WO2009059471A1 - A method and a system for starting up motor vehicles - Google Patents

A method and a system for starting up motor vehicles Download PDF

Info

Publication number
WO2009059471A1
WO2009059471A1 PCT/CN2007/003511 CN2007003511W WO2009059471A1 WO 2009059471 A1 WO2009059471 A1 WO 2009059471A1 CN 2007003511 W CN2007003511 W CN 2007003511W WO 2009059471 A1 WO2009059471 A1 WO 2009059471A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
mobile communication
communication network
ignition device
parameter
Prior art date
Application number
PCT/CN2007/003511
Other languages
French (fr)
Chinese (zh)
Inventor
Jing MIAO
Zuoliang Zhu
Zhiping Zhang
Original Assignee
Zte Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zte Corporation filed Critical Zte Corporation
Publication of WO2009059471A1 publication Critical patent/WO2009059471A1/en

Links

Classifications

    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R25/00Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
    • B60R25/20Means to switch the anti-theft system on or off
    • B60R25/24Means to switch the anti-theft system on or off using electronic identifiers containing a code not memorised by the user

Abstract

A method for starting up motor vehicles, the method includes: step S302, performing a first attestation on an ignition device according to comparing safety attestation information stored on the ignition device and safety attestation information of a mobile communication module in a motor vehicle; step S304, in the case of the ignition device passing the first attestation, accessing the mobile communication module to a mobile communication network, and receiving an attestation parameter sent by the mobile communication network; step S306, transmitting the attestation parameter to the ignition device by the mobile communication module, performing the attestation parameter by the ignition device, and returning the processing result to the mobile communication network via the mobile communication module; and step S308, processing a second attestation on the processing result of the ignition device by the mobile communication module, and starting up the vehicle in the case of the ignition device passing the second attestation.

