CN115396893A - Digital key issuing and verifying method and system - Google Patents
Digital key issuing and verifying method and system Download PDFInfo
- Publication number
- CN115396893A CN115396893A CN202211030058.1A CN202211030058A CN115396893A CN 115396893 A CN115396893 A CN 115396893A CN 202211030058 A CN202211030058 A CN 202211030058A CN 115396893 A CN115396893 A CN 115396893A
- Authority
- CN
- China
- Prior art keywords
- key
- certificate
- digital
- information
- issuing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
- H04W12/069—Authentication using certificates or pre-shared keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a digital key issuing and verifying method and a digital key issuing and verifying system. The digital key issuing method includes that a digital key issuing organization issues a main key certificate to main user equipment, then, the main key certificate can be used for carrying out operations such as digital signature on specific information in a temporary digital car key of a target equipment user, namely an auxiliary key certificate issuing request, so that a special identification of the main key certificate is obtained, and the special identification of the main key certificate is contained in the auxiliary key certificate by the digital key issuing organization. When the target device verifies the auxiliary key certificate, the special identification of the main key certificate in the auxiliary key certificate is extracted, and the validity of the special identification is verified through methods such as signature verification, and the like, so that the validity of the auxiliary key certificate is verified. The invention can simplify the complexity of digital key management, reduce the operation and maintenance cost of the digital key, and can safely, conveniently and reliably use the secondary key certificate offline.
Description
Technical Field
The invention belongs to a physical lock login technology using wireless communication, and particularly relates to a digital key issuing and verifying method and a digital key issuing and verifying system.
Background
The digital car key (or called 'car digital key') is one of important innovation functions of intelligent internet connection, the car key function is integrated in mobile terminal equipment, and based on safety technologies such as SE and TEE, identity authentication is performed on a car user through communication technologies such as near field communication, bluetooth, cellular communication and ultra wide band by adopting a symmetric key and an asymmetric key technology so as to complete functions of opening a door and starting a car. With digital car keys, vehicle users can securely communicate, store, authenticate, and share digital keys with vehicles using smart phones, key fobs, and other mobile devices. The PKI digital certificate technology greatly enhances the security of the digital car key solution.
As shown in fig. 1, when a vehicle owner (owner of a motor vehicle, i.e. owner of the vehicle) is an individual, the owner can control the vehicle by interacting between a "vehicle APP" and a "digital vehicle key APP" on a "owner mobile terminal device" and acquiring the digital vehicle key through a "vehicle-enterprise digital vehicle key platform"; the car owner can also share the digital car key to a driver or other service personnel through the interaction of the car APP and the digital car key APP and through the car enterprise digital car key platform, and the car owner obtains the control right of the car through the shared digital car key.
Similarly, when the owner of the vehicle is a unit (a unit user or a transportation enterprise), the vehicle operator can butt against the vehicle enterprise digital vehicle key platform through the vehicle operation management platform, and share the digital vehicle key with a driver or other service personnel, so that the vehicle renting, the vehicle fleet management, the vehicle rescue, the vehicle overhaul and other operation activities are performed.
The digital car key system realized by using the traditional PKI digital certificate authentication mechanism needs to adopt some complex means to simultaneously ensure the convenience and the safety of the digital car key in use. Meanwhile, the conventional method has the following disadvantages:
when the ownership of the vehicle is transferred, the system needs to ensure that the authorization information of the digital vehicle key shared by the original vehicle owner is completely cleared so as to prevent the occurrence of vehicle control events which are not authorized by the new vehicle owner;
the digital vehicle key shared by the vehicle use right transfer is not carried with the authorization information of a verifiable vehicle owner, and a reliable electronic authorization evidence chain is formed by means of a data chain in a vehicle operation management platform of a vehicle enterprise digital vehicle key platform, a user unit or a transportation unit of a cross-enterprise entity;
in order to ensure the safety and validity of using the digital car key, the vehicle needs to verify the real validity of the digital car key on a mobile terminal device held by a driver or other service personnel on line. When the vehicle is in special environments such as an underground parking lot, the field and the like, and the networking condition is lacked or the networking condition is severe, the validity of the digital vehicle key is difficult to verify on line.
