WO2022127064A1 - Vehicle digital key distribution management method and device - Google Patents

Vehicle digital key distribution management method and device Download PDF

Info

Publication number
WO2022127064A1
WO2022127064A1 PCT/CN2021/102337 CN2021102337W WO2022127064A1 WO 2022127064 A1 WO2022127064 A1 WO 2022127064A1 CN 2021102337 W CN2021102337 W CN 2021102337W WO 2022127064 A1 WO2022127064 A1 WO 2022127064A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
digital
vehicle
mobile terminal
control information
Prior art date
Application number
PCT/CN2021/102337
Other languages
French (fr)
Chinese (zh)
Inventor
王辉
Original Assignee
广州橙行智动汽车科技有限公司
广州小鹏汽车科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 广州橙行智动汽车科技有限公司, 广州小鹏汽车科技有限公司 filed Critical 广州橙行智动汽车科技有限公司
Publication of WO2022127064A1 publication Critical patent/WO2022127064A1/en

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Definitions

  • the invention relates to the technical field of vehicles, in particular to a vehicle digital key distribution management method and a vehicle digital key distribution management device.
  • the digital key is easy to carry, share and manage. It is very popular among users and has a high usage rate. It has become the standard configuration of smart cars. Digital keys usually have strict life cycle management, including registration, cancellation and normal use, and each user (such as a car owner) corresponds to a digital key.
  • the server When registering a digital key, the server needs to be separated from the mobile terminal and the vehicle. communication to complete the creation of the safe pairing information between the mobile terminal and the vehicle; when the digital key is logged out, not only does the server need to communicate with the mobile terminal and the vehicle separately to complete the deletion of the safe pairing information between the mobile terminal and the vehicle, but also Make sure the vehicle is powered off and armed to complete.
  • the implementation of the above digital key can support usage scenarios such as key sharing, and then in some cases, such as when the vehicle is in an underground parking lot without a network, the registration and deregistration of keys cannot be realized;
  • usage scenarios such as key sharing, and then in some cases, such as when the vehicle is in an underground parking lot without a network, the registration and deregistration of keys cannot be realized;
  • sharing sexually such as when moving the car in the car wash, or when the courier puts items in the car, a cumbersome registration process is required before it can be used, and the car owner also needs to log out in time after confirming that the shared key is used, which is not flexible. high.
  • embodiments of the present invention are proposed to provide a vehicle digital key distribution management method and a corresponding vehicle digital key distribution management device that overcome the above problems or at least partially solve the above problems.
  • an embodiment of the present invention discloses a vehicle digital key distribution management method, which is applied to a server, and the server establishes a communication connection with a first mobile terminal, a second mobile terminal, and a vehicle, respectively.
  • the method include:
  • Encrypting the preset number of digital keys wherein, the public key used in the encryption process is generated by a root certificate preset in the vehicle, and forwarded to the server through the vehicle;
  • generating a preset number of digital keys according to the key control information includes:
  • the key pulling instruction is used to instruct the second mobile terminal to generate a key obtaining request
  • a preset number of digital keys are generated according to the key control information.
  • the key control information further includes key master identification, vehicle information, key validity period or operation authority.
  • the server is connected to a vehicle, the vehicle has a preset root certificate and a first public key, and the server has a first private key matching the first public key;
  • the encrypting process for the preset number of digital keys includes:
  • a vehicle digital key activation instruction is generated, and the vehicle digital key activation instruction is sent to the vehicle; the vehicle digital key activation instruction is used to instruct the vehicle Generate a public-private key pair including a second public key and a second private key by using the root certificate;
  • the sending the encrypted preset number of digital keys to the second mobile terminal includes:
  • a preset number of digital keys for signature and encryption processing are sent to the second mobile terminal.
  • the preset number of digital keys includes digital keys carrying the same key master identifier, and/or digital keys carrying different key master identifiers;
  • the generating a preset number of digital keys according to the key control information further includes:
  • the key sub-identity is used to represent the number of times of use of the digital key
  • the method further includes:
  • the key disabling instruction includes a disabling key master identifier
  • the key disabling instruction is sent to the vehicle; the key disabling instruction is used to inform the vehicle to set the disabling identification bit in the key record information carrying the disabling key master identification to a disabling value.
  • the method further includes:
  • the restart activation instruction is used to instruct the vehicle to generate a third public key and a third private key through the root certificate. public-private key pair.
  • the embodiment of the present invention also discloses a vehicle digital key distribution management method, which is applied to a vehicle, and the vehicle establishes a communication connection with the first mobile terminal, the second mobile terminal and the server, and the method includes:
  • a public key Generate a public key according to a preset root certificate and forward the public key to the server; receive an encrypted preset number of digital keys sent by the second mobile terminal; the encrypted preset number of digital keys The key is generated by the server according to the key control information sent by the first mobile terminal, and the public key is used for encryption processing; wherein, the preset number does not exceed the key usage times included in the key control information ;
  • the vehicle is controlled accordingly according to the digital key.
  • the vehicle has a preset first public key
  • the server has a first private key matching the first public key
  • the public key is generated according to the preset root certificate and sent to the The server forwards the public key, including:
  • the server is configured to use the first private key and the second public key to perform signature and encryption processing on the preset number of digital keys in turn, and A preset number of digital keys for signature and encryption processing are sent to the second mobile terminal.
  • the corresponding control of the vehicle according to the digital key includes:
  • the checking of the digital key carrying the corresponding key control information includes:
  • the judging whether the digital key carrying the corresponding key control information is legal includes:
  • the judging whether the decryption and signature verification operations can be performed on the digital key carrying the corresponding key control information to obtain the digital key for decryption and signature verification including:
  • Judging whether the first public key matching the first private key and the second private key matching the second public key can be used to sequentially decrypt and verify a preset number of digital keys for signature and encryption processing deal with.
  • the vehicle has a digital key record for the digital key; the judging whether the digital key for decryption and signature verification is legal, includes:
  • the target key master identifier exists in the digital key record, it is determined whether the disable flag bit included in the target subrecord corresponding to the target key master identifier is a preset threshold, and the target record includes Whether the key sub-identity of the key reaches the preset expected sub-identity.
  • the method further includes:
  • the disabled flag bit contained in the target sub-record is a preset threshold, and the key sub-identity contained in the target record reaches the preset expected sub-identity, then the digital key for decryption and signature verification is legal;
  • the target key master identifier does not exist in the digital key record, create a digital key record containing the key master identifier, a preset desired sub-identity and a disabled flag bit for the digital key for decryption and signature verification .
  • judging whether the key control information carried by the digital key for decryption and signature verification is legal including:
  • the method further includes:
  • the key disabling instruction includes a disabling key master identifier
  • the disabled identification bit in the key record information carrying the disabled key master identification is set as a disabled value.
  • the method further includes:
  • a public-private key pair including a third public key and a third private key is generated by using the root certificate.
  • the embodiment of the present invention also discloses a vehicle digital key distribution management device, which is applied to a server, and the server establishes a communication connection with the first mobile terminal, the second mobile terminal and the vehicle respectively, and the device includes:
  • a key control information acquisition module configured to receive the key control information sent by the first mobile terminal; the key control information includes the number of times the key is used;
  • a digital key generation module for generating a preset number of digital keys according to the key control information; wherein the preset number does not exceed the number of times the key is used;
  • a digital key encryption module for performing encryption processing on the preset number of digital keys; wherein, the public key used in the encryption processing is generated by the root certificate preset in the vehicle, and forwarded to the server through the vehicle device;
  • the digital key sending module is used for sending the encrypted preset number of digital keys to the second mobile terminal.
  • the digital key generation module includes:
  • a key pulling instruction generation submodule configured to acquire account information from the first mobile terminal, and generate a key pulling instruction according to the key control information and the account information;
  • a key pulling instruction sending submodule configured to send the key pulling instruction to the second mobile terminal; the key pulling instruction is used to instruct the second mobile terminal to generate a key obtaining request;
  • the digital key generation sub-module is configured to generate a preset number of digital keys according to the key control information in response to a key acquisition request sent by the second mobile terminal.
  • the key control information further includes key master identification, vehicle information, key validity period or operation authority.
  • the vehicle has a preset root certificate and a first public key
  • the server has a first private key matching the first public key
  • the digital key encryption module includes:
  • a vehicle digital key activation command sending submodule configured to generate a vehicle digital key activation command when an activation operation on the preset vehicle digital key is detected, and send the vehicle digital key activation command to the vehicle;
  • the vehicle digital key activation instruction is used to instruct the vehicle to generate a public-private key pair including a second public key and a second private key through the root certificate;
  • the signature and encryption processing sub-module is configured to receive the second public key sent by the vehicle, and use the first private key and the second public key to perform signature and encryption processing on the preset number of digital keys in sequence.
  • the digital key sending module includes:
  • the digital key sending sub-module is used for sending a preset number of digital keys for signature and encryption processing to the second mobile terminal.
  • the preset number of digital keys includes digital keys carrying the same key master identifier, and/or digital keys carrying different key master identifiers; further comprising:
  • a key sub-identity generation submodule for generating a key sub-identity for the digital key; the key sub-identity is used to represent the number of times of use of the digital key;
  • An add-one operation sub-module is used to add one to the key sub-identity of the digital key carrying the same key main identifier during the process of sending the digital key carrying the same key main identifier to the second mobile terminal. .
  • the device further includes:
  • a key disabling instruction acquisition module for acquiring a key disabling instruction;
  • the key disabling instruction includes a disabling key master identifier;
  • a key disabling instruction sending module is used to send the key disabling instruction to the vehicle; the key disabling instruction is used to inform the vehicle to set the disabling identification bit in the key record information carrying the disabling key master identification as Disabled value.
  • the device may also include:
  • a restart activation instruction sending module is used to generate a restart activation instruction according to a preset time interval, and send the restart activation instruction to the vehicle; the restart activation instruction is used to instruct the vehicle to generate a third activation instruction through the root certificate.
  • the embodiment of the present invention also discloses a vehicle digital key distribution management device, which is applied to a vehicle, and the vehicle establishes a communication connection with a first mobile terminal, a second mobile terminal and a server respectively, and the device includes:
  • a public key generation module configured to generate a public key according to a preset root certificate and forward the public key to the server;
  • a digital key receiving module configured to receive the encrypted preset number of digital keys sent by the second mobile terminal; the encrypted preset number of digital keys are sent by the server according to the first mobile terminal. Generate key control information, and use the public key to perform encryption processing; wherein, the preset number does not exceed the number of key uses included in the key control information;
  • the vehicle control module is used for correspondingly controlling the vehicle according to the digital key.
  • the vehicle has a preset first public key
  • the server has a first private key matching the first public key
  • the public key generation module includes:
  • a vehicle digital key activation instruction receiving sub-module configured to receive a vehicle digital key activation instruction sent by the server; the activation instruction is generated by the server detecting an activation operation for the preset vehicle digital key;
  • a vehicle digital activation instruction response submodule configured to respond to the vehicle digital activation instruction, and generate a public-private key pair including a second public key and a second private key through the root certificate;
  • the second public key sending submodule is configured to send the second public key to the server; the server is configured to use the first private key and the second public key to pair the preset number of The digital key performs signature and encryption processing in sequence, and sends a preset number of digital keys for signature and encryption processing to the second mobile terminal.
  • the vehicle control module includes:
  • a digital key checking submodule configured to check the digital key carrying the corresponding key control information when receiving the digital key carrying the corresponding key control information sent by the second mobile terminal;
  • the vehicle control sub-module is configured to execute an operation corresponding to the corresponding key control information after the inspection is passed.
  • the digital key checking submodule includes:
  • Decryption and signature verification judgment unit for judging whether decryption and signature verification operations can be performed on the digital key carrying the corresponding key control information to obtain a digital key for decryption and signature verification;
  • the digital key legality judgment unit is used to judge whether the digital key for decryption and signature verification is legal if the digital key for decryption and signature verification can be obtained;
  • the key control information judgment unit is configured to judge whether the key control information carried by the digital key for decryption and signature verification is legal if the digital key for decryption and signature verification is legal.
  • the decryption and signature verification judgment unit includes:
  • Decryption, signature verification and judgment subunit for judging whether the first public key matching the first private key and the second private key matching the second public key can be used to sign and encrypt a preset number of The digital key is decrypted and verified in sequence.
  • the vehicle has a digital key record for the digital key;
  • the digital key legality judging unit includes:
  • the target key master identification acquisition subunit is used to obtain the target key master identification of the digital key for decryption and signature verification when the digital key for decryption and signature verification is obtained;
  • a target key master identification judging subunit for judging whether the target key master identification exists in the digital key record
  • a digital key legality judging subunit used for determining whether the disabled flag bit contained in the target subrecord corresponding to the target key main identifier is a preset threshold if the target key master identifier exists in the digital key record , and whether the key sub-identity contained in the target record reaches the preset expected sub-identity.
  • the digital key legality judging unit further includes:
  • the first digital key legal subunit is used for if the forbidden flag bit contained in the target subrecord is a preset threshold, and the key subidentity contained in the target record reaches a preset desired subidentity, then the The digital key for decryption and signature verification is legal;
  • the second digital key legal subunit is configured to create a decryption and verification code including the key main identifier, the preset expected sub-identity and the disabled flag bit if the target key master identifier does not exist in the digital key record.
  • the digital key record of the signed digital key is configured to create a decryption and verification code including the key main identifier, the preset expected sub-identity and the disabled flag bit if the target key master identifier does not exist in the digital key record.
  • the key control information judgment unit includes:
  • the key control information judgment subunit is used for judging whether the key control information carried by the digital key for decryption and signature verification is the same as the digital key record.
  • the device further includes:
  • a key disabling instruction receiving submodule configured to receive a key disabling instruction sent by the first mobile terminal;
  • the key disabling instruction includes a disabling key master identifier;
  • the disabling value setting submodule is used to set the disabling flag bit in the key record information carrying the disabling key master identifier as a disabling value.
  • the device further includes:
  • a restart activation instruction receiving module configured to receive a restart activation instruction sent by the first mobile terminal according to a preset time interval
  • a restart activation instruction response module configured to respond to the restart activation instruction, and generate a public-private key pair including a third public key and a third private key by using the root certificate.
  • An embodiment of the present invention further discloses a vehicle, comprising: the vehicle digital key distribution management device, a processor, a memory, and a computer program stored on the memory and capable of running on the processor, the computer program When executed by the processor, any one of the steps of the vehicle digital key distribution management method is implemented.
  • An embodiment of the present invention further discloses a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, any one of the steps of the vehicle digital key distribution management method is implemented .
  • the server, the first mobile terminal, the second mobile terminal and the vehicle are involved, the key control information sent by the first mobile terminal is received through the server, and a preset number of digital keys are generated according to the key control information Then, the generated preset number of digital keys can be encrypted, and the encrypted preset number of digital keys can be sent to the second mobile terminal, so that the second mobile terminal can send the digital keys carrying the corresponding key control information to the vehicle. key to control the vehicle accordingly.
  • the shared terminal can directly use the desired digital key for vehicle control. Users do not need to register in advance, and do not need to explicitly recycle, they can control the vehicle without network conditions and adapt to various sharing scenarios.
  • FIG. 1 is a flow chart of steps of an embodiment of a vehicle digital key distribution management method according to the present invention
  • Fig. 2 is the realization process of vehicle digital key distribution management in the embodiment of the present invention.
  • Fig. 3 is the realization process for the production stage of the digital key and the vehicle owner binding activation stage in the embodiment of the present invention
  • Fig. 4 is the realization process that the vehicle owner deletes the key and deletes all the keys in the embodiment of the present invention
  • FIG. 5 is a flow chart of steps of another embodiment of a vehicle digital key distribution management method according to the present invention.
  • FIG. 6 is a flow chart of steps of another embodiment of a vehicle digital key distribution management method according to the present invention.
  • FIG. 7 is a schematic flow chart of vehicle inspection in an embodiment of the present invention.
  • Fig. 8 is the realization process of utilizing the distributed digital key to carry out vehicle control in the embodiment of the present invention.
  • FIG. 9 is a structural block diagram of an embodiment of a vehicle digital key distribution management device according to the present invention.
  • FIG. 10 is a structural block diagram of another embodiment of a vehicle digital key distribution management device according to the present invention.
  • FIG. 11 is a structural block diagram of another embodiment of a vehicle digital key distribution management device according to the present invention.
  • One of the core ideas of the embodiments of the present invention is to propose a lightweight digital car key system and design method, so as to make the use, sharing and management of digital car keys more convenient under the premise of ensuring safety; It can control the vehicle without network conditions and adapt to various sharing scenarios without prior registration or explicit recycling.
  • FIG. 1 there is shown a flow chart of steps of an embodiment of a vehicle digital key distribution management method of the present invention, which is applied to a server, and the server establishes communication with the first mobile terminal, the second mobile terminal, and the vehicle respectively.
  • the connection can specifically include the following steps:
  • Step 101 receiving the key acquisition control information sent by the first mobile terminal
  • the server can receive the key control information sent by the first mobile terminal, so as to generate a digital key for controlling the vehicle through the received key control information.
  • the first mobile terminal may refer to the mobile terminal of the vehicle owner who shares the digital key.
  • the car owner can set the key control information to be shared when sharing the key, and send the key control information and the account information of the shareee to the server, that is, the server can receive the sharer's terminal (that is, the first A mobile terminal) sends the key control information and the account information of the shared person.
  • the key control information may include key master ID (Master ID), vehicle information (VIN code), key validity period, key usage times, and vehicle operation authority information.
  • the Master ID can be used to uniquely demarcate a key control information in the whole network, that is, digital keys with the same Master ID can have the same key control information; the validity period of the key can be used to indicate that the key is unavailable after this time, that is, it is used to limit The valid use time of the generated digital key, if it exceeds the valid use time, the vehicle control function of the digital key will automatically become invalid; the number of key uses can be used to indicate how many times the key can be used, which can be realized by the set value. The number of times is limited.
  • the number of times of use is set to 1, it means one-time sharing, and if it is set to -1, it means that the key can be used permanently; the operation authority information for the vehicle can indicate whether the key has the authority to operate a certain action. For example, permissions to unlock, ignite, open the charging port cover, open the trunk, etc.
  • the shared key does not need to be explicitly recycled by the owner (that is, it is not necessary to log out in time after confirming that the shared key is used), which is very convenient. Scenarios for sharing keys.
  • Step 102 generating a preset number of digital keys according to the key control information
  • a preset number of digital keys may be generated, wherein the preset number does not exceed the key usage times included in the key control information.
  • the server When detecting the pulling signal of the mobile terminal for the digital key, the server can generate a preset number of digital keys according to the key control information.
  • the account information of the shareee (ie, the second mobile terminal user) can be obtained, and the key pulling instruction can be generated according to the key control information and the account information of the shareee, and then the key pulling instruction is sent to the mobile terminal, so as to obtain the key through the key pull.
  • the instruction informs the sharer corresponding to the shareee's account information that the generated preset number of digital keys can be pulled; at this time, the shared terminal (ie the second mobile terminal) can generate a key according to the received key pulling instruction
  • the acquisition request is sent to the server, and the server can respond to the key acquisition request sent by the mobile terminal, so as to generate a preset number of digital keys according to the key control information.
  • the key control information and the account information of the shared person can be set by the vehicle owner and sent to the server; the server can notify the shared user.
  • the user account APP has a new key, and synchronizes basic information to the APP, including the license plate number, Bluetooth key MAC address, etc.
  • the notification and synchronization methods can be realized by sending a key pull command to the second mobile terminal; the shareee APP You can regularly pull a batch of digital keys from the server, and then safely cache them locally.
  • the storage method is generally stored in the tee environment on andriod and ios systems, which can effectively prevent third-party theft; then the server can control the key according to the key.
  • the information generates several digital keys.
  • the server before generating the digital key, the server can judge whether the digital key can be generated according to the control conditions, for example, the current time does not exceed the validity period, and the total number of digital keys distributed does not exceed the number of times of use; and then the digital key can be generated according to the control conditions.
  • the key information will inherit the MasterID and operation authority in the control information, and the modification validity period is the current time + 5 days (that is, it can be used within 5 days), and does not exceed the validity period in the control information, and the vehicle information is added.
  • the premise of the server generating sub-keys can be that the current time does not exceed the validity period, that is, ⁇ 2030.12.31, and the total number of generated sub-keys does not exceed the number of times of use; then
  • the generated preset number of digital keys may include digital keys with the same key master identification, and/or digital keys with different key master identifications; that is, the preset number is generated at one time , and the number of generated digital keys with the same key master identification does not exceed the number of key uses.
  • the server while generating a preset number of digital keys according to the key control information, can also generate a key sub-identity for the digital key; During the process of the digital key of the key main identification, the key sub-identification of the digital key carrying the same key main identification can be added by one.
  • the server can generate a key sub ID (sub ID) for each digital key.
  • the ID is an auto-increment.
  • the initial value of the ID is 1.
  • the key sub-identification is used to indicate the use status of the digital key (the number key has been used or not).
  • Step 103 performing encryption processing on the preset number of digital keys; wherein, the public key used in the encryption processing is generated from the root certificate preset in the vehicle, and forwarded to the server through the vehicle;
  • the server can be connected to the vehicle, the vehicle can have a preset root certificate for the preset vehicle digital key and the first public key, and the server can have a first private key matching the first public key.
  • a vehicle digital key activation instruction is generated, and the vehicle digital key activation instruction is sent to the vehicle; the vehicle is used to respond to the vehicle digital key activation instruction , and generate a public-private key pair including a second public key and a second private key by using the root certificate.
  • a server public key and a server public key can be preset for each vehicle.
  • a root certificate on the vehicle side all vehicles can have the same root certificate; in the stage of binding and activating the vehicle digital key, the owner can notify the server to activate the vehicle, and the server can trigger the vehicle (ie, the vehicle) to activate.
  • the communication of the digital key is realized through the public-private key pair.
  • the server can sign and encrypt the digital key before sending it to the second mobile terminal, that is, the server can receive the second public key sent by the vehicle and use the first private key.
  • the key and the second public key sequentially perform signature and encryption processing on the preset number of digital keys; and then send the preset number of digital keys for signature and encryption processing to the second mobile terminal.
  • the root certificate preset in the vehicle may generate a public-private key pair including the second public key and the second private key, the second private key may be kept locally in the vehicle, and the second public key may be sent to the server.
  • the server can use the preset first private key to sign the generated digital key, and use the vehicle's second public key to sequentially encrypt the generated digital key, and then send the signature and signature to the second mobile terminal.
  • the vehicle can use the second private key and the first public key to decrypt and verify the digital key in turn, thereby ensuring that the digital key is encrypted.
  • the security of key data cannot be forged or tampered with.
  • Step 104 Send the encrypted preset number of digital keys to the second mobile terminal.
  • the server after the server generates a preset number of digital keys according to the key control information, in the process of sending the preset number of digital keys to the second mobile terminal, in order to ensure that the digital keys are in the communication process
  • the communication of the digital key can be realized through the public-private key pair, that is, the digital key sent to the second mobile terminal is the encrypted digital key.
  • the server in addition to generating and issuing digital keys, can also manage the generated digital keys. part of the digital key or all of the digital key.
  • the key disabling instruction can be obtained. ) generated key disabling instruction; wherein, the key disabling instruction may include disabling a key master identification; then sending the key disabling instruction to the vehicle; the key disabling instruction is used to inform the vehicle that the vehicle will carry the The disabled flag bit in the key record information of the disabled key master ID is set to the disabled value.
