a key pre-use stage, a key normal stage, a key post-use stage and a key destruction stage, where the key pre-use stage waits for activation after the key is generated, the key normal stage includes a normal state and a frozen state, the key post-use stage includes a failure state and a suspension state, and the key destruction stage includes a destruction state.

Additionally, it should be noted that, the temporary key pair of the platform is used for representing the temporary encryption key based on the digital key authorization request, and may be a session key or a temporary protection key, the target vehicle end is used for representing the vehicle end with the digital key authorized by the user end to be authorized, where the target vehicle end generates the key before shipping, and can be synchronized to the digital key platform in a system synchronization manner, in a production line stage, the vehicle networking system triggers the vehicle end software to start a package tool to generate the root key and the vehicle end master key, and the generated root key and vehicle end master key are sent from the TSP (Telematics Service Provider, the vehicle terminal service platform) or the EOL (End of Line Testing Tool, the off-line detector) to the MES (Manufacturing Execution System, the manufacturing execution system), and finally sent to the DKMS (Distributed key manage system, the distributed key management system) through the digital key front service, and in order to verify whether the digital key is successfully filled in the production line EOL, for example, in an embodiment, if a diagnosis is successfully filled can be performed through local diagnosis, firstly, the vehicle end SDK public key device sends a command to the vehicle end to the vehicle network system, the vehicle key is sent to the network system, the vehicle key is further sent to the network system, the vehicle end system is sent to the digital key system is further, and the vehicle key is sent to the network system is sent to the digital key system, and the vehicle key is further sent to the digital key system is sent to the network system to the network, and the vehicle key system is filled to the vehicle end system is filled, the EOL device reads the digital key filling data, the internet of vehicles system reads the vehicle end key filling state, reads the filling state, returns to the filling state, reads the digital key filling data response, uploads the vehicle end key filling data EOL, sends the data to the MES database at fixed time, uploads the vehicle end key filling data by the MES system, and further the vehicle management center forwards the uploaded vehicle end key filling data, and finally uploads the vehicle end key filling data through the digital key front service, so that the digital key platform checks vehicle information, stores the vehicle end key, and finally returns a success result to the digital key front service, and can also diagnose whether filling is successful or not through remote diagnosis.

In addition, it should be noted that, in the production line stage, the car end key has been uploaded, in the sales stage, the vehicle information, the bluetooth information, and the binding relationship between the person and the car have been synchronized, the mobile phone SDK has been uploaded, in the digital key usage stage, the digital key user needs to perform an activation operation on the digital key before using the digital key, the digital key activation operation is initiated by the user terminal application program, the mobile phone SDK is invoked, the mobile phone SDK generates request data, and requests the digital key service of the application program background, the digital key service of the application program background forwards the request digital front service, the digital key front service forwards the request to the digital key platform, the digital key platform processes the request, the generated owner identity digital key is returned to the digital key front service, the digital key front service is returned to the digital key service of the application program background, the digital key service of the application program background returns the data (user master key and digital key) to the SDK, and the specific flow may be as follows: the vehicle owner activates the digital key, the digital key application program obtains digital key activation information from the mobile phone SDK, the digital key activation information is packaged and then returned to the digital key activation information, the mobile phone SDK activates the digital key, the digital key service activates the digital key through the digital key front service, finally the digital key is generated through the digital key platform, the digital key is returned to the digital key application program through the digital key platform, the digital key is written into the mobile phone SDK through the digital key application program, and finally prompt success of activation is returned.

In addition, it should be noted that the digital key authorization request is used for requesting permission to obtain the digital key, and includes a digital key downloading request and a digital key sharing request, where the digital key downloading request is used for requesting downloading of the digital key, the digital key sharing request is used for requesting accepting of sharing of the digital key, the digital key authorization information is used for verifying whether the digital key can be authorized, and specifically includes a user identification code and the like, the digital key authorization information specifically includes digital key sharing information and digital key downloading information, where the user to be authorized includes a user to be downloaded and a user to be shared, the user to be downloaded is used for characterizing the user to be downloaded with the digital key, the user to be shared is used for characterizing the user to be shared with the digital key, and for the user to be shared, the user to be shared needs to have been already authorized with the digital key by the owner, and the user to be shared has been registered in the user center, so that the digital key can be downloaded.