Disclosure of Invention
In view of the above technical problems, the present invention is to provide a method and a system for issuing and verifying a digital key, which solve the problem that a vehicle or other devices use a secondary key offline in the case of a poor networking condition or a poor networking condition, and simplify the process of ensuring non-repudiation of the usage right of a temporary abdicating target device.
In order to achieve the purpose, the invention adopts the technical scheme that: a digital key issuing and verifying method realizes the purpose of creating one or more temporary digital keys, namely secondary keys by using a digital key of a primary user device as a primary key.
In a first aspect of the present invention, there is provided a digital key issuing method comprising the steps of:
and a digital key issuing mechanism of the terminal system issues a master key certificate to the master user equipment.
And when the master user equipment receives the auxiliary key issuing application, submitting the information including the master user digital signature and the master key certificate to a digital key platform of the terminal system.
The digital key platform constructs the auxiliary key certificate issuing application information according to the auxiliary key issuing application, the main user digital signature, the main key certificate and other information, and applies for issuing the auxiliary key certificate to the digital key issuing organization.
The digital key issuing organization checks the secondary key certificate at the digital key issuing organization and issues application information, and requests a chain certificate management system of the terminal system to manufacture a chain certificate containing the digital signature information of the primary user.
The digital key issuing authority confirms whether the form of the chain certificate returned by the chain certificate management system is in compliance or not, signs the chain certificate in compliance, and returns the chain certificate to the digital key platform to become a secondary key certificate.
And the secondary user equipment acquires the secondary key certificate and can use the secondary key certificate.
Further, the primary user device transmits a key application entry link to the secondary user device. The key application entry link includes primary key association information of the primary user device.
And a digital key platform which submits a secondary key issuing application including declaration information provided for the secondary user equipment to a terminal system through a key application entrance.
And the digital key platform forwards the secondary key issuing application to the primary user equipment.
The master user equipment acquires declaration information in the slave key issuing application and submits information including a master user digital signature, a master key certificate and the like to the digital key platform.
Further, the declaration information provided to the secondary user equipment includes personal essential information, authorization information, validity period information of the authorization information, and geographical range information; the personal essential information includes data uniquely identifying a subject provided by the declaration information; the authorization information is the interactive authority of the secondary user equipment to the target equipment.
Further, the master user digital signature specifically includes: the master user equipment acquires declaration information in the secondary key issuing application, and digitally signs a public key and authorization information of the secondary key certificate, validity period information of the authorization information and geographical range information by using the master key certificate.
Further, the chain certificate management system for manufacturing the chain certificate specifically comprises the following steps:
the chain certificate management system constructs data to be checked and signed, and the data to be checked and signed comprises the following components: the public key and the authorization information of the secondary key certificate, the valid period information of the authorization information and the geographical range information;
verifying the validity of the digital signature of the master user according to the data to be verified; if the digital signature of the master user is valid, the chain certificate management system fills the extension item of the chain certificate and then returns the extension item to the digital key issuing organization; the populated extension items include: the auxiliary key issues the applied authorization information, the valid period information of the authorization information, the geographical range information, the digital signature of the main user and the certificate of the main key.
In another aspect of the present invention, a digital key verification method is provided, which includes the following steps:
the secondary user equipment initiates a key authentication request to the target equipment and submits a secondary key certificate and authentication signature information;
the authentication signature information is a signature value obtained by signing specific data with a signature key of the secondary key certificate;
the target equipment verifies the auxiliary key certificate and the authentication signature information; and when the verification is passed, the target equipment opens the interaction authority to the secondary user equipment.
Further, the verifying the secondary key certificate by the target device specifically includes:
when the secondary key certificate meets the following conditions, the target device opens the control authority to the secondary user device:
the certificate chain, the validity period and the like of the secondary key certificate are true and valid;
the certificate chain, the validity period and the like of the master key certificate in the auxiliary key certificate extension item are true and valid;
the master user digital signature in the secondary key certificate extension item is real and valid;
the current time and the geographic range information of the target device meet the authorization information in the secondary key certificate expansion item, the valid period information of the authorization information and the geographic range information.