  • the key disabling instruction obtained by the server may be an instruction that carries a disabled Master ID sent by the vehicle owner to the server; the server may notify the vehicle that the key with the Master ID will be disabled
  • the disabled flag bit in the key record information is set to 1, so that the key with the ID of the Master ID is deleted and cannot be used again.
  • the key disabling instruction obtained by the server may be an instruction to disable all Master IDs sent by the car owner to the server; the server may notify the vehicle to record the keys of all Master IDs The disabled flag bit in the message is set to 1, so that all keys that have been issued are deleted and cannot be used again.
  • the server can also notify the vehicle to restart and activate, so that the vehicle can use the root certificate to generate a new pair of public and private keys during the reactivation phase, and send the new public key to On the server side, subsequent generated digital keys will be encrypted using this public key.
  • the first mobile terminal may generate a restart activation instruction according to a preset time interval, and send the restart activation instruction to the vehicle; the in-vehicle terminal is configured to respond to the restart activation instruction, and send the restart activation instruction through the root
  • the certificate generates a public-private key pair including a third public key and a third private key.
  • the security design method for strengthening or improving certain links such as how the server communicates securely with the mobile terminal, how the mobile terminal ensures the security and credibility of the device, how to ensure the credibility of the user (such as biometrics), the vehicle How to safely store and judge the safety of the terminal (such as using tee), etc.
  • this embodiment of the present invention does not limit it; and the form of the mobile terminal APP used by the car owner or the sharer can be a native app, or a small program, H5 (referring to the HTML5 hypertext markup language programming language) and other forms, which are not limited in this embodiment of the present invention.
  • the server receives the key control information sent by the first mobile terminal, and generates a preset number of digital keys according to the key control information. Then, the generated preset number of digital keys can be encrypted, and the encrypted preset number of digital keys can be sent to the second mobile terminal, so that the second mobile terminal can send the digital keys carrying the corresponding key control information to the vehicle. key to control the vehicle accordingly.
  • the shared terminal can directly use the desired digital key for vehicle control. Users do not need to register in advance, and do not need to explicitly recycle. They can control the vehicle without network conditions and adapt to various sharing scenarios.
  • FIG. 5 there is shown a flow chart of steps of another embodiment of a vehicle digital key distribution management method according to the present invention, which is applied to a second mobile terminal, and the second mobile terminal is connected to the server, the first mobile terminal and the vehicle respectively.
  • Establishing a communication connection may specifically include the following steps:
  • Step 501 Receive an encrypted preset number of digital keys sent by the server; in an embodiment of the present invention, the second mobile terminal can pull the digital key from the server.
  • the server can The key control information and the account information of the shareee generate a key pulling instruction, and send the key pulling instruction to the second mobile terminal; after receiving the key pulling instruction sent by the server, the second mobile terminal can pull the key according to the key The instruction generates a key acquisition request, and sends the key acquisition request to the server; the second mobile terminal can receive a preset number of digital keys sent by the server in response to the key acquisition request.
  • the received preset number of digital keys may be digital keys that have been signed and encrypted by the server using the public and private keys.
  • the specific signature and encryption processing procedures reference may be made to the above content, which is not described again in order to avoid redundant content.
  • Step 502 Send a digital key carrying corresponding key control information to the vehicle, so that the vehicle can control the vehicle according to the corresponding key control information.
  • a preset number of digital keys can be cached locally, and when the vehicle needs to be controlled, the digital key carrying the corresponding key control information can be obtained locally; The digital key of the information; the vehicle is used to check the digital key carrying the corresponding key control information, and after the inspection is passed, the vehicle is controlled according to the corresponding key control information.
  • a batch of digital keys can be periodically pulled from the server and safely cached locally.
  • the operation code essentially code/serial number
  • the digital key are sent to the The vehicle can be controlled.
  • the server, the first mobile terminal, the second mobile terminal and the vehicle are involved, the key control information is obtained through the server, and a preset number of digital keys are generated according to the key control information; Encrypt the preset number of digital keys that have been generated, and send the encrypted preset number of digital keys to the second mobile terminal, so that the second mobile terminal can send the digital key carrying the corresponding key control information to the vehicle, so as to realize the encryption of the vehicle. Control accordingly.
  • the shared terminal can directly use the desired digital key for vehicle control. Users do not need to register in advance, and do not need to explicitly recycle. They can control the vehicle without network conditions and adapt to various sharing scenarios.
  • FIG. 6 there is shown a flow chart of steps of another embodiment of a vehicle digital key distribution management method according to the present invention, which is applied to a vehicle, and the vehicle establishes a communication connection with a first mobile terminal, a second mobile terminal and a server respectively. , which may include the following steps:
  • Step 601 generating a public key according to a preset root certificate and forwarding the public key to the server;
  • the vehicle may have a preset root certificate and a first public key for the preset vehicle digital key
  • the server may have a first private key matching the preset first public key in the vehicle. key.
  • the vehicle can receive the vehicle digital key activation command sent by the server, wherein the activation command can be generated by the server detecting the activation operation for the preset vehicle digital key;
  • the root certificate generates a public-private key pair including the second public key and the second private key; and sends the second public key to the server, so that the server can use the received first private key and the second public key pair.
  • a preset number of digital keys are sequentially signed and encrypted, and the preset number of digital keys for signature and encryption are sent to the second mobile terminal.
  • Step 602 Receive an encrypted preset number of digital keys sent by the second mobile terminal; the encrypted preset number of digital keys are generated by the server according to the key control information sent by the first mobile terminal , and use the public key to perform encryption processing; wherein, the preset number does not exceed the key usage times included in the key control information;
  • the second mobile terminal can send the operation code and the digital key to the vehicle, and during the sending process, the second mobile terminal and the vehicle can directly perform near field communication through Bluetooth and other means, so that the vehicle can In an environment with no mobile network signal, you can also use the digital key to unlock and other operation permissions.
  • Step 603 correspondingly control the vehicle according to the digital key.
  • the vehicle After the vehicle receives the preset number of digital keys sent by the second mobile terminal, it indicates that the shareee needs to operate the vehicle at this time, and the vehicle can check the received digital key to determine whether the digital key can be used to complete the operation. The corresponding operation of the vehicle.
  • the digital key carrying the corresponding key control information is checked; after the check is passed, the response and the The operation corresponding to the corresponding key control information.
  • Checking the digital key carrying the corresponding key control information is mainly to determine whether the digital key is legal.
  • the specific steps may be as follows: judging whether the decryption and signature verification operations can be performed on the digital key carrying the corresponding key control information. , obtain the digital key for decryption and signature verification; if the digital key for decryption and signature verification can be obtained, then judge whether the digital key for decryption and signature verification is legal; if the digital key for decryption and signature verification is legal , then it is judged whether the key control information carried by the digital key for decryption and signature verification is legal.
  • FIG. 7 a schematic flow chart of the vehicle inspection in the embodiment of the present invention is shown.
  • the vehicle can perform communication security inspection, replay attack inspection, and control information inspection on the received digital key. After all inspections are passed, it indicates that the key is legal. , and then perform the corresponding action.
  • the vehicle can first perform a communication security check to determine whether the first public key matching the first private key and the second private key matching the second public key can be used to sign and encrypt a preset number of The digital key is decrypted and signed in turn. That is, the private key of the vehicle and the public key of the server are used to decrypt and verify the digital key in turn. If the verification is passed, the replay attack check is continued, otherwise the digital key is illegal.
  • the vehicle can then perform a replay attack check, the vehicle has a digital key record for the digital key, i.e. the record information for each key can be recorded and compared to determine whether the digital key is legitimate, including whether the key is disabled and whether the digital key has been used If the check passes the judgment of continuing to check the control information, otherwise the digital key is illegal.
  • a digital key record for the digital key i.e. the record information for each key can be recorded and compared to determine whether the digital key is legitimate, including whether the key is disabled and whether the digital key has been used If the check passes the judgment of continuing to check the control information, otherwise the digital key is illegal.
  • the step of judging whether the digital key is legal may include: when the digital key for decryption and signature verification is obtained, acquiring the target key master identifier of the digital key for decryption and signature verification; It is judged whether the target key master identifier exists in the digital key record; if the target key master identifier exists in the digital key record, it can be determined that the target sub-record corresponding to the target key master identifier contains the target key master identifier. Whether the disabled flag bit is a preset threshold, and whether the key sub-identity contained in the target record reaches a preset expected sub-identity.
  • the digital key for decryption and signature verification legal if the disabled flag bit contained in the target sub-record is a preset threshold, and the key sub-identity contained in the target record reaches the preset expected sub-identity, the digital key for decryption and signature verification legal; or, if the target key master identifier does not exist in the digital key record, create a digital key for the decryption and signature verification digital key that includes the key master identifier, a preset desired sub-identity, and a disabled flag bit key record.
  • the vehicle can record and compare the recorded information of each digital key received to determine whether the digital key is legal and record the information.
  • sub ID if the sub ID in the digital key > the expected sub ID of the record table, it means that this digital key has not been used, and this digital key is allowed to be used, otherwise it is not allowed to be used; this ensures that each digital key can only be used once, avoiding Replay attack is prevented; sub ID in the digital key ⁇ the expected sub ID of the record table, indicating that the digital key has been used; the disable flag bit can indicate whether the key is disabled, if it is 1, it means disabled, all digital keys are not allowed to be used ; 0 means not disabled.
  • the key can be used without registration by means of active recording and comparison at the vehicle end, and the safety is ensured at the same time.
  • the vehicle can finally judge the control information check, and judge whether the key control information carried by the digital key for decryption and signature verification is the same as the digital key record, specifically judging whether the VIN number is consistent, whether the validity period has expired, and whether the operation authority is satisfied. ; If the judgment is passed, it means that all the checks are passed, indicating that the key is legal, and then the response operation is performed, and the result is returned.
  • the vehicle can also receive a key disabling instruction sent by the first mobile terminal; the key disabling instruction includes a disabling key master identifier; the key record information carrying the disabling key master identifier The disable flag bit is set to the disabled value.
  • the vehicle may also receive a restart activation instruction sent by the first mobile terminal at preset time intervals; in response to the restart activation instruction, generate a third public key and The public-private key pair of the third private key.
  • the server, the first mobile terminal, the second mobile terminal and the vehicle are involved, the key control information sent by the first mobile terminal is received through the server, and a preset number of digital keys are generated according to the key control information ; Then the generated preset number of digital keys can be encrypted, and the encrypted preset number of digital keys can be sent to the second mobile terminal, so that the second mobile terminal can send the vehicle with the corresponding key control information.
  • the digital key can control the vehicle accordingly.
  • the shared terminal can directly use the desired digital key for vehicle control. Users do not need to register in advance, and do not need to explicitly recycle, they can control the vehicle without network conditions and adapt to various sharing scenarios.
  • FIG. 9 a structural block diagram of an embodiment of a vehicle digital key distribution management device of the present invention is shown, which is applied to a server, and the server establishes a communication connection with the first mobile terminal, the second mobile terminal and the vehicle respectively.
  • the server which can include the following modules:
  • the key control information acquisition module 901 is configured to receive the key control information sent by the first mobile terminal; the key control information includes the number of times of key use;
  • a digital key generation module 902 configured to generate a preset number of digital keys according to the key control information; wherein, the preset number does not exceed the number of times the key is used;
  • a digital key encryption module 903, configured to perform encryption processing on the preset number of digital keys; wherein, the public key used in the encryption processing is generated by the root certificate preset in the vehicle, and forwarded to the service through the vehicle end device;
  • the digital key sending module 904 is configured to send the encrypted preset number of digital keys to the second mobile terminal.
  • the digital key generation module 902 may include the following sub-modules:
  • a key pulling instruction generation sub-module used for acquiring the account information of the shareee from the first mobile terminal, and generating a key pulling instruction according to the key control information and the account information of the shareee;
  • a key pulling instruction sending submodule configured to send the key pulling instruction to the second mobile terminal; the key pulling instruction is used to instruct the second mobile terminal to generate a key obtaining request;
  • the digital key generation sub-module is configured to generate a preset number of digital keys according to the key control information in response to a key acquisition request sent by the second mobile terminal.
  • the key control information further includes key master identification, vehicle information, key validity period or operation authority.
  • the vehicle has a preset root certificate and a first public key
  • the server has a first private key matching the first public key
  • the digital key encryption module 903 may include the following submodules:
  • a vehicle digital key activation command sending submodule configured to generate a vehicle digital key activation command when an activation operation on the preset vehicle digital key is detected, and send the vehicle digital key activation command to the vehicle;
  • the vehicle digital key activation instruction is used to instruct the vehicle to generate a public-private key pair including a second public key and a second private key through the root certificate.
  • the signature and encryption processing sub-module is configured to receive the second public key sent by the vehicle, and use the first private key and the second public key to perform signature and encryption processing on the preset number of digital keys in sequence.
  • the digital key sending module 904 may include the following sub-modules:
  • the digital key sending sub-module is used for sending a preset number of digital keys for signature and encryption processing to the second mobile terminal.
  • the preset number of digital keys includes digital keys carrying the same key master identifier, and/or digital keys carrying different key master identifiers; and may also include the following submodules:
  • a key sub-identity generation submodule for generating a key sub-identity for the digital key; the key sub-identity is used to represent the number of times of use of the digital key;
  • An add-one operation sub-module is used to add one to the key sub-identity of the digital key carrying the same key main identifier during the process of sending the digital key carrying the same key main identifier to the second mobile terminal. .
  • the apparatus may further include the following modules:
  • a key disabling instruction acquisition module for acquiring a key disabling instruction;
  • the key disabling instruction includes a disabling key master identifier;
  • a key disabling instruction sending module is used to send the key disabling instruction to the vehicle; the key disabling instruction is used to inform the vehicle to set the disabling identification bit in the key record information carrying the disabling key master identification as Disabled value.
  • the apparatus may further include the following modules:
  • a restart activation instruction sending module is configured to generate a restart activation instruction according to a preset time interval, and send the restart activation instruction to the vehicle; the restart activation instruction is used to instruct the vehicle to generate a third activation instruction through the root certificate.
  • FIG. 10 shows a structural block diagram of another embodiment of the vehicle digital key distribution management device of the present invention, which is applied to a second mobile terminal, and the second mobile terminal is established with the server, the first mobile terminal and the vehicle respectively.
  • the communication connection can specifically include the following modules:
  • the digital key receiving module 1001 is used for receiving the encrypted preset number of digital keys sent by the server; the encrypted preset number of digital keys are sent by the server according to the keys sent by the first mobile terminal Control information is generated, and the public key is used for encryption processing; wherein, the preset number does not exceed the key usage times included in the key control information;
  • the digital key sending module 1002 is configured to send a digital key to the vehicle, so that the vehicle can control the vehicle according to the digital key.
  • the digital key receiving module 1001 may include the following sub-modules:
  • a key pulling instruction receiving sub-module configured to receive the key pulling instruction sent by the server; the key pulling instruction is generated by the server according to the key control information and account information sent by the first mobile terminal;
  • a key acquisition request sending submodule configured to generate a key acquisition request according to the key pulling instruction, and send the key acquisition request to the server;
  • the word key receiving sub-module is configured to receive a preset number of digital keys sent by the server in response to the key acquisition request.
  • the received digital keys of the preset number are signed and encrypted by the server using the public and private keys.
  • the digital key sending module 1002 may include the following sub-modules:
  • a key control information acquisition sub-module configured to cache the preset number of digital keys locally, and obtain digital keys carrying corresponding key control information locally;
  • the key control information sending sub-module is used to send the digital key carrying the corresponding key control information to the vehicle; the vehicle is used to check the digital key carrying the corresponding key control information, and after the inspection is passed, The vehicle is controlled according to the corresponding key control information.
  • FIG. 11 there is shown a structural block diagram of another embodiment of a vehicle digital key distribution management apparatus according to the present invention, which is applied to a vehicle, and the vehicle is connected to the first mobile terminal, the second mobile terminal, and the server terminal respectively.
  • Establishing a communication connection can specifically include the following modules:
  • a public key generation module 1101 configured to generate a public key according to a preset root certificate and forward the public key to the server;
  • a digital key receiving module 1102 configured to receive an encrypted preset number of digital keys sent by the second mobile terminal; the encrypted preset number of digital keys are sent by the server according to the first mobile terminal
  • the key control information is generated, and the public key is used for encryption processing; wherein, the preset number does not exceed the key usage times included in the key control information;
  • the vehicle control module 1103 is configured to control the vehicle according to the digital key.
  • the vehicle has a preset first public key
  • the server has a first private key matching the first public key
  • the public key generation module 1101 may include The following submodules:
  • a vehicle digital key activation instruction receiving sub-module configured to receive a vehicle digital key activation instruction sent by the server; the activation instruction is generated by the server detecting an activation operation for the preset vehicle digital key;
  • a vehicle digital activation instruction response submodule configured to respond to the vehicle digital activation instruction, and generate a public-private key pair including a second public key and a second private key through the root certificate;
  • the second public key sending submodule is configured to send the second public key to the server; the server is configured to use the first private key and the second public key to pair the preset number of The digital key performs signature and encryption processing in sequence, and sends a preset number of digital keys for signature and encryption processing to the second mobile terminal.
  • the vehicle control module 1103 may include the following sub-modules:
  • a digital key checking submodule configured to check the digital key carrying the corresponding key control information when receiving the digital key carrying the corresponding key control information sent by the mobile terminal;
  • the vehicle control sub-module is configured to execute an operation corresponding to the corresponding key control information after the inspection is passed.
  • the digital key checking sub-module may include the following units:
  • Decryption and signature verification judgment unit for judging whether decryption and signature verification operations can be performed on the digital key carrying the corresponding key control information to obtain a digital key for decryption and signature verification;
  • the digital key legality judgment unit is used to judge whether the digital key for decryption and signature verification is legal if the digital key for decryption and signature verification can be obtained;
  • the key control information judgment unit is configured to judge whether the key control information carried by the digital key for decryption and signature verification is legal if the digital key for decryption and signature verification is legal.
  • the decryption and signature verification judgment unit may include the following subunits:
  • Decryption, signature verification and judgment subunit for judging whether the first public key matching the first private key and the second private key matching the second public key can be used to sign and encrypt a preset number of The digital key is decrypted and verified in sequence.
  • the vehicle has a digital key record for the digital key;
  • the digital key legality judging unit may include the following subunits:
  • the target key master identification acquisition subunit is used to obtain the target key master identification of the digital key for decryption and signature verification when the digital key for decryption and signature verification is obtained;
  • a target key master identification judging subunit for judging whether the target key master identification exists in the digital key record
  • a digital key legality judging subunit used for determining whether the prohibited flag bit contained in the target subrecord corresponding to the target key main identifier is a preset threshold if the target key master identifier exists in the digital key record , and whether the key sub-identity contained in the target record reaches the preset expected sub-identity.
  • the digital key legality judging unit may further include the following subunits:
  • the first digital key legal subunit is used for if the forbidden flag bit contained in the target subrecord is a preset threshold, and the key subidentity contained in the target record reaches a preset desired subidentity, then the The digital key for decryption and signature verification is legal;
  • the second digital key legal subunit is configured to create a decryption and verification code including the key main identifier, the preset expected sub-identity and the disabled flag bit if the target key master identifier does not exist in the digital key record.
  • the digital key record of the signed digital key is configured to create a decryption and verification code including the key main identifier, the preset expected sub-identity and the disabled flag bit if the target key master identifier does not exist in the digital key record.
  • the key control information judging unit may include the following subunits:
  • the key control information judgment subunit is used for judging whether the key control information carried by the digital key for decryption and signature verification is the same as the digital key record.
  • the apparatus may further include the following modules:
  • a key disabling instruction receiving submodule configured to receive a key disabling instruction sent by the first mobile terminal;
  • the key disabling instruction includes a disabling key master identifier;
  • the disabling value setting submodule is used for setting the disabling flag bit in the key record information carrying the disabling key master identifier as a disabling value.
  • the apparatus may further include the following modules:
  • a restart activation instruction receiving module configured to receive the restart activation instruction sent by the first mobile terminal according to a preset time interval
  • a restart activation instruction response module configured to respond to the restart activation instruction, and generate a public-private key pair including a third public key and a third private key by using the root certificate.
  • the embodiment of the present invention also provides a vehicle, including:
  • It includes the above-mentioned vehicle digital key distribution management device, a processor, a memory, and a computer program stored on the memory and capable of running on the processor, and when the computer program is executed by the processor, the above-mentioned vehicle digital key distribution management method is implemented. In order to avoid repetition, the details are not repeated here.
  • Embodiments of the present invention also provide a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, each process of the foregoing embodiments of the vehicle digital key allocation management method is implemented, and the same can be achieved. In order to avoid repetition, the technical effect will not be repeated here.
  • embodiments of the embodiments of the present invention may be provided as a method, an apparatus, or a computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product implemented on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
  • computer-usable storage media including, but not limited to, disk storage, CD-ROM, optical storage, etc.
  • Embodiments of the present invention are described with reference to flowcharts and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the present invention. It will be understood that each flow and/or block in the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to the processor of a general purpose computer, special purpose computer, embedded processor or other programmable data processing terminal equipment to produce a machine that causes the instructions to be executed by the processor of the computer or other programmable data processing terminal equipment Means are created for implementing the functions specified in the flow or flows of the flowcharts and/or the blocks or blocks of the block diagrams.
  • These computer program instructions may also be stored in a computer readable memory capable of directing a computer or other programmable data processing terminal equipment to operate in a particular manner, such that the instructions stored in the computer readable memory result in an article of manufacture comprising instruction means, the The instruction means implement the functions specified in the flow or flow of the flowcharts and/or the block or blocks of the block diagrams.
  • a vehicle digital key distribution management method and a vehicle digital key distribution management device provided by the present invention have been introduced in detail above. Specific examples are used in this paper to illustrate the principles and implementations of the present invention. The above embodiments The description is only used to help understand the method of the present invention and its core idea; at the same time, for those of ordinary skill in the art, according to the idea of the present invention, there will be changes in the specific implementation and application scope. However, the contents of this specification should not be construed as limiting the present invention.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Lock And Its Accessories (AREA)

Abstract

A vehicle digital key distribution management method and device, which are applied to a server. The server establishes a communication connection with a first mobile terminal, a second mobile terminal and a vehicle, respectively. The method comprises: receiving key control information sent by the first mobile terminal (101); generating a preset number of digital keys according to the key control information (102); encrypting the preset number of digital keys (103); and sending the encrypted preset number of digital keys to the second mobile terminal (104). By means of generating a preset number of digital keys carrying key control information and sending the preset number of digital keys to a shared terminal, the shared terminal may directly use digital keys required for use to control the vehicle, and key users do not need to register in advance or explicitly recover the keys, so that the method can be adapted to various sharing scenes.

Description

一种车辆数字钥匙分配管理方法和装置A kind of vehicle digital key distribution management method and device
交叉引用cross reference
本申请要求2020年12月16日递交的发明名称为“一种车辆数字钥匙分配管理方法和装置”的申请号为202011494238.6的在先申请优先权,上述在先申请的内容以引入的方式并入本文本中。The present application claims the priority of the prior application with the application number of 202011494238.6 filed on December 16, 2020 and entitled "A Method and Device for Assigning and Managing Vehicle Digital Keys", the content of which is incorporated by reference in this text.
技术领域technical field
本发明涉及车辆技术领域,特别是涉及一种车辆数字钥匙分配管理方法和一种车辆数字钥匙分配管理装置。The invention relates to the technical field of vehicles, in particular to a vehicle digital key distribution management method and a vehicle digital key distribution management device.
背景技术Background technique
数字钥匙具有方便携带、分享和管理的特点,深受用户的喜爱且使用率极高,其已经成为智能汽车的标配。数字钥匙通常具有严格的生命周期管理,包括注册、注销和正常使用,且每个用户(例如车主)对应着一把数字钥匙,在对数字钥匙进行注册时,服务端需要和移动终端、车辆分别通信,完成移动终端和车辆的安全配对信息的创建操作;在对数字钥匙进行注销时,不仅需要服务端和移动终端、车辆分别通信,完成移动终端和车辆的安全配对信息的删除操作,还需要确保车辆在下电设防状态才可完成。The digital key is easy to carry, share and manage. It is very popular among users and has a high usage rate. It has become the standard configuration of smart cars. Digital keys usually have strict life cycle management, including registration, cancellation and normal use, and each user (such as a car owner) corresponds to a digital key. When registering a digital key, the server needs to be separated from the mobile terminal and the vehicle. communication to complete the creation of the safe pairing information between the mobile terminal and the vehicle; when the digital key is logged out, not only does the server need to communicate with the mobile terminal and the vehicle separately to complete the deletion of the safe pairing information between the mobile terminal and the vehicle, but also Make sure the vehicle is powered off and armed to complete.
上述数字钥匙的实现方式能够支持钥匙分享等使用场景,然后在某些情况下,比如当车辆处于无网络的地下停车场环境时就无法实现钥匙的注册和注销;且在对某些钥匙进行一次性的分享时,比如在洗车店挪车、快递员放置物品到车内等场景时,需要繁琐的注册过程才可使用,且车主还需要在确认分享钥匙使用完成后及时进行注销,灵活性不高。The implementation of the above digital key can support usage scenarios such as key sharing, and then in some cases, such as when the vehicle is in an underground parking lot without a network, the registration and deregistration of keys cannot be realized; When sharing sexually, such as when moving the car in the car wash, or when the courier puts items in the car, a cumbersome registration process is required before it can be used, and the car owner also needs to log out in time after confirming that the shared key is used, which is not flexible. high.
发明内容SUMMARY OF THE INVENTION
鉴于上述问题,提出了本发明实施例以便提供一种克服上述问题或者至少部分地解决上述问题的一种车辆数字钥匙分配管理方法和相应的一种车辆数字钥匙分配管理装置。In view of the above problems, embodiments of the present invention are proposed to provide a vehicle digital key distribution management method and a corresponding vehicle digital key distribution management device that overcome the above problems or at least partially solve the above problems.
为了解决上述问题,本发明实施例公开了一种车辆数字钥匙分配管理方法,应用于服务端,所述服务端分别与第一移动终端、第二移动终端以及和车辆建立通信连接,所述方法包括:In order to solve the above problem, an embodiment of the present invention discloses a vehicle digital key distribution management method, which is applied to a server, and the server establishes a communication connection with a first mobile terminal, a second mobile terminal, and a vehicle, respectively. The method include:
接收所述第一移动终端发送的钥匙控制信息;所述钥匙控制信息包括钥匙使用次数;Receive key control information sent by the first mobile terminal; the key control information includes the number of times of key use;
根据所述钥匙控制信息生成预设数量的数字钥匙;其中,所述预设数量不超过所述钥匙使用次数;Generate a preset number of digital keys according to the key control information; wherein the preset number does not exceed the number of times the key is used;
对所述预设数量的数字钥匙进行加密处理;其中,所述加密处理所使用的公钥由所述车辆中预置的根证书生成,并通过车辆转发至服务端;Encrypting the preset number of digital keys; wherein, the public key used in the encryption process is generated by a root certificate preset in the vehicle, and forwarded to the server through the vehicle;
向所述第二移动终端发送加密后的预设数量的数字钥匙。Send an encrypted preset number of digital keys to the second mobile terminal.
可选地,所述根据所述钥匙控制信息生成预设数量的数字钥匙,包括:Optionally, generating a preset number of digital keys according to the key control information includes:
从所述第一移动终端获取账号信息,并根据所述钥匙控制信息和所述账号信息生成钥匙拉取指令;Acquire account information from the first mobile terminal, and generate a key pulling instruction according to the key control information and the account information;
向所述第二移动终端发送所述钥匙拉取指令;所述钥匙拉取指令用于指示所述第二移动终端生成钥匙获取请求;sending the key pulling instruction to the second mobile terminal; the key pulling instruction is used to instruct the second mobile terminal to generate a key obtaining request;
响应所述第二移动终端发送的钥匙获取请求,根据所述钥匙控制信息生成预设数量的数字钥匙。In response to the key acquisition request sent by the second mobile terminal, a preset number of digital keys are generated according to the key control information.
可选地,所述钥匙控制信息还包括钥匙主标识、车辆信息、钥匙有效期或操作权限。Optionally, the key control information further includes key master identification, vehicle information, key validity period or operation authority.
可选地,所述服务端与车辆连接,所述车辆具有预置的根证书和第一公钥,所述服务端具有与所述第一公钥匹配的第一私钥;Optionally, the server is connected to a vehicle, the vehicle has a preset root certificate and a first public key, and the server has a first private key matching the first public key;
所述对所述预设数量的数字钥匙进行加密处理,包括:The encrypting process for the preset number of digital keys includes:
当检测到对所述预设车辆数字钥匙的激活操作时,生成车辆数字钥匙激活指令,并向所述车辆发送所述车辆数字钥匙激活指令;所述车辆数字钥匙激活指令用于指示所述车辆通过所述根证书生成包含第二公钥和第二私钥的公私钥对;When an activation operation on the preset vehicle digital key is detected, a vehicle digital key activation instruction is generated, and the vehicle digital key activation instruction is sent to the vehicle; the vehicle digital key activation instruction is used to instruct the vehicle Generate a public-private key pair including a second public key and a second private key by using the root certificate;
接收所述车辆发送的第二公钥,并采用所述第一私钥和所述第二公钥对所述预设数量的数字钥匙依次进行签名和加密处理;receiving the second public key sent by the vehicle, and using the first private key and the second public key to sequentially sign and encrypt the preset number of digital keys;
所述向所述第二移动终端发送加密后的预设数量的数字钥匙,包括:The sending the encrypted preset number of digital keys to the second mobile terminal includes:
向所述第二移动终端发送进行签名和加密处理的预设数量的数字钥匙。A preset number of digital keys for signature and encryption processing are sent to the second mobile terminal.
可选地,所述预设数量的数字钥匙包括携带有相同钥匙主标识的数字钥匙,和/或携带有不同钥匙主标识的数字钥匙;Optionally, the preset number of digital keys includes digital keys carrying the same key master identifier, and/or digital keys carrying different key master identifiers;
所述根据所述钥匙控制信息生成预设数量的数字钥匙,还包括:The generating a preset number of digital keys according to the key control information further includes:
生成针对所述数字钥匙的钥匙子标识;所述钥匙子标识用于表示数字钥匙的使用次数;generating a key sub-identity for the digital key; the key sub-identity is used to represent the number of times of use of the digital key;
在向所述第二移动终端发送所述携带有相同钥匙主标识的数字钥匙的过程中,对携带有相同钥匙主标识的数字钥匙的钥匙子标识进行加一操作。During the process of sending the digital key carrying the same main key identification to the second mobile terminal, an operation of adding one to the key sub-identification of the digital key carrying the same key main identification is performed.
可选地,所述方法还包括:Optionally, the method further includes:
获取钥匙禁用指令;所述钥匙禁用指令包括禁用钥匙主标识;Obtaining a key disabling instruction; the key disabling instruction includes a disabling key master identifier;
向所述车辆发送所述钥匙禁用指令;所述钥匙禁用指令用于告知所述车辆将携带有所述禁用钥匙主标识的钥匙记录信息中的禁用标识位设置为禁用值。The key disabling instruction is sent to the vehicle; the key disabling instruction is used to inform the vehicle to set the disabling identification bit in the key record information carrying the disabling key master identification to a disabling value.
可选地,所述方法还包括:Optionally, the method further includes:
按照预设时间间隔生成重启激活指令,并向所述车辆发送所述重启激活指令;所述重启激活指令用于指示所述车辆通过所述根证书生成包含第三公钥和第三私钥的公私钥对。Generate a restart activation instruction according to a preset time interval, and send the restart activation instruction to the vehicle; the restart activation instruction is used to instruct the vehicle to generate a third public key and a third private key through the root certificate. public-private key pair.
本发明实施例还公开了一种车辆数字钥匙分配管理方法,应用于车辆,所述车辆与第一移动终端、第二移动终端以及服务端建立通信连接,所述方法包括:The embodiment of the present invention also discloses a vehicle digital key distribution management method, which is applied to a vehicle, and the vehicle establishes a communication connection with the first mobile terminal, the second mobile terminal and the server, and the method includes:
根据预置的根证书生成公钥并向所述服务端转发所述公钥;接收所述第二移动终端发送的加密后的预设数量的数字钥匙;所述加密后的预设数量的数字钥匙由服务端根据所述第一移动终端所发送的钥匙控制信息生成,并采用所述公钥进行加密处理;其中,所述预设数量不超过所述钥匙控制信息中所包含的钥匙使用次数;Generate a public key according to a preset root certificate and forward the public key to the server; receive an encrypted preset number of digital keys sent by the second mobile terminal; the encrypted preset number of digital keys The key is generated by the server according to the key control information sent by the first mobile terminal, and the public key is used for encryption processing; wherein, the preset number does not exceed the key usage times included in the key control information ;
按照所述数字钥匙对所述车辆进行相应控制。The vehicle is controlled accordingly according to the digital key.
可选地,所述车辆具有预置的第一公钥,所述服务端具有与所述第一公钥匹配的第一私钥;所述根据预置的根证书生成公钥并向所述服务端转发所述公钥,包括:Optionally, the vehicle has a preset first public key, and the server has a first private key matching the first public key; the public key is generated according to the preset root certificate and sent to the The server forwards the public key, including:
接收所述服务端发送的车辆数字钥匙激活指令;所述激活指令由所述服务端检测到针对所述预设车辆数字钥匙的激活操作生成;Receive a vehicle digital key activation instruction sent by the server; the activation instruction is generated by the server detecting an activation operation for the preset vehicle digital key;
响应所述车辆数字激活指令,并通过所述根证书生成包含第二公钥和第二私钥的公私钥对;Responding to the vehicle digital activation instruction, and generating a public-private key pair including a second public key and a second private key through the root certificate;
向所述服务端发送所述第二公钥;所述服务端用于采用所述第一私钥和所述第二公钥对所述预设数量的数字钥匙依次进行签名和加密处理,并向所述第二移动终端发送进行签名和加密处理的预设数量的数字钥匙。Send the second public key to the server; the server is configured to use the first private key and the second public key to perform signature and encryption processing on the preset number of digital keys in turn, and A preset number of digital keys for signature and encryption processing are sent to the second mobile terminal.
可选地,所述按照所述数字钥匙对所述车辆进行相应控制,包括:Optionally, the corresponding control of the vehicle according to the digital key includes:
当接收到所述第二移动终端发送的携带有相应钥匙控制信息的数字钥匙时,对所述携带有相应钥匙控制信息的数字钥匙进行检查;When receiving the digital key carrying the corresponding key control information sent by the second mobile terminal, checking the digital key carrying the corresponding key control information;
在检查通过之后,执行响应与所述相应钥匙控制信息对应的操作。After the check is passed, an operation corresponding to the corresponding key control information is performed in response.
可选地,所述对所述携带有相应钥匙控制信息的数字钥匙进行检查,包括:Optionally, the checking of the digital key carrying the corresponding key control information includes:
判断所述携带有相应钥匙控制信息的数字钥匙是否合法;Determine whether the digital key carrying the corresponding key control information is legal;
所述判断所述携带有相应钥匙控制信息的数字钥匙是否合法,包括:The judging whether the digital key carrying the corresponding key control information is legal includes:
判断是否能够对所述携带有相应钥匙控制信息的数字钥匙进行解密和验签操作,得到进行解密和验签的数字钥匙;Determine whether the decryption and signature verification operations can be performed on the digital key carrying the corresponding key control information to obtain a digital key for decryption and signature verification;
若能够得到进行解密和验签的数字钥匙,则判断所述进行解密和验签的数字钥匙是否合法;If the digital key for decryption and signature verification can be obtained, then determine whether the digital key for decryption and signature verification is legal;
若所述进行解密和验签的数字钥匙合法,则判断所述进行解密和验签的数字钥匙所携带的钥匙控制信息是否合法。If the digital key for decryption and signature verification is legal, it is determined whether the key control information carried by the digital key for decryption and signature verification is legal.
可选地,所述判断是否能够对所述携带有相应钥匙控制信息的数字钥匙进行解密和验签操作,得到进行解密和验签的数字钥匙,包括:Optionally, the judging whether the decryption and signature verification operations can be performed on the digital key carrying the corresponding key control information to obtain the digital key for decryption and signature verification, including:
判断是否能够采用与所述第一私钥匹配的第一公钥和与所述第二公钥匹配的第二私钥,对进行签名和加密处理预设数量的数字钥匙依次进行解密和验签处理。Judging whether the first public key matching the first private key and the second private key matching the second public key can be used to sequentially decrypt and verify a preset number of digital keys for signature and encryption processing deal with.
可选地,所述车辆具有针对所述数字钥匙的数字钥匙记录;所述判断所述进行解密和验签的数字钥匙是否合法,包括:Optionally, the vehicle has a digital key record for the digital key; the judging whether the digital key for decryption and signature verification is legal, includes:
在得到进行解密和验签的数字钥匙时,获取所述进行解密和验签的数字钥匙的目标钥匙主标识;When obtaining the digital key for decryption and signature verification, obtain the target key master identifier of the digital key for decryption and signature verification;
判断在所述数字钥匙记录是否存在所述目标钥匙主标识;Judging whether the target key master identifier exists in the digital key record;
若所述数字钥匙记录中存在所述目标钥匙主标识,则判断与所述目标钥匙主标识对应的目标子记录中所包含的禁用标志位是否为预设阈值,且所述目标记录中所包含的钥匙子标识是否达到预设期望子标识。If the target key master identifier exists in the digital key record, it is determined whether the disable flag bit included in the target subrecord corresponding to the target key master identifier is a preset threshold, and the target record includes Whether the key sub-identity of the key reaches the preset expected sub-identity.
可选地,所述方法还包括:Optionally, the method further includes:
若所述目标子记录中所包含的禁用标志位为预设阈值,且所述目标记录中所包含的钥匙子标识达到预设期望子标识,则所述进行解密和验签的数字钥匙合法;If the disabled flag bit contained in the target sub-record is a preset threshold, and the key sub-identity contained in the target record reaches the preset expected sub-identity, then the digital key for decryption and signature verification is legal;
或,若所述数字钥匙记录中不存在所述目标钥匙主标识,则创建包含钥匙主标识、预设期望子标识以及禁用标志位的针对所述进行解密和验签的数字钥匙的数字钥匙记录。Or, if the target key master identifier does not exist in the digital key record, create a digital key record containing the key master identifier, a preset desired sub-identity and a disabled flag bit for the digital key for decryption and signature verification .
可选地,所述若所述进行解密和验签的数字钥匙合法,判断所述进行解密和验签的数字钥匙所携带的钥匙控制信息是否合法,包括:Optionally, if the digital key for decryption and signature verification is legal, judging whether the key control information carried by the digital key for decryption and signature verification is legal, including:
判断所述进行解密和验签的数字钥匙所携带的钥匙控制信息是否与所述数字钥匙记录相同。Determine whether the key control information carried by the digital key for decryption and signature verification is the same as the digital key record.
可选地,所述方法还包括:Optionally, the method further includes:
接收所述第一移动终端发送的钥匙禁用指令;所述钥匙禁用指令包括禁用钥匙主标识;receiving a key disabling instruction sent by the first mobile terminal; the key disabling instruction includes a disabling key master identifier;
对携带有所述禁用钥匙主标识的钥匙记录信息中的禁用标识位设置为禁用值。The disabled identification bit in the key record information carrying the disabled key master identification is set as a disabled value.
可选地,所述方法还包括:Optionally, the method further includes:
按照预设时间间隔接收所述第一移动终端发送的重启激活指令;Receive a restart activation instruction sent by the first mobile terminal according to a preset time interval;
响应所述重启激活指令,并通过所述根证书生成包含第三公钥和第三私钥的公私钥对。In response to the restart activation instruction, a public-private key pair including a third public key and a third private key is generated by using the root certificate.
本发明实施例还公开了一种车辆数字钥匙分配管理装置,应用于服务端,所述服务端分别与第一移动终端、第二移动终端以及车辆建立通信连接,所述装置包括:The embodiment of the present invention also discloses a vehicle digital key distribution management device, which is applied to a server, and the server establishes a communication connection with the first mobile terminal, the second mobile terminal and the vehicle respectively, and the device includes:
钥匙控制信息获取模块,用于接收所述第一移动终端发送的钥匙控制信息;所述钥匙控制信息包括钥匙使用次数;a key control information acquisition module, configured to receive the key control information sent by the first mobile terminal; the key control information includes the number of times the key is used;
数字钥匙生成模块,用于根据所述钥匙控制信息生成预设数量的数字钥匙;其中,所述预设数量不超过所述钥匙使用次数;a digital key generation module for generating a preset number of digital keys according to the key control information; wherein the preset number does not exceed the number of times the key is used;
数字钥匙加密模块,用于对所述预设数量的数字钥匙进行加密处理;其中,所述加密处理所使用的公钥由所述车辆中预置的根证书生成,并通过车辆转发至服务端器;A digital key encryption module for performing encryption processing on the preset number of digital keys; wherein, the public key used in the encryption processing is generated by the root certificate preset in the vehicle, and forwarded to the server through the vehicle device;
数字钥匙发送模块,用于向所述第二移动终端发送加密后的预设数量的数字钥匙。The digital key sending module is used for sending the encrypted preset number of digital keys to the second mobile terminal.
可选地,所述数字钥匙生成模块包括:Optionally, the digital key generation module includes:
钥匙拉取指令生成子模块,用于从所述第一移动终端获取账号信息,并根据所述钥匙控制信息和所述账号信息生成钥匙拉取指令;a key pulling instruction generation submodule, configured to acquire account information from the first mobile terminal, and generate a key pulling instruction according to the key control information and the account information;
钥匙拉取指令发送子模块,用于向所述第二移动终端发送所述钥匙拉取指令;所述钥匙拉取指令用于指示所述第二移动终端生成钥匙获取请求;a key pulling instruction sending submodule, configured to send the key pulling instruction to the second mobile terminal; the key pulling instruction is used to instruct the second mobile terminal to generate a key obtaining request;
数字钥匙生成子模块,用于响应所述第二移动终端发送的钥匙获取请求,根据所述钥匙控制信息生成预设数量的数字钥匙。The digital key generation sub-module is configured to generate a preset number of digital keys according to the key control information in response to a key acquisition request sent by the second mobile terminal.
可选地,所述钥匙控制信息还包括钥匙主标识、车辆信息、钥匙有效期或操作权限。Optionally, the key control information further includes key master identification, vehicle information, key validity period or operation authority.
可选地,所述车辆具有预置的根证书和第一公钥,所述服务端具有与所述第一公钥匹配的第一私钥;所述数字钥匙加密模块包括:Optionally, the vehicle has a preset root certificate and a first public key, and the server has a first private key matching the first public key; the digital key encryption module includes:
车辆数字钥匙激活指令发送子模块,用于当检测到对所述预设车辆数字钥匙的激活操作时,生成车辆数字钥匙激活指令,并向所述车辆发送所述车辆数字钥匙激活指令;所述车辆数字钥匙激活指令用于指示所述车辆通过所述根证书生成包含第二公钥和第二私钥的公私钥对;a vehicle digital key activation command sending submodule, configured to generate a vehicle digital key activation command when an activation operation on the preset vehicle digital key is detected, and send the vehicle digital key activation command to the vehicle; the The vehicle digital key activation instruction is used to instruct the vehicle to generate a public-private key pair including a second public key and a second private key through the root certificate;
签名加密处理子模块,用于接收所述车辆发送的第二公钥,并采用所述第一私钥和所述第二公钥对所述预设数量的数字钥匙依次进行签名和加密处理。The signature and encryption processing sub-module is configured to receive the second public key sent by the vehicle, and use the first private key and the second public key to perform signature and encryption processing on the preset number of digital keys in sequence.
可选地,所述数字钥匙发送模块包括:Optionally, the digital key sending module includes:
数字钥匙发送子模块,用于向所述第二移动终端发送进行签名和加密处理的预设数量的数字钥匙。The digital key sending sub-module is used for sending a preset number of digital keys for signature and encryption processing to the second mobile terminal.
可选地,所述预设数量的数字钥匙包括携带有相同钥匙主标识的数字钥匙,和/或携带有不同钥匙主标识的数字钥匙;还包括:Optionally, the preset number of digital keys includes digital keys carrying the same key master identifier, and/or digital keys carrying different key master identifiers; further comprising:
钥匙子标识生成子模块,用于生成针对所述数字钥匙的钥匙子标识;所述钥匙子标识用于表示数字钥匙的使用次数;a key sub-identity generation submodule for generating a key sub-identity for the digital key; the key sub-identity is used to represent the number of times of use of the digital key;
加一操作子模块,用于在向所述第二移动终端发送所述携带有相同钥匙主标识的数字钥匙的过程 中,对携带有相同钥匙主标识的数字钥匙的钥匙子标识进行加一操作。An add-one operation sub-module is used to add one to the key sub-identity of the digital key carrying the same key main identifier during the process of sending the digital key carrying the same key main identifier to the second mobile terminal. .
可选地,所述装置还包括:Optionally, the device further includes:
钥匙禁用指令获取模块,用于获取钥匙禁用指令;所述钥匙禁用指令包括禁用钥匙主标识;a key disabling instruction acquisition module for acquiring a key disabling instruction; the key disabling instruction includes a disabling key master identifier;
钥匙禁用指令发送模块,用于向所述车辆发送所述钥匙禁用指令;所述钥匙禁用指令用于告知所述车辆将携带有所述禁用钥匙主标识的钥匙记录信息中的禁用标识位设置为禁用值。A key disabling instruction sending module is used to send the key disabling instruction to the vehicle; the key disabling instruction is used to inform the vehicle to set the disabling identification bit in the key record information carrying the disabling key master identification as Disabled value.
可选地,所述装置还可以包括:Optionally, the device may also include:
重启激活指令发送模块,用于按照预设时间间隔生成重启激活指令,并向所述车辆发送所述重启激活指令;所述重启激活指令用于指示所述车辆通过所述根证书生成包含第三公钥和第三私钥的公私钥对。A restart activation instruction sending module is used to generate a restart activation instruction according to a preset time interval, and send the restart activation instruction to the vehicle; the restart activation instruction is used to instruct the vehicle to generate a third activation instruction through the root certificate. The public-private key pair of the public key and the third private key.
本发明实施例还公开了一种车辆数字钥匙分配管理装置,应用于车辆,所述车辆分别与第一移动终端、第二移动终端以及服务端建立通信连接,所述装置包括:The embodiment of the present invention also discloses a vehicle digital key distribution management device, which is applied to a vehicle, and the vehicle establishes a communication connection with a first mobile terminal, a second mobile terminal and a server respectively, and the device includes:
公钥生成模块,用于根据预置的根证书生成公钥并向所述服务端转发所述公钥;a public key generation module, configured to generate a public key according to a preset root certificate and forward the public key to the server;
数字钥匙接收模块,用于接收所述第二移动终端发送的加密后的预设数量的数字钥匙;所述加密后的预设数量的数字钥匙由服务端根据所述第一移动终端所发送的钥匙控制信息生成,并采用所述公钥进行加密处理;其中,所述预设数量不超过所述钥匙控制信息中所包含的钥匙使用次数;A digital key receiving module, configured to receive the encrypted preset number of digital keys sent by the second mobile terminal; the encrypted preset number of digital keys are sent by the server according to the first mobile terminal. Generate key control information, and use the public key to perform encryption processing; wherein, the preset number does not exceed the number of key uses included in the key control information;
车辆控制模块,用于按照所述数字钥匙对所述车辆进行相应控制。The vehicle control module is used for correspondingly controlling the vehicle according to the digital key.
可选地,所述车辆具有预置的第一公钥,所述服务端具有与所述第一公钥匹配的第一私钥;所述公钥生成模块包括:Optionally, the vehicle has a preset first public key, and the server has a first private key matching the first public key; the public key generation module includes:
车辆数字钥匙激活指令接收子模块,用于接收所述服务端发送的车辆数字钥匙激活指令;所述激活指令由所述服务端检测到针对所述预设车辆数字钥匙的激活操作生成;a vehicle digital key activation instruction receiving sub-module, configured to receive a vehicle digital key activation instruction sent by the server; the activation instruction is generated by the server detecting an activation operation for the preset vehicle digital key;
车辆数字激活指令响应子模块,用于响应所述车辆数字激活指令,并通过所述根证书生成包含第二公钥和第二私钥的公私钥对;a vehicle digital activation instruction response submodule, configured to respond to the vehicle digital activation instruction, and generate a public-private key pair including a second public key and a second private key through the root certificate;
第二公钥发送子模块,用于向所述服务端发送所述第二公钥;所述服务端用于采用所述第一私钥和所述第二公钥对所述预设数量的数字钥匙依次进行签名和加密处理,并向所述第二移动终端发送进行签名和加密处理的预设数量的数字钥匙。The second public key sending submodule is configured to send the second public key to the server; the server is configured to use the first private key and the second public key to pair the preset number of The digital key performs signature and encryption processing in sequence, and sends a preset number of digital keys for signature and encryption processing to the second mobile terminal.
可选地,所述车辆控制模块包括:Optionally, the vehicle control module includes:
数字钥匙检查子模块,用于当接收到所述第二移动终端发送的携带有相应钥匙控制信息的数字钥匙时,对所述携带有相应钥匙控制信息的数字钥匙进行检查;a digital key checking submodule, configured to check the digital key carrying the corresponding key control information when receiving the digital key carrying the corresponding key control information sent by the second mobile terminal;
车辆控制子模块,用于在检查通过之后,执行响应与所述相应钥匙控制信息对应的操作。The vehicle control sub-module is configured to execute an operation corresponding to the corresponding key control information after the inspection is passed.
可选地,所述数字钥匙检查子模块包括:Optionally, the digital key checking submodule includes:
解密验签判断单元,用于判断是否能够对所述携带有相应钥匙控制信息的数字钥匙进行解密和验签操作,得到进行解密和验签的数字钥匙;Decryption and signature verification judgment unit for judging whether decryption and signature verification operations can be performed on the digital key carrying the corresponding key control information to obtain a digital key for decryption and signature verification;
数字钥匙合法判断单元,用于若能够得到进行解密和验签的数字钥匙,则判断所述进行解密和验签的数字钥匙是否合法;The digital key legality judgment unit is used to judge whether the digital key for decryption and signature verification is legal if the digital key for decryption and signature verification can be obtained;
钥匙控制信息判断单元,用于若所述进行解密和验签的数字钥匙合法,则判断所述进行解密和验签的数字钥匙所携带的钥匙控制信息是否合法。The key control information judgment unit is configured to judge whether the key control information carried by the digital key for decryption and signature verification is legal if the digital key for decryption and signature verification is legal.
可选地,所述解密验签判断单元包括:Optionally, the decryption and signature verification judgment unit includes:
解密验签判断子单元,用于判断是否能够采用与所述第一私钥匹配的第一公钥和与所述第二公钥匹配的第二私钥,对进行签名和加密处理预设数量的数字钥匙依次进行解密和验签处理。Decryption, signature verification and judgment subunit, for judging whether the first public key matching the first private key and the second private key matching the second public key can be used to sign and encrypt a preset number of The digital key is decrypted and verified in sequence.
可选地,所述车辆具有针对所述数字钥匙的数字钥匙记录;所述数字钥匙合法判断单元包括:Optionally, the vehicle has a digital key record for the digital key; the digital key legality judging unit includes:
目标钥匙主标识获取子单元,用于在得到进行解密和验签的数字钥匙时,获取所述进行解密和验签的数字钥匙的目标钥匙主标识;The target key master identification acquisition subunit is used to obtain the target key master identification of the digital key for decryption and signature verification when the digital key for decryption and signature verification is obtained;
目标钥匙主标识判断子单元,用于判断在所述数字钥匙记录是否存在所述目标钥匙主标识;a target key master identification judging subunit for judging whether the target key master identification exists in the digital key record;
数字钥匙合法判断子单元,用于若所述数字钥匙记录中存在所述目标钥匙主标识,则判断与所述目标钥匙主标识对应的目标子记录中所包含的禁用标志位是否为预设阈值,且所述目标记录中所包含的钥匙子标识是否达到预设期望子标识。A digital key legality judging subunit, used for determining whether the disabled flag bit contained in the target subrecord corresponding to the target key main identifier is a preset threshold if the target key master identifier exists in the digital key record , and whether the key sub-identity contained in the target record reaches the preset expected sub-identity.
可选地,所述数字钥匙合法判断单元还包括:Optionally, the digital key legality judging unit further includes:
第一数字钥匙合法子单元,用于若所述目标子记录中所包含的禁用标志位为预设阈值,且所述目标记录中所包含的钥匙子标识达到预设期望子标识,则所述进行解密和验签的数字钥匙合法;The first digital key legal subunit is used for if the forbidden flag bit contained in the target subrecord is a preset threshold, and the key subidentity contained in the target record reaches a preset desired subidentity, then the The digital key for decryption and signature verification is legal;
第二数字钥匙合法子单元,用于若所述数字钥匙记录中不存在所述目标钥匙主标识,则创建包含钥匙主标识、预设期望子标识以及禁用标志位的针对所述进行解密和验签的数字钥匙的数字钥匙记录。The second digital key legal subunit is configured to create a decryption and verification code including the key main identifier, the preset expected sub-identity and the disabled flag bit if the target key master identifier does not exist in the digital key record. The digital key record of the signed digital key.
可选地,所述钥匙控制信息判断单元包括:Optionally, the key control information judgment unit includes:
钥匙控制信息判断子单元,用于判断所述进行解密和验签的数字钥匙所携带的钥匙控制信息是否与所述数字钥匙记录相同。The key control information judgment subunit is used for judging whether the key control information carried by the digital key for decryption and signature verification is the same as the digital key record.
可选地,所述装置还包括:Optionally, the device further includes:
钥匙禁用指令接收子模块,用于接收所述第一移动终端发送的钥匙禁用指令;所述钥匙禁用指令包括禁用钥匙主标识;a key disabling instruction receiving submodule, configured to receive a key disabling instruction sent by the first mobile terminal; the key disabling instruction includes a disabling key master identifier;
禁用值设置子模块,用于对携带有所述禁用钥匙主标识的钥匙记录信息中的禁用标识位设置为禁用值。The disabling value setting submodule is used to set the disabling flag bit in the key record information carrying the disabling key master identifier as a disabling value.
可选地,所述装置还包括:Optionally, the device further includes:
重启激活指令接收模块,用于按照预设时间间隔接收所述第一移动终端发送的重启激活指令;a restart activation instruction receiving module, configured to receive a restart activation instruction sent by the first mobile terminal according to a preset time interval;
重启激活指令响应模块,用于响应所述重启激活指令,并通过所述根证书生成包含第三公钥和第三私钥的公私钥对。A restart activation instruction response module, configured to respond to the restart activation instruction, and generate a public-private key pair including a third public key and a third private key by using the root certificate.
本发明实施例还公开了一种车辆,包括:所述车辆数字钥匙分配管理装置、处理器、存储器及存储在所述存储器上并能够在所述处理器上运行的计算机程序,所述计算机程序被所述处理器执行时实现任一项所述车辆数字钥匙分配管理方法的步骤。An embodiment of the present invention further discloses a vehicle, comprising: the vehicle digital key distribution management device, a processor, a memory, and a computer program stored on the memory and capable of running on the processor, the computer program When executed by the processor, any one of the steps of the vehicle digital key distribution management method is implemented.
本发明实施例还公开了一种计算机可读存储介质,所述计算机可读存储介质上存储计算机程序,所述计算机程序被处理器执行时实现任一项所述车辆数字钥匙分配管理方法的步骤。An embodiment of the present invention further discloses a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, any one of the steps of the vehicle digital key distribution management method is implemented .
本发明实施例包括以下优点:The embodiments of the present invention include the following advantages:
在本发明实施例中,涉及到服务端、第一移动终端、第二移动终端以及车辆,通过服务端接收第一移动终端发送的钥匙控制信息,并根据钥匙控制信息生成预设数量的数字钥匙;然后可以对所生成的预设数量的数字钥匙进行加密处理,以及向第二移动终端发送加密后的预设数量的数字钥匙,以便第二移动终端向车辆发送携带有相应钥匙控制信息的数字钥匙,实现对车辆进行相应控制。通过生成预设数量的携带有钥匙控制信息的数字钥匙以及向被分享终端发送加密后的预设数量的数字钥匙,使得被分享终端可以直接采用所需使用的数字钥匙进行实现车辆控制,钥匙使用者无需提前注册,也无需显式回收,可在无网络条件操控车辆,适应各种分享场景。In the embodiment of the present invention, the server, the first mobile terminal, the second mobile terminal and the vehicle are involved, the key control information sent by the first mobile terminal is received through the server, and a preset number of digital keys are generated according to the key control information Then, the generated preset number of digital keys can be encrypted, and the encrypted preset number of digital keys can be sent to the second mobile terminal, so that the second mobile terminal can send the digital keys carrying the corresponding key control information to the vehicle. key to control the vehicle accordingly. By generating a preset number of digital keys carrying key control information and sending the encrypted preset number of digital keys to the shared terminal, the shared terminal can directly use the desired digital key for vehicle control. Users do not need to register in advance, and do not need to explicitly recycle, they can control the vehicle without network conditions and adapt to various sharing scenarios.
附图说明Description of drawings
图1是本发明的一种车辆数字钥匙分配管理方法实施例的步骤流程图;1 is a flow chart of steps of an embodiment of a vehicle digital key distribution management method according to the present invention;
图2是本发明实施例中车辆数字钥匙分配管理的实现过程;Fig. 2 is the realization process of vehicle digital key distribution management in the embodiment of the present invention;
图3是本发明实施例中针对数字钥匙的生产阶段和车主绑定激活阶段的实现过程;Fig. 3 is the realization process for the production stage of the digital key and the vehicle owner binding activation stage in the embodiment of the present invention;
图4是本发明实施例中车主删除钥匙和删除全部钥匙的实现过程;Fig. 4 is the realization process that the vehicle owner deletes the key and deletes all the keys in the embodiment of the present invention;
图5是本发明的另一种车辆数字钥匙分配管理方法实施例的步骤流程图;5 is a flow chart of steps of another embodiment of a vehicle digital key distribution management method according to the present invention;
图6是本发明的又一种车辆数字钥匙分配管理方法实施例的步骤流程图;6 is a flow chart of steps of another embodiment of a vehicle digital key distribution management method according to the present invention;
图7是本发明实施例中车辆进行检查的流程示意图;FIG. 7 is a schematic flow chart of vehicle inspection in an embodiment of the present invention;
图8是本发明实施例中利用所分配的数字钥匙进行车辆控制的实现过程;Fig. 8 is the realization process of utilizing the distributed digital key to carry out vehicle control in the embodiment of the present invention;
图9是本发明的一种车辆数字钥匙分配管理装置实施例的结构框图;9 is a structural block diagram of an embodiment of a vehicle digital key distribution management device according to the present invention;
图10是本发明的另一种车辆数字钥匙分配管理装置实施例的结构框图;10 is a structural block diagram of another embodiment of a vehicle digital key distribution management device according to the present invention;
图11是本发明的又一种车辆数字钥匙分配管理装置实施例的结构框图。FIG. 11 is a structural block diagram of another embodiment of a vehicle digital key distribution management device according to the present invention.
具体实施方式Detailed ways
为使本发明的上述目的、特征和优点能够更加明显易懂,下面结合附图和具体实施方式对本发明作进一步详细的说明。In order to make the above objects, features and advantages of the present invention more clearly understood, the present invention will be described in further detail below with reference to the accompanying drawings and specific embodiments.
本发明实施例的核心思想之一是提出针对轻量级的数字车钥匙系统和设计方法,在保证安全的前提下,使数字车钥匙的使用、分享和管理更便捷;以及,使得钥匙使用者能够无需提前注册,也无需显式回收,可在无网络条件操控车辆,适应各种分享场景。One of the core ideas of the embodiments of the present invention is to propose a lightweight digital car key system and design method, so as to make the use, sharing and management of digital car keys more convenient under the premise of ensuring safety; It can control the vehicle without network conditions and adapt to various sharing scenarios without prior registration or explicit recycling.
参照图1,示出了本发明的一种车辆数字钥匙分配管理方法实施例的步骤流程图,应用于服务端, 所述服务端分别与第一移动终端、第二移动终端以及和车辆建立通信连接,具体可以包括如下步骤:Referring to FIG. 1, there is shown a flow chart of steps of an embodiment of a vehicle digital key distribution management method of the present invention, which is applied to a server, and the server establishes communication with the first mobile terminal, the second mobile terminal, and the vehicle respectively. The connection can specifically include the following steps:
步骤101,接收所述第一移动终端发送的获取钥匙控制信息; Step 101, receiving the key acquisition control information sent by the first mobile terminal;
在本发明的一种实施例中,服务端可以接收第一移动终端发送的钥匙控制信息,以便通过所接收的钥匙控制信息生成用于控制车辆的数字钥匙。In an embodiment of the present invention, the server can receive the key control information sent by the first mobile terminal, so as to generate a digital key for controlling the vehicle through the received key control information.
在实际应用中,第一移动终端可以指的是分享数字钥匙的车主的移动终端。In practical applications, the first mobile terminal may refer to the mobile terminal of the vehicle owner who shares the digital key.
在具体实现中,车主在分享钥匙时,可以对所要分享的钥匙控制信息进行设置,并将钥匙控制信息和被分享者的账号信息发送到服务端,即服务端可以接收分享者终端(即第一移动终端)所发送的钥匙控制信息和被分享者的账号信息。In the specific implementation, the car owner can set the key control information to be shared when sharing the key, and send the key control information and the account information of the shareee to the server, that is, the server can receive the sharer's terminal (that is, the first A mobile terminal) sends the key control information and the account information of the shared person.
在实际应用中,钥匙控制信息可以包括钥匙主标识(Master ID)、车辆信息(VIN码)、钥匙有效期、钥匙使用次数以及针对车辆的操作权限信息等。In practical applications, the key control information may include key master ID (Master ID), vehicle information (VIN code), key validity period, key usage times, and vehicle operation authority information.
其中,Master ID可以用于全网唯一标定一个钥匙控制信息,即具有相同Master ID的数字钥匙可以具有相同的钥匙控制信息;钥匙有效期可以用于表示在钥匙该时间以后不可用,即用于限定所生成的数字钥匙有效使用时间,若超过该有效使用时间,则数字钥匙所具有的车辆控制功能自动失效;钥匙使用次数可以用于表示该钥匙可以使用几次,具体可以通过设置的值实现使用次数的限定,例如若将使用次数设置为1即表示为一次性分享,设置为-1则可以表示该钥匙可永久使用;针对车辆的操作权限信息可以表示该钥匙是否具有权限操作某个动作,例如解锁、点火、开启充电口盖、开启尾箱等的权限。在本发明实施例中,可以通过钥匙有效期和钥匙使用次数的设计,使得被分享的钥匙无需车主显式进行回收(即不需要在确认分享钥匙使用完成后及时进行注销),极大的方便了分享钥匙的使用场景。Among them, the Master ID can be used to uniquely demarcate a key control information in the whole network, that is, digital keys with the same Master ID can have the same key control information; the validity period of the key can be used to indicate that the key is unavailable after this time, that is, it is used to limit The valid use time of the generated digital key, if it exceeds the valid use time, the vehicle control function of the digital key will automatically become invalid; the number of key uses can be used to indicate how many times the key can be used, which can be realized by the set value. The number of times is limited. For example, if the number of times of use is set to 1, it means one-time sharing, and if it is set to -1, it means that the key can be used permanently; the operation authority information for the vehicle can indicate whether the key has the authority to operate a certain action. For example, permissions to unlock, ignite, open the charging port cover, open the trunk, etc. In the embodiment of the present invention, through the design of the validity period of the key and the number of times of use of the key, the shared key does not need to be explicitly recycled by the owner (that is, it is not necessary to log out in time after confirming that the shared key is used), which is very convenient. Scenarios for sharing keys.
步骤102,根据所述钥匙控制信息生成预设数量的数字钥匙; Step 102, generating a preset number of digital keys according to the key control information;
在实际应用中,在根据上述钥匙控制信息生成数字钥匙的过程中,可以生成预设数量的数字钥匙,其中,预设数量不超过钥匙控制信息所包含的钥匙使用次数。In practical applications, in the process of generating a digital key according to the above-mentioned key control information, a preset number of digital keys may be generated, wherein the preset number does not exceed the key usage times included in the key control information.
当检测到移动终端针对数字钥匙的拉取信号时,服务端可以根据钥匙控制信息对预设数量的数字钥匙进行生成。When detecting the pulling signal of the mobile terminal for the digital key, the server can generate a preset number of digital keys according to the key control information.
可以获取被分享者(即第二移动终端用户)的账号信息,并根据钥匙控制信息和被分享者的账号信息生成钥匙拉取指令,然后向移动终端发送钥匙拉取指令,以便通过钥匙拉取指令告知与被分享者的账号信息对应的分享者能够拉取所生成的预设数量的数字钥匙;此时被分享终端(即第二移动终端)可以根据所接收到的钥匙拉取指令生成钥匙获取请求并发送给服务端,服务端可以响应移动终端发送的钥匙获取请求,以便根据钥匙控制信息生成预设数量的数字钥匙。The account information of the shareee (ie, the second mobile terminal user) can be obtained, and the key pulling instruction can be generated according to the key control information and the account information of the shareee, and then the key pulling instruction is sent to the mobile terminal, so as to obtain the key through the key pull. The instruction informs the sharer corresponding to the shareee's account information that the generated preset number of digital keys can be pulled; at this time, the shared terminal (ie the second mobile terminal) can generate a key according to the received key pulling instruction The acquisition request is sent to the server, and the server can respond to the key acquisition request sent by the mobile terminal, so as to generate a preset number of digital keys according to the key control information.
具体的,参照图2,示出了本发明实施例中车辆数字钥匙分配管理的实现过程,可以通过车主设置钥匙控制信息和被分享者的账号信息,发送给服务端;服务端可以通知被分享者账号APP具有新钥匙,并同步基础信息给到APP端,包括车牌号,蓝牙钥匙MAC地址等,其中通知与同步的方式可以通过向第二移动终端发送钥匙拉取指令实现;被分享者APP可以定期从服务端拉取一批数字钥匙,然后安全的缓存在本地,其存储方式在andriod和ios系统上一般是存储在tee环境中,能有效防止第三方偷窃;然后服务端可以根据钥匙控制信息生成若干个数字钥匙。Specifically, referring to FIG. 2 , the implementation process of vehicle digital key distribution management in the embodiment of the present invention is shown. The key control information and the account information of the shared person can be set by the vehicle owner and sent to the server; the server can notify the shared user. The user account APP has a new key, and synchronizes basic information to the APP, including the license plate number, Bluetooth key MAC address, etc. The notification and synchronization methods can be realized by sending a key pull command to the second mobile terminal; the shareee APP You can regularly pull a batch of digital keys from the server, and then safely cache them locally. The storage method is generally stored in the tee environment on andriod and ios systems, which can effectively prevent third-party theft; then the server can control the key according to the key. The information generates several digital keys.
其中,服务端在生成数字钥匙之前,可以根据控制条件判断是否能够生数字钥匙,比如当前时间不超过有效期,分发的数字钥匙总个数不超过使用次数;然后可以根据控制条件产生数字钥匙,数字钥匙信息会继承控制信息中的MasterID,操作权限,修改有效期为当前时间+5天(即在5天内可使用),并且不超过控制信息中的有效期,并增加车辆信息。Among them, before generating the digital key, the server can judge whether the digital key can be generated according to the control conditions, for example, the current time does not exceed the validity period, and the total number of digital keys distributed does not exceed the number of times of use; and then the digital key can be generated according to the control conditions. The key information will inherit the MasterID and operation authority in the control information, and the modification validity period is the current time + 5 days (that is, it can be used within 5 days), and does not exceed the validity period in the control information, and the vehicle information is added.
作为一种示例,车主所设置的钥匙控制信息,即向服务端发送的钥匙控制信息可以包括MasterID=EWRQO132、有效期为2030.12.31、使用次数为-1(即无限次),操作权限为解锁、点火、开启充电口盖、开启尾箱等;服务端在生成子钥匙时的前提可以是当前时间不超过有效期,即<2030.12.31,以及所生成的子钥匙总个数不超过使用次数;那么服务端根据钥匙控制信息所生成的子钥匙,其子钥匙信息可以包括MasterID=EWRQO132、有效期可以是当前时间+5天,且<2030.12.31,车辆信息可以为VIN号(例如LMXXXXXX),操作权限与所设置的钥匙控制信息相同,可以为解锁、点火、开启充电口盖、开启尾箱等,以及其子钥匙标识SubID在每下发一个子钥匙时则将会增加1。As an example, the key control information set by the car owner, that is, the key control information sent to the server, may include MasterID=EWRQO132, the validity period is 2030.12.31, the number of times of use is -1 (that is, unlimited), and the operation authority is unlock, Ignition, opening the charging port cover, opening the tail box, etc. The premise of the server generating sub-keys can be that the current time does not exceed the validity period, that is, <2030.12.31, and the total number of generated sub-keys does not exceed the number of times of use; then The sub-key generated by the server according to the key control information, the sub-key information can include MasterID=EWRQO132, the validity period can be the current time + 5 days, and <2030.12.31, the vehicle information can be VIN number (such as LMXXXXXX), operation authority The same as the set key control information, it can be unlocking, igniting, opening the charging port cover, opening the trunk, etc., and its sub-key identification SubID will increase by 1 each time a sub-key is issued.
在一种优选的实施例中,所生成的预设数量的数字钥匙可以包括携带有相同钥匙主标识的数字钥匙,和/或携带有不同钥匙主标识的数字钥匙;即一次性生成预设数量的数字钥匙,且所生成的具有相同钥匙主标识的数字钥匙数量不超过钥匙使用次数。In a preferred embodiment, the generated preset number of digital keys may include digital keys with the same key master identification, and/or digital keys with different key master identifications; that is, the preset number is generated at one time , and the number of generated digital keys with the same key master identification does not exceed the number of key uses.
在一种优选的实施例中,在根据钥匙控制信息生成预设数量的数字钥匙的同时,服务端还可以为生成针对数字钥匙的钥匙子标识;在向第二移动终端发送所述携带有相同钥匙主标识的数字钥匙的过程中,可以对携带有相同钥匙主标识的数字钥匙的钥匙子标识进行加一操作。In a preferred embodiment, while generating a preset number of digital keys according to the key control information, the server can also generate a key sub-identity for the digital key; During the process of the digital key of the key main identification, the key sub-identification of the digital key carrying the same key main identification can be added by one.
具体的,服务端可以为每个数字钥匙产生一个钥匙子标识(sub ID),该ID是一个自增,例如该ID的初值为1,针对携带有相同Master ID的数字钥匙,每下发一个带有相同Master ID的数字钥匙,其sub ID就增加1,以便车辆能够根据此sub ID来实现每个数字钥匙只能使用一次,即钥匙子标识用于表示数字钥匙的使用状态(该数字钥匙已被使用或未被使用)。Specifically, the server can generate a key sub ID (sub ID) for each digital key. The ID is an auto-increment. For example, the initial value of the ID is 1. For a digital key with the same Master ID, its sub ID is increased by 1, so that the vehicle can realize that each digital key can only be used once according to this sub ID, that is, the key sub-identification is used to indicate the use status of the digital key (the number key has been used or not).
步骤103,对所述预设数量的数字钥匙进行加密处理;其中,所述加密处理所使用的公钥由所述车辆中预置的根证书生成,并通过车辆转发至服务端; Step 103, performing encryption processing on the preset number of digital keys; wherein, the public key used in the encryption processing is generated from the root certificate preset in the vehicle, and forwarded to the server through the vehicle;
在实际应用中,服务端可以与车辆连接,车辆可以具有预置的针对预设车辆数字钥匙的根证书和第一公钥,且服务端可以具有与第一公钥匹配的第一私钥。In practical applications, the server can be connected to the vehicle, the vehicle can have a preset root certificate for the preset vehicle digital key and the first public key, and the server can have a first private key matching the first public key.
当检测到对所述预设车辆数字钥匙的激活操作时,生成车辆数字钥匙激活指令,并向所述车辆发送所述车辆数字钥匙激活指令;所述车辆用于响应所述车辆数字钥匙激活指令,并通过所述根证书生成包含第二公钥和第二私钥的公私钥对。When an activation operation on the preset vehicle digital key is detected, a vehicle digital key activation instruction is generated, and the vehicle digital key activation instruction is sent to the vehicle; the vehicle is used to respond to the vehicle digital key activation instruction , and generate a public-private key pair including a second public key and a second private key by using the root certificate.
具体的,参照图3,示出了本发明实施例中针对数字钥匙的生产阶段和车主绑定激活阶段的实现过程,在车辆的生产阶段,可以为每辆车预置一个服务端公钥和一个车辆端的根证书,所有车辆可以具有相同的根证书;在车主绑定与激活车辆数字钥匙阶段,车主可以通知服务端进行激活车辆,服务端可以触发车辆(即车端)进行激活。Specifically, referring to FIG. 3 , the implementation process of the digital key production stage and the vehicle owner binding activation stage in the embodiment of the present invention is shown. In the vehicle production stage, a server public key and a server public key can be preset for each vehicle. A root certificate on the vehicle side, all vehicles can have the same root certificate; in the stage of binding and activating the vehicle digital key, the owner can notify the server to activate the vehicle, and the server can trigger the vehicle (ie, the vehicle) to activate.
通过公私钥对实现对数字钥匙的通信,服务端可以在对数字钥匙进行签名和加密处理之后再发送给第二移动终端,即服务端可以接收车辆发送的第二公钥,并采用第一私钥和第二公钥对所述预设数量的数字钥匙依次进行签名和加密处理;然后向第二移动终端发送进行签名和加密处理的预设数量的数字钥匙。The communication of the digital key is realized through the public-private key pair. The server can sign and encrypt the digital key before sending it to the second mobile terminal, that is, the server can receive the second public key sent by the vehicle and use the first private key. The key and the second public key sequentially perform signature and encryption processing on the preset number of digital keys; and then send the preset number of digital keys for signature and encryption processing to the second mobile terminal.
具体可以为预置在车辆的根证书可以会生成包含第二公钥和第二私钥公私钥对,第二私钥可以留在车辆的本地,第二公钥可以发送到服务端。这样,服务端可以利用预置的第一私钥对所生成的数字钥匙进行签名,并利用车辆的第二公钥对生成的数字钥匙依次进行加密处理,在向第二移动终端发送进行签名和加密处理的数字钥匙,且第二移动终端向车辆发送进行签名和加密处理的数字钥匙之后,车辆可以利用第二私钥和第一公钥对数字钥匙依次进行解密和验签处理,从而保证了钥匙数据的安全性,不可伪造,不可篡改。Specifically, the root certificate preset in the vehicle may generate a public-private key pair including the second public key and the second private key, the second private key may be kept locally in the vehicle, and the second public key may be sent to the server. In this way, the server can use the preset first private key to sign the generated digital key, and use the vehicle's second public key to sequentially encrypt the generated digital key, and then send the signature and signature to the second mobile terminal. After the second mobile terminal sends the digital key for signature and encryption to the vehicle, the vehicle can use the second private key and the first public key to decrypt and verify the digital key in turn, thereby ensuring that the digital key is encrypted. The security of key data cannot be forged or tampered with.
需要说明的是,车主自己的钥匙也是使用这种方法进行获取的,只不过这个过程可以在APP后台逻辑中自动处理,这个过程对于车主而言是无感的。It should be noted that the owner's own key is also obtained using this method, but this process can be automatically processed in the APP background logic, which is insensitive to the owner.
步骤104,向所述第二移动终端发送加密后的预设数量的数字钥匙。Step 104: Send the encrypted preset number of digital keys to the second mobile terminal.
在本发明的一种实施例中,服务端在根据钥匙控制信息生成预设数量的数字钥匙之后,在向第二移动终端发送预设数量的数字钥匙的过程中,为了保证数字钥匙在通信过程中的安全,可以通过公私钥对实现对数字钥匙的通信,即向第二移动终端发送的数字钥匙为进行加密处理后的数字钥匙。In an embodiment of the present invention, after the server generates a preset number of digital keys according to the key control information, in the process of sending the preset number of digital keys to the second mobile terminal, in order to ensure that the digital keys are in the communication process For security in the mobile terminal, the communication of the digital key can be realized through the public-private key pair, that is, the digital key sent to the second mobile terminal is the encrypted digital key.
