CN106850638B - Access control method and system for vehicle-mounted equipment - Google Patents

Access control method and system for vehicle-mounted equipment Download PDF

Info

Publication number
CN106850638B
CN106850638B CN201710078133.4A CN201710078133A CN106850638B CN 106850638 B CN106850638 B CN 106850638B CN 201710078133 A CN201710078133 A CN 201710078133A CN 106850638 B CN106850638 B CN 106850638B
Authority
CN
China
Prior art keywords
vehicle
equipment
information
nfc
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710078133.4A
Other languages
Chinese (zh)
Other versions
CN106850638A (en
Inventor
皮魏
郝波
戴计生
肖家博
黄铖
冯东
巫钊
毕文一
周贤民
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CRRC Zhuzhou Institute Co Ltd
Original Assignee
CRRC Zhuzhou Institute Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CRRC Zhuzhou Institute Co Ltd filed Critical CRRC Zhuzhou Institute Co Ltd
Priority to CN201710078133.4A priority Critical patent/CN106850638B/en
Publication of CN106850638A publication Critical patent/CN106850638A/en
Application granted granted Critical
Publication of CN106850638B publication Critical patent/CN106850638B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a method and a system for controlling access of vehicle-mounted equipment, wherein the system comprises the following steps: the NFC terminal is used for reading the identification information of the vehicle-mounted equipment from the vehicle-mounted equipment, reading the identity code from the NFC card, matching and analyzing the identification information of the vehicle-mounted equipment and the identity code, and if the matching is successful, passing the identity authentication, generating an equipment key by utilizing the identification information of the vehicle-mounted equipment and sending the equipment key to the vehicle-mounted equipment; the NFC card is used for storing an identity code; the vehicle-mounted equipment is used for dynamically generating an equipment key, matching and analyzing the equipment key sent by the NFC terminal and the dynamically generated equipment key, and if the matching is successful, passing equipment authentication and receiving an access request of the NFC terminal to the vehicle-mounted equipment; the vehicle-mounted equipment further comprises an NFC chip used for storing the vehicle-mounted equipment identification information. The system improves the safety of access to the vehicle-mounted equipment.

Description

Access control method and system for vehicle-mounted equipment
Technical Field
The invention relates to the technical field of vehicle-mounted equipment, in particular to a vehicle-mounted equipment access control method and system.
Background
The train consists of a plurality of vehicle-mounted devices, and the data access, the operation state check and the maintenance instruction sending are performed on the train, so that the method has very important significance for keeping the normal operation of the devices and even the safe operation of the whole train system. The access of the user to the vehicle-mounted device is an extremely sensitive behavior, and there may be a lot of security risks, so that it is urgently needed to introduce a secure access control method to prevent malicious access and attack of an illegal user to the vehicle-mounted device.
At present, train-mounted equipment is not provided with any safety protection measures to control a user to access the train-mounted equipment, or is simply accessed and controlled through a very weak identity authentication mode based on a user password, so that the equipment is likely to be illegally accessed, data of the train-mounted equipment is leaked, tampered and damaged, core technologies of the train-mounted equipment are possibly stolen by others, and even the train-mounted equipment is possibly damaged, so that the safety of a train system is influenced.
Disclosure of Invention
The invention aims to provide a vehicle-mounted equipment access control method and system to improve the safety of vehicle-mounted equipment access.
In order to solve the above technical problem, the present invention provides an access control system for a vehicle-mounted device, including:
the NFC terminal is used for reading the identification information of the vehicle-mounted equipment from the vehicle-mounted equipment, reading the identity code from the NFC card, matching and analyzing the identification information of the vehicle-mounted equipment and the identity code, and if the matching is successful, passing the identity authentication, generating an equipment key by utilizing the identification information of the vehicle-mounted equipment and sending the equipment key to the vehicle-mounted equipment;
the NFC card is used for storing an identity code;
the vehicle-mounted equipment is used for dynamically generating an equipment key, matching and analyzing the equipment key sent by the NFC terminal and the dynamically generated equipment key, and if the matching is successful, passing equipment authentication and receiving an access request of the NFC terminal to the vehicle-mounted equipment; the vehicle-mounted equipment further comprises an NFC chip used for storing the vehicle-mounted equipment identification information.
Preferably, the system further comprises:
the background management server is used for registering the vehicle-mounted equipment identification information, receiving the user information sent by the NFC workbench, registering the user information, mapping the vehicle-mounted equipment identification information and the user information, generating an identity code and sending the identity code to the NFC workbench;
the NFC workbench is used for acquiring user information and sending the user information to the background management server; and writing the identity code sent by the background management server into the NFC card.
Preferably, the background management server is further configured to allocate user security level information according to the user information, map the user security level information and the vehicle-mounted device information allowed to be accessed by the level corresponding to the user security level information, and implement hierarchical access control on the vehicle-mounted device information.
Preferably, the NFC terminal is further configured to analyze the identity code to obtain user security level information, encrypt the user security level information, obtain encrypted user security level information, and send the encrypted user security level information to the vehicle-mounted device.
Preferably, the vehicle-mounted device is further configured to decrypt the encrypted user security level information sent by the NFC terminal to obtain the user security level information, generate a session key seed by using the user security level information, and send the session key seed to the NFC terminal.
The invention also provides a vehicle-mounted equipment access control method, which is used for the vehicle-mounted equipment access control system and comprises the following steps:
the NFC terminal reads vehicle-mounted equipment identification information from the vehicle-mounted equipment, reads an identity code from an NFC card, performs matching analysis on the equipment identification information and the identity code, passes identity authentication if matching is successful, generates an equipment key by utilizing the vehicle-mounted equipment identification information and sends the equipment key to the vehicle-mounted equipment;
and dynamically generating an equipment key by the vehicle-mounted equipment, matching and analyzing the equipment key sent by the NFC terminal and the dynamically generated equipment key, and if the matching is successful, passing equipment authentication and receiving an access request of the NFC terminal to the vehicle-mounted equipment.
Preferably, before the NFC terminal reads the in-vehicle device identification information from the in-vehicle device, the method further includes:
the NFC workbench acquires user information and sends the user information to a background management server;
the background management server registers the identification information of the vehicle-mounted equipment, receives the user information sent by the NFC workbench, registers the user information, maps the identification information of the vehicle-mounted equipment and the user information, generates an identity code and sends the identity code to the NFC workbench;
and the NFC workbench writes the identity code sent by the background management server into the NFC card.
Preferably, the background management server registers the identification information of the vehicle-mounted device, receives the user information sent by the NFC workbench, and after registering the user information, further includes:
the background management server distributes user safety level information according to the user information, maps the user safety level information and the vehicle-mounted equipment information allowed to be accessed by the level corresponding to the user safety level information, and realizes the hierarchical access control of the vehicle-mounted equipment information.
Preferably, if the matching is successful, the device authentication is passed, and after receiving the access request of the NFC terminal to the vehicle-mounted device, the method further includes:
the NFC terminal analyzes the identity code to obtain user safety level information, encrypts the user safety level information to obtain encrypted user safety level information and sends the encrypted user safety level information to the vehicle-mounted equipment.
Preferably, the NFC terminal analyzes the identity code to obtain user security level information, encrypts the user security level information, obtains the encrypted user security level information, and sends the encrypted user security level information to the vehicle-mounted device, and further includes:
the vehicle-mounted equipment decrypts the encrypted user security level information sent by the NFC terminal to obtain the user security level information, generates a session key seed by using the user security level information and sends the session key seed to the NFC terminal.
The NFC terminal is used for reading vehicle-mounted equipment identification information from vehicle-mounted equipment, reading an identity code from an NFC card, matching and analyzing the equipment identification information and the identity code, and if matching is successful, passing identity authentication, generating an equipment key by utilizing the vehicle-mounted equipment identification information and sending the equipment key to the vehicle-mounted equipment; the NFC card is used for storing an identity code; the vehicle-mounted equipment is used for dynamically generating an equipment key, matching and analyzing the equipment key sent by the NFC terminal and the dynamically generated equipment key, and if the matching is successful, passing equipment authentication and receiving an access request of the NFC terminal to the vehicle-mounted equipment; the vehicle-mounted equipment further comprises an NFC chip used for storing the vehicle-mounted equipment identification information. Therefore, after the identity authentication is carried out, the equipment authentication is carried out through the equipment key, the vehicle-mounted equipment can be accessed only under the condition that the identity authentication and the equipment authentication are both passed, and the safety of the vehicle-mounted equipment access is improved by utilizing the identity authentication and the equipment authentication.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a schematic structural diagram of an access control system for a vehicle-mounted device according to the present invention;
FIG. 2 is a schematic diagram of a specific structure of a vehicle-mounted terminal access system;
FIG. 3 is a flowchart of an access control method for a vehicle-mounted device according to the present invention;
fig. 4 is a schematic view of a flow of registration of vehicle-mounted equipment and user information and generation of an NFC identity code;
fig. 5 is a schematic diagram of a user identity authentication and access authorization process.
Detailed Description
The core of the invention is to provide a vehicle-mounted equipment access control method and a system, so as to improve the security of vehicle-mounted equipment access.
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The related art terms are explained as follows:
nfc (near field communication), a near field communication technology.
Referring to fig. 1, fig. 1 is a schematic structural diagram of an access control system for a vehicle-mounted device provided in the present invention, where the system includes:
the NFC terminal 101 is used for reading vehicle-mounted equipment identification information from vehicle-mounted equipment, reading an identity code from an NFC card, matching and analyzing the equipment identification information and the identity code, and if matching is successful, passing identity authentication, generating an equipment key by using the vehicle-mounted equipment identification information and sending the equipment key to the vehicle-mounted equipment;
the NFC card 102 is used for storing an identity code;
the vehicle-mounted device 103 is used for dynamically generating a device key, matching and analyzing the device key sent by the NFC terminal and the dynamically generated device key, and if matching is successful, passing device authentication and receiving an access request of the NFC terminal to the vehicle-mounted device;
the vehicle-mounted device 103 further includes an NFC chip for storing vehicle-mounted device identification information.
Therefore, the system also performs equipment authentication through the equipment key after passing through the identity authentication, can access the vehicle-mounted equipment only under the condition that the identity authentication and the equipment authentication are both passed, and improves the safety of access to the vehicle-mounted equipment by utilizing the identity authentication and the equipment authentication.
Based on the above system, specifically, the system further includes:
the background management server is used for registering the vehicle-mounted equipment identification information, receiving the user information sent by the NFC workbench, registering the user information, mapping the vehicle-mounted equipment identification information and the user information, generating an identity code and sending the identity code to the NFC workbench;
the NFC workbench is used for acquiring user information and sending the user information to the background management server; and writing the identity code sent by the background management server into the NFC card. Fig. 2 is a schematic diagram of a specific structure of the in-vehicle terminal access system.
Further, the background management server is further configured to allocate user security level information according to the user information, map the user security level information and the vehicle-mounted device information allowed to be accessed by the level corresponding to the user security level information, and implement hierarchical access control on the vehicle-mounted device information.
The vehicle-mounted equipment information comprises a vehicle-mounted equipment serial number, a model and other various vehicle-mounted equipment information. Further, the NFC terminal is further used for analyzing the identity code to obtain user safety level information, encrypting the user safety level information to obtain the encrypted user safety level information and sending the encrypted user safety level information to the vehicle-mounted equipment.
Further, the vehicle-mounted device is further configured to decrypt the encrypted user security level information sent by the NFC terminal to obtain the user security level information, generate a session key seed by using the user security level information, and send the session key seed to the NFC terminal.
The identity code is specifically an NFC identity code.
After the vehicle-mounted device sends the key to the NFC terminal, the vehicle-mounted terminal and the NFC terminal both generate the same session key by using the session key seed, and then the vehicle-mounted terminal and the NFC terminal respectively encrypt and decrypt communication contents by using the session key.
