CN117879814A

CN117879814A - Vehicle key sharing method, device and storage medium

Info

Publication number: CN117879814A
Application number: CN202410103161.7A
Authority: CN
Inventors: 林翌桢
Original assignee: Xiaomi Automobile Technology Co Ltd
Current assignee: Xiaomi Automobile Technology Co Ltd
Priority date: 2024-01-24
Filing date: 2024-01-24
Publication date: 2024-04-12

Abstract

The disclosure relates to a vehicle key sharing method, a device and a storage medium, which belong to the technical field of vehicle keys, and the method applied to a vehicle server comprises the following steps: receiving sharing information of a first terminal, wherein the sharing information is used for sharing a vehicle key to a target account; determining a target public key of the target account from the maintained public keys; transmitting the target public key to the first terminal; receiving authentication information sent by the first terminal, wherein the authentication information is obtained by signing the sharing information and the target public key through a private key of an owner account by the first terminal; and sending the authentication information and the vehicle certificate to a target terminal registered by the target account. The vehicle service end maintains a public key of a user account, wherein the public key is a public key of a public-private key pair generated by a user terminal for an account logged in by the user terminal.

Description

Vehicle key sharing method, device and storage medium

Technical Field

The disclosure relates to the technical field of vehicle keys, in particular to a vehicle key sharing method, a vehicle key sharing device and a storage medium.

Background

In the use process of the car key, the car owner can authorize the car key to other users in a key sharing mode. For example, the owner of the mobile phone digital car can authorize the authority of using the car to the friend by means of online transmission, so that the friend can unlock and start the car. However, in some scenarios, the vehicle owner has more complicated process of sharing the vehicle keys, and more related restrictions.

Disclosure of Invention

In order to overcome the problems in the related art, the present disclosure provides a vehicle key sharing method, device and storage medium.

According to a first aspect of an embodiment of the present disclosure, there is provided a vehicle key sharing method, applied to a vehicle server, where the vehicle server maintains a public key of a user account, where the public key is a public key of a public-private key pair generated by a user terminal for an account logged in at the user terminal, and the method includes:

receiving sharing information of a first terminal, wherein the sharing information is used for sharing a vehicle key to a target account;

determining a target public key of the target account from the maintained public keys;

transmitting the target public key to the first terminal;

receiving authentication information sent by the first terminal, wherein the authentication information is obtained by signing the sharing information and the target public key through a private key of an owner account by the first terminal;

and sending the authentication information and the vehicle certificate to a target terminal registered by the target account.

According to a second aspect of embodiments of the present disclosure, a vehicle key sharing method is provided, applied to a target terminal, and the method includes:

receiving authentication information and a vehicle certificate sent by a vehicle server;

The target terminal logs in a target account, the vehicle server maintains a public key of a user account, the public key is a public key in a public-private key pair generated by the user terminal for the account logged in by the user terminal, and the vehicle server obtains the authentication information and the vehicle certificate in the following manner:

receiving sharing information of a first terminal, wherein the sharing information is used for sharing a vehicle key to a target account; determining a target public key of the target account from the maintained public keys; transmitting the target public key to the first terminal; and receiving authentication information sent by the first terminal, wherein the authentication information is obtained by signing the sharing information and the target public key through a private key of an owner account by the first terminal.

According to a third aspect of the embodiments of the present disclosure, a vehicle key sharing method is provided, applied to a first terminal, and the method includes:

the method comprises the steps that sharing information is sent to a vehicle service end and used for sharing a vehicle key to a target account;

receiving a target public key of the target account, which is sent by a vehicle server, wherein the target public key is determined by the vehicle server from the maintained public keys, the vehicle server maintains the public key of a user account, and the public key is a public key of a public-private key pair generated by a user terminal for an account logged in the user terminal;

Signing the sharing information and the target public key through a private key of an owner account to obtain authentication information;

and sending the authentication information to the vehicle service end so that the vehicle service end can send the authentication information and the vehicle certificate to a target terminal registered by the target account.

According to a fourth aspect of embodiments of the present disclosure, there is provided a vehicle key sharing device, applied to a vehicle service end, where the vehicle service end maintains a public key of a user account, where the public key is a public key of a public-private key pair generated by a user terminal for an account logged in at the user terminal, the device includes:

the first receiving module is configured to receive sharing information of the first terminal, wherein the sharing information is used for sharing the vehicle key to the target account;

a first determination module configured to determine a target public key of the target account from among the maintained public keys;

a first transmission module configured to transmit the target public key to the first terminal;

the second receiving module is configured to receive authentication information sent by the first terminal, wherein the authentication information is obtained by signing the sharing information and the target public key through a private key of an owner account by the first terminal;

And the second sending module is configured to send the authentication information and the vehicle certificate to a target terminal registered by the target account.

According to a fifth aspect of the embodiments of the present disclosure, there is provided a vehicle key sharing device, applied to a target terminal, the device including:

the third receiving module is configured to receive the authentication information and the vehicle certificate sent by the vehicle server;

According to a sixth aspect of the embodiments of the present disclosure, there is provided a vehicle key sharing device, applied to a first terminal, the device including:

the third sending module is configured to send sharing information to the vehicle service end, wherein the sharing information is used for sharing the vehicle key to the target account;

the fourth receiving module is configured to receive a target public key of the target account, which is sent by the vehicle server, wherein the target public key is determined by the vehicle server from the maintained public keys, the vehicle server maintains the public key of the user account, and the public key is a public key of a public-private key pair generated by the user terminal for the account logged in by the user terminal;

the first signature module is configured to sign the sharing information and the target public key through a private key of an owner account to obtain authentication information;

and the fourth sending module is configured to send the authentication information to the vehicle service end so that the vehicle service end can send the authentication information and the vehicle certificate to a target terminal registered by the target account.

According to a seventh aspect of the embodiments of the present disclosure, there is provided a vehicle key sharing device, including:

a processor;

A memory for storing processor-executable instructions;

wherein the processor is configured to perform the steps of the method of any of the first aspects.

According to an eighth aspect of the embodiments of the present disclosure, there is provided a vehicle key sharing device, including:

a processor;

a memory for storing processor-executable instructions;

wherein the processor is configured to perform the steps of the method of any of the second aspects.