在一种优选的实施例中,服务端除了可以生成与下发数字钥匙外,还可以对所生成的数字钥匙进行管理,例如在车主需要提前终止某个钥匙的使用的情况下,删除所生成的部分数字钥匙或全部数字钥匙。In a preferred embodiment, in addition to generating and issuing digital keys, the server can also manage the generated digital keys. part of the digital key or all of the digital key.
参照图4,示出了本发明实施例中车主删除钥匙和删除全部钥匙的实现过程,首先可以获取钥匙禁用指令,获取钥匙禁用指令的方法可以通过结接收车主的移动终端(即第一移动终端)所生成的钥匙禁用指令;其中,所述钥匙禁用指令可以包括禁用钥匙主标识;然后向所述车辆发送所述钥匙禁用指令;所述钥匙禁用指令用于告知所述车辆将携带有所述禁用钥匙主标识的钥匙记录信息中的禁用标识位设置为禁用值。Referring to FIG. 4 , the implementation process of the vehicle owner deleting the key and deleting all the keys in the embodiment of the present invention is shown. First, the key disabling instruction can be obtained. ) generated key disabling instruction; wherein, the key disabling instruction may include disabling a key master identification; then sending the key disabling instruction to the vehicle; the key disabling instruction is used to inform the vehicle that the vehicle will carry the The disabled flag bit in the key record information of the disabled key master ID is set to the disabled value.
具体的,在删除所生成的部分数字钥匙的过程中,服务端所获取的钥匙禁用指令可以是由车主向服务端发送的携带有禁用Master ID的指令;服务端可以通知车辆将具有Master ID的钥匙记录信息中的禁用标志位设置为1,这样使得ID为Master ID的钥匙就被删除,不可再使用。Specifically, in the process of deleting some of the generated digital keys, the key disabling instruction obtained by the server may be an instruction that carries a disabled Master ID sent by the vehicle owner to the server; the server may notify the vehicle that the key with the Master ID will be disabled The disabled flag bit in the key record information is set to 1, so that the key with the ID of the Master ID is deleted and cannot be used again.
在删除所生成的全部数字钥匙的过程中,服务端所获取的钥匙禁用指令可以是由车主向服务端发送的携带有禁用所有Master ID的指令;服务端可以通知车辆将所有Master ID的钥匙记录信息中的禁用标志位设置为1,这样使得所有已经下发的钥匙就被全部删除,不可再使用。In the process of deleting all the generated digital keys, the key disabling instruction obtained by the server may be an instruction to disable all Master IDs sent by the car owner to the server; the server may notify the vehicle to record the keys of all Master IDs The disabled flag bit in the message is set to 1, so that all keys that have been issued are deleted and cannot be used again.
在一种优选的实施例中,为了更安全,服务端还可以通知车辆进行重启激活,使得车辆在重新激活阶段可以利用根证书生成一对新的公私钥对,并把新的公钥发送给服务端,后续生成的数字钥匙都 将使用这个公钥进行加密。In a preferred embodiment, in order to be more secure, the server can also notify the vehicle to restart and activate, so that the vehicle can use the root certificate to generate a new pair of public and private keys during the reactivation phase, and send the new public key to On the server side, subsequent generated digital keys will be encrypted using this public key.
作为一种示例,第一移动终端可以按照预设时间间隔生成重启激活指令,并向所述车辆发送所述重启激活指令;所述车载终端用于响应所述重启激活指令,并通过所述根证书生成包含第三公钥和第三私钥的公私钥对。As an example, the first mobile terminal may generate a restart activation instruction according to a preset time interval, and send the restart activation instruction to the vehicle; the in-vehicle terminal is configured to respond to the restart activation instruction, and send the restart activation instruction through the root The certificate generates a public-private key pair including a third public key and a third private key.
需要说明的是,针对强化或者改进某些环节的安全设计方法,比如服务端如何与移动终端的安全通信,移动终端如何保障设备安全可信,如何保证使用者可信(比如生物识别),车辆端如何安全存储和安全判断(比如使用tee)等,对此,本发明实施例不加以限制;以及车主或分享者所使用的移动终端APP的形式可以是native app,也可以是小程序、H5(指的是HTML5超文本标记语言编程语言)等形式,对此,本发明实施例也不加以限制。It should be noted that the security design method for strengthening or improving certain links, such as how the server communicates securely with the mobile terminal, how the mobile terminal ensures the security and credibility of the device, how to ensure the credibility of the user (such as biometrics), the vehicle How to safely store and judge the safety of the terminal (such as using tee), etc., this embodiment of the present invention does not limit it; and the form of the mobile terminal APP used by the car owner or the sharer can be a native app, or a small program, H5 (referring to the HTML5 hypertext markup language programming language) and other forms, which are not limited in this embodiment of the present invention.
在本发明实施例中,涉及到服务端、第一移动终端、第二移动终端以及车辆,通过服务端接收第一移动终端发送的钥匙控制信息,并根据钥匙控制信息生成预设数量的数字钥匙;然后可以对所生成的预设数量的数字钥匙进行加密处理,以及向第二移动终端发送加密后的预设数量的数字钥匙,以便第二移动终端向车辆发送携带有相应钥匙控制信息的数字钥匙,实现对车辆进行相应控制。通过生成预设数量的携带有钥匙控制信息的数字钥匙以及向被分享终端发送加密后的预设数量的数字钥匙,使得被分享终端可以直接采用所需使用的数字钥匙进行实现车辆控制,钥匙使用者无需提前注册,也无需显式回收,可在无网络条件操控车辆,适应各种分享场景。In the embodiment of the present invention, the server, the first mobile terminal, the second mobile terminal and the vehicle are involved. The server receives the key control information sent by the first mobile terminal, and generates a preset number of digital keys according to the key control information. Then, the generated preset number of digital keys can be encrypted, and the encrypted preset number of digital keys can be sent to the second mobile terminal, so that the second mobile terminal can send the digital keys carrying the corresponding key control information to the vehicle. key to control the vehicle accordingly. By generating a preset number of digital keys carrying key control information and sending the encrypted preset number of digital keys to the shared terminal, the shared terminal can directly use the desired digital key for vehicle control. Users do not need to register in advance, and do not need to explicitly recycle. They can control the vehicle without network conditions and adapt to various sharing scenarios.
参照图5,示出了本发明的另一种车辆数字钥匙分配管理方法实施例的步骤流程图,应用于第二移动终端,所述第二移动终端分别与服务端、第一移动终端以及车辆建立通信连接,具体可以包括如下步骤:Referring to FIG. 5 , there is shown a flow chart of steps of another embodiment of a vehicle digital key distribution management method according to the present invention, which is applied to a second mobile terminal, and the second mobile terminal is connected to the server, the first mobile terminal and the vehicle respectively. Establishing a communication connection may specifically include the following steps:
步骤501,接收所述服务端发送的加密后的预设数量的数字钥匙;在本发明的一种实施例中,第二移动终端可以向服务端拉取数字钥匙,具体的,服务端可以根据钥匙控制信息和被分享者的账号信息生成钥匙拉取指令,并向第二移动终端发送钥匙拉取指令;第二移动终端在接收到服务端发送的钥匙拉取指令之后,可以根据钥匙拉取指令生成钥匙获取请求,并向服务端发送钥匙获取请求;第二移动终端可以接收服务端响应钥匙获取请求发送的预设数量的数字钥匙。Step 501: Receive an encrypted preset number of digital keys sent by the server; in an embodiment of the present invention, the second mobile terminal can pull the digital key from the server. Specifically, the server can The key control information and the account information of the shareee generate a key pulling instruction, and send the key pulling instruction to the second mobile terminal; after receiving the key pulling instruction sent by the server, the second mobile terminal can pull the key according to the key The instruction generates a key acquisition request, and sends the key acquisition request to the server; the second mobile terminal can receive a preset number of digital keys sent by the server in response to the key acquisition request.
其中,所接收到的预设数量的数字钥匙可以是由服务端采用公私钥进行签名和加密处理后的数字钥匙。具体的签名和加密处理过程可以参照上述内容,为了避免内容累赘,不再描述。Wherein, the received preset number of digital keys may be digital keys that have been signed and encrypted by the server using the public and private keys. For the specific signature and encryption processing procedures, reference may be made to the above content, which is not described again in order to avoid redundant content.
步骤502,向所述车辆发送携带有相应钥匙控制信息的数字钥匙,以便所述车辆按照所述相应钥匙控制信息对所述车辆进行相应控制。Step 502: Send a digital key carrying corresponding key control information to the vehicle, so that the vehicle can control the vehicle according to the corresponding key control information.
在实际应用中,可以将预设数量的数字钥匙缓存在本地,当需要对车辆进行控制时,可以从本地获取携带有相应钥匙控制信息的数字钥匙;然后向车辆发送所述携带有相应钥匙控制信息的数字钥匙;所述车辆用于对所述携带有相应钥匙控制信息的数字钥匙进行检查,并在检查通过之后,按照相应钥匙控制信息对车辆进行相应控制。In practical applications, a preset number of digital keys can be cached locally, and when the vehicle needs to be controlled, the digital key carrying the corresponding key control information can be obtained locally; The digital key of the information; the vehicle is used to check the digital key carrying the corresponding key control information, and after the inspection is passed, the vehicle is controlled according to the corresponding key control information.
在一种优选的实施例中,可以定期从服务端拉取一批数字钥匙安全的缓存在本地,当需要操作车辆时,会将操作码(实质上为代号/序号)和数字钥匙一起发送给车辆,即可实现对车辆的控制。In a preferred embodiment, a batch of digital keys can be periodically pulled from the server and safely cached locally. When the vehicle needs to be operated, the operation code (essentially code/serial number) and the digital key are sent to the The vehicle can be controlled.
在本发明实施例中,涉及到服务端、第一移动终端、第二移动终端以及车辆,通过服务端获取钥匙控制信息,并根据钥匙控制信息生成预设数量的数字钥匙;然后可以对所生成的预设数量的数字钥匙进行加密处理,以及向第二移动终端发送加密后的预设数量的数字钥匙,以便第二移动终端向车辆发送携带有相应钥匙控制信息的数字钥匙,实现对车辆进行相应控制。通过生成预设数量的携带有钥匙控制信息的数字钥匙以及向被分享终端发送加密后的预设数量的数字钥匙,使得被分享终端可以直接采用所需使用的数字钥匙进行实现车辆控制,钥匙使用者无需提前注册,也无需显式回收,可在无网络条件操控车辆,适应各种分享场景。In the embodiment of the present invention, the server, the first mobile terminal, the second mobile terminal and the vehicle are involved, the key control information is obtained through the server, and a preset number of digital keys are generated according to the key control information; Encrypt the preset number of digital keys that have been generated, and send the encrypted preset number of digital keys to the second mobile terminal, so that the second mobile terminal can send the digital key carrying the corresponding key control information to the vehicle, so as to realize the encryption of the vehicle. Control accordingly. By generating a preset number of digital keys carrying key control information and sending the encrypted preset number of digital keys to the shared terminal, the shared terminal can directly use the desired digital key for vehicle control. Users do not need to register in advance, and do not need to explicitly recycle. They can control the vehicle without network conditions and adapt to various sharing scenarios.
参照图6,示出了本发明的又一种车辆数字钥匙分配管理方法实施例的步骤流程图,应用于车辆,所述车辆分别与第一移动终端、第二移动终端以及服务端建立通信连接,具体可以包括如下步骤:Referring to FIG. 6, there is shown a flow chart of steps of another embodiment of a vehicle digital key distribution management method according to the present invention, which is applied to a vehicle, and the vehicle establishes a communication connection with a first mobile terminal, a second mobile terminal and a server respectively. , which may include the following steps:
步骤601,根据预置的根证书生成公钥并向所述服务端转发所述公钥; Step 601, generating a public key according to a preset root certificate and forwarding the public key to the server;
具体的,如图3所示,车辆可以具有预置的针对预设车辆数字钥匙的根证书和第一公钥,服务端可以具有与所预置在车辆的第一公钥匹配的第一私钥。Specifically, as shown in FIG. 3 , the vehicle may have a preset root certificate and a first public key for the preset vehicle digital key, and the server may have a first private key matching the preset first public key in the vehicle. key.
此时车辆可以接收服务端发送的车辆数字钥匙激活指令,其中,激活指令可以是由服务端检测到针对预设车辆数字钥匙的激活操作生成;然后可以响应车辆数字激活指令,并通过预置的根证书生成 包含第二公钥和第二私钥的公私钥对;以及向服务端发送第二公钥,以使服务端可以采用所接收的第一私钥和第二公钥对所生成的预设数量的数字钥匙依次进行签名和加密处理,并向第二移动终端发送进行签名和加密处理的预设数量的数字钥匙。At this time, the vehicle can receive the vehicle digital key activation command sent by the server, wherein the activation command can be generated by the server detecting the activation operation for the preset vehicle digital key; The root certificate generates a public-private key pair including the second public key and the second private key; and sends the second public key to the server, so that the server can use the received first private key and the second public key pair. A preset number of digital keys are sequentially signed and encrypted, and the preset number of digital keys for signature and encryption are sent to the second mobile terminal.
步骤602,接收所述第二移动终端发送的加密后的预设数量的数字钥匙;所述加密后的预设数量的数字钥匙由服务端根据所述第一移动终端所发送的钥匙控制信息生成,并采用所述公钥进行加密处理;其中,所述预设数量不超过所述钥匙控制信息中所包含的钥匙使用次数;Step 602: Receive an encrypted preset number of digital keys sent by the second mobile terminal; the encrypted preset number of digital keys are generated by the server according to the key control information sent by the first mobile terminal , and use the public key to perform encryption processing; wherein, the preset number does not exceed the key usage times included in the key control information;
在本发明的一种实施例中,第二移动终端可以将操作码和数字钥匙发送到车辆,在发送的过程中,第二移动终端和车辆可以通过蓝牙等方式直接进行近场通信,使得车辆在处于无移动网络信号的环境下也可以通过数字钥匙进行解锁等操作权限。In an embodiment of the present invention, the second mobile terminal can send the operation code and the digital key to the vehicle, and during the sending process, the second mobile terminal and the vehicle can directly perform near field communication through Bluetooth and other means, so that the vehicle can In an environment with no mobile network signal, you can also use the digital key to unlock and other operation permissions.
步骤603,按照所述数字钥匙对所述车辆进行相应控制。 Step 603, correspondingly control the vehicle according to the digital key.
车辆在接收到第二移动终端发送的预设数量的数字钥匙之后,表示此时被分享者需要对车辆进行操作,车辆可以对所接收到的数字钥匙进行检查,判断是否能够采用该数字钥匙完成对车辆的相应操作。After the vehicle receives the preset number of digital keys sent by the second mobile terminal, it indicates that the shareee needs to operate the vehicle at this time, and the vehicle can check the received digital key to determine whether the digital key can be used to complete the operation. The corresponding operation of the vehicle.
具体的,当接收到所述第二移动终端发送的携带有相应钥匙控制信息的数字钥匙时,对所述携带有相应钥匙控制信息的数字钥匙进行检查;在检查通过之后,执行响应与所述相应钥匙控制信息对应的操作。Specifically, when receiving the digital key carrying the corresponding key control information sent by the second mobile terminal, the digital key carrying the corresponding key control information is checked; after the check is passed, the response and the The operation corresponding to the corresponding key control information.
对所述携带有相应钥匙控制信息的数字钥匙进行检查,主要是判断数字钥匙是否合法,具体的步骤可以如下:判断是否能够对所述携带有相应钥匙控制信息的数字钥匙进行解密和验签操作,得到进行解密和验签的数字钥匙;若能够得到进行解密和验签的数字钥匙,则判断所述进行解密和验签的数字钥匙是否合法;若所述进行解密和验签的数字钥匙合法,则判断所述进行解密和验签的数字钥匙所携带的钥匙控制信息是否合法。Checking the digital key carrying the corresponding key control information is mainly to determine whether the digital key is legal. The specific steps may be as follows: judging whether the decryption and signature verification operations can be performed on the digital key carrying the corresponding key control information. , obtain the digital key for decryption and signature verification; if the digital key for decryption and signature verification can be obtained, then judge whether the digital key for decryption and signature verification is legal; if the digital key for decryption and signature verification is legal , then it is judged whether the key control information carried by the digital key for decryption and signature verification is legal.
参照图7,示出了本发明实施例中车辆进行检查的流程示意图,车辆可以对所接收的数字钥匙进行通信安全检查、重放攻击检查以及控制信息检查,在全部检查通过后,说明钥匙合法,然后执行响应的操作。Referring to FIG. 7 , a schematic flow chart of the vehicle inspection in the embodiment of the present invention is shown. The vehicle can perform communication security inspection, replay attack inspection, and control information inspection on the received digital key. After all inspections are passed, it indicates that the key is legal. , and then perform the corresponding action.
车辆首先可以进行通信安全检查,判断是否能够采用与所述第一私钥匹配的第一公钥和与所述第二公钥匹配的第二私钥,对进行签名和加密处理预设数量的数字钥匙依次进行解密和验签处理。即利用车辆端的私钥和服务端的公钥对数字钥匙依次进行解密和验签处理,若验证通过则继续进行重放攻击检查,否则数字钥匙非法。The vehicle can first perform a communication security check to determine whether the first public key matching the first private key and the second private key matching the second public key can be used to sign and encrypt a preset number of The digital key is decrypted and signed in turn. That is, the private key of the vehicle and the public key of the server are used to decrypt and verify the digital key in turn. If the verification is passed, the replay attack check is continued, otherwise the digital key is illegal.
车辆然后可以进行重放攻击检查,车辆具有针对所述数字钥匙的数字钥匙记录,即可以记录并对比每个钥匙的记录信息,判断数字钥匙是否合法,包括钥匙是否被禁用和数字钥匙是否已经使用过;如果检查通过继续进行控制信息检查的判断,否则数字钥匙非法。The vehicle can then perform a replay attack check, the vehicle has a digital key record for the digital key, i.e. the record information for each key can be recorded and compared to determine whether the digital key is legitimate, including whether the key is disabled and whether the digital key has been used If the check passes the judgment of continuing to check the control information, otherwise the digital key is illegal.
通过记录并对比每个钥匙的记录信息,判断数字钥匙是否合法的步骤可以包括:在得到进行解密和验签的数字钥匙时,获取所述进行解密和验签的数字钥匙的目标钥匙主标识;判断在所述数字钥匙记录是否存在所述目标钥匙主标识;若所述数字钥匙记录中存在所述目标钥匙主标识,则可以判断与所述目标钥匙主标识对应的目标子记录中所包含的禁用标志位是否为预设阈值,且所述目标记录中所包含的钥匙子标识是否达到预设期望子标识。By recording and comparing the record information of each key, the step of judging whether the digital key is legal may include: when the digital key for decryption and signature verification is obtained, acquiring the target key master identifier of the digital key for decryption and signature verification; It is judged whether the target key master identifier exists in the digital key record; if the target key master identifier exists in the digital key record, it can be determined that the target sub-record corresponding to the target key master identifier contains the target key master identifier. Whether the disabled flag bit is a preset threshold, and whether the key sub-identity contained in the target record reaches a preset expected sub-identity.
其中,若所述目标子记录中所包含的禁用标志位为预设阈值,且所述目标记录中所包含的钥匙子标识达到预设期望子标识,则所述进行解密和验签的数字钥匙合法;或,若所述数字钥匙记录中不存在所述目标钥匙主标识,则创建包含钥匙主标识、预设期望子标识以及禁用标志位的针对所述进行解密和验签的数字钥匙的数字钥匙记录。Wherein, if the disabled flag bit contained in the target sub-record is a preset threshold, and the key sub-identity contained in the target record reaches the preset expected sub-identity, the digital key for decryption and signature verification legal; or, if the target key master identifier does not exist in the digital key record, create a digital key for the decryption and signature verification digital key that includes the key master identifier, a preset desired sub-identity, and a disabled flag bit key record.
参照图8,示出了本发明实施例中利用所分配的数字钥匙进行车辆控制的实现过程,车辆可以对收到的每一个数字钥匙记录并对比其记录信息,判断数字钥匙是否合法,记录信息可以包含Master ID,期望sub ID(和禁用标志位,其中,Master ID即为数字钥匙的Master ID,可以用于表示唯一标记一个钥匙信息;期望sub ID可以表示此次期望接收的数字钥匙的sub ID,如果数字钥匙中sub ID>记录表的期望sub ID,则表示此数字钥匙未被使用过,允许此数字钥匙使用,否则不允许使用;这保证了每个数字钥匙只能使用一次,避免了重放攻击;数字钥匙中sub ID<记录表的期望sub ID,表示数字钥匙被使用过;禁用标记位可以表示此钥匙是否被禁用,如果为1表示禁用,则所有数字钥匙均不允许使用;为0则表示不禁用。Referring to FIG. 8 , the implementation process of using the assigned digital key to control the vehicle in the embodiment of the present invention is shown. The vehicle can record and compare the recorded information of each digital key received to determine whether the digital key is legal and record the information. Can contain Master ID, expected sub ID (and disable flag, where Master ID is the Master ID of the digital key, which can be used to uniquely mark a key information; the expected sub ID can represent the sub of the digital key expected to receive this time. ID, if the sub ID in the digital key > the expected sub ID of the record table, it means that this digital key has not been used, and this digital key is allowed to be used, otherwise it is not allowed to be used; this ensures that each digital key can only be used once, avoiding Replay attack is prevented; sub ID in the digital key < the expected sub ID of the record table, indicating that the digital key has been used; the disable flag bit can indicate whether the key is disabled, if it is 1, it means disabled, all digital keys are not allowed to be used ; 0 means not disabled.
基于上述步骤的前提下,在车辆在收到一个数字钥匙时,首先可以查找Master ID是否存在;如果不存在,则可以创建一条默认记录,包含(Master ID,期望sub ID和禁用标志位),其值分别为 (数字钥匙中Master ID,数字钥匙中sub ID+1,0);如果存在,首先可以判断禁用标记位是否为1,为1表示禁用,则数字钥匙非法;否则进一步判断期望sub ID,如果数字钥匙中sub ID>=期望sub ID,表示此数字钥匙未被使用过,数字钥匙合法,更新期望subID=数字钥匙subID+1,否则数字钥匙非法。在本发明实施例中,通过车端主动记录并对比的方式,实现了钥匙无需注册即可使用,同时保证了安全。Based on the above steps, when the vehicle receives a digital key, it can first find out whether the Master ID exists; if it does not exist, a default record can be created, including (Master ID, expected sub ID and disable flag), Its values are (Master ID in the digital key, sub ID+1, 0 in the digital key); if it exists, first you can judge whether the disabled flag bit is 1, if it is 1, it means disabled, then the digital key is illegal; otherwise, it is further judged that the expected sub ID, if the sub ID in the digital key >= the expected sub ID, it means that the digital key has not been used, and the digital key is legal. Update the expected subID=digital key subID+1, otherwise the digital key is illegal. In the embodiment of the present invention, the key can be used without registration by means of active recording and comparison at the vehicle end, and the safety is ensured at the same time.
车辆最后可以判断控制信息检查,判断所述进行解密和验签的数字钥匙所携带的钥匙控制信息是否与所述数字钥匙记录相同,具体为判断VIN号是否一致,有效期是否过期和操作权限是否满足;判断通过,即表示全部检查通过,则说明钥匙合法,然后执行响应的操作,并返回结果。The vehicle can finally judge the control information check, and judge whether the key control information carried by the digital key for decryption and signature verification is the same as the digital key record, specifically judging whether the VIN number is consistent, whether the validity period has expired, and whether the operation authority is satisfied. ; If the judgment is passed, it means that all the checks are passed, indicating that the key is legal, and then the response operation is performed, and the result is returned.
在一种优选的实施例中,车辆还可以接收所述第一移动终端发送的钥匙禁用指令;所述钥匙禁用指令包括禁用钥匙主标识;对携带有所述禁用钥匙主标识的钥匙记录信息中的禁用标识位设置为禁用值。In a preferred embodiment, the vehicle can also receive a key disabling instruction sent by the first mobile terminal; the key disabling instruction includes a disabling key master identifier; the key record information carrying the disabling key master identifier The disable flag bit is set to the disabled value.
在一种优选的实施例中,车辆还可以按照预设时间间隔接收所述第一移动终端发送的重启激活指令;响应所述重启激活指令,并通过所述根证书生成包含第三公钥和第三私钥的公私钥对。In a preferred embodiment, the vehicle may also receive a restart activation instruction sent by the first mobile terminal at preset time intervals; in response to the restart activation instruction, generate a third public key and The public-private key pair of the third private key.
在本发明实施例中,涉及到服务端、第一移动终端、第二移动终端以及车辆,通过服务端接收第一移动终端发送的钥匙控制信息,并根据钥匙控制信息生成预设数量的数字钥匙;然后可以对所生成的预设数量的数字钥匙进行加密处理,,以及向第二移动终端发送加密后的预设数量的数字钥匙,以便第二移动终端向车辆发送携带有相应钥匙控制信息的数字钥匙,实现对车辆进行相应控制。通过生成预设数量的携带有钥匙控制信息的数字钥匙以及向被分享终端发送加密后的预设数量的数字钥匙,使得被分享终端可以直接采用所需使用的数字钥匙进行实现车辆控制,钥匙使用者无需提前注册,也无需显式回收,可在无网络条件操控车辆,适应各种分享场景。In the embodiment of the present invention, the server, the first mobile terminal, the second mobile terminal and the vehicle are involved, the key control information sent by the first mobile terminal is received through the server, and a preset number of digital keys are generated according to the key control information ; Then the generated preset number of digital keys can be encrypted, and the encrypted preset number of digital keys can be sent to the second mobile terminal, so that the second mobile terminal can send the vehicle with the corresponding key control information. The digital key can control the vehicle accordingly. By generating a preset number of digital keys carrying key control information and sending the encrypted preset number of digital keys to the shared terminal, the shared terminal can directly use the desired digital key for vehicle control. Users do not need to register in advance, and do not need to explicitly recycle, they can control the vehicle without network conditions and adapt to various sharing scenarios.
需要说明的是,对于方法实施例,为了简单描述,故将其都表述为一系列的动作组合,但是本领域技术人员应该知悉,本发明实施例并不受所描述的动作顺序的限制,因为依据本发明实施例,某些步骤可以采用其他顺序或者同时进行。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于优选实施例,所涉及的动作并不一定是本发明实施例所必须的。It should be noted that, for the sake of simple description, the method embodiments are described as a series of action combinations, but those skilled in the art should know that the embodiments of the present invention are not limited by the described action sequences, because According to embodiments of the present invention, certain steps may be performed in other sequences or simultaneously. Secondly, those skilled in the art should also know that the embodiments described in the specification are all preferred embodiments, and the actions involved are not necessarily required by the embodiments of the present invention.
参照图9,示出了本发明的一种车辆数字钥匙分配管理装置实施例的结构框图,应用于服务端,所述服务端分别与第一移动终端、第二移动终端以及和车辆建立通信连接,具体可以包括如下模块:Referring to FIG. 9 , a structural block diagram of an embodiment of a vehicle digital key distribution management device of the present invention is shown, which is applied to a server, and the server establishes a communication connection with the first mobile terminal, the second mobile terminal and the vehicle respectively. , which can include the following modules:
钥匙控制信息获取模块901,用于接收所述第一移动终端发送的钥匙控制信息;所述钥匙控制信息包括钥匙使用次数;The key control information acquisition module 901 is configured to receive the key control information sent by the first mobile terminal; the key control information includes the number of times of key use;
数字钥匙生成模块902,用于根据所述钥匙控制信息生成预设数量的数字钥匙;其中,所述预设数量不超过所述钥匙使用次数;A digital key generation module 902, configured to generate a preset number of digital keys according to the key control information; wherein, the preset number does not exceed the number of times the key is used;
数字钥匙加密模块903,用于对所述预设数量的数字钥匙进行加密处理;其中,所述加密处理所使用的公钥由所述车辆中预置的根证书生成,并通过车辆转发至服务端器;A digital key encryption module 903, configured to perform encryption processing on the preset number of digital keys; wherein, the public key used in the encryption processing is generated by the root certificate preset in the vehicle, and forwarded to the service through the vehicle end device;
数字钥匙发送模块904,用于向所述第二移动终端发送加密后的预设数量的数字钥匙。The digital key sending module 904 is configured to send the encrypted preset number of digital keys to the second mobile terminal.
在本发明的一种实施例中,数字钥匙生成模块902可以包括如下子模块:In an embodiment of the present invention, the digital key generation module 902 may include the following sub-modules:
钥匙拉取指令生成子模块,用于从所述第一移动终端获取被分享者的账号信息,并根据所述钥匙控制信息和所述被分享者的账号信息生成钥匙拉取指令;a key pulling instruction generation sub-module, used for acquiring the account information of the shareee from the first mobile terminal, and generating a key pulling instruction according to the key control information and the account information of the shareee;
钥匙拉取指令发送子模块,用于向所述第二移动终端发送所述钥匙拉取指令;所述钥匙拉取指令用于指示所述第二移动终端生成钥匙获取请求;a key pulling instruction sending submodule, configured to send the key pulling instruction to the second mobile terminal; the key pulling instruction is used to instruct the second mobile terminal to generate a key obtaining request;
数字钥匙生成子模块,用于响应所述第二移动终端发送的钥匙获取请求,根据所述钥匙控制信息生成预设数量的数字钥匙。The digital key generation sub-module is configured to generate a preset number of digital keys according to the key control information in response to a key acquisition request sent by the second mobile terminal.
在本发明的一种实施例中,所述钥匙控制信息还包括钥匙主标识、车辆信息、钥匙有效期或操作权限。In an embodiment of the present invention, the key control information further includes key master identification, vehicle information, key validity period or operation authority.
在本发明的一种实施例中,所述车辆具有预置的根证书和第一公钥,所述服务端具有与所述第一公钥匹配的第一私钥;所述数字钥匙加密模块903可以包括如下子模块:In an embodiment of the present invention, the vehicle has a preset root certificate and a first public key, the server has a first private key matching the first public key; the digital key encryption module 903 may include the following submodules:
车辆数字钥匙激活指令发送子模块,用于当检测到对所述预设车辆数字钥匙的激活操作时,生成车辆数字钥匙激活指令,并向所述车辆发送所述车辆数字钥匙激活指令;所述车辆数字钥匙激活指令用于指示所述车辆通过所述根证书生成包含第二公钥和第二私钥的公私钥对。a vehicle digital key activation command sending submodule, configured to generate a vehicle digital key activation command when an activation operation on the preset vehicle digital key is detected, and send the vehicle digital key activation command to the vehicle; the The vehicle digital key activation instruction is used to instruct the vehicle to generate a public-private key pair including a second public key and a second private key through the root certificate.
签名加密处理子模块,用于接收所述车辆发送的第二公钥,并采用所述第一私钥和所述第二公钥对所述预设数量的数字钥匙依次进行签名和加密处理。The signature and encryption processing sub-module is configured to receive the second public key sent by the vehicle, and use the first private key and the second public key to perform signature and encryption processing on the preset number of digital keys in sequence.
在本发明的一种实施例中,数字钥匙发送模块904可以包括如下子模块:In an embodiment of the present invention, the digital key sending module 904 may include the following sub-modules:
数字钥匙发送子模块,用于向所述第二移动终端发送进行签名和加密处理的预设数量的数字钥匙。The digital key sending sub-module is used for sending a preset number of digital keys for signature and encryption processing to the second mobile terminal.
在本发明的一种实施例中,所述预设数量的数字钥匙包括携带有相同钥匙主标识的数字钥匙,和/或携带有不同钥匙主标识的数字钥匙;还可以包括如下子模块:In an embodiment of the present invention, the preset number of digital keys includes digital keys carrying the same key master identifier, and/or digital keys carrying different key master identifiers; and may also include the following submodules:
钥匙子标识生成子模块,用于生成针对所述数字钥匙的钥匙子标识;所述钥匙子标识用于表示数字钥匙的使用次数;a key sub-identity generation submodule for generating a key sub-identity for the digital key; the key sub-identity is used to represent the number of times of use of the digital key;
加一操作子模块,用于在向所述第二移动终端发送所述携带有相同钥匙主标识的数字钥匙的过程中,对携带有相同钥匙主标识的数字钥匙的钥匙子标识进行加一操作。An add-one operation sub-module is used to add one to the key sub-identity of the digital key carrying the same key main identifier during the process of sending the digital key carrying the same key main identifier to the second mobile terminal. .
在本发明的一种实施例中,所述装置还可以包括如下模块:In an embodiment of the present invention, the apparatus may further include the following modules:
钥匙禁用指令获取模块,用于获取钥匙禁用指令;所述钥匙禁用指令包括禁用钥匙主标识;a key disabling instruction acquisition module for acquiring a key disabling instruction; the key disabling instruction includes a disabling key master identifier;
钥匙禁用指令发送模块,用于向所述车辆发送所述钥匙禁用指令;所述钥匙禁用指令用于告知所述车辆将携带有所述禁用钥匙主标识的钥匙记录信息中的禁用标识位设置为禁用值。A key disabling instruction sending module is used to send the key disabling instruction to the vehicle; the key disabling instruction is used to inform the vehicle to set the disabling identification bit in the key record information carrying the disabling key master identification as Disabled value.
在本发明的一种实施例中,所述装置还可以包括如下模块:In an embodiment of the present invention, the apparatus may further include the following modules:
重启激活指令发送模块,用于按照预设时间间隔生成重启激活指令,并向所述车辆发送所述重启激活指令;所述重启激活指令用于指示所述车辆通过所述根证书生成包含第三公钥和第三私钥的公私钥对。A restart activation instruction sending module is configured to generate a restart activation instruction according to a preset time interval, and send the restart activation instruction to the vehicle; the restart activation instruction is used to instruct the vehicle to generate a third activation instruction through the root certificate. The public-private key pair of the public key and the third private key.
参照图10,示出了本发明的另一种车辆数字钥匙分配管理装置实施例的结构框图,应用于第二移动终端,所述第二移动终端分别与服务端、第一移动终端以及车辆建立通信连接,具体可以包括如下模块:Referring to FIG. 10 , it shows a structural block diagram of another embodiment of the vehicle digital key distribution management device of the present invention, which is applied to a second mobile terminal, and the second mobile terminal is established with the server, the first mobile terminal and the vehicle respectively. The communication connection can specifically include the following modules:
数字钥匙接收模块1001,用于接收所述服务端发送的加密后的预设数量的数字钥匙;所述加密后的预设数量的数字钥匙由服务端根据所述第一移动终端所发送的钥匙控制信息生成,并采用所述公钥进行加密处理;其中,所述预设数量不超过所述钥匙控制信息中所包含的钥匙使用次数;The digital key receiving module 1001 is used for receiving the encrypted preset number of digital keys sent by the server; the encrypted preset number of digital keys are sent by the server according to the keys sent by the first mobile terminal Control information is generated, and the public key is used for encryption processing; wherein, the preset number does not exceed the key usage times included in the key control information;
数字钥匙发送模块1002,用于向所述车辆发送数字钥匙,以便所述车辆按照所述数字钥匙对所述车辆进行相应控制。The digital key sending module 1002 is configured to send a digital key to the vehicle, so that the vehicle can control the vehicle according to the digital key.
在本发明的一种实施例中,数字钥匙接收模块1001可以包括如下子模块:In an embodiment of the present invention, the digital key receiving module 1001 may include the following sub-modules:
钥匙拉取指令接收子模块,用于接收所述服务端发送的钥匙拉取指令;所述钥匙拉取指令由服务端根据所述第一移动终端发送的钥匙控制信息和账号信息生成;a key pulling instruction receiving sub-module, configured to receive the key pulling instruction sent by the server; the key pulling instruction is generated by the server according to the key control information and account information sent by the first mobile terminal;
钥匙获取请求发送子模块,用于根据所述钥匙拉取指令生成钥匙获取请求,并向所述服务端发送所述钥匙获取请求;A key acquisition request sending submodule, configured to generate a key acquisition request according to the key pulling instruction, and send the key acquisition request to the server;
字钥匙接收子模块,用于接收所述服务端响应所述钥匙获取请求发送的预设数量的数字钥匙。The word key receiving sub-module is configured to receive a preset number of digital keys sent by the server in response to the key acquisition request.
在本发明的一种实施例中,所接收到的预设数量的数字钥匙由所述服务端采用公私钥进行签名和加密处理后的数字钥匙。In an embodiment of the present invention, the received digital keys of the preset number are signed and encrypted by the server using the public and private keys.
在本发明的一种实施例中,数字钥匙发送模块1002可以包括如下子模块:In an embodiment of the present invention, the digital key sending module 1002 may include the following sub-modules:
钥匙控制信息获取子模块,用于将所述预设数量的数字钥匙缓存在本地,从本地获取携带有相应钥匙控制信息的数字钥匙;a key control information acquisition sub-module, configured to cache the preset number of digital keys locally, and obtain digital keys carrying corresponding key control information locally;
钥匙控制信息发送子模块,用于向车辆发送所述携带有相应钥匙控制信息的数字钥匙;所述车辆用于对所述携带有相应钥匙控制信息的数字钥匙进行检查,并在检查通过之后,按照相应钥匙控制信息对车辆进行相应控制。The key control information sending sub-module is used to send the digital key carrying the corresponding key control information to the vehicle; the vehicle is used to check the digital key carrying the corresponding key control information, and after the inspection is passed, The vehicle is controlled according to the corresponding key control information.
参照图11,示出了本发明的又一种车辆数字钥匙分配管理装置实施例的结构框图,应用于车辆,所述车辆分别与第一移动终端、第二移动终端被分享者终端以及服务端建立通信连接,具体可以包括如下模块:Referring to FIG. 11 , there is shown a structural block diagram of another embodiment of a vehicle digital key distribution management apparatus according to the present invention, which is applied to a vehicle, and the vehicle is connected to the first mobile terminal, the second mobile terminal, and the server terminal respectively. Establishing a communication connection can specifically include the following modules:
公钥生成模块1101,用于根据预置的根证书生成公钥并向所述服务端转发所述公钥;a public key generation module 1101, configured to generate a public key according to a preset root certificate and forward the public key to the server;
数字钥匙接收模块1102,用于接收所述第二移动终端发送的加密后的预设数量的数字钥匙;所述加密后的预设数量的数字钥匙由服务端根据所述第一移动终端所发送的钥匙控制信息生成,并采用所述公钥进行加密处理;其中,所述预设数量不超过所述钥匙控制信息中所包含的钥匙使用次数;A digital key receiving module 1102, configured to receive an encrypted preset number of digital keys sent by the second mobile terminal; the encrypted preset number of digital keys are sent by the server according to the first mobile terminal The key control information is generated, and the public key is used for encryption processing; wherein, the preset number does not exceed the key usage times included in the key control information;
车辆控制模块1103,用于按照所述数字钥匙对所述车辆进行相应控制。The vehicle control module 1103 is configured to control the vehicle according to the digital key.
在本发明的一种实施例中,所述车辆具有预置的第一公钥,所述服务端具有与所述第一公钥匹配 的第一私钥;所述公钥生成模块1101可以包括如下子模块:In an embodiment of the present invention, the vehicle has a preset first public key, and the server has a first private key matching the first public key; the public key generation module 1101 may include The following submodules:
车辆数字钥匙激活指令接收子模块,用于接收所述服务端发送的车辆数字钥匙激活指令;所述激活指令由所述服务端检测到针对所述预设车辆数字钥匙的激活操作生成;a vehicle digital key activation instruction receiving sub-module, configured to receive a vehicle digital key activation instruction sent by the server; the activation instruction is generated by the server detecting an activation operation for the preset vehicle digital key;
车辆数字激活指令响应子模块,用于响应所述车辆数字激活指令,并通过所述根证书生成包含第二公钥和第二私钥的公私钥对;a vehicle digital activation instruction response submodule, configured to respond to the vehicle digital activation instruction, and generate a public-private key pair including a second public key and a second private key through the root certificate;
第二公钥发送子模块,用于向所述服务端发送所述第二公钥;所述服务端用于采用所述第一私钥和所述第二公钥对所述预设数量的数字钥匙依次进行签名和加密处理,并向所述第二移动终端发送进行签名和加密处理的预设数量的数字钥匙。The second public key sending submodule is configured to send the second public key to the server; the server is configured to use the first private key and the second public key to pair the preset number of The digital key performs signature and encryption processing in sequence, and sends a preset number of digital keys for signature and encryption processing to the second mobile terminal.
在本发明的一种实施例中,车辆控制模块1103可以包括如下子模块:In an embodiment of the present invention, the vehicle control module 1103 may include the following sub-modules:
数字钥匙检查子模块,用于当接收到所述移动终端发送的携带有相应钥匙控制信息的数字钥匙时,对所述携带有相应钥匙控制信息的数字钥匙进行检查;a digital key checking submodule, configured to check the digital key carrying the corresponding key control information when receiving the digital key carrying the corresponding key control information sent by the mobile terminal;
车辆控制子模块,用于在检查通过之后,执行响应与所述相应钥匙控制信息对应的操作。The vehicle control sub-module is configured to execute an operation corresponding to the corresponding key control information after the inspection is passed.
在本发明的一种实施例中,数字钥匙检查子模块可以包括如下单元:In an embodiment of the present invention, the digital key checking sub-module may include the following units:
解密验签判断单元,用于判断是否能够对所述携带有相应钥匙控制信息的数字钥匙进行解密和验签操作,得到进行解密和验签的数字钥匙;Decryption and signature verification judgment unit for judging whether decryption and signature verification operations can be performed on the digital key carrying the corresponding key control information to obtain a digital key for decryption and signature verification;
数字钥匙合法判断单元,用于若能够得到进行解密和验签的数字钥匙,则判断所述进行解密和验签的数字钥匙是否合法;The digital key legality judgment unit is used to judge whether the digital key for decryption and signature verification is legal if the digital key for decryption and signature verification can be obtained;
钥匙控制信息判断单元,用于若所述进行解密和验签的数字钥匙合法,则判断所述进行解密和验签的数字钥匙所携带的钥匙控制信息是否合法。The key control information judgment unit is configured to judge whether the key control information carried by the digital key for decryption and signature verification is legal if the digital key for decryption and signature verification is legal.
在本发明的一种实施例中,解密验签判断单元可以包括如下子单元:In an embodiment of the present invention, the decryption and signature verification judgment unit may include the following subunits:
解密验签判断子单元,用于判断是否能够采用与所述第一私钥匹配的第一公钥和与所述第二公钥匹配的第二私钥,对进行签名和加密处理预设数量的数字钥匙依次进行解密和验签处理。Decryption, signature verification and judgment subunit, for judging whether the first public key matching the first private key and the second private key matching the second public key can be used to sign and encrypt a preset number of The digital key is decrypted and verified in sequence.
在本发明的一种实施例中,所述车辆具有针对所述数字钥匙的数字钥匙记录;数字钥匙合法判断单元可以包括如下子单元:In an embodiment of the present invention, the vehicle has a digital key record for the digital key; the digital key legality judging unit may include the following subunits:
目标钥匙主标识获取子单元,用于在得到进行解密和验签的数字钥匙时,获取所述进行解密和验签的数字钥匙的目标钥匙主标识;The target key master identification acquisition subunit is used to obtain the target key master identification of the digital key for decryption and signature verification when the digital key for decryption and signature verification is obtained;
目标钥匙主标识判断子单元,用于判断在所述数字钥匙记录是否存在所述目标钥匙主标识;a target key master identification judging subunit for judging whether the target key master identification exists in the digital key record;
数字钥匙合法判断子单元,用于若所述数字钥匙记录中存在所述目标钥匙主标识,则判断与所述目标钥匙主标识对应的目标子记录中所包含的禁用标志位是否为预设阈值,且所述目标记录中所包含的钥匙子标识是否达到预设期望子标识。A digital key legality judging subunit, used for determining whether the prohibited flag bit contained in the target subrecord corresponding to the target key main identifier is a preset threshold if the target key master identifier exists in the digital key record , and whether the key sub-identity contained in the target record reaches the preset expected sub-identity.
在本发明的一种实施例中,数字钥匙合法判断单元还可以包括如下子单元:In an embodiment of the present invention, the digital key legality judging unit may further include the following subunits:
第一数字钥匙合法子单元,用于若所述目标子记录中所包含的禁用标志位为预设阈值,且所述目标记录中所包含的钥匙子标识达到预设期望子标识,则所述进行解密和验签的数字钥匙合法;The first digital key legal subunit is used for if the forbidden flag bit contained in the target subrecord is a preset threshold, and the key subidentity contained in the target record reaches a preset desired subidentity, then the The digital key for decryption and signature verification is legal;
第二数字钥匙合法子单元,用于若所述数字钥匙记录中不存在所述目标钥匙主标识,则创建包含钥匙主标识、预设期望子标识以及禁用标志位的针对所述进行解密和验签的数字钥匙的数字钥匙记录。The second digital key legal subunit is configured to create a decryption and verification code including the key main identifier, the preset expected sub-identity and the disabled flag bit if the target key master identifier does not exist in the digital key record. The digital key record of the signed digital key.
在本发明的一种实施例中,钥匙控制信息判断单元可以包括如下子单元:In an embodiment of the present invention, the key control information judging unit may include the following subunits:
钥匙控制信息判断子单元,用于判断所述进行解密和验签的数字钥匙所携带的钥匙控制信息是否与所述数字钥匙记录相同。The key control information judgment subunit is used for judging whether the key control information carried by the digital key for decryption and signature verification is the same as the digital key record.
在本发明的一种实施例中,所述装置还可以包括如下模块:In an embodiment of the present invention, the apparatus may further include the following modules:
钥匙禁用指令接收子模块,用于接收所述第一移动终端发送的钥匙禁用指令;所述钥匙禁用指令包括禁用钥匙主标识;a key disabling instruction receiving submodule, configured to receive a key disabling instruction sent by the first mobile terminal; the key disabling instruction includes a disabling key master identifier;
禁用值设置子模块,用于对携带有所述禁用钥匙主标识的钥匙记录信息中的禁用标识位设置为禁用值。The disabling value setting submodule is used for setting the disabling flag bit in the key record information carrying the disabling key master identifier as a disabling value.
在本发明的一种实施例中,所述装置还可以包括如下模块:In an embodiment of the present invention, the apparatus may further include the following modules:
重启激活指令接收模块,用于按照预设时间间隔接收所述第一移动终端发送的重启激活指令;a restart activation instruction receiving module, configured to receive the restart activation instruction sent by the first mobile terminal according to a preset time interval;
重启激活指令响应模块,用于响应所述重启激活指令,并通过所述根证书生成包含第三公钥和第三私钥的公私钥对。A restart activation instruction response module, configured to respond to the restart activation instruction, and generate a public-private key pair including a third public key and a third private key by using the root certificate.
对于装置实施例而言,由于其与方法实施例基本相似,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。As for the apparatus embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and reference may be made to the partial description of the method embodiment for related parts.
本发明实施例还提供了一种车辆,包括:The embodiment of the present invention also provides a vehicle, including:
包括上述车辆数字钥匙分配管理装置、处理器、存储器及存储在所述存储器上并能够在所述处理器上运行的计算机程序,该计算机程序被处理器执行时实现上述车辆数字钥匙分配管理方法实施例的各个过程,且能达到相同的技术效果,为避免重复,这里不再赘述。It includes the above-mentioned vehicle digital key distribution management device, a processor, a memory, and a computer program stored on the memory and capable of running on the processor, and when the computer program is executed by the processor, the above-mentioned vehicle digital key distribution management method is implemented. In order to avoid repetition, the details are not repeated here.
本发明实施例还提供了一种计算机可读存储介质,计算机可读存储介质上存储计算机程序,计算机程序被处理器执行时实现上述车辆数字钥匙分配管理方法实施例的各个过程,且能达到相同的技术效果,为避免重复,这里不再赘述。Embodiments of the present invention also provide a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, each process of the foregoing embodiments of the vehicle digital key allocation management method is implemented, and the same can be achieved. In order to avoid repetition, the technical effect will not be repeated here.
本说明书中的各个实施例均采用递进的方式描述,每个实施例重点说明的都是与其他实施例的不同之处,各个实施例之间相同相似的部分互相参见即可。The various embodiments in this specification are described in a progressive manner, and each embodiment focuses on the differences from other embodiments, and the same and similar parts between the various embodiments may be referred to each other.
本领域内的技术人员应明白,本发明实施例的实施例可提供为方法、装置、或计算机程序产品。因此,本发明实施例可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明实施例可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。It should be understood by those skilled in the art that the embodiments of the embodiments of the present invention may be provided as a method, an apparatus, or a computer program product. Accordingly, embodiments of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present invention may take the form of a computer program product implemented on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
本发明实施例是参照根据本发明实施例的方法、终端设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理终端设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理终端设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。Embodiments of the present invention are described with reference to flowcharts and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the present invention. It will be understood that each flow and/or block in the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to the processor of a general purpose computer, special purpose computer, embedded processor or other programmable data processing terminal equipment to produce a machine that causes the instructions to be executed by the processor of the computer or other programmable data processing terminal equipment Means are created for implementing the functions specified in the flow or flows of the flowcharts and/or the blocks or blocks of the block diagrams.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理终端设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer readable memory capable of directing a computer or other programmable data processing terminal equipment to operate in a particular manner, such that the instructions stored in the computer readable memory result in an article of manufacture comprising instruction means, the The instruction means implement the functions specified in the flow or flow of the flowcharts and/or the block or blocks of the block diagrams.
这些计算机程序指令也可装载到计算机或其他可编程数据处理终端设备上,使得在计算机或其他可编程终端设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程终端设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded on a computer or other programmable data processing terminal equipment, so that a series of operational steps are performed on the computer or other programmable terminal equipment to produce a computer-implemented process, thereby executing on the computer or other programmable terminal equipment The instructions executed on the above provide steps for implementing the functions specified in the flowchart or blocks and/or the block or blocks of the block diagrams.
尽管已描述了本发明实施例的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例做出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本发明实施例范围的所有变更和修改。Although preferred embodiments of the embodiments of the present invention have been described, additional changes and modifications to these embodiments may be made by those skilled in the art once the basic inventive concepts are known. Therefore, the appended claims are intended to be construed to include the preferred embodiments as well as all changes and modifications that fall within the scope of the embodiments of the present invention.
最后,还需要说明的是,在本文中,诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者终端设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者终端设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、物品或者终端设备中还存在另外的相同要素。Finally, it should also be noted that in this document, relational terms such as first and second are used only to distinguish one entity or operation from another, and do not necessarily require or imply these entities or that there is any such actual relationship or sequence between operations. Moreover, the terms "comprising", "comprising" or any other variation thereof are intended to encompass non-exclusive inclusion such that a process, method, article or terminal device that includes a list of elements includes not only those elements, but also a non-exclusive list of elements. other elements, or also include elements inherent to such a process, method, article or terminal equipment. Without further limitation, an element defined by the phrase "comprises a..." does not preclude the presence of additional identical elements in the process, method, article or terminal device comprising said element.
以上对本发明所提供的一种车辆数字钥匙分配管理方法和一种车辆数字钥匙分配管理装置,进行了详细介绍,本文中应用了具体个例对本发明的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本发明的方法及其核心思想;同时,对于本领域的一般技术人员,依据本发明的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本发明的限制。A vehicle digital key distribution management method and a vehicle digital key distribution management device provided by the present invention have been introduced in detail above. Specific examples are used in this paper to illustrate the principles and implementations of the present invention. The above embodiments The description is only used to help understand the method of the present invention and its core idea; at the same time, for those of ordinary skill in the art, according to the idea of the present invention, there will be changes in the specific implementation and application scope. However, the contents of this specification should not be construed as limiting the present invention.

