CN-115623444-B - Digital key processing method and device, electronic equipment and storage medium

Abstract

The application provides a digital key processing method, a digital key processing device, electronic equipment and a storage medium, which comprise the steps of terminating communication when a first selective application failure response of a mobile terminal is received, sending an online authentication command when a second selective application failure response of the mobile terminal is received, sending the online authentication command or conducting transaction with the mobile terminal according to a time interval between online authentication times when a selective application success response of the mobile terminal is received, sending a first online authentication request to the mobile terminal when a mobile terminal network is offline, receiving an online authentication request response sent by the mobile terminal, sending a second online authentication request to a server, ending an online authentication process when the first online authentication failure response of the server is received, sending a locked digital key command to the mobile terminal when the second online authentication failure response of the server is received, and sending an online authentication verification request to the mobile terminal when the online authentication success response of the server is received.

Inventors

• ZHAO YANG

Assignees

• 国汽智端(成都)科技有限公司

Dates

Publication Date

20260508

Application Date

20221009

Claims (10)

1. 1. A digital key processing method, wherein the method is applied to a vehicle end, the method comprising: terminating communication in the event that a first select application failure response is received from a mobile terminal, wherein the mobile terminal is configured to store and use a digital key, and the first select application failure response is configured to indicate that the digital key is locked; Sending an online authentication instruction under the condition that a second selective application failure response of the mobile terminal is received, wherein the second selective application failure response is used for indicating that the number of continuous transactions of the digital key exceeds a first preset threshold, and the online authentication instruction is used for indicating the mobile terminal to perform online authentication; Judging whether the time interval of online authentication of the digital key exceeds a second preset threshold value according to the last online authentication time of the digital key under the condition that a successful response of the selected application of the mobile terminal is received, if yes, sending an online authentication instruction, and if not, judging whether the digital key is in a local revocation list, wherein the successful response of the selected application comprises the last online authentication time; Terminating communication if the digital key is in the local revocation list, and conducting a transaction with the mobile terminal if the digital key is not in the local revocation list; Sending a first online authentication request to the mobile terminal under the condition that the mobile terminal network is offline, wherein the first online authentication request is used for acting on the mobile terminal to carry out online authentication; Receiving an online authentication request response sent by the mobile terminal, wherein the online authentication request response comprises a digital key identifier, a first random number and first signature information; Sending a second internet authentication request to a server, wherein the second internet authentication request comprises the digital key identifier, the first random number and the first signature information; Ending an online authentication process if a first online authentication failure response of the server is received, wherein the first online authentication failure response is used for ending the online authentication; transmitting a digital key locking instruction to the mobile terminal under the condition that a second internet authentication failure response of the server is received, wherein the second internet authentication failure response is used for locking the digital key; And sending an online authentication verification request to the mobile terminal under the condition that an online authentication success response of the server is received, wherein the online authentication success response and the online authentication verification request both comprise the first random number, the second random number, the current time and second signature information.
2. 2. A digital key processing method, wherein the method is applied to a mobile terminal, the method comprising: Judging whether the digital key is locked or not, if so, sending a first selective application failure response to a vehicle end, and if not, judging whether the continuous transaction times of the digital key exceeds a first preset threshold value, wherein the first selective application failure response is used for indicating that the digital key is locked; If the number of continuous transactions exceeds a first preset threshold, sending a second selective application failure response to the vehicle end, and if the number of continuous transactions does not exceed the first preset threshold, sending a selective application success response to the vehicle end, wherein the second selective application failure response is used for indicating that the number of continuous transactions of the digital key exceeds the first preset threshold, and the selective application success response comprises last online authentication time of the digital key; updating the number of consecutive transactions after the transaction with the vehicle end; Under the condition that an online authentication instruction of the vehicle end is received, if the mobile terminal network is online or receives a first online authentication request of the vehicle end, generating a first random number, wherein the online authentication instruction is used for indicating the mobile terminal to perform online authentication, and the first online authentication request is used for acting the mobile terminal to perform online authentication; obtaining first signature information according to a digital key private key of the digital key, a digital key identifier and the first random number; Transmitting a third machine authentication request to a server or transmitting an online authentication request response to the vehicle end, wherein the third machine authentication request comprises the digital key identifier, the first random number and the first signature information, and the online authentication request response comprises the digital key identifier, the first random number and the first signature information; ending the online authentication process when a first online authentication failure response of the server is received, wherein the first online authentication failure response is used for ending online authentication; under the condition that a second internet authentication failure response of the server or a digital key locking instruction of the vehicle end is received, locking the digital key, wherein the second internet authentication failure response is used for locking the digital key; Acquiring a server public key of the server under the condition that an online authentication success response of the server or an online authentication verification request of the vehicle end is received, wherein the online authentication success response and the online authentication verification request both comprise the first random number, the second random number, the current time and second signature information; Judging whether the received first random number is the same as the first random number generated by the mobile terminal, and if so, verifying the second signature information through the server public key, the first random number, the second random number and the current time; If the received first random number is different from the first random number generated by the mobile terminal or the second signature information is not verified, the online authentication is terminated or an online authentication failure response is sent to the vehicle end, if the second signature information is verified, the continuous transaction times are set to zero, the last online authentication time of the digital key is updated to the current time, the online authentication is successful, or an online authentication success response is sent to the vehicle end.
3. 3. The method of claim 2, wherein the obtaining the server public key of the server comprises: acquiring a root public key of an operator and an operator server signature, wherein the operator server signature is generated by the operator according to a root private key of the operator, server information and the server public key, and the server information is used for determining the state of the server; verifying the operator server signature according to the root public key, the server information and the server public key; And if the operator server signature verification is passed, the server public key corresponding to the operator server signature is valid.
4. 4. A digital key processing method, wherein the method is applied to a server, the method comprising: Acquiring a digital key public key of a digital key under the condition that a second internet-connected authentication request sent by a vehicle end or a third internet-connected authentication request sent by a mobile terminal is received, wherein the second internet-connected authentication request and the third internet-connected authentication request both comprise a digital key identifier, a first random number and first signature information, the third internet-connected authentication request is sent to a server by the mobile terminal when internet connection and online authentication can be carried out, the first random number and the first signature information contained in the third internet-connected authentication request are obtained by the digital key, the second internet-connected authentication request is sent to the server by the vehicle end under the condition that internet connection can be carried out, and the first random number and the first signature information contained in the second internet-connected authentication request are obtained by the digital key; verifying the first signature information according to the digital key public key, the digital key identification and the first random number; if the first signature information is not verified, a first online authentication failure response is sent to the mobile terminal or the vehicle end, wherein the first online authentication failure response is used for terminating online authentication; If the first signature information passes verification, judging whether the digital key identification is in a server revocation list, if so, returning a second link authentication failure response to the vehicle end, and if not, generating a second random number, wherein the second link authentication failure response is used for locking the digital key; Signing the first random number, the second random number and the current time according to a server private key to obtain second signature information; And sending an online authentication success response to the vehicle end or the mobile terminal, wherein the online authentication success response comprises the first random number, the second random number, the current time and the second signature information.
5. 5. The method of claim 4, wherein obtaining a digital key public key of a digital key comprises: Acquiring a root public key of an operator and an operator digital key signature, wherein the operator digital key signature is generated by the operator according to a root private key of the operator, digital key information and the digital key public key, and the digital key information is used for determining the state of the digital key; verifying the operator digital key signature according to the root public key, the digital key information and the digital key public key; and under the condition that the operator digital key signature verification is passed, the digital key public key corresponding to the operator digital key signature is valid.
6. 6. A digital key processing apparatus, comprising: A first receiving module, configured to terminate communication when a first selective application failure response of a mobile terminal is received, where the mobile terminal is configured to store and use a digital key, and the first selective application failure response is configured to indicate that the digital key is locked; the second receiving module is used for sending an online authentication instruction under the condition that a second selective application failure response of the mobile terminal is received, wherein the second selective application failure response is used for indicating that the number of continuous transactions of the digital key exceeds a first preset threshold, and the online authentication instruction is used for indicating the mobile terminal to perform online authentication; The third receiving module is used for judging whether the time interval of online authentication of the digital key exceeds a second preset threshold value according to the last online authentication time of the digital key under the condition that a successful response of the selected application of the mobile terminal is received, if so, sending an online authentication instruction, and if not, judging whether the digital key is in a local revocation list, wherein the successful response of the selected application comprises the last online authentication time; a first judging module, configured to terminate communication if the digital key is in the local revocation list, and perform a transaction with the mobile terminal if the digital key is not in the local revocation list; The mobile terminal comprises a first sending module, a second sending module and a second sending module, wherein the first sending module is used for sending a first online authentication request to the mobile terminal under the condition that the mobile terminal is offline, and the first online authentication request is used for acting on the mobile terminal to carry out online authentication; A fourth receiving module, configured to receive an online authentication request response sent by the mobile terminal, where the online authentication request response includes a digital key identifier, a first random number, and first signature information; The second sending module is used for sending a second internet authentication request to the server, wherein the second internet authentication request comprises the digital key identifier, the first random number and the first signature information; A fifth receiving module, configured to end an online authentication process when a first online authentication failure response of the server is received, where the first online authentication failure response is used to terminate the online authentication; The third sending module is used for sending a digital key locking instruction to the mobile terminal under the condition that a second internet authentication failure response of the server is received, wherein the second internet authentication failure response is used for locking the digital key; And the fourth sending module is used for sending an online authentication verification request to the mobile terminal under the condition that an online authentication success response of the server is received, wherein the online authentication success response and the online authentication verification request both comprise the first random number, the second random number, the current time and second signature information.
7. 7. A digital key processing apparatus, comprising: The second judging module is used for judging whether the digital key is locked or not, if so, sending a first selective application failure response to the vehicle end, and if not, judging whether the number of continuous transactions of the digital key exceeds a first preset threshold value, wherein the first selective application failure response is used for indicating that the digital key is locked; A third judging module, configured to send a second selective application failure response to the vehicle end if the number of consecutive transactions exceeds a first preset threshold, and send a selective application success response to the vehicle end if the number of consecutive transactions does not exceed the first preset threshold, where the second selective application failure response is used to indicate that the number of consecutive transactions of the digital key exceeds the first preset threshold, and the selective application success response includes a last online authentication time of the digital key; the updating module is used for updating the continuous transaction times after the transaction is carried out with the vehicle end; A fourth judging module, configured to generate a first random number if a mobile terminal network is online or receives a first online authentication request from the vehicle end under the condition that an online authentication instruction from the vehicle end is received, where the online authentication instruction is used to instruct the mobile terminal to perform online authentication, and the first online authentication request is used to proxy the mobile terminal to perform online authentication; The first obtaining module is used for obtaining first signature information according to the digital key private key of the digital key, the digital key identification and the first random number; A fifth sending module, configured to send a third machine authentication request to a server or send an online authentication request response to the vehicle end, where the third machine authentication request includes the digital key identifier, the first random number, and the first signature information, and the online authentication request response includes the digital key identifier, the first random number, and the first signature information; the ending module is used for ending the online authentication process under the condition that a first online authentication failure response of the server is received, wherein the first online authentication failure response is used for ending online authentication; The locking module is used for locking the digital key under the condition that a second internet authentication failure response of the server or a digital key locking instruction of the vehicle end is received, wherein the second internet authentication failure response is used for locking the digital key; The first acquisition module is used for acquiring a server public key of the server under the condition that an online authentication success response of the server or an online authentication verification request of the vehicle end is received, wherein the online authentication success response and the online authentication verification request both comprise the first random number, the second random number, the current time and second signature information; The first verification module is used for judging whether the received first random number is the same as the first random number generated by the mobile terminal, and if so, verifying the second signature information through the server public key, the first random number, the second random number and the current time; And a fifth judging module, configured to terminate online authentication or send an online authentication failure response to the vehicle end if the received first random number is different from the first random number generated by the mobile terminal or the second signature information is not verified, and if the second signature information is verified, set the number of continuous transactions to zero, update the last online authentication time of the digital key to the current time, and succeed in online authentication or send an online authentication success response to the vehicle end.
8. 8. A digital key processing apparatus, comprising: The second obtaining module is configured to obtain a digital key public key of a digital key when a second internet-connected authentication request sent by a vehicle terminal or a third internet-connected authentication request sent by a mobile terminal is received, where the second internet-connected authentication request and the third internet-connected authentication request both include a digital key identifier, a first random number and first signature information, the third internet-connected authentication request is sent to a server when the mobile terminal can be networked and online authentication is performed, the first random number and the first signature information included in the third internet-connected authentication request are obtained by the digital key, the second internet-connected authentication request is sent to the server by the vehicle terminal when the mobile terminal is offline and cannot be online authenticated, and the first random number and the first signature information included in the second internet-connected authentication request are obtained by the digital key when the vehicle terminal can be networked; the second verification module is used for verifying the first signature information according to the digital key public key, the digital key identification and the first random number; A sixth sending module, configured to send a first online authentication failure response to the mobile terminal or the vehicle end if the first signature information is not verified, where the first online authentication failure response is used to terminate online authentication; a sixth judging module, configured to judge whether the digital key identifier is in a server revocation list if the first signature information passes verification, and if so, return a second link authentication failure response to the vehicle end, and if not, generate a second random number, where the second link authentication failure response is used to lock the digital key; The second obtaining module is used for signing the first random number, the second random number and the current time according to a server private key to obtain second signature information; and a seventh sending module, configured to send an online authentication success response to the vehicle end or the mobile terminal, where the online authentication success response includes the first random number, the second random number, the current time and the second signature information.
9. 9. An electronic device comprising a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory communicate with each other via the communication bus, characterized in that, The memory is used for storing a computer program; The processor is configured to perform the method steps of any one of claims 1 to 5 by running the computer program stored on the memory.
10. 10. A computer-readable storage medium, characterized in that the storage medium has stored therein a computer program, wherein the computer program, when executed by a processor, implements the method steps of any of claims 1 to 5.

Description

Digital key processing method and device, electronic equipment and storage medium Technical Field The present invention relates to the field of digital keys and communication technologies, and in particular, to a digital key processing method and apparatus, an electronic device, and a storage medium. Background Currently, with the development of mobile intelligent terminal devices, digital key products for realizing a vehicle key function by the mobile intelligent devices are increasing. The conventional vehicle key needs to be configured with an additional physical key, while the digital key integrates the physical key function into the mobile intelligent device, and uses security technologies such as Secure Element (SE) of the mobile intelligent device, trusted execution environment (Trusted Execution Environment, TEE) and the like, and uses communication technologies such as NFC, bluetooth, ultra Wide Band (UWB) and the like to communicate with the vehicle, so as to realize functions such as opening and starting of the vehicle. If the expiration date has not expired, the existing digital key may be used for the expiration date. And the digital key is stored in mobile intelligent equipment such as a mobile phone, and the mobile intelligent equipment and the vehicle can be unlocked or started by using the digital key in the off-line state of both sides, so that the whole process lacks reliable safety measures, the digital key which is required to be revoked or lost by a vehicle owner is difficult to effectively treat, and the risk of theft of the vehicle is increased. In addition, in the prior art, under the condition that the mobile intelligent device is offline, whether the current digital key needs to be revoked cannot be judged through the server, so that the digital key cannot be further processed. Therefore, the prior art has the problems that reliable security measures are lack for effectively processing the digital key and the digital key cannot be processed through a server under the condition that the mobile intelligent device is offline. Disclosure of Invention The application provides a digital key processing method and device, electronic equipment and a storage medium, which at least solve the problems that the digital key is effectively processed without reliable safety measures and cannot be processed through a server under the condition that mobile intelligent equipment is offline in the related technology. According to an aspect of the embodiment of the present application, there is provided a digital key processing method, which is applied to a vehicle end, the method including: terminating communication in the event that a first select application failure response is received from a mobile terminal, wherein the mobile terminal is configured to store and use a digital key, and the first select application failure response is configured to indicate that the digital key is locked; Sending an online authentication instruction under the condition that a second selective application failure response of the mobile terminal is received, wherein the second selective application failure response is used for indicating that the number of continuous transactions of the digital key exceeds a first preset threshold, and the online authentication instruction is used for indicating the mobile terminal to perform online authentication; Judging whether the time interval of online authentication of the digital key exceeds a second preset threshold value according to the last online authentication time of the digital key under the condition that a successful response of the selected application of the mobile terminal is received, if yes, sending an online authentication instruction, and if not, judging whether the digital key is in a local revocation list, wherein the successful response of the selected application comprises the last online authentication time; Terminating communication if the digital key is in the local revocation list, and conducting a transaction with the mobile terminal if the digital key is not in the local revocation list; Sending a first online authentication request to the mobile terminal under the condition that the mobile terminal network is offline, wherein the first online authentication request is used for acting on the mobile terminal to carry out online authentication; Receiving an online authentication request response sent by the mobile terminal, wherein the online authentication request response comprises a digital key identifier, a first random number and first signature information; Sending a second internet authentication request to a server, wherein the second internet authentication request comprises the digital key identifier, the first random number and the first signature information; Ending an online authentication process if a first online authentication failure response of the server is received, wherein the first online authentication failure response is used f