According to a ninth aspect of the embodiments of the present disclosure, there is provided a vehicle key sharing device, including:

a processor;

a memory for storing processor-executable instructions;

wherein the processor is configured to perform the steps of the method described in the third aspect.

According to a tenth aspect of embodiments of the present disclosure, there is provided a computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the steps of the method of any of the first aspects.

According to an eleventh aspect of embodiments of the present disclosure, there is provided a computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the steps of the method of any of the second aspects.

According to a twelfth aspect of embodiments of the present disclosure, there is provided a computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the steps of the method described in the third aspect.

In the above scheme, the vehicle service end maintains the public key of the user account, and the public key is a public key of a public-private key pair generated by the user terminal for the account logged in by the user terminal. That is, the user terminal generates a public-private key pair for the user account in advance, and maintains the public key at the vehicle server. Therefore, when the first terminal performs vehicle key sharing, the first terminal can send sharing information to the vehicle service end, wherein the sharing information is used for sharing the vehicle key to the target account.

The vehicle service end can determine a target public key of the target account from the maintained public keys, and send the target public key to the first terminal. In this way, the first terminal can generate authentication information through the private key signature of the owner account according to the target public key and the sharing information, and send the authentication information to the vehicle service end. The vehicle service end can send the authentication information and the vehicle certificate to the target terminal registered by the target account, so that vehicle key sharing is completed.

By adopting the scheme, the user terminal generates a public and private key pair for receiving key sharing for the user account in advance, and maintains the public key in the public key pair at the vehicle service end. Thus, when the first terminal shares the vehicle key, the public key of the receiver can be obtained in advance, and the public key is used as the public key of the shared vehicle key to generate the authentication information. In the vehicle key sharing mode, the sharing party does not need to wait for the receiving party to generate the vehicle key, so that the sharing party and the receiving party do not need to interact and wait for a plurality of times, and the effect of improving the vehicle key sharing speed can be achieved.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure.

Fig. 1 is a schematic diagram illustrating a certificate exchange result according to an exemplary embodiment.

FIG. 2 is a flow chart illustrating a vehicle key sharing method according to an exemplary embodiment.

Fig. 3 is a flowchart illustrating an implementation of step S25 in fig. 2 according to an exemplary embodiment.

FIG. 4 is a flowchart illustrating a vehicle key sharing method according to an exemplary embodiment.

FIG. 5 is a flow chart illustrating a vehicle key sharing method according to an exemplary embodiment.

Fig. 6 is a block diagram illustrating a vehicle key sharing apparatus according to an exemplary embodiment.

Fig. 7 is a block diagram illustrating a vehicle key sharing apparatus according to an exemplary embodiment.

Fig. 8 is a block diagram illustrating a vehicle key sharing apparatus according to an exemplary embodiment.

Fig. 9 is a block diagram illustrating a vehicle service end 1900 according to an example embodiment.

Fig. 10 is a block diagram of a target terminal 1000, according to an example embodiment.

Fig. 11 is a block diagram of a first terminal 1100, according to an example embodiment.

Detailed Description

Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present disclosure as detailed in the accompanying claims.

Before introducing the vehicle key sharing method, device and storage medium of the embodiments of the present disclosure, an application scenario of the embodiments of the present disclosure is first described. In the use process of the car key, the car owner can authorize the car key to other users in a key sharing mode. Before the owner shares the key, the owner needs to pair his own terminal with the vehicle. Pairing, namely that the vehicle owner terminal and the vehicle complete certificate interaction, and complete certificate chain mutual trust through a pre-stored CA (Certificate Authority ) certificate.

Fig. 1 is a schematic diagram of a certificate exchange result according to an exemplary embodiment of the present disclosure, and after the completion of the certificate exchange, certificates owned by a vehicle server, a vehicle owner terminal, and a vehicle are shown in fig. 1.

When sharing the keys, the vehicle owners can set sharing information in the vehicle owner terminal, such as receiving accounts of the vehicle keys, time efficiency of the shared vehicle keys and the like. After that, the owner terminal can interact with the friend terminal once to verify the correctness of the information shared by the car key. After the sharing information is verified correctly, the user (friend) can receive the key sharing at the friend terminal and generate a pair of public and private keys and a friend car key public key certificate through the friend terminal in real time (the owner terminal needs to wait in the period).

And then, the vehicle owner terminal and the friend terminal carry out second interaction, the friend terminal transmits the generated public key certificate of the friend vehicle key to the vehicle owner terminal, and after the vehicle owner terminal passes through certificate chain verification, authentication information is generated based on the public key certificate of the friend vehicle key and sharing information, and the authentication information and the vehicle certificate are sent to the friend terminal, so that key sharing is completed.

However, in the vehicle key sharing process, multiple interactions between the vehicle owner terminal and the friend terminal are required, and the vehicle owner terminal also needs to wait for the friend terminal to generate the key pair. Thus, the sharing process takes a long time.

In addition, in some vehicle key sharing processes based on public agreements, participation of a terminal device server and a vehicle may be involved. Under the situation, the sharing flow of the vehicle key also needs to be adjusted by the terminal manufacturer of the terminal equipment server and the vehicle enterprise of the vehicle, so that the development and maintenance cost is high.

Therefore, the embodiment of the disclosure provides a vehicle key sharing method applied to a vehicle service end. The vehicle-mounted service end can be a vehicle server arranged by a vehicle enterprise to which the vehicle belongs. The vehicle service end maintains a public key of a user account, wherein the public key is a public key of a public-private key pair generated by a user terminal for an account logged in by the user terminal. The account may be an account of a vehicle enterprise application.

Fig. 2 is a flowchart of a vehicle key sharing method according to an exemplary embodiment of the present disclosure, and referring to fig. 2, the method includes:

in step S21, sharing information of the first terminal is received, where the sharing information is used to share the vehicle key to the target account.

In an embodiment, the first terminal may be a vehicle owner terminal. When the vehicle owner needs to share the vehicle key, the sharing information can be set at the first terminal, and the sharing information can include a target account of the sharee, vehicle key sharing timeliness, permission and the like.

In one embodiment, the shared information may be encrypted for security. For example, the first terminal may encrypt the sharing information through a private key of the owner account, and send the encrypted sharing information to the vehicle service end. In this case, the vehicle service end may verify the shared information by using the public key of the vehicle owner account, and decrypt the shared information to obtain the plaintext of the shared information.

In step S22, a target public key of the target account is determined from the maintained public keys.

In one embodiment, the vehicle server may maintain an association of the user account with the public key. Thus, the vehicle service end can search the association relation according to the target account, so as to obtain the target public key of the target account.

The manner in which the public key is obtained by the vehicle service side is exemplarily described below.

In one possible implementation, the vehicle server may respond to registering an account with a second terminal, and send a key generation instruction to the second terminal, where the key generation instruction is used to instruct the second terminal to generate a first public-private key pair for the registered account; and obtaining and storing the public key in the first public-private key pair.

For example, when a user registers an account with a vehicle enterprise application of a second terminal, the vehicle server may send a key generation instruction to the second terminal. The second terminal may pre-generate a pair of first public-private key pairs for the registered account in response to the key generation instruction. The public key of the first public-private key pair may be maintained in the vehicle server, and the private key may be maintained locally by the second terminal.

In one possible implementation, the public key maintained by the vehicle server corresponds to the user account and the terminal logging into the user account one by one. That is, a public key corresponds to a user account and a terminal that logs into the user account. The vehicle service may determine, in response to logging into an account at the second terminal, from the maintained public keys, whether there is a public key corresponding to the logged-in account and the second terminal.

And under the condition that the public key corresponding to the logged-in account and the public key of the second terminal does not exist in the maintained public key, the vehicle service end can send a key generation instruction to the second terminal, wherein the key generation instruction is used for indicating the second terminal to generate a second public-private key pair for the logged-in account.

The second terminal may generate a second public-private key pair for the logged-in account in response to the key generation instruction. The vehicle service end can also acquire and store the public key in the second public-private key pair, and maintain the association relationship among the logged account, the second terminal and the public key in the second public-private key pair.

Referring to fig. 2, in step S23, a target public key is transmitted to a first terminal.

For example, the vehicle service side may sign the target public key according to the CA private key of the vehicle service side, and send the target public key with the signature to the first terminal.

In step S24, authentication information sent by the first terminal is received, where the authentication information is obtained by signing the shared information and the target public key by the first terminal through the private key of the owner account.

After receiving the target public key, the first terminal can sign the sharing information and the target public key through a private key of an owner account to obtain the authentication information.

In some scenarios, the first terminal may receive a target public key accompanied by a vehicle server signature. In this case, the first terminal may verify the signature by the public key of the vehicle server, and regenerate the authentication information after verification.

In step S25, the authentication information and the vehicle certificate are transmitted to the target terminal to which the target account is registered.

In one embodiment, the vehicle server may determine the vehicle to which the vehicle key to be shared belongs. The vehicle service end can also acquire the vehicle certificate of the vehicle and send the authentication information and the vehicle certificate to a target terminal registered by a target account.

In one embodiment, the first terminal may also send the authentication information and the vehicle certificate to the vehicle server. In this case, the vehicle service side may transmit the received authentication information and the vehicle certificate to the target terminal to which the target account is registered.

In one embodiment, when the vehicle service end transmits the authentication information and the vehicle certificate to the target terminal registered by the target account, the vehicle service end may further verify the target terminal, and transmit the authentication information and the vehicle certificate if the verification is passed.

Fig. 3 is a flowchart illustrating an implementation of step S25 in fig. 2 according to an exemplary embodiment of the present disclosure, and referring to fig. 3, the implementation of step S25 includes:

in step S251, the vehicle key sharing link is transmitted to the first terminal, so that the first terminal transmits the vehicle key sharing link to the target terminal.

As an example, after receiving the authentication information, the vehicle service end may generate a vehicle key sharing link and send the vehicle key sharing link to the first terminal. In this way, the vehicle owner can send the vehicle key sharing link to the target terminal of the target account through the first terminal.

In step S252, in response to the target terminal accessing the vehicle key sharing link, the identity of the target terminal is verified.

In one possible implementation, the vehicle key sharing link generated by the vehicle server corresponds to the first session identifier. When the target terminal accesses the car key link, the car server can acquire the current session identifier to acquire a second session identifier. In this way, if the first session identification is consistent with the second session identification, authentication may be determined to pass.

In one possible implementation, the vehicle server may obtain an account for accessing the vehicle key sharing link. For example, the user accesses the vehicle key sharing link through the vehicle enterprise application, and the vehicle server may obtain an account logged in to the vehicle enterprise application. In this way, the vehicle server may determine that the authentication is passed in the case that the account accessing the vehicle key sharing link is the target account.

In one possible implementation manner, the vehicle server may also obtain the second session identifier and access the account of the vehicle key sharing link. And determining that the target terminal passes the authentication under the condition that the account accessing the vehicle key sharing link is the target account and the second session identifier is consistent with the first session identifier.

Therefore, through verifying the session identifier and performing account verification, the phenomenon that the vehicle key sharing link is copied and stolen, and then the vehicle key is shared to other accounts can be avoided.

Referring to fig. 3, in step S253, in the case where the authentication is passed, description information of vehicle key sharing is transmitted to the target terminal. The description information can be a summary of vehicle key sharing, and can comprise related information of a vehicle owner, a description of vehicle key sharing and the like.

In step S254, the digital key certificate sent by the target terminal is received, the digital key certificate is sent after the target terminal confirms that the vehicle key is received, and the digital key certificate is obtained by signing the target public key by the target terminal.

After receiving the description information, the target terminal can perform information verification and determine whether to accept vehicle key sharing. In the scenario that the user accepts vehicle key sharing, a digital key certificate can be sent to a vehicle service end through a target terminal.

In step S255, the digital key certificate is verified for authenticity, and if the digital key certificate passes the authenticity verification, the vehicle certificate and the authentication information are transmitted to the target terminal.

As an example, the digital key certificate is signed by the target terminal by a PKI (Public Key Infrastructure ) private key trusted by the vehicle server. In step S255, the vehicle service end performs trusted verification on the digital key certificate, including:

receiving a PKI certificate sent by the target terminal;

verifying the digital key certificate through the PKI certificate to obtain a public key to be verified;

and under the condition that the public key to be verified is consistent with the target public key, determining that the trusted verification of the digital key certificate is passed.

That is, the vehicle service end can verify the certificate chain including the PKI certificate and the digital key certificate, and finally obtain the public key to be verified. If the public key to be verified is consistent with the target public key of the server, the trusted verification of the digital key certificate can be determined to pass.

It should be noted that, in addition to the PKI certificate, the vehicle service end may also trust other certificates, such as the TEECA certificate of the target terminal, that is, the CA certificate of the trusted execution environment of the target terminal. That is, the target terminal may sign the target public key through the TEECA private key to obtain the digital key certificate. In this case, the vehicle service end may perform trusted verification on the digital key certificate according to the TEECA certificate.

In the case that both authentication and trust verification pass, the vehicle server may send the vehicle certificate and the authentication information to the target terminal. The target terminal may receive and store the vehicle certificate and authentication information. For example, the target terminal may write the vehicle certificate and the authentication information into a related secure storage space of the vehicle enterprise application based on the setting of the vehicle enterprise application. After the writing is completed, the target terminal can return the vehicle key state to the vehicle service end. Thus, the vehicle service end can send the vehicle key sharing result to the first terminal and the target terminal.

By adopting the scheme, the user terminal generates a public and private key pair for receiving key sharing for the user account in advance, and maintains the public key in the public key pair at the vehicle service end. In this way, when the first terminal shares the vehicle key, the public key can be obtained in advance, and the public key is used as the public key of the shared vehicle key to generate the authentication information. In the vehicle key sharing mode, the sharing party does not need to wait for the receiving party to generate the vehicle key, so that the sharing party and the receiving party do not need to interact and wait for a plurality of times, and the effect of improving the vehicle key sharing speed can be achieved.

In addition, the scheme can realize certificate-based vehicle key sharing in a digital vehicle key scene based on a private protocol. Compared with a related vehicle key sharing scheme based on the key, the scheme does not need a server to generate and issue the key, so that the risk of key leakage is reduced, and higher safety is achieved.

In addition, the scheme can be compatible with the private protocol of the digital car key. The user can realize the related operation of the vehicle key only through the vehicle enterprise application, and the vehicle key sharing is carried out. Unlike the public agreement digital car key scheme, the car key sharing scheme does not require the participation of a terminal equipment server and a vehicle. Thus, development and maintenance costs are lower. For example, in maintenance and upgrade, only the vehicle service end and the vehicle enterprise application need to be changed, and the terminal equipment server and the vehicle need not to be upgraded.

It should be further noted that, in some scenarios, the target account may be logged in on a plurality of terminals, and each terminal stores a corresponding public key on the server. In this case, the vehicle service end may take each of the terminals as a target terminal, and take the public key of the terminal as a target public key.

When the first terminal receives a plurality of target public keys, for each target public key, authentication information can be generated based on the target public key and the sharing information, and finally a plurality of authentication information with the same number as the target public key is obtained.

The user who receives the vehicle key sharing can access the vehicle key sharing link from the target terminal used by the user, and the vehicle service end can send the vehicle certificate and the authentication information generated by the first terminal for the target terminal (namely, the authentication information generated according to the public key of the target terminal) to the target terminal.

Based on the same inventive concept, the embodiment of the disclosure also provides a vehicle key sharing method, which is applied to the target terminal. The target terminal may be the target terminal referred to in the above embodiment. Fig. 4 is a flowchart of a vehicle key sharing method according to an exemplary embodiment of the present disclosure, and referring to fig. 4, the method includes:

in step S41, authentication information and a vehicle certificate transmitted from the vehicle server are received.

Regarding the implementation of the first terminal to generate the sharing information/authentication information, the vehicle server maintains the public key/obtains the target public key, which has been described in detail in the embodiments related to fig. 2 and 3, and for brevity of description, this will not be described in detail in the embodiments of the disclosure.

An embodiment of step S41 is exemplarily described below.

In one possible implementation manner, the receiving the authentication information and the vehicle certificate sent by the vehicle server includes:

receiving a vehicle key sharing link sent by the first terminal, wherein the vehicle key sharing link is generated by the vehicle server and is sent to the first terminal;

identity verification is carried out through the vehicle key sharing link;

the vehicle server receives the description information shared by the vehicle keys sent by the vehicle server, and sends the description information after the identity verification is passed;

under the condition that the vehicle key sharing is confirmed to be accepted according to the description information, a digital key certificate is sent to the vehicle service end, and the digital key certificate is obtained by signing the target public key through the target terminal;

and receiving the vehicle certificate and the authentication information sent by the vehicle server, and sending the vehicle certificate and the authentication information by the vehicle server after the digital key certificate passes the trusted verification.

That is, in the case where both the authentication and the trust authentication pass, the vehicle service side may transmit the vehicle certificate and the authentication information to the target terminal. The target terminal may receive and store the vehicle certificate and authentication information.

With respect to authentication, in one possible implementation, the vehicle key sharing link corresponds to a first session identifier, and the authentication by the vehicle key sharing link includes:

and submitting information of an account logged in the target terminal to the vehicle server through the vehicle key sharing link, wherein the information of the account and the first session identifier are used for the vehicle server to carry out identity verification on the target terminal.

For example, when the target terminal accesses the vehicle key link, the vehicle server may acquire the current session identifier, and obtain the second session identifier. The vehicle service end can also acquire an account for accessing the vehicle key sharing link. For example, when a user accesses the vehicle key sharing link through a vehicle enterprise application, information of an account logged in a target terminal can be submitted to a vehicle server, so that the vehicle server can determine the account accessing the vehicle key sharing link.

In this way, the vehicle server may determine that the target terminal authentication passes when the account accessing the vehicle key sharing link is the target account and the second session identifier is identical to the first session identifier.

With respect to trusted verification, in one possible implementation, the sending the digital key certificate to the vehicle service end includes:

signing the target public key through a PKI private key trusted by the vehicle server to obtain the digital key certificate;

and sending the digital key certificate and a PKI certificate to the vehicle service end, wherein the PKI certificate is used for the vehicle service end to perform trusted verification on the digital key certificate.

The vehicle service end can verify a certificate chain comprising a PKI certificate and a digital key certificate, and finally obtain a public key to be verified. If the public key to be verified is consistent with the target public key of the server, the trusted verification of the digital key certificate can be determined to pass.

In a possible embodiment, the method comprises, on the basis of fig. 4:

receiving a key generation instruction of the vehicle service end, wherein the key generation instruction is sent by the vehicle service end under the condition that the target terminal is monitored to request to register a user account;

generating a first public-private key pair for the registered account in response to the key generation instruction;

and sending the public key in the first public-private key pair to the vehicle service end.

For example, when a user registers an account with a vehicle enterprise application of a target terminal, the vehicle server may send a key generation instruction to the target terminal. The target terminal may pre-generate a pair of first public-private key pairs for the registered account in response to the key generation instruction. The public key of the first public-private key pair may be maintained in the vehicle server, and the private key may be maintained locally by the target terminal.

In a possible implementation manner, the public key maintained by the vehicle service end corresponds to a user account and a terminal logging in the user account one by one, and the method comprises, on the basis of fig. 4:

receiving a key generation instruction of the vehicle service end, wherein the key generation instruction is sent by the vehicle service end when the public key maintained by the vehicle service end does not exist in the registered accounts corresponding to the target terminal and the target terminal, and the key generation instruction is used for indicating the target terminal to generate a second public-private key pair for the registered accounts;

and sending a public key in the second public-private key pair to the vehicle service end, wherein the public key is used for maintaining the association relationship among the public key, the target terminal and the account registered by the target terminal by the vehicle service end.

Therefore, the target terminal can generate the public and private key pair in advance for the account logged in or registered in the target terminal, and the public and private key pair can be used for sharing the vehicle keys, so that the speed of sharing the vehicle keys can be improved.

Based on the same inventive concept, the embodiment of the disclosure further provides a vehicle key sharing method, which is applied to the first terminal. The first terminal may be, for example, the first terminal referred to in the above embodiment. Fig. 5 is a flowchart of a vehicle key sharing method according to an exemplary embodiment of the present disclosure, and referring to fig. 5, the method includes:

In step S51, sharing information is sent to the vehicle server, where the sharing information is used to share the vehicle key to the target account;

in step S52, a target public key of a target account sent by a vehicle server is received, the target public key is determined by the vehicle server from the maintained public keys, the vehicle server maintains a public key of a user account, and the public key is a public key of a public-private key pair generated by the user terminal for an account logged in at the user terminal;

in step S53, the private key of the owner account is used to sign the distribution information and the target public key, so as to obtain authentication information;

in step S54, the authentication information is transmitted to the vehicle service side so that the vehicle service side transmits the authentication information and the vehicle certificate to the target terminal to which the target account is registered.

The manner in which the first terminal performs steps S51 to S54 has been described in detail in relation to the embodiments of fig. 2 and 3. For brevity of description, the embodiments of the present disclosure will not be described in detail.

Based on the same inventive concept, the embodiment of the disclosure provides a vehicle key sharing device, which is applied to a vehicle server, wherein the vehicle server maintains a public key of a user account, and the public key is a public key of a public-private key pair generated by a user terminal for an account logged in by the user terminal. FIG. 6 is a block diagram of a vehicle key sharing apparatus according to an exemplary embodiment of the present disclosure, as shown in FIG. 6, the apparatus includes:

the first receiving module 601 is configured to receive sharing information of the first terminal, where the sharing information is used for sharing the vehicle key to the target account;

a first determination module 602 configured to determine a target public key of the target account from the maintained public keys;

a first sending module 603 configured to send the target public key to the first terminal;

the second receiving module 604 is configured to receive authentication information sent by the first terminal, where the authentication information is obtained by signing the sharing information and the target public key by the first terminal through a private key of an owner account;

and a second sending module 605 configured to send the authentication information and the vehicle certificate to a target terminal registered by the target account.

Optionally, the second sending module includes:

the first sending sub-module is configured to send a vehicle key sharing link to the first terminal so that the first terminal can send the vehicle key sharing link to the target terminal;

the first verification sub-module is configured to respond to the target terminal to access the vehicle key sharing link and perform identity verification on the target terminal;

the second sending sub-module is configured to send the description information shared by the vehicle keys to the target terminal under the condition that the identity verification is passed;

the first receiving sub-module is configured to receive a digital key certificate sent by the target terminal, the digital key certificate is sent after the target terminal confirms that the vehicle key is received for sharing, and the digital key certificate is obtained by signing the target public key by the target terminal;

And the second verification sub-module is configured to perform trusted verification on the digital key certificate, and send the vehicle certificate and the authentication information to the target terminal under the condition that the trusted verification passes.

Optionally, the vehicle key sharing link corresponds to a first session identifier, and the first verification sub-module is configured to:

responding to the target terminal to access the vehicle key sharing link, and acquiring a current session identifier to obtain a second session identifier;

acquiring an account for accessing the vehicle key sharing link;

and under the condition that the account accessing the vehicle key sharing link is the target account and the second session identification is consistent with the first session identification, determining that the target terminal passes the authentication.

Optionally, the digital key certificate is obtained by signing the target public key by the target terminal through a public key infrastructure PKI private key trusted by the vehicle server, and the second verification sub-module is configured to:

receiving a PKI certificate sent by the target terminal;

Optionally, the method comprises:

a fifth sending module configured to send a key generation instruction to a second terminal in response to registering an account with the second terminal, the key generation instruction being for instructing the second terminal to generate a first public-private key pair for the registered account;

and the first acquisition module is configured to acquire and store the public key in the first public-private key pair.

Optionally, the public key maintained by the vehicle service end corresponds to a user account and a terminal logging in the user account one by one, and the device comprises:

a second determination module configured to determine, in response to logging into an account at a second terminal, from among the maintained public keys, whether there is a public key corresponding to the logged-in account and the second terminal;

a sixth sending module configured to send, to the second terminal, a key generation instruction for instructing the second terminal to generate a second public-private key pair for the logged-in account, in a case where there is no public key corresponding to the logged-in account and the second terminal in the maintained public key;

the second acquisition module is configured to acquire and store the public key in the second public-private key pair, and maintain the association relationship among the logged account, the second terminal and the public key in the second public-private key pair.

Based on the same inventive concept, the embodiment of the disclosure provides a vehicle key sharing device, which is applied to a target terminal. Fig. 7 is a block diagram of a vehicle key sharing device according to an exemplary embodiment of the present disclosure, and as shown in fig. 7, the device includes:

a third receiving module 701 configured to receive authentication information and a vehicle certificate sent by a vehicle server;

Optionally, the third receiving module includes:

the second receiving sub-module is configured to receive a vehicle key sharing link sent by the first terminal, wherein the vehicle key sharing link is generated by the vehicle service end and is sent to the first terminal;

the third verification sub-module is configured to perform identity verification through the vehicle key sharing link;

the third receiving sub-module is configured to receive the description information shared by the vehicle keys and sent by the vehicle service end, and the vehicle service end sends the description information after the identity verification is passed;

the third sending submodule is configured to send a digital key certificate to the vehicle service end under the condition that the vehicle key sharing is confirmed to be accepted according to the description information, and the digital key certificate is obtained by signing the target public key by the target terminal;

and the fourth receiving sub-module is configured to receive the vehicle certificate and the authentication information sent by the vehicle server, and the vehicle server sends the vehicle certificate and the authentication information after the digital key certificate passes the trusted verification.

Optionally, the vehicle key sharing link corresponds to a first session identifier, and the third verification sub-module is configured to:

Optionally, the third sending sub-module is configured to sign the target public key through a PKI private key trusted by the vehicle server to obtain the digital key certificate when the vehicle key sharing is confirmed to be accepted according to the description information;

Optionally, the method comprises:

a fifth receiving module configured to receive a key generation instruction of the vehicle server, where the key generation instruction is sent by the vehicle server when it is detected that the target terminal requests to register a user account;

a first registration module configured to generate a first public-private key pair for a registered account in response to the key generation instruction;

and the seventh sending module is configured to send the public key in the first public-private key pair to the vehicle server.

a sixth receiving module configured to receive a key generation instruction of the vehicle server, where the key generation instruction is sent by the vehicle server if it is determined that the public key maintained does not exist in the public key corresponding to the target terminal and the account registered in the target terminal, and the key generation instruction is used to instruct the target terminal to generate a second public-private key pair for the registered account;

and the eighth sending module is configured to send a public key in the second public-private key pair to the vehicle service end, wherein the public key is used for maintaining the association relationship among the public key, the target terminal and the account in which the target terminal is registered by the vehicle service end.

Based on the same inventive concept, an embodiment of the present disclosure provides a vehicle key sharing device, which is applied to a first terminal. FIG. 8 is a block diagram of a vehicle key sharing apparatus according to an exemplary embodiment of the present disclosure, as shown in FIG. 8, the apparatus includes:

a third sending module 801, configured to send sharing information to a vehicle server, where the sharing information is used to share a vehicle key to a target account;

A fourth receiving module 802, configured to receive a target public key of the target account sent by a vehicle server, where the target public key is determined by the vehicle server from maintained public keys, the vehicle server maintains a public key of a user account, and the public key is a public key of a public-private key pair generated by a user terminal for an account logged in at the user terminal;

the first signing module 803 is configured to sign the sharing information and the target public key through a private key of an owner account to obtain authentication information;

the fourth sending module 804 is configured to send the authentication information to the vehicle service end, so that the vehicle service end sends the authentication information and the vehicle certificate to the target terminal registered by the target account.

The embodiment of the disclosure also provides a vehicle key sharing device, which comprises:

a processor;

a memory for storing processor-executable instructions;

the processor is configured to execute the steps of the vehicle key sharing method applied to the vehicle service end provided in any embodiment of the disclosure.

a processor;

a memory for storing processor-executable instructions;

the processor is configured to execute the steps of the vehicle key sharing method applied to the target terminal provided in any embodiment of the disclosure.

a processor;

a memory for storing processor-executable instructions;

the processor is configured to execute the steps of the vehicle key sharing method applied to the first terminal provided in the embodiment of the disclosure.

The embodiments of the present disclosure also provide a computer readable storage medium having stored thereon computer program instructions that, when executed by a processor, implement the steps of the vehicle key sharing method for application to a vehicle server provided in any embodiment of the present disclosure.

The embodiments of the present disclosure also provide a computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the steps of the vehicle key sharing method applied to a target terminal provided in any embodiment of the present disclosure.

The embodiments of the present disclosure also provide a computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the steps of the vehicle key sharing method applied to the first terminal provided in any embodiment of the present disclosure.

The specific manner in which the various modules perform the operations in the apparatus of the above embodiments have been described in detail in connection with the embodiments of the method, and will not be described in detail herein.

Fig. 9 is a block diagram illustrating a vehicle service end 1900 according to an example embodiment. For example, vehicle service end 1900 may be provided as a server. Referring to fig. 9, the vehicle service end 1900 includes a processing component 1922 that further includes one or more processors and memory resources represented by memory 1932 for storing instructions, such as application programs, that can be executed by the processing component 1922. The application programs stored in memory 1932 may include one or more modules each corresponding to a set of instructions. In addition, the processing component 1922 is configured to execute instructions to perform the vehicle key sharing method described above as applied to the vehicle service.

The vehicle service 1900 may also include a power component 1926 configured to perform power management of the vehicle service 1900, a wired or wireless network interface 1950 configured to connect the vehicle service 1900 to a network, and an input/output interface 1958. Vehicle service end 1900 mayTo operate an operating system based on storage in memory 1932, such as Windows Server ^TM ，Mac OS X ^TM ，Unix ^TM ，Linux ^TM ，FreeBSD ^TM Or the like.

Fig. 10 is a block diagram of a target terminal 1000, according to an example embodiment. For example, target terminal 1000 can be a mobile phone, tablet device, or the like.

Referring to fig. 10, target terminal 1000 can include one or more of the following components: a processing component 1002, a memory 1004, a power component 1006, a multimedia component 1008, an audio component 1010, an input/output interface 1012, a sensor component 1014, and a communication component 1016.

Processing component 1002 generally controls overall operation of target terminal 1000, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing component 1002 can include one or more processors 1020 to execute instructions to perform all or part of the steps of the vehicle key sharing method described above as applied to a target terminal. Further, the processing component 1002 can include one or more modules that facilitate interaction between the processing component 1002 and other components. For example, the processing component 1002 can include a multimedia module to facilitate interaction between the multimedia component 1008 and the processing component 1002.

Memory 1004 is configured to store various types of data to support operation at target terminal 1000. Examples of such data include instructions for any application or method operating on target terminal 1000, contact data, phonebook data, messages, pictures, video, and the like. The memory 1004 may be implemented by any type or combination of volatile or nonvolatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disk.

Power supply component 1006 provides power to the various components of target terminal 1000. Power supply component 1006 can include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for target terminal 1000.

Multimedia component 1008 includes a screen that provides an output interface between the target terminal 1000 and the user. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive input signals from a user. The touch panel includes one or more touch sensors to sense touches, swipes, and gestures on the touch panel. The touch sensor may sense not only the boundary of a touch or slide action, but also the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia assembly 1008 includes a front-facing camera and/or a rear-facing camera. When the target terminal 1000 is in an operation mode, such as a photographing mode or a video mode, the front camera and/or the rear camera may receive external multimedia data. Each front camera and rear camera may be a fixed optical lens system or have focal length and optical zoom capabilities.

The audio component 1010 is configured to output and/or input audio signals. For example, audio component 1010 includes a Microphone (MIC) configured to receive external audio signals when target terminal 1000 is in an operational mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signals may be further stored in memory 1004 or transmitted via communication component 1016. In some embodiments, the audio component 1010 further comprises a speaker for outputting audio signals.

The input/output interface 1012 provides an interface between the processing assembly 1002 and peripheral interface modules, which may be a keyboard, click wheel, buttons, and the like. These buttons may include, but are not limited to: homepage button, volume button, start button, and lock button.

Sensor assembly 1014 includes one or more sensors for providing status assessment of various aspects to target terminal 1000. For example, sensor assembly 1014 may detect an on/off state of target terminal 1000, a relative positioning of components such as a display and keypad of target terminal 1000, sensor assembly 1014 may also detect a change in position of target terminal 1000 or a component of target terminal 1000, the presence or absence of user contact with target terminal 1000, an orientation or acceleration/deceleration of target terminal 1000, and a change in temperature of target terminal 1000. The sensor assembly 1014 may include a proximity sensor configured to detect the presence of nearby objects in the absence of any physical contact. The sensor assembly 1014 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 1014 can also include an acceleration sensor, a gyroscopic sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.

Communication component 1016 is configured to facilitate communication between target terminal 1000 and other devices, either wired or wireless. Target terminal 1000 can access a wireless network based on a communication standard, such as WiFi,4G, or 5G, or a combination thereof. In one exemplary embodiment, the communication component 1016 receives broadcast signals or broadcast-related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 1016 further includes a Near Field Communication (NFC) module to facilitate short range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, ultra Wideband (UWB) technology, bluetooth (BT) technology, and other technologies.

In an exemplary embodiment, the target terminal 1000 can be implemented by one or more Application Specific Integrated Circuits (ASICs), digital Signal Processors (DSPs), digital Signal Processing Devices (DSPDs), programmable Logic Devices (PLDs), field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic elements for performing the vehicle key sharing method described above as being applied to the target terminal.

In an exemplary embodiment, a non-transitory computer readable storage medium is also provided, such as memory 1004, including instructions executable by processor 1020 of target terminal 1000 to perform the above-described vehicle key sharing method applied to the target terminal. For example, the non-transitory computer readable storage medium may be ROM, random Access Memory (RAM), CD-ROM, magnetic tape, floppy disk, optical data storage device, etc.

Fig. 11 is a block diagram of a first terminal 1100, according to an example embodiment. For example, the first terminal 1100 may be a mobile phone, a tablet device, or the like.

Referring to fig. 11, the first terminal 1100 may include one or more of the following components: a processing component 1102, a memory 1104, a power component 1106, a multimedia component 1108, an audio component 1111, an input/output interface 1112, a sensor component 1114, and a communication component 1116.

The processing component 1102 generally controls overall operation of the first terminal 1100, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing component 1102 may include one or more processors 1120 to execute instructions to perform all or part of the steps of the vehicle key sharing method described above as being applied to the first terminal. Further, the processing component 1102 can include one or more modules that facilitate interactions between the processing component 1102 and other components. For example, the processing component 1102 may include a multimedia module to facilitate interaction between the multimedia component 1108 and the processing component 1102.

The memory 1104 is configured to store various types of data to support operations at the first terminal 1100. Examples of such data include instructions for any application or method operating on the first terminal 1100, contact data, phonebook data, messages, pictures, video, and the like. The memory 1104 may be implemented by any type or combination of volatile or nonvolatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disk.

The power supply component 1106 provides power to the various components of the first terminal 1100. The power supply component 1106 can include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the first terminal 1100.

Multimedia component 1108 includes a screen between the first terminal 1100 and the user that provides an output interface. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive input signals from a user. The touch panel includes one or more touch sensors to sense touches, swipes, and gestures on the touch panel. The touch sensor may sense not only the boundary of a touch or slide action, but also the duration and pressure associated with the touch or slide operation. In some embodiments, multimedia component 1108 includes a front camera and/or a rear camera. When the first terminal 1100 is in an operation mode, such as a photographing mode or a video mode, the front camera and/or the rear camera may receive external multimedia data. Each front camera and rear camera may be a fixed optical lens system or have focal length and optical zoom capabilities.

The audio component 1111 is configured to output and/or input audio signals. For example, the audio component 1111 includes a Microphone (MIC) configured to receive an external audio signal when the first terminal 1100 is in an operation mode such as a call mode, a recording mode, and a voice recognition mode. The received audio signals may be further stored in the memory 1104 or transmitted via the communication component 1116. In some embodiments, audio component 1111 also includes a speaker for outputting audio signals.

Input/output interface 1112 provides an interface between processing component 1102 and peripheral interface modules, which may be keyboards, click wheels, buttons, and the like. These buttons may include, but are not limited to: homepage button, volume button, start button, and lock button.

The sensor assembly 1114 includes one or more sensors for providing status assessment of various aspects for the first terminal 1100. For example, the sensor assembly 1114 may detect an on/off state of the first terminal 1100, a relative positioning of the assemblies, such as a display and keypad of the first terminal 1100, the sensor assembly 1114 may also detect a change in position of the first terminal 1100 or a component of the first terminal 1100, the presence or absence of a user's contact with the first terminal 1100, an orientation or acceleration/deceleration of the first terminal 1100, and a change in temperature of the first terminal 1100. The sensor assembly 1114 may include a proximity sensor configured to detect the presence of nearby objects in the absence of any physical contact. The sensor assembly 1114 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 1114 may also include an acceleration sensor, a gyroscopic sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.