Claims (21)

  1. 一种车辆数字钥匙分配管理方法,其特征在于,应用于服务端,所述服务端分别与第一移动终端、第二移动终端以及车辆建立通信连接,所述方法包括:A vehicle digital key distribution management method, characterized in that it is applied to a server, and the server establishes a communication connection with a first mobile terminal, a second mobile terminal and a vehicle respectively, and the method includes:
    接收所述第一移动终端发送的钥匙控制信息;所述钥匙控制信息包括钥匙使用次数;Receive key control information sent by the first mobile terminal; the key control information includes the number of times of key use;
    根据所述钥匙控制信息生成预设数量的数字钥匙;其中,所述预设数量不超过所述钥匙使用次数;Generate a preset number of digital keys according to the key control information; wherein the preset number does not exceed the number of times the key is used;
    对所述预设数量的数字钥匙进行加密处理;其中,所述加密处理所使用的公钥由所述车辆中预置的根证书生成,并通过车辆转发至所述服务端;Encrypting the preset number of digital keys; wherein, the public key used in the encryption process is generated by a root certificate preset in the vehicle, and forwarded to the server through the vehicle;
    向所述第二移动终端发送加密后的预设数量的数字钥匙。Send an encrypted preset number of digital keys to the second mobile terminal.
  2. 根据权利要求1所述的方法,其特征在于,所述根据所述钥匙控制信息生成预设数量的数字钥匙,包括:The method according to claim 1, wherein the generating a preset number of digital keys according to the key control information comprises:
    从所述第一移动终端获取账号信息,并根据所述钥匙控制信息和所述账号信息生成钥匙拉取指令;Acquire account information from the first mobile terminal, and generate a key pulling instruction according to the key control information and the account information;
    向所述第二移动终端发送所述钥匙拉取指令;所述钥匙拉取指令用于指示所述第二移动终端生成钥匙获取请求;sending the key pulling instruction to the second mobile terminal; the key pulling instruction is used to instruct the second mobile terminal to generate a key obtaining request;
    响应所述第二移动终端发送的钥匙获取请求,根据所述钥匙控制信息生成预设数量的数字钥匙。In response to the key acquisition request sent by the second mobile terminal, a preset number of digital keys are generated according to the key control information.
  3. 根据权利要求1或2所述的方法,其特征在于,所述钥匙控制信息还包括钥匙主标识、车辆信息、钥匙有效期或操作权限。The method according to claim 1 or 2, wherein the key control information further includes a key master identification, vehicle information, key validity period or operation authority.
  4. 根据权利要求1所述的方法,其特征在于,所述车辆具有预置的根证书和第一公钥,所述服务端具有与所述第一公钥匹配的第一私钥;The method according to claim 1, wherein the vehicle has a preset root certificate and a first public key, and the server has a first private key matching the first public key;
    所述对所述预设数量的数字钥匙进行加密处理,包括:The encrypting process for the preset number of digital keys includes:
    当检测到对所述预设车辆数字钥匙的激活操作时,生成车辆数字钥匙激活指令,并向所述车辆发送所述车辆数字钥匙激活指令;所述车辆数字钥匙激活指令用于指示所述车辆通过所述根证书生成包含第二公钥和第二私钥的公私钥对;When an activation operation on the preset vehicle digital key is detected, a vehicle digital key activation instruction is generated, and the vehicle digital key activation instruction is sent to the vehicle; the vehicle digital key activation instruction is used to instruct the vehicle Generate a public-private key pair including a second public key and a second private key by using the root certificate;
    接收所述车辆发送的第二公钥,并采用所述第一私钥和所述第二公钥对所述预设数量的数字钥匙依次进行签名和加密处理;receiving the second public key sent by the vehicle, and using the first private key and the second public key to sequentially sign and encrypt the preset number of digital keys;
    所述向所述第二移动终端发送加密后的预设数量的数字钥匙,包括:The sending the encrypted preset number of digital keys to the second mobile terminal includes:
    向所述第二移动终端发送进行签名和加密处理的预设数量的数字钥匙。A preset number of digital keys for signature and encryption processing are sent to the second mobile terminal.
  5. 根据权利要求3所述的方法,其特征在于,所述预设数量的数字钥匙包括携带有相同钥匙主标识的数字钥匙,和/或携带有不同钥匙主标识的数字钥匙;The method according to claim 3, wherein the preset number of digital keys includes digital keys carrying the same key master identifier, and/or digital keys carrying different key master identifiers;
    所述根据所述钥匙控制信息生成预设数量的数字钥匙,还包括:The generating a preset number of digital keys according to the key control information further includes:
    生成针对所述数字钥匙的钥匙子标识;所述钥匙子标识用于表示数字钥匙的使用次数;generating a key sub-identity for the digital key; the key sub-identity is used to represent the number of times of use of the digital key;
    在向所述第二移动终端发送所述携带有相同钥匙主标识的数字钥匙的过程中,对携带有相同钥匙主标识的数字钥匙的钥匙子标识进行加一操作。During the process of sending the digital key carrying the same main key identification to the second mobile terminal, an operation of adding one to the key sub-identification of the digital key carrying the same key main identification is performed.
  6. 根据权利要求1所述的方法,其特征在于,所述方法还包括:The method according to claim 1, wherein the method further comprises:
    获取钥匙禁用指令;所述钥匙禁用指令包括禁用钥匙主标识;Obtaining a key disabling instruction; the key disabling instruction includes a disabling key master identifier;
    向所述车辆发送所述钥匙禁用指令;所述钥匙禁用指令用于告知所述车辆将携带有所述禁用钥匙主标识的钥匙记录信息中的禁用标识位设置为禁用值。The key disabling instruction is sent to the vehicle; the key disabling instruction is used to inform the vehicle to set the disabling identification bit in the key record information carrying the disabling key master identification to a disabling value.
  7. 根据权利要求1所述的方法,其特征在于,所述方法还包括:The method according to claim 1, wherein the method further comprises:
    按照预设时间间隔生成重启激活指令,并向所述车辆发送所述重启激活指令;所述重启激活指令用于指示所述车辆通过所述根证书生成包含第三公钥和第三私钥的公私钥对。Generate a restart activation instruction according to a preset time interval, and send the restart activation instruction to the vehicle; the restart activation instruction is used to instruct the vehicle to generate a third public key and a third private key through the root certificate. public-private key pair.
  8. 一种车辆数字钥匙分配管理方法,其特征在于,应用于车辆,所述车辆分别与第一移动终端、第二移动终端以及服务端建立通信连接,所述方法包括:A method for distributing and managing vehicle digital keys, characterized in that it is applied to a vehicle, and the vehicle establishes a communication connection with a first mobile terminal, a second mobile terminal and a server respectively, and the method comprises:
    根据预置的根证书生成公钥并向所述服务端转发所述公钥;Generate a public key according to the preset root certificate and forward the public key to the server;
    接收所述第二移动终端发送的加密后的预设数量的数字钥匙;所述加密后的预设数量的数字钥匙由服务端根据所述第一移动终端所发送的钥匙控制信息生成,并采用所述公钥进行加密处理;其中,所述预设数量不超过所述钥匙控制信息中所包含的钥匙使用次数;Receive the encrypted preset number of digital keys sent by the second mobile terminal; the encrypted preset number of digital keys are generated by the server according to the key control information sent by the first mobile terminal, and use The public key is encrypted; wherein, the preset number does not exceed the number of key uses included in the key control information;
    按照所述数字钥匙对所述车辆进行相应控制。The vehicle is controlled accordingly according to the digital key.
  9. 根据权利要求8所述的方法,其特征在于,所述车辆具有预置第一公钥,所述服务端具有与所述第一公钥匹配的第一私钥;所述根据预置的根证书生成公钥并向所述服务端转发所述公钥,包括:The method according to claim 8, wherein the vehicle has a preset first public key, and the server has a first private key matching the first public key; the preset root The certificate generates a public key and forwards the public key to the server, including:
    接收所述服务端发送的车辆数字钥匙激活指令;所述激活指令由所述服务端检测到针对所述预设车辆数字钥匙的激活操作生成;Receive a vehicle digital key activation instruction sent by the server; the activation instruction is generated by the server detecting an activation operation for the preset vehicle digital key;
    响应所述车辆数字激活指令,并通过所述根证书生成包含第二公钥和第二私钥的公私钥对;Responding to the vehicle digital activation instruction, and generating a public-private key pair including a second public key and a second private key through the root certificate;
    向所述服务端发送所述第二公钥;所述服务端用于采用所述第一私钥和所述第二公钥对所述预设数量的数字钥匙依次进行签名和加密处理,并向所述第二移动终端发送进行签名和加密处理的预设数量的数字钥匙。Send the second public key to the server; the server is configured to use the first private key and the second public key to perform signature and encryption processing on the preset number of digital keys in turn, and A preset number of digital keys for signature and encryption processing are sent to the second mobile terminal.
  10. 根据权利要求8所述的方法,其特征在于,所述按照所述数字钥匙对所述车辆进行相应控制,包括:The method according to claim 8, wherein the corresponding control of the vehicle according to the digital key comprises:
    当接收到所述第二移动终端发送的携带有相应钥匙控制信息的数字钥匙时,对所述携带有相应钥匙控制信息的数字钥匙进行检查;When receiving the digital key carrying the corresponding key control information sent by the second mobile terminal, checking the digital key carrying the corresponding key control information;
    在检查通过之后,执行响应与所述相应钥匙控制信息对应的操作。After the check is passed, an operation corresponding to the corresponding key control information is performed in response.
  11. 根据权利要求10所述的方法,其特征在于,所述对所述携带有相应钥匙控制信息的数字钥匙进行检查,包括:The method according to claim 10, wherein the checking the digital key carrying the corresponding key control information comprises:
    判断所述携带有相应钥匙控制信息的数字钥匙是否合法;Determine whether the digital key carrying the corresponding key control information is legal;
    所述判断所述携带有相应钥匙控制信息的数字钥匙是否合法,包括:The judging whether the digital key carrying the corresponding key control information is legal includes:
    判断是否能够对所述携带有相应钥匙控制信息的数字钥匙进行解密和验签操作,得到进行解密和验签的数字钥匙;Determine whether the decryption and signature verification operations can be performed on the digital key carrying the corresponding key control information to obtain a digital key for decryption and signature verification;
    若能够得到进行解密和验签的数字钥匙,则判断所述进行解密和验签的数字钥匙是否合法;If the digital key for decryption and signature verification can be obtained, then determine whether the digital key for decryption and signature verification is legal;
    若所述进行解密和验签的数字钥匙合法,则判断所述进行解密和验签的数字钥匙所携带的钥匙控制信息是否合法。If the digital key for decryption and signature verification is legal, it is determined whether the key control information carried by the digital key for decryption and signature verification is legal.
  12. 根据权利要求10所述的方法,其特征在于,所述判断是否能够对所述携带有相应钥匙控制信息的数字钥匙进行解密和验签操作,得到进行解密和验签的数字钥匙,包括:The method according to claim 10, wherein the judging whether decryption and signature verification operations can be performed on the digital key carrying the corresponding key control information to obtain the digital key for decryption and signature verification, comprising:
    判断是否能够采用与所述第一私钥匹配的第一公钥和与所述第二公钥匹配的第二私钥,对进行签名和加密处理预设数量的数字钥匙依次进行解密和验签处理。Judging whether the first public key matching the first private key and the second private key matching the second public key can be used to sequentially decrypt and verify a preset number of digital keys for signature and encryption processing deal with.
  13. 根据权利要求10所述的方法,其特征在于,所述车辆具有针对所述数字钥匙的数字钥匙记录;所述判断所述进行解密和验签的数字钥匙是否合法,包括:The method according to claim 10, wherein the vehicle has a digital key record for the digital key; and the judging whether the decrypted and signed digital key is legal comprises:
    在得到进行解密和验签的数字钥匙时,获取所述进行解密和验签的数字钥匙的目标钥匙主标识;When obtaining the digital key for decryption and signature verification, obtain the target key master identifier of the digital key for decryption and signature verification;
    判断在所述数字钥匙记录是否存在所述目标钥匙主标识;Judging whether the target key master identifier exists in the digital key record;
    若所述数字钥匙记录中存在所述目标钥匙主标识,则判断与所述目标钥匙主标识对应的目标子记录中所包含的禁用标志位是否为预设阈值,且所述目标记录中所包含的钥匙子标识是否达到预设期望子标识。If the target key master identifier exists in the digital key record, it is determined whether the disable flag bit included in the target subrecord corresponding to the target key master identifier is a preset threshold, and the target record includes Whether the key sub-identity of the key reaches the preset expected sub-identity.
  14. 根据权利要求13所述的方法,其特征在于,所述方法还包括:The method of claim 13, wherein the method further comprises:
    若所述目标子记录中所包含的禁用标志位为预设阈值,且所述目标记录中所包含的钥匙子标识达到预设期望子标识,则所述进行解密和验签的数字钥匙合法;If the disabled flag bit contained in the target sub-record is a preset threshold, and the key sub-identity contained in the target record reaches the preset expected sub-identity, then the digital key for decryption and signature verification is legal;
    或,若所述数字钥匙记录中不存在所述目标钥匙主标识,则创建包含钥匙主标识、预设期望子标识以及禁用标志位的针对所述进行解密和验签的数字钥匙的数字钥匙记录。Or, if the target key master identifier does not exist in the digital key record, create a digital key record containing the key master identifier, a preset desired sub-identity and a disabled flag bit for the digital key for decryption and signature verification .
  15. 根据权利要求12所述的方法,其特征在于,所述若所述进行解密和验签的数字钥匙合法,判断所述进行解密和验签的数字钥匙所携带的钥匙控制信息是否合法,包括:The method according to claim 12, wherein, if the digital key for decryption and signature verification is legal, judging whether the key control information carried by the digital key for decryption and signature verification is legal, comprising:
    判断所述进行解密和验签的数字钥匙所携带的钥匙控制信息是否与所述数字钥匙记录相同。Determine whether the key control information carried by the digital key for decryption and signature verification is the same as the digital key record.
  16. 根据权利要求8所述的方法,其特征在于,所述方法还包括:The method according to claim 8, wherein the method further comprises:
    接收所述第一移动终端发送的钥匙禁用指令;所述钥匙禁用指令包括禁用钥匙主标识;receiving a key disabling instruction sent by the first mobile terminal; the key disabling instruction includes a disabling key master identifier;
    对携带有所述禁用钥匙主标识的钥匙记录信息中的禁用标识位设置为禁用值。The disabled identification bit in the key record information carrying the disabled key master identification is set as a disabled value.
  17. 根据权利要求9所述的方法,其特征在于,所述方法还包括:The method according to claim 9, wherein the method further comprises:
    按照预设时间间隔接收所述第一移动终端发送的重启激活指令;Receive a restart activation instruction sent by the first mobile terminal according to a preset time interval;
    响应所述重启激活指令,并通过所述根证书生成包含第三公钥和第三私钥的公私钥对。In response to the restart activation instruction, a public-private key pair including a third public key and a third private key is generated by using the root certificate.
  18. 一种车辆数字钥匙分配管理装置,其特征在于,应用于服务端,所述服务端分别与第一移动终端、第二终端以及车辆建立通信连接,所述装置包括:A vehicle digital key distribution management device, characterized in that it is applied to a server, and the server establishes a communication connection with a first mobile terminal, a second terminal and a vehicle respectively, and the device comprises:
    钥匙控制信息获取模块,用于接收所述第一移动终端发送的钥匙控制信息;所述钥匙控制信息包括钥匙使用次数;a key control information acquisition module, configured to receive the key control information sent by the first mobile terminal; the key control information includes the number of times the key is used;
    数字钥匙生成模块,用于根据所述钥匙控制信息生成预设数量的数字钥匙;其中,所述预设数量不超过所述钥匙使用次数;a digital key generation module for generating a preset number of digital keys according to the key control information; wherein the preset number does not exceed the number of times the key is used;
    数字钥匙加密模块,用于对所述预设数量的数字钥匙进行加密处理;其中,所述加密处理所使用的公钥由所述车辆中预置的根证书生成,并通过车辆转发至服务端器;A digital key encryption module for performing encryption processing on the preset number of digital keys; wherein, the public key used in the encryption processing is generated by the root certificate preset in the vehicle, and forwarded to the server through the vehicle device;
    数字钥匙发送模块,用于向所述第二移动终端发送加密后的预设数量的数字钥匙。The digital key sending module is used for sending the encrypted preset number of digital keys to the second mobile terminal.
  19. 一种车辆数字钥匙分配管理装置,其特征在于,应用于车辆,所述车辆分别与第一移动终端、第二终端以及服务端连接,所述装置包括:A vehicle digital key distribution management device, characterized in that it is applied to a vehicle, the vehicle is respectively connected with a first mobile terminal, a second terminal and a server, and the device comprises:
    公钥生成模块,用于根据预置的根证书生成公钥并向所述服务端转发所述公钥;a public key generation module, configured to generate a public key according to a preset root certificate and forward the public key to the server;
    数字钥匙接收模块,用于接收所述第二移动终端发送的加密后的预设数量的数字钥匙;所述加密后的预设数量的数字钥匙由服务端根据所述第一移动终端所发送的钥匙控制信息生成,并采用所述公钥进行加密处理;其中,所述预设数量不超过所述钥匙控制信息中所包含的钥匙使用次数;A digital key receiving module, configured to receive the encrypted preset number of digital keys sent by the second mobile terminal; the encrypted preset number of digital keys are sent by the server according to the first mobile terminal. Generate key control information, and use the public key to perform encryption processing; wherein, the preset number does not exceed the number of key uses included in the key control information;
    车辆控制模块,用于按照所述数字钥匙对所述车辆进行相应控制。The vehicle control module is used for correspondingly controlling the vehicle according to the digital key.
  20. 一种车辆,其特征在于,包括:如权利要求19所述车辆数字钥匙分配管理装置、处理器、存储器及存储在所述存储器上并能够在所述处理器上运行的计算机程序,所述计算机程序被所述处理器执行时实现如权利要求8-17中任一项所述车辆数字钥匙分配管理方法的步骤。A vehicle, characterized by comprising: the vehicle digital key distribution management device according to claim 19, a processor, a memory, and a computer program stored on the memory and capable of running on the processor, the computer When the program is executed by the processor, the steps of the vehicle digital key distribution management method according to any one of claims 8-17 are implemented.
  21. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储计算机程序,所述计算机程序被处理器执行时实现如权利要求1-7或8-17中任一项所述车辆数字钥匙分配管理方法的步骤。A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, any one of claims 1-7 or 8-17 is implemented Steps of a vehicle digital key assignment management method.
PCT/CN2021/102337 2020-12-16 2021-06-25 Vehicle digital key distribution management method and device WO2022127064A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202011494238.6A CN112669491B (en) 2020-12-16 2020-12-16 Vehicle digital key distribution management method and device
CN202011494238.6 2020-12-16

Publications (1)

Publication Number Publication Date
WO2022127064A1 true WO2022127064A1 (en) 2022-06-23

Family

ID=75404551

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/102337 WO2022127064A1 (en) 2020-12-16 2021-06-25 Vehicle digital key distribution management method and device

Country Status (2)

Country Link
CN (1) CN112669491B (en)
WO (1) WO2022127064A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115376229A (en) * 2022-08-26 2022-11-22 广东好太太智能家居有限公司 Intelligent lock binding method and device, storage medium and computer equipment
CN115426197A (en) * 2022-11-01 2022-12-02 上海银基信息安全技术股份有限公司 Digital key sharing method, device, equipment and medium based on trusteeship
CN115460545A (en) * 2022-11-09 2022-12-09 小米汽车科技有限公司 Calibration method and calibration device for digital key, vehicle, storage medium and chip
CN115690954A (en) * 2022-10-26 2023-02-03 合众新能源汽车有限公司 Automatic calibration system and method for digital key

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112669491B (en) * 2020-12-16 2022-12-09 广州橙行智动汽车科技有限公司 Vehicle digital key distribution management method and device
CN113660086A (en) * 2021-09-18 2021-11-16 上海瓶钵信息科技有限公司 Reliable failure method and system for off-line digital key
CN117941316A (en) * 2022-08-26 2024-04-26 北京小米移动软件有限公司 Key sharing method and device, terminal and computer readable storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104933793A (en) * 2015-06-11 2015-09-23 宁波飞拓电器有限公司 Two-dimension code electronic key implementation method based on digital signature
CN106408702A (en) * 2016-08-31 2017-02-15 长城汽车股份有限公司 Authorization method of virtual keys, server and authorization system
CN108932771A (en) * 2018-05-23 2018-12-04 王力安防科技股份有限公司 A kind of long-range temporary Authorization, method for unlocking and system
US20200090441A1 (en) * 2017-01-09 2020-03-19 Carrier Corporation Access control system with local mobile key distribution
CN110992532A (en) * 2019-11-29 2020-04-10 深圳市云天智能终端有限公司 Temporary authorized unlocking method and system for intelligent door lock
CN112669491A (en) * 2020-12-16 2021-04-16 广州橙行智动汽车科技有限公司 Vehicle digital key distribution management method and device

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5130279B2 (en) * 2009-12-09 2013-01-30 本田技研工業株式会社 Anti-theft device for drive source equipment
WO2018112744A1 (en) * 2016-12-20 2018-06-28 深圳中兴力维技术有限公司 Electronic key management method and device
CN108791188B (en) * 2017-05-02 2021-08-06 宝沃汽车(中国)有限公司 Vehicle control method, device and system
CN109484355B (en) * 2018-11-16 2021-09-07 深圳市元征科技股份有限公司 Method and device for forbidding vehicle key
CN109727358B (en) * 2019-02-21 2021-02-23 深圳四海万联科技有限公司 Vehicle sharing system based on Bluetooth key
CN110126782B (en) * 2019-05-23 2020-07-28 东风小康汽车有限公司重庆分公司 Vehicle intelligent key application method and device
CN110290525A (en) * 2019-06-21 2019-09-27 湖北亿咖通科技有限公司 A kind of sharing method and system, mobile terminal of vehicle number key
CN110838919B (en) * 2019-11-01 2021-04-13 广州小鹏汽车科技有限公司 Communication method, storage method, operation method and device
CN111416838B (en) * 2020-02-21 2023-05-19 吉利汽车研究院(宁波)有限公司 Vehicle operation authority management method, device and terminal

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104933793A (en) * 2015-06-11 2015-09-23 宁波飞拓电器有限公司 Two-dimension code electronic key implementation method based on digital signature
CN106408702A (en) * 2016-08-31 2017-02-15 长城汽车股份有限公司 Authorization method of virtual keys, server and authorization system
US20200090441A1 (en) * 2017-01-09 2020-03-19 Carrier Corporation Access control system with local mobile key distribution
CN108932771A (en) * 2018-05-23 2018-12-04 王力安防科技股份有限公司 A kind of long-range temporary Authorization, method for unlocking and system
CN110992532A (en) * 2019-11-29 2020-04-10 深圳市云天智能终端有限公司 Temporary authorized unlocking method and system for intelligent door lock
CN112669491A (en) * 2020-12-16 2021-04-16 广州橙行智动汽车科技有限公司 Vehicle digital key distribution management method and device

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115376229A (en) * 2022-08-26 2022-11-22 广东好太太智能家居有限公司 Intelligent lock binding method and device, storage medium and computer equipment
CN115376229B (en) * 2022-08-26 2023-11-07 广东好太太智能家居有限公司 Intelligent lock binding method and device, storage medium and computer equipment
CN115690954A (en) * 2022-10-26 2023-02-03 合众新能源汽车有限公司 Automatic calibration system and method for digital key
CN115426197A (en) * 2022-11-01 2022-12-02 上海银基信息安全技术股份有限公司 Digital key sharing method, device, equipment and medium based on trusteeship
CN115426197B (en) * 2022-11-01 2023-01-10 上海银基信息安全技术股份有限公司 Digital key sharing method, device, equipment and medium based on trusteeship
CN115460545A (en) * 2022-11-09 2022-12-09 小米汽车科技有限公司 Calibration method and calibration device for digital key, vehicle, storage medium and chip
CN115460545B (en) * 2022-11-09 2023-03-24 小米汽车科技有限公司 Calibration method and calibration device for digital key, vehicle, storage medium and chip

Also Published As

Publication number Publication date
CN112669491B (en) 2022-12-09
CN112669491A (en) 2021-04-16

Similar Documents

Publication Publication Date Title
WO2022127064A1 (en) Vehicle digital key distribution management method and device
US9947153B2 (en) Secure smartphone based access and start authorization system for vehicles
WO2019128354A1 (en) Safety authentication apparatus and method for vehicle anti-theft, device and computer program
US10437977B2 (en) System and method for digital key sharing for access control
CN106240522B (en) Autonomous vehicle theft prevention
CN107579958B (en) Data management method, device and system
WO2019128323A1 (en) Remote authorization method and system for vehicle
EP3403246B1 (en) A device and method for collecting user-based insurance data in vehicles
US8817985B2 (en) Encryption key distribution system
EP2743868A1 (en) Virtual vehicle key
KR102450811B1 (en) System for key control for in-vehicle network
JP2017524301A (en) Wireless key management for authentication
JP6523143B2 (en) Data distribution device, communication system, mobile unit and data distribution method
JP2012186635A (en) Vehicle network system
CN113066209A (en) Method and device for safe off-line use of digital key and storage medium
JP3920583B2 (en) COMMUNICATION SECURITY MAINTAINING METHOD, APPARATUS THEREOF, AND PROCESSING PROGRAM THEREOF
CN109920102B (en) Bluetooth keyless entry intelligent lock method, device, equipment and storage medium
JP2018164283A (en) One-way key fob and vehicle pairing verification, retention, and revocation
US11228453B2 (en) Secure provisioning of electronic lock controllers
KR102115305B1 (en) Apparatus and program managing automobile history
CN101321056A (en) Method, equipment and system for forwarding permission
WO2024007993A1 (en) Software upgrade method, and device and storage medium
CN116094833A (en) Key management method and system for whole vehicle key distribution
WO2019076032A1 (en) Method and system for classified storage of keys
CN108063748B (en) User authentication method, device and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21904998

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21904998

Country of ref document: EP

Kind code of ref document: A1