Description

机动车启动方法和系统 技术领域 本发明涉及通信领域, 并且特别地, 涉及一种机动车启动方法和系统。 背景技术 现有的启动机动车的方法, 都是通过钥匙启动, 这种方法属于机械式启 动, 只要启动钥匙和机动车的启动槽相匹配, 机动车就可以点火启动。 这样 的方式使得机动车处于不安全的状态下。 目前, 4艮多机动车防盗所采用的电 子防盗技术都是采用简单的双方密码认证, 如图 1所示, 即, 机动车电子防 盗设备通过核对点火钥匙密码来判定是否继续启动, 这种技术的缺点是密码 容易被暴力破解, 而通过密码扫描, 盗窃者可以在很短时间内将机动车启动 起来, 这显然不能有效保证机动车的安全, 并且, 一旦机动车被盗窃, 被寻 回的概率则很小, 这无疑会对人们带来很大的经济损失。 而目, 前移动网络的覆盖率已经达到了很高的地步, 同时 2代以上的移 动网络的安全性也非常高, 特别是终端的接入认证过程, 由于其特殊的鉴权 认证过程, 使得盗号基本上成为不可能的事情; 此外, 移动网络还可以在接 入鉴权认证的 上, 提供额外的安全认证, 同时还能够提供其他的定位、 远程控制等能力。 鉴于移动网络的诸多优势, 目前已经出现了利用移动通信网络来确保机 动车安全性的技术。 如图 2所示, 目前普遍采用的技术是在机动车被盗时, 机动车电子防盗设备将这一消息通知给终端设备, 终端设备采用报警等方式 通知用户。 然而, 由于认证的方式与图 1 中所示的技术差别不大, 因此, 并 不能防止机动车被盗窃者启动, 因此, 机动车同样会被盗取。 目前, 尚未提出能够利用移动通信网络有效防止机动车被盗的启动技 术。 发明内容 考虑到上述问题而做出本发明, 为此, 本发明的主要目的在于提供一种 机动车防盗方案, 其可以利用移动通信网络对机动车进行认 i£ , 从而有效防  BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to the field of communications, and in particular to a motor vehicle starting method and system. BACKGROUND OF THE INVENTION Existing methods of starting a motor vehicle are initiated by a key. This method is a mechanical start. As long as the starter key matches the starter slot of the motor vehicle, the motor vehicle can be started. This way the vehicle is in an unsafe state. At present, the electronic anti-theft technology used in the anti-theft of more than 4 vehicles is based on simple two-party password authentication, as shown in Figure 1, that is, the electronic anti-theft device of the motor vehicle determines whether to continue to start by checking the ignition key password. The disadvantage is that the password is easily brute-forced, and by password scanning, the thief can start the vehicle in a short time, which obviously cannot effectively guarantee the safety of the motor vehicle, and once the motor vehicle is stolen, it is recovered. The probability is small, which will undoubtedly bring great economic losses to people. However, the coverage of the former mobile network has reached a high level, and the security of the mobile network of more than 2 generations is also very high, especially the access authentication process of the terminal, due to its special authentication and authentication process. The hacking is basically impossible; in addition, the mobile network can provide additional security authentication on the access authentication, and can also provide other positioning, remote control and other capabilities. In view of the many advantages of mobile networks, technologies for utilizing mobile communication networks to ensure the safety of motor vehicles have emerged. As shown in Fig. 2, the currently widely used technology is that when the vehicle is stolen, the electronic anti-theft device of the motor vehicle notifies the terminal device of the message, and the terminal device notifies the user by means of an alarm or the like. However, since the authentication method is not much different from the technique shown in Fig. 1, it does not prevent the motor vehicle from being activated by the thief, and therefore, the motor vehicle is also stolen. At present, no start-up technology capable of effectively preventing the theft of a motor vehicle by using a mobile communication network has been proposed. SUMMARY OF THE INVENTION The present invention has been made in view of the above problems. Accordingly, it is a primary object of the present invention to provide a vehicle antitheft solution that can utilize a mobile communication network to recognize a motor vehicle, thereby effectively preventing
1 P17125 止机动车被盗窃者启动并盗取。 才艮据本发明的实施例, 提供了一种机动车启动方法。 该方法包括: 步骤 S302, 通过将点火装置上存储的安全认证信息与机 动车中的移动通信模块的安全认证信息进行对比来对点火装置进行第一认 证; 步骤 S304, 在点火装置通过第一认证的情况下, 移动通信模块接入移动 通信网络, 并且接收移动通信网络发送过来的认证参数; 步骤 S306, 移动通 信模块将认证参数转发至点火装置, 点火装置对认证参数进行处理, 并将处 理结果经由移动通信模块返回给移动通信网络; 以及步骤 S308, 移动通信网 络对点火装置的处理结果进行第二认证, 并在处理结果通过第二认证的情况 下, 启动机动车。 其中, 认证参数由移动通信网络分配, 并且移动通信网络保存与认证参 数对应的另一认证参数。 并且, 在步骤 S306 中, 点火装置根据其上存储的 密钥对认证参数进行计算, 并将计算结果作为处理结果经由移动通信模块返 回给移动通信网络。 此时, 在步骤 S308中, 移动通信网络对上述对应的另一认证参数进行 计算, 并根据对上述对应的另一认证参数的计算结果以及移动通信模块返回 的处理结果判断处理结果是否通过第二认证。 并且, 在步骤 S308中, 通过第二认证是指移动通信网络对上述对应的 另一认证参数的计算结果与移动通信模块返回的处理结果相同。 除此之外, 在步骤 S308中, 在移动通信模块无法接入移动通信网络从 而无法进行第二认证的情况下, 直接启动机动车。 并且, 在步骤 S308之后, 可以进一步包括: 在通过第二认证的情况下, 移动通信网络将下一次启动机动车进行第二认证时使用的密钥写入点火装 置。 另外, 点火装置上存储的安全认证信息包括: 移动通信终端的业务号、 机动车的唯一标识、 和密钥。 移动通信模块的安全认证信息包括: 移动通信 终端的业务号和机动车的唯一标识, 并且在进行第一认证的时候, 将点火装 置上存储的移动通信终端的业务号、 和机动车的唯一标识与移动通信模块的 安全认证信息进行对比。 移动通信模块可以位于移动车的发送机内部、 或者 1 P17125 The motor vehicle was started and stolen by the thief. According to an embodiment of the present invention, a method of starting a motor vehicle is provided. The method includes: Step S302: performing first authentication on the ignition device by comparing the safety certification information stored on the ignition device with the safety certification information of the mobile communication module in the vehicle; Step S304, the first authentication is performed in the ignition device In the case, the mobile communication module accesses the mobile communication network, and receives the authentication parameter sent by the mobile communication network; in step S306, the mobile communication module forwards the authentication parameter to the ignition device, and the ignition device processes the authentication