CN118202676A

CN118202676A - Sharing method, device and equipment of digital car keys and storage medium

Info

Publication number: CN118202676A
Application number: CN202280075255.7A
Authority: CN
Inventors: 茹昭; 张军
Original assignee: Guangdong Oppo Mobile Telecommunications Corp Ltd
Current assignee: Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date: 2022-01-24
Filing date: 2022-01-24
Publication date: 2024-06-14
Also published as: WO2023137757A1

Abstract

The embodiment of the application provides a sharing method, device and equipment of a digital car key and a storage medium, and relates to the technical field of vehicles. The method is applied to the authority server, and comprises the following steps: receiving a vehicle key sharing application message sent by a first device, wherein the vehicle key sharing application message carries capability description information for describing a capability, and the vehicle key sharing application message is used for applying to the authority server for configuring the authority corresponding to the capability of a second device, and the capability comprises configuration capability; and recording the capability description information corresponding to the second equipment. Based on the technical scheme provided by the embodiment of the application, the problem that the vehicle key sharing scheme lacks support for vehicle configuration can be solved.

Description

Sharing method, device and equipment of digital car keys and storage medium

Technical Field

The present application relates to the field of vehicle technologies, and in particular, to a method, an apparatus, a device, and a storage medium for sharing a digital car key.

Background

With the development of intelligent technology of automobiles, a digital car key is provided, namely, a car owner can unlock a car through a smart phone, wearable intelligent equipment and the like and perform related operations on the car.

The vehicle owner can share the digital vehicle key to friends through the vehicle key sharing scheme, and the friends can control and drive the vehicle based on the shared digital vehicle key.

Disclosure of Invention

The embodiment of the application provides a sharing method, device and equipment of a digital car key and a storage medium. The technical scheme is as follows:

In one aspect, an embodiment of the present application provides a method for sharing a digital car key, which is applied to an authority server, and the method includes:

Receiving a vehicle key sharing application message sent by a first device, wherein the vehicle key sharing application message carries capability description information for describing a capability, and the vehicle key sharing application message is used for applying to the authority server for configuring the authority corresponding to the capability of a second device, and the capability comprises configuration capability;

And recording the capability description information corresponding to the second equipment.

In another aspect, an embodiment of the present application provides a method for sharing a digital car key, which is applied to a first device, where the method includes:

The method comprises the steps that a vehicle key sharing application message is sent to an authority server, capability description information for describing the capability is carried in the vehicle key sharing application message, the vehicle key sharing application message is used for applying for the authority server for configuring the authority corresponding to the capability of the second device, and the capability comprises configuration capability.

On the other hand, an embodiment of the present application provides a method for sharing a digital car key, which is applied to a second device, and the method includes:

receiving a digital car key sent by an authority server;

Wherein, the digit car key includes: a first digital car key carrying capability description information for describing a capability, the capability including configuration capability; or, the digital car key includes: and the second digital car key carries information corresponding to the configuration capability in the capability description information.

On the other hand, the embodiment of the application provides a sharing method of a digital car key, which is applied to a vehicle and comprises the following steps:

Receiving a right configuration message sent by a right server, wherein the right configuration message is used for indicating that a right corresponding to the capability of the second device is configured to the vehicle, the capability is indicated by capability description information received by the right server, the capability description information is used for describing the capability, and the capability comprises configuration capability; configuring rights corresponding to the capabilities of the second device to the vehicle;

Or alternatively, the first and second heat exchangers may be,

And receiving a second digital car key sent by the permission server, wherein the second digital car key carries information corresponding to the configuration capability in the capability description information.

In another aspect, an embodiment of the present application provides a sharing device for a digital car key, where the device includes:

The vehicle key sharing application message is used for applying to the authority server for configuration of the authority corresponding to the capability of the second device, and the capability comprises configuration capability;

And the recording module is used for recording the capability description information corresponding to the second equipment.

the vehicle key sharing application message is used for applying for the configuration of the authority corresponding to the capability of the second device to the authority server, and the capability comprises configuration capability.

the vehicle key receiving module is used for receiving the digital vehicle key sent by the authority server;

the authority configuration module is used for receiving an authority configuration message sent by the authority server, wherein the authority configuration message is used for indicating that the authority corresponding to the capability of the second device is configured to the vehicle, the capability is indicated by capability description information received by the authority server, the capability description information is used for describing the capability, and the capability comprises configuration capability; configuring rights corresponding to the capabilities of the second device to the vehicle;

Or alternatively, the first and second heat exchangers may be,

And the vehicle key receiving module is used for receiving a second digital vehicle key sent by the permission server, wherein the second digital vehicle key carries information corresponding to the configuration capability in the capability description information.

In yet another aspect, an embodiment of the present application provides a rights server, including: a transceiver and a memory;

The transceiver is configured to receive a vehicle key sharing application message sent by a first device, where the vehicle key sharing application message carries capability description information for describing a capability, and the vehicle key sharing application message is configured to apply for configuring a right corresponding to the capability of a second device to the right server, where the capability includes configuration capability;

The memory is used for recording the capability description information corresponding to the second equipment.

In yet another aspect, an embodiment of the present application provides a first apparatus, including: a transceiver;

the transceiver is configured to send a vehicle key sharing application message to the authority server, where the vehicle key sharing application message carries capability description information for describing a capability, and the vehicle key sharing application message is configured to apply for the authority server for configuring the authority corresponding to the capability of the second device, where the capability includes configuration capability.

In yet another aspect, an embodiment of the present application provides a second apparatus, including: a transceiver;

the transceiver is used for receiving the digital car key sent by the authority server;

In yet another aspect, an embodiment of the present application provides a vehicle including: a transceiver;

the transceiver is configured to receive a permission configuration message sent by a permission server, where the permission configuration message is configured to indicate that a permission corresponding to a capability of a second device is configured to the vehicle, the capability is indicated by capability description information received by the permission server, and the capability description information is used to describe the capability, where the capability includes a configuration capability; configuring rights corresponding to the capabilities of the second device to the vehicle;

Or alternatively, the first and second heat exchangers may be,

The transceiver is configured to receive a second digital car key sent by the permission server, where the second digital car key carries information corresponding to the configuration capability in the capability description information.

In yet another aspect, an embodiment of the present application provides a computer readable storage medium having a computer program stored therein, where the computer program is loaded and executed by a processor to implement a method for sharing a digital car key according to the above aspect.

In yet another aspect, an embodiment of the present application provides a chip, where the chip includes a programmable logic circuit and/or program instructions, and when the chip runs on a computer device, the chip is configured to implement the sharing method of the digital car key described in the foregoing aspect.

In yet another aspect, embodiments of the present application provide a computer program product comprising computer instructions stored in a computer-readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device performs the sharing method of the digital car key according to the above aspect.

The technical scheme provided by the embodiment of the application can bring the following beneficial effects:

the first equipment with the digital car key sharing qualification can send a car key sharing application message to the permission server, and apply for configuration of the permission corresponding to the capacity of the second equipment to the permission server through the car key sharing application message, wherein the capacity comprises configuration capacity, so that the permission server side correspondingly records that the second equipment has the permission corresponding to at least one capacity comprising the configuration capacity, and the problem that support for car configuration is lacking in a car key sharing scheme is solved.

Drawings

FIG. 1 is a flow chart of a digital car key sharing scheme provided by an exemplary embodiment of the present application;

FIG. 2 is a schematic diagram of a digital car key sharing system provided in an exemplary embodiment of the present application;

FIG. 3 is a flow chart of a method for sharing a digital car key according to an exemplary embodiment of the present application;

FIG. 4 is a flow chart of a method for sharing a digital car key according to an exemplary embodiment of the present application;

FIG. 5 is a flow chart of bi-directional authentication between a vehicle and a device provided in an exemplary embodiment of the application;

FIG. 6 is a flow chart of a method for sharing a digital car key according to an exemplary embodiment of the present application;

FIG. 7 is a flow chart of a method for sharing a digital car key according to an exemplary embodiment of the present application;

FIG. 8 is a flow chart of a method for sharing a digital car key according to an exemplary embodiment of the present application;

FIG. 9 is a block diagram of a sharing device for a digital car key according to an exemplary embodiment of the present application;

FIG. 10 is a block diagram of a sharing device for a digital car key according to an exemplary embodiment of the present application;

FIG. 11 is a block diagram of a sharing device for a digital car key according to an exemplary embodiment of the present application;

FIG. 12 is a block diagram of a sharing device for a digital car key according to an exemplary embodiment of the present application;

Fig. 13 is a schematic view of the structure of an apparatus according to an exemplary embodiment of the present application.

Detailed Description

For the purpose of making the objects, technical solutions and advantages of the present application more apparent, the embodiments of the present application will be described in further detail with reference to the accompanying drawings.

First, the terms involved in the embodiments of the present application will be briefly described:

The digital car key is an innovative technology under the intelligent transformation of the car, and as car owners can unlock the car through smart phones, wearable equipment and the like and perform related operations on the car, the convenience of the car is improved, and more attention is paid.

The digital car key is managed through different near field communication technologies such as accurate bluetooth location, near field communication (NEARFIELD COMMUNICATION, NFC) and safer keys, becomes car key with equipment such as smart mobile phone, NFC smart card, intelligent wrist-watch and intelligent bracelet to realize that no entity key starts the vehicle, for other people long-range key authorization, individualized vehicle setting etc. comfortable convenient use experience.

Taking the digital car key standard scheme of the internet of vehicles alliance (Car Connectivity Consortium, CCC) alliance as an example, the current digital car key sharing scheme is described. For example, as shown in FIG. 1, the owner device has completed a pre-preparation, which includes: a) The owner device has completed pairing with the vehicle, b) a channel between the owner device and the friend device has been established, after preparation, the digital car key sharing scheme will be executed by:

Step 101, the owner equipment generates sharing invitation.

Step 102, the owner device sends a key creation Request (KEY CREATE Request) to the friend device.

Step 103, the friend device executes the following procedures:

a) Accepting the invitation;

b) Creating a device (endpoint);

c) A digital certificate (cert) is created using an authorized public key (Authroized PK) contained in the received device configuration data.

Step 104, the friend device sends a key signature Request (KEY SIGNING Request) to the owner device.

Step 105, generating authentication (attestation) data using the public key generated by the friend device.

And 106, the owner device sends an import request to the friend device (Import Request).

Step 107, the friend device executes the following procedures:

a) Writing key-authentication (key-attestation) data of the vehicle owner into a private mailbox (private mail box) of the friend;

b) The theft prevention token (immobilizer token) is written to the friend's confidential mailbox (confidential mailbox).

Step 108, the friend device sends a key registration to a friend device original equipment manufacturer (Original Equipment Manufacturer, OEM) server (REGISTER KEY).

Step 109, the friend device OEM server sends a Key tracking (Track Key) to the vehicle OEM server.

Step 110, the vehicle OEM server sends a key tracking response to the friend device OEM server (Track Key Response).

Step 111, the friend device OEM server sends a key registration Response (REGISTER KEY Response) to the friend device.

Step 112, the vehicle OEM server sends an event notification to the owner device OEM server (Event Notification).

Step 113, the owner device OEM server sends an event notification response to the vehicle OEM server (Event Notification Response).

Step 114, the friend device initiates a first service to the vehicle (First Transaction).

The vehicle may accept multiple friend devices and the friend devices may have limited access to the vehicle. These access rights are assigned by the vehicle owner using the profile when the digital vehicle key is issued and checked by the vehicle and/or the vehicle OEM server according to the vehicle OEM policy. The digital car key of the friend device may need to be registered in the key tracking server (KEY TRACKING SERVER, KTS) to be accepted by the car.

The owner device may choose to grant the friend device a profile during key sharing. The list of supported access profiles is defined below.

Wherein, the above control includes controlling the opening and closing of the vehicle door, the opening and closing of the vehicle window, the opening and closing of the vehicle-mounted air conditioner, the temperature, the vehicle lamp, the seat and the like; the above driving starts the engine of the vehicle, so that the user can drive.

As the interconnection of the mobile phone and the vehicle further deepens, the user needs to configure the vehicle using the mobile phone, such as configuring an intelligent control scene of the vehicle, a remote connection scheme, and the like. The operation of the deployment vehicle and the control vehicle or driving vehicle should be differentiated so that a user who can control or drive the vehicle does not necessarily have the ability to deploy the vehicle, such as: only the owner or a small number of home users are allowed to configure the car, and other relatives and friends can only use the car. In particular, in the context of car rental, the borrower should only have the right to control and drive the car, and cannot configure the car. The existing car key sharing scheme lacks support for car configuration, and cannot separate configuration and control.

In view of the above problems, an embodiment of the present application provides a method for sharing a digital vehicle key, where a first device having digital vehicle key sharing qualification may send a vehicle key sharing application message to a permission server, and apply, through the vehicle key sharing application message, for configuring a permission corresponding to a capability of a second device to the permission server, where the capability includes a configuration capability, so that a permission server side correspondingly records that the second device has a permission corresponding to at least one capability including the configuration capability, thereby solving a problem that support for vehicle configuration is lacking in a vehicle key sharing scheme.

In the following, the technical solution of the present application will be described in connection with several exemplary embodiments.

FIG. 2 illustrates a block diagram of a digital car key sharing system provided by an exemplary embodiment of the present application, which may include: a first device 10, a rights server 20, a second device 30 and a vehicle 40.

The first device 10 is a device that shares qualification with a digital car key of the vehicle 40. Illustratively, the first device 10 is a vehicle owner device and the owner of the first device 10 is the vehicle owner of the vehicle 40. The first device 10 is a terminal such as a smart phone, a computer, a tablet computer, or a wearable smart device such as a wearable smart watch, a wearable smart bracelet, or wearable smart glasses.

The authority server 20 is a server having the authority for managing the digital car keys of the vehicle 40. Illustratively, the entitlement server 20 issues the digital car key shared by the first device 10 to the second device 30 based on the request of the first device 10. The authority server 20 may be implemented as a separate server or as a server cluster.

The second device 30 is a device that obtains a digital car key of the vehicle 40 via sharing of the first device 10. Illustratively, the second device 30 is a friend device, and the owner of the second device 30 is a friend, family, or the like of the owner of the vehicle 40. The second device 30 is a terminal such as a smart phone, a computer, a tablet computer, or a wearable smart device such as a wearable smart watch, a wearable smart bracelet, or wearable smart glasses.

The vehicle 40 is a vehicle to which the owner of the first device belongs.

In the embodiment of the present application, the first device 10, the rights server 20, the second device 30 and the vehicle 40 are connected to each other through a wired or wireless network. The rights server 20 described above may also be run on the vehicle 40 or on the first device 10.

It should be understood that the "digital car key" described in the embodiments of the present application may also be understood as: electronic car keys, car digital keys, etc.

Referring to fig. 3, a flowchart of a method for sharing a digital car key according to an embodiment of the application is shown, and the method can be applied to the digital car key sharing system shown in fig. 2. The method may comprise the following steps:

step 302: the method comprises the steps that a first device sends a vehicle key sharing application message to a right server, the vehicle key sharing application message carries capability description information for describing capabilities, the vehicle key sharing application message is used for applying the right server for configuration of rights corresponding to the capabilities of a second device, and the capabilities comprise configuration capabilities.

Correspondingly, the permission server receives a vehicle key sharing application message sent by the first device.

In the embodiment of the application, the first device is a device for configuring the sharing qualification of the digital car key, and the sharing qualification of the digital car key refers to that the first device supports to apply for the server: and configuring other devices to have the authority of the vehicle. In step 302, the first device sends a vehicle key sharing application message to the rights server, so as to apply for configuring rights corresponding to the capability of the second device to the rights server.

The vehicle key sharing application message carries capability description information for describing the capability, and the capability comprises configuration capability.

Exemplary, the car key sharing application message carries: a device identification of the second device, a vehicle identification, and an access profile (AccessProfiles). The device identifier of the second device is used for identifying the second device, the vehicle identifier is used for identifying the vehicle, the access configuration file comprises at least one configuration file, such as a standard configuration file (StandardProfiles), capability description information is indicated in the standard configuration file, and the capability description information comprises information corresponding to the configuration capability.

Wherein the configuration capability is a capability to grant the third party device access to the virtual resource of the vehicle. Exemplary virtual resources of the vehicle include: access control list (Access Control List, ACL) related resources, security service related resources, device state related resources, and so forth.

The second device is illustratively configured to remotely connect the vehicle with the third party device via the configuration capability indicated by the first device.

It is understood that, in addition to giving the third party device access to the virtual resource of the vehicle, the configuration capability may be a capability of configuring the intelligent control scenario such as the user usage habit, the user usage scenario, and the like corresponding to the vehicle. For example, different users may have different default driver seat angles, and one may be configured with configuration capabilities.

In one possible implementation manner, the first device autonomously sends a vehicle key sharing application message to the authority server. In another possible implementation manner, when a digital car key sharing application request message sent by the second device is received, the first device sends a car key sharing application message to the authority server, where the digital car key sharing application request message is used to request the first device to send a car key sharing application message to the authority server.

Step 304: the authority server records the capability description information corresponding to the second device.

After receiving the vehicle key sharing application message, the permission server records the corresponding capability description information of the second device according to the content of the vehicle key sharing application message.

Illustratively, the entitlement server records the following information: a device identification of the second device, a vehicle identification, and an access profile (AccessProfiles). The device identifier of the second device is used for identifying the second device, the vehicle identifier is used for identifying the vehicle, the access configuration file comprises at least one configuration file, such as a standard configuration file (StandardProfiles), capability description information is indicated in the standard configuration file, and the capability description information comprises information corresponding to the configuration capability.

Optionally, prior to step 304, the entitlement server will also perform the following steps: after receiving the vehicle key sharing application message, verifying that the first device has the qualification of sharing the digital vehicle key.

That is, after receiving the vehicle key sharing application message, the permission server will check whether the first device has the qualification of sharing the corresponding digital vehicle key. And recording the corresponding capability description information of the second device under the condition that the first device has the qualification of sharing the corresponding digital car key.

Optionally, after step 304, the entitlement server will also perform the following steps: returning a success application message to the first equipment; the application success message is used for indicating that the vehicle key sharing application message is successfully received.

Correspondingly, the first device receives a success application message returned by the permission server.

In summary, according to the technical solution provided in this embodiment, the first device having digital car key sharing qualification may send a car key sharing application message to the permission server, and apply for configuration of the permission corresponding to the capability of the second device to the permission server through the car key sharing application message, where the capability includes the configuration capability, so that the permission server side correspondingly records that the second device has the permission corresponding to at least one capability including the configuration capability, thereby solving the problem that support to car configuration is lacking in the car key sharing solution.

In an exemplary embodiment, after the entitlement server records the capability description information corresponding to the second device (step 304), the entitlement server sends the digital car key to the second device to cause the second device to establish a connection with the vehicle based on the digital car key, thereby subsequently configuring the vehicle based on the established connection.

Scheme one: the digital car key is a key in the form of a public key digital certificate.

Under the scheme, the authority server sends the digital car key to the second equipment; the authority server sends an authority configuration message to the vehicle, and configures the authority of the second equipment to the vehicle; the second device establishes a secure connection with the vehicle using the digital vehicle key, thereby subsequently configuring the vehicle based on the secure connection.

Wherein the secure connection is a connection allowing access to configuration related data and control related data of the vehicle.

Scheme II: the digital car key is a key in the form of a symmetric key.

Under the scheme, the authority server respectively sends digital car keys to the second equipment and the vehicle; the second device establishes a configuration connection with the vehicle using the digital vehicle key, thereby subsequently configuring the vehicle based on the configuration connection.

Wherein the configuration connection is a connection allowing access to configuration related data of the vehicle.

The two schemes are further described below.

Referring to fig. 4, a flowchart of a method for sharing a digital car key according to an embodiment of the application is shown, and the method can be applied to the digital car key sharing system shown in fig. 2. The method may comprise the following steps:

Step 402: the method comprises the steps that a first device sends a vehicle key sharing application message to a permission server, the vehicle key sharing application message carries capability description information for describing capabilities, the vehicle key sharing application message is used for applying the permission server for configuration of the permissions corresponding to the capabilities of a second device, and the capabilities comprise configuration capabilities.

Step 404: the authority server records the capability description information corresponding to the second device.

Step 406: the authority server sends an authority configuration message to the vehicle, wherein the authority configuration message is used for indicating that the authority corresponding to the capability of the second device is configured to the vehicle.

Accordingly, the vehicle receives a permission configuration message sent by the permission server, the permission configuration message is used for indicating that the permission corresponding to the capability of the second device is configured to the vehicle, the capability is indicated by the capability description information received by the permission server, the capability description information is used for describing the capability, and the capability comprises the configuration capability.

Optionally, prior to step 406, the entitlement server will also perform the following steps: and receiving a vehicle key acquisition request message sent by the second equipment, wherein the vehicle key acquisition request message is used for requesting acquisition of the digital vehicle key. Accordingly, step 406 includes: and the permission server sends a permission configuration message to the vehicle when the capability description information corresponding to the vehicle key acquisition request message is found.

Optionally, the vehicle key acquisition request message carries a device identifier of the second device and a vehicle identifier. Wherein the device identification of the second device is used to identify the second device and the vehicle identification is used to identify the vehicle.

The authority server shares the application message according to the vehicle key received from the first device, so that the device identifier, the vehicle identifier and the capability description information of the corresponding second device are recorded. The permission server acquires the equipment identifier and the vehicle identifier of the second equipment from the vehicle key acquisition request message, and searches corresponding capability description information in the record according to the equipment identifier and the vehicle identifier of the second equipment. And the permission server sends a permission configuration message to the vehicle when the capability description information corresponding to the vehicle key acquisition request message is found.

Optionally, since the digital car key is a key in the form of a key certificate, the car key acquisition request message also carries the public key generated by the second device.

Illustratively, before the second device sends the vehicle key acquisition request message carrying the public key to the entitlement server, the following steps are further performed:

(1) The first device sends a public-private key request message to the second device.

Correspondingly, the second device receives the public and private key request message sent by the first device.

The public-private key request message is used for requesting the second device to generate the public-private key required by the digital car key.

For example, the public-private key request message carries a vehicle identifier, where the vehicle identifier is used to identify a vehicle, and the second device that receives the public-private key request message may explicitly generate the public-private key to generate a digital vehicle key corresponding to the vehicle.

(2) The second device generates a public-private key in response to the public-private key request message.

After generating the public and private keys, the second device sends the generated public key to the authority server through a vehicle key acquisition request message.

Step 408: and configuring the authority corresponding to the capability of the second device to the vehicle.

Optionally, configuring the authority corresponding to the capability of the second device to the vehicle includes: and adding the second equipment into the first ACL corresponding to the second equipment to obtain the authority of the second equipment for having the access control item in the first ACL.

Optionally, after step 408, the vehicle further performs the steps of: sending a configuration success message to the authority server; wherein the configuration success message is used to indicate that the rights of the second device are successfully configured to the vehicle.

Correspondingly, the permission server receives a configuration success message sent by the vehicle.

Step 410: the entitlement server sends the digital car key to the second device.

Correspondingly, the second device receives the digital car key.

Optionally, the digital car key carries a digital certificate, all or part of the capability description information.

Wherein the capability description information is used for the second device to generate a digital signature as a security credential.

Wherein the digital certificate is a certificate generated by the rights server from a public key generated by the second device.

The vehicle key obtaining request message carries the public key generated by the second device and the device identifier of the second device, and the digital certificate is generated in the following manner:

The authority server acquires a public key generated by the second equipment and the equipment identifier of the second equipment from the car key acquisition request message; a digital certificate is generated based on the public key and the device identification of the second device.

Optionally, after the second device receives the digital car key through step 410, the following steps are also performed: the second device registers the digital car key with the OEM server, and then notifies the first device of the event and gets the first device's confirmation. The specific flow may be seen from step 108 to step 113 in fig. 1.

Step 412: and the second equipment performs bidirectional authentication with the vehicle to establish a secure connection.

Bidirectional authentication refers to a process in which a vehicle and a device mutually authenticate each other, such as: the vehicle sends the public key of the vehicle generated by the vehicle to the device, after the vehicle obtains the vehicle authentication certificate generated based on the public key of the vehicle, and calculates the first digital signature based on the private key encryption challenge value of the vehicle, the vehicle authentication material (authentication material) comprising the vehicle authentication certificate and the first digital signature is sent to the device, and the device authenticates the vehicle through the vehicle authentication material, such as: signature verification and certificate verification are carried out; the device sends the device public key generated by the device to the vehicle, after the device obtains the device authentication certificate generated based on the device public key, and calculates the second digital signature based on the device private key encryption challenge value of the device, the device authentication material including the device authentication certificate and the second digital signature is sent to the vehicle, and the vehicle authenticates the device through the device authentication material, such as: signature verification and certificate verification are performed.

It will be appreciated that the device authentication certificate above is equivalent to the digital certificate carried by the digital car key in step 410, and the second digital signature above is equivalent to the digital signature generated based on the capability description information carried by the digital car key in step 410.

By way of example, referring to FIG. 5 in combination, a flow chart of a standard transaction (Standard transaction) defined in the relevant standard is shown, including a process of mutual authentication.

Step 414: the second device sends a configuration request message to the vehicle.

Correspondingly, the vehicle receives the configuration request message sent by the second device.

The configuration request message is used for requesting to configure the vehicle.

Step 416: the vehicle verifies the configuration request message.

Optionally, in the case that the configuration request message is used to request the configuration of the target item, the vehicle allows the configuration request message based on the access control item matching the target item being present in the first ACL.

Optionally, in the case that the configuration request message is used to request to configure the second ACL corresponding to the third party device, the vehicle allows the configuration request message based on the second device being a configurable user.

Step 418: the vehicle completes the configuration.

Optionally, after step 418, the vehicle will also perform the following steps: returning an operation success message to the second equipment; wherein the operation success message is used for indicating that the vehicle is successfully configured.

Correspondingly, the second device receives an operation success message returned by the vehicle.

In summary, according to the technical scheme provided by the embodiment, the digital car key sent to the second device by the authority server is a key in the form of a public key digital certificate, which is favorable for guaranteeing the reliability of the subsequent secure connection established based on the digital car key, so that the second device is helped to configure the vehicle based on the secure connection.

In an alternative embodiment of the first aspect, there are the following possible implementations of the digital car key:

(1) The digital car key is a first digital car key, and the first digital car key carries capability description information.

That is, the entitlement server generates a first digital car key for all capabilities described in the capability description information and provides the first digital car key to the second device.

Illustratively, the capabilities described in the capability description information may include at least one of the following capabilities in addition to configuration capabilities:

control capability: the control capability is a capability of controlling facilities of the vehicle.

Driving ability: drivability is the ability to launch a vehicle into a driving state.

Vehicle delivery: vehicle delivery is the ability to perform a delivery procedure on a vehicle.

And (3) parking by a host: the proxy parking is the ability to park the vehicle.

Vehicle service key: a vehicle service key is the ability to provide services to a vehicle.

(2) The digital car key is a second digital car key, and the second digital car key carries information corresponding to the configuration capability in the capability description information.

That is, the entitlement server generates a second digital car key for the information corresponding to the configuration capability in the capability description information and provides the second digital car key to the second device.

Optionally, in the case that the capability description information further includes information corresponding to a capability other than the configuration capability, the authority server generates a third digital car key for the other capability, and provides the third digital car key to the second device.

That is, in the case where the capability description information describes a plurality of capabilities including the configuration capability, the authority server individually generates one digital car key having the configuration capability (i.e., the second digital car key) as distinguished from the digital car key already defined in the related art (i.e., the third digital car key).

The third digital car key carries information corresponding to other capabilities except the configuration capability in the capability description information, and the other capabilities comprise at least one of the following: control capability, driving capability, vehicle delivery, customer parking, and vehicle service keys.

Optionally, the values of the key zone bits of the second digital car key and the third digital car key are different, and the key zone bits are used for identifying the key type; or, the second digital car key is different from the third digital car key in encryption form. Thereby formally distinguishing the two types of digital car keys.

The second digital car key is a key in the form of a public key digital certificate in the first scheme, and the third digital car key is a key in the form of a symmetric key, so that the two types of digital car keys are distinguished through the difference of encryption forms.

The second digital car key and the third digital car key are keys in the form of public key digital certificates in the first scheme, but the values of the key zone bits are different, so that the two types of digital car keys are distinguished through the different values of the key zone bits. Illustratively, the second digital car key and the third digital car key correspond to a same set of public and private keys generated by the second device; or the second digital car key and the third digital car key correspond to two different sets of public and private keys generated by the second device.

In summary, in the technical solution provided in this embodiment, under the condition that the capability description information describes multiple capabilities including configuration capabilities, the authority server may generate a first digital car key correspondingly, where the first digital car key has at least one capability including the configuration capabilities, and send the first digital car key to the second device, and the second device that obtains the first digital car key through sharing may configure the vehicle based on the first digital car key, thereby solving the problem that the vehicle key sharing scheme lacks support to the vehicle configuration.

Meanwhile, in the technical scheme provided by the embodiment, under the condition that the capability description information describes various capabilities including configuration capabilities, the authority server independently generates a second digital car key with the configuration capabilities and regenerates a third digital car key with other capabilities, the second digital car key can be realized as a key in a public key digital certificate form or a key in a symmetric key form, the second digital car key can be different from the third digital car key in encryption form, and the second digital car key with the configuration capabilities is separated from the third digital car key with other capabilities, so that the security of relevant authorities of the configuration capabilities of the vehicle is guaranteed.

Scheme II: the digital car key is a key in the form of a symmetric key.

Referring to fig. 6, a flowchart of a method for sharing a digital car key according to an embodiment of the application is shown, and the method can be applied to the digital car key sharing system shown in fig. 2. The method may comprise the following steps:

step 602: the method comprises the steps that a first device sends a vehicle key sharing application message to a permission server, the vehicle key sharing application message carries capability description information for describing capabilities, the vehicle key sharing application message is used for applying the permission server for configuration of the permissions corresponding to the capabilities of a second device, and the capabilities comprise configuration capabilities.

Step 604: the authority server records the capability description information corresponding to the second device.

Step 606: and the permission server respectively sends a second digital car key to the vehicle and the second equipment, wherein the second digital car key carries information corresponding to the configuration capability in the capability description information.

Correspondingly, the vehicle receives a second digital vehicle key sent by the authority server; the second device receives a second digital car key sent by the permission server.

Optionally, after the second device receives the second digital car key through step 606, the following steps are also performed: the second device registers the second digital car key with the OEM server, and then notifies the first device of the event and gets the first device's confirmation. The specific flow may be seen from step 108 to step 113 in fig. 1.

Step 608: the second device establishes a configuration connection with the vehicle using a second digital vehicle key.

Optionally, the second device establishes a configuration connection with the vehicle using a second digital vehicle key, comprising the steps of:

(1) The second device sends a connection establishment request message to the vehicle, the connection establishment request message being for requesting establishment of a configured connection with the vehicle, the connection establishment request message being encrypted by the second device using a second digital vehicle key.

Correspondingly, the vehicle receives a connection establishment request message sent by the second device.

(2) The vehicle uses the local second digital vehicle key as a key to decrypt and authenticate the connection establishment request message.

Optionally, the connection establishment request message carries a device identifier of the second device, or a key number of the second digital vehicle key.

For example, in the case that the connection establishment request message carries the device identifier of the second device, the vehicle locally searches for a corresponding second digital vehicle key; the vehicle uses the local second digital vehicle key as a key to decrypt and authenticate the connection establishment request message.

For example, in the case that the connection establishment request message carries the key number of the second digital car key, the vehicle locally searches for the corresponding second digital car key; the vehicle uses the local second digital vehicle key as a key to decrypt and authenticate the connection establishment request message.

(3) In the case that the connection establishment request message is authenticated, the vehicle establishes a configuration connection with the second device.

Step 610: the second device sends a configuration request message to the vehicle.

Step 612: the vehicle completes the configuration.

Optionally, after step 612, the vehicle will also perform the following steps: returning an operation success message to the second equipment; wherein the operation success message is used for indicating that the vehicle is successfully configured.

In summary, according to the technical solution provided in this embodiment, the second digital car key sent to the second device by the rights server is a key in the form of a symmetric key, which is favorable to guaranteeing the convenience of the configuration connection established based on the second digital car key, so as to help the second device configure the vehicle based on the configuration connection.

In an alternative embodiment of the second aspect, the digital car key further comprises a third digital car key in addition to the second digital car key.

The second digital car key is a key in the form of a symmetric key in the second scheme, and the third digital car key is a key in the form of a public key digital certificate, so that the two types of digital car keys are distinguished through the different encryption forms.

The second digital car key and the third digital car key are keys in the form of symmetric keys in the second scheme, but the values of the key zone bits are different, so that the two types of digital car keys are distinguished through the different values of the key zone bits.

In summary, in the technical solution provided in this embodiment, under the condition that the capability description information describes multiple capabilities including the configuration capability, the authority server generates a second digital car key with the configuration capability separately, and regenerates a third digital car key with other capabilities, where the second digital car key may be implemented as a key in the form of a public key digital certificate or as a key in the form of a symmetric key, and the second digital car key may be different from the third digital car key in encryption form, so that the second digital car key with the configuration capability and the third digital car key with other capabilities are separated, which is beneficial to guaranteeing the security of the relevant authorities of the configuration capability of the vehicle.

In the exemplary embodiment, the following two possibilities exist in the description form of the capability description information of the digital car key carried in the car key sharing application message:

(1) The description form of the capability description information is identification information of a role list item, the role list item is used for describing a role, and the capability of the role comprises configuration capability.

Illustratively, the following table is incorporated by reference:

ID	Name of the name	Description of the invention
0	full	All configuration, control and driving capabilities
1	use	Full control and driving capability, no configuration capability
2	accessOnly	Control of vehicles only, without other rights
3	accessAndConfigRestricted	Restricted access and configuration
4	accessAndDriveRestricted	Restricted access and driving
5	carDelivery	Vehicle delivery
6	valet	Bus parking

7

vehicleService

Vehicle service key

As shown in the above table, the description form of the capability description information is identification information of the character list items, and the character list items include ：full、use、accessOnly、accessAndConfigRestricted、accessAndDriveRestricted、carDelivery、valet、vehicleService of eight character list items, each of which is respectively corresponding to a corresponding number (ID).

Compared with the technical proposal provided in the related art, the two role list items of use, accessAndConfigRestricted are added in the table. use is used to describe that a character has full control and driving capabilities, no configuration capability, and can allow a user to control the vehicle and initiate driving. accessAndConfigRestricted are used to describe roles that have limited access and configuration capabilities that allow a user to configure and control some of the vehicle's facilities, such as only the rear row of the vehicle's screen, air conditioning, atmosphere lights, etc. In addition, the configuration capability is added in the full role item, and the role has all the rights of the vehicle, including the rights related to the configuration capability.

For example, in the case that the ID carried by the capability description information is 1, it indicates that the first device indicates that the second device is configured to have all the configuration, control and driving capabilities, and the second device will acquire the corresponding digital car key.

(2) The description form of the capability description information is identification information of a capability list item, wherein the capability list item is used for describing the capability, and the capability comprises configuration capability.

Illustratively, the following table is incorporated by reference:

ID	Name of the name	Description of the invention
0	Config	Configuration capability
1	Access	Control capability
2	Drive	Drivability of vehicle
3	carDelivery	Vehicle delivery
4	valet	Bus parking
5	vehicleService	Vehicle service key

As shown in the above table, the description form of the capability description information is identification information of the capability list item, and the capability list item includes: config, access, drive, carDelivery, valet, vehicleService these six capability list items, each of which corresponds to a respective number (ID).

For example, in the case that the ID carried by the capability description information is 1&2&3, it indicates that the first device indicates that the second device is configured to have the configuration capability, the control capability and the driving capability, and the second device will acquire the corresponding digital car key.

It will be appreciated that the first device may select one or more of the capability list items described above into the capability description information, and may further define specific capabilities, such as: the control capability further limits the controllable facilities, to which embodiments of the present application are not limited.

The following two embodiments are combined to describe the technical solution provided by the present application in an exemplary manner.

Referring to fig. 7, a flowchart of a method for sharing a digital car key according to an embodiment of the application is shown, and the method can be applied to the digital car key sharing system shown in fig. 2.

In this embodiment, the description form of the capability description information is identification information of a role list item, and the digital car key sent by the authority server to the second device has at least one capability, where the digital car key is a key in the form of a public key digital certificate. In this embodiment, the first device is denoted by user a, and the second device is denoted by user B. In the present embodiment, the capability description information is contained in the configuration file. The method may comprise the following steps:

Step 701, a user a initiates a car key sharing application to a permission server.

Exemplary parameters of the vehicle key sharing application include: the identity of user B (userB _id), the vehicle identity (car_id), and a profile, the role of which is full, indicating that the first device indicates that the second device is configured with full configuration, control, and driving capabilities.

And 702, checking the qualification of the user A by the permission server.

Illustratively, the entitlement server audits: user a has the qualification of sharing the full role of the digital car key.

Step 703, the authority server records the corresponding authority of the user B.

Illustratively, the entitlement server records the identity of user B (userB _ID), the vehicle identity (car_ID), and a profile, the role of which is full.

Step 704, the right server returns successful operation.

The successful operation is the application success message in the above embodiment, which is used to indicate that the vehicle key sharing application has been successfully received.

Step 705, user a initiates a public-private key request to user B.

Exemplary parameters of the public-private key request include: a vehicle identification (car_id) for requesting the user B to generate the public and private keys required for the digital car key.

Step 706, user B generates a public-private key.

Illustratively, the public key is denoted pubKey and the private key is denoted priKey.

Step 707, a vehicle key acquisition request is initiated to the entitlement server.

Exemplary, the vehicle key acquisition request is used for requesting to acquire a shared digital vehicle key, and parameters of the vehicle key acquisition request include: vehicle identification (car_id) and public key pubKey generated by user B.

Step 708, the rights server finds the corresponding configuration file according to the identity of user B (userB _id), the vehicle identity (car_id).

Step 709, the rights of rights server user B are configured to the vehicle.

Illustratively, the rights server configures the security services of the vehicle according to the configuration file full, and since full is all rights, the security services add user B as a configurable user and add access control items in the ACL that user B has all rights.

Step 710, the vehicle sends the configuration success to the authority server.

Step 711, the rights server generates the digital car key of user B.

Illustratively, the rights server generates a digital certificate as a shared digital car key according to the public key pubKey of the user B, wherein the certificate contains the identification (userB _ID) of the user B.

Step 712, the authority server sends the generated digital car key to the user B.

Step 713, user B uses the digital car key to perform two-way authentication with the car to establish a secure connection.

Step 714, user B sends a configuration request to the vehicle based on the established secure connection.

Step 715, checking the authority of the vehicle, and allowing the configuration request.

After the vehicle receives the configuration request, checking whether a target to be configured by the user B has a corresponding ACL, if so, judging whether the user B has a corresponding authority according to the identifier (userB _ID) of the user B, finding a matched access control item, and allowing the configuration request; if the user wants to configure the ACL, the security service judges that the user B is a configurable user, and the configuration request is allowed.

Step 716, after the vehicle executes the corresponding configuration operation, the operation success is returned to the user B.

The operational success is used to indicate that the vehicle has been successfully configured.

Referring to fig. 8, a flowchart of a method for sharing a digital car key according to an embodiment of the application is shown, and the method can be applied to the digital car key sharing system shown in fig. 2.

In this embodiment, the description form of the capability description information is identification information of a capability list item, and the digital car key sent by the authority server to the second device includes: a car configuration key (i.e., the second digital car key above) having configuration capabilities and a car access key (i.e., the third digital car key above) having capabilities other than configuration capabilities, the car configuration key and the car access key being keys in the form of symmetric keys. In this embodiment, the first device is denoted by user a, and the second device is denoted by user B. In the present embodiment, the capability description information is contained in the configuration file. The method may comprise the following steps:

step 801, a user a initiates a vehicle key sharing application to a permission server.

Exemplary parameters of the vehicle key sharing application include: the identity of user B (userB _id), the vehicle identity (car_id) and a profile, the capability table of which is id=0 &1&2, indicating that the first device indicates that the second device is configured with configuration capability, control capability and driving capability.

Step 802, the authority server examines the qualification of the user A.

Illustratively, the entitlement server audits: user a qualifies for a digital car key that shares capabilities in the profile.

Step 803, the authority server records the corresponding authority of the user B.

Illustratively, the entitlement server records the identity of user B (userB _id), the vehicle identity (car_id), and a profile, the capability table of which is id=0 &1&2.

Step 804, the right server returns successful operation.

Step 805, the entitlement server generates a user B's car access key and a car configuration key.

Illustratively, since the configuration file contains configuration capabilities (Config), the rights server generates a vehicle configuration key that can be used for configuration; since the profile also contains control capabilities (Access) and driving capabilities (drive), the entitlement server generates a vehicle Access key that can be used for control and driving.

Illustratively, the vehicle configuration key is formally distinguishable from the vehicle access key, e.g., the key contains a flag indicating the type of key.

Step 806, the rights server pushes the generated car access key and car configuration key to user B.

Exemplary parameters of the vehicle key include: user a's identity (userA _id), vehicle identity (car_id).

Step 807, the entitlement server pushes the generated vehicle access key and vehicle configuration key to the vehicle.

Illustratively, the vehicle stores the corresponding vehicle key according to the key type.

Step 808, the user B returns a key acquisition success message to the entitlement server.

The key acquisition success message is used to indicate successful receipt of the vehicle access key and the vehicle configuration key.

Step 809, the vehicle returns a configuration success message to the entitlement server.

The configuration success message is used to indicate a success in configuring the rights of the second device to the vehicle.

Step 810, user B requests to establish a configuration connection with the vehicle using the vehicle configuration key.

User B initiates configuration of the vehicle with the vehicle configuration key.

Step 811, the vehicle is authenticated by using the corresponding vehicle configuration key.

Illustratively, the vehicle finds the corresponding vehicle configuration key on the vehicle according to the identification (userB _id) of the user B or the number of the vehicle configuration key (the number of the key is generated by the authority server when the key is generated), and authenticates the request.

After the authentication is passed, the vehicle opens a configuration window according to the vehicle configuration key, allowing access to configuration related data of the vehicle.

Step 813, user B establishes a configuration connection with the vehicle.

Step 814, user B sends a configuration request to the vehicle based on the established configuration connection.

Step 815, after the vehicle executes the corresponding configuration operation, the operation success is returned to the user B.

It will be appreciated that the above method embodiments may be implemented alone or in combination, and the application is not limited in this regard.

In the above embodiments, the step performed by the authority server may be implemented solely as a method for sharing a digital car key on the authority server side, the step performed by the first device may be implemented solely as a method for sharing a digital car key on the first device side, the step performed by the second device may be implemented solely as a method for sharing a digital car key on the second device side, and the step performed by the vehicle may be implemented solely as a method for sharing a digital car key on the vehicle side.

The following are examples of the apparatus of the present application that may be used to perform the method embodiments of the present application. For details not disclosed in the embodiments of the apparatus of the present application, please refer to the embodiments of the method of the present application.

Referring to fig. 9, a block diagram of a sharing device for a digital car key according to an embodiment of the present application is shown, where the device has functions for implementing the above method examples, and the functions may be implemented by hardware or executed by hardware to implement corresponding software. The apparatus may be implemented as a rights server or as part of a rights server. The apparatus 900 may include:

The sharing application receiving module 901 is configured to receive a vehicle key sharing application message sent by a first device, where the vehicle key sharing application message carries capability description information for describing a capability, and the vehicle key sharing application message is configured to apply for configuring a right corresponding to the capability of a second device to the right server, where the capability includes configuration capability;

and a recording module 902, configured to record the capability description information corresponding to the second device.

Optionally, the apparatus further includes: a permission configuration sending module;

The permission configuration sending module is used for sending permission configuration information to a vehicle, and the permission configuration information is used for indicating permission corresponding to the capability of the second device to be configured to the vehicle.

Optionally, the apparatus further includes: a vehicle key acquisition request receiving module;

The vehicle key acquisition request module is used for receiving a vehicle key acquisition request message sent by the second device, wherein the vehicle key acquisition request message is used for requesting acquisition of a digital vehicle key;

The permission configuration sending module is used for sending the permission configuration message to the vehicle under the condition that the capability description information corresponding to the vehicle key acquisition request message is found.

Optionally, the apparatus further includes: a car key transmitting module;

The vehicle key sending module is used for sending a first digital vehicle key to the second equipment, wherein the first digital vehicle key carries the capability description information;

Or alternatively, the first and second heat exchangers may be,

The vehicle key sending module is used for sending a second digital vehicle key to the second device, wherein the second digital vehicle key carries information corresponding to the configuration capability in the capability description information.

Optionally, the apparatus further includes: a car key transmitting module;

the vehicle key sending module is used for sending a second digital vehicle key to the vehicle, wherein the second digital vehicle key carries information corresponding to the configuration capability in the capability description information.

Optionally, the vehicle key sending module is configured to send the second digital vehicle key to the second device.

Optionally, the values of the key zone bits of the second digital car key and the third digital car key are different, and the key zone bits are used for identifying the key type;

Or alternatively, the first and second heat exchangers may be,

The second digital car key is different from the third digital car key in encryption form;

Optionally, the control capability is a capability of controlling a facility of the vehicle;

the drivability is the ability to launch the vehicle into a driven state;

The vehicle delivery is the ability to perform a delivery procedure on the vehicle;

The proxy parking is the capability of parking the vehicle;

the vehicle service key is the ability to obtain the services provided to the vehicle.

Optionally, the configuration capability is a capability to grant the third party device access to virtual resources of the vehicle.

Optionally, the description form of the capability description information is identification information of a role list item, wherein the role list item is used for describing a role, and the capability of the role comprises the configuration capability;

Or alternatively, the first and second heat exchangers may be,

The description form of the capability description information is identification information of a capability list item, wherein the capability list item is used for describing a capability, and the capability comprises the configuration capability.

Referring to fig. 10, a block diagram of a sharing device for a digital car key according to an embodiment of the present application is shown, where the device has functions for implementing the above method examples, and the functions may be implemented by hardware or executed by hardware to implement corresponding software. The apparatus may be implemented as the first device or as part of the first device. The apparatus 1000 may include:

The sharing application sending module 1001 is configured to send a vehicle key sharing application message to an authority server, where the vehicle key sharing application message carries capability description information for describing a capability, and the vehicle key sharing application message is configured to apply for the authority server for configuring the authority corresponding to the capability of the second device, where the capability includes a configuration capability.

Or alternatively, the first and second heat exchangers may be,

Referring to fig. 11, a block diagram of a sharing device for a digital car key according to an embodiment of the present application is shown, where the device has functions for implementing the above method examples, and the functions may be implemented by hardware or executed by hardware to implement corresponding software. The apparatus may be implemented as the second device or as part of the second device. The apparatus 1100 may include:

The vehicle key receiving module 1101 is configured to receive a digital vehicle key sent by the authority server;

Optionally, the apparatus further includes: configuring a connection establishment module;

the configuration connection establishment module is used for establishing a configuration connection with the vehicle by using the second digital vehicle key, wherein the configuration connection is a connection allowing access to configuration related data of the vehicle.

Optionally, the configuration connection establishment module is configured to:

transmitting a connection establishment request message to the vehicle, the connection establishment request message being for requesting establishment of the configuration connection with the vehicle, the connection establishment request message being encrypted by the second device using the second digital vehicle key;

Establishing the configuration connection with the vehicle under the condition that the vehicle passes the authentication of the connection establishment request message;

The connection establishment request message carries the equipment identifier of the second equipment, or the key number of the second digital car key.

Or alternatively, the first and second heat exchangers may be,

the drivability is the ability to launch the vehicle into a driven state;

The proxy parking is the capability of parking the vehicle;

Or alternatively, the first and second heat exchangers may be,

Referring to fig. 12, a block diagram of a sharing device for a digital car key according to an embodiment of the present application is shown, where the device has functions for implementing the above method examples, and the functions may be implemented by hardware or executed by hardware to implement corresponding software. The device may be implemented as a vehicle or as part of a vehicle. The apparatus 1200 may include:

A rights configuration module 1201, configured to receive a rights configuration message sent by a rights server, where the rights configuration message is configured to indicate that rights corresponding to a capability of a second device are configured to the vehicle, where the capability is indicated by capability description information received by the rights server, where the capability description information is used to describe the capability, and where the capability includes a configuration capability; configuring rights corresponding to the capabilities of the second device to the vehicle;

Or alternatively, the first and second heat exchangers may be,

And a vehicle key receiving module 1202, configured to receive a second digital vehicle key sent by the authority server, where the second digital vehicle key carries information corresponding to the configuration capability in the capability description information.

Optionally, the permission configuration module 1201 is configured to:

And adding the second equipment into a first Access Control List (ACL) corresponding to the second equipment, wherein the second equipment has the authority of the access control item in the first ACL.

Optionally, the apparatus further includes: configuring a verification module; the configuration checking module is used for:

receiving a configuration request message sent by the second equipment;

allowing the configuration request message based on the access control item matched with the target item exists in the first ACL under the condition that the configuration request message is used for requesting to configure the target item;

Or alternatively, the first and second heat exchangers may be,

And allowing the configuration request message based on the second equipment for the configurable user under the condition that the configuration request message is used for requesting to configure a second ACL corresponding to third-party equipment.

The configuration connection establishment module is configured to establish a configuration connection with the second device using the second digital car key, the configuration connection being a connection allowing access to configuration related data of the vehicle.

Optionally, the configuration connection establishment module is configured to:

Receiving a connection establishment request message sent by the second device, wherein the connection establishment request message is used for requesting to establish the configuration connection with the vehicle, and the connection establishment request message is encrypted by the second device by using the second digital vehicle key at the second device side;

Using the local second digital car key as a secret key to decrypt and authenticate the connection establishment request message;

And establishing the configuration connection with the second device under the condition that the connection establishment request message passes authentication.

Optionally, the apparatus further includes: a vehicle key searching module;

The vehicle key searching module is used for searching the corresponding second digital vehicle key locally under the condition that the connection establishment request message carries the equipment identifier of the second equipment;

or the vehicle key searching module is used for searching the corresponding second digital vehicle key locally under the condition that the connection establishment request message carries the key number of the second digital vehicle key.

Or alternatively, the first and second heat exchangers may be,

the drivability is the ability to launch the vehicle into a driven state;

The proxy parking is the capability of parking the vehicle;

Or alternatively, the first and second heat exchangers may be,

It should be noted that, when the apparatus provided in the foregoing embodiment performs the functions thereof, only the division of the foregoing functional modules is used as an example, in practical application, the foregoing functional allocation may be performed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules, so as to perform all or part of the functions described above. In addition, the apparatus and the method embodiments provided in the foregoing embodiments belong to the same concept, and specific implementation processes of the apparatus and the method embodiments are detailed in the method embodiments and are not repeated herein.

Fig. 13 shows a schematic structural diagram of a device (rights server or first device or second device or vehicle) according to an exemplary embodiment of the present application, the device 1300 includes: a processor 1301, a transceiver 1302, and a memory 1303.

Processor 1301 includes one or more processing cores, and processor 1301 executes various functional applications by running software programs and modules.

The transceiver 1302 may be used to receive and transmit information, and the transceiver 1302 may be a communication chip.

The memory 1303 may be used to store a computer program, and the processor 1301 is configured to execute the computer program to implement the steps performed by the apparatus in the above-described method embodiment.

Further, memory 1303 may be implemented by any type or combination of volatile or nonvolatile storage devices including, but not limited to: random-Access Memory (RAM) and Read-Only Memory (ROM), erasable programmable Read-Only Memory (EPROM), electrically erasable programmable Read-Only Memory (ELECTRICALLY ERASABLE PROGRAMMABLE READ-Only Memory, EEPROM), flash Memory or other solid state Memory technology, compact disc Read-Only (Compact Disc Read-Only Memory, CD-ROM), high density digital video disc (Digital Video Disc, DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices.

When the device is implemented as a rights server, the processor 1301, the transceiver 1302, and the memory 1303 in the embodiments of the present application may execute steps executed by the rights server in any of the methods shown in fig. 3 to 8, which are not described herein.

In one possible implementation, when the device is implemented as a rights server,

The transceiver 1302 is configured to receive a car key sharing application message sent by a first device, where the car key sharing application message carries capability description information for describing a capability, and the car key sharing application message is configured to apply to the authority server for configuring an authority corresponding to the capability of a second device, where the capability includes a configuration capability;

the memory 1303 is configured to record that the second device corresponds to the capability description information.

When the device is implemented as the first device, the processor 1301, the transceiver 1302, and the memory 1303 in the embodiments of the present application may execute the steps executed by the first device in any of the methods shown in fig. 3 to 8, which are not described herein.

In one possible implementation, when the device is implemented as a first device,

The transceiver 1302 is configured to send a car key sharing application message to an authority server, where the car key sharing application message carries capability description information for describing a capability, and the car key sharing application message is configured to apply for the authority server for configuring the authority corresponding to the capability of the second device, where the capability includes a configuration capability.

When the device is implemented as the second device, the processor 1301, the transceiver 1302, and the memory 1303 in the embodiments of the present application may execute the steps executed by the second device in any of the methods shown in fig. 3 to 8, which are not described herein.

In one possible implementation, when the device is implemented as a second device,

The transceiver 1302 is configured to receive a digital car key sent by the authority server;

When the device is implemented as a vehicle, the processor 1301, the transceiver 1302, and the memory 1303 in the embodiments of the present application may execute steps executed by the vehicle in any of the methods shown in fig. 3 to 8, which are not described herein.

In one possible implementation, when the device is implemented as a vehicle,

The transceiver 1302 is configured to receive a rights configuration message sent by a rights server, where the rights configuration message is configured to indicate that a right corresponding to a capability of a second device is configured to the vehicle, where the capability is indicated by capability description information received by the rights server, where the capability description information is used to describe the capability, and where the capability includes a configuration capability; configuring rights corresponding to the capabilities of the second device to the vehicle;

Or alternatively, the first and second heat exchangers may be,

The transceiver 1302 is configured to receive a second digital car key sent by the permission server, where the second digital car key carries information corresponding to the configuration capability in the capability description information.

In an exemplary embodiment, there is also provided a computer readable storage medium having stored therein a computer program loaded and executed by a processor of a computer device to implement the digital car key sharing method of the above aspect.

In an exemplary embodiment, a chip is provided, where the chip includes programmable logic circuits and/or program instructions, and when the chip is run on a device, the chip is configured to implement the sharing method of the digital car key according to the above aspect.

In an exemplary embodiment, there is also provided a computer program product, which when run on a processor of a computer device, causes the computer device to perform the method of sharing a digital car key as described in the above aspect.

It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program for instructing relevant hardware, where the program may be stored in a computer readable storage medium, and the storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.

The foregoing description of the exemplary embodiments of the application is not intended to limit the application to the particular embodiments disclosed, but on the contrary, the intention is to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the application.

Claims

A method for sharing a digital car key, the method being performed by a rights server, the method comprising:

Receiving a vehicle key sharing application message sent by a first device, wherein the vehicle key sharing application message carries capability description information for describing a capability, and the vehicle key sharing application message is used for applying to the authority server for configuring the authority corresponding to the capability of a second device, and the capability comprises configuration capability;

And recording the capability description information corresponding to the second equipment.
The method according to claim 1, wherein the method further comprises:

And sending a permission configuration message to a vehicle, wherein the permission configuration message is used for indicating that the permission corresponding to the capability of the second device is configured to the vehicle.
The method according to claim 2, wherein the method further comprises:

Receiving a vehicle key acquisition request message sent by the second equipment, wherein the vehicle key acquisition request message is used for requesting acquisition of a digital vehicle key;

the sending the permission configuration message to the vehicle includes:

And sending the permission configuration message to the vehicle under the condition that the capability description information corresponding to the vehicle key acquisition request message is found.
The method according to claim 2, wherein the method further comprises:

Sending a first digital car key to the second equipment, wherein the first digital car key carries the capability description information;

Or alternatively, the first and second heat exchangers may be,

And sending a second digital car key to the second equipment, wherein the second digital car key carries information corresponding to the configuration capability in the capability description information.
The method according to claim 1, wherein the method further comprises:

and sending a second digital car key to the vehicle, wherein the second digital car key carries information corresponding to the configuration capability in the capability description information.
The method of claim 5, wherein the method further comprises:

And sending the second digital car key to the second equipment.
A method according to any one of claims 4 to 6, wherein,

The values of the key zone bits of the second digital car key and the third digital car key are different, and the key zone bits are used for marking the key type;

Or alternatively, the first and second heat exchangers may be,

The second digital car key is different from the third digital car key in encryption form;

The third digital car key carries information corresponding to other capabilities except the configuration capability in the capability description information, and the other capabilities comprise at least one of the following: control capability, driving capability, vehicle delivery, customer parking, and vehicle service keys.
The method of claim 7, wherein the step of determining the position of the probe is performed,

The control capability is a capability of controlling facilities of the vehicle;

the drivability is the ability to launch the vehicle into a driven state;

The vehicle delivery is the ability to perform a delivery procedure on the vehicle;

The proxy parking is the capability of parking the vehicle;

the vehicle service key is the ability to obtain the services provided to the vehicle.
The method according to any one of claims 1 to 6, wherein,

The configuration capability is a capability to give the third party device access to virtual resources of the vehicle.
The method according to any one of claims 1 to 6, wherein,

The description form of the capability description information is identification information of a role list item, the role list item is used for describing a role, and the capability of the role comprises the configuration capability;

Or alternatively, the first and second heat exchangers may be,

The description form of the capability description information is identification information of a capability list item, wherein the capability list item is used for describing a capability, and the capability comprises the configuration capability.
A method of sharing a digital car key, the method being performed by a first device, the method comprising:

The method comprises the steps that a vehicle key sharing application message is sent to an authority server, capability description information for describing the capability is carried in the vehicle key sharing application message, the vehicle key sharing application message is used for applying for the authority server for configuring the authority corresponding to the capability of the second device, and the capability comprises configuration capability.
The method of claim 11, wherein the step of determining the position of the probe is performed,

The configuration capability is a capability to give the third party device access to virtual resources of the vehicle.
The method according to claim 11 or 12, wherein,

The description form of the capability description information is identification information of a role list item, the role list item is used for describing a role, and the capability of the role comprises the configuration capability;

Or alternatively, the first and second heat exchangers may be,

The description form of the capability description information is identification information of a capability list item, wherein the capability list item is used for describing a capability, and the capability comprises the configuration capability.
A method of sharing a digital car key, the method being performed by a second device, the method comprising:

receiving a digital car key sent by an authority server;

Wherein, the digit car key includes: a first digital car key carrying capability description information for describing a capability, the capability including configuration capability; or, the digital car key includes: and the second digital car key carries information corresponding to the configuration capability in the capability description information.
The method of claim 14, wherein the method further comprises:

Using the second digital vehicle key, a configuration connection is established with the vehicle, the configuration connection being a connection allowing access to configuration related data of the vehicle.
The method of claim 15, wherein said establishing a configuration connection with a vehicle using said second digital vehicle key comprises:

transmitting a connection establishment request message to the vehicle, the connection establishment request message being for requesting establishment of the configuration connection with the vehicle, the connection establishment request message being encrypted by the second device using the second digital vehicle key;

Establishing the configuration connection with the vehicle under the condition that the vehicle passes the authentication of the connection establishment request message;

The connection establishment request message carries the equipment identifier of the second equipment, or the key number of the second digital car key.
The method according to any one of claims 14 to 16, wherein,

The values of the key zone bits of the second digital car key and the third digital car key are different, and the key zone bits are used for marking the key type;

Or alternatively, the first and second heat exchangers may be,

The second digital car key is different from the third digital car key in encryption form;

The third digital car key carries information corresponding to other capabilities except the configuration capability in the capability description information, and the other capabilities comprise at least one of the following: control capability, driving capability, vehicle delivery, customer parking, and vehicle service keys.
The method of claim 17, wherein the step of determining the position of the probe is performed,

The control capability is a capability of controlling facilities of the vehicle;

the drivability is the ability to launch the vehicle into a driven state;

The vehicle delivery is the ability to perform a delivery procedure on the vehicle;

The proxy parking is the capability of parking the vehicle;

the vehicle service key is the ability to obtain the services provided to the vehicle.
The method according to any one of claims 14 to 16, wherein,

The configuration capability is a capability to give the third party device access to virtual resources of the vehicle.
The method according to any one of claims 14 to 16, wherein,

The description form of the capability description information is identification information of a role list item, the role list item is used for describing a role, and the capability of the role comprises the configuration capability;

Or alternatively, the first and second heat exchangers may be,

The description form of the capability description information is identification information of a capability list item, wherein the capability list item is used for describing a capability, and the capability comprises the configuration capability.
A method of sharing a digital car key, the method being performed by a vehicle, the method comprising:

Receiving a right configuration message sent by a right server, wherein the right configuration message is used for indicating that a right corresponding to the capability of the second device is configured to the vehicle, the capability is indicated by capability description information received by the right server, the capability description information is used for describing the capability, and the capability comprises configuration capability; configuring rights corresponding to the capabilities of the second device to the vehicle;

Or alternatively, the first and second heat exchangers may be,

And receiving a second digital car key sent by the permission server, wherein the second digital car key carries information corresponding to the configuration capability in the capability description information.
The method of claim 21, wherein configuring the rights corresponding to the capabilities of the second device to the vehicle comprises:

And adding the second equipment into a first Access Control List (ACL) corresponding to the second equipment, wherein the second equipment has the authority of the access control item in the first ACL.
The method of claim 22, wherein the method further comprises:

receiving a configuration request message sent by the second equipment;

allowing the configuration request message based on the access control item matched with the target item exists in the first ACL under the condition that the configuration request message is used for requesting to configure the target item;

Or alternatively, the first and second heat exchangers may be,

And allowing the configuration request message based on the second equipment for the configurable user under the condition that the configuration request message is used for requesting to configure a second ACL corresponding to third-party equipment.
The method of claim 21, wherein in the event of receiving a second digital car key sent by the entitlement server, the method further comprises:

Using the second digital car key, a configuration connection is established with the second device, the configuration connection being a connection allowing access to configuration related data of the vehicle.
The method of claim 24, wherein the establishing a configuration connection with the second device using the second digital car key comprises:

Receiving a connection establishment request message sent by the second device, wherein the connection establishment request message is used for requesting to establish the configuration connection with the vehicle, and the connection establishment request message is encrypted by the second device by using the second digital vehicle key at the second device side;

Using the local second digital car key as a secret key to decrypt and authenticate the connection establishment request message;

And establishing the configuration connection with the second device under the condition that the connection establishment request message passes authentication.
The method of claim 25, wherein the method further comprises:

If the connection establishment request message carries the equipment identifier of the second equipment, locally searching the corresponding second digital car key;

Or, if the connection establishment request message carries the key number of the second digital car key, searching the corresponding second digital car key locally.
The method according to any one of claims 21 to 26, wherein,

The values of the key zone bits of the second digital car key and the third digital car key are different, and the key zone bits are used for marking the key type;

Or alternatively, the first and second heat exchangers may be,

The second digital car key is different from the third digital car key in encryption form;

The third digital car key carries information corresponding to other capabilities except the configuration capability in the capability description information, and the other capabilities comprise at least one of the following: control capability, driving capability, vehicle delivery, customer parking, and vehicle service keys.
The method of claim 27, wherein the step of determining the position of the probe is performed,

The control capability is a capability of controlling facilities of the vehicle;

the drivability is the ability to launch the vehicle into a driven state;

The vehicle delivery is the ability to perform a delivery procedure on the vehicle;

The proxy parking is the capability of parking the vehicle;

the vehicle service key is the ability to obtain the services provided to the vehicle.
The method according to any one of claims 21 to 26, wherein,

The configuration capability is a capability to give the third party device access to virtual resources of the vehicle.
The method according to any one of claims 21 to 26, wherein,

The description form of the capability description information is identification information of a role list item, the role list item is used for describing a role, and the capability of the role comprises the configuration capability;

Or alternatively, the first and second heat exchangers may be,

The description form of the capability description information is identification information of a capability list item, wherein the capability list item is used for describing a capability, and the capability comprises the configuration capability.
A digital car key sharing device, the device comprising:

The vehicle key sharing application message is used for applying to the authority server for configuration of the authority corresponding to the capability of the second device, and the capability comprises configuration capability;

And the recording module is used for recording the capability description information corresponding to the second equipment.
A digital car key sharing device, the device comprising:

the vehicle key sharing application message is used for applying for the configuration of the authority corresponding to the capability of the second device to the authority server, and the capability comprises configuration capability.
A digital car key sharing device, the device comprising:

the vehicle key receiving module is used for receiving the digital vehicle key sent by the authority server;

Wherein, the digit car key includes: a first digital car key carrying capability description information for describing a capability, the capability including configuration capability; or, the digital car key includes: and the second digital car key carries information corresponding to the configuration capability in the capability description information.
A digital car key sharing device, the device comprising:

the authority configuration module is used for receiving an authority configuration message sent by the authority server, wherein the authority configuration message is used for indicating that the authority corresponding to the capability of the second device is configured to the vehicle, the capability is indicated by capability description information received by the authority server, the capability description information is used for describing the capability, and the capability comprises configuration capability; configuring rights corresponding to the capabilities of the second device to the vehicle;

Or alternatively, the first and second heat exchangers may be,

And the vehicle key receiving module is used for receiving a second digital vehicle key sent by the permission server, wherein the second digital vehicle key carries information corresponding to the configuration capability in the capability description information.
A rights server, the rights server comprising: a transceiver and a memory;

The transceiver is configured to receive a vehicle key sharing application message sent by a first device, where the vehicle key sharing application message carries capability description information for describing a capability, and the vehicle key sharing application message is configured to apply for configuring a right corresponding to the capability of a second device to the right server, where the capability includes configuration capability;

The memory is used for recording the capability description information corresponding to the second equipment.
A first device, the first device comprising: a transceiver;

the transceiver is configured to send a vehicle key sharing application message to the authority server, where the vehicle key sharing application message carries capability description information for describing a capability, and the vehicle key sharing application message is configured to apply for the authority server for configuring the authority corresponding to the capability of the second device, where the capability includes configuration capability.
A second device, the second device comprising: a transceiver;

the transceiver is used for receiving the digital car key sent by the authority server;

Wherein, the digit car key includes: a first digital car key carrying capability description information for describing a capability, the capability including configuration capability; or, the digital car key includes: and the second digital car key carries information corresponding to the configuration capability in the capability description information.
A vehicle, characterized in that the vehicle comprises: a transceiver;

the transceiver is configured to receive a permission configuration message sent by a permission server, where the permission configuration message is configured to indicate that a permission corresponding to a capability of a second device is configured to the vehicle, the capability is indicated by capability description information received by the permission server, and the capability description information is used to describe the capability, where the capability includes a configuration capability; configuring rights corresponding to the capabilities of the second device to the vehicle;

Or alternatively, the first and second heat exchangers may be,

The transceiver is configured to receive a second digital car key sent by the permission server, where the second digital car key carries information corresponding to the configuration capability in the capability description information.
A computer readable storage medium having a computer program stored therein, the computer program being loaded and executed by a processor to implement the method of sharing a digital car key as claimed in any one of claims 1 to 30.
A chip comprising programmable logic and/or program instructions for implementing a method of sharing a digital car key according to any one of claims 1 to 30 when the chip is in operation.
A computer program product or computer program comprising computer instructions stored in a computer readable storage medium, from which a processor reads and executes the computer instructions to implement the method of sharing a digital car key according to any one of claims 1 to 30.