Further, in order to prevent replay attacks, the specific data signed by the authentication signature information each time is random. The authentication signature information is not any signature on the secondary key certificate, but rather, specific data is signed by using a signature key of the secondary key certificate during an authentication session, and the target device performs signature verification so as to verify that the holder of the secondary key certificate really has the signature key (only the holder of the secondary key certificate has the signature key).
Because the secondary key certificate has both the information of the secondary user and the signature information of the digital certificate issuing authority and the digital signature of the primary user, the authenticity and validity of the secondary key certificate and the validity of the grant or the disable of the vehicle control information can be completely and directly verified. Therefore, the method realizes that the target equipment directly performs verification according to the content of the secondary key certificate. This is also a major problem to be solved by the present invention: the vehicle is in an off-line state, and the validity of a newly issued secondary key and the control authority range of the vehicle are reliably verified.
In another aspect of the present invention, there is provided a digital key issuing and verifying system including: the system comprises main user equipment, auxiliary user equipment, target equipment and a terminal system;
the master user equipment, the slave user equipment and the target equipment respectively comprise equipment key calculation and storage safety environments;
the terminal system comprises a digital key platform, a digital key issuing organization and a chain certificate management system;
the digital key platform is used for receiving or forwarding an auxiliary key issuing application, constructing auxiliary key information according to the auxiliary key issuing application, a main user digital signature, a main key certificate and other information, and applying for issuing an auxiliary key certificate to a digital key issuing organization;
the digital key issuing mechanism is used for issuing a main key certificate and issuing an auxiliary key certificate according to a chain certificate constructed by the chain certificate management system;
and the chain certificate management system is used for constructing a chain certificate.
Further, the secondary key certificate includes: personal necessary information in the declaration information, authorization information for issuing application by the auxiliary key, validity period information of the authorization information, geographical range information, a public key of the auxiliary key certificate, a digital signature of a main user, a main key certificate, a digital key issuing authority certificate and a digital signature of the auxiliary key certificate by the digital key issuing authority.
The invention has the following beneficial effects: based on the method of the invention, the vehicle can not only distinguish the main key from the vehicle owner and the auxiliary key authorized by the main key of the vehicle owner, but also directly extract the authorization information signed by the vehicle owner through the main key from the auxiliary key.
And when the main key on the vehicle is cancelled, all the auxiliary keys authorized by the main key are immediately invalid, so that unauthorized access of the auxiliary keys which are missed to be networked can be avoided.
Meanwhile, the authorization information carried by the auxiliary key and signed by the main key can be used as an effective authorization electronic evidence, so that the complexity and difficulty of authorization and solid evidence are greatly reduced. Because the vehicle can not rely on external authentication service in the process of verifying the authenticity and the validity of the secondary key, the secondary key can still be normally used when the vehicle is in the condition of no network service or extremely poor network service (such as underground parking lots, remote areas, tunnels and the like).
Therefore, the high safety of the digital car key can be ensured, and the convenience of borrowing and returning, renting and recovering, contact-free trading of second-hand cars and contact-free vehicle handing-over is greatly improved.
Drawings
Fig. 1 is a digital car key system implemented by a digital certificate authentication mechanism in the prior art.
Fig. 2 is a flowchart of a digital key issuing method according to an embodiment of the present invention.
Fig. 3 is a flowchart of a digital key verification method according to an embodiment of the invention.
Detailed Description
In order to facilitate understanding of those skilled in the art, the present invention will be further described with reference to the following embodiments and accompanying drawings.
The digital key issuing mechanism issues a master key certificate to master user equipment;
the special information in the secondary key issuing request of the secondary user equipment is digitally signed by using the primary key to obtain the special identification of the primary key, and the special identification of the primary key is configured in the secondary key by the issuing organization of the digital key.
When the target device verifies the auxiliary key, the exclusive identification of the main key in the auxiliary key is extracted, and the validity of the exclusive identification is verified through methods such as signature verification and the like, so that the validity of the auxiliary key is verified.
Because the auxiliary key certificate contains the exclusive identification of the main key certificate, target equipment (such as a vehicle) does not need to establish a comparison table of the main key certificate and the auxiliary key certificate by itself, but can directly obtain the comparison table from the auxiliary key certificate, so that the complexity of digital key platform management is simplified, the operation and maintenance cost of the digital key platform is reduced, the comparison table error caused by untimely information updating can be avoided, and more importantly, the auxiliary key can be used in an offline manner under the condition of lacking networking conditions or bad networking conditions (such as underground parking lots, fields and the like), so that the target equipment can safely comply, conveniently and reliably temporarily give way to the use right under the offline condition.
The digital key issuing and verifying system of the present embodiment includes: the system comprises a main user device, an auxiliary user device, a target device and a terminal system;
the master user equipment, the slave user equipment and the target equipment all comprise equipment key calculation and storage safety environments;
the terminal system comprises a digital key platform, a digital key issuing organization and a chain certificate management system;
the digital key platform is used for receiving or forwarding an auxiliary key issuing application, constructing auxiliary key information according to the auxiliary key issuing application, a main user digital signature, a main key certificate and other information, and applying for issuing an auxiliary key certificate to a digital key issuing organization;
the digital key issuing mechanism is used for issuing a main key certificate and an auxiliary key certificate;
a chain certificate management system for constructing a chain certificate;
the secondary key certificate includes: personal necessary information in the declaration information, authorization information for issuing application by the auxiliary key, validity period information of the authorization information, geographical range information, a public key of the auxiliary key certificate, a digital signature of a main user, a main key certificate, a digital key issuing authority certificate and a digital signature of the auxiliary key certificate by the digital key issuing authority.
In the digital certificate issued for the digital car key, the digital certificate includes information such as authorization and signature of the master key, as shown in the following figure: the chain certificate comprises an auxiliary key certificate, a main user digital signature, a main key certificate, a digital key issuing authority certificate and authorization information of the auxiliary key certificate.
For descriptive convenience, the certificate containing the primary key certificate and the digital signature of the primary user is referred to as a "chain certificate" to distinguish from the conventional digital certificate. "chain certificate" means two digital certificates a, B, where the B certificate contains the a certificate's signature over some of the items of the B certificate, indicating the approval and endorsement of the a certificate over those items of the B certificate. Thus, an endorsement trust chain is also formed between the A certificate and the B certificate. However, the certificate a is not a CA certificate, so it cannot appear in a "certificate chain", but B contains the trust endorsement relationship of a, so the certificate B containing the trust association relationship between such certificates is referred to as a chain certificate. Namely: a "chain certificate" is a digital certificate that contains a personal trust relationship and maintains the integrity and authority of the certificate chain of the digital certificate itself.
In the digital key issuing method of the embodiment, if the owner authorizes others (driver or other service personnel) to use the digital car key, the steps are as shown in fig. 2:
1. the primary user equipment sends a key application entry link to the secondary user equipment. The application entry link already contains the master key certificate association information.
2. The secondary user equipment fills in personal necessary information, authorization requirements and the like on the key application entrance interface, and then submits the secondary key issuing application to the digital key platform. The personal necessary information comprises a name, an identification number, a mailbox, a mobile phone number, an attributive unit and department and the like, and the authorization information is granting and forbidding vehicle control authority, such as the authority of opening/closing a vehicle door, the authority of starting/stopping the vehicle, the authority of controlling a steering wheel, the authority of retrieving and deleting a vehicle data recorder and the like. When applying for issuing a secondary key certificate, a public key and a private key required by the certificate are generated on secondary user equipment; the private key is stored locally; the public key is submitted to the digital key platform with the certificate application.
3. And the digital vehicle key platform issues an application to the secondary key submitted by the secondary user equipment, and forwards the application to the primary user equipment, so that the secondary user equipment confirms and signs.
4. And checking the applicant information, the authorization requirement and the like in the secondary key application submitted by the secondary user equipment, signing and confirming or refusing the authorization application to the digital key platform, and submitting information such as a main key certificate of the digital key platform. The main user equipment does not sign the 'personal necessary information', the whole certificate is signed by the digital certificate issuing organization, and the main user only needs to sign the authorization related information and the public key of the secondary certificate.
5. The digital key platform constructs auxiliary key information according to key authorization application confirmed by the main user equipment, and information such as a main key certificate and signature thereof, and applies to a digital certificate issuing organization to issue a digital key certificate, which contains information such as an authorization signature of the main user equipment.
6. The digital certificate issuing authority checks the application information of issuing the key digital certificate, and requests the chain certificate management system to make a chain certificate (called as a 'secondary key certificate') containing the authorized signature information of the primary user equipment.
The chain certificate management system extracts auxiliary key authority information (including grant and forbid information of vehicle control authority, such as vehicle door opening/closing authority, vehicle starting/stopping authority, steering wheel control authority, automobile data recorder searching and deleting authority) from the request, and valid period information of the authorities and public keys of auxiliary key certificates to form data to be signed, and verifies validity of signature of the main key certificate on the auxiliary key authority information, authorized valid period information, authorized geographic range information and the public keys of the auxiliary key certificates. If the signature of the main key certificate is valid, the chain certificate management system fills the auxiliary key authority information, the authorized validity period information, the signature information of the main key certificate pair 'auxiliary key authority information, authorized validity period information, authorized geographic range information, the public key of the auxiliary key certificate' and the main key certificate as extension items of the chain certificate, and then returns the extension items to the digital key issuing authority as the auxiliary key certificate to be signed.
7. And the digital certificate issuing authority verifies the chain certificate information returned by the chain certificate system, issues the auxiliary key certificate and returns the auxiliary key certificate to the digital key platform.
8. The digital key platform informs the secondary user device to download the secondary car key.
9. And the auxiliary user equipment downloads the auxiliary vehicle key to the local, and then the auxiliary vehicle key can be used.
In the digital key verification method of the present embodiment, the steps of verifying the authenticity and validity of a digital car key (secondary key) held by another person, for example, by a vehicle, are shown in fig. 3:
1. the auxiliary user equipment approaches to the vehicle, a vehicle APP in the auxiliary user equipment initiates a key authentication request to target equipment (vehicle), and submits an auxiliary key certificate and authentication signature information.
2. The vehicle verifies the secondary key certificate submitted by the mobile phone APP, and verifies the real validity (certificate chain, validity period and the like) of the secondary key certificate.
3. The vehicle verifies the authenticity and validity (certificate chain, validity period, etc.) of the main key certificate contained in the auxiliary key certificate, and the authenticity and validity of the authorization information of the main key certificate of the vehicle owner to the auxiliary key and the signature information of the auxiliary key public key, and verifies whether the current conditions meet the vehicle key use limiting conditions (such as use time range, etc.).
Wherein: the "certificate chain" is a basic term of digital certificates, and represents a chain of final issuing authorities CA of a digital certificate and upper issuing authorities CA of the CA (referred to as intermediate CAs) up to a root CA. These CAs are all trusted authorities. That is, the CAs on the certificate chain recursively endorse the digital certificate forming an endorsement chain.
If the secondary key certificate is true and valid, the owner primary key certificate is true and valid, the authorization information of the owner primary key certificate to the secondary key and the signature information of the secondary key public key are also true and valid, and the current condition meets the use limiting condition agreed in the secondary key, the vehicle accepts the secondary key and opens the control use authority to the secondary key.
The above embodiments are only for illustrating the technical idea of the present invention, and the protection scope of the present invention is not limited thereby, and any modification made on the basis of the technical solution according to the technical idea of the present invention falls within the protection scope of the present invention.
Claims (10)
1. A digital key issuance method, characterized by comprising the steps of:
a digital key issuing mechanism of the terminal system issues a master key certificate to master user equipment;
when the master user equipment receives the auxiliary key issuing application, the information comprising the master user digital signature and the master key certificate is submitted to a digital key platform of the terminal system;
the digital key platform constructs the auxiliary key certificate issuing application information according to the auxiliary key issuing application, the main user digital signature and the main key certificate information, and applies for issuing the auxiliary key certificate to the digital key issuing organization;
the digital key issuing authority verifies that the secondary key certificate issues the application information, and requests a chain certificate management system of the terminal system to make a chain certificate containing the primary user digital signature information;
the digital key issuing agency verifies whether the form of the chain certificate returned by the chain certificate management system is in compliance or not, issues a secondary key digital certificate to the chain certificate in compliance, and returns the secondary key digital certificate to the digital key platform;
the secondary user device obtains a secondary key certificate.
2. The digital key issuance method according to claim 1, wherein the secondary key issuance application includes:
the master user equipment transmits a key application entry link to the slave user equipment; the key application entry link comprises main key associated information of the main user equipment;
a digital key platform which issues an application including the declaration information provided for the secondary user equipment and submits the application to a terminal system through a key application entrance;
the digital key platform transmits the secondary key issuing application to the primary user equipment;
and the master user equipment acquires declaration information in the secondary key issuing application and submits information including a master user digital signature and a master key certificate to a digital key platform of the terminal system.
3. The digital key issuance method according to claim 1 or 2, characterized in that:
the declaration information provided for the secondary user equipment comprises personal necessary information, authorization information, validity period information of the authorization information and geographical range information; the personal essential information includes data uniquely identifying a subject provided by the declaration information; the authorization information is the interactive authority of the secondary user equipment to the target equipment.
4. The digital key issuance method according to claim 3, characterized in that:
the master user digital signature specifically comprises: the master user equipment acquires declaration information in the secondary key issuing application, and uses the master key certificate to carry out digital signature on the public key and the authorization information of the secondary key certificate, the validity period information of the authorization information and the geographical range information.
5. The digital key issuance method according to claim 4, wherein the chain certificate management system making the chain certificate specifically includes the steps of:
the chain certificate management system constructs data to be checked, and the data to be checked comprises: the public key and the authorization information of the secondary key certificate, the valid period information of the authorization information and the geographical range information;
verifying the validity of the digital signature of the master user according to the data to be verified; if the master user digital signature is valid, the chain certificate management system fills the extension item of the chain certificate and then returns the extension item to the digital key issuing organization; the populated extension items include: the auxiliary key issues the applied authorization information, the valid period information of the authorization information, the geographical range information, the digital signature of the main user and the certificate of the main key.
6. A digital key verification method, comprising the steps of:
the secondary user equipment initiates a key authentication request to the target equipment and submits a secondary key certificate and authentication signature information;
the authentication signature information is a signature value obtained by signing the specific data by using the signature key of the secondary key certificate;
the target equipment verifies the auxiliary key certificate and the authentication signature information; and when the verification is passed, the target device opens the interaction authority to the secondary user device.
7. The digital key verification method of claim 6, wherein the target device verifying the secondary key certificate specifically comprises:
when the secondary key certificate meets the following conditions, the target device opens the control authority to the secondary user device:
the certificate chain, the validity period and the like of the secondary key certificate are true and valid;
the certificate chain, the validity period and the like of the main key certificate in the auxiliary key certificate extension item are true and valid;
the digital signature of the master user in the secondary key certificate extension item is real and valid;
the current time and the geographic range information of the target device meet the authorization information, the valid period information and the geographic range information in the secondary key certificate expansion item.
8. The digital key verification method of claim 6, wherein:
the authentication signature information is used for signing specific data in the identity authentication session process by using a signature key of a secondary key certificate; the authentication signature information is random every time the specific data is signed.