As an example, steps S10 to S40 include: establishing a user side session channel between a digital key platform and a user side to be authorized based on a user side session key, and receiving a digital key downloading request sent by the user side to be authorized under the user side session channel, wherein the digital key downloading request can be triggered by a user clicking a 'downloading' button on the user side to be authorized, or can be periodically and automatically triggered by the user side to be authorized; extracting digital key authorization information carried by the digital key authorization request, and generating a platform temporary key pair according to the digital key authorization information, wherein the platform temporary key pair comprises a first platform temporary key and a second platform temporary key; issuing the first platform temporary key to the user terminal to be authorized based on the user terminal session key, and issuing a second platform temporary key to a target vehicle terminal requesting authorization from the user terminal to be authorized based on the vehicle terminal session key; when the first platform temporary key and the second platform temporary key are detected to be successfully matched, the vehicle-end digital key of the target vehicle-end is sent to the user-end to be authorized so that the target vehicle-end authorizes the user-end to be authorized to download the vehicle-end digital key. The digital key platform encrypts the digital key platform through the corresponding session key when the digital key platform is used as an information interaction intermediary between the user end to be authorized and the target vehicle end, and generates the platform temporary key aiming at the digital key authorization request, so that the vehicle end digital key of the target vehicle end is sent to the user end to be authorized under the condition that the first platform temporary key and the second platform temporary key are matched by the user end to be authorized, the purpose of digital key authorization on the basis of multi-link encryption can be achieved, and compared with an encryption mode of encrypting a data channel through only a third party platform, the encryption mode of the embodiment of the application has higher security level, and therefore the authorization security of digital key authorization is improved.

The specific key types of the user end session key and the vehicle end session key can be set according to actual requirements, the keys can be specifically a communication key, an authentication key, a mobile phone key identity key and the like, and identity authentication, signature verification and the like can be specifically performed when whether the first platform temporary key and the second platform temporary key are successfully matched or not is verified.

In one embodiment, assuming that the user side to be authorized is a mobile phone, in the digital key usage stage, the digital key user triggers a digital key download request (downloads and uses the digital key) through a digital key download function, the mobile phone SDK requests a digital key service (application background, HTTP request), the digital key service (application background) forwards the request to a digital key front service (HTTP), the digital key front service forwards the request to a digital key platform, and the digital key platform returns the digital key, and referring to fig. 5, fig. 5 is a timing chart showing the digital key download.

The step of sending the vehicle end digital key of the target vehicle end to the user end to be authorized comprises the following steps of:

Step A10, detecting the request type of the digital key authorization request;

step A20, if the digital key authorization request is detected to be a digital key downloading request, the vehicle-end digital master key is sent to the user end to be authorized;

and step A30, if the digital key authorization request is detected to be a digital key sharing request, the vehicle end number is sent from a key to the user end to be authorized.

In this embodiment, it should be noted that, the vehicle-end digital master key is used to represent a vehicle-end digital key generated by a vehicle-end in a production line stage, and may specifically be a vehicle-end digital key of a vehicle owner, the vehicle-end slave key is used to represent a vehicle-end digital key formed by copying the vehicle-end digital master key in an authorization process, and may specifically be a shared digital key, for example, in an implementation manner, referring to fig. 6, fig. 6 is a timing chart of digital key sharing, the digital key platform may store the vehicle-end digital slave key in advance, and after the vehicle-end generates the vehicle-end digital master key, the vehicle-end sends the vehicle-end digital slave key to the digital key platform based on the vehicle-end session key, and then when a user to be authorized sends different digital key authorization requests, sends different types of digital keys to the user to be authorized, the digital key authorization requests carry a request identifier, and the request identifier is used to identify a request type of the digital key authorization request.

As an example, steps a10 to a30 include: identifying the request type of the digital key authorization request according to the triggering of the digital key authorization request; if the digital key authorization request is detected to be a digital key downloading request, the vehicle-end digital master key is sent to the user end to be authorized; and if the digital key authorization request is detected to be a digital key sharing request, the vehicle end number is sent from a key to the user end to be authorized.

The step of sending the vehicle-end digital master key to the user end to be authorized comprises the following steps:

step B10, verifying the identity of the user to be authorized at the user end to be authorized;

step B20, if the user to be authorized is an authorized user, generating the vehicle end number slave key according to the user identification code stored in the digital key platform, and transmitting the vehicle end number slave key to the user end to be authorized;

and step B30, if the user to be authorized is an unauthorized user, generating the vehicle end number slave key according to a key generation strategy corresponding to the unauthorized user, and transmitting the vehicle end number slave key to the user to be authorized.

In this embodiment, it should be noted that, in the process of sharing the digital key, the identity of the user must be the owner user, that is, only the owner user can perform the sharing operation of the digital key, for example, in one implementation manner, it is assumed that the user side to be authorized is a mobile phone, in the stage of using the digital key, the owner user initiates the operation of sharing the digital key through the mobile phone application program, invokes the mobile phone SDK, encapsulates the request data by the mobile phone SDK, requests the digital key service (HTTP) of the application program background, the digital key service of the application program background forwards the request to the digital key front service (HTTP), the digital key front service forwards the request to the digital key platform, the digital key platform verifies the signature through the owner identity key, generates the digital key after the signature passes, and issues the instruction push message to the digital key front service, the digital key front service forwards the instruction message to the sharee, and the application program background digital key service of the application program pushes the instruction message to the sharee, and the application program receives the digital key instruction message data after the digital key instruction data is parsed.