parameter, and the processing result is processed. Returning to the mobile communication network via the mobile communication module; and in step S308, the mobile communication network performs second authentication on the processing result of the ignition device, and in the case where the processing result passes the second authentication, the vehicle is started. Wherein, the authentication parameter is allocated by the mobile communication network, and the mobile communication network saves another authentication parameter corresponding to the authentication parameter. Further, in step S306, the ignition device calculates the authentication parameter based on the key stored thereon, and returns the calculation result as a processing result to the mobile communication network via the mobile communication module. At this time, in step S308, the mobile communication network calculates the corresponding another authentication parameter, and determines whether the processing result passes the second according to the calculation result of the corresponding another authentication parameter and the processing result returned by the mobile communication module. Certification. Moreover, in step S308, the second authentication means that the calculation result of the corresponding another authentication parameter by the mobile communication network is the same as the processing result returned by the mobile communication module. In addition, in step S308, if the mobile communication module cannot access the mobile communication network and the second authentication cannot be performed, the motor vehicle is directly activated. Moreover, after step S308, the method further includes: in the case of passing the second authentication, the mobile communication network writes the key used in the next startup of the second authentication of the vehicle to the ignition device. In addition, the security authentication information stored on the ignition device includes: a service number of the mobile communication terminal, a unique identifier of the motor vehicle, and a key. The security authentication information of the mobile communication module includes: a service number of the mobile communication terminal and a unique identifier of the motor vehicle, and when the first authentication is performed, the service number of the mobile communication terminal stored on the ignition device, and the unique identifier of the motor vehicle Compare with the security authentication information of the mobile communication module. The mobile communication module can be located inside the transmitter of the mobile vehicle, or
2 P17125 可以附加在发送机之外。 根据本发明的另一实施例, 提供了一种机动车启动系统。 该系统包括: 第一认证模块, 用于通过将其上存储的安全认证信息与点 火装置上存储的安全认证信息进行对比来对点火装置进行第一认证, 以及在 点火装置通过第一认证的情况下接入移动通信网络, 将移动通信网络发送来 的认证参数转发至点火装置; 点火装置, 用于对认证参数进行处理, 并将处 理结果经由第一认证模块返回给移动通信网络; 以及第二认证模块, 位于移 动通信网络, 用于对点火装置的处理结果进行第二认证, 并在处理结果通过 第二认证的情况下, 启动机动车。 其中, 认证参数由移动通信网络分配, 移动通信网络保存与认证参数对 应的另一认证参数,并且第二认证模块对上述对应的另一认证参数进行计算, 并根据对对应的另一认证参数的计算结果以及第一认证模块返回的处理结果 判断处理结果是否通过第二认证。 在这种情况下,通过第二认证是指移动通信网络对上述对应的另一认证 参数的计算结果与第一认证模块返回的处理结果相同。 通过本发明的上述技术方案, 可以使机动车的防盗性能达到运营商水 平,有助于对防盗性能进行提升,便于其它的机动车服务功能和业务的开展。 附图说明 此处所说明的附图用来提供对本发明的进一步理解,构成本申请的一部 分, 本发明的示意性实施例及其说明用于解释本发明, 并不构成对本发明的 不当限定。 在附图中: 图 1是根据相关技术的机动车认证系统的框图; 图 2是根据相关技术的采用移动通信网络后的机动车认证系统的框图; 图 3是根据本发明实施例的机动车防盗方法的流程图; 图 4是实现根据本发明实施例的机动车防盗方法的系统的框图; 以及 图 5 是根据本发明实施例的机动车防盗方法的认证过程中的信令流程 图。 2 P17125 Can be attached to the sender. In accordance with another embodiment of the present invention, a vehicle launch system is provided. The system includes: a first authentication module, configured to perform first authentication of the ignition device by comparing the safety certification information stored thereon with safety certification information stored on the ignition device, and when the ignition device passes the first authentication And accessing the mobile communication network, forwarding the authentication parameter sent by the mobile communication network to the ignition device; the ignition device, configured to process the authentication parameter, and return the processing result to the mobile communication network via the first authentication module; The authentication module is located in the mobile communication network, and is used for second authentication of the processing result of the ignition device, and starts the motor vehicle if the processing result passes the second authentication. The authentication parameter is allocated by the mobile communication network, and the mobile communication network saves another authentication parameter corresponding to the authentication parameter, and the second authentication module calculates the corresponding another authentication parameter, and according to another corresponding authentication parameter. The calculation result and the processing result returned by the first authentication module determine whether the processing result passes the second authentication. In this case, the second authentication means that the calculation result of the mobile communication network for the corresponding another authentication parameter is the same as the processing result returned by the first authentication module. Through the above technical solution of