The communication component 1116 is configured to facilitate communication between the first terminal 1100 and other devices, either in a wired or wireless manner. The first terminal 1100 may access a wireless network based on a communication standard, such as WiFi,4G, or 5G, or a combination thereof. In one exemplary embodiment, the communication component 1116 receives a broadcast signal or broadcast-related information from an external broadcast management system via a broadcast channel. In one exemplary embodiment, the communication component 1116 further includes a Near Field Communication (NFC) module to facilitate short range communication. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, ultra Wideband (UWB) technology, bluetooth (BT) technology, and other technologies.

In an exemplary embodiment, the first terminal 1100 may be implemented by one or more Application Specific Integrated Circuits (ASICs), digital Signal Processors (DSPs), digital Signal Processing Devices (DSPDs), programmable Logic Devices (PLDs), field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors, or other electronic elements for performing the above-described vehicle key sharing method applied to the first terminal.

In an exemplary embodiment, a non-transitory computer readable storage medium is also provided, such as a memory 1104 including instructions executable by the processor 1120 of the first terminal 1100 to perform the vehicle key sharing method applied to the first terminal. For example, the non-transitory computer readable storage medium may be ROM, random Access Memory (RAM), CD-ROM, magnetic tape, floppy disk, optical data storage device, etc.

In another exemplary embodiment, a computer program product is also provided, comprising a computer program executable by a programmable apparatus, the computer program having code portions for performing the above-described car key sharing method applied to a target terminal when executed by the programmable apparatus.

In another exemplary embodiment, a computer program product is also provided, comprising a computer program executable by a programmable apparatus, the computer program having code portions for performing the above-described vehicle key sharing method applied to a vehicle service end when executed by the programmable apparatus.

In another exemplary embodiment, a computer program product is also provided, comprising a computer program executable by a programmable apparatus, the computer program having code portions for performing the above-described vehicle key sharing method applied to a first terminal when executed by the programmable apparatus.

Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure. This disclosure is intended to cover any adaptations, uses, or adaptations of the disclosure following the general principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.

It is to be understood that the present disclosure is not limited to the precise arrangements and instrumentalities shown in the drawings, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.

Claims

1. The utility model provides a car key sharing method which is characterized in that is applied to the vehicle service side, the public key of user account is maintained to the vehicle service side, and the public key is the public key of the public and private key pair that user terminal was for the account that user terminal was logged in, the method includes:

transmitting the target public key to the first terminal;

2. The method of claim 1, wherein the sending the authentication information and vehicle credentials to the target terminal to which the target account is registered comprises:

A vehicle key sharing link is sent to the first terminal, so that the first terminal can send the vehicle key sharing link to the target terminal;

responding to the target terminal to access the vehicle key sharing link, and performing identity verification on the target terminal;

under the condition that the identity verification is passed, transmitting description information shared by the vehicle key to the target terminal;

receiving a digital key certificate sent by the target terminal, wherein the digital key certificate is sent after the target terminal confirms that the vehicle key is shared, and the digital key certificate is obtained by signing the target public key by the target terminal;

and carrying out trusted verification on the digital key certificate, and sending the vehicle certificate and the authentication information to the target terminal under the condition that the trusted verification is passed.

3. The method of claim 2, wherein the vehicle key sharing link corresponds to a first session identification, and wherein the authenticating the target terminal in response to the target terminal accessing the vehicle key sharing link comprises:

Acquiring an account for accessing the vehicle key sharing link;

4. The method according to claim 2, wherein the digital key certificate is obtained by signing the target public key by the target terminal through a public key infrastructure PKI private key trusted by the vehicle server, and the trusted verification of the digital key certificate comprises:

receiving a PKI certificate sent by the target terminal;

5. The method according to any one of claims 1 to 4, comprising:

in response to registering an account at a second terminal, sending a key generation instruction to the second terminal, wherein the key generation instruction is used for instructing the second terminal to generate a first public-private key pair for the registered account;

And obtaining and storing the public key in the first public-private key pair.

6. The method according to any one of claims 1 to 4, wherein the public key maintained by the vehicle server corresponds one-to-one to a user account and a terminal logging into the user account, the method comprising:

determining, in response to logging into an account at a second terminal, from the maintained public keys, whether there is a public key corresponding to the logged-in account and the second terminal;

if the public key corresponding to the logged-in account and the public key of the second terminal do not exist in the maintained public key, sending a key generation instruction to the second terminal, wherein the key generation instruction is used for instructing the second terminal to generate a second public-private key pair for the logged-in account;

and acquiring and storing the public key in the second public-private key pair, and maintaining the association relationship among the logged account, the second terminal and the public key in the second public-private key pair.

7. The vehicle key sharing method is characterized by being applied to a target terminal, and comprises the following steps:

8. The method of claim 7, wherein the receiving the authentication information and the vehicle certificate sent by the vehicle server includes:

identity verification is carried out through the vehicle key sharing link;

9. The method of claim 8, wherein the vehicle key sharing link corresponds to a first session identification, and wherein the authenticating via the vehicle key sharing link comprises:

10. The method of claim 8, wherein the sending the digital key certificate to the vehicle service comprises:

11. The method according to any one of claims 7 to 10, comprising:

12. The method according to any one of claims 7 to 10, wherein the public key maintained by the vehicle server corresponds one-to-one to a user account and a terminal logging into the user account, the method comprising:

13. The vehicle key sharing method is characterized by being applied to a first terminal, and comprises the following steps:

14. The utility model provides a car key sharing device which characterized in that is applied to the vehicle service side, the public key that the vehicle service side maintained user account, public key is the public key in the public key pair that user terminal was for the account that user terminal was logged in, the device includes:

15. A vehicle key sharing device, characterized in that it is applied to a target terminal, the device comprising:

16. A vehicle key sharing device, applied to a first terminal, the device comprising:

17. The utility model provides a car key sharing device which characterized in that includes:

a processor;

a memory for storing processor-executable instructions;

wherein the processor is configured to perform the steps of the method of any one of claims 1 to 13.

18. A computer readable storage medium having stored thereon computer program instructions, which when executed by a processor, implement the steps of the method of any of claims 1 to 13.