In addition, it should be noted that, the user to be authorized is used for characterizing the user waiting for digital key authorization, specifically may be a holder of the user to be authorized or an appointed sharer of the user to be authorized, the sharee in key sharing may be classified into a user (authorized user) registered in the internet of vehicles system, or a user (unauthorized user) not registered in the internet of vehicles system by the sharee, the user identification code is used for identifying the identity of the user, specifically may be a user ID, for example, in one implementation manner, for the shared user with an existing account number, after the user inputs a mobile phone number at the application end, the user ID is called into the user center by the digital key background through the mobile phone number to generate the digital key, the user can download the digital key after logging in the application program and use the digital key, for the shared user with an absent account number, and there are four schemes in total, that is, when the user ID is not present by the user ID is called into the user center by the digital key background through the mobile phone number, when the user to be authorized is not authorized user, the following four schemes are available: 1) Non-architectural users cannot share: the interface returns to the absence of the user, the digital key platform returns to the absence of the error code of the user, the application program makes a corresponding prompt according to the error code, the unregistered user does not generate a key, and the vehicle owner can forward the download link of the application program to the sharee, and the sharee downloads the application program and shares the application program again after downloading; 2) Pre-creation ID: after receiving the digital key background request, the user center pre-creates user information to distribute user ID and returns the user ID to the digital key platform, and after the user is registered, the user registration information is perfected to become an application program formal user; 3) The interface returns to the user, the digital key platform pre-generates a key to reserve user ID field information, after the shared user registers the application program to perfect the user information, the user center calls back the digital key platform interface to inform the digital key background of the user ID, and the digital key platform generates a digital key to wait for the user to download the key; 4) Verification code verification: the digital key background calls a user ID to a user center according to a mobile phone number submitted by an application program end, a random verification code is correspondingly generated by the digital key background when the user ID is not called, a vehicle owner pushes a sharing link (comprising the random verification code) to a sharee in a preset pushing mode, the sharee downloads the application program for user registration, the user center generates the user ID, the sharee enters a digital key module, a verification code is input, the digital key background verifies the verification code, the user ID is called again to the user center, a key is generated, the user center returns the user ID to the digital key background, the digital key background verification passes, the digital key is returned to the application program end of the sharee, the sharee applies for downloading the digital key and activates the digital key, and the process ends.

As an example, steps B10 to B30 include: based on the first platform temporary key and the second platform temporary key, carrying out identity verification on the user to be authorized of the user to be authorized; if the user to be authorized is an authorized user, acquiring a user identification code stored by a digital key platform, generating the vehicle end number slave key according to the user identification code, and transmitting the vehicle end number slave key to the user to be authorized; if the user to be authorized is an unauthorized user, generating a vehicle end number slave key according to a key generation strategy corresponding to the unauthorized user, and sending the vehicle end number slave key to the user end to be authorized.

After the step of sending the digital key of the target vehicle end to the user end to be authorized when the first platform temporary key and the second platform temporary key are detected to be successfully matched, the digital key authorization method further comprises the following steps:

step C10, obtaining a slave key sharing withdrawal instruction sent by a vehicle master user;

step C20, according to the key sharing withdrawal instruction, the vehicle is logged off from the key;

and step C30, sending a key cancellation command to the user side to be authorized based on the user side session key, so that the user side to be authorized cancels the vehicle key according to the key cancellation command.

In this embodiment, it should be noted that, the master user at the vehicle end is used for characterizing the owning user at the vehicle end, the slave key sharing withdrawal instruction is used for withdrawing the sharing operation of the vehicle end from the key, and in the process of withdrawing the sharing of the digital key, the preconditions of withdrawing the sharing are as follows: the digital key to be revoked must be the digital key shared by the vehicle owner, and the digital key to be revoked must be the digital key in the normal state.

As an example, steps C10 to C30 include: acquiring a slave key sharing withdrawal instruction sent by a vehicle master user; according to the key sharing instruction, the vehicle is logged off from the key; and sending a key cancellation command by a user side session channel established based on the user side session key so that the user side to be authorized cancels the vehicle key according to the key cancellation command.

In one embodiment, during the digital key usage stage, when performing the digital key revocation service, the vehicle owner revokes the shared digital key through the digital key application program, the mobile phone terminal SDK assembles the revocation request data, requests the digital key service (HTTP) of the application program background, the digital key service of the application program background requests the digital key front service (HTTP), the digital key front service requests the digital key platform to revoke the shared digital key, the digital key platform verifies the signature of the request data, cancels the shared digital key, pushes the digital key revocation instruction to the digital key service (HTTP) of the application program background, the application program background digital key service pushes the revocation instruction to the sharee application program (MQTT), the sharee application program parses the instruction to the mobile phone terminal SDK, the mobile phone terminal SDK parses the push instruction, cancels the digital key, and simultaneously pushes the digital key revocation instruction to the TSP platform (HTTP), and the TSP platform issues the revocation instruction to the vehicle terminal SDK (MQTT), the vehicle terminal SDK instruction data, the digital key, and referring to fig. 7, which is a graph showing the cancellation timing sequence of the digital key revocation.

It can be understood that when the internet of vehicles system is started, the internet of vehicles system needs to call the car end SDK to acquire bluetooth broadcast setting data for setting the car end bluetooth module, wherein the digital key application program and the mobile phone digital key SDK initialize the bluetooth module, configure bluetooth equipment after the application program is started, wake up bluetooth service and configure the bluetooth module, finally return to completion, the internet of vehicles system, the car end SDK and the car end bluetooth module initialize the car end bluetooth module, the internet of vehicles system starts the equipment, acquires bluetooth broadcast setting data, returns bluetooth broadcast setting data, the internet of vehicles system sets the car end bluetooth module, returns a response by the car end bluetooth module, the car end bluetooth module sends bluetooth broadcast data, receives and filters the bluetooth broadcast data by the digital key application program, and establishes bluetooth connection, wherein the bluetooth broadcast data of the interface can be in an IBeacon broadcast frame structure, after the bluetooth broadcast of the car end APP and bluetooth are completed, bluetooth connection and authentication operation are required for preventing an attacker from initiating denial of service attack, the equipment which needs to be safely authenticated to carry out internet communication with the internet of vehicles system, and the following functional conditions are provided: 1) The mobile phone end completes the functions of digital key activation and digital key downloading; 2) The mobile phone end selects a default digital key and completes system scanning setting; 3) The mobile phone end establishes bluetooth communication with the BLE module at the vehicle end and is stably connected, if the current user A completes standard authentication, a quick authentication process can be executed subsequently, and if the current user B requests standard authentication, the user A still needs to go through standard authentication for the next connection, and the standard authentication process can refer to the conventional technology and is not repeated here.

The digital key authorization method further comprises the following steps:

step D10, detecting whether the process key managed by the digital key platform meets the preset key state conversion condition;

and step D20, if so, determining whether to perform state transition on the process key according to the corresponding relation between the key type of the process key and the current key state of the process key.

In this embodiment, it should be noted that, in the use process, the key includes multiple states, specifically, multiple states including freezing, revocation, invalidation, destruction and normal states, and the states can be correspondingly converted, for the user terminal to be authorized, the life cycle of the key identity key is completely consistent with that of the digital key, the user terminal to be authorized can be converted from the normal state into the freezing, invalidation, revocation and destruction states, when the user terminal device is frozen, the digital key and the key identity key are both converted from the normal state into the freezing state, when the key exceeds the validity period, the key identity key is converted from the normal state into the invalidation state, and when the key is revoked, the mobile phone key identity key is revoked. The key revocation scenarios mainly include vehicle owner revoke key sharing (shared keys are revoked), equipment cancellation (all keys on the equipment are revoked), vehicle digital key service cancellation (all keys associated with vehicles are revoked), vehicle passing (all keys associated with old households are revoked), user cancellation (vehicle owner vehicle keys and shared keys are revoked), mobile phone key identity keys are revoked and then the keys and keys are cleared locally on the mobile phone, at the same time, keys can be converted from a frozen state to other states, for example, keys can be converted from a frozen state to normal, invalid, revoked and destroyed states, keys and keys which are revoked can be restored to normal states after the equipment is defrosted, and when the frozen keys and keys exceed the validity period, the keys enter the invalid state and when the frozen keys are revoked, the keys are converted from the frozen state to the revoked state. The key revocation scenarios mainly include vehicle owner revoke key sharing (shared keys are revoked), device cancellation (all keys on the device are revoked), vehicle digital key service cancellation (all keys associated with vehicles are revoked), vehicle passing (all keys associated with old households are revoked), user cancellation (vehicle owner keys and shared keys are revoked), when a mobile phone key identity key is revoked, the key and key can be cleared locally on the mobile phone, and the mobile phone key identity key can be converted from a disabled state to other states, for example, expired keys and keys are not available, so that the expired keys are not revoked, the key and key can be cleared locally on the mobile phone after the mobile phone key identity key is expired, and the revoked keys and keys can be cleared locally on the mobile phone.

In addition, after the key is generated, the key automatically enters a normal working state and is in a key validity period, and the key can be used for services such as encryption and decryption, signature verification and the like according to the purpose of the key. When the key is suspected to be in an unsafe state or a key owner is temporarily separated from a key carrier for a longer time, freezing operation can be carried out on the key, the key enters a frozen state from a normal state, when the key returns to a safe condition, the key can be unfrozen to be converted into the normal state, the key can be converted into frozen, disabled, revoked and destroyed states, when the key exceeds the use validity period or the key is updated and is not used any more, the key enters the disabled state, the disabled state key can only be used for decryption or verification in a controlled state, the key can be converted into the revoked state and the destroyed state from the disabled state, when the key needs to be withdrawn, the key can be converted into the destroyed state from the revoked state, when the key is determined to be not used any more, the key enters the destroyed state, and the key data is cleared.