the invention, the anti-theft performance of the motor vehicle can be achieved to the operator level, which helps to improve the anti-theft performance and facilitate the development of other motor vehicle service functions and services. BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are set to illustrate,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, In the drawings: FIG. 1 is a block diagram of a motor vehicle authentication system according to the related art; FIG. 2 is a block diagram of a motor vehicle authentication system after employing a mobile communication network according to the related art; FIG. 3 is a motor vehicle according to an embodiment of the present invention. FIG. 4 is a block diagram of a system for implementing a vehicle theft prevention method according to an embodiment of the present invention; and FIG. 5 is a signaling flowchart in an authentication process of a vehicle theft prevention method according to an embodiment of the present invention.
3 P17125 具体实施方式 在本实施例中, 提供了一种机动车防盗方法。 如图 3所示, 根据本发明实施例的机动车防盗方法包括: 步骤 S302 , 通过将点火装置上存储的安全认证信息与机动车中的移动通信模块的安全认 证信息进行对比来对点火装置进行第一认证 (可以是简单地对比两者是否相 同); 步骤 S304, 在点火装置通过第一认证 (对比的双方相同) 的情况下, 移动通信模块接入移动通信网络, 并且接收移动通信网络发送过来的认证参 数; 步骤 S306 , 移动通信模块将认证参数转发至点火装置, 点火装置对认证 参数进行处理, 并将处理结果经由移动通信模块返回给移动通信网络; 以及 步骤 S308, 移动通信网络对点火装置的处理结果进行第二认证, 并在处理结 果通过第二认证的 'f青况下, 启动机动车。 其中, 认证参数由移动通信网络分配, 并且移动通信网络保存与认证参 数对应的另一认证参数。 并且, 在步骤 S306 中, 点火装置根据其上存储的 密钥对认证参数进行计算, 并将计算结果作为处理结果经由移动通信模块返 回给移动通信网络。 此时, 在步骤 S308中, 移动通信网络对上述对应的另一认证参数进行 计算, 并根据对上述对应的另一认证参数的计算结果以及移动通信模块返回 的处理结果判断处理结果是否通过第二认证。 并且, 在步骤 S308中, 通过第二认证是指移动通信网络对上述对应的 另一认证参数的计算结果与移动通信模块返回的处理结果相同。 应当注意, 这里移动通信网络与点火装置所采用的计算方法是相同的, 不同的是计算参数, 其依据是非对称加密的原理: 双方各自保留自己的私钥 用于解密, 用公钥进行加密, 公钥是双方都知道的, 这样, 公钥就可以理解 为是双方计算出来的结果, 而私钥是各自保存的, 双方不能知道对方的认证 参数, ^ 如计算出来的结果不匹配 (不相同), 就说明是非法用户。 除此之外, 在步骤 S308中, 在移动通信模块无法接入移动通信网络从 而无法进行第二认证的情况下, 直接启动机动车。 并且, 在步骤 S308之后, 可以进一步包括: 在通过第二认证的情况下, 移动通信网络将下一次启动机动车进行第二认证时使用的密钥写入点火装 3 P17125 DETAILED DESCRIPTION OF THE INVENTION In this embodiment, a vehicle anti-theft method is provided. As shown in FIG. 3, the vehicle anti-theft method according to the embodiment of the present invention includes: Step S302: Comparing the ignition device by comparing the safety certification information stored on the ignition device with the safety certification information of the mobile communication module in the motor vehicle First authentication (may be to simply compare whether the two are the same); Step S304, in the case that the ignition device passes the first authentication (the two sides of the comparison are the same), the mobile communication module accesses the mobile communication network, and receives the mobile communication network to send The authentication parameter comes in; step S306, the mobile communication module forwards the authentication parameter to the ignition device, the ignition device processes the authentication parameter, and returns the processing result to the mobile communication network via the mobile communication module; and step S308, the mobile communication network pairs the ignition The processing result of the device is subjected to the second authentication, and the motor vehicle is started under the condition that the processing result passes the second authentication. Wherein, the authentication parameter is allocated by the mobile communication network, and the mobile communication network saves another authentication parameter corresponding to the authentication parameter. Further, in step S306, the ignition device calculates the authentication parameter based on the key stored thereon, and returns the calculation result as a processing result to the mobile communication network via the mobile communication module. At this time, in step S308, the mobile communication network calculates the corresponding another authentication parameter, and determines whether the processing result passes the second according to the calculation result of the corresponding another authentication parameter and the processing result returned by the mobile communication module. Certification. Moreover, in step S308, the second authentication means that the calculation result of the corresponding another authentication parameter by the mobile communication network is the same as the processing result returned by the mobile communication module. It should be noted that the calculation method adopted by the mobile communication network and the ignition device here is the same, the difference is the calculation parameter, which is based on the principle of asymmetric encryption: each party keeps its own private key for decryption, and encrypts with the public key. The public key is known to both parties. In this way, the public key can be understood as the result calculated by both parties, and the private key is saved separately. The two parties cannot know the authentication parameters of the other party. ^ If the calculated results do not match (not the same ), it means it is an illegal user. In addition, in step S308, if the mobile communication module cannot access the mobile communication network and the second authentication cannot be performed, the motor vehicle is directly activated. Moreover, after step S308, the method may further include: in the case of passing the second authentication, the mobile communication network writes the key used in the next startup of the second authentication of the motor vehicle to the ignition device.
4 P17125 置。 另外, 点火装置上存储的安全认证信息包括: 移动通信终端的业务号、 机动车的唯一标识(例如, 机动车拍照号码、 发送机号码等)、 和密钥 (一般 只保存在点火装置中, 用于对移动通信网络发送过来的认证参数进行计算)。 移动通信模块的安全认证信息包括: 移动通信终端的业务号和机动车的唯一 标识, 并且在进行第一认证的时候, 将点火装置上存储的移动通信终端的业 务号、 和机动车的唯一标识与移动通信模块的安全认证信息进行对比。 移动 通信模块可以位于移动车的发送机内部、 或者可以附加在发送机之外。 在实际实施时, 上述点火装置可以是实际使用的点火钥匙, 此时, 可以 进行以下处理: 第一步, 在机动车的点火控制机构上, 附加特制的移动通信模块, 可以 内置于发动机内部, 也可以采用外挂在发动机外部的电路控制机构或者油路 控制机构; 第二步, 提供包含智能芯片的点火钥匙, 钥匙上必须有存储芯片, 这样 才能够保存必要的安全认证信息, 可以根据输入参数进行密码运算, 并且, 点火钥匙还具有读写的功能, 使得认证信息能够随时更新; 第三步, 在移动通信网络运营商注册安全服务业务, 并将认证信息与机 动车的唯一标识符号关联; 在机动车出厂时, 如果未安装移动通信模块、 并且未注册移动通信网络 安全服务的情况下, 则需要初始化设备, 设置移动通信模块的参数, 其中, 设置的对象包括机动车的唯一标识符、 移动运营商提供的业务号码, 同时在 点火钥匙上设置写入移动终端相关的相关参数, 包括 EMSI、 机动车唯一标 识符等参数; 第四步, 在设备可以正常工作的情况下, 在每次点火启动的时候, 如图 4 所示, 首先, 无线通信模块与点火钥匙进行双方认证(即, 上述的第一认 证, 可以是简单的密码认证), 核对业务号码、 机动车标识符号; 认证通过后 无线通信模块发起网络接入请求, 网络发起安全认证(即, 上述的第二认证, 即, 利用运营商提供的密码进行认证), 认证通过后启动点火控制机构, 发动 机正常启动。 4 P17125 Set. In addition, the safety certification information stored on the ignition device includes: a service number of the mobile communication terminal, a unique identification of the motor vehicle (eg, a motor vehicle photographing number, a transmitter number, etc.), and a key (generally only stored in the ignition device, Used to calculate the authentication parameters sent by the mobile communication network). The security authentication information of the mobile communication module includes: a service number of the mobile communication terminal and a unique identifier of the motor vehicle, and when the first authentication is performed, the service number of the mobile communication terminal stored on the ignition device, and the unique identifier of the motor vehicle Compare with the security authentication information of the mobile communication module. The mobile communication module can be located inside the transmitter of the mobile vehicle or can be attached to the transmitter. In actual implementation, the above ignition device may be an ignition key actually used. In this case, the following processing may be performed: In the first step, a special mobile communication module is added to the ignition control mechanism of the motor vehicle, which may be built in the engine. It is also possible to use a circuit control mechanism or an oil circuit control mechanism externally attached to the engine; the second step is to provide an ignition key including a smart chip, and a memory chip must be present on the key, so that the necessary safety certification information can be saved, and the input parameter can be based on the input parameter. Performing cryptographic operations, and the ignition key also has a function of reading and writing, so that the authentication information can be updated at any time; the third step is to register the security service service with the mobile communication network operator, and associate the authentication information with the unique identification symbol of the motor vehicle; When the vehicle is shipped from the factory, if the mobile communication module is not installed and the mobile communication network security service is not registered, the device needs to be initialized, and the parameters of the mobile communication module are set, wherein the set object includes the unique identifier of the motor vehicle, Mobile transport The service number provided by the quotient, and the relevant parameters related to writing the mobile terminal, including the parameters such as EMSI and the unique identifier of the motor vehicle, are set on the ignition key; the fourth step, in the case that the device can work normally, after each ignition start At the time, as shown in FIG. 4, first, the wireless communication module and the ignition key perform mutual authentication (that is, the first authentication described above may be a simple password authentication), check the service number, the vehicle identification symbol, and the wireless after the authentication is passed. The communication module initiates a network access request, and the network initiates a security authentication (ie, the second authentication described above, that is, using the password provided by the operator for authentication), and after the authentication is passed, the ignition control mechanism is activated, and the engine is normally started.
5 P17125 参照图 4, 居本发明的机动车启动系统包括: 第一认证模块(可以是 上述的移动通信模块或位于移动通信模块侧) 402 , 用于通过将其上存储的 安全认证信息与点火装置 404上存储的安全认证信息进行对比来对点火装置 404进行第一认证, 以及在点火装置 404通过第一认证的情况下接入移动通 信网络, 将移动通信网络发送来的认证参数转发至点火装置 404; 点火装置 404, 用于对认证参数进行处理, 并将处理结果经由第一认证模块 402 返回 给移动通信网络; 以及第二认证模块 406, 位于移动通信网络侧, 用于对点 火装置 404的处理结果进行第二认证,并在处理结果通过第二认证的情况下, 启动机动车。 其中, 认证参数由移动通信网络分配, 移动通信网络保存与认证参数对 应的另一认证参数, 并且第二认证模块 406对上述对应的另一认证参数进行 计算, 并根据对上述对应的另一认证参数的计算结果以及第一认证模块 402 返回的处理结果判断处理结果是否通过第二认证。 在这种情况下,通过第二认证是指移动通信网络对上述对应的另一认证 参数的计算结果与第一认证模块 402返回的处理结果相同。 图 5是根据本发明实施例的机动车防盗方法的处理信令流程图。 如图 5 所示, 具体可以包括以下步骤: 5 P17125 Referring to FIG. 4, the motor vehicle starting system of the present invention includes: a first authentication module (which may be the above-described mobile communication module or on the mobile communication module side) 402 for using the safety authentication information stored thereon and the ignition device 404 The stored security authentication information is compared to perform first authentication on the ignition device 404, and in the case where the ignition device 404 passes the first authentication, access to the mobile communication network, and the authentication parameters transmitted from the mobile communication network are forwarded to the ignition device 404. The ignition device 404 is configured to process the authentication parameter, and return the processing result to the mobile communication network via the first authentication module 402; and the second authentication module 406 is located on the mobile communication network side for processing the ignition device 404. As a result, the second authentication is performed, and in the case where the processing result passes the second authentication, the motor vehicle is started. The authentication parameter is allocated by the mobile communication network, and the mobile communication network saves another authentication parameter corresponding to the authentication parameter, and the second authentication module 406 calculates the corresponding another authentication parameter, and according to another authentication corresponding to the foregoing. The calculation result of the parameter and the processing result returned by the first authentication module 402 determine whether the processing result passes the second authentication. In this case, the second authentication means that the calculation result of the corresponding authentication parameter of the mobile communication network is the same as the processing result returned by the first authentication module 402. FIG. 5 is a process signaling flowchart of a vehicle theft prevention method according to an embodiment of the present invention. As shown in FIG. 5, the following steps may be specifically included:
( 1 ) 将点火启动钥匙插入, 移动通信模块从启动钥匙里读取相关的数 据, 并进行对比, 进行第一认证, 即, 本地的简单密码认证过程; ( 2 ) 本地认证通过之后, 移动通信模块接入到移动网络, 如果此时接 入失败则直接启动机动车 (例如, 在偏远山区等无法连接到移动通信网络的 地方;); (1) Insert the ignition start key, the mobile communication module reads the relevant data from the startup key, and compares it to perform the first authentication, that is, the local simple password authentication process; (2) after the local authentication is passed, the mobile communication The module is connected to the mobile network, and if the access fails at this time, the motor vehicle is directly started (for example, in a remote mountainous area where the mobile communication network cannot be connected;);
( 3 )接入移动通信网络之后, 移动通信网络发起认证请求消息, 消息 中包括了认证所需的密钥等相关参数(即, 上述的认证参数 ), 并通过空中接 口发送到移动通信模块; (3) After accessing the mobile communication network, the mobile communication network initiates an authentication request message, and the message includes related parameters such as a key required for authentication (ie, the above-mentioned authentication parameter), and is sent to the mobile communication module through the air interface;
( 4 )移动通信模块将接受到的消息进行分析, 并将认证参数发送到启 动钥匙上, 启动钥匙通过智能芯片进行密码运算; (4) The mobile communication module analyzes the received message, and sends the authentication parameter to the startup key, and the activation key performs the cryptographic operation through the smart chip;
( 5 ) 启动钥匙将运算结果返回给移动通信模块, 移动通信模块将运算 结果封装成认证的回复消息, 并发送到移动通信网络; (5) The startup key returns the operation result to the mobile communication module, and the mobile communication module encapsulates the operation result into an authentication reply message and transmits the result to the mobile communication network;
6 P17125 ( 6 )移动网络根据返回的消息判定是否通过认证或者拒绝认证; 6 P17125 (6) The mobile network determines whether to pass the authentication or reject the authentication according to the returned message;
( 7 ) 移动通信网络发送相关的消息给移动通信模块, 如果认证通过, 移动网络应该分配下一次认证的参数(这一步不是必须的); (7) The mobile communication network sends a related message to the mobile communication module. If the authentication is passed, the mobile network should assign the parameters of the next authentication (this step is not necessary);
( 8 )移动通信模块根据返回的消息, 决定是否启动车辆, 并将相关的 参数和结果写入启动钥匙, 以备下一次认证。 综上所述, 借助于本发明的技术方案, 可以使机动车的防盗性能达到很 高的水平(达到运营商水平), 同时, 可以通过升级密码认证算法, 使防盗性 能可以根据威胁水平的上升而改进, 同时, 移动运营商还能够通过移动通信 网絡提供其它的机动车服务功能和业务。 以上所述仅为本发明的优选实施例而已, 并不用于限制本发明, 对于本 领域的技术人员来说, 本发明可以有各种更改和变化。 凡在本发明的精神和 原则之内, 所作的任何修改、 等同替换、 改进等, 均应包含在本发明的保护 范围之内。 (8) The mobile communication module determines whether to start the vehicle according to the returned message, and writes relevant parameters and results to the startup key for the next authentication. In summary, with the technical solution of the present invention, the anti-theft performance of the motor vehicle can be achieved at a very high level (at the operator level), and at the same time, the anti-theft performance can be increased according to the threat level by upgrading the password authentication algorithm. Improvements, at the same time, mobile operators can also provide other motor vehicle service functions and services through mobile communication networks. The above description is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.

Claims

权 利 要 求 书 一种机动车启动方法, 其特征在于, 包括: Claims A method for starting a motor vehicle, characterized in that it comprises:
步骤 S302, 通过将点火装置上存储的安全认证信息与机动车中的 移动通信模块的安全认证信息进行对比来对所述点火装置进行第一认 证;  Step S302, performing first authentication on the ignition device by comparing safety authentication information stored on the ignition device with safety certification information of the mobile communication module in the vehicle;
步骤 S304, 在所述点火装置通过所述第一认证的情况下, 所述移 动通信模块接入移动通信网络, 接收所述移动通信网络发送来的认证参 数;  Step S304, in a case that the ignition device passes the first authentication, the mobile communication module accesses a mobile communication network, and receives an authentication parameter sent by the mobile communication network;
步骤 S306, 所述移动通信模块将所述认证参数转发至所述点火装 置, 所述点火装置对所述认证参数进行处理, 并将处理结果经由所述移 动通信模块返回给所述移动通信网络; 以及  Step S306, the mobile communication module forwards the authentication parameter to the ignition device, and the ignition device processes the authentication parameter, and returns the processing result to the mobile communication network via the mobile communication module; as well as
步骤 S308, 所述移动通信网络对所述点火装置的所述处理结果进 f亍第二认证, 并在所述处理结果通过所述第二认证的情况下, 启动所述 机动车。  Step S308, the mobile communication network performs a second authentication on the processing result of the ignition device, and starts the motor vehicle if the processing result passes the second authentication.
4艮据权利要求 1所述的方法, 其特征在于, 所述认证参数由所述移动通 信网络分配, 并且所述移动通信网络保存与所述认证参数对应的另一认 证参数。 根据权利要求 2所述的方法, 其特征在于, 在所述步骤 S306中, 所述点 火装置 居其上存储的密钥对所述认证参数进行计算, 并将计算结果作 为所述处理结果经由所述移动通信模块返回给所述移动通信网络。 根据权利要求 3所述的方法, 其特征在于, 在所述步骤 S308中, 所述移 动通信网络对所述对应的另一认证参数进行计算, 并根据对所述对应的 另一认证参数的计算结果以及所述移动通信模块返回的所述处理结果判 断所述处理结果是否通过所述第二认证。 根据权利要求 4所述的方法, 其特征在于, 在所述步骤 S308中, 通过所 述第二认证是指所述移动通信网络对所述对应的另一认证参数的计算结 果与所述移动通信模块返回的所述处理结果相同。 The method of claim 1, wherein the authentication parameter is allocated by the mobile communication network, and the mobile communication network maintains another authentication parameter corresponding to the authentication parameter. The method according to claim 2, wherein in the step S306, the ignition device stores a key stored thereon to calculate the authentication parameter, and uses the calculation result as the processing result The mobile communication module returns to the mobile communication network. The method according to claim 3, wherein in the step S308, the mobile communication network calculates the corresponding another authentication parameter, and according to the calculation of the corresponding another authentication parameter And a result of the processing returned by the mobile communication module determines whether the processing result passes the second authentication. The method according to claim 4, wherein in the step S308, the second authentication refers to a calculation result of the mobile communication network to the corresponding another authentication parameter and the mobile communication The processing results returned by the module are the same.
8 P17125 8 P17125
6. 根据权利要求 1所述的方法, 其特征在于, 在所述步骤 S308中, 在所述 移动通信模块无法接入所述移动通信网络从而无法进行所述第二认证的 情况下, 直接启动所述机动车。 The method according to claim 1, wherein in the step S308, if the mobile communication module cannot access the mobile communication network and the second authentication cannot be performed, directly start The motor vehicle.
7. 根据权利要求 1所述的方法, 其特征在于, 在所述步骤 S308之后, 进一 步包括: The method according to claim 1, wherein after the step S308, the method further comprises:
在通过所述第二认证的情况下,所述移动通信网络将下一次启动所 述机动车进行第二认证时使用的密钥写入所述点火装置。  In the case of the second authentication, the mobile communication network writes the key used in the next activation of the motor vehicle for the second authentication to the ignition device.
8. 根据权利要求 1至 7中任一项所述的方法, 其特征在于, 所述点火装置 上存储的安全认证信息包括: 所述移动通信终端的业务号、 所述机动车 的唯一标识和所述密钥。 The method according to any one of claims 1 to 7, wherein the security authentication information stored on the ignition device comprises: a service number of the mobile communication terminal, a unique identifier of the motor vehicle, and The key.
9. 根据权利要求 1至 7中任一项所述的方法, 其特征在于, 所述移动通信 模块的安全认证信息包括: 所述移动通信终端的业务号和所述机动车的 唯一标识, 并且在进行所述第一认证的时候, 将所述点火装置上存储的 所述移动通信终端的业务号、 和所述机动车的唯一标识与所述移动通信 模块的安全认证信息进行对比。 The method according to any one of claims 1 to 7, wherein the security authentication information of the mobile communication module comprises: a service number of the mobile communication terminal and a unique identifier of the motor vehicle, and At the time of performing the first authentication, the service number of the mobile communication terminal stored on the ignition device and the unique identification of the motor vehicle are compared with the security authentication information of the mobile communication module.
10. 根据权利要求 1至 7中任一项所述的方法, 其特征在于, 所述移动通信 模块位于所述移动车的发送机内部、 或者附加在所述发送机之外。 The method according to any one of claims 1 to 7, characterized in that the mobile communication module is located inside the transmitter of the mobile vehicle or is external to the transmitter.
11. 一种机动车启动系统, 其特征在于, 包括: 11. A motor vehicle starting system, comprising:
第一认证模块,用于通过将其上存储的安全认证信息与点火装置上 存储的安全认证信息进行对比来对所述点火装置进行第一认证, 以及在 所述点火装置通过所述第一认证的情况下接入移动通信网络, 将所述移 动通信网络发送来的认证参数转发至所述点火装置;  a first authentication module, configured to perform first authentication on the ignition device by comparing safety authentication information stored thereon with safety authentication information stored on an ignition device, and pass the first authentication in the ignition device Accessing the mobile communication network, forwarding the authentication parameters sent by the mobile communication network to the ignition device;
所述点火装置, 用于对所述认证参数进行处理, 并将处理结果经由 所述第一认证模块返回给所述移动通信网络; 以及  The ignition device is configured to process the authentication parameter, and return the processing result to the mobile communication network via the first authentication module;
第二认证模块, 位于所述移动通信网络, 用于对所述点火装置的所 述处理结果进^ "第二认证, 并在所述处理结果通过所述第二认证的情况 下, 启动所述机动车。  a second authentication module, located in the mobile communication network, configured to perform a second authentication on the processing result of the ignition device, and in a case where the processing result passes the second authentication, start the Motor vehicle.
9 P17125 9 P17125
12. 根据权利要求 11所述的系统, 其特征在于, 所述认证参数由所述移动通 信网络分配, 所述移动通信网络保存与所述认证参数对应的另一认证参 数, 并且所述第二认证模块对所述对应的另一认证参数进行计算, 并才艮 据对所述对应的另一认证参数的计算结果以及所述第一认证模块返回的 所述处理结果判断所述处理结果是否通过所述第二认证。 12. The system according to claim 11, wherein the authentication parameter is allocated by the mobile communication network, the mobile communication network saves another authentication parameter corresponding to the authentication parameter, and the second The authentication module calculates the corresponding another authentication parameter, and determines whether the processing result is passed according to the calculation result of the corresponding another authentication parameter and the processing result returned by the first authentication module. The second authentication.
13. 根据权利要求 12所述的系统, 其特征在于, 通过所述第二认证是指所述 移动通信网络对所述对应的另一认证参数的计算结果与所述第一认证模 块返回的所述处理结果相同。 The system according to claim 12, wherein the second authentication refers to a calculation result of the corresponding another authentication parameter by the mobile communication network and a return of the first authentication module. The processing results are the same.
10 P17125 10 P17125
PCT/CN2007/003511 2007-11-08 2007-12-10 A method and a system for starting up motor vehicles WO2009059471A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200710170304.2A CN101159555B (en) 2007-11-08 2007-11-08 Motor vehicle starting method and system
CN200710170304.2 2007-11-08

Publications (1)

Publication Number Publication Date
WO2009059471A1 true WO2009059471A1 (en) 2009-05-14

Family

ID=39307489

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/003511 WO2009059471A1 (en) 2007-11-08 2007-12-10 A method and a system for starting up motor vehicles

Country Status (2)

Country Link
CN (1) CN101159555B (en)
WO (1) WO2009059471A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105083218B (en) * 2015-07-16 2018-10-19 浙江吉利汽车研究院有限公司 vehicle starting method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6148212A (en) * 1997-12-18 2000-11-14 Ericsson Inc. System and method for cellular control of automobile electrical systems
US20060038664A1 (en) * 2004-08-17 2006-02-23 Hyundai Mobis Co., Ltd. Vehicle theft prevention system and method thereof
CN1834832A (en) * 2005-03-14 2006-09-20 通用汽车公司 System and method of using telematics units for locking and unlocking vehicle functions

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4156493B2 (en) * 2003-11-04 2008-09-24 株式会社東海理化電機製作所 Vehicle security device and ID code management device
JP4489024B2 (en) * 2004-01-26 2010-06-23 東芝ソリューション株式会社 Security device, vehicle authentication device, method, and program
CN1942347B (en) * 2004-04-29 2011-06-08 宝马股份公司 Authentication of vehicle-external device
JP2006117086A (en) * 2004-10-21 2006-05-11 Matsushita Electric Ind Co Ltd Antitheft device for vehicle

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6148212A (en) * 1997-12-18 2000-11-14 Ericsson Inc. System and method for cellular control of automobile electrical systems
US20060038664A1 (en) * 2004-08-17 2006-02-23 Hyundai Mobis Co., Ltd. Vehicle theft prevention system and method thereof
CN1834832A (en) * 2005-03-14 2006-09-20 通用汽车公司 System and method of using telematics units for locking and unlocking vehicle functions

Also Published As

Publication number Publication date
CN101159555A (en) 2008-04-09
CN101159555B (en) 2011-03-02

Similar Documents

Publication Publication Date Title
US8048174B2 (en) Theft prevention system
EP3426528B1 (en) Secure smartphone based access and start authorization system for vehicles
JP5189073B2 (en) Personal property, in particular a method, computer program and personal property for protecting automobiles from unauthorized use
JP6445235B2 (en) Method of pairing mobile phone and automobile, and locking / unlocking system
US10231123B2 (en) Bluetooth low energy (BLE) communication between a mobile device and a vehicle
CN102438237B (en) Use the access technique of mobile communication equipment
US7024226B2 (en) Method for enabling PKI functions in a smart card
US7432796B2 (en) Security control system for managing registration of ID codes for portable devices
CN100387798C (en) Electric key and electric lock device and realization method thereof
JP2011511350A (en) Access control management method and apparatus
CN112396735B (en) Internet automobile digital key safety authentication method and device
US20080130879A1 (en) Method and system for a secure PKI (Public Key Infrastructure) key registration process on mobile environment
CN111845624B (en) Method for starting vehicle without key
CN105187442A (en) Vehicle authorization method, device, vehicle-mounted terminal, terminal and system
CN107612949B (en) Wireless intelligent terminal access authentication method and system based on radio frequency fingerprint
CN115396121A (en) Security authentication method for security chip OTA data packet and security chip device
CN111508110A (en) Method and device for realizing remote locking of vehicle
TW200522644A (en) Recognizing device, being recognized device and method of renewing key
WO2009059471A1 (en) A method and a system for starting up motor vehicles
JP6276023B2 (en) Communication system, communication method, communication adapter, and server
CN117837121A (en) System and method for a secure keyless system
WO2021174264A1 (en) Method for remotely activating a remote lock system using cryptography and the remote lock system for implementing the method
RU2686610C1 (en) Automotive anti-hogging device (versions)
WO2024090461A1 (en) Key system, electronic lock device, electronic key device, and information communication system
CN115700857B (en) Vehicle key sharing method of security chip and security chip device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07845868

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07845868

Country of ref document: EP

Kind code of ref document: A1