9. A digital key issuance verification system, comprising: the system comprises main user equipment, auxiliary user equipment, target equipment and a terminal system;
the master user equipment, the slave user equipment and the target equipment all comprise equipment key calculation and storage safety environments;
the terminal system comprises a digital key platform, a digital key issuing mechanism and a chain certificate management system;
the digital key platform is used for receiving or forwarding an auxiliary key issuing application, constructing auxiliary key information according to the auxiliary key issuing application, a main user digital signature, a main key certificate and other information, and applying for issuing an auxiliary key certificate to a digital key issuing organization;
the digital key issuing mechanism is used for issuing a main key certificate and issuing an auxiliary key certificate according to a chain certificate constructed by the chain certificate management system;
and the chain certificate management system is used for constructing a chain certificate.
10. The digital key issuance and verification system according to claim 9, wherein:
the secondary key certificate includes: personal necessary information in the declaration information, authorization information for issuing application by the auxiliary key, validity period information of the authorization information, geographical range information, a public key of the auxiliary key certificate, a digital signature of a main user, a main key certificate, a digital key issuing authority certificate and a digital signature of the auxiliary key certificate by the digital key issuing authority.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211030058.1A CN115396893A (en) | 2022-08-26 | 2022-08-26 | Digital key issuing and verifying method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211030058.1A CN115396893A (en) | 2022-08-26 | 2022-08-26 | Digital key issuing and verifying method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115396893A true CN115396893A (en) | 2022-11-25 |
Family
ID=84121840
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202211030058.1A Pending CN115396893A (en) | 2022-08-26 | 2022-08-26 | Digital key issuing and verifying method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115396893A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111970115A (en) * | 2019-05-20 | 2020-11-20 | 浙江吉利控股集团有限公司 | Method, device, system and terminal for checking digital key |
-
2022
- 2022-08-26 CN CN202211030058.1A patent/CN115396893A/en active Pending
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111970115A (en) * | 2019-05-20 | 2020-11-20 | 浙江吉利控股集团有限公司 | Method, device, system and terminal for checking digital key |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109727358B (en) | Vehicle sharing system based on Bluetooth key | |
US10829088B2 (en) | Identity management for implementing vehicle access and operation management | |
CN108569250B (en) | Automatic authorization method of Bluetooth key based on shared automobile | |
CN107650863B (en) | Vehicle sharing method and system | |
CN105847282B (en) | Vehicle control method, server and system | |
CN109830018B (en) | Vehicle borrowing system based on Bluetooth key | |
US9242619B2 (en) | Method for controlling a vehicle using driver authentication, vehicle terminal, biometric identity card, biometric identification system, and method for providing a vehicle occupant protection and tracking function using the biometric identification card and the terminal | |
KR102426930B1 (en) | Method for managing digital key of mobile device for vehicle-sharing and key server using the same | |
CN105931485A (en) | Appointment service system for shared parking stalls | |
KR101129318B1 (en) | Method and system providing lending service using biometrics card | |
CN109891416A (en) | For authenticating and the system and method for authorization device | |
CN106415674A (en) | System and method for controlling access | |
CN106209876A (en) | Net about car security service authentication method and vehicle personal identification system | |
JP2016511191A (en) | Method for making a vehicle available and corresponding system for making a vehicle available | |
US11263558B2 (en) | Method for monitoring access to electronically controllable devices | |
US11722529B2 (en) | Method and apparatus for policy-based management of assets | |
KR20140000050A (en) | Method and system for providing vehicles rental service using mobile communication terminal | |
CN115396893A (en) | Digital key issuing and verifying method and system | |
US20230412400A1 (en) | Method for suspending protection of an object achieved by a protection device | |
CN107609878A (en) | A kind of safety certifying method and system of shared automobile | |
CN106897627A (en) | It is a kind of to ensure the method that automobile ECU is immune against attacks and automatically updates | |
CN113781689A (en) | Access control system based on block chain | |
KR101375946B1 (en) | Smart key genenating system by using mobile and method of thesame | |
US20030074557A1 (en) | Method and system for management of properties | |
JP2007122360A (en) | Control device, authority owner device, information transmitting/receiving system, and information transmitting method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |