WO2019128354A1 - Safety authentication apparatus and method for vehicle anti-theft, device and computer program - Google Patents

Safety authentication apparatus and method for vehicle anti-theft, device and computer program Download PDF

Info

Publication number
WO2019128354A1
WO2019128354A1 PCT/CN2018/108336 CN2018108336W WO2019128354A1 WO 2019128354 A1 WO2019128354 A1 WO 2019128354A1 CN 2018108336 W CN2018108336 W CN 2018108336W WO 2019128354 A1 WO2019128354 A1 WO 2019128354A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
module unit
key
vehicle
user
Prior art date
Application number
PCT/CN2018/108336
Other languages
French (fr)
Chinese (zh)
Inventor
魏建平
许鹏飞
Original Assignee
威马智慧出行科技(上海)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 威马智慧出行科技(上海)有限公司 filed Critical 威马智慧出行科技(上海)有限公司
Publication of WO2019128354A1 publication Critical patent/WO2019128354A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/021Services related to particular areas, e.g. point of interest [POI] services, venue services or geofences
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L12/40052High-speed IEEE 1394 serial bus
    • H04L12/40104Security; Encryption; Content protection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40208Bus networks characterized by the use of a particular bus standard
    • H04L2012/40215Controller Area Network CAN

Definitions

  • the invention relates to the field of vehicle anti-theft, in particular to a safety authentication device, method, device and computer program for vehicle anti-theft.
  • the object of the present invention is to achieve a method of starting a vehicle without relying on a physical key and simultaneously performing safety authentication, thereby preventing theft of the vehicle.
  • the owner can authorize multiple mobile phones to be the Bluetooth key of the vehicle for a certain period of time or for a long time; carrying the authorized mobile phone, the user can use the vehicle's anti-theft authentication system to verify the normal use of the vehicle.
  • a secure authentication method for ensuring a legitimate use right of a user for a vehicle includes:
  • the authentication process including performing Bluetooth-based authentication with respect to a client of the user;
  • the authentication state is updated based on the authentication result and the authentication process of the next cycle is performed after the predetermined time interval, where the authentication state includes an authentication pass state or an authentication fail state, where The authentication pass status is used as the basis for the legitimate use of the vehicle by the user.
  • the performing Bluetooth-based authentication includes:
  • the connection is maintained, the user identity information from the client is received, and based on the user identity information stored in the locality and the received user identity information, whether the user of the client is an authenticated user is determined. If the two are inconsistent, the authentication fails.
  • the performing Bluetooth-based authentication further includes:
  • the local user identity information is consistent with the received user identity information, determining a distance between the client and the vehicle based on the Bluetooth signal strength of the client;
  • the authentication fails.
  • the predetermined distance threshold is 3-5 meters.
  • the updating the authentication status based on the authentication result includes:
  • the authentication status is set to an authentication fail status.
  • the authentication process further includes:
  • the updating the authentication status based on the authentication result includes:
  • the authentication state is set to an authentication pass state.
  • the updating the authentication status based on the authentication result further includes:
  • An expiration date is set for the authentication pass state, the length of the validity period being greater than the predetermined time interval, wherein the authentication pass status within the validity period is used for the basis of the user's legitimate use of the vehicle.
  • the key-based authentication includes:
  • the random number obtained by the decryption is compared with the random number originally transmitted to the vehicle control and communication module unit. If the two are identical, the key-based authentication is successful, otherwise it fails.
  • the work key is generated by the vehicle control and communication module unit in response to the key request based on the serial number of the vehicle body control module unit, and the generated work key is transmitted to the vehicle body control module unit Used as a local work key for the body control module unit,
  • the work key in response to receiving the random number, is generated based on the serial number of the body control module unit for encryption of the random number.
  • the cyclically performing the authentication process begins in response to the controller local area network of the vehicle control and communication module unit being awakened, and terminated in response to controller local area network sleep of the vehicle control and communication module.
  • the authentication process of the next cycle is directly triggered in response to detecting that the door is opened, the brake plate is depressed, or the key is inserted after the start button is pressed.
  • a security authentication apparatus for ensuring a legitimate use right of a user for a vehicle, the secure authentication apparatus comprising:
  • vehicle control and communication module unit cyclically performing an authentication process, the authentication process including the vehicle control and communication module unit performing Bluetooth-based authentication with respect to a client of the user;
  • the vehicle body control module unit each time the authentication process is performed, the vehicle body control module unit updates an authentication state based on an authentication result, and after a predetermined time interval, the vehicle control and communication module unit performs an authentication process of a next cycle
  • the authentication status includes an authentication pass status or an authentication fail status, wherein the authentication pass status is used by the body control module unit as a basis for the user's legitimate use of the vehicle.
  • vehicle control and communication module unit includes a Bluetooth module and a determination module.
  • the Bluetooth module detects whether a Bluetooth connection between the vehicle control and communication module and the client is connected;
  • the Bluetooth module receives the user identity information from the client, and the determining module determines, according to the user identity information stored locally and the received user identity information, whether the user of the client is an authenticated user, if If the two are inconsistent, the authentication fails.
  • vehicle control and communication module unit further includes a distance calculation module
  • the distance calculation module is configured to determine, according to the Bluetooth signal strength of the client, the client and the vehicle, if the user identity information stored locally is consistent with the received user identity information distance,
  • the determining module determines whether the distance is greater than a predetermined distance threshold, and if so, the authentication fails.
  • the predetermined distance threshold is 3-5 meters.
  • the body control module unit sets the authentication state to an authentication failure state.
  • the authentication process further includes:
  • the vehicle control and communication module unit and the vehicle body control module unit perform key-based authentication.
  • the body control module unit sets the authentication state to an authentication pass state.
  • the body control module unit further sets an expiration date for the authentication pass state, the length of the validity period being greater than the predetermined time interval, wherein the validity period is The authentication pass status is used as the basis for the user's legitimate use of the vehicle.
  • the vehicle body control module unit includes a random number generation module, a decryption module, and a determination module, and the vehicle control and communication module unit includes an encryption module.
  • the random number generating module generates a random number and transmits it to the vehicle control and communication module unit, and the encryption module of the vehicle control and communication module unit uses a work key pair.
  • the comparison module compares the random number obtained by the decryption with the random number originally transmitted to the vehicle control and communication module unit, and if the two match, the key-based authentication succeeds, otherwise it fails.
  • vehicle control and communication module unit further includes a key generation module
  • the body control module unit transmits a key request to the vehicle control and communication module unit, the key request including a serial number of the body control module unit, and the key generation module is responsive to the key request, Generating the work key based on a serial number of the body control module unit, and transmitting the generated work key to a local work key saved by the body control module unit for the body control module unit,
  • the key generation module In the key-based authentication process, the key generation module generates the work key for the randomization based on the serial number of the body control module unit in response to receiving the random number. The encryption of the number.
  • the cyclically performing the authentication process begins in response to the controller local area network of the vehicle control and communication module unit being awakened, and terminated in response to controller local area network sleep of the vehicle control and communication module.
  • the authentication process of the next cycle is directly triggered in response to detecting that the door is opened, the brake plate is depressed, or the key is inserted after the start button is pressed.
  • a secure authentication electronic device comprising:
  • At least one processor and,
  • the memory stores instructions executable by the one processor, the instructions being executed by the at least one processor to enable the at least one processor to perform all of the steps of the secure authentication method as previously described.
  • a computer program comprising computer code adapted to perform all the steps of the secure authentication method as described above when run on a computer.
  • the computer program is embodied on a computer readable medium.
  • FIG. 1 shows a block diagram of a remote authorization system in accordance with an aspect of the present invention
  • FIG. 2 shows a flow chart of a remote authorization method in accordance with an aspect of the present invention
  • Figure 3 shows a flow chart of a remote authorization method in accordance with a first embodiment of the present invention
  • FIG. 4 shows a flow chart of a remote authorization method in accordance with a second embodiment of the present invention
  • FIG. 5 illustrates a functional block diagram of a TSP in accordance with an aspect of the present invention
  • FIG. 6 shows a flow chart of a secure authentication method in accordance with an embodiment of the present invention
  • FIG. 7 is a block diagram showing a secure authentication apparatus according to an embodiment of the present invention.
  • FIG. 8 illustrates a data flow diagram of secure authentication in accordance with an embodiment of the present invention
  • FIG. 9 is a block diagram showing the hardware structure of a secure authentication electronic device in accordance with an aspect of the present invention.
  • the present invention provides a mode for utilizing the related APP on the electronic device that is carried, and the APP logs in the User ID, and the plurality of User IDs can be authorized by the owner ID, so that the user does not carry the car key.
  • the vehicle can be turned on by using the electronic device that is carried around and the vehicle is safely verified based on the user information of the APP or the like.
  • T-Box The Telematics BOX (T-Box) is a very important component in today's connected car-mounted systems. Its main function is to interconnect the car and the Telematics Service Provider (TSP).
  • TSP Telematics Service Provider
  • TSP deploys a smart T service strategy, interacts with the remote vehicle T-Box, and cooperates with the vehicle BCM/ECU (body control module) to complete the request of the user T service.
  • the usual usage scenario is that a legitimate user with a vehicle can use the registered mobile APP to connect with the TSP, and the TSP can send a start command to the T-Box according to the registered mobile APP user.
  • remote authorization system 100 can include client 110n, TSP 120, and T-Box 130m.
  • the client 110n may be a mobile terminal having a near field wireless communication function, and the near field wireless communication function herein may include a contactless transmission technology such as Bluetooth, NFC (Near Field Communication), infrared communication, or the like.
  • the client 110 can be a smart terminal such as a smart phone, a palmtop computer, or an ipad.
  • Both client 110 and T-Box 130 can communicate with TSP 120 over a wireless network.
  • Wireless networks may be such as CDMA, TDMA, FDMA, OFDMA, SC-FDMA, and other networks.
  • a CDMA network can implement radio technologies such as Universal Terrestrial Radio Access (UTRA), cdma2000, and the like.
  • UTRA includes Wideband CDMA (W-CDMA) and other CDMA variants.
  • W-CDMA Wideband CDMA
  • cdma2000 covers the IS-2000, 5IS-95, and IS-856 standards.
  • a TDMA system can implement a radio technology such as the Global System for Mobile Communications (GSM).
  • GSM Global System for Mobile Communications
  • An OFDMA system can implement such as Evolved UTRA (E-UTRA), Ultra Mobile Broadband (UMB), IEEE 802.11 (Wi-Fi), IEEE 802.16 (WiMAX), IEEE 802.20, Radio technology such as the same.
  • E-UTRA and E-UTRA are part of the Universal Mobile Telecommunications System (UMTS).
  • 3GPP Long Term Evolution (LTE) is a release of UMTS that uses E-UTRA, which employs OFDMA on the downlink and SC-FDMA on the uplink.
  • UTRA, E-UTRA, UMTS, LTE and GSM are described in documents from an organization named "3rd Generation Partnership Project (3GPP)".
  • cdma2000 and UMB are described in documents from an organization named "3rd Generation Partnership Project 2" (3GPP2).
  • the remote authorization method 200 can include the following steps.
  • Step 201 Receive an authorization request from the client 110n, the authorization request including the requester identity information.
  • the user of the client 110 can log in to the APP on the client 110n and then send an authorization request to the TSP 120.
  • the authorization request may be a usage right authorization request for the vehicle.
  • the requester identity information herein may be information that characterizes the identity of the requester, such as a mobile phone number.
  • Step 202 Perform authorization authentication on the authorization request based on the requester identity information.
  • Authorization certification is based on the identity of the requester.
  • the specific authorization authentication implementation method is as follows.
  • Step 203 In response to the authentication being successful, the authorization information about the requester is sent to the T-Box 130m storage of the target authorized vehicle, and the T-Box information of the target authorized vehicle is transmitted to the client 110 for storage.
  • the Authorization information may be generated by the TSP 120.
  • the authorization information may include the subscriber's subscriber identification information, which is used to uniquely identify the requestor, such as the User ID uniquely assigned by the TSP 120 when the subscriber was registered.
  • the authorization information may also include one or more of an authorization category, an authorization validity period, and a license key.
  • Authorization categories may include owner users, home users, and general users.
  • the corresponding license validity period of the owner user can be permanent.
  • the corresponding authorization validity period of the home user may also be permanent or a subscription time period.
  • the authorization information may also include information such as a user nickname, a login password, and the like.
  • the login password can be encrypted and stored using encryption methods such as MD5.
  • the T-Box 130m of the target authorized vehicle may store the above authorization information for the user to provide an authorization basis for the subsequent use of the client 110n near field control vehicle.
  • the client 110n may store T-Box information of the target authorized vehicle.
  • the T-Box information may include one or more of a vehicle's vehicle VIN number, an authorization expiration date, and a vehicle control key.
  • FIG. 3 shows a flow chart of a remote authorization method 300 in accordance with a first embodiment of the present invention.
  • the remote authorization method 300 can be performed by the TSP 120 of FIG. As shown in FIG. 3, the remote authorization method 300 can include the following steps.
  • Step 301 Receive an authorization request from the vehicle owner's client 110-N1, the authorization request including the requester identity information.
  • the user of the client 110-N1 is the owner of the vehicle, and the requester at this time is the owner of the vehicle, and the identity information of the requester is the identity information of the owner.
  • the owner first needs to turn on the function of the wireless near field control vehicle and obtain the certification authorization. Therefore, the owner of the vehicle successfully logs in to the APP installed on the client 110-N1 by using the account and password obtained in advance, and then sends an authorization request to the TSP 120 to enable the wireless near field control function and obtain authorization at the same time.
  • a new owner's account can be created with the dealer management system (DMS) to the TSP 120, which is bound with the vehicle's VIN number and associated owner identity information, the owner identity
  • the information is unique code information that can distinguish the identity of the owner, such as a mobile phone number, an ID card, a passport or a driver's license, or the like, or unique user identification information such as a User ID.
  • the password for the owner of the vehicle to log in can be randomly generated by the TSP 120. Of course, the user can modify the password later.
  • Wireless near field control options wireless here includes Bluetooth, NFC, infrared and other contactless transmission technologies.
  • the TSP 120 may detect that the authorization request includes turning on the wireless near field control instruction, thereby responding to the instruction, identifying the received authorization request as a vehicle owner authorization request, and performing authorization authentication to enable the Wireless near field control function.
  • Step 302 retrieve the presence or absence of the owner identity information in the local database that matches the identity information of the requester. If yes, the authorization is successful, otherwise the authorization authentication fails.
  • the TSP 120 locally stores a vehicle owner identity information database in which the vehicle owner identity information and the vehicle VIN bound thereto are stored in association. Therefore, the TSP 120 only needs to retrieve whether the identity information of the owner identity information database matches the identity information of the requester.
  • Step 303 In response to the authentication being successful, the authorization information about the owner is transmitted to the T-Box 130m storage of the target authorized vehicle, and the T-Box information of the target authorized vehicle is transmitted to the client 110-N1 for storage.
  • the authorization information herein includes one or more of the requester's user identification information, authorization category, authorization validity period, and car control key.
  • the user identification information may include unique code information such as a User ID, a mobile phone number, an ID card, a passport, or a driver's license.
  • the authorization category is the owner of the vehicle, and the authorization period is permanent.
  • the authorization information may also include information such as a user nickname, a login password, and the like.
  • the login password can be encrypted and stored using encryption methods such as MD5.
  • the T-Box 130m of the target authorized vehicle may store the above authorization information for the user to provide an authorization basis for subsequent use of the client 110-N1 near field control vehicle.
  • the client 110-N1 may store T-Box information of the target authorized vehicle.
  • the T-Box information may include one or more of a vehicle's vehicle VIN number, an authorization expiration date, and a vehicle control key.
  • FIG. 4 shows a flow chart of a remote authorization method 400 in accordance with a second embodiment of the present invention.
  • the remote authorization method 400 can be performed by the TSP 120 of FIG. As shown in FIG. 4, the remote authorization method 400 can include the following steps.
  • Step 401 Receive an authorization request from the borrower's client 110-N2, the authorization request including the requester identity information.
  • the authorization request is a borrowing authorization request.
  • the requester is a borrower
  • the identity information of the requester is the identity information of the borrower.
  • the borrowing authorization request includes the identity information of the owner, that is, the identity information of the owner of the vehicle that the requester wishes to borrow.
  • the borrowing authorization request may further include information such as the driver's driving license.
  • the borrower also needs to create an account, and then log in to the APP, and then choose to apply for authorization, such as filling in the owner's identity information such as the owner's mobile phone number, ID card, passport, driver's license or User ID, etc., click on the application.
  • the client 110-N2 APP submits the application to the TSP 120.
  • Step 402 Forward the authorization request to the client 110-N1 of the designated owner according to the owner identity information.
  • the TSP 120 may forward the application to the owner APP according to the identity information of the owner such as the mobile phone number.
  • the owner can view the application notice in the APP.
  • the owner can specify the vehicle, the authorization category (home user or general user), and the authorization duration (if it is a home user, the authorization duration can be forever).
  • the owner can click to agree or reject, and the APP synchronizes the application results to TSP 120.
  • Step 403 Receive an authorization response from the client 110-N1 of the designated owner. If the authorization response is an consent authorization command, the authorization authentication succeeds, otherwise the authorization authentication fails.
  • the TSP 120 feeds back the authorization response to the applicant's client 110-N2 based on the applicant information, such as the mobile number.
  • Step 404 In response to the authentication being successful, the authorization information about the borrower is sent to the T-Box 130m storage of the target authorized vehicle, and the T-Box information of the target authorized vehicle is transmitted to the borrower's client 110-N2 for storage. .
  • the authorization information herein includes one or more of the requester's user identification information, authorization category, authorization validity period, and car control key.
  • the user identification information may include a User ID, a mobile phone number, and the like.
  • the authorization category is a home user or a general user. For home users, the authorization period can be permanent.
  • the authorization information may also include information such as a user nickname, a login password, and the like.
  • the login password can be encrypted and stored using encryption methods such as MD5.
  • the T-Box 130m of the target authorized vehicle may store the above authorization information for the user to provide an authorization basis for subsequent use of the client 110-N2 near field control vehicle.
  • the borrower's client 110-N2 can store the T-Box information of the target authorized vehicle.
  • the T-Box information may include one or more of a vehicle's vehicle VIN number, an authorization expiration date, and a vehicle control key.
  • the corresponding client 110-N2 and the T-Box 130m for the authorized vehicle may respectively delete the locally stored authorization information and T-Box after the authorization expiration period expires. Information to prevent users from expiring use and stealth leaks.
  • FIG. 5 shows a functional block diagram of a TSP 500 in accordance with an aspect of the present invention.
  • the TSP 500 may include a transceiver unit 501 and a control unit 502.
  • the transceiver unit 501 can be configured to receive an authorization request from a client, the authorization request including requester identity information.
  • the requester at this time is the owner of the vehicle, and the identity information of the requester is the identity information of the owner.
  • the control unit 502 may be configured to perform authorization authentication on the authorization request based on the requester identity information, and in response to the authentication being successful, the control unit 02 may control the transceiving unit 501 to transmit the authorization information about the requester to the T-Box storage of the target authorized vehicle, And transmitting the T-Box information of the target authorized vehicle to the client storage.
  • the authorization request is a vehicle owner authorization request
  • the vehicle owner authorization request may include vehicle identification information of the target authorized vehicle.
  • the control unit 502 can retrieve whether the owner identity information matching the requester identity information exists in the local database, and if yes, the authorization authentication succeeds, otherwise the authorization authentication fails.
  • the owner authorization request may also include turning on the wireless near field control command.
  • the control unit 502 can identify the received authorization request as a vehicle owner authorization request in response to detecting that the open wireless near field control instruction is included in the authorization request.
  • the authorization information may include one or more of the requester's user identification information, authorization category, authorization validity period, and car control key.
  • the authorization category is the owner of the vehicle and the authorization period can be permanent.
  • the authorization request may be a borrow authorization request, and the borrow authorization request may also include owner identity information.
  • the requester at this time is a borrower, and the identity information of the requester is the identity information of the borrower.
  • the control unit 502 can control the transceiver unit 501 to forward the authorization request to the client of the designated vehicle owner according to the vehicle owner identity information, and receive the authorization response from the client of the designated vehicle owner. If the authorization response is the consent authorization command, the authorization is successful, otherwise the authorization is authorized. Authentication failed.
  • the consent authorization instruction may include vehicle identification information, an authorization validity period, and an authorization category of the target authorized vehicle.
  • the control unit 502 can control the transceiver unit 501 to transmit the requester's authorization information to the T-Box storage of the target authorized vehicle based on the vehicle identification information.
  • the authorization information may include one or more of the requester's user identification information, authorization category, authorization validity period, and car control key.
  • the authorization category may include a home user and a general user, and when the authorization category is a home user, the authorization validity period may be permanent.
  • the T-Box information may include one or more of a vehicle VIN number of the target authorized vehicle, an authorization expiration date, and a car control key.
  • a user who has been authorized to authenticate successfully has the right to operate the vehicle, but after the authorized user starts the vehicle, if there is a situation of leaving the vehicle or forgetting to lock the car, any other person can still operate the activated vehicle, which will aggravate the stolen vehicle. Case.
  • the security authentication method includes:
  • the T-Box unit performs Bluetooth-based authentication with the client of the user, and if the authentication succeeds, S620 is performed, and if the authentication fails, S630 is performed;
  • S620 The T-Box unit and the BCM unit perform key-based authentication, if the authentication succeeds, S640 is performed, and if the authentication fails, S630 is performed;
  • S630 The authentication fails, and the update authentication status is the authentication failure status, and S650 is performed;
  • S640 The authentication is successful, and the update authentication state is the authentication pass state, and S660 is executed;
  • S650 Limit operation authority and send a message to the client, and execute S660;
  • S660 After the status update, the next authentication authentication is started after a predetermined time, and S610 is performed.
  • the predetermined time can be set to 10 seconds.
  • the above steps are an authentication process, which includes Bluetooth-based authentication and key-based authentication.
  • the authentication process may only include a Bluetooth-based authentication process or only a secret-based authentication process.
  • the key authentication process can achieve the purpose of security authentication. The difference is that the security between the authentication processes containing different steps is different.
  • the step S610 is performed by the T-Box unit and the client of the user.
  • Bluetooth-based authentication includes:
  • S611 determining whether the Bluetooth between the T-Box unit and the client is in a connected state, if it is in the connected state, executing S612, and if in the disconnected state, executing S630;
  • the T-Box unit receives the user identity information sent by the client, and matches the identity information with the identity information of the authorized user stored locally by the T-Box unit. If the matching succeeds, executing S613, if the matching fails, executing S630;
  • S613 Calculate the separation distance between the client and the vehicle. If the distance value is less than the predetermined distance threshold, the step S610 is successful, and S620 is performed. If the distance value is greater than the predetermined distance threshold, the authentication fails to execute S630.
  • the force measurement method in step S613 may be that the T-Box unit performs measurement based on indicators such as the strength of the Bluetooth signal transmitted by the client and/or the signal transmission time.
  • the predetermined distance threshold can be set to 3-5 meters.
  • the T-Box unit and the user's client perform a Bluetooth-based authentication step to increase or decrease the corresponding authentication step according to requirements.
  • the step S620 that is, the step of performing the key-based authentication by the T-Box unit and the BCM unit, includes:
  • the T-Box unit After the Bluetooth authentication succeeds, the T-Box unit sends the authentication request information to the BCM unit, and after receiving the authentication request information, the BCM unit generates a random number and sends the data to the T-Box unit.
  • the T-Box unit encrypts the received random number by using a working key and sends it back to the BCM unit.
  • S626 The BCM unit decrypts the received data by using a local working key, and compares the decrypted random number with the originally sent random number. If the two sets of data are consistent, the authentication succeeds in executing S640, if the two sets of data are different The authentication fails to execute S630.
  • the BCM unit of each vehicle has a unique SN sequence number
  • the BCM unit sends a key request to the T-Box unit, the key request including the SN sequence number, and the T-Box unit responds Based on the key request, a work key is generated based on the received SN sequence number, and the work key is sent to the BCM unit to be used as a local work key of the BCM unit, and the SN sequence number is stored.
  • the T-Box unit After receiving the random number sent by the BCM unit, the T-Box unit generates a work key based on the locally stored SN sequence number for encrypting the random number, and sends the encrypted data to the BCM unit. Used for key verification.
  • the BCM unit decrypts the received encrypted data according to the local working key, thereby verifying whether the T-Box unit is a work key generated based on the SN serial number of the BCM unit.
  • the working key generated by the T-Box unit based on the SN serial number is also a verification of whether the serial number of the BCM unit is a locally saved serial number.
  • the above authentication process is that the BCM unit verifies the T-Box unit, and those skilled in the art can understand that if the T-Box unit needs to verify the BCM unit, a key-based authentication method can also be adopted. That is, the random number generated by the T-Box unit is sent to the BCM unit, and the BCM unit encrypts the received random number based on the local working key and sends it back to the T-Box unit, and the T-Box unit receives the received work key pair. The data is decrypted, and the decrypted random number is compared with the originally transmitted random number. If they are consistent, the authentication is successful, and if different, the authentication fails.
  • the key authentication method ensures the matching of the BCM unit and the T-Box unit, and prevents the theft of the BCM or T-Box unit by using technology.
  • an validity period may be set for the authentication pass state according to the requirement, and the validity period should be greater than the predetermined time interval in step S660, and the authentication pass status in the validity period is the basis of the user's operation authority to the vehicle.
  • the authentication process is not completed or the new authentication status is not updated in time.
  • the last authentication status permission can be maintained for a period of time without causing great trouble to the user.
  • the limitation of the validity period also prevents the thief from disconnecting the communication network of the vehicle and the BCM unit is in the state of authentication pass.
  • the validity period can be specifically set based on the basic failure recovery time or signal delay time of the CAN communication network.
  • the authentication process is started when the CAN communication network of the T-Box unit is woken up, and ends after the CAN communication network is dormant.
  • the BCM unit detects an operation such as a door opening, a brake pedal depression, or a start stop button pressing without detecting a key insertion, it directly contacts the next authentication process.
  • a security authentication apparatus for securing a user's right to use a vehicle is provided.
  • the secure authentication device includes a T-Box unit 710, a BCM unit 720, and a client 730.
  • the client 730 is configured to download the vehicle controlled APP and log in the user identity information, and perform Bluetooth communication with the in-vehicle T-Box unit 710 to control the vehicle.
  • the T-Box unit 710 is configured to begin performing an authentication process every predetermined time interval, the authentication process including performing Bluetooth-based authentication with the client 730.
  • the BCM unit 720 is configured to control the vehicle and, after the authentication process ends, update the authentication status based on the authentication result, and use the authentication status as a basis for the user to legally use the vehicle.
  • the predetermined time interval can be set to 10 seconds.
  • the T-Box unit includes: a Bluetooth module 711, a determination module 712, a distance calculation module 713, and an encryption module 714.
  • the Bluetooth module 711 detects whether it is in a Bluetooth connection state with the client 730. If it is not in the connection state, the authentication fails. If it is in the connected state, the information is sent to the determination module 712 to trigger the determination module 712.
  • the determining module 712 receives the user identity information sent by the client 730 and matches the user identity information with the local user identity information, and the authentication fails if the user identity information of the client is not the local user identity information.
  • the information is sent to the distance calculation module 713 to trigger the distance calculation; the distance calculation module 713 is configured to calculate the separation distance from the client 730, if the interval distance exceeds If the preset distance threshold is used, the authentication fails. If the interval is less than the preset distance threshold, the Bluetooth-based authentication process succeeds, and the authentication result information is sent to the BCM unit 720. If the authentication fails in any link, the authentication failure result is sent to the BCM unit 720. The BCM unit 720 updates the authentication status based on the received authentication success or the result of the authentication failure.
  • the T-Box unit includes: a Bluetooth module 711, a determination module 712, a distance calculation module 713, an encryption module 714, and a control center 715.
  • the control center 715 triggers the Bluetooth module 711 to perform a Bluetooth connection determination, the Bluetooth module 711 detects whether it is in a Bluetooth connection state with the client 730, and sends the determination result to the control center 715;
  • the control center 715 sends a verification failure result to the BCM unit 720 or sends a message to the determination module 712 to trigger the user identity information verification based on the received Bluetooth connection result;
  • the determining module 712 determines whether the user of the client 730 is an authorized user based on the received user identity information and the local user identity information, and sends the determination result to the control center 715;
  • the control center 715 verifies that the result of the verification failure is sent to the BCM unit 720 or sends the information to the distance calculation module 713 based on the received user identity information to trigger the distance verification;
  • the distance calculation module 713 measures the separation distance from the client 730, and compares the separation distance with the preset distance threshold, and sends the verification result to the control center 715;
  • the control center 715 sends verification success or verification success information to the BCM unit 720 based on the distance verification result;
  • the BCM unit 720 updates the authentication status based on the information of the verification success or the verification failure sent by the control center 715.
  • the predetermined distance threshold can be set to 3-5 meters.
  • the BCM unit 720 includes: a random number generating module 721, a decrypting module 722, and a determining module 723.
  • the T-Box unit 710 includes an encryption module 714.
  • the random number generation module 721 generates a random number and sends it to the encryption module 714 and the determination module 723.
  • the encryption module 714 encrypts the received random number based on the work key.
  • transmitting the encrypted data to the decryption module 722, the decryption module 722 decrypts the received data based on the local working key, and sends the decrypted data to the determining module 723, and the determining module 723 will receive the received data.
  • the two sets of data are compared. If the two data are consistent, the authentication state is changed to the authentication pass state. If the two data are different, the authentication state is changed to the authentication fail state.
  • the BCM unit 720 includes: a random number generating module 721, a decrypting module 722, and a determining module 723.
  • the T-Box unit 710 includes an encryption module 714 and a control center 715. After the control center 715 sends the verification success information to the BCM unit 720, the random number generation module 721 generates a random number and sends it to the encryption module 714 and the determination module 723. The encryption module 714 encrypts the received random number based on the work key. The encrypted data is sent to the control center 715, and the control center 715 sends the encrypted data to the decryption module 722, which decrypts the received data based on the local work key, and decrypts the decrypted data.
  • the method is sent to the judging module 723, and the judging module 723 compares the two sets of data received. If the two data are consistent, the authentication status is changed to the authentication pass status. If the two data are different, the authentication status is changed to the authentication status. Pass the status.
  • the BCM unit 720 includes: a random number generating module 721, a decrypting module 722, and a determining module 723.
  • the T-Box unit 710 includes a Bluetooth module 711, a determination module 712, a distance calculation module 713, an encryption module 714, and a key generation module 716.
  • the BCM unit sends a key request to the key generation module 716, the key request including the SN sequence number, and the key generation module 716 generates a SN sequence number based on the received SN sequence number in response to the key request.
  • the work key is sent to the BCM unit 720 to be used as the local work key of the BCM unit 720 while the SN sequence number is stored.
  • the random number generation module 721 sends the generated random number to the determination module 723, the encryption module 714, and the key generation module 716, and the key generation module 716 receives After the random number, the work key is generated based on the locally stored SN sequence number and sent to the encryption module 714.
  • the encryption module 714 encrypts the random number based on the work key and sends it to the decryption module 722, and the decryption module 722 decrypts the received data and sends the decrypted data to the determining module 723.
  • the determining module 723 compares whether the received two sets of data are consistent, and updates the authentication status based on the comparison result.
  • the BCM unit 720 includes: a random number generating module 721, a decrypting module 722, and a determining module 723.
  • the T-Box unit 710 includes an encryption module 714, a control center 715, and a key generation module 716.
  • the BCM unit 720 sends a key request to the control center 715, the key request includes the SN sequence number, and the control center 715 stores the SN sequence number and sends a generate key command to the key generation module 716.
  • the key generation module 716 generates a work key based on the received SN sequence number in response to the key request, and sends the work key to the control center 715, and the control center 715 sends the work key to the BCM unit 720.
  • the control center 715 After receiving the random number generated by the random number generating module 721, the control center 715 sends it to the encryption module 714 and sends the SN sequence number to the key generation module 716, and the key generation module 716 generates The work key is sent to the encryption module 714, and the encryption module 714 encrypts the random number based on the received work key, thereby performing a subsequent authentication process.
  • the user's vehicle operation authority is restricted, such as prohibiting restarting, prohibiting acceleration, etc., and sending information to the user client 730 to remind the user that the authentication fails and the operation authority is limited. And / or will stop after a certain time.
  • the T-Box unit 710 cyclically performs an authentication process or terminates the authentication process based on the state of the CAN communication network.
  • the BCM unit 720 directly triggers the authentication process of the next cycle in response to detecting that the door is opened, the brake pedal is depressed, or the stop button is pressed, and the key insertion is not detected.
  • a secure authentication electronic device for securing a user's legal right to use the vehicle.
  • the secure authentication electronic device includes:
  • At least one processor 901 and,
  • a memory 902 communicatively coupled to the at least one processor 901;
  • the memory 902 stores instructions executable by the one processor, the instructions being executed by the at least one processor to enable the at least one processor to perform all steps of the secure authentication method as described above .
  • One processor 902 is taken as an example in FIG.
  • the electronic device may further include an input device 903 and an output device 904.
  • the processor 901, the memory 902, the input device 903, and the display device 904 may be connected by a bus or other means, and the bus connection is taken as an example.
  • the memory 902 is a non-volatile computer readable storage medium, and can be used for storing non-volatile software programs, non-volatile computer-executable programs, and modules, such as program instructions corresponding to the security authentication method in the embodiment of the present application. / Module, for example, the method flow shown in Figure 6.
  • the processor 901 executes various functional applications and data processing by executing non-volatile software programs, instructions, and modules stored in the memory 902, that is, implementing the secure authentication method in the above embodiments.
  • the memory 902 may include a storage program area and an storage data area, wherein the storage program area may store an operating system, an application required for at least one function; the storage data area may store data created according to use of the secure authentication method, and the like.
  • memory 902 can include high speed random access memory, and can also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device.
  • memory 902 can optionally include memory remotely located relative to processor 901 that can be connected over a network to a device that performs a secure authentication method. Examples of such networks include, but are not limited to, the Internet, intranets, local area networks, mobile communication networks, and combinations thereof.
  • the input device 903 can receive input user clicks and generate signal inputs related to user settings and function control of the secure authentication method.
  • Display device 904 can include a display device such as a display screen.
  • the one or more modules are stored in the memory 902, and when executed by the one or more processors 901, the secure authentication method in any of the above method embodiments is performed.
  • a storage medium storing computer instructions for performing all the steps of the secure authentication method as described above when the computer executes the computer instructions.
  • information, signals, and data may be represented using any of a variety of different technologies and techniques.
  • the data, instructions, commands, information, signals, bits (bits), symbols, and chips referenced throughout the above description may be by voltage, current, electromagnetic waves, magnetic fields or magnetic particles, light fields or optical particles, or any thereof. Combined to represent.
  • DSPs digital signal processors
  • ASICs application specific integrated circuits
  • FPGAs field programmable gate arrays
  • a general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine.
  • the processor may also be implemented as a combination of computing devices, such as a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration.
  • a software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
  • An exemplary storage medium is coupled to the processor to enable the processor to read and write information to/from the storage medium.
  • the storage medium can be integrated into the processor.
  • the processor and the storage medium can reside in an ASIC.
  • the ASIC can reside in the user terminal.
  • the processor and the storage medium may reside as a discrete component in the user terminal.
  • the functions described may be implemented in hardware, software, firmware, or any combination thereof. If implemented as a computer program product in software, the functions may be stored on or transmitted as one or more instructions or code on a computer readable medium.
  • Computer readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another.
  • a storage medium may be any available media that can be accessed by a computer.
  • such computer readable media may comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, disk storage or other magnetic storage device, or can be used to carry or store instructions or data structures. Any other medium that is desirable for program code and that can be accessed by a computer.
  • any connection is also properly referred to as a computer readable medium.
  • the software is transmitted from a web site, server, or other remote source using coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL), or wireless technologies such as infrared, radio, and microwave.
  • the coaxial cable, fiber optic cable, twisted pair cable, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of the medium.
  • Disks and discs as used herein include compact discs (CDs), laser discs, optical discs, digital versatile discs (DVDs), floppy discs, and Blu-ray discs, in which disks are often reproduced magnetically. Data, and discs optically reproduce data with a laser. Combinations of the above should also be included within the scope of computer readable media.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Lock And Its Accessories (AREA)

Abstract

The present invention provides a safety authentication apparatus and method for vehicle anti-theft. The safety authentication apparatus comprises a T-Box unit configured to circularly execute an authorization process, the authorization process comprising that the T-Box unit executes Bluetooth-based authentication to a client of a user; and a BCM unit configured to update an authorization state based on an authorization result after the authorization process is executed each time. The T-Box unit executes the authorization process of the next cycle after a preset time interval, and the authorization state comprises an authorization pass state or an authorization fail state, wherein the authorization pass state is used as the basis for the user to use the vehicle legally by the BCM unit. FIG. 6

Description

用于车辆防盗的安全认证装置、方法、设备、计算机程序Safety certification device, method, device and computer program for vehicle theft prevention
本申请要求在2017年12月29日提交中国专利局、申请号为201711471603.X、发明名称为“一种用于车辆防盗的安全认证装置及方法”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese Patent Application filed on Dec. 29, 2017, the Chinese Patent Office, Application No. 201711471603.X, entitled "A Safety Authentication Device and Method for Vehicle Anti-Theft", the entire contents of which is hereby incorporated by reference. This is incorporated herein by reference.
技术领域Technical field
本发明涉及车辆防盗领域,尤其涉及一种用于车辆防盗的安全认证装置、方法、设备、计算机程序。The invention relates to the field of vehicle anti-theft, in particular to a safety authentication device, method, device and computer program for vehicle anti-theft.
背景技术Background technique
随着汽车数量的增多,汽车被盗给社会带来了极大的不安,由此汽车的防盗认证系统也应运而生。目前应用较多的是发动机防盗锁止系统,在钥匙内藏有密码应答器,在没有合法钥匙的情况下,将不能启动发动机,因此有效防止了车辆被盗。但是这种防盗技术对物理钥匙有较强的依赖性,当车辆有多人使用的场合或车主忘记随身携带钥匙的情况下,则无法正常的使用车辆,给用户造成了不好的使用体验。With the increase in the number of cars, the car was stolen and brought great anxiety to the society. As a result, the car's anti-theft authentication system came into being. At present, the engine anti-theft locking system is more used, and a password transponder is hidden in the key. In the absence of a legal key, the engine cannot be started, thus effectively preventing theft of the vehicle. However, this anti-theft technology has a strong dependence on the physical key. When the vehicle is used by many people or the owner forgets to carry the key with him, the vehicle cannot be used normally, which causes a bad user experience.
本发明的目的在于实现不依赖物理钥匙就能启动车辆且同时进行安全认证的方法,从而防止车辆被盗。其中,车主可以授权多个手机在某个时间段或长期作为车辆的蓝牙钥匙;携带被授权的手机,用户可以通过车辆的防盗认证系统的认证,正常的使用车辆。The object of the present invention is to achieve a method of starting a vehicle without relying on a physical key and simultaneously performing safety authentication, thereby preventing theft of the vehicle. Among them, the owner can authorize multiple mobile phones to be the Bluetooth key of the vehicle for a certain period of time or for a long time; carrying the authorized mobile phone, the user can use the vehicle's anti-theft authentication system to verify the normal use of the vehicle.
发明内容Summary of the invention
以下给出一个或多个方面的简要概述以提供对这些方面的基本理解。此概述不是所有构想到的方面的详尽综览,并且既非旨在指认出所有方面的关键性或决定性要素亦非试图界定任何或所有方面的范围。其唯一的目的是要以简化形式给出一个或多个方面的一些概念 以为稍后给出的更加详细的描述之序。A brief overview of one or more aspects is provided below to provide a basic understanding of these aspects. This summary is not an extensive overview of all aspects that are conceived, and is not intended to identify key or critical elements in all aspects. Its sole purpose is to present some concepts in one or more aspects
根据本发明的一个方面,提供一种安全认证方法,用于确保用户对于车辆的合法使用权,所述安全认证方法包括:According to an aspect of the present invention, a secure authentication method for ensuring a legitimate use right of a user for a vehicle, the secure authentication method includes:
循环地执行鉴权过程,所述鉴权过程包括关于所述用户的客户端执行基于蓝牙的认证;以及Performing an authentication process cyclically, the authentication process including performing Bluetooth-based authentication with respect to a client of the user;
每次执行鉴权过程后,基于鉴权结果更新鉴权状态并在预定时间间隔后执行下一个循环的鉴权过程,所述鉴权状态包括鉴权通过状态或鉴权未通过状态,其中所述鉴权通过状态被用作所述用户对所述车辆的合法使用的基础。After each execution of the authentication process, the authentication state is updated based on the authentication result and the authentication process of the next cycle is performed after the predetermined time interval, where the authentication state includes an authentication pass state or an authentication fail state, where The authentication pass status is used as the basis for the legitimate use of the vehicle by the user.
进一步的,所述执行基于蓝牙的认证包括:Further, the performing Bluetooth-based authentication includes:
检测与所述客户端之间的蓝牙是否连接;Detecting whether Bluetooth connection with the client is connected;
若未连接,认证失败;以及If not connected, the authentication fails;
若保持连接,则接收来自所述客户端的用户身份信息并基于存储于本地的用户身份信息和接收到的用户身份信息判断所述客户端的用户是否为认证用户,若两者不一致,则认证失败。If the connection is maintained, the user identity information from the client is received, and based on the user identity information stored in the locality and the received user identity information, whether the user of the client is an authenticated user is determined. If the two are inconsistent, the authentication fails.
更进一步的,所述执行基于蓝牙的认证进一步包括:Further, the performing Bluetooth-based authentication further includes:
若存储于本地的用户身份信息和接收到的用户身份信息一致,则进一步基于所述客户端的蓝牙信号强度确定所述客户端与所述车辆的距离;If the local user identity information is consistent with the received user identity information, determining a distance between the client and the vehicle based on the Bluetooth signal strength of the client;
若所述距离大于预定距离阈值,则认证失败。If the distance is greater than the predetermined distance threshold, the authentication fails.
再进一步的,所述预定距离阈值为3-5米。Further, the predetermined distance threshold is 3-5 meters.
进一步的,所述基于鉴权结果更新鉴权状态包括:Further, the updating the authentication status based on the authentication result includes:
若所述基于蓝牙的认证失败,则将所述鉴权状态置为鉴权未通过状态。If the Bluetooth-based authentication fails, the authentication status is set to an authentication fail status.
进一步的,所述鉴权过程还包括:Further, the authentication process further includes:
在所述基于蓝牙的认证成功后,执行基于密钥的认证。After the Bluetooth-based authentication is successful, key-based authentication is performed.
更进一步的,所述基于鉴权结果更新鉴权状态包括:Further, the updating the authentication status based on the authentication result includes:
若所述基于密钥的认证成功,则将所述鉴权状态置为鉴权通过状态。If the key-based authentication is successful, the authentication state is set to an authentication pass state.
再进一步的,所述基于鉴权结果更新鉴权状态还包括:Further, the updating the authentication status based on the authentication result further includes:
为所述鉴权通过状态设置有效期,所述有效期的长度大于所述预定时间间隔,其中处于有效期内的所述鉴权通过状态被用于用户对所述车辆的合法使用的基础。An expiration date is set for the authentication pass state, the length of the validity period being greater than the predetermined time interval, wherein the authentication pass status within the validity period is used for the basis of the user's legitimate use of the vehicle.
更进一步的,所述基于密钥的认证包括:Further, the key-based authentication includes:
由车身控制模块单元生成随机数并传送给车辆控制及通信模块单元;Generating a random number by the body control module unit and transmitting it to the vehicle control and communication module unit;
由所述车辆控制及通信模块单元采用工作密钥对接收到的随机数加密,并将加密后的随机数传给所述车身控制模块单元;And receiving, by the vehicle control and communication module unit, the received random number by using a work key, and transmitting the encrypted random number to the vehicle body control module unit;
由所述车身控制模块单元采用本地工作密钥对接收到的经加密的随机数进行解密;以及Decrypting the received encrypted random number by the body control module unit using a local working key;
比对解密得到的随机数与原始传送给所述车辆控制及通信模块单元的随机数,若两者一致则所述基于密钥的认证成功,否则失败。The random number obtained by the decryption is compared with the random number originally transmitted to the vehicle control and communication module unit. If the two are identical, the key-based authentication is successful, otherwise it fails.
再进一步的,还包括:Further, it also includes:
由所述车身控制模块单元向所述车辆控制及通信模块单元发送密钥请求,所述密钥请求包含所述车身控制模块单元的序列号;以及Transmitting, by the body control module unit, a key request to the vehicle control and communication module unit, the key request including a serial number of the body control module unit;
由所述车辆控制及通信模块单元响应于所述密钥请求,基于所述车身控制模块单元的序列号生成所述工作密钥,并将生成的工作密钥发送给所述车身控制模块单元以用作所述车身控制模块单元的本地工作密钥,The work key is generated by the vehicle control and communication module unit in response to the key request based on the serial number of the vehicle body control module unit, and the generated work key is transmitted to the vehicle body control module unit Used as a local work key for the body control module unit,
其中在所述基于密钥的认证过程中,响应于收到所述随机数,重新基于所述车身控制模块单元的序列号生成所述工作密钥以用于所述随机数的加密。In the key-based authentication process, in response to receiving the random number, the work key is generated based on the serial number of the body control module unit for encryption of the random number.
进一步的,所述循环地执行鉴权过程响应于车辆控制及通信模块单元的控制器局域网络被唤醒而开始,以及响应于车辆控制及通信模块的控制器局域网络休眠而终止。Further, the cyclically performing the authentication process begins in response to the controller local area network of the vehicle control and communication module unit being awakened, and terminated in response to controller local area network sleep of the vehicle control and communication module.
进一步的,在每两次循环之间,响应于检测到车门开启、刹车板踩下、或启动停止按钮按下操作后未检测到钥匙插入而直接触发下一次循环的鉴权过程。Further, between every two cycles, the authentication process of the next cycle is directly triggered in response to detecting that the door is opened, the brake plate is depressed, or the key is inserted after the start button is pressed.
根据本发明的一个方面,提供一种安全认证装置,用于确保用户对于车辆的合法使用权,所述安全认证装置包括:According to an aspect of the present invention, there is provided a security authentication apparatus for ensuring a legitimate use right of a user for a vehicle, the secure authentication apparatus comprising:
车辆控制及通信模块单元,所述车辆控制及通信模块单元循环地执行鉴权过程,所述鉴权过程包括所述车辆控制及通信模块单元关于所述用户的客户端执行基于蓝牙的认证;以及a vehicle control and communication module unit, the vehicle control and communication module unit cyclically performing an authentication process, the authentication process including the vehicle control and communication module unit performing Bluetooth-based authentication with respect to a client of the user;
车身控制模块单元,每次执行鉴权过程后,所述车身控制模块单元基于鉴权结果更新鉴权状态,并在预定时间间隔后所述车辆控制及通信模块单元执行下一个循环的鉴权过程,所述鉴权状态包括鉴权通过状态或鉴权未通过状态,其中所述鉴权通过状态被所述车身控制模块单元用作所述用户对所述车辆的合法使用的基础。a vehicle body control module unit, each time the authentication process is performed, the vehicle body control module unit updates an authentication state based on an authentication result, and after a predetermined time interval, the vehicle control and communication module unit performs an authentication process of a next cycle The authentication status includes an authentication pass status or an authentication fail status, wherein the authentication pass status is used by the body control module unit as a basis for the user's legitimate use of the vehicle.
进一步的,所述车辆控制及通信模块单元包括蓝牙模块和判断模块,Further, the vehicle control and communication module unit includes a Bluetooth module and a determination module.
所述蓝牙模块检测车辆控制及通信模块与所述客户端之间的蓝牙是否连接;The Bluetooth module detects whether a Bluetooth connection between the vehicle control and communication module and the client is connected;
若未连接,认证失败;以及If not connected, the authentication fails;
若保持连接,则所述蓝牙模块接收来自所述客户端的用户身份信息,所述判断模块基于存储于本地的用户身份信息和接收到的用户身份信息判断所述客户端的用户是否为认证用户,若两者不一致,则认证失败。If the connection is maintained, the Bluetooth module receives the user identity information from the client, and the determining module determines, according to the user identity information stored locally and the received user identity information, whether the user of the client is an authenticated user, if If the two are inconsistent, the authentication fails.
更进一步的,所述车辆控制及通信模块单元还包括距离计算模块,Further, the vehicle control and communication module unit further includes a distance calculation module,
所述距离计算模块,用于若存储于本地的用户身份信息和接收到的用户身份信息一致,则所述距离计算模块进一步基于所述客户端的蓝牙信号强度确定所述客户端与所述车辆的距离,The distance calculation module is configured to determine, according to the Bluetooth signal strength of the client, the client and the vehicle, if the user identity information stored locally is consistent with the received user identity information distance,
所述判断模块判断所述距离是否大于预定距离阈值,若是则认证 失败。The determining module determines whether the distance is greater than a predetermined distance threshold, and if so, the authentication fails.
再进一步的,所述预定距离阈值为3-5米。Further, the predetermined distance threshold is 3-5 meters.
进一步的,若所述基于蓝牙的认证失败,则所述车身控制模块单元将所述鉴权状态置为鉴权未通过状态。Further, if the Bluetooth-based authentication fails, the body control module unit sets the authentication state to an authentication failure state.
进一步的,所述鉴权过程还包括:Further, the authentication process further includes:
在所述基于蓝牙的认证成功后,所述车辆控制及通信模块单元与所述车身控制模块单元执行基于密钥的认证。After the Bluetooth-based authentication is successful, the vehicle control and communication module unit and the vehicle body control module unit perform key-based authentication.
更进一步的,若所述基于密钥的认证成功,则所述车身控制模块单元将所述鉴权状态置为鉴权通过状态。Further, if the key-based authentication is successful, the body control module unit sets the authentication state to an authentication pass state.
再进一步的,若所述基于密钥的认证成功,所述车身控制模块单元进一步为所述鉴权通过状态设置有效期,所述有效期的长度大于所述预定时间间隔,其中处于有效期内的所述鉴权通过状态被用于用户对所述车辆的合法使用的基础。Further, if the key-based authentication is successful, the body control module unit further sets an expiration date for the authentication pass state, the length of the validity period being greater than the predetermined time interval, wherein the validity period is The authentication pass status is used as the basis for the user's legitimate use of the vehicle.
更进一步的,所述车身控制模块单元包括随机数生成模块、解密模块和判断模块,所述车辆控制及通信模块单元包括加密模块,Further, the vehicle body control module unit includes a random number generation module, a decryption module, and a determination module, and the vehicle control and communication module unit includes an encryption module.
其中在所述基于密钥的认证中,所述随机数生成模块生成随机数并传送给所述车辆控制及通信模块单元,所述车辆控制及通信模块单元的所述加密模块采用工作密钥对接收到的随机数加密,并将加密后的随机数传给所述车身控制模块单元,所述车身控制模块单元的解密模块采用本地工作密钥对接收到的经加密的随机数进行解密,所述比较模块比对解密得到的随机数与原始传送给所述车辆控制及通信模块单元的随机数,若两者一致则所述基于密钥的认证成功,否则失败。In the key-based authentication, the random number generating module generates a random number and transmits it to the vehicle control and communication module unit, and the encryption module of the vehicle control and communication module unit uses a work key pair. Receiving the random number encryption, and transmitting the encrypted random number to the body control module unit, the decryption module of the body control module unit decrypting the received encrypted random number by using a local working key, The comparison module compares the random number obtained by the decryption with the random number originally transmitted to the vehicle control and communication module unit, and if the two match, the key-based authentication succeeds, otherwise it fails.
再进一步的,所述车辆控制及通信模块单元还包括密钥生成模块,Further, the vehicle control and communication module unit further includes a key generation module,
所述车身控制模块单元向所述车辆控制及通信模块单元发送密钥请求,所述密钥请求包含所述车身控制模块单元的序列号,所述密钥生成模块响应于所述密钥请求,基于所述车身控制模块单元的序列号生成所述工作密钥,并将生成的工作密钥发送给所述车身控制模块 单元保存以用于所述车身控制模块单元的本地工作密钥,The body control module unit transmits a key request to the vehicle control and communication module unit, the key request including a serial number of the body control module unit, and the key generation module is responsive to the key request, Generating the work key based on a serial number of the body control module unit, and transmitting the generated work key to a local work key saved by the body control module unit for the body control module unit,
其中在所述基于密钥的认证过程中,所述密钥生成模块响应于收到所述随机数,重新基于所述车身控制模块单元的序列号生成所述工作密钥以用于所述随机数的加密。In the key-based authentication process, the key generation module generates the work key for the randomization based on the serial number of the body control module unit in response to receiving the random number. The encryption of the number.
进一步的,所述循环地执行鉴权过程响应于车辆控制及通信模块单元的控制器局域网络被唤醒而开始,以及响应于车辆控制及通信模块的控制器局域网络休眠而终止。Further, the cyclically performing the authentication process begins in response to the controller local area network of the vehicle control and communication module unit being awakened, and terminated in response to controller local area network sleep of the vehicle control and communication module.
进一步的,在每两次循环之间,响应于检测到车门开启、刹车板踩下、或启动停止按钮按下操作后未检测到钥匙插入而直接触发下一次循环的鉴权过程。Further, between every two cycles, the authentication process of the next cycle is directly triggered in response to detecting that the door is opened, the brake plate is depressed, or the key is inserted after the start button is pressed.
根据本发明的一个方面,提供一种安全认证电子设备,包括:According to an aspect of the present invention, a secure authentication electronic device is provided, comprising:
至少一个处理器;以及,At least one processor; and,
与所述至少一个处理器通信连接的存储器;其中,a memory communicatively coupled to the at least one processor; wherein
所述存储器存储有可被所述一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器能够执行如前所述的安全认证方法的所有步骤。The memory stores instructions executable by the one processor, the instructions being executed by the at least one processor to enable the at least one processor to perform all of the steps of the secure authentication method as previously described.
根据本发明的一个方面,提供一种计算机程序,包括在计算机上运行时,适合执行如前所述的安全认证方法的所有步骤的计算机代码。According to an aspect of the invention, there is provided a computer program comprising computer code adapted to perform all the steps of the secure authentication method as described above when run on a computer.
更进一步的,所述计算机程序收录在计算机可读媒介上。Further, the computer program is embodied on a computer readable medium.
附图说明DRAWINGS
在结合以下附图阅读本公开的实施例的详细描述之后,能够更好地理解本发明的上述特征和优点。在附图中,各组件不一定是按比例绘制,并且具有类似的相关特性或特征的组件可能具有相同或相近的附图标记。The above features and advantages of the present invention will be better understood from the following description of the appended claims. In the figures, components are not necessarily drawn to scale, and components having similar related features or features may have the same or similar reference numerals.
图1示出了根据本发明的一方面的远程授权系统的框图;1 shows a block diagram of a remote authorization system in accordance with an aspect of the present invention;
图2示出了根据本发明的一方面的远程授权方法的流程图;2 shows a flow chart of a remote authorization method in accordance with an aspect of the present invention;
图3示出了根据本发明的第一实施例的远程授权方法的流程图;Figure 3 shows a flow chart of a remote authorization method in accordance with a first embodiment of the present invention;
图4示出了根据本发明的第二实施例的远程授权方法的流程图;4 shows a flow chart of a remote authorization method in accordance with a second embodiment of the present invention;
图5示出了根据本发明的一方面的TSP的功能框图;Figure 5 illustrates a functional block diagram of a TSP in accordance with an aspect of the present invention;
图6示出了根据本发明一实施例的安全认证方法的流程图;6 shows a flow chart of a secure authentication method in accordance with an embodiment of the present invention;
图7示出了根据本发明一实施例的安全认证装置的框图;FIG. 7 is a block diagram showing a secure authentication apparatus according to an embodiment of the present invention; FIG.
图8示出了根据本发明一实施例的安全认证的数据流图;以及。FIG. 8 illustrates a data flow diagram of secure authentication in accordance with an embodiment of the present invention;
图9示出了根据本发明的一方面的安全认证电子设备的硬件结构示意图。9 is a block diagram showing the hardware structure of a secure authentication electronic device in accordance with an aspect of the present invention.
具体实施方式Detailed ways
以下结合附图和具体实施例对本发明作详细描述。注意,以下结合附图和具体实施例描述的诸方面仅是示例性的,而不应被理解为对本发明的保护范围进行任何限制。The invention is described in detail below with reference to the drawings and specific embodiments. It is to be noted that the aspects described below in conjunction with the drawings and the specific embodiments are merely exemplary and are not to be construed as limiting the scope of the invention.
为解决车辆被盗的问题,本发明提供一种利用随身携带的电子设备上的相关APP,该APP登录User ID,同时通过车主ID可授权多个User ID的模式,使得用户在未携带车钥匙的情况下可以利用随身携带的电子设备开启车辆并基于该APP的用户信息等与车辆进行安全验证。In order to solve the problem of theft of the vehicle, the present invention provides a mode for utilizing the related APP on the electronic device that is carried, and the APP logs in the User ID, and the plurality of User IDs can be authorized by the owner ID, so that the user does not carry the car key. In this case, the vehicle can be turned on by using the electronic device that is carried around and the vehicle is safely verified based on the user information of the APP or the like.
车辆控制及通信模块(Telematics BOX,T-Box)是当今互联汽车车载系统中一个非常重要的部件,其主要功能是实现汽车与车联网核心平台(Telematics Service Provider,TSP)的互联。通常TSP部署智能T服务的策略,与远端车辆T-Box进行交互,配合车辆BCM/ECU(车身控制模块)完成用户T服务的请求。通常的使用场景是:拥有车辆的合法用户可以使用注册的手机APP与TSP互联,TSP可以根据登陆的手机APP用户对T-Box发送启动命令等操作。The Telematics BOX (T-Box) is a very important component in today's connected car-mounted systems. Its main function is to interconnect the car and the Telematics Service Provider (TSP). Usually TSP deploys a smart T service strategy, interacts with the remote vehicle T-Box, and cooperates with the vehicle BCM/ECU (body control module) to complete the request of the user T service. The usual usage scenario is that a legitimate user with a vehicle can use the registered mobile APP to connect with the TSP, and the TSP can send a start command to the T-Box according to the registered mobile APP user.
图1示出了根据本发明的一方面的远程授权系统的框图。如图1所示,远程授权系统100可包括客户端110n、TSP 120和T-Box 130m。客户端110n可以是具有近场无线通信功能的移动终端,这里的近场无线通信功能可包括蓝牙、NFC(近场通信)、红外通信等非接触传输技术。客户端110可以是智能手机、掌上电脑、ipad等智能终端。1 shows a block diagram of a remote authorization system in accordance with an aspect of the present invention. As shown in FIG. 1, remote authorization system 100 can include client 110n, TSP 120, and T-Box 130m. The client 110n may be a mobile terminal having a near field wireless communication function, and the near field wireless communication function herein may include a contactless transmission technology such as Bluetooth, NFC (Near Field Communication), infrared communication, or the like. The client 110 can be a smart terminal such as a smart phone, a palmtop computer, or an ipad.
客户端110和T-Box130皆可通过无线网络与TSP 120通信。 无线网络可诸如CDMA、TDMA、FDMA、OFDMA、SC-FDMA和其他网络。CDMA网络可实现诸如通用地面无线电接入(UTRA)、cdma2000等无线电技术。UTRA包括宽带CDMA(W-CDMA)和其他CDMA变体。此外,cdma2000涵盖IS-2000、5IS-95和IS-856标准。TDMA系统可实现诸如全球移动通信系统(GSM)等无线电技术。OFDMA系统可实现诸如演进型UTRA(E-UTRA)、超移动宽带(UMB)、IEEE 802.11(Wi-Fi)、IEEE 802.16(WiMAX)、IEEE 802.20、
Figure PCTCN2018108336-appb-000001
等之类的无线电技术。UTRA和E-UTRA是通用移动电信系统(UMTS)的部分。3GPP长期演进(LTE)是使用E-UTRA的UMTS版本,其在下行链路上采用OFDMA而在上行链路上采用SC-FDMA。UTRA、E-UTRA、UMTS、LTE和GSM在来自名为“第三代伙伴项目(3GPP)”的组织的文献中描述。另外,cdma2000和UMB在来自名为“第三代伙伴项目2”(3GPP2)的组织的文献中描述。 Both client 110 and T-Box 130 can communicate with TSP 120 over a wireless network. Wireless networks may be such as CDMA, TDMA, FDMA, OFDMA, SC-FDMA, and other networks. A CDMA network can implement radio technologies such as Universal Terrestrial Radio Access (UTRA), cdma2000, and the like. UTRA includes Wideband CDMA (W-CDMA) and other CDMA variants. In addition, cdma2000 covers the IS-2000, 5IS-95, and IS-856 standards. A TDMA system can implement a radio technology such as the Global System for Mobile Communications (GSM). An OFDMA system can implement such as Evolved UTRA (E-UTRA), Ultra Mobile Broadband (UMB), IEEE 802.11 (Wi-Fi), IEEE 802.16 (WiMAX), IEEE 802.20,
Figure PCTCN2018108336-appb-000001
Radio technology such as the same. UTRA and E-UTRA are part of the Universal Mobile Telecommunications System (UMTS). 3GPP Long Term Evolution (LTE) is a release of UMTS that uses E-UTRA, which employs OFDMA on the downlink and SC-FDMA on the uplink. UTRA, E-UTRA, UMTS, LTE and GSM are described in documents from an organization named "3rd Generation Partnership Project (3GPP)". In addition, cdma2000 and UMB are described in documents from an organization named "3rd Generation Partnership Project 2" (3GPP2).
图2示出了根据本发明的一方面的远程授权方法200的流程图,该远程授权方法200可由图1中的TSP 120执行。如图2所示,该远程授权方法200可包括以下步骤。2 shows a flow diagram of a remote authorization method 200 that may be performed by TSP 120 in FIG. 1 in accordance with an aspect of the present invention. As shown in FIG. 2, the remote authorization method 200 can include the following steps.
步骤201:接收来自客户端110n的授权请求,该授权请求包括请求人身份信息。Step 201: Receive an authorization request from the client 110n, the authorization request including the requester identity information.
客户端110的用户作为请求人可登录客户端110n上的APP,然后向TSP 120发送授权请求。该授权请求可以是关于车辆的使用权授权请求。这里的请求人身份信息可以是表征请求人的身份的信息,例如手机号码。The user of the client 110, as a requester, can log in to the APP on the client 110n and then send an authorization request to the TSP 120. The authorization request may be a usage right authorization request for the vehicle. The requester identity information herein may be information that characterizes the identity of the requester, such as a mobile phone number.
步骤202:基于该请求人身份信息对该授权请求执行授权认证。Step 202: Perform authorization authentication on the authorization request based on the requester identity information.
授权认证是以请求人身份为基础。具体的授权认证实施方式如下文所述。Authorization certification is based on the identity of the requester. The specific authorization authentication implementation method is as follows.
步骤203:响应于认证成功,将关于该请求人的授权信息发送至目标授权车辆的T-Box 130m存储,以及将该目标授权车辆的T-Box信息传送至客户端110存储。Step 203: In response to the authentication being successful, the authorization information about the requester is sent to the T-Box 130m storage of the target authorized vehicle, and the T-Box information of the target authorized vehicle is transmitted to the client 110 for storage.
授权信息可由TSP 120生成。授权信息可包括请求人的用户识别信息,该用户识别信息是用于唯一地识别该请求人,例如用户在注 册时由TSP 120唯一分配的User ID。Authorization information may be generated by the TSP 120. The authorization information may include the subscriber's subscriber identification information, which is used to uniquely identify the requestor, such as the User ID uniquely assigned by the TSP 120 when the subscriber was registered.
授权信息还可包括授权类别、授权有效期、以及控车密钥中的一者或多者。授权类别可包括车主用户、家庭用户和一般用户。车主用户的对应授权有效期可以是永久。家庭用户的对应授权有效期也可以是永久或者预订时间段。The authorization information may also include one or more of an authorization category, an authorization validity period, and a license key. Authorization categories may include owner users, home users, and general users. The corresponding license validity period of the owner user can be permanent. The corresponding authorization validity period of the home user may also be permanent or a subscription time period.
此外,授权信息还可包括用户昵称、登录密码等信息。登录密码可以采用MD5等加密方式进行加密存储。In addition, the authorization information may also include information such as a user nickname, a login password, and the like. The login password can be encrypted and stored using encryption methods such as MD5.
目标授权车辆的T-Box 130m可存储上述授权信息,以供用户在后续使用客户端110n近场控制车辆提供授权基础。客户端110n可存储该目标授权车辆的T-Box信息。The T-Box 130m of the target authorized vehicle may store the above authorization information for the user to provide an authorization basis for the subsequent use of the client 110n near field control vehicle. The client 110n may store T-Box information of the target authorized vehicle.
T-Box信息可包括车辆的车辆VIN号、授权有效期、以及控车密钥中的一者或多者。The T-Box information may include one or more of a vehicle's vehicle VIN number, an authorization expiration date, and a vehicle control key.
图3示出了根据本发明的第一实施例的远程授权方法300的流程图。该远程授权方法300可由图1中的TSP 120执行。如图3所示,该远程授权方法300可包括以下步骤。FIG. 3 shows a flow chart of a remote authorization method 300 in accordance with a first embodiment of the present invention. The remote authorization method 300 can be performed by the TSP 120 of FIG. As shown in FIG. 3, the remote authorization method 300 can include the following steps.
步骤301:接收来自车主的客户端110-N1的授权请求,该授权请求包括请求人身份信息。Step 301: Receive an authorization request from the vehicle owner's client 110-N1, the authorization request including the requester identity information.
在此实施例中,假定客户端110-N1的用户是车主身份,此时的请求人为车主,请求人身份信息为车主的身份信息。车主首先需要开启无线近场控车的功能,并取得认证授权。因此,车主用户利用事先取得的账户和密码成功登入到客户端110-N1上安装的APP中,然后发送授权请求至TSP 120以开启无线近场控车功能,并同时获得授权。In this embodiment, it is assumed that the user of the client 110-N1 is the owner of the vehicle, and the requester at this time is the owner of the vehicle, and the identity information of the requester is the identity information of the owner. The owner first needs to turn on the function of the wireless near field control vehicle and obtain the certification authorization. Therefore, the owner of the vehicle successfully logs in to the APP installed on the client 110-N1 by using the account and password obtained in advance, and then sends an authorization request to the TSP 120 to enable the wireless near field control function and obtain authorization at the same time.
在实践中,当车主在购车时,可通过经销商管理系统(DMS)向TSP 120新建一个车主用户的账户,其中绑定有车辆的VIN号及相关联的车主身份信息,所述的车主身份信息为能区分车主身份的唯一码信息,例如手机号码,身份证,护照或者驾照等,或者唯一的用户识别信息例如User ID。在创建该账户时,可由TSP 120随机生成供车主用户登录的密码。当然用户后续可修改密码。In practice, when the owner is buying a car, a new owner's account can be created with the dealer management system (DMS) to the TSP 120, which is bound with the vehicle's VIN number and associated owner identity information, the owner identity The information is unique code information that can distinguish the identity of the owner, such as a mobile phone number, an ID card, a passport or a driver's license, or the like, or unique user identification information such as a User ID. When the account is created, the password for the owner of the vehicle to log in can be randomly generated by the TSP 120. Of course, the user can modify the password later.
希望开通无线近场控车时,车主可用该车主身份信息例如手机号码,身份证,护照或者驾照,或者唯一的用户识别信息例如User ID及 密码等登录APP,在APP中可指定车辆和选择开启无线近场控车的选项,这里的无线包括蓝牙、NFC、红外线等非接触传输技术。When you want to open the wireless near-field control car, the owner can use the owner's identity information such as mobile phone number, ID card, passport or driver's license, or unique user identification information such as User ID and password to log in to the APP. In the APP, you can specify the vehicle and select to open. Wireless near field control options, wireless here includes Bluetooth, NFC, infrared and other contactless transmission technologies.
TSP 120收到该授权请求后,可检测到授权请求中包括开启无线近场控车指令,从而响应于该指令,将接收到的该授权请求识别为车主授权请求,并进行授权认证以便开启该无线近场控车功能。After receiving the authorization request, the TSP 120 may detect that the authorization request includes turning on the wireless near field control instruction, thereby responding to the instruction, identifying the received authorization request as a vehicle owner authorization request, and performing authorization authentication to enable the Wireless near field control function.
步骤302:检索本地数据库中是否存在与该请求人身份信息相匹配的车主身份信息,若存在则授权认证成功,否则授权认证失败。Step 302: Retrieve the presence or absence of the owner identity information in the local database that matches the identity information of the requester. If yes, the authorization is successful, otherwise the authorization authentication fails.
如前所述,TSP 120的本地存储着车主身份信息数据库,其中关联地存储着车主身份信息及与之绑定的车辆VIN。因此,TSP 120只需检索确定车主身份信息数据库中是否有与该请求人身份信息相匹配的身份信息。As described above, the TSP 120 locally stores a vehicle owner identity information database in which the vehicle owner identity information and the vehicle VIN bound thereto are stored in association. Therefore, the TSP 120 only needs to retrieve whether the identity information of the owner identity information database matches the identity information of the requester.
步骤303:响应于认证成功,将关于该车主的授权信息发送至目标授权车辆的T-Box 130m存储,以及将该目标授权车辆的T-Box信息传送至客户端110-N1存储。Step 303: In response to the authentication being successful, the authorization information about the owner is transmitted to the T-Box 130m storage of the target authorized vehicle, and the T-Box information of the target authorized vehicle is transmitted to the client 110-N1 for storage.
这里授权信息包括请求人的用户识别信息,授权类别、授权有效期、以及控车密钥中的一者或多者。用户识别信息可包括User ID,手机号码,身份证,护照或者驾照等唯一码信息。此时,授权类别为车主用户,授权有效期为永久。此外,授权信息还可包括用户昵称、登录密码等信息。登录密码可以采用MD5等加密方式进行加密存储。The authorization information herein includes one or more of the requester's user identification information, authorization category, authorization validity period, and car control key. The user identification information may include unique code information such as a User ID, a mobile phone number, an ID card, a passport, or a driver's license. At this time, the authorization category is the owner of the vehicle, and the authorization period is permanent. In addition, the authorization information may also include information such as a user nickname, a login password, and the like. The login password can be encrypted and stored using encryption methods such as MD5.
目标授权车辆的T-Box 130m可存储上述授权信息,以供用户在后续使用客户端110-N1近场控制车辆提供授权基础。The T-Box 130m of the target authorized vehicle may store the above authorization information for the user to provide an authorization basis for subsequent use of the client 110-N1 near field control vehicle.
此外,客户端110-N1可存储该目标授权车辆的T-Box信息。T-Box信息可包括车辆的车辆VIN号、授权有效期、以及控车密钥中的一者或多者。In addition, the client 110-N1 may store T-Box information of the target authorized vehicle. The T-Box information may include one or more of a vehicle's vehicle VIN number, an authorization expiration date, and a vehicle control key.
图4示出了根据本发明的第二实施例的远程授权方法400的流程图。该远程授权方法400可由图1中的TSP 120执行。如图4所示,该远程授权方法400可包括以下步骤。FIG. 4 shows a flow chart of a remote authorization method 400 in accordance with a second embodiment of the present invention. The remote authorization method 400 can be performed by the TSP 120 of FIG. As shown in FIG. 4, the remote authorization method 400 can include the following steps.
步骤401:接收来自借用人的客户端110-N2的授权请求,该授权请求包括请求人身份信息。Step 401: Receive an authorization request from the borrower's client 110-N2, the authorization request including the requester identity information.
在此实施例中,假定客户端110-N1的用户是车主身份,客户端 110-N2的用户是借用人身份。相应的,此授权请求为借用授权请求,此时的请求人为借用人,请求人身份信息也即为借用人的身份信息。借用授权请求中除了包括请求人身份信息外,还包括车主身份信息,即请求人希望借车的车主的身份信息。较优地,借用授权请求中还可包括请求人的驾驶执照等信息。In this embodiment, assume that the user of client 110-N1 is the owner of the vehicle and the user of client 110-N2 is the borrower identity. Correspondingly, the authorization request is a borrowing authorization request. At this time, the requester is a borrower, and the identity information of the requester is the identity information of the borrower. In addition to including the identity information of the requester, the borrowing authorization request includes the identity information of the owner, that is, the identity information of the owner of the vehicle that the requester wishes to borrow. Preferably, the borrowing authorization request may further include information such as the driver's driving license.
在实际中,借用人也需创建账户,然后登入到APP后,选择申请授权,例如填写车主身份信息例如车主手机号码,身份证,护照,驾照或者User ID等,点击申请。客户端110-N2的APP将申请提交到TSP 120。In practice, the borrower also needs to create an account, and then log in to the APP, and then choose to apply for authorization, such as filling in the owner's identity information such as the owner's mobile phone number, ID card, passport, driver's license or User ID, etc., click on the application. The client 110-N2 APP submits the application to the TSP 120.
步骤402:根据该车主身份信息将该授权请求转发至指定车主的客户端110-N1。Step 402: Forward the authorization request to the client 110-N1 of the designated owner according to the owner identity information.
例如,TSP 120在收到授权申请后可根据车主的身份信息如手机号等将申请转发到车主APP。车主在APP中查看到申请通知,根据申请人身份信息,车主可指定车辆、授权类别(家庭用户或一般用户),授权时长(如果是家庭用户,授权时长可以是永远)。车主可点击同意或拒绝,APP将申请结果同步到TSP 120。For example, after receiving the authorization application, the TSP 120 may forward the application to the owner APP according to the identity information of the owner such as the mobile phone number. The owner can view the application notice in the APP. According to the applicant's identity information, the owner can specify the vehicle, the authorization category (home user or general user), and the authorization duration (if it is a home user, the authorization duration can be forever). The owner can click to agree or reject, and the APP synchronizes the application results to TSP 120.
步骤403:从该指定车主的客户端110-N1接收授权响应,若该授权响应为同意授权指令,则授权认证成功,否则授权认证失败。Step 403: Receive an authorization response from the client 110-N1 of the designated owner. If the authorization response is an consent authorization command, the authorization authentication succeeds, otherwise the authorization authentication fails.
TSP 120接收授权响应后,根据申请人信息如手机号码,将授权响应反馈给申请人的客户端110-N2。After receiving the authorization response, the TSP 120 feeds back the authorization response to the applicant's client 110-N2 based on the applicant information, such as the mobile number.
步骤404:响应于认证成功,将关于该借用人的授权信息发送至目标授权车辆的T-Box 130m存储,以及将该目标授权车辆的T-Box信息传送至借用人的客户端110-N2存储。Step 404: In response to the authentication being successful, the authorization information about the borrower is sent to the T-Box 130m storage of the target authorized vehicle, and the T-Box information of the target authorized vehicle is transmitted to the borrower's client 110-N2 for storage. .
这里授权信息包括请求人的用户识别信息,授权类别、授权有效期、以及控车密钥中的一者或多者。用户识别信息可包括User ID,手机号码等。此时,授权类别为家庭用户或一般用户。对于家庭用户,授权有效期可为永久。此外,授权信息还可包括用户昵称、登录密码等信息。登录密码可以采用MD5等加密方式进行加密存储。The authorization information herein includes one or more of the requester's user identification information, authorization category, authorization validity period, and car control key. The user identification information may include a User ID, a mobile phone number, and the like. At this time, the authorization category is a home user or a general user. For home users, the authorization period can be permanent. In addition, the authorization information may also include information such as a user nickname, a login password, and the like. The login password can be encrypted and stored using encryption methods such as MD5.
目标授权车辆的T-Box 130m可存储上述授权信息,以供用户在后续使用客户端110-N2近场控制车辆提供授权基础。The T-Box 130m of the target authorized vehicle may store the above authorization information for the user to provide an authorization basis for subsequent use of the client 110-N2 near field control vehicle.
此外,借用人的客户端110-N2可存储该目标授权车辆的T-Box信息。T-Box信息可包括车辆的车辆VIN号、授权有效期、以及控车密钥中的一者或多者。In addition, the borrower's client 110-N2 can store the T-Box information of the target authorized vehicle. The T-Box information may include one or more of a vehicle's vehicle VIN number, an authorization expiration date, and a vehicle control key.
对于授权有效期不是永久的用户,例如家庭用户和一般用户,相应的客户端110-N2和对于的授权车辆的T-Box 130m可在授权有效期到期之后分别删除本地存储的授权信息和T-Box信息,以防止用户过期使用和隐身泄漏。For users whose authorization validity period is not permanent, such as home users and general users, the corresponding client 110-N2 and the T-Box 130m for the authorized vehicle may respectively delete the locally stored authorization information and T-Box after the authorization expiration period expires. Information to prevent users from expiring use and stealth leaks.
尽管为使解释简单化将上述方法图示并描述为一系列动作,但是应理解并领会,这些方法不受动作的次序所限,因为根据一个或多个实施例,一些动作可按不同次序发生和/或与来自本文中图示和描述或本文中未图示和描述但本领域技术人员可以理解的其他动作并发地发生。Although the above method is illustrated and described as a series of acts for simplicity of the explanation, it should be understood and appreciated that these methods are not limited by the order of the acts, as some acts may occur in different orders in accordance with one or more embodiments. And/or concurrently with other acts from what is illustrated and described herein or that are not illustrated and described herein, but are understood by those skilled in the art.
图5示出了根据本发明的一方面的TSP 500的功能框图。如图5所示,TSP 500可包括收发单元501和控制单元502。FIG. 5 shows a functional block diagram of a TSP 500 in accordance with an aspect of the present invention. As shown in FIG. 5, the TSP 500 may include a transceiver unit 501 and a control unit 502.
收发单元501可配置成接收来自客户端的授权请求,该授权请求包括请求人身份信息。此时的请求人为车主,请求人身份信息为车主的身份信息。控制单元502可配置成基于请求人身份信息对授权请求执行授权认证,且响应于认证成功,控制单元02可控制收发单元501将关于请求人的授权信息发送至目标授权车辆的T-Box存储,以及将目标授权车辆的T-Box信息传送至该客户端存储。The transceiver unit 501 can be configured to receive an authorization request from a client, the authorization request including requester identity information. The requester at this time is the owner of the vehicle, and the identity information of the requester is the identity information of the owner. The control unit 502 may be configured to perform authorization authentication on the authorization request based on the requester identity information, and in response to the authentication being successful, the control unit 02 may control the transceiving unit 501 to transmit the authorization information about the requester to the T-Box storage of the target authorized vehicle, And transmitting the T-Box information of the target authorized vehicle to the client storage.
在一实施例中,授权请求为车主授权请求,该车主授权请求可包括目标授权车辆的车辆识别信息。控制单元502可检索本地数据库中是否存在与该请求人身份信息相匹配的车主身份信息,若存在则授权认证成功,否则授权认证失败。In an embodiment, the authorization request is a vehicle owner authorization request, and the vehicle owner authorization request may include vehicle identification information of the target authorized vehicle. The control unit 502 can retrieve whether the owner identity information matching the requester identity information exists in the local database, and if yes, the authorization authentication succeeds, otherwise the authorization authentication fails.
更具体地,该车主授权请求还可包括开启无线近场控车指令。控制单元502可响应于检测到授权请求中包括该开启无线近场控车指令而将接收到的授权请求识别为车主授权请求。More specifically, the owner authorization request may also include turning on the wireless near field control command. The control unit 502 can identify the received authorization request as a vehicle owner authorization request in response to detecting that the open wireless near field control instruction is included in the authorization request.
作为示例,授权信息可包括所述请求人的用户识别信息,授权类别、授权有效期、以及控车密钥中的一者或多者。在此实例中,授权类别为车主用户,授权有效期可以为永久。As an example, the authorization information may include one or more of the requester's user identification information, authorization category, authorization validity period, and car control key. In this example, the authorization category is the owner of the vehicle and the authorization period can be permanent.
在另一实例中,该授权请求可为借用授权请求,借用授权请求还可包括车主身份信息。此时的请求人为借用人,请求人身份信息为借用人的身份信息。控制单元502可控制收发单元501根据该车主身份信息将授权请求转发至指定车主的客户端,并从指定车主的客户端接收授权响应,若授权响应为同意授权指令,则授权认证成功,否则授权认证失败。In another example, the authorization request may be a borrow authorization request, and the borrow authorization request may also include owner identity information. The requester at this time is a borrower, and the identity information of the requester is the identity information of the borrower. The control unit 502 can control the transceiver unit 501 to forward the authorization request to the client of the designated vehicle owner according to the vehicle owner identity information, and receive the authorization response from the client of the designated vehicle owner. If the authorization response is the consent authorization command, the authorization is successful, otherwise the authorization is authorized. Authentication failed.
作为示例,同意授权指令可包括目标授权车辆的车辆识别信息、授权有效期和授权类别。控制单元502可控制收发单元501基于该车辆识别信息将请求人的授权信息发送至目标授权车辆的T-Box存储。As an example, the consent authorization instruction may include vehicle identification information, an authorization validity period, and an authorization category of the target authorized vehicle. The control unit 502 can control the transceiver unit 501 to transmit the requester's authorization information to the T-Box storage of the target authorized vehicle based on the vehicle identification information.
作为示例,授权信息可包括请求人的用户识别信息,授权类别、授权有效期、以及控车密钥中的一者或多者。在此实例中,授权类别可包括家庭用户和一般用户,当授权类别为家庭用户时,授权有效期可为永久。As an example, the authorization information may include one or more of the requester's user identification information, authorization category, authorization validity period, and car control key. In this example, the authorization category may include a home user and a general user, and when the authorization category is a home user, the authorization validity period may be permanent.
作为示例,T-Box信息可包括目标授权车辆的车辆VIN号、授权有效期、以及控车密钥中的一者或多者。As an example, the T-Box information may include one or more of a vehicle VIN number of the target authorized vehicle, an authorization expiration date, and a car control key.
经授权认证成功的用户具有操作车辆的权限,但是在授权用户启动车辆后,若存在离开车辆或忘记锁车的情况,任何其它人仍可以对启动着的车辆进行操作,这会加重车辆被盗的情况。A user who has been authorized to authenticate successfully has the right to operate the vehicle, but after the authorized user starts the vehicle, if there is a situation of leaving the vehicle or forgetting to lock the car, any other person can still operate the activated vehicle, which will aggravate the stolen vehicle. Case.
根据本发明的一个方面,提供一种安全认证方法,用于确保用户对于车辆的合法使用权。在一实施例中,如图6所示,该安全认证方法包括:According to an aspect of the present invention, a secure authentication method for securing a user's right to use a vehicle is provided. In an embodiment, as shown in FIG. 6, the security authentication method includes:
S610:T-Box单元与所述用户的客户端执行基于蓝牙的认证,认证成功则执行S620,认证失败则执行S630;S610: The T-Box unit performs Bluetooth-based authentication with the client of the user, and if the authentication succeeds, S620 is performed, and if the authentication fails, S630 is performed;
S620:T-Box单元与BCM单元执行基于密钥的认证,认证成功则执行S640,认证失败则执行S630;S620: The T-Box unit and the BCM unit perform key-based authentication, if the authentication succeeds, S640 is performed, and if the authentication fails, S630 is performed;
S630:认证失败,更新鉴权状态为鉴权未通过状态,执行S650;S630: The authentication fails, and the update authentication status is the authentication failure status, and S650 is performed;
S640:认证成功,更新鉴权状态为鉴权通过状态,执行S660;S640: The authentication is successful, and the update authentication state is the authentication pass state, and S660 is executed;
S650:限定操作权限并发送消息至客户端,执行S660;S650: Limit operation authority and send a message to the client, and execute S660;
S660:状态更新后经过一预定时间开启下一鉴权认证,执行S610。S660: After the status update, the next authentication authentication is started after a predetermined time, and S610 is performed.
优选地,该预定时间可设置为10秒。Preferably, the predetermined time can be set to 10 seconds.
上述步骤为一次鉴权过程,该鉴权过程包含了基于蓝牙的认证以及基于密钥的认证,本领域的技术人员可以理解,该鉴权过程可以仅包含基于蓝牙的认证过程或仅包含基于密钥的认证过程,均可以实现安全认证的目的,区别在于包含不同步骤的鉴权过程之间安全性的高低不同。The above steps are an authentication process, which includes Bluetooth-based authentication and key-based authentication. Those skilled in the art can understand that the authentication process may only include a Bluetooth-based authentication process or only a secret-based authentication process. The key authentication process can achieve the purpose of security authentication. The difference is that the security between the authentication processes containing different steps is different.
在一实施例中,该步骤S610即所述T-Box单元与所述用户的客户端执行In an embodiment, the step S610 is performed by the T-Box unit and the client of the user.
基于蓝牙的认证包括:Bluetooth-based authentication includes:
S611:判断所述T-Box单元与客户端之间的蓝牙是否处在连接状态,若处在连接状态则执行S612,若处于断开状态则执行S630;S611: determining whether the Bluetooth between the T-Box unit and the client is in a connected state, if it is in the connected state, executing S612, and if in the disconnected state, executing S630;
S612:所述T-Box单元接收客户端发送的用户身份信息,并将该身份信息与T-Box单元本地存储的授权用户的身份信息进行匹配,若匹配成功则执行S613,若匹配失败则执行S630;S612: The T-Box unit receives the user identity information sent by the client, and matches the identity information with the identity information of the authorized user stored locally by the T-Box unit. If the matching succeeds, executing S613, if the matching fails, executing S630;
S613:测算客户端与车辆之间的间隔距离,若该距离值小于预定距离阈值则步骤S610认证成功,执行S620,若该距离值大于预定距离阈值则认证失败执行S630。S613: Calculate the separation distance between the client and the vehicle. If the distance value is less than the predetermined distance threshold, the step S610 is successful, and S620 is performed. If the distance value is greater than the predetermined distance threshold, the authentication fails to execute S630.
进一步地,该步骤S613中的测力测算方法可以是T-Box单元基于客户端发送的蓝牙信号强弱和/或信号传送时间等指标进行测算。Further, the force measurement method in step S613 may be that the T-Box unit performs measurement based on indicators such as the strength of the Bluetooth signal transmitted by the client and/or the signal transmission time.
优选地,该预定距离阈值可设置为3-5米。Preferably, the predetermined distance threshold can be set to 3-5 meters.
本领域技术人员可以理解,所述T-Box单元与所述用户的客户端执行基于蓝牙的认证步骤可根据需求增加或减少相应的认证步骤。Those skilled in the art can understand that the T-Box unit and the user's client perform a Bluetooth-based authentication step to increase or decrease the corresponding authentication step according to requirements.
在一实施例中,该步骤S620即T-Box单元与BCM单元执行基于密钥的认证步骤包括:In an embodiment, the step S620, that is, the step of performing the key-based authentication by the T-Box unit and the BCM unit, includes:
S624:在蓝牙认证成功后,所述T-Box单元发送鉴权请求信息至BCM单元,BCM单元接收到该鉴权请求信息后生成随机数发送至T-Box单元;S624: After the Bluetooth authentication succeeds, the T-Box unit sends the authentication request information to the BCM unit, and after receiving the authentication request information, the BCM unit generates a random number and sends the data to the T-Box unit.
S625:所述T-Box单元采用工作密钥对接收到的随机数进行加密并发送回BCM单元;S625: The T-Box unit encrypts the received random number by using a working key and sends it back to the BCM unit.
S626:BCM单元采用本地工作密钥对接收到的数据进行解密并将 解密后的随机数与原始发送的随机数进行比对,若两组数据一致则认证成功执行S640,若两组数据不同则认证失败执行S630。S626: The BCM unit decrypts the received data by using a local working key, and compares the decrypted random number with the originally sent random number. If the two sets of data are consistent, the authentication succeeds in executing S640, if the two sets of data are different The authentication fails to execute S630.
进一步地,每一车辆的BCM单元具有独一无二的SN序列号,在鉴权过程开始前,BCM单元向T-Box单元发送密钥请求,该密钥请求包含SN序列号,该T-Box单元响应于该密钥请求,基于接收到的SN序列号生成工作密钥,并将该工作密钥发送给BCM单元以用作BCM单元的本地工作密钥,同时存储该SN序列号。在所述T-Box单元接收到BCM单元发送的随机数后,基于本地存储的SN序列号生成工作密钥,以用于对该随机数进行加密,并将加密后的数据发送给BCM单元以用于密钥验证。Further, the BCM unit of each vehicle has a unique SN sequence number, and before the authentication process starts, the BCM unit sends a key request to the T-Box unit, the key request including the SN sequence number, and the T-Box unit responds Based on the key request, a work key is generated based on the received SN sequence number, and the work key is sent to the BCM unit to be used as a local work key of the BCM unit, and the SN sequence number is stored. After receiving the random number sent by the BCM unit, the T-Box unit generates a work key based on the locally stored SN sequence number for encrypting the random number, and sends the encrypted data to the BCM unit. Used for key verification.
在上述工作密钥的产生过程中,BCM单元根据本地工作密钥对接收到的加密数据进行解密,从而验证了T-Box单元是否是基于BCM单元的SN序列号来产生的工作密钥来进行的加密;同时,T-Box单元基于SN序列号产生的工作密钥亦是对该BCM单元的序列号是否是本地保存的序列号的验证。In the process of generating the work key, the BCM unit decrypts the received encrypted data according to the local working key, thereby verifying whether the T-Box unit is a work key generated based on the SN serial number of the BCM unit. At the same time, the working key generated by the T-Box unit based on the SN serial number is also a verification of whether the serial number of the BCM unit is a locally saved serial number.
进一步地,上述认证过程是BCM单元对T-Box单元进行验证,本领域的技术人员可以理解,若T-Box单元需要对BCM单元进行验证,亦可以采取基于密钥的认证方法。即由T-Box单元产生随机数发送至BCM单元,BCM单元对接收到的随机数基于本地工作密钥进行加密并发送回T-Box单元,所述T-Box单元采用工作密钥对接收到的数据进行解密,并将解密后的随机数与原始发送的随机数进行比对,若一致则认证成功,若不同则认证失败。Further, the above authentication process is that the BCM unit verifies the T-Box unit, and those skilled in the art can understand that if the T-Box unit needs to verify the BCM unit, a key-based authentication method can also be adopted. That is, the random number generated by the T-Box unit is sent to the BCM unit, and the BCM unit encrypts the received random number based on the local working key and sends it back to the T-Box unit, and the T-Box unit receives the received work key pair. The data is decrypted, and the decrypted random number is compared with the originally transmitted random number. If they are consistent, the authentication is successful, and if different, the authentication fails.
该密钥认证方法保证了BCM单元与T-Box单元的匹配,防止了使用科技手段入侵BCM或T-Box单元的盗窃行为。The key authentication method ensures the matching of the BCM unit and the T-Box unit, and prevents the theft of the BCM or T-Box unit by using technology.
进一步地,根据需求可以对鉴权通过状态设置有效期,该有效期应大于步骤S660中的预定时间间隔,处在有效期内的鉴权通过状态是用户对车辆的操作权限的基础。则在通信延迟或通信中断等复杂情况下,造成鉴权过程未完成或新的鉴权状态未及时更新,一方面上一次鉴权状态权限可继续维持一段时间不会给用户造成极大的困扰,另一方面有效期的限制也防止了偷盗者断开了车辆的通信网络而BCM 单元处于鉴权通过状态的情况。Further, an validity period may be set for the authentication pass state according to the requirement, and the validity period should be greater than the predetermined time interval in step S660, and the authentication pass status in the validity period is the basis of the user's operation authority to the vehicle. In the complicated situation such as communication delay or communication interruption, the authentication process is not completed or the new authentication status is not updated in time. On the one hand, the last authentication status permission can be maintained for a period of time without causing great trouble to the user. On the other hand, the limitation of the validity period also prevents the thief from disconnecting the communication network of the vehicle and the BCM unit is in the state of authentication pass.
本领域的技术人员可以理解,所述有效期可以基于CAN通信网络的基本故障恢复时间或信号延迟时间来具体设定。Those skilled in the art will appreciate that the validity period can be specifically set based on the basic failure recovery time or signal delay time of the CAN communication network.
进一步地,该鉴权过程在T-Box单元的CAN通信网络被唤醒时即开始执行,在CAN通信网络休眠后结束。Further, the authentication process is started when the CAN communication network of the T-Box unit is woken up, and ends after the CAN communication network is dormant.
优选地,在BCM单元检测到车门开启、刹车踏板踩下、或启动停止按钮按下等操作而未检测到钥匙插入则直接接触发下一次的鉴权过程。Preferably, when the BCM unit detects an operation such as a door opening, a brake pedal depression, or a start stop button pressing without detecting a key insertion, it directly contacts the next authentication process.
尽管为使解释简单化将上述方法图示并描述为一系列动作,但是应理解并领会,这些方法不受动作的次序所限,因为根据一个或多个实施例,一些动作可按不同次序发生和/或与来自本文中图示和描述或本文中未图示和描述但本领域技术人员可以理解的其他动作并发地发生。Although the above method is illustrated and described as a series of acts for simplicity of the explanation, it should be understood and appreciated that these methods are not limited by the order of the acts, as some acts may occur in different orders in accordance with one or more embodiments. And/or concurrently with other acts from what is illustrated and described herein or that are not illustrated and described herein, but are understood by those skilled in the art.
根据本发明的一个方面,提供一种安全认证装置,用于确保用户对于车辆的合法使用权。According to an aspect of the present invention, a security authentication apparatus for securing a user's right to use a vehicle is provided.
在一实施例中,该安全认证装置包括:T-Box单元710、BCM单元720、客户端730。该客户端730用于下载车辆控制的APP并登录用户身份信息,并与车载T-Box单元710进行蓝牙通信,从而对车辆进行控制。该T-Box单元710用于每间隔一预定时间间隔则开始执行鉴权过程,该鉴权过程包含与客户端730之间执行基于蓝牙的认证。所述BCM单元720用于控制车辆并在鉴权过程结束后,基于该鉴权结果更新鉴权状态,并将该鉴权状态作为用户对车辆合法使用的基础。In an embodiment, the secure authentication device includes a T-Box unit 710, a BCM unit 720, and a client 730. The client 730 is configured to download the vehicle controlled APP and log in the user identity information, and perform Bluetooth communication with the in-vehicle T-Box unit 710 to control the vehicle. The T-Box unit 710 is configured to begin performing an authentication process every predetermined time interval, the authentication process including performing Bluetooth-based authentication with the client 730. The BCM unit 720 is configured to control the vehicle and, after the authentication process ends, update the authentication status based on the authentication result, and use the authentication status as a basis for the user to legally use the vehicle.
优选地,该预定时间间隔可设置为10秒。Preferably, the predetermined time interval can be set to 10 seconds.
在一实施例中,该T-Box单元包含:蓝牙模块711、判断模块712、距离计算模块713、加密模块714。在基于蓝牙的认证开始时,所述蓝牙模块711检测与客户端730之间是否处于蓝牙连接状态,若不处于连接状态则认证失败,若处于连接状态则发送信息至判断模块712触发判断模块712开始执行身份信息判断;所述判断模块712接收客户端730发送的用户身份信息并将该用户身份信息与本地用户身 份信息进行匹配,若所述客户端的用户身份信息不是本地用户身份信息则认证失败,若所述客户端的用户身份信息为本地用户身份信息,则发送信息至距离计算模块713触发距离计算;所述距离计算模块713用于测算与客户端730之间的间隔距离,若间隔距离超出预设距离阈值则认证失败,若间隔距离小于预设距离阈值则基于蓝牙的认证过程成功,发送鉴权结果信息至BCM单元720。任一环节认证失败则发送认证失败结果至BCM单元720。BCM单元720根据接收到的认证成功或认证失败的结果更新鉴权状态。In an embodiment, the T-Box unit includes: a Bluetooth module 711, a determination module 712, a distance calculation module 713, and an encryption module 714. When the Bluetooth-based authentication starts, the Bluetooth module 711 detects whether it is in a Bluetooth connection state with the client 730. If it is not in the connection state, the authentication fails. If it is in the connected state, the information is sent to the determination module 712 to trigger the determination module 712. Starting to perform identity information determination; the determining module 712 receives the user identity information sent by the client 730 and matches the user identity information with the local user identity information, and the authentication fails if the user identity information of the client is not the local user identity information. If the user identity information of the client is the local user identity information, the information is sent to the distance calculation module 713 to trigger the distance calculation; the distance calculation module 713 is configured to calculate the separation distance from the client 730, if the interval distance exceeds If the preset distance threshold is used, the authentication fails. If the interval is less than the preset distance threshold, the Bluetooth-based authentication process succeeds, and the authentication result information is sent to the BCM unit 720. If the authentication fails in any link, the authentication failure result is sent to the BCM unit 720. The BCM unit 720 updates the authentication status based on the received authentication success or the result of the authentication failure.
在另一实施例中,该T-Box单元包含:蓝牙模块711、判断模块712、距离计算模块713、加密模块714、控制中心715。In another embodiment, the T-Box unit includes: a Bluetooth module 711, a determination module 712, a distance calculation module 713, an encryption module 714, and a control center 715.
在基于蓝牙的认证开始时,所述控制中心715触发蓝牙模块711执行蓝牙连接判断,所述蓝牙模块711检测与客户端730之间是否处于蓝牙连接状态,并将判断结果发送至控制中心715;When the Bluetooth-based authentication is started, the control center 715 triggers the Bluetooth module 711 to perform a Bluetooth connection determination, the Bluetooth module 711 detects whether it is in a Bluetooth connection state with the client 730, and sends the determination result to the control center 715;
控制中心715基于接收到的蓝牙连接结果发送验证失败结果至BCM单元720或发送信息至判断模块712触发用户身份信息验证;The control center 715 sends a verification failure result to the BCM unit 720 or sends a message to the determination module 712 to trigger the user identity information verification based on the received Bluetooth connection result;
所述判断模块712基于接收到的用户身份信息和本地用户身份信息判断该客户端730的用户是否为授权用户,并将判断结果发送至控制中心715;The determining module 712 determines whether the user of the client 730 is an authorized user based on the received user identity information and the local user identity information, and sends the determination result to the control center 715;
控制中心715基于接收到的用户身份信息验证将结果发送验证失败结果至BCM单元720或发送信息至距离计算模块713触发距离验证;The control center 715 verifies that the result of the verification failure is sent to the BCM unit 720 or sends the information to the distance calculation module 713 based on the received user identity information to trigger the distance verification;
距离计算模块713测算与客户端730之间的间隔距离,并将间隔距离与预设距离阈值比较,并将验证结果发送至控制中心715;The distance calculation module 713 measures the separation distance from the client 730, and compares the separation distance with the preset distance threshold, and sends the verification result to the control center 715;
控制中心715基于距离验证结果发送验证成功或验证成功信息至BCM单元720;The control center 715 sends verification success or verification success information to the BCM unit 720 based on the distance verification result;
BCM单元720基于控制中心715发送的验证成功或验证失败的信息更新鉴权状态。The BCM unit 720 updates the authentication status based on the information of the verification success or the verification failure sent by the control center 715.
优选地,该预定距离阈值可设置为3-5米。Preferably, the predetermined distance threshold can be set to 3-5 meters.
在一实施例中,所述BCM单元720包含:随机数生成模块721、解密模块722、判断模块723。所述T-Box单元710包含加密模块714。 所述距离计算模块713发送验证成功信息至BCM单元720后,随机数生成模块721产生一随机数发送至加密模块714及判断模块723,加密模块714基于工作密钥对接收到的随机数进行加密,并将加密后的数据发送至解密模块722,所述解密模块722基于本地工作密钥对接收到的数据进行解密,并将解密后的数据发送给判断模块723,判断模块723将接收到的两组数据进行比对,若两个数据一致则更改鉴权状态为鉴权通过状态,若两个数据不同则更改鉴权状态为鉴权未通过状态。In an embodiment, the BCM unit 720 includes: a random number generating module 721, a decrypting module 722, and a determining module 723. The T-Box unit 710 includes an encryption module 714. After the distance calculation module 713 sends the verification success information to the BCM unit 720, the random number generation module 721 generates a random number and sends it to the encryption module 714 and the determination module 723. The encryption module 714 encrypts the received random number based on the work key. And transmitting the encrypted data to the decryption module 722, the decryption module 722 decrypts the received data based on the local working key, and sends the decrypted data to the determining module 723, and the determining module 723 will receive the received data. The two sets of data are compared. If the two data are consistent, the authentication state is changed to the authentication pass state. If the two data are different, the authentication state is changed to the authentication fail state.
在另一实施例中,所述BCM单元720包含:随机数生成模块721、解密模块722、判断模块723。所述T-Box单元710包含加密模块714、控制中心715。所述控制中心715发送验证成功信息至BCM单元720后,随机数生成模块721产生一随机数发送至加密模块714及判断模块723,加密模块714基于工作密钥对接收到的随机数进行加密,并将加密后的数据发送至控制中心715,控制中心715将加密后的数据发送至解密模块722,所述解密模块722基于本地工作密钥对接收到的数据进行解密,并将解密后的数据发送给判断模块723,判断模块723将接收到的两组数据进行比对,若两个数据一致则更改鉴权状态为鉴权通过状态,若两个数据不同则更改鉴权状态为鉴权未通过状态。In another embodiment, the BCM unit 720 includes: a random number generating module 721, a decrypting module 722, and a determining module 723. The T-Box unit 710 includes an encryption module 714 and a control center 715. After the control center 715 sends the verification success information to the BCM unit 720, the random number generation module 721 generates a random number and sends it to the encryption module 714 and the determination module 723. The encryption module 714 encrypts the received random number based on the work key. The encrypted data is sent to the control center 715, and the control center 715 sends the encrypted data to the decryption module 722, which decrypts the received data based on the local work key, and decrypts the decrypted data. The method is sent to the judging module 723, and the judging module 723 compares the two sets of data received. If the two data are consistent, the authentication status is changed to the authentication pass status. If the two data are different, the authentication status is changed to the authentication status. Pass the status.
在一实施例中,所述BCM单元720包含:随机数生成模块721、解密模块722、判断模块723。该T-Box单元710包含:蓝牙模块711、判断模块712、距离计算模块713、加密模块714、密钥生成模块716。在鉴权过程开始前,BCM单元向密钥生成模块716发送密钥请求,该密钥请求包含SN序列号,该密钥生成模块716响应于该密钥请求,基于接收到的SN序列号生成工作密钥,并将该工作密钥发送给BCM单元720以用作BCM单元720的本地工作密钥,同时存储该SN序列号。鉴权过程中,其数据流图如图8所示,该随机数生成模块721将生成的随机数发送给判断模块723、加密模块714及密钥生成模块716,所述密钥生成模块716接收到该随机数后,基于本地存储的SN序列号生成工作密钥,并发送给加密模块714,所述加密模 块714基于该工作密钥对随机数进行加密,并发送给解密模块722,解密模块722对接收到的数据进行解密并将解密后的数据发送给判断模块723,该判断模块723比较接收到的两组数据是否一致,并基于该比较结果更新鉴权状态。In an embodiment, the BCM unit 720 includes: a random number generating module 721, a decrypting module 722, and a determining module 723. The T-Box unit 710 includes a Bluetooth module 711, a determination module 712, a distance calculation module 713, an encryption module 714, and a key generation module 716. Before the authentication process begins, the BCM unit sends a key request to the key generation module 716, the key request including the SN sequence number, and the key generation module 716 generates a SN sequence number based on the received SN sequence number in response to the key request. The work key is sent to the BCM unit 720 to be used as the local work key of the BCM unit 720 while the SN sequence number is stored. In the authentication process, the data flow diagram is as shown in FIG. 8. The random number generation module 721 sends the generated random number to the determination module 723, the encryption module 714, and the key generation module 716, and the key generation module 716 receives After the random number, the work key is generated based on the locally stored SN sequence number and sent to the encryption module 714. The encryption module 714 encrypts the random number based on the work key and sends it to the decryption module 722, and the decryption module 722 decrypts the received data and sends the decrypted data to the determining module 723. The determining module 723 compares whether the received two sets of data are consistent, and updates the authentication status based on the comparison result.
在另一实施例中,所述BCM单元720包含:随机数生成模块721、解密模块722、判断模块723。所述T-Box单元710包含加密模块714、控制中心715、密钥生成模块716。在鉴权过程开始前,BCM单元720向控制中心715发送密钥请求,该密钥请求包含SN序列号,控制中心715存储该SN序列号并发送生成密钥命令至该密钥生成模块716,密钥生成模块716响应于该密钥请求,基于接收到的SN序列号生成工作密钥,并将该工作密钥发送给控制中心715,控制中心715将该工作密钥发送给BCM单元720以用作BCM单元720的本地工作密钥。在鉴权过程中,所述控制中心715在接收到随机数生成模块721生成的随机数后将其发送至加密模块714并将SN序列号发送至密钥生成模块716,密钥生成模块716生成工作密钥并发送至加密模块714,加密模块714基于接收到的工作密钥对该随机数进行加密,从而进行后续鉴权过程。In another embodiment, the BCM unit 720 includes: a random number generating module 721, a decrypting module 722, and a determining module 723. The T-Box unit 710 includes an encryption module 714, a control center 715, and a key generation module 716. Before the authentication process begins, the BCM unit 720 sends a key request to the control center 715, the key request includes the SN sequence number, and the control center 715 stores the SN sequence number and sends a generate key command to the key generation module 716. The key generation module 716 generates a work key based on the received SN sequence number in response to the key request, and sends the work key to the control center 715, and the control center 715 sends the work key to the BCM unit 720. Used as a local work key for the BCM unit 720. In the authentication process, after receiving the random number generated by the random number generating module 721, the control center 715 sends it to the encryption module 714 and sends the SN sequence number to the key generation module 716, and the key generation module 716 generates The work key is sent to the encryption module 714, and the encryption module 714 encrypts the random number based on the received work key, thereby performing a subsequent authentication process.
进一步地,若鉴权状态为未通过状态,则限制该用户的车辆操作权限,如禁止再次启动、禁止加速等,并发送信息至该用户客户端730提醒用户:身份验证失败,操作权限受限和/或将在一定时间后停车等。Further, if the authentication status is a failing state, the user's vehicle operation authority is restricted, such as prohibiting restarting, prohibiting acceleration, etc., and sending information to the user client 730 to remind the user that the authentication fails and the operation authority is limited. And / or will stop after a certain time.
进一步地,T-Box单元710基于CAN通信网络的状态循环执行鉴权过程或终止鉴权过程。Further, the T-Box unit 710 cyclically performs an authentication process or terminates the authentication process based on the state of the CAN communication network.
进一步地,BCM单元720响应于检测到车门开启、刹车板踩下、或启动停止按钮按下等情况后未检测到钥匙插入而直接触发下一次循环的鉴权过程。Further, the BCM unit 720 directly triggers the authentication process of the next cycle in response to detecting that the door is opened, the brake pedal is depressed, or the stop button is pressed, and the key insertion is not detected.
根据本发明的一个方面,提供一种安全认证电子设备,用于确保用户对于车辆的合法使用权。According to one aspect of the invention, a secure authentication electronic device is provided for securing a user's legal right to use the vehicle.
如图9所示,在一实施例中,该安全认证电子设备包括:As shown in FIG. 9, in an embodiment, the secure authentication electronic device includes:
至少一个处理器901;以及,At least one processor 901; and,
与所述至少一个处理器901通信连接的存储器902;其中,a memory 902 communicatively coupled to the at least one processor 901; wherein
所述存储器902存储有可被所述一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器能够执行如前所述的安全认证方法的所有步骤。The memory 902 stores instructions executable by the one processor, the instructions being executed by the at least one processor to enable the at least one processor to perform all steps of the secure authentication method as described above .
图9中以一个处理器902为例。One processor 902 is taken as an example in FIG.
电子设备还可以包括:输入装置903和输出装置904。The electronic device may further include an input device 903 and an output device 904.
处理器901、存储器902、输入装置903及显示装置904可以通过总线或者其他方式连接,图中以通过总线连接为例。The processor 901, the memory 902, the input device 903, and the display device 904 may be connected by a bus or other means, and the bus connection is taken as an example.
存储器902作为一种非易失性计算机可读存储介质,可用于存储非易失性软件程序、非易失性计算机可执行程序以及模块,如本申请实施例中的安全认证方法对应的程序指令/模块,例如,图6所示的方法流程。处理器901通过运行存储在存储器902中的非易失性软件程序、指令以及模块,从而执行各种功能应用以及数据处理,即实现上述实施例中的安全认证方法。The memory 902 is a non-volatile computer readable storage medium, and can be used for storing non-volatile software programs, non-volatile computer-executable programs, and modules, such as program instructions corresponding to the security authentication method in the embodiment of the present application. / Module, for example, the method flow shown in Figure 6. The processor 901 executes various functional applications and data processing by executing non-volatile software programs, instructions, and modules stored in the memory 902, that is, implementing the secure authentication method in the above embodiments.
存储器902可以包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需要的应用程序;存储数据区可存储根据安全认证方法的使用所创建的数据等。此外,存储器902可以包括高速随机存取存储器,还可以包括非易失性存储器,例如至少一个磁盘存储器件、闪存器件、或其他非易失性固态存储器件。在一些实施例中,存储器902可选包括相对于处理器901远程设置的存储器,这些远程存储器可以通过网络连接至执行安全认证方法的装置。上述网络的实例包括但不限于互联网、企业内部网、局域网、移动通信网及其组合。The memory 902 may include a storage program area and an storage data area, wherein the storage program area may store an operating system, an application required for at least one function; the storage data area may store data created according to use of the secure authentication method, and the like. Moreover, memory 902 can include high speed random access memory, and can also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some embodiments, memory 902 can optionally include memory remotely located relative to processor 901 that can be connected over a network to a device that performs a secure authentication method. Examples of such networks include, but are not limited to, the Internet, intranets, local area networks, mobile communication networks, and combinations thereof.
输入装置903可接收输入的用户点击,以及产生与安全认证方法的用户设置以及功能控制有关的信号输入。显示装置904可包括显示屏等显示设备。The input device 903 can receive input user clicks and generate signal inputs related to user settings and function control of the secure authentication method. Display device 904 can include a display device such as a display screen.
在所述一个或者多个模块存储在所述存储器902中,当被所述一个或者多个处理器901运行时,执行上述任意方法实施例中的安全认证方法。The one or more modules are stored in the memory 902, and when executed by the one or more processors 901, the secure authentication method in any of the above method embodiments is performed.
根据本发明的一个方面,提供一种存储介质,所述存储介质存储 计算机指令,当计算机执行所述计算机指令时,用于执行如前所述的安全认证方法的所有步骤。According to an aspect of the invention, there is provided a storage medium storing computer instructions for performing all the steps of the secure authentication method as described above when the computer executes the computer instructions.
本领域技术人员将可理解,信息、信号和数据可使用各种不同技术和技艺中的任何技术和技艺来表示。例如,以上描述通篇引述的数据、指令、命令、信息、信号、位(比特)、码元、和码片可由电压、电流、电磁波、磁场或磁粒子、光场或光学粒子、或其任何组合来表示。Those skilled in the art will appreciate that information, signals, and data may be represented using any of a variety of different technologies and techniques. For example, the data, instructions, commands, information, signals, bits (bits), symbols, and chips referenced throughout the above description may be by voltage, current, electromagnetic waves, magnetic fields or magnetic particles, light fields or optical particles, or any thereof. Combined to represent.
本领域技术人员将进一步领会,结合本文中所公开的实施例来描述的各种解说性逻辑板块、模块、电路、和算法步骤可实现为电子硬件、计算机软件、或这两者的组合。为清楚地解说硬件与软件的这一可互换性,各种解说性组件、框、模块、电路、和步骤在上面是以其功能性的形式作一般化描述的。此类功能性是被实现为硬件还是软件取决于具体应用和施加于整体系统的设计约束。技术人员对于每种特定应用可用不同的方式来实现所描述的功能性,但这样的实现决策不应被解读成导致脱离了本发明的范围。Those skilled in the art will further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps are described above generally in the form of their functionality. Whether such functionality is implemented as hardware or software depends on the particular application and design constraints imposed on the overall system. The skilled person will be able to implement the described functionality in a different manner for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the invention.
结合本文所公开的实施例描述的各种解说性逻辑模块、和电路可用通用处理器、数字信号处理器(DSP)、专用集成电路(ASIC)、现场可编程门阵列(FPGA)或其它可编程逻辑器件、分立的门或晶体管逻辑、分立的硬件组件、或其设计成执行本文所描述功能的任何组合来实现或执行。通用处理器可以是微处理器,但在替换方案中,该处理器可以是任何常规的处理器、控制器、微控制器、或状态机。处理器还可以被实现为计算设备的组合,例如DSP与微处理器的组合、多个微处理器、与DSP核心协作的一个或多个微处理器、或任何其他此类配置。The various illustrative logic modules, and circuits described in connection with the embodiments disclosed herein may be general purpose processors, digital signal processors (DSPs), application specific integrated circuits (ASICs), field programmable gate arrays (FPGAs), or other programmable Logic devices, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein are implemented or executed. A general purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. The processor may also be implemented as a combination of computing devices, such as a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration.
结合本文中公开的实施例描述的方法或算法的步骤可直接在硬件中、在由处理器执行的软件模块中、或在这两者的组合中体现。软件模块可驻留在RAM存储器、闪存、ROM存储器、EPROM存储器、EEPROM存储器、寄存器、硬盘、可移动盘、CD-ROM、或本领域中所知的任何其他形式的存储介质中。示例性存储介质耦合到处理器以使得该处理器能从/向该存储介质读取和写入信息。在替换方案中,存储介质可 以被整合到处理器。处理器和存储介质可驻留在ASIC中。ASIC可驻留在用户终端中。在替换方案中,处理器和存储介质可作为分立组件驻留在用户终端中。The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. An exemplary storage medium is coupled to the processor to enable the processor to read and write information to/from the storage medium. In the alternative, the storage medium can be integrated into the processor. The processor and the storage medium can reside in an ASIC. The ASIC can reside in the user terminal. In the alternative, the processor and the storage medium may reside as a discrete component in the user terminal.
在一个或多个示例性实施例中,所描述的功能可在硬件、软件、固件或其任何组合中实现。如果在软件中实现为计算机程序产品,则各功能可以作为一条或更多条指令或代码存储在计算机可读介质上或藉其进行传送。计算机可读介质包括计算机存储介质和通信介质两者,其包括促成计算机程序从一地向另一地转移的任何介质。存储介质可以是能被计算机访问的任何可用介质。作为示例而非限定,这样的计算机可读介质可包括RAM、ROM、EEPROM、CD-ROM或其它光盘存储、磁盘存储或其它磁存储设备、或能被用来携带或存储指令或数据结构形式的合意程序代码且能被计算机访问的任何其它介质。任何连接也被正当地称为计算机可读介质。例如,如果软件是使用同轴电缆、光纤电缆、双绞线、数字订户线(DSL)、或诸如红外、无线电、以及微波之类的无线技术从web网站、服务器、或其它远程源传送而来,则该同轴电缆、光纤电缆、双绞线、DSL、或诸如红外、无线电、以及微波之类的无线技术就被包括在介质的定义之中。如本文中所使用的盘(disk)和碟(disc)包括压缩碟(CD)、激光碟、光碟、数字多用碟(DVD)、软盘和蓝光碟,其中盘(disk)往往以磁的方式再现数据,而碟(disc)用激光以光学方式再现数据。上述的组合也应被包括在计算机可读介质的范围内。In one or more exemplary embodiments, the functions described may be implemented in hardware, software, firmware, or any combination thereof. If implemented as a computer program product in software, the functions may be stored on or transmitted as one or more instructions or code on a computer readable medium. Computer readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. A storage medium may be any available media that can be accessed by a computer. By way of example and not limitation, such computer readable media may comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, disk storage or other magnetic storage device, or can be used to carry or store instructions or data structures. Any other medium that is desirable for program code and that can be accessed by a computer. Any connection is also properly referred to as a computer readable medium. For example, if the software is transmitted from a web site, server, or other remote source using coaxial cable, fiber optic cable, twisted pair, digital subscriber line (DSL), or wireless technologies such as infrared, radio, and microwave. The coaxial cable, fiber optic cable, twisted pair cable, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of the medium. Disks and discs as used herein include compact discs (CDs), laser discs, optical discs, digital versatile discs (DVDs), floppy discs, and Blu-ray discs, in which disks are often reproduced magnetically. Data, and discs optically reproduce data with a laser. Combinations of the above should also be included within the scope of computer readable media.
提供对本公开的先前描述是为使得本领域任何技术人员皆能够制作或使用本公开。对本公开的各种修改对本领域技术人员来说都将是显而易见的,且本文中所定义的普适原理可被应用到其他变体而不会脱离本公开的精神或范围。由此,本公开并非旨在被限定于本文中所描述的示例和设计,而是应被授予与本文中所公开的原理和新颖性特征相一致的最广范围。The previous description of the disclosure is provided to enable any person skilled in the art to make or use the disclosure. Various modifications to the present disclosure will be obvious to those skilled in the art, and the general principles defined herein may be applied to other variations without departing from the spirit or scope of the disclosure. The present disclosure is not intended to be limited to the examples and designs described herein, but rather the broadest scope of the principles and novel features disclosed herein.
以上所述实施例仅表达了本发明的几种实施方式,其描述较为具体和详细,但并不能因此而理解为对本发明专利范围的限制。应当指出的是,对于本领域的普通技术人员来说,在不脱离本发明构思的前 提下,还可以做出若干变形和改进,这些都属于本发明的保护范围。因此,本发明专利的保护范围应以所附权利要求为准。The above-mentioned embodiments are merely illustrative of several embodiments of the present invention, and the description thereof is more specific and detailed, but is not to be construed as limiting the scope of the invention. It should be noted that a number of variations and modifications may be made by those skilled in the art without departing from the spirit and scope of the invention. Therefore, the scope of the invention should be determined by the appended claims.

Claims (27)

  1. 一种安全认证方法,用于确保用户对于车辆的合法使用权,其特征在于,所述安全认证方法包括:A security authentication method for ensuring a legitimate use right of a user for a vehicle, characterized in that the security authentication method comprises:
    循环地执行鉴权过程,所述鉴权过程包括关于所述用户的客户端执行基于蓝牙的认证;以及Performing an authentication process cyclically, the authentication process including performing Bluetooth-based authentication with respect to a client of the user;
    每次执行鉴权过程后,基于鉴权结果更新鉴权状态并在预定时间间隔后执行下一个循环的鉴权过程,所述鉴权状态包括鉴权通过状态或鉴权未通过状态,其中所述鉴权通过状态被用作所述用户对所述车辆的合法使用的基础。After each execution of the authentication process, the authentication state is updated based on the authentication result and the authentication process of the next cycle is performed after the predetermined time interval, where the authentication state includes an authentication pass state or an authentication fail state, where The authentication pass status is used as the basis for the legitimate use of the vehicle by the user.
  2. 如权利要求1所述的安全认证方法,其特征在于,所述执行基于蓝牙的认证包括:The secure authentication method according to claim 1, wherein said performing Bluetooth-based authentication comprises:
    检测与所述客户端之间的蓝牙是否连接;Detecting whether Bluetooth connection with the client is connected;
    若未连接,认证失败;以及If not connected, the authentication fails;
    若保持连接,则接收来自所述客户端的用户身份信息并基于存储于本地的用户身份信息和接收到的用户身份信息判断所述客户端的用户是否为认证用户,若两者不一致,则认证失败。If the connection is maintained, the user identity information from the client is received, and based on the user identity information stored in the locality and the received user identity information, whether the user of the client is an authenticated user is determined. If the two are inconsistent, the authentication fails.
  3. 如权利要求2所述的安全认证方法,其特征在于,所述执行基于蓝牙的认证进一步包括:The secure authentication method according to claim 2, wherein said performing Bluetooth-based authentication further comprises:
    若存储于本地的用户身份信息和接收到的用户身份信息一致,则进一步基于所述客户端的蓝牙信号强度确定所述客户端与所述车辆的距离;If the local user identity information is consistent with the received user identity information, determining a distance between the client and the vehicle based on the Bluetooth signal strength of the client;
    若所述距离大于预定距离阈值,则认证失败。If the distance is greater than the predetermined distance threshold, the authentication fails.
  4. 如权利要求3所述的安全认证方法,其特征在于,所述预定距离阈值为3-5米。The security authentication method according to claim 3, wherein said predetermined distance threshold is 3-5 meters.
  5. 如权利要求1所述的安全认证方法,其特征在于,所述基于鉴权结果更新鉴权状态包括:The security authentication method according to claim 1, wherein the updating the authentication status based on the authentication result comprises:
    若所述基于蓝牙的认证失败,则将所述鉴权状态置为鉴权未通过 状态。If the Bluetooth-based authentication fails, the authentication status is set to an authentication fail status.
  6. 如权利要求1所述的安全认证方法,其特征在于,所述鉴权过程还包括:The security authentication method according to claim 1, wherein the authentication process further comprises:
    在所述基于蓝牙的认证成功后,执行基于密钥的认证。After the Bluetooth-based authentication is successful, key-based authentication is performed.
  7. 如权利要求6所述的安全认证方法,其特征在于,所述基于鉴权结果更新鉴权状态包括:The security authentication method according to claim 6, wherein the updating the authentication status based on the authentication result comprises:
    若所述基于密钥的认证成功,则将所述鉴权状态置为鉴权通过状态。If the key-based authentication is successful, the authentication state is set to an authentication pass state.
  8. 如权利要求7所述的安全认证方法,其特征在于,所述基于鉴权结果更新鉴权状态还包括:The security authentication method according to claim 7, wherein the updating the authentication status based on the authentication result further comprises:
    为所述鉴权通过状态设置有效期,所述有效期的长度大于所述预定时间间隔,其中处于有效期内的所述鉴权通过状态被用于用户对所述车辆的合法使用的基础。An expiration date is set for the authentication pass state, the length of the validity period being greater than the predetermined time interval, wherein the authentication pass status within the validity period is used for the basis of the user's legitimate use of the vehicle.
  9. 如权利要求6所述的安全认证方法,其特征在于,所述基于密钥的认证包括:The secure authentication method according to claim 6, wherein the key-based authentication comprises:
    由车身控制模块单元生成随机数并传送给车辆控制及通信模块单元;Generating a random number by the body control module unit and transmitting it to the vehicle control and communication module unit;
    由所述车辆控制及通信模块单元采用工作密钥对接收到的随机数加密,并将加密后的随机数传给所述车身控制模块单元;And receiving, by the vehicle control and communication module unit, the received random number by using a work key, and transmitting the encrypted random number to the vehicle body control module unit;
    由所述车身控制模块单元采用本地工作密钥对接收到的经加密的随机数进行解密;以及Decrypting the received encrypted random number by the body control module unit using a local working key;
    比对解密得到的随机数与原始传送给所述车辆控制及通信模块单元的随机数,若两者一致则所述基于密钥的认证成功,否则失败。The random number obtained by the decryption is compared with the random number originally transmitted to the vehicle control and communication module unit. If the two are identical, the key-based authentication is successful, otherwise it fails.
  10. 如权利要求9所述的安全认证方法,其特征在于,还包括:The security authentication method according to claim 9, further comprising:
    由所述车身控制模块单元向所述车辆控制及通信模块单元发送密钥请求,所述密钥请求包含所述车身控制模块单元的序列号;以及Transmitting, by the body control module unit, a key request to the vehicle control and communication module unit, the key request including a serial number of the body control module unit;
    由所述车辆控制及通信模块单元响应于所述密钥请求,基于所述车身控制模块单元的序列号生成所述工作密钥,并将生成的工作密钥 发送给所述车身控制模块单元以用作所述车身控制模块单元的本地工作密钥,The work key is generated by the vehicle control and communication module unit in response to the key request based on the serial number of the vehicle body control module unit, and the generated work key is transmitted to the vehicle body control module unit Used as a local work key for the body control module unit,
    其中在所述基于密钥的认证过程中,响应于收到所述随机数,重新基于所述车身控制模块单元的序列号生成所述工作密钥以用于所述随机数的加密。In the key-based authentication process, in response to receiving the random number, the work key is generated based on the serial number of the body control module unit for encryption of the random number.
  11. 如权利要求1所述的安全认证方法,其特征在于,所述循环地执行鉴权过程响应于车辆控制及通信模块单元的控制器局域网络被唤醒而开始,以及响应于车辆控制及通信模块的控制器局域网络休眠而终止。The secure authentication method of claim 1 wherein said cyclically performing an authentication process begins in response to wake-up of a controller area network of a vehicle control and communication module unit, and responsive to a vehicle control and communication module The controller area network sleeps and terminates.
  12. 如权利要求1所述的安全认证方法,其特征在于,在每两次循环之间,响应于检测到车门开启、刹车板踩下、或启动停止按钮按下操作后未检测到钥匙插入而直接触发下一次循环的鉴权过程。The safety authentication method according to claim 1, wherein between two cycles, in response to detecting that the door is opened, the brake plate is depressed, or the stop button is pressed, the key insertion is not detected. Trigger the authentication process for the next cycle.
  13. 一种安全认证装置,用于确保用户对于车辆的合法使用权,其特征在于,所述安全认证装置包括:A safety authentication device for ensuring a legitimate use right of a user for a vehicle, characterized in that the safety certification device comprises:
    车辆控制及通信模块单元,所述车辆控制及通信模块单元循环地执行鉴权过程,所述鉴权过程包括所述车辆控制及通信模块单元关于所述用户的客户端执行基于蓝牙的认证;以及a vehicle control and communication module unit, the vehicle control and communication module unit cyclically performing an authentication process, the authentication process including the vehicle control and communication module unit performing Bluetooth-based authentication with respect to a client of the user;
    车身控制模块单元,每次执行鉴权过程后,所述车身控制模块单元基于鉴权结果更新鉴权状态,并在预定时间间隔后所述车辆控制及通信模块单元执行下一个循环的鉴权过程,所述鉴权状态包括鉴权通过状态或鉴权未通过状态,其中所述鉴权通过状态被所述车身控制模块单元用作所述用户对所述车辆的合法使用的基础。a vehicle body control module unit, each time the authentication process is performed, the vehicle body control module unit updates an authentication state based on an authentication result, and after a predetermined time interval, the vehicle control and communication module unit performs an authentication process of a next cycle The authentication status includes an authentication pass status or an authentication fail status, wherein the authentication pass status is used by the body control module unit as a basis for the user's legitimate use of the vehicle.
  14. 如权利要求13所述的安全认证装置,其特征在于,所述车辆控制及通信模块单元包括蓝牙模块和判断模块,The security authentication device according to claim 13, wherein said vehicle control and communication module unit comprises a Bluetooth module and a determination module.
    所述蓝牙模块检测车辆控制及通信模块与所述客户端之间的蓝牙是否连接;The Bluetooth module detects whether a Bluetooth connection between the vehicle control and communication module and the client is connected;
    若未连接,认证失败;以及If not connected, the authentication fails;
    若保持连接,则所述蓝牙模块接收来自所述客户端的用户身份信 息,所述判断模块基于存储于本地的用户身份信息和接收到的用户身份信息判断所述客户端的用户是否为认证用户,若两者不一致,则认证失败。If the connection is maintained, the Bluetooth module receives the user identity information from the client, and the determining module determines, according to the user identity information stored locally and the received user identity information, whether the user of the client is an authenticated user, if If the two are inconsistent, the authentication fails.
  15. 如权利要求14所述的安全认证装置,其特征在于,所述车辆控制及通信模块单元还包括距离计算模块,The safety authentication device according to claim 14, wherein said vehicle control and communication module unit further comprises a distance calculation module,
    所述距离计算模块,用于若存储于本地的用户身份信息和接收到的用户身份信息一致,则所述距离计算模块进一步基于所述客户端的蓝牙信号强度确定所述客户端与所述车辆的距离,The distance calculation module is configured to determine, according to the Bluetooth signal strength of the client, the client and the vehicle, if the user identity information stored locally is consistent with the received user identity information distance,
    所述判断模块判断所述距离是否大于预定距离阈值,若是则认证失败。The determining module determines whether the distance is greater than a predetermined distance threshold, and if so, the authentication fails.
  16. 如权利要求15所述的安全认证装置,其特征在于,所述预定距离阈值为3-5米。The security authentication device of claim 15 wherein said predetermined distance threshold is 3-5 meters.
  17. 如权利要求13所述的安全认证装置,其特征在于,若所述基于蓝牙的认证失败,则所述车身控制模块单元将所述鉴权状态置为鉴权未通过状态。The security authentication device according to claim 13, wherein if the Bluetooth-based authentication fails, the body control module unit sets the authentication state to an authentication failure state.
  18. 如权利要求13所述的安全认证装置,其特征在于,所述鉴权过程还包括:The security authentication device according to claim 13, wherein the authentication process further comprises:
    在所述基于蓝牙的认证成功后,所述车辆控制及通信模块单元与所述车身控制模块单元执行基于密钥的认证。After the Bluetooth-based authentication is successful, the vehicle control and communication module unit and the vehicle body control module unit perform key-based authentication.
  19. 如权利要求18所述的安全认证装置,其特征在于,若所述基于密钥的认证成功,则所述车身控制模块单元将所述鉴权状态置为鉴权通过状态。The security authentication device according to claim 18, wherein said body control module unit sets said authentication state to an authentication pass state if said key-based authentication is successful.
  20. 如权利要求19所述的安全认证装置,其特征在于,若所述基于密钥的认证成功,所述车身控制模块单元进一步为所述鉴权通过状态设置有效期,所述有效期的长度大于所述预定时间间隔,其中处于有效期内的所述鉴权通过状态被用于用户对所述车辆的合法使用的基础。The security authentication apparatus according to claim 19, wherein, if said key-based authentication is successful, said body control module unit further sets an expiration date for said authentication pass state, said validity period being longer than said A predetermined time interval in which the authentication pass status during the validity period is used for the basis of the user's legitimate use of the vehicle.
  21. 如权利要求18所述的安全认证装置,其特征在于,所述车身 控制模块单元包括随机数生成模块、解密模块和判断模块,所述车辆控制及通信模块单元包括加密模块,A safety authentication device according to claim 18, wherein said vehicle body control module unit comprises a random number generation module, a decryption module and a determination module, and said vehicle control and communication module unit comprises an encryption module.
    其中在所述基于密钥的认证中,所述随机数生成模块生成随机数并传送给所述车辆控制及通信模块单元,所述车辆控制及通信模块单元的所述加密模块采用工作密钥对接收到的随机数加密,并将加密后的随机数传给所述车身控制模块单元,所述车身控制模块单元的解密模块采用本地工作密钥对接收到的经加密的随机数进行解密,所述比较模块比对解密得到的随机数与原始传送给所述车辆控制及通信模块单元的随机数,若两者一致则所述基于密钥的认证成功,否则失败。In the key-based authentication, the random number generating module generates a random number and transmits it to the vehicle control and communication module unit, and the encryption module of the vehicle control and communication module unit uses a work key pair. Receiving the random number encryption, and transmitting the encrypted random number to the body control module unit, the decryption module of the body control module unit decrypting the received encrypted random number by using a local working key, The comparison module compares the random number obtained by the decryption with the random number originally transmitted to the vehicle control and communication module unit, and if the two match, the key-based authentication succeeds, otherwise it fails.
  22. 如权利要求21所述的安全认证装置,其特征在于,所述车辆控制及通信模块单元还包括密钥生成模块,The security authentication device according to claim 21, wherein said vehicle control and communication module unit further comprises a key generation module,
    所述车身控制模块单元向所述车辆控制及通信模块单元发送密钥请求,所述密钥请求包含所述车身控制模块单元的序列号,所述密钥生成模块响应于所述密钥请求,基于所述车身控制模块单元的序列号生成所述工作密钥,并将生成的工作密钥发送给所述车身控制模块单元保存以用于所述车身控制模块单元的本地工作密钥,The body control module unit transmits a key request to the vehicle control and communication module unit, the key request including a serial number of the body control module unit, and the key generation module is responsive to the key request, Generating the work key based on a serial number of the body control module unit, and transmitting the generated work key to a local work key saved by the body control module unit for the body control module unit,
    其中在所述基于密钥的认证过程中,所述密钥生成模块响应于收到所述随机数,重新基于所述车身控制模块单元的序列号生成所述工作密钥以用于所述随机数的加密。In the key-based authentication process, the key generation module generates the work key for the randomization based on the serial number of the body control module unit in response to receiving the random number. The encryption of the number.
  23. 如权利要求13所述的安全认证装置,其特征在于,所述循环地执行鉴权过程响应于车辆控制及通信模块单元的控制器局域网络被唤醒而开始,以及响应于车辆控制及通信模块的控制器局域网络休眠而终止。The secure authentication device of claim 13 wherein said cyclically performing an authentication process begins in response to wake-up of a controller local area network of a vehicle control and communication module unit, and responsive to a vehicle control and communication module The controller area network sleeps and terminates.
  24. 如权利要求13所述的安全认证装置,其特征在于,在每两次循环之间,响应于检测到车门开启、刹车板踩下、或启动停止按钮按下操作后未检测到钥匙插入而直接触发下一次循环的鉴权过程。The safety authentication device according to claim 13, wherein between every two cycles, in response to detecting that the door is opened, the brake plate is depressed, or the stop button is pressed, the key insertion is not detected. Trigger the authentication process for the next cycle.
  25. 一种安全认证电子设备,其特征在于,包括:A security authentication electronic device, comprising:
    至少一个处理器;以及,At least one processor; and,
    与所述至少一个处理器通信连接的存储器;其中,a memory communicatively coupled to the at least one processor; wherein
    所述存储器存储有可被所述一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器能够执行如权利要求1至12任一项所述的安全认证方法的所有步骤。The memory stores instructions executable by the one processor, the instructions being executed by the at least one processor to enable the at least one processor to perform the method of any one of claims 1 to 12 All steps of the secure authentication method.
  26. 一种计算机程序,其特征在于,包括在计算机上运行时,适合执行如权利要求1至12任一项所述的安全认证方法的所有步骤的计算机代码。A computer program comprising computer code adapted to perform all the steps of the secure authentication method of any one of claims 1 to 12 when run on a computer.
  27. 根据权利要求26所述的计算机程序,其特征在于,所述计算机程序收录在计算机可读媒介上。The computer program of claim 26 wherein said computer program is embodied on a computer readable medium.
PCT/CN2018/108336 2017-12-29 2018-09-28 Safety authentication apparatus and method for vehicle anti-theft, device and computer program WO2019128354A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201711471603.XA CN108235291A (en) 2017-12-29 2017-12-29 A kind of safety certification device and method for vehicle anti-theft
CN201711471603.X 2017-12-29

Publications (1)

Publication Number Publication Date
WO2019128354A1 true WO2019128354A1 (en) 2019-07-04

Family

ID=62646856

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/108336 WO2019128354A1 (en) 2017-12-29 2018-09-28 Safety authentication apparatus and method for vehicle anti-theft, device and computer program

Country Status (2)

Country Link
CN (1) CN108235291A (en)
WO (1) WO2019128354A1 (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111148075A (en) * 2019-12-30 2020-05-12 上海博泰悦臻网络技术服务有限公司 Bluetooth key configuration method and system for configuring Bluetooth key
CN111200807A (en) * 2019-12-30 2020-05-26 上海博泰悦臻网络技术服务有限公司 Bluetooth-based information interaction method and device
CN111361524A (en) * 2020-03-31 2020-07-03 上海云木科技有限公司 Vehicle safety control system and method
CN111787514A (en) * 2020-06-28 2020-10-16 海尔优家智能科技(北京)有限公司 Method and device for acquiring equipment control data, storage medium and electronic device
CN112606795A (en) * 2020-12-28 2021-04-06 中国第一汽车股份有限公司 Vehicle transmission system anti-theft control method, device, equipment and storage medium
CN114360107A (en) * 2021-12-24 2022-04-15 惠州市德赛西威智能交通技术研究院有限公司 Intelligent vehicle key method and system for multiple users and multiple vehicles
CN115102726A (en) * 2022-06-07 2022-09-23 东风柳州汽车有限公司 Double-authentication matching method, device, system and equipment for remote control key
CN115603982A (en) * 2022-09-30 2023-01-13 重庆长安汽车股份有限公司(Cn) Vehicle-mounted terminal security authentication method and device, electronic equipment and storage medium
CN116866088A (en) * 2023-09-05 2023-10-10 中汽智联技术有限公司 Internet of vehicles external equipment authentication method, equipment and storage medium

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108235291A (en) * 2017-12-29 2018-06-29 威马智慧出行科技(上海)有限公司 A kind of safety certification device and method for vehicle anti-theft
CN110662196B (en) * 2018-06-29 2024-02-27 博泰车联网科技(上海)股份有限公司 Bluetooth-based vehicle control method, mobile terminal, vehicle-mounted TBOX (tunnel boring oxide) and system
CN108973934A (en) * 2018-07-12 2018-12-11 宁波华科汽车零部件有限公司 A kind of keyless access system and method
CN111114491B (en) * 2018-10-31 2021-08-24 长城汽车股份有限公司 Control system and method for vehicle
CN109765880B (en) * 2019-01-16 2020-07-07 江苏徐工信息技术股份有限公司 MD5 dynamic encryption algorithm-based T-BOX (T-BOX) anti-removal method and system
CN110042879B (en) * 2019-04-22 2021-06-04 雷沃工程机械集团有限公司 Excavator locking method based on MD5 algorithm
WO2021021025A1 (en) 2019-07-30 2021-02-04 Ams Sensors Singapore Pte. Ltd. Authenticating proximity via time-of-flight
CN110920565B (en) * 2019-12-13 2021-09-14 长春超维科技产业有限责任公司 Bluetooth comfortable access system based on vehicle door unlocking and control method thereof
CN112114542B (en) * 2020-06-10 2024-05-10 上汽通用五菱汽车股份有限公司 Vehicle remote control method, vehicle and readable storage medium
JP2022164383A (en) * 2021-04-16 2022-10-27 株式会社東海理化電機製作所 Control device, program, and system
CN113658360B (en) * 2021-08-18 2022-05-10 安徽江淮汽车集团股份有限公司 Digital key safety control method for vehicle
CN114162078B (en) * 2021-11-25 2024-03-15 上汽通用五菱汽车股份有限公司 Automobile remote alarm anti-theft control method and system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105346502A (en) * 2015-10-22 2016-02-24 科世达(上海)管理有限公司 Keyless entry method and system of vehicle
CN106114452A (en) * 2016-08-31 2016-11-16 泉州市名品电子股份有限公司 Automotive theft proof system based on bluetooth cellular phone identification
CN206031301U (en) * 2016-08-31 2017-03-22 泉州市名品电子股份有限公司 Car theftproof start control device based on bluetooth mobile phone identity second recognition
CN206031295U (en) * 2016-08-31 2017-03-22 泉州市名品电子股份有限公司 Car anti -theft system based on bluetooth mobile phone identification
CN206031296U (en) * 2016-08-31 2017-03-22 泉州市名品电子股份有限公司 Car theftproof safety control based on bluetooth mobile phone identity second recognition
US9819426B2 (en) * 2016-04-12 2017-11-14 Ford Global Technologies, Llc System and method for remote keyless system characterization
CN108235291A (en) * 2017-12-29 2018-06-29 威马智慧出行科技(上海)有限公司 A kind of safety certification device and method for vehicle anti-theft

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105346502A (en) * 2015-10-22 2016-02-24 科世达(上海)管理有限公司 Keyless entry method and system of vehicle
US9819426B2 (en) * 2016-04-12 2017-11-14 Ford Global Technologies, Llc System and method for remote keyless system characterization
CN106114452A (en) * 2016-08-31 2016-11-16 泉州市名品电子股份有限公司 Automotive theft proof system based on bluetooth cellular phone identification
CN206031301U (en) * 2016-08-31 2017-03-22 泉州市名品电子股份有限公司 Car theftproof start control device based on bluetooth mobile phone identity second recognition
CN206031295U (en) * 2016-08-31 2017-03-22 泉州市名品电子股份有限公司 Car anti -theft system based on bluetooth mobile phone identification
CN206031296U (en) * 2016-08-31 2017-03-22 泉州市名品电子股份有限公司 Car theftproof safety control based on bluetooth mobile phone identity second recognition
CN108235291A (en) * 2017-12-29 2018-06-29 威马智慧出行科技(上海)有限公司 A kind of safety certification device and method for vehicle anti-theft

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111200807A (en) * 2019-12-30 2020-05-26 上海博泰悦臻网络技术服务有限公司 Bluetooth-based information interaction method and device
CN111148075A (en) * 2019-12-30 2020-05-12 上海博泰悦臻网络技术服务有限公司 Bluetooth key configuration method and system for configuring Bluetooth key
CN111200807B (en) * 2019-12-30 2024-03-29 上海博泰悦臻网络技术服务有限公司 Bluetooth-based information interaction method and device
CN111361524A (en) * 2020-03-31 2020-07-03 上海云木科技有限公司 Vehicle safety control system and method
CN111787514B (en) * 2020-06-28 2024-03-22 海尔优家智能科技(北京)有限公司 Method and device for acquiring equipment control data, storage medium and electronic device
CN111787514A (en) * 2020-06-28 2020-10-16 海尔优家智能科技(北京)有限公司 Method and device for acquiring equipment control data, storage medium and electronic device
CN112606795A (en) * 2020-12-28 2021-04-06 中国第一汽车股份有限公司 Vehicle transmission system anti-theft control method, device, equipment and storage medium
CN114360107A (en) * 2021-12-24 2022-04-15 惠州市德赛西威智能交通技术研究院有限公司 Intelligent vehicle key method and system for multiple users and multiple vehicles
CN114360107B (en) * 2021-12-24 2024-03-29 惠州市德赛西威智能交通技术研究院有限公司 Intelligent vehicle key method and system for multi-user multi-vehicle
CN115102726A (en) * 2022-06-07 2022-09-23 东风柳州汽车有限公司 Double-authentication matching method, device, system and equipment for remote control key
CN115102726B (en) * 2022-06-07 2024-04-05 东风柳州汽车有限公司 Dual authentication matching method, device, system and equipment for remote key
CN115603982A (en) * 2022-09-30 2023-01-13 重庆长安汽车股份有限公司(Cn) Vehicle-mounted terminal security authentication method and device, electronic equipment and storage medium
CN115603982B (en) * 2022-09-30 2024-05-28 重庆长安汽车股份有限公司 Vehicle-mounted terminal security authentication method and device, electronic equipment and storage medium
CN116866088B (en) * 2023-09-05 2023-11-28 中汽智联技术有限公司 Internet of vehicles external equipment authentication method, equipment and storage medium
CN116866088A (en) * 2023-09-05 2023-10-10 中汽智联技术有限公司 Internet of vehicles external equipment authentication method, equipment and storage medium

Also Published As

Publication number Publication date
CN108235291A (en) 2018-06-29

Similar Documents

Publication Publication Date Title
WO2019128354A1 (en) Safety authentication apparatus and method for vehicle anti-theft, device and computer program
CN108122311B (en) Vehicle virtual key implementation method and system
WO2019128323A1 (en) Remote authorization method and system for vehicle
US20200402334A1 (en) Guest access for locking device
US9842443B1 (en) Computing device as a vehicle key
US9571284B2 (en) Controlling access to personal information stored in a vehicle using a cryptographic key
EP3806384B1 (en) Vehicle unlocking authentication method and apparatus
WO2020020185A1 (en) Systems and methods for a vehicle authenticating and enrolling a wireless device
WO2022127146A1 (en) In-vehicle service authorization activation method, device, and vehicle
CN111432374B (en) Network-connected automobile network node identity authentication method and device and readable storage medium
US10432408B2 (en) Retention and revocation of operation keys by a control unit
WO2022127064A1 (en) Vehicle digital key distribution management method and device
TW201735578A (en) Controlled secure code authentication
CN111508110B (en) Method and device for realizing remote locking of vehicle
US9767264B2 (en) Apparatus, method for controlling apparatus, and program
US20200079319A1 (en) Multi-factor authentication of a hardware assembly
CN111845624B (en) Method for starting vehicle without key
CN112188431A (en) Intelligent vehicle entering system and method thereof
US9893886B2 (en) Communication device
US11485317B2 (en) Concept for provision of a key signal or an immobilizer signal for a vehicle
CN113766450A (en) Vehicle virtual key sharing method, mobile terminal, server and vehicle
KR20160093764A (en) Secure communication system of ecu utilizing otp rom
JP2021189849A (en) Information processing device, information processing method, and program
CN114036490B (en) Plug-in software interface calling security authentication method, USBKey driving device and authentication system
WO2022193615A1 (en) Method and apparatus for deleting digital key, and device, system and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18897632

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 06.10.2020)

122 Ep: pct application non-entry in european phase

Ref document number: 18897632

Country of ref document: EP

Kind code of ref document: A1