Additionally, it should be noted that, the process key is used to represent the key in the digital key authorization process, the car end key may also be converted from the normal state to other states, where the digital key platform does not provide the freezing capability of the car end master key, so the car end master key does not have a conversion process from the normal state to the frozen state, and since the car end master key is an indefinite use key, the car end master key does not have a conversion process from the normal state to the invalid state, when in a situation that the normal key leaks, the key needs to be revoked, the key is converted from the normal state to the revoked state, and the digital key platform mainly converts the key from the normal state to the revoked state when in the following situations: under the conditions that the vehicle-end master key leaks, and the like, a platform manager actively initiates the vehicle-end master key update, the platform breaks out the old key and generates a new key, a key update instruction is pushed to the vehicle-end, the vehicle-end deletes the local old vehicle-end master key and stores the new vehicle-end master key, and the vehicle-end master key in the vehicle-end is mainly converted into a destroyed state from a normal state under the following conditions: under the conditions that the vehicle-end master key leaks, and the like, a platform manager actively initiates the vehicle-end master key update, the platform will cancel the old key and generate a new key, a key update instruction is pushed to the vehicle-end, the vehicle-end deletes (destroys) the local old vehicle-end master key and stores the new vehicle-end master key, the digital key platform only provides the freezing of the mobile phone side key and does not provide the freezing capability of the vehicle-end master key, so that the vehicle-end master key has no conversion process from the freezing state to other states, can also be converted from the invalid state to other states, or can be converted from the canceling state to other states, for example, the vehicle-end master key which is already canceled by the digital key platform can be destroyed.

As an example, steps D10 to D20 include: detecting whether a process key managed by the digital key platform meets a preset key state conversion condition or not, wherein the preset key state conversion condition can be specifically set according to actual requirements; if the process key is detected to meet the preset key state conversion condition, acquiring a current key state of the process key and a key type of the process key, and determining whether to perform state conversion on the process key according to a combination relationship between the current key state and the process key. When the digital key platform manages and controls the process keys of the user end to be authorized and the target vehicle end, whether the key state of the process key is switched or not is comprehensively judged according to the key type of the process key and the current key state of the process key, the purpose of controlling the management and control authority of the digital key platform to the managed and controlled process key can be achieved, and the key state of the process key can be randomly switched by the non-digital key platform, so that a foundation is laid for improving the security of digital key authorization.

Wherein, before the step of sending the digital key of the target vehicle end to the user end to be authorized when the first platform temporary key and the second platform temporary key are detected to be successfully matched, the digital key authorization method further includes:

step E10, detecting whether the data encryption level between the user end to be authorized and the target vehicle end meets a preset encryption level;

and E20, if yes, respectively issuing encryption channel keys for the user end to be authorized and the target vehicle end, wherein the encryption channel keys are used for encrypting a matching process between the first platform temporary key and the second platform temporary key.

In this embodiment, it should be noted that, in order to further improve security in the process of digital key authorization, the optional key configured by the digital key platform may be encrypted again before the target vehicle-end digital key is sent to the user-end to be authorized, for example, in one implementation manner, referring to fig. 8, fig. 8 is a schematic structural diagram showing a key system, where the TSP gateway (TLS server certificate and key pair) of the digital key platform, the target vehicle-end TLS client certificate and key pair, and the terminal TLS client certificate and key pair are encryption channel keys, and the encryption channel keys are used to encrypt a matching process between the first platform temporary key and the second platform temporary key, and the data encryption level is used to characterize an encryption level of data encryption, where the data encryption level may specifically include a low level, a medium level, and a high level, and when the data encryption level is the medium level and the high level, it may be determined that the data encryption level satisfies the preset encryption level.

As an example, steps E10 to E20 include: detecting whether the data encryption level between the user end to be authorized and the target vehicle end meets a preset encryption level or not; if the data encryption grade between the user end to be authorized and the target vehicle end is detected to meet the preset encryption grade, a first encryption channel key is issued for the user end to be authorized based on a user end session key, and a second encryption channel key is issued for the target vehicle end based on a vehicle end session key, wherein the first encryption channel key and the second encryption channel key are different encryption channel keys of an encryption channel key pair generated by a digital key platform, and the first encryption channel key and the second encryption channel key are used for encrypting a matching process between a first platform temporary key and a second platform temporary key.

The embodiment of the application provides a digital key authorization method, namely, a digital key authorization request sent by a user terminal to be authorized based on a user terminal session key is obtained; generating a platform temporary key pair according to the digital key authorization information carried by the digital key authorization request, wherein the platform temporary key pair comprises a first platform temporary key and a second platform temporary key; issuing the first platform temporary key to the user terminal to be authorized based on the user terminal session key, and issuing the second platform temporary key to a target vehicle terminal corresponding to the user terminal to be authorized based on the vehicle terminal session key; and when the first platform temporary key and the second platform temporary key are detected to be successfully matched, authorizing the vehicle-end digital key of the target vehicle-end to the user-end to be authorized.

When the digital key authorization is carried out on the user terminal to be authorized, the digital key authorization request sent by the user terminal to be authorized based on the user terminal session key is firstly obtained, and then the platform temporary key pair is generated for the digital key authorization request in a targeted manner through the digital authorization information carried by the digital key authorization request, and then the first platform temporary key and the second platform temporary key of the platform temporary key pair are respectively issued based on the user terminal session key and the vehicle terminal session key, finally when the first platform temporary key and the second platform temporary key are detected to be successfully matched, the vehicle terminal data key of the target vehicle terminal is sent to the user terminal to be authorized, so that the authorization of the vehicle terminal digital key of the user terminal to be authorized is completed by the target terminal, namely, the digital key authorization is carried out on the user terminal to be authorized through the multi-layer security keys, and the target vehicle terminal is enabled to safely carry out digital key authorization on the user terminal to be authorized.

Based on the above, the embodiment of the application uses the digital key platform as the digital key authorization intermediary between the target vehicle end and the user end to be authorized to pertinently utilize the security key to carry out encryption management of the digital key authorization process, thereby realizing the purpose of improving the security level of the digital key authorization process, namely overcoming the technical defect that only the data transmission path is encrypted in a single encryption mode, and further causing the risk of data leakage caused by certain key leakage in the digital key authorization process, so that the authorization security of the digital key authorization is improved.

Example two

Further, referring to fig. 9, in another embodiment of the present application, the same or similar contents as those of the first embodiment may be referred to the description above, and will not be repeated. On the basis, before the step of obtaining the digital key authorization request sent by the user terminal to be authorized based on the user terminal session key, the digital key authorization method further comprises the following steps:

step F10, issuing a key updating instruction to the target vehicle end, and receiving a vehicle end updating key updated by the target vehicle end according to the key updating instruction; updating the initial vehicle-end key of the digital key platform according to the vehicle-end updating key; or alternatively, the first and second heat exchangers may be,

And F20, updating the initial vehicle-end key of the digital key platform, and issuing the updated vehicle-end key to the target vehicle-end.

In this embodiment, it should be noted that, after the digital key platform is constructed, the update mode of the key may be adjusted accordingly, and in particular, the update mode may be divided into a vehicle-end update mode and a cloud update mode, in the vehicle-end update mode, the digital key platform may trigger update, push an update key instruction to a target vehicle end, the vehicle end updates the key and uploads the update key to the digital key platform, and after the digital key platform receives a related request, update the key and cancel all keys, so that the digital key update about the user may support the following two modes: 1) Sending a notification message to a mobile phone user, and prompting to update the key, namely, manually updating; 2) The method has the advantages that the platform triggers the update, the vehicle can update the vehicle-end key without returning to a maintenance site, the vehicle-end key is only generated in the vehicle, the method is safer, the vehicle-end key can also be triggered and updated through an after-sales detector, the vehicle-end update key is uploaded and synchronized to the platform, the digital key platform receives a request and can update the key and cancel all keys, the digital key update of a user can also support the two modes, the participants of the update means are the vehicle-end SDK and the after-sales detector, compared with the first update mode, the defect is that the vehicle-end key update needs to be maintained in a factory, if a batch of vehicles need to update the key, the inconvenience is possibly caused, namely the convenience of the digital key update is low, the digital key platform updates the key, the cloud end is used for logging off all the digital keys and pushing the updated key to the vehicle-end, the vehicle-end uses the platform updated key to replace the old key, the update mode can refer to the service participants of the update mode and the vehicle-end SDK, the defect is generated at the vehicle-end, and the vehicle-end is a certain risk exists in the vehicle-end, and the key is pushed to the target.

In addition, it should be noted that, to improve the security of digital key authorization, the key managed by the digital platform may be updated in a corresponding update manner before the digital key authorization request is acquired, that is, in two manners of active update and passive update, where the initial vehicle-end key is used to characterize the initial key managed by the digital key platform before the digital key authorization request.

As an example, steps F10 to F20 include: issuing a key updating instruction to the target vehicle end, and receiving a vehicle end updating key updated by the target vehicle end according to the key updating instruction, wherein the key updating instruction is used for updating the key; updating the initial vehicle-end key of the digital key platform according to the vehicle-end updating key, wherein the updating mode can be set according to the user requirement, for example, in an implementation mode, the updating mode can be to update the key and cancel all the digital keys; or alternatively, the first and second heat exchangers may be,

and periodically updating the initial vehicle-end key of the digital key platform, and issuing the updated vehicle-end key to the target vehicle-end.

The embodiment of the application provides a limiting signal generation method, namely, obtaining a key updating instruction issued to a target vehicle end, and receiving a vehicle end updating key updated by the target vehicle end according to the key updating instruction; updating the initial vehicle-end key of the digital key platform according to the vehicle-end updating key; or updating the initial vehicle-end key of the digital key platform and issuing the updated vehicle-end key to the target vehicle-end. According to the embodiment of the application, by setting the two key updating modes of active updating and passive updating, different key updating modes are adopted when different key updating demands are met, namely, the related keys are updated through the vehicle end in view of safety, the updated keys sent by the vehicle end are received, the related keys can be periodically and autonomously updated through the cloud end in view of convenience, and the aim of storing the latest keys by each interaction end before digital key authorization can be realized, so that a foundation is laid for improving the safety of digital key authorization.

Example III

The embodiment of the application also provides a digital key authorization device, which is applied to a digital key platform, and referring to fig. 10, the digital key authorization device comprises:

an obtaining module 101, configured to obtain a digital key authorization request sent by a user terminal to be authorized based on a session key of the user terminal;

a generating module 102, configured to generate a platform temporary key pair according to digital key authorization information carried by the digital key authorization request, where the platform temporary key pair includes a first platform temporary key and a second platform temporary key;

a issuing module 103, configured to issue the first platform temporary key to the to-be-authorized user terminal based on the user terminal session key, and issue the second platform temporary key to a target vehicle terminal corresponding to the to-be-authorized user terminal based on the vehicle terminal session key;

and the authorization module 104 is configured to authorize the vehicle-end digital key of the target vehicle-end to the user-end to be authorized when the first platform temporary key and the second platform temporary key are detected to be successfully matched.

Optionally, the vehicle-end digital key includes a vehicle-end digital master key and a vehicle-end digital slave key, and the authorization module 104 is further configured to:

Detecting the request type of the digital key authorization request;

if the digital key authorization request is detected to be a digital key downloading request, the vehicle-end digital master key is sent to the user end to be authorized;

and if the digital key authorization request is detected to be a digital key sharing request, the vehicle end number is sent from a key to the user end to be authorized.

Optionally, the authorization module 104 is further configured to:

carrying out identity verification on the user to be authorized of the user to be authorized;

if the user to be authorized is an authorized user, generating the vehicle end number slave key according to the user identification code stored in the digital key platform, and sending the vehicle end number slave key to the user end to be authorized;

if the user to be authorized is an unauthorized user, generating the vehicle end number slave key according to a key generation strategy corresponding to the unauthorized user, and sending the vehicle end number slave key to the user to be authorized.

Optionally, the digital key authorization device is further configured to:

acquiring a slave key sharing withdrawal instruction sent by a vehicle master user;

according to the key sharing withdrawal instruction, the vehicle is logged off from the key;

And sending a key cancellation command to the user terminal to be authorized based on the user terminal session key so that the user terminal to be authorized cancels the vehicle key according to the key cancellation command.

Optionally, the digital key authorization device is further configured to:

detecting whether a process key managed and controlled by the digital key platform meets a preset key state conversion condition or not;

if yes, determining whether to perform state transition on the process key according to the corresponding relation between the key type of the process key and the current key state of the process key.

Optionally, the digital key authorization device is further configured to:

detecting whether the data encryption level between the user end to be authorized and the target vehicle end meets a preset encryption level or not;

and if yes, respectively issuing encryption channel keys for the user end to be authorized and the target vehicle end, wherein the encryption channel keys are used for encrypting a matching process between the first platform temporary key and the second platform temporary key.

Optionally, the digital key authorization device is further configured to:

issuing a key updating instruction to the target vehicle end, and receiving a vehicle end updating key updated by the target vehicle end according to the key updating instruction; updating the initial vehicle-end key of the digital key platform according to the vehicle-end updating key; or alternatively, the first and second heat exchangers may be,

Updating the initial vehicle-end key of the digital key platform, and issuing the updated vehicle-end key to the target vehicle-end.

The digital key authorization device provided by the invention solves the technical problem of low authorization security of digital key authorization by adopting the digital key authorization method in the embodiment. Compared with the prior art, the digital key authorization device provided by the embodiment of the invention has the same beneficial effects as the digital key authorization method provided by the embodiment, and other technical features in the digital key authorization device are the same as the features disclosed by the method of the embodiment, and are not repeated herein.

Example IV

The embodiment of the invention provides electronic equipment, which comprises: at least one processor; and a memory communicatively coupled to the at least one processor; the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the digital key authorization method of the first embodiment.

Referring now to fig. 11, a schematic diagram of an electronic device suitable for use in implementing embodiments of the present disclosure is shown. The electronic devices in the embodiments of the present disclosure may include, but are not limited to, mobile terminals such as mobile phones, notebook computers, digital broadcast receivers, PDAs (personal digital assistants), PADs (tablet computers), PMPs (portable multimedia players), in-vehicle terminals (e.g., in-vehicle navigation terminals), and the like, and stationary terminals such as digital TVs, desktop computers, and the like. The electronic device shown in fig. 11 is merely an example, and should not impose any limitations on the functionality and scope of use of embodiments of the present disclosure.

As shown in fig. 11, the electronic device may include a processing apparatus 1001 (e.g., a central processing unit, a graphics processor, etc.), which may perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 1002 or a program loaded from a storage apparatus 1003 into a Random Access Memory (RAM) 1004. In the RAM1004, various programs and data required for the operation of the electronic device are also stored. The processing device 1001, the ROM1002, and the RAM1004 are connected to each other by a bus 1005. An input/output (I/O) interface 1006 is also connected to the bus.

In general, the following systems may be connected to the I/O interface 1006: input devices 1007 including, for example, a touch screen, touchpad, keyboard, mouse, image sensor, microphone, accelerometer, gyroscope, and the like; an output device 1008 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage device 1003 including, for example, a magnetic tape, a hard disk, and the like; and communication means 1009. The communication means may allow the electronic device to communicate with other devices wirelessly or by wire to exchange data. While electronic devices having various systems are shown in the figures, it should be understood that not all of the illustrated systems are required to be implemented or provided. More or fewer systems may alternatively be implemented or provided.

In particular, according to embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flowcharts. In such an embodiment, the computer program may be downloaded and installed from a network via the communication device 1009, or installed from the storage device 1003, or installed from the ROM 1002. The above-described functions defined in the method of the embodiment of the present disclosure are performed when the computer program is executed by the processing device 1001.

The electronic equipment provided by the invention adopts the digital key authorization method in the embodiment, and solves the technical problem of low authorization security of digital key authorization. Compared with the prior art, the electronic device provided by the embodiment of the invention has the same beneficial effects as the digital key authorization method provided by the embodiment, and other technical features in the electronic device are the same as the features disclosed by the method of the embodiment, and are not repeated here.

It should be understood that portions of the present disclosure may be implemented in hardware, software, firmware, or a combination thereof. In the description of the above embodiments, particular features, structures, materials, or characteristics may be combined in any suitable manner in any one or more embodiments or examples.

The foregoing is merely illustrative of the present invention, and the present invention is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.

Example five

The present embodiment provides a computer-readable storage medium having computer-readable program instructions stored thereon for performing the digital key authorization method of the above-described embodiment.

The computer readable storage medium according to the embodiments of the present invention may be, for example, a usb disk, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In this embodiment, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, or device. Program code embodied on a computer readable storage medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, fiber optic cables, RF (radio frequency), and the like, or any suitable combination of the foregoing.

The above-described computer-readable storage medium may be contained in an electronic device; or may exist alone without being assembled into an electronic device.

The computer-readable storage medium carries one or more programs that, when executed by an electronic device, cause the electronic device to: acquiring the current state of charge of a storage battery installed on a target vehicle; determining a power consumption function to be limited of the target vehicle under the current vehicle running condition according to the current state of charge; and controlling the electric quantity of the target vehicle by limiting the power consumption function to be limited.

Computer program code for carrying out operations of the present disclosure may be written in one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).

The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

The modules described in the embodiments of the present disclosure may be implemented in software or hardware. Wherein the name of the module does not constitute a limitation of the unit itself in some cases.

The computer readable storage medium provided by the application stores the computer readable program instructions for executing the digital key authorization method, and solves the technical problem of low authorization security of digital key authorization. Compared with the prior art, the beneficial effects of the computer readable storage medium provided by the embodiment of the application are the same as those of the digital key authorization method provided by the above embodiment, and are not described in detail herein.

Example six

The computer program product provided by the application solves the technical problem of low authorization security of digital key authorization. Compared with the prior art, the beneficial effects of the computer program product provided by the embodiment of the application are the same as those of the digital key authorization method provided by the embodiment, and are not described in detail herein.

The foregoing description is only of the preferred embodiments of the present application, and is not intended to limit the scope of the application, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein, or any application, directly or indirectly, within the scope of the application.

Claims

1. A digital key authorization method, applied to a digital key platform, comprising:

2. The digital key authorization method according to claim 1, wherein the vehicle-end digital key includes a vehicle-end digital master key and a vehicle-end digital slave key,

when the first platform temporary key and the second platform temporary key are detected to be successfully matched, the step of sending the vehicle end digital key of the target vehicle end to the user end to be authorized comprises the following steps:

Detecting the request type of the digital key authorization request;

3. The digital key authorization method according to claim 2, wherein the step of transmitting the vehicle-side digital master key to the user side to be authorized includes:

4. The digital key authorization method according to claim 3, wherein after the step of transmitting the target-vehicle-side digital key to the user side to be authorized upon detecting that the first platform temporary key and the second platform temporary key are successfully matched, the digital key authorization method further comprises:

5. The digital key authorization method according to claim 2, wherein the digital key authorization method further comprises:

6. The digital key authorization method according to claim 1, wherein before the step of transmitting the target-vehicle-side digital key to the user side to be authorized upon detecting that the first platform temporary key and the second platform temporary key are successfully matched, the digital key authorization method further comprises:

7. The digital key authorization method according to claim 1, wherein before the step of obtaining the digital key authorization request sent by the user terminal to be authorized based on the user terminal session key, the digital key authorization method further comprises:

8. A digital key authorization device, for use with a digital key platform, the digital key authorization device comprising:

9. An electronic device, the electronic device comprising:

at least one processor;

a memory communicatively coupled to the at least one processor;

the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the steps of the digital key authorization method of any one of claims 1 to 7.

10. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon a program for realizing the digital key authorization method, the program for realizing the digital key authorization method being executed by a processor to realize the steps of the digital key authorization method according to any one of claims 1 to 7.