Specifically, the system comprises vehicle-mounted equipment, a background management server, an NFC workbench, an NFC terminal, an NFC chip, an NFC card and the like, and the user identity of the vehicle-mounted equipment is authenticated by combining functions of vehicle-mounted equipment identification information and user information registration, vehicle-mounted equipment identification information and user information management, NFC identity code generation, NFC identity code writing, NFC information reading, NFC information authentication, equipment key and session key generation and matching based on NFC information, the binding of the user information and the vehicle-mounted equipment information allowed to be accessed is realized, and corresponding access authority is granted to the user according to the security level of the user. By adopting the system, the safety of access to the vehicle-mounted equipment can be greatly improved.
In detail, the NFC terminal is a working platform directly operated by a user, has NFC communication capability and wireless or wired access capability, can access a vehicle-mounted network through vehicle-mounted wireless equipment or connect the vehicle-mounted equipment through a wire, establishes a channel for accessing the vehicle-mounted equipment, and reads information of an NFC chip or an NFC card to perform user identity authentication. The NFC terminal may also generate a device key using the read NFC information, encrypt a user security level, generate a session key for communication with the in-vehicle device, and encrypt and decrypt communication contents using the key.
The background management server provides information management service for the vehicle-mounted equipment and the user, user registration is achieved, user security level distribution and vehicle-mounted equipment information and user information binding are registered, NFC identity codes are generated by means of the registered vehicle-mounted equipment NFC identification information and the registered user information, and the NFC identity codes are sent to the NFC workbench.
The NFC workbench has the information interaction capacity and the NFC communication capacity with the background management server, and can realize the functions of registering user information, writing an NFC identity code into an NFC card and the like.
The NFC card is accessed into the NFC terminal, the NFC terminal reads information from the NFC card, the NFC card has a unique identity certificate for a user, the NFC terminal has NFC communication capacity, and some user information such as the security level of the user and an NFC identity code used for user identity authentication can be stored.
The NFC chip is arranged on the vehicle-mounted terminal, has NFC communication capacity and stores vehicle-mounted equipment identification information for user identity authentication and equipment access authentication and authorization.
The on-board equipment forms the whole train system, and the object accessed by the user is also the object of safety protection. The in-vehicle terminal is a main part for realizing access control, and has functions of device key generation and matching, session key seed generation, session key generation, encryption and decryption of communication content, and the like.
In the process of accessing and communicating between the user and the vehicle-mounted equipment, the identity of the user is authenticated, corresponding access authority is granted according to the identity of the user, the content of communication is encrypted, and the safety protection of the vehicle-mounted equipment is played as a vital role. The method comprises the steps of utilizing a background management server to map and manage vehicle-mounted equipment information and user information and generate an NFC identity code, reading information in an NFC chip and an NFC card through an NFC terminal to perform user identity authentication, generating an equipment key by utilizing the previously read NFC information again to perform equipment access authentication if the information in the NFC chip and the information in the NFC card pass the authentication, granting corresponding access authority according to a security level allocated to a user in advance and generating a session key seed to send the session key seed to the user if the information in the NFC chip and the NFC card pass the authentication, and thus the user can utilize the seed to generate the session key to encrypt and decrypt communication contents of the vehicle-mounted equipment.
The NFC terminal adopts a smart phone with an NFC function, and a notebook computer can be connected with an NFC reader for operation.
Referring to fig. 3, fig. 3 is a flowchart of an access control method for a vehicle-mounted device, where the method is used in the access control system for the vehicle-mounted device, and the method includes:
s11: the NFC terminal reads vehicle-mounted equipment identification information from the vehicle-mounted equipment, reads an identity code from an NFC card, performs matching analysis on the equipment identification information and the identity code, passes identity authentication if matching is successful, generates an equipment key by utilizing the vehicle-mounted equipment identification information and sends the equipment key to the vehicle-mounted equipment;
s12: and dynamically generating an equipment key by the vehicle-mounted equipment, matching and analyzing the equipment key sent by the NFC terminal and the dynamically generated equipment key, and if the matching is successful, passing equipment authentication and receiving an access request of the NFC terminal to the vehicle-mounted equipment.
Therefore, the method also carries out equipment authentication through the equipment key after passing through the identity authentication, can access the vehicle-mounted equipment only under the condition that the identity authentication and the equipment authentication are both passed, and improves the safety of the access to the vehicle-mounted equipment by utilizing the identity authentication and the equipment authentication.
Based on the method, before the NFC terminal reads the identification information of the vehicle-mounted equipment from the vehicle-mounted equipment, the method further comprises the following steps:
s21: the NFC workbench acquires user information and sends the user information to a background management server;
s22: the background management server registers the identification information of the vehicle-mounted equipment, receives the user information sent by the NFC workbench, registers the user information, maps the identification information of the vehicle-mounted equipment and the user information, generates an identity code and sends the identity code to the NFC workbench;
s23: and the NFC workbench writes the identity code sent by the background management server into the NFC card.
Further, the background management server registers the vehicle-mounted equipment identification information, receives the user information sent by the NFC workbench and registers the user information, and then allocates user security level information according to the user information, and maps the user security level information and the vehicle-mounted equipment information allowed to be accessed by the level corresponding to the user security level information, so that hierarchical access control of the vehicle-mounted equipment information is realized.
Further, after step S12, the method further includes the following steps:
s31: the NFC terminal analyzes the identity code to obtain user safety level information, encrypts the user safety level information to obtain encrypted user safety level information and sends the encrypted user safety level information to the vehicle-mounted equipment.
Further, after step S31, the vehicle-mounted device decrypts the encrypted user security level information sent by the NFC terminal to obtain the user security level information, generates a session key seed by using the user security level information, and sends the session key seed to the NFC terminal.
Fig. 4 is a schematic diagram of a flow of vehicle-mounted device and user information registration and NFC identity code generation, where the specific flow includes: vehicle-mounted equipment information such as serial numbers and models and equipment identification information stored in the NFC chip of the vehicle-mounted equipment is registered in a background management server in batches; user information is registered in a background management server through an NFC workbench; each user can allocate a corresponding security level according to the required access; mapping vehicle-mounted equipment information allowing a certain user to access and the user information; calculating by using the NFC identification information and the user information of the vehicle-mounted equipment which are mapped with each other to generate an NFC identity code; the background management server sends the NFC identity code to the NFC workbench; and the NFC workbench writes the NFC identity code into the NFC card.
Fig. 5 is a schematic diagram of a user identity authentication and access authorization process, where the user identity authentication process includes: the NFC terminal reads the vehicle-mounted equipment identification information stored in the NFC chip from the NFC chip; the NFC terminal reads the identity code stored in the NFC card from the NFC card; the NFC terminal performs matching operation by using the two kinds of information, and if the matching is successful, the identity authentication is passed; and if the matching is unsuccessful, the identity authentication is not passed, and the vehicle-mounted equipment is terminated.
Wherein, the access authority flow is as follows: if the identity authentication is passed, generating an equipment key by using the read vehicle-mounted equipment identification information and other specific information agreed with the vehicle-mounted equipment in advance by adopting the same algorithm as the vehicle-mounted equipment, decrypting the user security level information from the identity code of the NFC card, encrypting the user security level information by using the equipment identification information, and sending the encrypted user security level information and the equipment key to the vehicle-mounted equipment; the vehicle-mounted equipment also generates an equipment key by using the equipment identification information and other specific information agreed with the NFC terminal in advance by adopting the same algorithm as the NFC terminal, and performs matching operation with the equipment key sent by the NFC terminal, and if the matching is successful, the equipment passes the authentication; and if the matching is unsuccessful, the equipment authentication is not passed, and the vehicle-mounted equipment access is terminated.
In addition, if the vehicle-mounted equipment passes the authentication, the equipment identification information is used for decrypting the user security level, and then seeds with different security levels for generating the session keys of the vehicle-mounted equipment and the NFC terminal are generated according to the user security level information and by combining some uniqueness and timeliness information and are sent to the NFC terminal; the vehicle-mounted equipment and the NFC terminal generate a session key by using the same algorithm; the communication between the in-vehicle device and the NFC terminal is encrypted and decrypted using the session key.
In the present invention, access control can be divided into two main parts, user identity authentication and device access authorization. The user identity authentication takes an NFC terminal as a core, and respectively reads the NFC chip information of the vehicle-mounted equipment and the NFC card information of the user, and then the user identity authentication is carried out, wherein the NFC identity code stored in the NFC card is generated by a background management server by adopting the vehicle-mounted equipment identification information and the user information which are registered in advance. And the device access authorization takes the vehicle-mounted device as a core, the NFC terminal generates a device key by utilizing the previously read NFC information to carry out device access authentication, and corresponding access authority is granted according to the security level of the user. The invention combines an NFC terminal, a background management server, an NFC chip and an NFC card to carry out identity authentication on a vehicle-mounted device access user, wherein vehicle-mounted device identification information is mapped and bound with user information and generates an NFC identity code, the NFC terminal and the NFC chip are combined to realize access authentication on the vehicle-mounted device, and corresponding access permission is granted according to the security level of the user. The invention can prevent unauthorized access to the vehicle-mounted equipment, appoint the vehicle-mounted equipment which can be accessed by a user and realize the hierarchical access to the information of the vehicle-mounted equipment.
The above provides a detailed description of the access control method and system for the vehicle-mounted device provided by the invention. The principles and embodiments of the present invention are explained herein using specific examples, which are presented only to assist in understanding the method and its core concepts. It should be noted that, for those skilled in the art, it is possible to make various improvements and modifications to the present invention without departing from the principle of the present invention, and those improvements and modifications also fall within the scope of the claims of the present invention.

Claims (10)

1. An in-vehicle device access control system characterized by comprising:
the NFC terminal is used for reading the identification information of the vehicle-mounted equipment from the vehicle-mounted equipment, reading the identity code from the NFC card, matching and analyzing the identification information of the vehicle-mounted equipment and the identity code, and if the matching is successful, passing the identity authentication, generating an equipment key by utilizing the identification information of the vehicle-mounted equipment and sending the equipment key to the vehicle-mounted equipment;
the NFC card is used for storing an identity code;
the vehicle-mounted equipment is used for dynamically generating an equipment key, matching and analyzing the equipment key sent by the NFC terminal and the dynamically generated equipment key, and if the matching is successful, passing equipment authentication and receiving an access request of the NFC terminal to the vehicle-mounted equipment; the vehicle-mounted equipment further comprises an NFC chip used for storing the vehicle-mounted equipment identification information;
and the NFC terminal uses the same algorithm when generating the equipment key by using the vehicle-mounted equipment identification information and when dynamically generating the equipment key by using the vehicle-mounted equipment.
2. The system of claim 1, further comprising:
the background management server is used for registering the vehicle-mounted equipment identification information, receiving the user information sent by the NFC workbench, registering the user information, mapping the vehicle-mounted equipment identification information and the user information, generating an identity code and sending the identity code to the NFC workbench;
the NFC workbench is used for acquiring user information and sending the user information to the background management server; and writing the identity code sent by the background management server into the NFC card.
3. The system of claim 2, wherein the background management server is further configured to allocate user security level information according to user information, map the user security level information with vehicle-mounted device information allowed to be accessed by a level corresponding to the user security level information, and implement hierarchical access control on the vehicle-mounted device information.
4. The system of claim 3, wherein the NFC terminal is further configured to parse the identity code to obtain the user security level information, encrypt the user security level information, obtain the encrypted user security level information, and send the encrypted user security level information to the vehicle-mounted device.
5. The system of claim 4, wherein the vehicle-mounted device is further configured to decrypt the encrypted user security level information sent by the NFC terminal to obtain the user security level information, generate a session key seed by using the user security level information, and send the session key seed to the NFC terminal.
6. An in-vehicle device access control method for the system of any one of claims 1 to 5, comprising:
the NFC terminal reads vehicle-mounted equipment identification information from the vehicle-mounted equipment, reads an identity code from an NFC card, performs matching analysis on the equipment identification information and the identity code, passes identity authentication if matching is successful, generates an equipment key by utilizing the vehicle-mounted equipment identification information and sends the equipment key to the vehicle-mounted equipment;
the vehicle-mounted equipment dynamically generates an equipment key, the equipment key sent by the NFC terminal is matched and analyzed with the dynamically generated equipment key, if the matching is successful, the equipment passes the authentication, and an access request of the NFC terminal to the vehicle-mounted equipment is received;
and the NFC terminal uses the same algorithm when generating the equipment key by using the vehicle-mounted equipment identification information and when dynamically generating the equipment key by using the vehicle-mounted equipment.
7. The method of claim 6, wherein before the NFC terminal reads the in-vehicle device identification information from the in-vehicle device, the method further comprises:
the NFC workbench acquires user information and sends the user information to a background management server;
the background management server registers the identification information of the vehicle-mounted equipment, receives the user information sent by the NFC workbench, registers the user information, maps the identification information of the vehicle-mounted equipment and the user information, generates an identity code and sends the identity code to the NFC workbench;
and the NFC workbench writes the identity code sent by the background management server into the NFC card.
8. The method of claim 7, wherein after the background management server registers the identification information of the vehicle-mounted device, receives the user information sent by the NFC workbench, and registers the user information, the method further comprises:
the background management server distributes user safety level information according to the user information, maps the user safety level information and the vehicle-mounted equipment information allowed to be accessed by the level corresponding to the user safety level information, and realizes the hierarchical access control of the vehicle-mounted equipment information.
9. The method of claim 8, wherein if the matching is successful, the device authentication is passed, and after receiving the access request of the NFC terminal to the vehicle-mounted device, the method further comprises:
the NFC terminal analyzes the identity code to obtain user safety level information, encrypts the user safety level information to obtain encrypted user safety level information and sends the encrypted user safety level information to the vehicle-mounted equipment.
10. The method as claimed in claim 9, wherein the NFC terminal analyzes the identity code to obtain the user security level information, encrypts the user security level information, obtains the encrypted user security level information, and sends the encrypted user security level information to the vehicle-mounted device, further comprising:
the vehicle-mounted equipment decrypts the encrypted user security level information sent by the NFC terminal to obtain the user security level information, generates a session key seed by using the user security level information and sends the session key seed to the NFC terminal.
CN201710078133.4A 2017-02-14 2017-02-14 Access control method and system for vehicle-mounted equipment Active CN106850638B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710078133.4A CN106850638B (en) 2017-02-14 2017-02-14 Access control method and system for vehicle-mounted equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710078133.4A CN106850638B (en) 2017-02-14 2017-02-14 Access control method and system for vehicle-mounted equipment

Publications (2)

Publication Number Publication Date
CN106850638A CN106850638A (en) 2017-06-13
CN106850638B true CN106850638B (en) 2020-03-24

Family

ID=59127599

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710078133.4A Active CN106850638B (en) 2017-02-14 2017-02-14 Access control method and system for vehicle-mounted equipment

Country Status (1)

Country Link
CN (1) CN106850638B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107426219B (en) * 2017-07-28 2020-07-31 湖南中车时代通信信号有限公司 L KJ data wireless reloading system
CN109756446B (en) * 2017-11-01 2021-07-30 中车株洲电力机车研究所有限公司 Access method and system for vehicle-mounted equipment
JP6973262B2 (en) * 2018-04-18 2021-11-24 トヨタ自動車株式会社 Service provision system for vehicles, in-vehicle equipment and command transmission method
CN111770469A (en) * 2019-04-02 2020-10-13 北京车和家信息技术有限公司 Vehicle control method, device, vehicle and computer readable storage medium
CN113467410A (en) * 2020-03-31 2021-10-01 北京新能源汽车股份有限公司 Vehicle electronic control unit data acquisition method, transmission method and acquisition device
CN112104603B (en) * 2020-08-06 2023-11-14 华人运通(江苏)技术有限公司 Access authority control method, device and system of vehicle interface

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102571345A (en) * 2010-10-19 2012-07-11 丰田自动车株式会社 In-vehicle device, vehicle authentication system and data communication method
CN102819721A (en) * 2012-08-15 2012-12-12 腾讯科技(深圳)有限公司 NFC (near field communication)-based information interaction method and device
CN103342120A (en) * 2013-07-10 2013-10-09 奇瑞汽车股份有限公司 Intelligent key system and automobile control method
CN104424779A (en) * 2013-08-30 2015-03-18 比亚迪股份有限公司 System and method for controlling vehicle by virtue of mobile terminal
CN106341147A (en) * 2016-08-31 2017-01-18 上海斐讯数据通信技术有限公司 Intelligent vehicle-mounted system based on mobile terminal

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4802888B2 (en) * 2006-06-21 2011-10-26 株式会社デンソー Anti-theft system for in-vehicle devices

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102571345A (en) * 2010-10-19 2012-07-11 丰田自动车株式会社 In-vehicle device, vehicle authentication system and data communication method
CN102819721A (en) * 2012-08-15 2012-12-12 腾讯科技(深圳)有限公司 NFC (near field communication)-based information interaction method and device
CN103342120A (en) * 2013-07-10 2013-10-09 奇瑞汽车股份有限公司 Intelligent key system and automobile control method
CN104424779A (en) * 2013-08-30 2015-03-18 比亚迪股份有限公司 System and method for controlling vehicle by virtue of mobile terminal
CN106341147A (en) * 2016-08-31 2017-01-18 上海斐讯数据通信技术有限公司 Intelligent vehicle-mounted system based on mobile terminal

Also Published As

Publication number Publication date
CN106850638A (en) 2017-06-13

Similar Documents

Publication Publication Date Title
CN106850638B (en) Access control method and system for vehicle-mounted equipment
CN110324276B (en) Method, system, terminal and electronic device for logging in application
AU2015334634B2 (en) Transaction messaging
CN100533459C (en) Data safety reading method and safety storage apparatus thereof
EP2003589B1 (en) Authentication information management system, server, method and program
WO2016128906A1 (en) Systems and methods for securely managing biometric data
CN106203168B (en) Database security accesses system
CN112232814B (en) Encryption and decryption methods of payment key, payment authentication method and terminal equipment
CN102737180A (en) Integrated circuit for digital rights management
CN106067205B (en) A kind of gate inhibition's method for authenticating and device
KR101210260B1 (en) OTP certification device
CN106953732B (en) Key management system and method for chip card
CN113282944B (en) Intelligent lock unlocking method and device, electronic equipment and storage medium
RU2013140418A (en) SAFE ACCESS TO PERSONAL HEALTH RECORDS IN EMERGENCIES
CN101414913A (en) Computer network authentication system and method based on virtual technology
CN108460597B (en) Key management system and method
US20120124378A1 (en) Method for personal identity authentication utilizing a personal cryptographic device
CN106792669A (en) Information of mobile terminal encryption method and device based on Hybrid Encryption algorithm
CN111181960A (en) Safety credit granting and signature system based on terminal equipment block chain application
CN106656955A (en) Communication method and system and user terminal
CN107333263A (en) A kind of follow-on SIM card and mobile communication personal identification method and system
CN109151823A (en) The method and system of eSIM card authentication
CN106789977A (en) A kind of method and system that handset token is realized based on Secret splitting
CN108234125B (en) System and method for identity authentication
CN115457687B (en) Security configuration method and system for intelligent pole

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant