Interconnection method and electronic device
By using broadcast messages to achieve seamless self-organizing network after the vehicle's infotainment system and the trust ring device are interconnected, and by combining public key infrastructure and password authentication key exchange protocol, the problem of cumbersome interconnection between vehicle electronic devices and the vehicle's infotainment system is solved, and the interconnection efficiency and security are improved.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- HONOR DEVICE CO LTD
- Filing Date
- 2023-12-29
- Publication Date
- 2026-06-09
Smart Images

Figure CN120282115B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of communication technology, and in particular to an interconnection method and electronic device. Background Technology
[0002] With technological advancements, vehicle infotainment systems are becoming increasingly intelligent. To enhance user convenience, electronic devices (such as smartphones) can interconnect with these systems, establishing a connection to transmit business data, such as data from a super desktop application, allowing the infotainment system to display applications from the phone. The initial connection process typically involves the infotainment system displaying a connection code, which triggers the phone to display an input control for the user to enter. Following this, the phone authenticates itself with the infotainment system based on the connection code. After successful authentication, the infotainment system and phone can then connect.
[0003] However, when users want their other devices to connect with the vehicle's infotainment system, the other devices still need to go through the aforementioned connection process with the vehicle's infotainment system, resulting in low connection efficiency, that is, low session connection establishment efficiency. Summary of the Invention
[0004] In view of this, this application provides an interconnection method and electronic device to realize automatic interconnection between vehicle and device, thereby improving interconnection efficiency.
[0005] Firstly, this application provides an interconnection method applied to a first device. When the first device approaches a vehicle-mounted infotainment system (V2XS), it receives a first broadcast message from the V2XS. The first broadcast message includes a first account logged into by a second device already connected to the V2XS, specifically the first account corresponding to a trust ring the V2XS has joined. The first device is logged into the first account, the V2XS is logged into a second account, and the first and second accounts are different; the first device is logged into the first account.
[0006] The first device responds to the first broadcast message and displays a first interconnection success message, which indicates that the first device is interconnected with the vehicle's infotainment system.
[0007] In this application, when the vehicle infotainment system is connected to a second device logged into the first account, it indicates that the vehicle infotainment system has joined the trust ring corresponding to the first account. After the first device in the trust ring receives the first broadcast message sent by the vehicle infotainment system, it can automatically connect with the vehicle infotainment system without the user having to perform any operation on the first device (such as not having to enter a connection code), thus realizing a seamless self-organizing network, simplifying the interconnection process between the vehicle infotainment system and the first device, thereby improving interconnection efficiency and enhancing the user experience.
[0008] In one possible design, the process by which the first device displays a first interconnection success message in response to the first broadcast message may include:
[0009] First, the first device can respond to the first broadcast message and authenticate its identity with the vehicle-mounted system based on the vehicle-mounted system registration information. Specifically, the vehicle-mounted system registration information is sent by the device cloud to devices in the trust ring corresponding to the first account after the vehicle-mounted system has successfully registered with the device cloud; the devices in the trust ring corresponding to the first account include the first device.
[0010] Subsequently, upon successful identity authentication, the first device displays a message indicating successful first interconnection.
[0011] In this application, the first device can authenticate its identity with the vehicle's infotainment system based on the vehicle registration information synchronized with the device cloud, allowing the vehicle's system to verify whether the first device is trustworthy. Successful authentication indicates that the first device is trustworthy, enabling automatic interconnection between the vehicle and the first device, thus ensuring the security of the interconnection.
[0012] Optionally, the aforementioned vehicle registration information includes the vehicle's public key and authorization code. The vehicle registration information can be obtained by the vehicle registering with the device cloud via a second device.
[0013] In one possible design approach, the process of authenticating the vehicle's identity based on the vehicle registration information may include: First, the first device may encrypt the vehicle's authorization code based on the vehicle's public key to obtain the first encrypted data;
[0014] Subsequently, the first device can send a first device identity authentication request carrying the first encrypted data to the vehicle system, so that the vehicle system can verify whether the identity of the first device is trustworthy by verifying the first encrypted data, and then send a corresponding response message (such as a first authentication success response message or a first authentication failure response message) to achieve identity authentication and determine whether the first device is trustworthy.
[0015] In one possible design approach, the authentication process based on the aforementioned first encrypted data may include:
[0016] First, the first device encrypts the first random number, the first device's public key, and the authorization code based on the vehicle's public key to obtain the first encrypted data. The first random number can be randomly generated by the first device.
[0017] Then, the first device can send the first encrypted data to the vehicle system to trigger the vehicle system to decrypt the first encrypted data using the vehicle system's private key, and obtain the first random number, the first device's public key and authorization code, so that the vehicle system can obtain the first device's public key.
[0018] Then, the first device receives the second encrypted data sent by the vehicle's infotainment system. The second encrypted data is obtained by the vehicle's infotainment system encrypting a second random number with the first device's public key after confirming that the authorization code is correct. The second random number is randomly generated by the vehicle's infotainment system.
[0019] Then, the first device decrypts the second encrypted data based on its private key to obtain the second random number.
[0020] Then, the first device encrypts the first random number and the second random number on the first device to obtain the first session key; the first session key is used to encrypt the data sent by the first device to the vehicle system;
[0021] Then, the first device sends a first session key to the vehicle system, so that the vehicle system can send a first authentication success response message or a first authentication failure response message by judging whether the first session key and the second session key are the same; the second session key is obtained by the vehicle system encrypting the first random number and the second random number on the vehicle system, and the encryption algorithm used to obtain the first session key and the second session key is the same.
[0022] Based on this, if the public key and authorization code of the vehicle's infotainment system on the first device are not registered with the device cloud by the vehicle's infotainment system, then the vehicle's private key cannot decrypt the first encrypted data, and the authorization code is not registered by the vehicle's infotainment system. Therefore, the vehicle's infotainment system can determine that the first device is untrusted. Furthermore, if the first random number on the vehicle's infotainment system is not sent by the first device, then the first session key and the second session key are different, resulting in authentication failure. Therefore, dual-sender authentication can be achieved.
[0023] In one possible design, since the first session key has an expiration date, after the first device successfully connects to the vehicle's infotainment system, and after a first preset time has elapsed, the first device performs secondary authentication with the vehicle's infotainment system based on the first session key to update the first session key. The second session key is also updated to ensure the security of the connection between the vehicle's infotainment system and the first device.
[0024] In one possible design, the first broadcast message may further include a first identification code. Upon receiving the first broadcast message, the first device can determine whether the first identification code belongs to a first preset identification code. If the first identification code belongs to the first preset identification code, the first device can process the first broadcast message normally, connect to the vehicle's infotainment system, and display a successful first connection message. If the first identification code does not belong to the first preset identification code, the first device can choose not to process the first broadcast message, thus avoiding unnecessary processing of the first broadcast message.
[0025] Secondly, this application provides an interconnection method applied to a second device, which authenticates its identity with the vehicle's infotainment system. The second device logs into a first account. Upon successful authentication, the second device receives the vehicle's registration information from the vehicle's infotainment system. Subsequently, the second device sends the vehicle's registration information to the device cloud and displays a successful interconnection message, indicating that the second device and the vehicle's infotainment system have successfully interconnected.
[0026] Among them, the vehicle registration information is used by the second device to synchronize the vehicle registration information to the devices in the trust ring corresponding to the first account through the device cloud, so that the devices in the trust ring can connect with the vehicle when they are close to the vehicle.
[0027] In this application, during the interconnection between the second device and the vehicle-mounted system, the second device and the vehicle-mounted system perform identity authentication. After successful identity authentication, the second device registers the vehicle-mounted system registration information sent by the vehicle-mounted system to the device cloud, thereby enabling the device cloud to synchronize the vehicle-mounted system registration information to the devices in the trust ring corresponding to the first account. This allows the devices in the trust ring to automatically interconnect with the vehicle-mounted system using the vehicle-mounted system registration information, simplifying the interconnection process between the vehicle-mounted system and the devices in the trust ring.
[0028] In one possible design, the second device can authenticate with the vehicle's infotainment system based on a connection code. The specific process may include: the second device receiving a second broadcast message from the vehicle's infotainment system; wherein the second broadcast message includes infotainment system information; the second device logging into a first account, and the vehicle's infotainment system logging into a second account, which is different from the first account;
[0029] The second device responds to the second broadcast message and displays a first interface, which includes input controls;
[0030] The second device receives the first connection code entered in the input control;
[0031] The second device authenticates its identity with the vehicle's infotainment system based on the first connection code.
[0032] In one possible design approach, the process of the second device sending vehicle registration information to the device cloud and displaying a successful second interconnection message may include:
[0033] The second device sends a device registration request to the device cloud; the device registration request includes vehicle system registration information; the vehicle system registration information includes the vehicle system's public key and authorization code; the second device receives a registration success response message from the device cloud. Subsequently, the second device responds to the registration success response message by displaying a second interconnection success message. Based on this, proxy registration of the vehicle system is achieved, and after successful vehicle system registration, the second device interconnects with the vehicle system.
[0034] In one possible design, the device registration request includes vehicle registration information and a first digital signature corresponding to the vehicle registration information; the aforementioned registration success response message is sent after successful verification of the first digital signature. Based on this, signature verification ensures registration security and also guarantees interconnectivity security.
[0035] In one possible design, the process of the second device authenticating with the vehicle-mounted system based on the first connection code may include: the second device encrypting the first connection code based on the first algorithm to obtain a third session key; the second device sending the third session key to the vehicle-mounted system; wherein, the vehicle-mounted system registration information is sent by the vehicle-mounted system when the third session key and the fourth session key are the same; the fourth session key is obtained by the vehicle-mounted system encrypting the second connection code displayed on the vehicle-mounted system based on the first algorithm.
[0036] In one possible design, the second device sends a third session key to the vehicle's infotainment system, including:
[0037] The second device sends a second device authentication request to the vehicle's infotainment system; wherein the second device authentication request includes a third session key. Correspondingly, the second device receives vehicle registration information from the vehicle's infotainment system, including: the second device receiving a second authentication success response message from the vehicle's infotainment system; in response to the second authentication success response message, the second device and the vehicle's infotainment system perform digital certificate verification; after successful verification, the second device receives the vehicle registration information from the vehicle's infotainment system. Based on this, the security of the interconnection is ensured, and the security of the registration is guaranteed.
[0038] In one possible design, the second broadcast message includes a second identification code. Upon receiving the second broadcast message, the second device can determine whether the second identification code belongs to a second preset identification code. If the second identification code belongs to the second preset identification code, the second device can process the second broadcast message normally and perform identity authentication with the vehicle system. If the second identification code does not belong to the second preset identification code, the second device can choose not to process the second broadcast message, avoiding unnecessary processing of second broadcast messages.
[0039] Thirdly, this application provides an interconnection method applied to an in-vehicle infotainment system, wherein the in-vehicle infotainment system sends a first broadcast message; wherein the first broadcast message includes a first account logged in by a second device that is already connected to the in-vehicle infotainment system, and the in-vehicle infotainment system logs in to a second account, the second account being different from the first account;
[0040] When the first device, logged into the first account, is near the vehicle's infotainment system, the system displays a "Third-Party Connectivity Successful" message, indicating that the system and the first device have successfully connected. Specifically, when the first device is near the system, it can receive a first broadcast message, which it can then use to connect with the system.
[0041] In this application, when the vehicle's infotainment system connects to a second device logged into a first account, the vehicle's infotainment system can send a first broadcast message, which includes the first account. When the first device logged into the first account approaches the vehicle's infotainment system, it can detect the first broadcast message and connect to the system without requiring any user intervention or display of a connection code. This achieves seamless self-organizing networking, simplifies the connection process between the vehicle's infotainment system and the first device, thereby improving connection efficiency and enhancing the user experience.
[0042] In one possible design approach, before interconnecting with the first device, the vehicle's infotainment system can first interconnect with a second device within the trust ring where the first device resides. The specific interconnection process may include:
[0043] The vehicle's infotainment system can authenticate with a second device.
[0044] If the identity authentication is successful, the vehicle system can send an agent registration request to the second device and display a fourth interconnection success message, which indicates that the vehicle system and the second device have successfully interconnected.
[0045] The aforementioned proxy registration request includes vehicle system registration information. The proxy registration request is used to register with the device cloud through the second device, so that the vehicle system registration information can be synchronized to the device in the trust ring corresponding to the first account through the device cloud.
[0046] In this application, during the interconnection between the vehicle-mounted system and the second device, the vehicle-mounted system and the second device perform identity authentication. After successful identity authentication, the vehicle-mounted system can send a proxy registration request to the second device to register the vehicle-mounted system's registration information to the device cloud through the second device. This allows the device cloud to synchronize the vehicle-mounted system's registration information to the devices in the trust ring corresponding to the first account, thereby enabling the devices in the trust ring to automatically interconnect with the vehicle-mounted system using the vehicle-mounted system's registration information, simplifying the interconnection process between the vehicle-mounted system and the devices in the trust ring.
[0047] Optionally, the vehicle registration information may include the vehicle's public key and authorization code, wherein the authorization code is randomly generated by the vehicle.
[0048] Fourthly, this application provides an electronic device that can serve as a first device and / or a second device, comprising a display screen, a memory, and one or more processors; the display screen, the memory, and the processors are coupled; the display screen is used to display an image generated by the processor, the memory is used to store computer program code, the computer program code including computer instructions; when the processor executes the computer instructions, the electronic device performs the interconnection method as described in the first aspect, the second aspect, and any possible design of the above.
[0049] Fifthly, this application provides a vehicle infotainment system including a display screen, a memory, and one or more processors; the display screen, the memory, and the processors are coupled; the display screen is used to display images generated by the processor, the memory is used to store computer program code, the computer program code including computer instructions; when the processor executes the computer instructions, the vehicle infotainment system performs the interconnection method as described in the third aspect above and any possible design of it.
[0050] In a sixth aspect, this application provides a computer-readable storage medium including computer instructions that, when executed on an electronic device, cause the electronic device to perform the interconnection method described in the first aspect, the second aspect, and any possible design of the above.
[0051] In a seventh aspect, this application provides a computer-readable storage medium including computer instructions that, when executed on a vehicle-mounted system, cause the vehicle-mounted system to perform the interconnection method described in the third aspect above and any possible design thereof.
[0052] Eighthly, this application provides a computer program product that, when run on an electronic device, causes the electronic device to execute the application launch method described in the first aspect, the second aspect, and any possible design of the above.
[0053] Ninthly, this application provides a computer program product that, when running on a vehicle infotainment system, causes the electronic device to execute the application launch method described in the third aspect above and any possible design of the above.
[0054] It should be understood that the beneficial effects that the electronic devices described in the fourth aspect, the vehicle-mounted systems described in the fifth aspect, the computer storage media described in the sixth and seventh aspects, and the computer program products described in the eighth and ninth aspects can achieve can be referred to the beneficial effects in the first aspect, the second aspect, the third aspect, and any possible design method thereof, and will not be repeated here. Attached Figure Description
[0055] Figure 1 This application provides a schematic diagram of a vehicle-machine interconnection system. Figure 1 ;
[0056] Figure 2 This is a schematic diagram of the structure of an electronic device provided in an embodiment of this application;
[0057] Figure 3 A software structure block diagram of an electronic device provided in an embodiment of this application;
[0058] Figure 4A flowchart illustrating an interconnection method provided in this application embodiment. Figure 1 ;
[0059] Figure 5 A flowchart illustrating an interconnection method provided in this application embodiment. Figure 2 ;
[0060] Figure 6A This application provides a schematic diagram of a vehicle-machine interconnection system. Figure 2 ;
[0061] Figure 6B This application provides a schematic diagram of a vehicle-machine interconnection system. Figure 3 ;
[0062] Figure 7A This application provides a schematic diagram of a vehicle-machine interconnection system. Figure 4 ;
[0063] Figure 7B This application provides a schematic diagram of a vehicle-machine interconnection system. Figure 5 ;
[0064] Figure 7C Sixth schematic diagram of a vehicle-machine interconnection provided as an embodiment of this application;
[0065] Figure 7D Schematic diagram seven of a vehicle-machine interconnection provided in an embodiment of this application;
[0066] Figure 7E Eighth schematic diagram of a vehicle-machine interconnection provided as an embodiment of this application;
[0067] Figure 8A This application provides a schematic diagram of a vehicle-machine interconnection system. Figure 9 ;
[0068] Figure 8B This application provides a schematic diagram of a vehicle-machine interconnection system. Figure 10 ;
[0069] Figure 8C This application provides a schematic diagram of a vehicle-machine interconnection system. Figure 10 one;
[0070] Figure 9 A flowchart illustrating an interconnection method provided in this application embodiment. Figure 3 ;
[0071] Figure 10 A flowchart illustrating an interconnection method provided in this application embodiment. Figure 4 ;
[0072] Figure 11A flowchart illustrating an interconnection method provided in this application embodiment. Figure 5 ;
[0073] Figure 12 Sixth, a flowchart illustrating an interconnection method provided in an embodiment of this application. Detailed Implementation
[0074] Hereinafter, the terms "first" and "second" are used for descriptive purposes only and should not be construed as indicating or implying relative importance or implicitly specifying the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of this embodiment, unless otherwise stated, "a plurality of" means two or more.
[0075] To more clearly describe the solution of this application, some knowledge related to the embodiments of this application will be introduced below.
[0076] Trust ring: The same user account can log in on different electronic devices. When two or more electronic devices under the same user account trust each other, they form a trust ring. For an electronic device in the trust ring (such as electronic device 1), the other electronic devices in the trust ring (such as electronic device 2) can all be understood as trusted devices of electronic device 1.
[0077] Public key infrastructure (PKI) is a security architecture based on public key cryptography used to ensure the validity of public keys and the authentication of entity identities.
[0078] Password-authenticated key exchange (PAKE) is a security protocol used for authentication operations such as identity verification between two entities. The PAKE protocol allows two entities to establish a shared key using a connection code (PIN) for secure authentication and data transmission in subsequent communications. In this embodiment, the shared key can also be referred to as a session key.
[0079] In some embodiments, in a scenario where an electronic device (such as a mobile phone) and a vehicle-to-vehicle (V2V) system are interconnected, the initial connection process between the mobile phone and the V2V system may include: first, the V2V system displays a connection code (i.e., a PIN code). Then, the V2V system triggers the mobile phone to display a relevant interface, which includes input controls for the user to enter the connection code. Next, the mobile phone authenticates itself with the V2V system based on the user-entered connection code. When the user-entered connection code matches the connection code displayed on the V2V system, the mobile phone and the V2V system establish a connection, i.e., interconnection occurs. However, users may typically own multiple electronic devices. When other devices with the same account as the mobile phone connect to the V2V system, the V2V system needs to unbind the mobile phone and then follow the above connection establishment process to establish a connection with other devices. This makes the process of interconnecting different devices with the V2V system cumbersome and inefficient.
[0080] Therefore, to address the aforementioned problems, this application proposes an interconnection method. After an electronic device under a user account establishes a session connection with the vehicle's infotainment system, the system can bind to that user account. When other devices in the trust ring corresponding to that user account approach the vehicle's infotainment system, they can automatically interconnect without needing to connect via a connection code, simplifying the interconnection process between other devices and the system, thereby improving the efficiency of interconnecting multiple devices with the system. For example, such as... Figure 1 As shown, the user account is Xiao Zhang, and the devices in Xiao Zhang's trust ring include mobile phone 1, personal computer (PC) 1, and tablet computer 1. After mobile phone 1 establishes a session connection with the vehicle's infotainment system, the system is bound to Xiao Zhang's account. When PC 1 is near the system, it can automatically establish a session connection. Similarly, when tablet computer 1 is near the system, it can automatically establish a session connection, thus simplifying the process of establishing session connections between PC 1 and tablet computer 1 and the system, and improving the efficiency of interconnection between the system and multiple devices.
[0081] In addition, the vehicle's infotainment system can be linked to multiple user accounts, enabling it to interconnect with devices within the trust ring corresponding to each user account. (As mentioned above...) Figure 1 As shown, the vehicle-mounted system can establish session connections not only with devices in the trust ring corresponding to Xiao Zhang, but also with devices in the trust ring corresponding to Xiao Li (such as mobile phone 2, PC 2, and tablet 2). It is understandable that although the vehicle-mounted system can interconnect with devices in the trust rings corresponding to different user accounts, at any given time, it can only establish a session connection with devices in the trust ring corresponding to a specific user account to conduct service transmissions.
[0082] For example, the electronic device in this application embodiment may be a mobile phone, tablet computer, wearable device (such as a smartwatch), personal digital assistant (PDA), personal computer, Internet of Things device, or other device capable of communicating with external devices. This application embodiment does not impose any special restrictions on the specific form of the electronic device.
[0083] Figure 2 A schematic diagram of the structure of the electronic device 100 is shown.
[0084] Electronic device 100 may include processor 110, external memory interface 120, internal memory 121, universal serial bus (USB) interface 130, charging management module 140, power management module 141, battery 142, antenna 1, antenna 2, mobile communication module 150, wireless communication module 160, audio module 170, speaker 170A, receiver 170B, microphone 170C, headphone jack 170D, sensor module 180, button 190, motor 191, indicator 192, camera 193, display screen 194, and subscriber identification module (SIM) card interface 195, etc.
[0085] It is understood that the structures illustrated in the embodiments of the present invention do not constitute a specific limitation on the electronic device 100. In other embodiments of this application, the electronic device 100 may include more or fewer components than illustrated, or combine some components, or split some components, or have different component arrangements. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
[0086] Processor 110 may include one or more processing units, such as an application processor (AP), a modem processor, a graphics processing unit (GPU), an image signal processor (ISP), a controller, memory, a video codec, a digital signal processor (DSP), a baseband processor, and / or a neural network processing unit (NPU). These different processing units may be independent devices or integrated into one or more processors.
[0087] The controller can be the nerve center and command center of the electronic device 100. The controller can generate operation control signals according to the instruction opcode and timing signals to complete the control of fetching and executing instructions.
[0088] The processor 110 may also include a memory for storing instructions and data. In some embodiments, the memory in the processor 110 is a cache memory. This memory can store instructions or data that the processor 110 has just used or that are used repeatedly. If the processor 110 needs to use the instruction or data again, it can retrieve it directly from the memory. This avoids repeated accesses, reduces the waiting time of the processor 110, and thus improves the efficiency of the system.
[0089] In some embodiments, the processor 110 may include one or more interfaces. Interfaces may include an inter-integrated circuit (I2C) interface, an inter-integrated circuit sound (I2S) interface, a pulse code modulation (PCM) interface, a universal asynchronous receiver / transmitter (UART) interface, a mobile industry processor interface (MIPI), a general-purpose input / output (GPIO) interface, a subscriber identity module (SIM) interface, and / or a universal serial bus (USB) interface, etc.
[0090] It is understood that the interface connection relationships between the modules illustrated in the embodiments of the present invention are merely illustrative and do not constitute a structural limitation on the electronic device 100. In other embodiments of this application, the electronic device 100 may also employ different interface connection methods or combinations of multiple interface connection methods as described in the above embodiments.
[0091] The charging management module 140 receives charging input from the charger. The power management module 141 receives input from the battery 142 and / or the charging management module 140 to power the devices in the electronic device 100.
[0092] The wireless communication function of electronic device 100 can be realized through antenna 1, antenna 2, mobile communication module 150, wireless communication module 160, modem processor and baseband processor, etc.
[0093] Antenna 1 and antenna 2 are used to transmit and receive electromagnetic wave signals. Each antenna in electronic device 100 can be used to cover one or more communication frequency bands. Different antennas can also be multiplexed to improve antenna utilization. For example, antenna 1 can be multiplexed as a diversity antenna for a wireless local area network. In some other embodiments, the antennas can be used in conjunction with tuning switches.
[0094] The mobile communication module 150 can provide solutions for wireless communication, including 2G / 3G / 4G / 5G, applied to the electronic device 100. The mobile communication module 150 may include at least one filter, switch, power amplifier, low noise amplifier (LNA), etc. The mobile communication module 150 can receive electromagnetic waves via antenna 1, and perform filtering, amplification, and other processing on the received electromagnetic waves before transmitting them to a modem processor for demodulation. The mobile communication module 150 can also amplify the signal modulated by the modem processor and convert it into electromagnetic waves for radiation via antenna 1. In some embodiments, at least some functional modules of the mobile communication module 150 may be housed in the processor 110. In some embodiments, at least some functional modules of the mobile communication module 150 and at least some modules of the processor 110 may be housed in the same device.
[0095] The modem processor may include a modulator and a demodulator. In some embodiments, the modem processor may be a separate device. In other embodiments, the modem processor may be independent of the processor 110 and may be housed in the same device as the mobile communication module 150 or other functional modules.
[0096] The wireless communication module 160 can provide solutions for wireless communication applications on the electronic device 100, including wireless local area networks (WLAN) (such as Wi-Fi), Bluetooth, Global Navigation Satellite System (GNSS), frequency modulation (FM), near field communication (NFC), and infrared (IR). The wireless communication module 160 can be one or more devices integrating at least one communication processing module. The wireless communication module 160 receives electromagnetic waves via antenna 2, performs frequency modulation and filtering of the electromagnetic wave signal, and sends the processed signal to processor 110. The wireless communication module 160 can also receive signals to be transmitted from processor 110, perform frequency modulation and amplification, and convert them into electromagnetic waves for radiation via antenna 2.
[0097] In some embodiments, antenna 1 of electronic device 100 is coupled to mobile communication module 150, and antenna 2 is coupled to wireless communication module 160, enabling electronic device 100 to communicate with networks and other devices via wireless communication technology. The wireless communication technology may include Global System for Mobile Communications (GSM), General Packet Radio Service (GPRS), Code Division Multiple Access (CDMA), Wideband Code Division Multiple Access (WCDMA), Time Division Code Division Multiple Access (TD-SCDMA), Long Term Evolution (LTE), BT, GNSS, WLAN, NFC, FM, and / or IR technologies, etc. The GNSS may include the Global Positioning System (GPS), the Global Navigation Satellite System (GLONASS), the BeiDou Navigation Satellite System (BDS), the Quasi-Zenith Satellite System (QZSS), and / or satellite-based augmentation systems (SBAS).
[0098] Electronic device 100 implements display functions through a GPU, a display screen 194, and an application processor. The GPU is a microprocessor for image processing, connected to the display screen 194 and the application processor. The GPU is used to perform mathematical and geometric calculations and for graphics rendering. Processor 110 may include one or more GPUs, which execute program instructions to generate or modify display information.
[0099] The display screen 194 is used to display images, videos, etc. In some embodiments, the electronic device 100 may include one or N display screens 194, where N is a positive integer greater than 1.
[0100] Electronic device 100 can perform shooting functions through ISP, camera 193, video codec, GPU, display 194 and application processor.
[0101] The ISP is used to process the data fed back by the camera 193.
[0102] Camera 193 is used to capture still images or videos. In some embodiments, electronic device 100 may include one or N cameras 193, where N is a positive integer greater than 1.
[0103] The external storage interface 120 can be used to connect an external storage card, such as a Micro SD card, to expand the storage capacity of the electronic device 100.
[0104] Internal memory 121 can be used to store computer executable program code, which includes instructions. Processor 110 executes various functional applications and data processing of electronic device 100 by running the instructions stored in internal memory 121. Internal memory 121 may include a program storage area and a data storage area. The program storage area may store the operating system, at least one application program required for a function (such as sound playback, image playback, etc.), etc. The data storage area may store data created during the use of electronic device 100 (such as audio data, phonebook, etc.). Furthermore, internal memory 121 may include high-speed random access memory and may also include non-volatile memory, such as at least one disk storage device, flash memory device, universal flash storage (UFS), etc.
[0105] Electronic device 100 can implement audio functions, such as music playback and recording, through audio module 170, speaker 170A, receiver 170B, microphone 170C, headphone jack 170D, and application processor.
[0106] The sensor module 180 may include pressure sensors, gyroscope sensors, barometric pressure sensors, magnetic sensors, accelerometers, distance sensors, proximity sensors, fingerprint sensors, temperature sensors, touch sensors, ambient light sensors, bone conduction sensors, etc.
[0107] Buttons 190 include a power button, volume buttons, etc. Motor 191 can generate vibration feedback. Indicator 192 can be an indicator light.
[0108] The SIM card interface 195 is used to connect a SIM card. The SIM card can be inserted into or removed from the SIM card interface 195 to achieve contact and separation with the electronic device 100. The electronic device 100 can support one or N SIM card interfaces, where N is a positive integer greater than 1.
[0109] The software systems of electronic device 100 and vehicle infotainment system can adopt a layered architecture, event-driven architecture, microkernel architecture, microservice architecture, or cloud architecture. This embodiment of the invention uses a layered Android system as an example to exemplify the software structure of electronic device 100 and vehicle infotainment system.
[0110] Figure 3 This is a software structure block diagram of the electronic device and vehicle system provided in the embodiments of this application. For example... Figure 3 As shown, electronic devices may include applications, Magic Link interfaces, trust ring basic shared services, converged interconnection platforms, and security basic platforms. Correspondingly, in-vehicle systems may also include applications, Magic Link interfaces, trust ring basic shared services, converged interconnection platforms, and security basic platforms.
[0111] Applications in electronic devices can include smart mobility and control center applications. Applications in in-vehicle systems can include smartphone connectivity applications.
[0112] The aforementioned Magic Link interface can also be a Magic Link toolkit.
[0113] Trust ring basic sharing services in electronic devices include screen collaboration services, keyboard and mouse services, and network sharing services. These services enable electronic devices to perform screen collaboration, keyboard and mouse interaction, and network sharing with other devices within the trust ring (such as in-vehicle systems). Screen collaboration services can include super desktop services.
[0114] The converged interconnection platform can provide services such as access networking, device management, and data transmission.
[0115] Among them, the access networking service is used to enable interconnection between devices without Honor accounts and devices with Honor accounts.
[0116] The Device Management Service is used to register non-Honor account devices with the Device Cloud, so that non-Honor account devices (such as in-vehicle systems) can be added to the Trust Ring.
[0117] The data transmission service is used to transfer business data between devices with and without an Honor account. Devices with an Honor account can save the business data to a specific directory on the non-Honor account device, thus enabling data transfer with different packet names.
[0118] The security infrastructure platform is used for identity authentication between devices.
[0119] In some embodiments, the aforementioned electronic devices can communicate with the vehicle's infotainment system to achieve interconnection.
[0120] The aforementioned applications can belong to the application layer. The Magic Link interface, Trust Ring basic sharing service, converged interconnection platform, and security basic platform can belong to the application framework layer.
[0121] Understandable, Figure 4 The structures shown are not intended to limit the specific functionality of electronic devices or vehicle systems. In other embodiments of this application, the structure may include more or fewer services or modules than those shown, and this application does not impose any limitations.
[0122] This application provides an interconnection method. For example... Figure 4 As shown, the interconnection method process may include steps 1-13. In step 1, when electronic device A approaches the vehicle's infotainment system, the system responds to user input operation 1 and displays connection code 1. Operation 1 triggers the vehicle's infotainment system to begin interconnection with the electronic device and displays the connection code.
[0123] In response to operation 1 above, the vehicle system can perform step 2, whereby the vehicle system sends Bluetooth broadcast message 1, which includes vehicle system information.
[0124] Afterwards, electronic device A detects Bluetooth broadcast message 1 and can proceed to step 3, displaying the input control, which is used to input the connection code.
[0125] After receiving the connection code input by the user, electronic device A can then perform step 4: authenticating its identity with the vehicle system based on the connection code input by the user.
[0126] After successful identity authentication, it indicates that the connection code entered by the user matches the connection code displayed on the vehicle's infotainment system. The identities of the vehicle's infotainment system and electronic device A are trusted, and the vehicle's infotainment system can proceed to step 5: sending a proxy registration request to electronic device A to register with the device cloud through electronic device A. This proxy registration request includes the vehicle's registration information, which may include the vehicle's public key and authorization code (authcode).
[0127] After receiving the proxy registration request, electronic device A can act as an agent for the vehicle's infotainment system and register the system with the device cloud. In other words, electronic device A can perform step 6: send the vehicle registration information to the device cloud.
[0128] After receiving the vehicle-mounted system registration information, the device cloud can execute step 7, recording the vehicle-mounted system registration information in the trust ring list corresponding to the Honor account A logged into by electronic device A. Furthermore, the device cloud can send a registration success response message to electronic device A to notify it that the vehicle-mounted system registration was successful. Optionally, the device cloud can send registration success response messages to each device (including electronic device A) in the trust ring corresponding to Honor account A, so that each device in the trust ring is aware that a new device has successfully registered.
[0129] After receiving the registration success response message, electronic device A can execute step 8: in response to the registration success response message, send a registration success message to the vehicle system, which includes the Honor account A.
[0130] After receiving the registration success message, the vehicle system can then execute step 9, responding to the registration success message by establishing a session connection with electronic device A, thereby enabling the interconnection between the vehicle system and electronic device A.
[0131] Additionally, after recording the vehicle system registration information into the trust ring list corresponding to the Honor account A logged into electronic device A, the device cloud can execute step 10 to synchronize the vehicle system registration information to other devices in the trust ring corresponding to Honor account A, i.e., devices with the same account. Optionally, the device cloud can also synchronize it to electronic device A.
[0132] Subsequently, when other devices approach, they can perform step 11 and receive the vehicle's self-organizing network broadcast, which carries the Honor account A.
[0133] Afterwards, other devices can perform step 12, based on the vehicle's registration information, to conduct the initial self-organizing network authentication with the vehicle's system. Once the initial authentication is successful, other devices can automatically interconnect with the vehicle's system, improving the efficiency of establishing session connections between multiple devices and the vehicle's system.
[0134] Subsequently, in order to maintain the validity of the authentication, after a period of time, other devices can perform step 13 to perform secondary network authentication with the vehicle unit to ensure the security of the session connection, thereby ensuring the security of business transmission between the vehicle unit and other devices.
[0135] The following will use the aforementioned electronic device A, including mobile phones, and other devices, including tablet computers, as examples to describe the above in detail. Figure 4 The process of electronic device A in the trust ring corresponding to Honor account A establishing a session connection with the vehicle's infotainment system for the first time, and the process of other devices in the trust ring automatically establishing session connections with the vehicle's infotainment system. The process of electronic device A in the trust ring corresponding to Honor account A establishing a session connection with the vehicle's infotainment system for the first time is described through... Figure 5 The relevant content will be introduced below. Other devices in the trust ring will automatically establish session connections with the vehicle's infotainment system. Figure 9 The relevant content will be introduced accordingly.
[0136] For example, such as Figure 5 As shown, the interconnection method may include steps S301-S334.
[0137] S301, Vehicle infotainment display interface 1, which includes connection controls.
[0138] S302. In response to a click on the connection control, the vehicle system sends a Bluetooth broadcast message 1, which includes vehicle model information and identification code 1.
[0139] Among them, Bluetooth broadcast message 1 is used to trigger the establishment of a Bluetooth connection between the mobile phone and the vehicle system, and to connect the vehicle system and the mobile phone through the Bluetooth connection.
[0140] S303, vehicle display interface 2, which includes connection code 1.
[0141] For example, the vehicle's infotainment system receives a user's click on an in-vehicle application (such as a smartphone connectivity application). In response to this click, the smartphone connectivity application is launched, displaying, for instance... Figure 6A Interface 1, as shown, includes a connection control. The vehicle's infotainment system then receives a click from the user on the connection control. In response to this click, the infotainment system displays... Figure 6B Interface 2 is shown. Interface 2 includes "1111", which is the aforementioned connection code 1 (or second connection code). It should be understood that the process of displaying connection code 1 described here is only an example, and this application does not limit the display process of connection code 1. In other words, this application does not limit the triggering operation of the vehicle system displaying connection code 1.
[0142] In some embodiments, the vehicle model information mentioned above indicates the vehicle model of the vehicle in which the in-vehicle infotainment system is located. This vehicle model information is only one example of in-vehicle infotainment system information, and it can also be other types of information, as long as it can represent the in-vehicle infotainment system. This application does not limit it.
[0143] In this embodiment, when a user wants to connect the vehicle's infotainment system with a mobile phone (or a second device), the user can bring the mobile phone close to the vehicle's infotainment system. Upon initial connection, the vehicle's infotainment system responds to the user's input trigger operation (or first operation) and displays connection code 1. This allows the vehicle's infotainment system and the mobile phone to complete authentication and connection, thus achieving interconnection. The mobile phone can be logged into a Honor account (e.g., Honor account A), while the vehicle's infotainment system can be logged into a third-party account, i.e., not a Honor account.
[0144] The above S301-S303 are the above Figure 4One possible implementation of steps 1 and 2 in the above. The following will continue to introduce the above in conjunction with S304-S307. Figure 4 One possible implementation of step 3 in the process.
[0145] S304, The mobile phone receives the above Bluetooth broadcast message 1.
[0146] S305. The mobile phone determines whether the identification code 1 in the Bluetooth broadcast message 1 belongs to the preset identification code 1.
[0147] In this embodiment of the application, if the above-mentioned identification code 1 does not belong to the preset identification code 1, it indicates that the Bluetooth broadcast message 1 (or alternatively described as the second broadcast message) is not a broadcast message that the mobile phone needs to process, and the mobile phone can execute S306.
[0148] If the above identification code 1 is a preset identification code 1, it indicates that the Bluetooth broadcast message 1 is a broadcast message that the mobile phone needs to process, and the mobile phone can execute S307.
[0149] In some embodiments, the mobile phone can set a preset identification code 1 (i.e., set a filter), and the number of preset identification codes 1 (or second preset identification codes) is one or more. Then, the mobile phone can use the preset identification code 1 to filter received Bluetooth broadcast messages, avoiding unnecessary processing of broadcast messages, reducing resource waste, and avoiding processing Bluetooth broadcast messages with security risks, thus ensuring mobile phone security.
[0150] S306, The mobile phone filters out the above Bluetooth broadcast message 1.
[0151] For example, when the identification code 1 (or the second identification code) does not belong to the preset identification code 1, the mobile phone does not need to process the Bluetooth broadcast message 1 carrying the identification code 1, and the mobile phone can continue to detect the Bluetooth broadcast message.
[0152] Alternatively, if identification code 1 is not a preset identification code 1, the mobile phone may not establish a Bluetooth connection with the vehicle system, but it may also continue to establish a Bluetooth connection. This application does not restrict this.
[0153] S307. In response to the Bluetooth broadcast message 1, the mobile phone establishes a Bluetooth connection with the vehicle's infotainment system and displays interface 3, which includes input control 1.
[0154] The input control 1 (or input control) is used to input the connection code. Optionally, the input control 1 can be an input box or other control capable of inputting characters.
[0155] Bluetooth connectivity is used for data transfer between the mobile phone and the vehicle's infotainment system, enabling interconnection between the two. Optionally, this Bluetooth connection can be a BR connection.
[0156] Interface 3 described above can be the interface of a smart mobility app on a mobile phone. For example, in response to the Bluetooth broadcast message 1, the mobile phone establishes a Bluetooth connection with the vehicle's infotainment system. The mobile phone displays the connection interface (...). Figure 7A As shown, the connection interface may include a connection prompt message 20, a cancellation control 21, and a confirmation control 22. The connection prompt message 20 indicates whether to connect to the vehicle's infotainment system. The cancellation control 21 triggers the phone to stop connecting to the vehicle's infotainment system (i.e., binding). The confirmation control 22 triggers the phone to continue connecting to the vehicle's infotainment system. Figure 7A The XXX-X shown can be vehicle model information.
[0157] Subsequently, upon receiving a user's click on the confirmation control 21, the phone responds to the click by displaying the following: Figure 7B The interface 3 shown (or the first interface) includes an input box 23. The input box 23 can be the input control 1 mentioned above.
[0158] Additionally, when the user clicks the aforementioned cancel control 21, it indicates that the user does not want the phone to connect to the vehicle's infotainment system. The phone then refuses to connect and sends a connection failure response message to the vehicle's infotainment system, notifying it that the connection has failed. It should be noted that the above... Figures 7A-7B This is merely an example of the process of displaying input controls. This application does not limit the related display interface of this process. For example, a mobile phone may not display the above connection interface, but directly display the above interface 3.
[0159] In some embodiments, the Bluetooth broadcast message 1 may not include the identification code 1. Accordingly, after receiving the Bluetooth broadcast message 1, the mobile phone does not need to determine whether the Bluetooth broadcast message 1 needs to be filtered out, but can directly execute S307 to improve the efficiency of the interconnection between the vehicle and the mobile phone.
[0160] The sections S304-S307 above describe the process by which the mobile phone displays an input control based on the Bluetooth broadcast message 1 sent by the vehicle's infotainment system, allowing the user to enter a connection code. After receiving the user-inputted connection code, the mobile phone can authenticate with the vehicle's infotainment system based on this code. The following section will further describe the authentication process using the user-inputted connection code.
[0161] S308. The mobile phone receives the connection code 2 entered by the user in the above-mentioned input control 1.
[0162] For example, the above Figure 7B The interface 3 shown may also include a cancel control 24 and a confirm control 25. The cancel control 24 is used to trigger the phone to stop connecting with the vehicle's infotainment system. The confirm control 25 is used to trigger the phone to continue connecting with the vehicle's infotainment system. In response to the user's click on the confirm control 25, the phone obtains the user's... Figure 7BThe connection code entered in the input box 23 shown is connection code 2, which is used to authenticate the vehicle system and achieve interconnection.
[0163] Optionally, during the interconnection process, if the phone receives a user's click on the confirmation control 25, it can display something like... Figure 7C The interface shown indicates that the user's mobile phone is being paired with the vehicle's infotainment system.
[0164] S309: The mobile phone uses the PAKE protocol to encrypt connection code 2 and obtain session key 1.
[0165] S310 and the mobile phone send authentication request 1 to the vehicle system via Bluetooth connection. Authentication request 1 includes session key 1.
[0166] S311. The vehicle-mounted system uses the PAKE protocol to encrypt the identification code 1 to obtain the session key 2.
[0167] S312. If session key 1 and session key 2 in authentication request 1 are the same, the vehicle system sends authentication success response message 1 to the mobile phone based on Bluetooth connection.
[0168] In this embodiment, firstly, the mobile phone generates a random number 1 (R1) and sends it to the vehicle's infotainment system. Then, the vehicle's infotainment system receives R1 and generates a random number 2 (R2). Next, the vehicle's infotainment system sends R2 to the mobile phone. Thus, both the mobile phone and the vehicle's infotainment system possess R1 and R2. Then, the mobile phone encrypts R1, R2, and the connection code 2 based on algorithm 1 to obtain a session key 1. Next, the mobile phone sends an authentication request 1 (or a second device authentication request) carrying the session key 1 to the vehicle's infotainment system. The vehicle's infotainment system encrypts R1, R2, and the connection code 1 based on algorithm 1 to obtain the session key 2. Next, the vehicle's infotainment system determines whether the session key 1 and session key 2 received by the vehicle's infotainment system are the same. If the session key 2 is the same as the session key 1, it indicates that the connection code 2 entered by the user on the mobile phone matches the connection code 1 displayed on the vehicle's infotainment system, and the mobile phone is the device that previously exchanged random numbers with the vehicle's infotainment system. Therefore, the vehicle's infotainment system can determine that the mobile phone's identity is legitimate, and the vehicle's infotainment system sends an authentication success response message 1 to the mobile phone.
[0169] Furthermore, if session key 2 (or the fourth session key) is different from session key 1 (or the third session key), it indicates that the connection code 2 entered by the user on the mobile phone is inconsistent with the connection code 1 displayed on the vehicle's infotainment system, or that the random numbers (such as R1 and R2) are different. In this case, the vehicle's infotainment system can determine that the mobile phone's identity may be at risk, and the authentication between the vehicle and the mobile phone fails. The vehicle's infotainment system can send an authentication failure response message 1 to the mobile phone. Subsequently, the mobile phone responds to this authentication failure response message 1 by displaying a connection failure message 1, indicating that the connection with the vehicle's infotainment system has failed. Figure 7DThe connection failure message 26 is shown.
[0170] Optionally, the failure message 1 may also indicate the reason for the connection failure, such as indicating that the user entered an incorrect identification code, so that the user can understand the reason for the connection failure.
[0171] Optionally, if session key 1 and session key 2 are different, the vehicle system can display a connectivity failure message 2, such as displaying... Figure 7E The interconnection failure message 27 shown indicates that the user's vehicle system and mobile phone have failed to connect.
[0172] In some embodiments, the session keys (such as session key 1 and session key 2) are symmetric keys. The method described above for determining the session key via the PAKE protocol is only one possible implementation. The session key can also be determined by encrypting the connection code (such as connection code 1 and connection code 2) using other symmetric encryption algorithms, as long as the encryption algorithms used by both the mobile phone and the vehicle system are the same. For example, the mobile phone uses symmetric encryption algorithm 1 (or the first algorithm) to encrypt connection code 2, obtaining session key 1. The vehicle system uses symmetric encryption algorithm 1 to encrypt connection code 1, obtaining session key 2.
[0173] S313. The mobile phone responds to the authentication success response message 1, and encrypts the mobile phone's HUKS certificate 1 based on the session key 1 to obtain the encrypted HUKS certificate 1.
[0174] Among them, the above-mentioned authentication success response message 1 can also be referred to as the second authentication success response message.
[0175] S314. The mobile phone sends the encrypted HUKS certificate 1 to the vehicle's infotainment system via Bluetooth connection.
[0176] In this embodiment, to verify the security of the mobile phone, after successful connection code verification, the mobile phone can send its HUKS certificate 1 to the vehicle's infotainment system via Bluetooth. The vehicle's infotainment system verifies the validity of HUKS certificate 1, thereby determining whether the mobile phone poses a risk and further verifying the phone's identity. To improve the security of data transmitted over the Bluetooth channel, the mobile phone can encrypt its HUKS certificate 1 using session key 1, obtaining an encrypted HUKS certificate 1. Subsequently, the mobile phone can send the encrypted HUKS certificate 1 to the vehicle's infotainment system via Bluetooth, allowing the system to verify the phone's security and preventing the system from interconnecting with potentially risky devices.
[0177] S315, the vehicle-mounted system decrypts the encrypted HUKS certificate 1 based on session key 2, and obtains HUKS certificate 1.
[0178] S316: Based on the vehicle's PKI certificate, and after confirming that the HUKS certificate 1 is valid, the vehicle connects via Bluetooth and sends a success response message 1 to the mobile phone.
[0179] In this embodiment, after the vehicle-mounted system decrypts and obtains the HUKS certificate 1 from the mobile phone, it verifies the validity of HUKS certificate 1 using the vehicle-mounted system's PKI certificate, thereby verifying the mobile phone's identity. If HUKS certificate 1 is verified to be valid, indicating that the mobile phone's identity is trustworthy, the vehicle-mounted system can send a success response message 1 to the mobile phone, notifying the mobile phone that the verification was successful.
[0180] Additionally, if the HUKS certificate 1 is invalid, it indicates that the mobile phone may be at risk. The vehicle's infotainment system can then send a failure response message 1 to the mobile phone, notifying it that the verification failed. In response to failure response message 1, the mobile phone can display a connectivity failure message (as described above). Figure 7D The interconnection failure message 26 shown is optional. Alternatively, the interconnection failure message may also indicate the reason for the connection failure, such as the reason for the connection failure indicating that the vehicle system cannot connect to the Honor device normally because the certificate is missing.
[0181] The above describes the process by which the vehicle's infotainment system uses the phone's HUKS certificate to verify the phone's identity. The phone can also use the vehicle's HUKS certificate to verify the vehicle's identity, enabling mutual security verification between the two devices. The following section will continue to describe the process by which the phone verifies the identity of the vehicle's infotainment system.
[0182] S317. Based on session key 2, the vehicle system encrypts the vehicle system's HUKS certificate 2 to obtain the encrypted HUKS certificate 2.
[0183] S318, Based on Bluetooth connection, the vehicle system sends an encrypted HUKS certificate 2 to the mobile phone.
[0184] S319: The mobile phone decrypts the encrypted HUKS certificate 2 based on session key 1 to obtain HUKS certificate 2.
[0185] Based on the mobile phone's PKI certificate, and after confirming that the HUKS certificate 2 is valid, the S320 and the mobile phone connect via Bluetooth and send a success response message 2 to the vehicle's infotainment system.
[0186] The process by which the mobile phone verifies the security of the vehicle system using the vehicle system's HUKS certificate 2 is similar to the process by which the vehicle system verifies the security of the mobile phone using the mobile phone's HUKS certificate 1, and will not be described again here.
[0187] In some embodiments, the HUKS certificate 1 and the PKI certificate of the mobile phone can be pre-installed in the mobile phone, such as before the mobile phone leaves the factory. Alternatively, the HUKS certificate 1 and the PKI certificate of the mobile phone can be downloaded by the mobile phone from the server after the relevant server verifies the trustworthiness of the mobile phone. Similarly, the HUKS certificate 2 and the PKI certificate of the vehicle infotainment system can be pre-installed in the vehicle infotainment system, such as before the vehicle infotainment system leaves the factory. Alternatively, the HUKS certificate 2 and the PKI certificate of the vehicle infotainment system can be downloaded by the mobile phone from the server after the relevant server verifies the trustworthiness of the mobile phone.
[0188] It should be noted that the above-mentioned Huks Certificate 1 and Huks Certificate 2 are only examples of digital certificates. The mobile phone can send other types of digital certificates to the vehicle system, and similarly, the vehicle system can send other types of digital certificates to the mobile phone.
[0189] In some embodiments, after successful security authentication between the vehicle-mounted system and the mobile phone, it indicates that both the vehicle-mounted system and the mobile phone are secure, device authentication is complete, and the vehicle-mounted system and the mobile phone can save the pairing relationship, i.e., the other party's device information. For example, the mobile phone can save the vehicle-mounted system's device information, which may include one or more of the vehicle-mounted system identifier, session key 1, and the vehicle-mounted system's public key. The vehicle-mounted system identifier can be the vehicle-mounted system's hardware address (Media Access Control, MAC address), or other types of information, such as the vehicle model. The vehicle-mounted system's public key can be sent by the vehicle-mounted system, or it can be obtained subsequently (e.g., during the vehicle-mounted system agent registration process).
[0190] Optionally, the vehicle identification number and the vehicle's public key can be permanently stored on the mobile phone, such as in a specific database or file. Since session key 1 has an expiration date and needs to be updated periodically, it can be stored in the phone's memory. The update process for the vehicle's public key can be found in the secondary network authentication section described below.
[0191] Similarly, the vehicle's infotainment system can store the phone's device information, which may include one or more of the following: phone identifier, session key 1, and the phone's public key. The phone identifier can be the phone's hardware address. The phone's public key can be sent by the phone itself, such as by encrypting it using session key 1 or a tablet's public key, and then sending the encrypted public key to the vehicle's infotainment system for decryption.
[0192] In some embodiments, when the mobile phone and the vehicle's infotainment system communicate via Bluetooth, session key encryption may not be used. For example, the mobile phone can send its HUKS certificate to the vehicle's infotainment system, and the vehicle's infotainment system can send its HUKS certificate to the mobile phone, without the need for session encryption.
[0193] Furthermore, the aforementioned process of security verification between the vehicle's infotainment system and the mobile phone using the HUKS certificate can also be performed before identity authentication based on the PAKE protocol. After verifying the validity of HUKS certificate 1 and HUKS certificate 2, identity authentication based on the PAKE protocol can continue.
[0194] In some embodiments, the process of the vehicle system verifying the security of the mobile phone using the mobile phone's HUKS certificate 1 is optional, as shown in S313-S316 above. Correspondingly, the mobile phone can verify the security of the vehicle system using only the vehicle system's HUKS certificate 2, as shown in S317-S320 above. Similarly, the process of the mobile phone verifying the security of the vehicle system using the vehicle system's HUKS certificate 2 is optional, as shown in S317-S320 above. Correspondingly, the vehicle system can verify the security of the mobile phone using only the mobile phone's HUKS certificate 1, as shown in S313-S316 above. Furthermore, both the process of the vehicle system verifying the security of the mobile phone using the mobile phone's HUKS certificate 1 and the process of the mobile phone verifying the security of the vehicle system using only the vehicle system's HUKS certificate 2 are optional, and S313-S320 is not executed.
[0195] The above S308-S320 are the above Figure 4 One possible implementation of step 4 in the embodiment. After successful identity authentication, device registration can continue. Since the vehicle-mounted system is not in the trust ring, if the account logged in by the vehicle-mounted system is not a Honor account, the vehicle-mounted system cannot directly register with the device cloud. The vehicle-mounted system can register with the device cloud via a mobile phone to achieve proxy registration. The following will continue to introduce proxy registration (i.e., the above) in conjunction with S321-S334. Figure 4 The implementation process of steps 5-9 in the embodiment.
[0196] S321. In response to the aforementioned successful response message 2, the vehicle-mounted system sends a proxy registration request to the mobile phone via Bluetooth connection. The proxy registration request includes vehicle-mounted system registration information 1 encrypted with session key 2. Vehicle-mounted system registration information 1 includes the vehicle-mounted system's public key 1 and authorization code 1.
[0197] The authorization code 1 (authcode) of the vehicle system is randomly generated by the vehicle system.
[0198] S322: The mobile phone decrypts the encrypted vehicle registration information 1 based on session key 1 to obtain vehicle registration information 1.
[0199] In some embodiments, the vehicle registration information 1 received by the mobile phone may also be unencrypted. Accordingly, the mobile phone does not need to use the session key for decryption, thereby improving the efficiency of vehicle registration.
[0200] S323. The mobile phone signs the vehicle registration information 1 based on the mobile phone's license 1 to obtain digital signature 1.
[0201] S324. The mobile phone sends a device registration request to the device cloud. The device registration request includes digital signature 1 and vehicle registration information 1.
[0202] S325. In response to the device registration request, the device cloud signs the vehicle registration information 1 based on license 2 to obtain digital signature 2.
[0203] S326. The device cloud determines whether digital signature 1 and digital signature 2 are the same.
[0204] In this embodiment, to improve security, after receiving a device registration request from a mobile phone, the device cloud can verify the signature to determine the security of the mobile phone, ensuring the security of the registration and preventing the registration of risky devices. If digital signature 1 (or the first digital signature) and digital signature 2 are the same, it indicates that the mobile phone's license 1 is valid, the mobile phone is trustworthy, and the device cloud can register normally; in this case, the device cloud can execute S327. If digital signature 1 and digital signature 2 are different, it indicates that the mobile phone may be risky, and the device cloud will not register the vehicle system; in this case, the device cloud can execute S332.
[0205] Among them, the license 1 of the aforementioned mobile phone is used for device cloud authentication. It is similar to the PKI certificate of the aforementioned mobile phone. It can be pre-installed in the mobile phone or it can be a related service, such as the mobile phone downloading the license from the relevant server after the device cloud verifies the trustworthiness of the mobile phone.
[0206] S327. The device cloud saves the vehicle registration information 1 and sends a registration success response message to the mobile phone.
[0207] For example, the device cloud can add the vehicle registration information 1 to the trust ring list corresponding to the Honor account A logged in on the mobile phone, so as to add the vehicle to the trust ring corresponding to the Honor account A.
[0208] S328, the mobile phone responds with a registration success message and displays interface 4. Interface 4 is used to indicate that the mobile phone and the vehicle system have successfully connected.
[0209] For example, the interface 4 described above may also include a connection success message (here referred to as a second connection success message), such as... Figure 8A The prompt message 34 is shown.
[0210] Optionally, interface 4 includes both a vehicle infotainment icon and a mobile phone icon. For example... Figure 8A As shown, interface 4 includes a vehicle infotainment icon 30 and a mobile phone icon 31.
[0211] Optionally, the interface 4 described above may also include icons of other devices in the trust ring to which the phone is located, as shown above. Figure 8A As shown, interface 4 also includes a PC icon 32, a tablet icon 33, etc. The tablet and PC represent other devices within the trust ring of the mobile phone.
[0212] In some embodiments, the above-described verification process based on digital signature 1 is optional. The mobile phone can send an agent registration request carrying the vehicle registration information to the device cloud. The device cloud can directly save the vehicle registration information and send a registration success response message to the mobile phone.
[0213] S329. The mobile phone connects via Bluetooth and sends a registration success message to the vehicle's infotainment system. This message includes the Honor account A logged in on the mobile phone.
[0214] The S330 vehicle system responds to the registration success message and displays interface 5, which indicates that the connection to the mobile phone has been successfully completed.
[0215] For example, the interface 5 described above may include a connection success message (here referred to as the fourth connection success message), which indicates that the connection to the mobile phone has been successfully completed.
[0216] Optionally, interface 5 can be a service introduction page (such as...). Figure 8B As shown in the image, this indicates the services the phone is capable of performing. Additionally, after receiving a registration success message, the phone needs to save the Honor account carried in the message to connect with other devices in the trust ring corresponding to the Honor account.
[0217] S331. The vehicle system and the mobile phone establish a session connection.
[0218] The aforementioned session connection represents a business connection used for business data interaction. For example, when a user wants to use a mobile application on the vehicle's infotainment system, the user can input relevant operations on the mobile phone, such as moving the mobile phone icon displayed on the phone to the icon on the vehicle's infotainment system. The mobile phone responds to this movement operation by launching the Super Desktop service and sending the mobile phone's desktop data (such as application data) to the vehicle's infotainment system via session connection 1. The vehicle's infotainment system can then display the mobile phone's applications based on this desktop data.
[0219] Optionally, after activating the Super Desktop service, the phone can display something like this: Figure 8C The interface shown indicates that the phone is currently launching a super launcher.
[0220] The above sections S327-S331 describe the situation where device registration is successful when digital signature 1 and digital signature 2 are the same. Of course, there is also the possibility that digital signature 1 and digital signature 2 are different. The following will continue to describe the situation where digital signature 1 and digital signature 2 are different.
[0221] S332, the device cloud connects via Bluetooth and returns a registration failure response message to the mobile phone.
[0222] S333: The mobile phone responds to the registration failure message and displays connection failure prompt message 1. Based on the Bluetooth connection, the registration failure message is returned to the vehicle system.
[0223] S334, The vehicle system responds to the registration failure message and displays the connection failure prompt message 2.
[0224] Among them, the above-mentioned connection failure message 1 and connection failure message 2 indicate that the user's vehicle system and mobile phone have failed to connect.
[0225] In this embodiment, if the device verification fails, the phone can be notified of the registration failure. The phone will then indicate that the connection between the phone and the vehicle's infotainment system has failed. Furthermore, the phone can send a registration failure message to the vehicle's infotainment system, notifying it of the registration failure.
[0226] It should be noted that the above-mentioned device registration failure will occur when the mobile phone has no network (such as Wi-Fi network, mobile network (such as 5G, 4G, etc.)) or the mobile phone's license 1 is invalid.
[0227] above Figure 5 This section describes how the vehicle's infotainment system connects to the first device (such as a mobile phone) in the trust ring. After connecting to the phone, the system can automatically connect to other devices in the trust ring corresponding to the Honor account logged in on the phone, achieving secondary self-organizing networking without user intervention and improving connection efficiency. The following section will use a tablet computer as an example to further illustrate this. Figure 9 This section introduces the process of a seamless secondary self-organizing network.
[0228] S401, The tablet computer receives the vehicle registration information sent by the cloud device.
[0229] For example, the vehicle registration information 2 mentioned above may include the vehicle's authorization code 2 and the vehicle's public key 2. Optionally, the vehicle registration information 2 may also include other information, such as vehicle information.
[0230] In this embodiment, after the mobile phone successfully registers with the vehicle infotainment system, the device cloud can synchronize the vehicle infotainment system registration information 2 with devices (including the aforementioned tablet computer) within the trust ring where the mobile phone is located. The trust ring where the mobile phone is located is the trust ring corresponding to the Honor account A logged in by the mobile phone.
[0231] The above S401 is the above Figure 4 One possible implementation of step 10 in this embodiment is that after synchronizing the vehicle registration information 2 to the tablet computer, the tablet computer can automatically connect with the vehicle system using the vehicle registration information 2. The process of automatic connection between the tablet computer and the vehicle system will be described below.
[0232] Understandably, the device cloud can use the vehicle registration information corresponding to Honor account A stored in the device cloud as vehicle registration information 2, so that the vehicle system can determine whether the tablet's identity is trustworthy based on the consistency between the content in vehicle registration information 2 and vehicle registration information 1.
[0233] S402, the vehicle system sends Bluetooth broadcast message 2, which includes Honor account A and identification code 2.
[0234] Among them, Bluetooth broadcast message 2 (or alternatively described as the first broadcast message) is used to trigger the vehicle system to establish a seamless self-organizing network with other devices.
[0235] The aforementioned Honor account A (or first account) refers to the Honor account already bound to the vehicle's infotainment system. Optionally, since the vehicle's infotainment system may be bound to multiple Honor accounts, the aforementioned Bluetooth broadcast message 2 may also include other Honor accounts, allowing the vehicle's infotainment system to automatically connect with any device logged into any Honor account bound to the vehicle's infotainment system. Additionally, the aforementioned vehicle's infotainment system login is not Honor account A. Optionally, the account logged into the vehicle's infotainment system is a third-party account.
[0236] For example, the vehicle's infotainment system broadcasts an ad hoc network. When a user wants to connect a tablet to the infotainment system, the user can bring the tablet logged into Honor account A close to the infotainment system. The tablet can detect Bluetooth broadcast message 2 and automatically connect to the infotainment system using this Bluetooth broadcast message 2.
[0237] It should be noted that if the vehicle's infotainment system does not receive a specific trigger input from the user, it can send Bluetooth broadcast message 2. However, if it does receive a specific trigger input from the user, it will send the corresponding Bluetooth broadcast message. For example, if the infotainment system detects that it is bound to Honor account A after being turned on, it can send Bluetooth broadcast message 2. Afterwards, when the infotainment system receives a click operation from the user on the connection control, it can send Bluetooth broadcast message 1, but will no longer send Bluetooth broadcast message 2.
[0238] S403, The tablet computer receives the aforementioned Bluetooth broadcast message 2.
[0239] The above S402-S403 describes the process of self-discovery of devices with the same account, which is the above... Figure 4 One possible implementation of step 11 in the embodiment. The following will continue to describe, in conjunction with S404-S417. Figure 4 One possible implementation of step 12 in the embodiment.
[0240] S404. The tablet computer determines whether identification code 2 belongs to the preset identification code 2.
[0241] In this embodiment of the application, if the above-mentioned identification code 2 (or the first identification code) does not belong to the preset identification code 2 (or the first preset identification code), it indicates that the Bluetooth broadcast message 2 is not a broadcast message that the tablet computer (or the first device) needs to process, and the tablet computer can execute S405.
[0242] If the aforementioned identification code 1 is the same as the preset identification code 2, it indicates that the Bluetooth broadcast message 2 is a broadcast message that the tablet computer needs to process, and the tablet computer can execute S406.
[0243] In some embodiments, the tablet computer is configured with a preset identification code 2, and the number of preset identification codes 2 is one or more. The tablet computer can then use the preset identification code 2 to filter received Bluetooth broadcast messages, avoiding unnecessary processing of broadcast messages, reducing resource waste, and avoiding processing Bluetooth broadcast messages with security risks, thus ensuring the tablet computer's security.
[0244] S405, the tablet computer filters out the above Bluetooth broadcast message 2.
[0245] The implementation process of S405 can refer to the implementation process of S306 above, and this application does not limit it.
[0246] S406, the tablet computer responds to the aforementioned Bluetooth broadcast message 2 and establishes a Bluetooth connection with the vehicle's infotainment system.
[0247] Alternatively, the Bluetooth connection described above can be a BR connection.
[0248] In this embodiment, the vehicle's infotainment system sends Bluetooth broadcast message 2. The tablet computer detects Bluetooth broadcast message 2 and recognizes the infotainment system. Subsequently, if the identification code 2 in Bluetooth broadcast message 2 belongs to a preset identification code 2, the tablet computer can continue processing Bluetooth broadcast message 2 and perform the identity authentication process.
[0249] In some embodiments, the Bluetooth broadcast message 2 may not include the identification code 2. Accordingly, after receiving the Bluetooth broadcast message 2, the tablet computer does not need to determine whether the Bluetooth broadcast message 2 needs to be filtered out. Instead, it can directly establish a Bluetooth connection with the vehicle system to interconnect with the vehicle system, thereby improving the efficiency of interconnection between the vehicle system and the tablet computer.
[0250] After determining that Bluetooth broadcast message 2 needs to be processed, the tablet can authenticate with the vehicle's system based on the received vehicle registration information 2. The following section will use S407-S417 as an example to illustrate the authentication process, taking PAKE protocol-based authentication as an example.
[0251] S407: The tablet computer uses the vehicle's public key 2 to encrypt the random number 3, the authorization code 2, and the tablet computer's public key to obtain encrypted data 1.
[0252] S408, the tablet computer sends encrypted data to the vehicle's infotainment system via Bluetooth connection 1.
[0253] S409. The vehicle's infotainment system decrypts encrypted data 1 using its private key to obtain random number 3, authorization code 2, and the tablet's public key.
[0254] In some embodiments, since the vehicle-mounted system itself stores authorization code 1 and its public key (i.e., public key 1), after receiving the encrypted data 1, the system can decrypt it using its private key. If decryption is successful, it indicates that the vehicle-mounted system's public key 2 stored on the tablet is correct, and authentication can continue, as described in step S410 below. Alternatively, after successful decryption, the system checks whether authorization code 2 and authorization code 1 are consistent. If they are consistent, it indicates that the vehicle-mounted system's authorization code stored on the tablet is correct, and the system can continue authentication, as described in step S410 below.
[0255] If decryption fails, it indicates that the vehicle's public key 2 stored on the tablet is incorrect and not the public key issued by the vehicle's system. In this case, the vehicle's system can send an authentication failure response message to the tablet. The tablet responds to this message by displaying a connectivity failure message, indicating that the connection with the vehicle's system has failed.
[0256] S410: The vehicle's infotainment system uses the public key from the tablet computer to encrypt the random number 4, resulting in encrypted data 2.
[0257] S411, The vehicle's infotainment system sends encrypted data to the tablet via Bluetooth 2.
[0258] S412. The tablet computer decrypts the encrypted data 2 based on the tablet computer's private key to obtain a random number 4.
[0259] S413, the vehicle's infotainment system encrypts random number 3 and random number 4 to obtain session key 3.
[0260] S414, The tablet computer encrypts random number 3 and random number 4 to obtain session key 4.
[0261] S415, the tablet computer sends authentication request 2 to the vehicle system via Bluetooth connection, wherein authentication request 2 includes session key 4.
[0262] S416. In response to the above authentication request 2, if session key 3 and session key 4 are the same, the vehicle-mounted unit sends an authentication success response message to the tablet computer.
[0263] In this embodiment of the application, S407-S416 above describes the pake authentication process based on the authorization code. The vehicle system and the tablet computer interact to perform identity authentication, and both parties can obtain random number 3 (or first random number) and random number 4 (or second random number), which are used to generate the corresponding session key (i.e., session key 3 and session key 4).
[0264] The vehicle-mounted system can determine whether session key 4 (or the first session key) is the same as session key 3 to verify the legitimacy of both parties. If session key 4 and session key 3 are the same, it indicates successful authentication, the tablet and vehicle-mounted system are legitimate, and there is no risk associated with them. This completes the initial authentication of the self-organizing network, and the vehicle-mounted system can then execute S410.
[0265] Additionally, if session key 4 and session key 3 are different, it indicates that authentication has failed and the connection between the tablet and the vehicle system has failed. In this case, the vehicle system can return an authentication failure response message (or a first authentication failure response message) to the tablet. The tablet responds to this authentication failure response message by displaying a connection failure message. Optionally, the authentication success response message in S416 above can also be referred to as a first authentication success response message.
[0266] In some embodiments, after obtaining the public key from the tablet computer, the vehicle-mounted system can verify the validity of the tablet computer's public key, such as by using the vehicle-mounted system's PKI certificate. Similarly, after obtaining the public key from the vehicle-mounted system, the tablet computer can verify the validity of the vehicle-mounted system's public key, such as by using the tablet computer's PKI certificate. Furthermore, the above... Figure 3 In the embodiment, after obtaining the vehicle's public key, the mobile phone can also verify the validity of the vehicle's public key.
[0267] In some embodiments, the session keys (such as session key 3 and session key 4) are symmetric keys. Furthermore, the process of determining the session key for authentication via the PAKE protocol described above is merely an example; authentication can also be performed in other ways. For instance, the encrypted data 1 is obtained by encrypting the authorization code 2 and the tablet's public key using the vehicle's public key 2. After the vehicle decrypts the tablet's public key and authorization code 2, it can determine whether authorization code 2 and authorization code 1 are the same. If they are the same, authentication is successful; if they are different, authentication fails. Accordingly, the tablet's public key can be used as session key 3, and the vehicle's public key can be used as session key 4. Alternatively, the tablet and vehicle do not need to determine a session key. Accordingly, during interaction, there is no need to use the session key for encryption; in other words, the encrypted data 1 can be obtained by encrypting the authorization code 2 using the vehicle's public key 2.
[0268] In some embodiments, after successful security authentication between the vehicle-mounted infotainment system and the tablet, it indicates that both the vehicle-mounted system and the mobile phone are secure, device authentication is complete, and the vehicle-mounted system and the tablet can save the pairing relationship, i.e., the other device information. For example, the tablet can save the vehicle-mounted system's device information, which may include one or more of the vehicle-mounted system identifier, session key 4, and the vehicle-mounted system's public key. Similarly, the vehicle-mounted system can save the tablet's device information, which may include one or more of the tablet's device identifier, session key 3, and the tablet's public key.
[0269] Optionally, the aforementioned vehicle identification and public key can be permanently stored on the tablet computer, such as in a specific database or file. Since session key 4 has an expiration date and needs to be updated periodically, it can be stored in the tablet computer's memory. Similarly, while the tablet computer identification and public key can be permanently stored on the vehicle computer, session key 3 can be stored in the vehicle computer's memory.
[0270] S417, Establish a session connection between the vehicle infotainment system and the tablet computer 2.
[0271] Session connection 2 is used to transmit service data, such as Super Desktop service data. Optionally, the transmission of this service data can be encrypted using a session key.
[0272] In this embodiment, when the tablet computer approaches the vehicle's infotainment system, it can detect the system and receive the system's self-organizing network broadcast. Afterward, the tablet computer can authenticate itself with the system. Once authenticated, the tablet and system connect without any user intervention, achieving seamless self-organizing networking between the two systems and improving interconnection efficiency.
[0273] After the vehicle's infotainment system and the tablet computer are connected, the content displayed on the tablet can be similar to the content displayed on the phone after successful connection between the phone and the vehicle's infotainment system, as described above. For example, it may display a connection success message (or a first connection success message), indicating successful connection with the vehicle's infotainment system. Similarly, the content displayed on the vehicle's infotainment system can be similar to the content displayed on the phone after successful connection, as described above. For example, it may display a corresponding connection success message (or a third connection success message), indicating successful connection with the tablet computer. This is merely an example, and this application does not limit the specific content displayed.
[0274] The initial authentication process in a self-organizing network has been described above. Since the session key determined during authentication has an expiration date (e.g., 1 hour), it will become invalid after that time. Therefore, the tablet and the vehicle's infotainment system can perform secondary authentication to update the session key. The secondary authentication process will be described below.
[0275] S418. After a preset time 1, the tablet computer encrypts the session key 4 and the random number 5 based on the vehicle's public key 2 to obtain encrypted data 3.
[0276] In this embodiment of the application, after determining the session key 4, after a preset time 1 (or a first preset time), the tablet computer can re-authenticate with the vehicle system based on the PAKE protocol to update its session key with the vehicle system. The preset time 1 is less than the validity period of the session key; that is, the tablet computer updates the session key with the vehicle system before the validity period expires.
[0277] S419, The tablet computer sends encrypted data to the vehicle's infotainment system via Bluetooth connection 3.
[0278] S420: The vehicle's infotainment system decrypts the encrypted data 3 using the vehicle's private key to obtain the session key 4 and a random number 5.
[0279] S421. The vehicle's infotainment system uses the public key of the tablet computer to encrypt the random number 6, resulting in encrypted data 4.
[0280] S422, The vehicle's infotainment system sends encrypted data to the tablet computer via Bluetooth.
[0281] S423, the vehicle's infotainment system encrypts random numbers 5 and 6 to obtain the updated session key 3.
[0282] S424. The tablet computer decrypts the encrypted data 4 based on the tablet computer's private key, and obtains a random number 6.
[0283] S425, the tablet computer encrypts random numbers 5 and 6 to obtain the updated session key 4.
[0284] S426, The tablet computer sends an authentication request 3 to the vehicle's infotainment system via Bluetooth connection, wherein the authentication request 3 includes an updated session key 4.
[0285] S427. In response to the above authentication request 3, if the updated session key 3 and the updated session key 4 are the same, the vehicle-mounted unit sends an authentication success response message to the tablet computer.
[0286] In some embodiments, if the updated session key 3 and the updated session key 4 are different, the vehicle-mounted system sends an authentication failure response message to the tablet computer. The tablet computer can then attempt secondary network authentication again after a certain period of time. If authentication fails before the expiration of session key 4, the session connection between the tablet computer and the vehicle-mounted system is disconnected.
[0287] Optionally, the vehicle-mounted system can also proactively send relevant data to the tablet computer after a preset time period of 1 to update the session key. It is understood that the execution order of the above steps is merely an example, and this application does not limit it. Wherein, S418-S427 are the aforementioned... Figure 4 One possible implementation of the secondary network authentication described in step 13 of the embodiment can be found in the section on the first authentication of the self-organizing network described above, or in the above-described... Figure 5 The process of identity authentication based on the PAKE protocol in the embodiments will not be described again here.
[0288] In some embodiments, the above Figure 5 The interconnection process between the vehicle's infotainment system and the first device (i.e., the mobile phone) in the trust loop, as described in the embodiment, can be divided into three parts: vehicle discovery, device authentication, and device agent registration. The following will combine the above... Figure 3 The software structure shown illustrates these three parts. For example, as... Figure 10 As shown, the implementation process of these three parts is as follows:
[0289] Vehicle-mounted system discovery section:
[0290] First, after receiving user input operation 1, the mobile phone connectivity application in the vehicle's infotainment system responds by calling the Magic Link interface in the system and sending a broadcast request to the integrated connectivity platform within the system. Operation 1 can be a user click on the aforementioned connection control.
[0291] Subsequently, the vehicle's integrated connectivity platform responded to the broadcast request by sending Bluetooth broadcast message 1 via the vehicle's Bluetooth chip. Bluetooth broadcast message 1 includes vehicle information and identification code 1.
[0292] Furthermore, the smartphone connectivity application in the vehicle's infotainment system calls the Magic Link interface to send connection code 1 to the vehicle's integrated connectivity platform. The smartphone connectivity application in the vehicle's infotainment system can also display connection code 1.
[0293] Afterwards, the Bluetooth chip in the phone receives Bluetooth broadcast message 1. If it determines that identification code 1 belongs to the preset identification code 1, it sends vehicle information to the integrated connectivity platform in the phone to notify the integrated connectivity platform in the phone to discover the vehicle system.
[0294] Afterwards, the integrated interconnection platform in the mobile phone reports the vehicle information to the smart mobility application in the mobile phone.
[0295] Then, the smart mobility application on the phone receives the connection code 2 that the user enters in the displayed input controls.
[0296] Device authentication (initial binding) section:
[0297] The smart mobility application will call the Magic Link interface on the phone to send a device authentication request to the converged interconnection platform on the phone. The device authentication request includes connection code 2.
[0298] Subsequently, the converged interconnection platform in the mobile phone responds to the device authentication request, establishes a BR connection with the converged interconnection platform in the vehicle's infotainment system, and sends an identity authentication request to the security foundation platform in the mobile phone.
[0299] Subsequently, in response to the identity authentication request, the security infrastructure platform in the mobile phone and the security infrastructure platform in the vehicle system perform PAKE protocol authentication based on connection code 2.
[0300] Subsequently, after successful authentication, the security infrastructure platform on the mobile phone notifies the converged connectivity platform on the mobile phone that the vehicle's identity authentication was successful. Furthermore, the security infrastructure platform on the vehicle's system also notifies the converged connectivity platform on the vehicle's system that the mobile phone's identity authentication was successful.
[0301] Afterwards, the integrated interconnection platform in the vehicle and the mobile phone can use their respective PKI certificates to verify whether the other party's Huks certificate is valid.
[0302] After successful verification, the integrated connectivity platform on the mobile phone can notify the vehicle's infotainment system of near-field connectivity (NFC) activation to the smart mobility application. Conversely, the integrated connectivity platform on the vehicle's infotainment system can notify the mobile phone's NFC activation to the mobile connectivity application. Optionally, after the NFC activation notification, the vehicle's infotainment system and the mobile phone successfully connect.
[0303] Equipment agent registration section:
[0304] The smart mobility application on the phone calls the Magic Link interface on the phone to send the agent registration request to the converged interconnection platform on the phone.
[0305] Afterwards, the integrated interconnection platform in the mobile phone and the integrated interconnection platform in the vehicle will go through the agent registration process to obtain the vehicle registration information1.
[0306] Afterwards, the converged interconnection platform in the mobile phone sends a device registration request to the device cloud. The device cloud then returns a corresponding response message.
[0307] Subsequently, if the response message is a registration success message, the integrated interconnection platform on the mobile phone notifies the smart mobility application that the registration was successful, so that the smart mobility application displays the corresponding registration success interface.
[0308] Furthermore, the integrated connectivity platform in the mobile phone sends a registration success message to the integrated connectivity platform in the vehicle's infotainment system. This registration success message includes the Honor account A.
[0309] Afterwards, the vehicle's infotainment system's integrated connectivity platform notifies the mobile app that registration was successful, causing the mobile app to display the corresponding registration success interface, thus successfully establishing a session connection between the vehicle's infotainment system and the mobile phone.
[0310] Optionally, the in-vehicle infotainment system's integrated connectivity platform can send the mapping identifier (or ringID) corresponding to Honor Account A to the mobile phone connectivity application to avoid directly sending Honor Account A to the mobile phone connectivity application, which could lead to account leakage and protect account security.
[0311] The above describes the process of connecting a mobile phone and the vehicle's infotainment system. After connecting with the phone, the vehicle's infotainment system joins the trust ring containing the phone, enabling it to automatically connect with other devices (such as tablets) within that trust ring. The automatic connection process (as described above) Figure 9 The process corresponding to the embodiment can be divided into three parts: the self-discovery part of devices with the same account, the initial authentication part of the self-organizing network, and the secondary authentication part of the network. For example, as shown... Figure 11 As shown, the implementation process of these three parts is as follows:
[0312] Among them, the self-discovery part of devices with the same account:
[0313] First, the device cloud synchronizes the vehicle registration information 2 to the converged interconnection platform on the tablet computer.
[0314] Subsequently, the mobile phone connectivity application in the vehicle's infotainment system calls the Magic Link interface to send a self-organizing network broadcast request to the converged connectivity platform in the vehicle's infotainment system. This self-organizing network broadcast request includes the mapping identifier corresponding to Honor account A.
[0315] Subsequently, the vehicle's integrated connectivity platform sends Bluetooth broadcast message 2 via the vehicle's Bluetooth chip. Bluetooth broadcast message 2 includes Honor account A and identification code 2. Honor account A is retrieved by the vehicle's integrated connectivity platform based on a mapping identifier.
[0316] Optionally, the Bluetooth broadcast message 2 mentioned above can be a Bluetooth Low Energy (BLE) broadcast message.
[0317] Subsequently, the Bluetooth chip in the tablet receives Bluetooth broadcast message 2. If it determines that identification code 2 belongs to the preset identification code 2, it notifies the converged interconnection platform in the tablet to discover the vehicle system.
[0318] Initial authentication for self-organizing networks:
[0319] The converged interconnection platform in the tablet computer establishes a BR connection with the converged interconnection platform in the vehicle system.
[0320] Next, the converged connectivity platform in the tablet sends an authentication request to the security infrastructure platform in the tablet. Then, the security infrastructure platform in the tablet and the security infrastructure platform in the vehicle's infotainment system perform PAKE protocol authentication.
[0321] Subsequently, after successful authentication, the security infrastructure platform on the tablet notifies the converged connectivity platform within the tablet that the vehicle's identity authentication was successful. Furthermore, the security infrastructure platform within the vehicle's infotainment system also notifies the converged connectivity platform within the vehicle's infotainment system that the tablet's identity authentication was successful.
[0322] Subsequently, the converged connectivity platform within the tablet can notify the vehicle's infotainment system of its near-field connectivity status to smart mobility applications. The same platform can then notify the tablet's near-field connectivity status to mobile-connected mobility applications, establishing a session connection.
[0323] Secondary network authentication part:
[0324] The security infrastructure platform in the tablet and the security infrastructure platform in the vehicle use the PAKE protocol for authentication to update the session key.
[0325] Following successful authentication, the security infrastructure platform on the tablet notifies the converged connectivity platform on the tablet that the vehicle's identity authentication was successful. Additionally, the security infrastructure platform on the vehicle's system notifies the converged connectivity platform on the vehicle's system that the tablet's identity authentication was successful. Optionally, the converged connectivity platform on the vehicle's system notifies the mobile connectivity application that the tablet is in a near-field online state. The converged connectivity platform on the tablet notifies the smart mobility application that the vehicle's system is in a near-field online state, allowing the vehicle's system and tablet to continue using session connections for business data transmission.
[0326] After establishing a session connection with the vehicle's infotainment system, the aforementioned mobile phone or tablet can use this session connection to transmit service data. The following section, in conjunction with the above... Figure 3 The software structure shown, taking the business data as super desktop business data as an example, is combined with... Figure 12 To introduce it. For example... Figure 12 As shown, the process of transmitting service data using a session connection may include:
[0327] The control center in the mobile phone or tablet registers the device interconnection status detection with the converged interconnection platform in the mobile phone or tablet.
[0328] After the initial or automatic connection, the integrated connectivity platform on your mobile phone or tablet notifies the control center that the vehicle's near-field system is online.
[0329] Then, the control center displays the vehicle's infotainment system icon.
[0330] Afterwards, the control center receives user input operation 2, which is used to trigger the vehicle system to perform the super desktop service. For example, operation 2 could be to move the phone icon onto the vehicle system icon.
[0331] Subsequently, in response to Operation 2, the control center triggers the smart mobility application to send the super desktop business data to the mobile phone interconnection application in the vehicle system.
[0332] Optionally, the aforementioned smart mobility applications integrate the Magic Link SDK. The aforementioned mobile connectivity applications integrate the Magic Ring SDK.
[0333] In some embodiments, the security infrastructure platform in the mobile phone can send signature 1 of the APK corresponding to the target application (such as a trust ring application) to the security infrastructure platform of the vehicle's infotainment system. The vehicle's infotainment system then verifies signature 1 using the certificate signed by the Honor platform mentioned above. Upon successful signature verification and successful authentication based on the PAKE protocol, the mobile phone is deemed legitimate. The APK corresponding to the target application used for signature verification by the vehicle's infotainment system can be sent by the mobile phone or be the APK corresponding to the target application on the vehicle's infotainment system.
[0334] Additionally, after the in-vehicle infotainment system is added to the trust ring of the same device as the phone, the in-vehicle infotainment system icon can still be displayed even if other devices in the trust ring are not connected to the system, although the icon will be in the first state (e.g., grayed out). Once the device is connected to the system, the icon can be in the second state (e.g., highlighted).
[0335] In some embodiments, the Bluetooth communication described above is only one example of short-range communication, and the vehicle-mounted system and the mobile phone or tablet can also conduct other types of short-range communication (such as NFC communication). Correspondingly, the Bluetooth broadcast messages described above (such as Bluetooth broadcast message 1 and Bluetooth broadcast message 2) can also be other types of broadcast messages, and this application does not limit them.
[0336] It should be noted that the operations performed by the services or modules in the aforementioned vehicle infotainment system are merely examples, and these operations could also be performed by other services or models within the vehicle infotainment system; this application does not limit them. Similarly, the operations performed by the services or modules in the aforementioned mobile phone are merely examples, and these operations could also be performed by other services or models within the mobile phone. Likewise, the operations performed by the services or modules in the aforementioned tablet computer are merely examples, and these operations could also be performed by other services or models within the tablet computer; this application does not limit them.
[0337] In some embodiments, the operations or information obtained during the initial interconnection between the mobile phone and the vehicle's infotainment system are all performed or collected with user authorization. Similarly, the operations or information obtained during the automatic interconnection between the tablet computer and the vehicle's infotainment system are also performed or collected with user authorization.
[0338] In some embodiments, this application provides a computer storage medium including computer instructions that, when executed on an electronic device, cause the electronic device to perform the method described above.
[0339] In some embodiments, this application provides a computer program product that, when run on an electronic device, causes the electronic device to perform the method described above.
[0340] Through the above description of the embodiments, those skilled in the art can clearly understand that, for the sake of convenience and brevity, only the division of the above functional modules is used as an example. In actual applications, the above functions can be assigned to different functional modules as needed, that is, the internal structure of the device can be divided into different functional modules to complete all or part of the functions described above.
[0341] In the several embodiments provided in this application, it should be understood that the disclosed apparatus and methods can be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative; for instance, the division of modules or units is only a logical functional division, and in actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated into another device, or some features may be ignored or not executed. Furthermore, the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces; the indirect coupling or communication connection between devices or units may be electrical, mechanical, or other forms.
[0342] The units described as separate components may or may not be physically separate. A component shown as a unit can be one or more physical units; that is, it can be located in one place or distributed in multiple different locations. Some or all of the units can be selected to achieve the purpose of this embodiment according to actual needs.
[0343] Furthermore, the functional units in the various embodiments of this application can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit. The integrated unit can be implemented in hardware or as a software functional unit.
[0344] If the integrated unit is implemented as a software functional unit and sold or used as an independent product, it can be stored in a readable storage medium. Based on this understanding, the technical solutions of the embodiments of this application, essentially or in other words, the parts that contribute to the prior art, or all or part of the technical solutions, can be embodied in the form of a software product. This software product is stored in a storage medium and includes several instructions to cause a device (which may be a microcontroller, chip, etc.) or processor to execute all or part of the steps of the methods described in the various embodiments of this application. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.
[0345] The above description is merely a specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any variations or substitutions within the technical scope disclosed in this application should be included within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.
Claims
1. An interconnection method, characterized in that, Applied to a first device, the method includes: The first device receives a first broadcast message sent by the vehicle-mounted system; wherein, the first broadcast message includes a first account logged in by a second device that is already connected to the vehicle-mounted system, and the first device is logged in to the first account; the vehicle-mounted system is logged in to a second account, and the first account is different from the second account; In response to the first broadcast message, the first device displays a first interconnection success message, which indicates that the first device is interconnected with the vehicle system.
2. The method according to claim 1, characterized in that, The first device responds to the first broadcast message by displaying a first interconnection success message, including: The first device responds to the first broadcast message and performs identity authentication with the vehicle-mounted system based on the vehicle-mounted system registration information; the vehicle-mounted system registration information is sent by the device cloud to the devices in the trust ring corresponding to the first account after the vehicle-mounted system successfully registers with the device cloud; the devices in the trust ring corresponding to the first account include the first device, and the trust ring consists of at least two electronic devices that are logged into the same user account and trust each other. If the identity authentication is successful, the first device displays a message indicating that the first interconnection was successful.
3. The method according to claim 2, characterized in that, The vehicle registration information includes the vehicle's public key and the vehicle's authorization code; The step of authenticating the identity with the vehicle system based on the vehicle registration information includes: The first device encrypts the authorization code of the vehicle's infotainment system based on the system's public key to obtain the first encrypted data; The first device sends a first device authentication request to the vehicle system; wherein the first device authentication request includes the first encrypted data; The first device receives a first authentication success response message or a first authentication failure response message sent by the vehicle-mounted system.
4. The method according to claim 3, characterized in that, The first device encrypts the authorization code of the vehicle's infotainment system based on the system's public key to obtain first encrypted data, including: The first device encrypts the first random number, the first device's public key, and the authorization code based on the vehicle's public key to obtain the first encrypted data; The method further includes: The first device receives the second encrypted data sent by the vehicle system, the second encrypted data being obtained by the vehicle system encrypting a second random number using the public key of the first device; The first device decrypts the second encrypted data based on its private key to obtain the second random number; The first device encrypts a first random number and a second random number on the first device to obtain a first session key; the first session key is used to encrypt the data sent by the first device to the vehicle-mounted system. The first device sends the first session key to the vehicle infotainment system; the first session key is used by the vehicle infotainment system to send the first authentication success response message or the first authentication failure response message.
5. The method according to any one of claims 2 to 4, characterized in that, After displaying the first interconnection success message, the method further includes: After a first preset time has elapsed, the first device performs secondary authentication with the vehicle system based on the first session key; the first session key is determined through authentication with the vehicle system.
6. The method according to any one of claims 1 to 5, characterized in that, The first broadcast message also includes a first identification code; The first device responds to the first broadcast message by displaying a first interconnection success message, including: If the first identification code belongs to the first preset identification code, a message indicating successful interconnection will be displayed.
7. An interconnection method, characterized in that, Applied to a second device, the method includes: The second device authenticates its identity with the vehicle's infotainment system; the second device logs into the first account; If the identity authentication is successful, the second device receives the vehicle registration information sent by the vehicle system; The second device sends the vehicle registration information to the device cloud and displays a second interconnection success message, indicating that the second device has successfully interconnected with the vehicle. The vehicle registration information is used by the second device to synchronize the vehicle registration information to the devices in the trust ring corresponding to the first account through the device cloud, so that the devices in the trust ring can connect to the vehicle when they are close to the vehicle.
8. The method according to claim 7, characterized in that, The second device sends the vehicle registration information to the device cloud and displays a successful second interconnection message, including: The second device sends a device registration request to the device cloud; wherein, the device registration request includes the vehicle registration information and the first digital signature corresponding to the vehicle registration information; The second device receives a registration success response message sent by the device cloud; wherein, the registration success response message is sent by the device cloud after verifying the first digital signature successfully based on the vehicle registration information; The second device responds to the registration success response message by displaying a message indicating that the second interconnection was successful.
9. The method according to claim 7 or 8, characterized in that, Before the second device performs identity authentication with the vehicle system, the method further includes: The second device sends a second broadcast message, which further includes a second identification code; The second device performs identity authentication with the vehicle system, including: If the second identification code belongs to the second preset identification code, the second device performs identity authentication with the vehicle system.
10. An interconnection method, characterized in that, Applied to in-vehicle infotainment systems, the method includes: The vehicle-mounted system sends a first broadcast message; wherein, the first broadcast message includes a first account logged in by a second device that is already connected to the vehicle-mounted system, and the vehicle-mounted system logs in with a second account, which is different from the first account; When the first device receives the first broadcast message and the first device is logged into the first account, the vehicle system displays a third interconnection success message, which indicates that the vehicle system and the first device have successfully interconnected. The first broadcast message is used to trigger the first device to establish a Bluetooth connection with the vehicle system.
11. The method according to claim 10, characterized in that, The method further includes: The vehicle-mounted system authenticates its identity with the second device. If the identity authentication is successful, the vehicle system sends an agent registration request to the second device and displays a fourth interconnection success message, which indicates that the vehicle system and the second device have successfully interconnected. The proxy registration request includes the vehicle registration information. The proxy registration request is used to register with the device cloud through the second device, so as to synchronize the vehicle registration information to the devices in the trust ring corresponding to the first account through the device cloud. The devices in the trust ring include the first device.
12. An electronic device, characterized in that, The electronic device includes a display screen, a memory, and one or more processors; the display screen, the memory, and the processors are coupled; the display screen is used to display an image generated by the processor, the memory is used to store computer program code, the computer program code including computer instructions; when the processor executes the computer instructions, the electronic device performs the method as described in any one of claims 1 to 9.
13. A vehicle infotainment system, characterized in that, The vehicle infotainment system includes a display screen, a memory, and one or more processors; the display screen, the memory, and the processors are coupled; the display screen is used to display images generated by the processor, the memory is used to store computer program code, the computer program code including computer instructions; when the processor executes the computer instructions, the vehicle infotainment system performs the method as described in any one of claims 10 to 11.
14. A computer storage medium, characterized in that, Includes computer instructions that, when executed on an electronic device, cause the electronic device to perform the method as described in any one of claims 1 to 9.
15. A computer storage medium, characterized in that, Includes computer instructions that, when executed on the vehicle infotainment system, cause the vehicle infotainment system to perform the method as described in any one of claims 10 to 11.