CN114553428B - Trusted verification system, trusted verification device, trusted verification storage medium and electronic equipment - Google Patents

Trusted verification system, trusted verification device, trusted verification storage medium and electronic equipment Download PDF

Info

Publication number
CN114553428B
CN114553428B CN202210026527.6A CN202210026527A CN114553428B CN 114553428 B CN114553428 B CN 114553428B CN 202210026527 A CN202210026527 A CN 202210026527A CN 114553428 B CN114553428 B CN 114553428B
Authority
CN
China
Prior art keywords
server
exchange key
signature information
key
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210026527.6A
Other languages
Chinese (zh)
Other versions
CN114553428A (en
Inventor
刘天
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Sankuai Online Technology Co Ltd
Original Assignee
Beijing Sankuai Online Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Sankuai Online Technology Co Ltd filed Critical Beijing Sankuai Online Technology Co Ltd
Priority to CN202210026527.6A priority Critical patent/CN114553428B/en
Publication of CN114553428A publication Critical patent/CN114553428A/en
Application granted granted Critical
Publication of CN114553428B publication Critical patent/CN114553428B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The specification discloses a trusted verification system, a device, a storage medium and electronic equipment, wherein the trusted verification system comprises a server and unmanned equipment, the unmanned equipment is provided with first equipment and second equipment, the first equipment is untrusted equipment, the second equipment is trusted equipment, and a private key of the first equipment is stored in the second equipment. The first device generates an exchange key and sends the exchange key to the second device, the second device signs the exchange key by adopting the stored private key of the first device, so as to obtain signature information, and the signature information is sent to the first device. The first device sends the exchange key and the signature information to the server, which verifies the signature information. After the signature information is verified, the exchange key is used to communicate with the first device. In the system, for the trusted device and the untrusted device carried on the same unmanned device, the private key of the untrusted device is stored in the trusted device, and the security of the private key of the untrusted device is protected while the communication between the first device and the server is not affected.

Description

Trusted verification system, trusted verification device, trusted verification storage medium and electronic equipment
Technical Field
The present disclosure relates to the field of unmanned technologies, and in particular, to a trusted verification system, a trusted verification device, a trusted verification storage medium, and a trusted verification electronic device.
Background
In the test phase and/or the use phase of the unmanned apparatus, various apparatuses are generally mounted on the unmanned apparatus. Among them, devices mounted on unmanned devices are generally classified into: a trusted device with trusted computing capability, an untrusted device without trusted computing capability. Wherein the trusted device is in a secure trusted environment and the non-trusted device is in an unsecure ordinary environment. In actual operation, the number of trusted devices mounted on the unmanned device is generally small, and an untrusted device without trusted computing power has difficulty in adding a trusted computing environment, so that it cannot have trusted computing power.
In the process of operating the unmanned equipment, when each equipment carried on the unmanned equipment needs to communicate with the server, identity verification is needed to be carried out with the server by using an identity certificate of the equipment, wherein the identity certificate mainly comprises a private key of the equipment. In the prior art, the identity credentials of each device, i.e. the private key, are typically stored in the own device.
It is difficult for an attacker to steal the private key stored in the trusted device. For the non-trusted device, because the non-trusted device is in an unsafe common environment, an attacker can steal the private key stored in the non-trusted device by adopting methods such as side channel attack and the like.
Disclosure of Invention
The present disclosure provides a trusted verification system, method and apparatus to partially solve the above-mentioned problems of the prior art.
The technical scheme adopted in the specification is as follows:
the present specification provides a trusted verification system for unmanned vehicles, comprising:
the trusted verification system comprises: a server, an unmanned device; the unmanned device is provided with a first device and a second device; the first device is an untrusted device, and the second device is a trusted device; the private key of the first device is stored in the second device;
the first device is configured to generate an exchange key, and send the exchange key to the second device; after receiving the signature information sent by the second device, sending the exchange key and the signature information to the server;
the second device is configured to, when receiving the exchange key sent by the first device, sign the exchange key with a stored private key of the first device to obtain signature information, and send the signature information to the first device;
The server is used for verifying the signature information when receiving the exchange key and the signature information sent by the first device; and after the signature information passes verification, the exchange key is used for communication with the first device.
Optionally, the server is further configured to send a public key of the server to the first device when a communication connection is established with the first device;
the first device is configured to encrypt an exchange key by using the received public key of the server, and send the encrypted exchange key to the second device;
and the second device is used for signing the encrypted exchange key by adopting the stored private key of the first device to obtain signature information.
Optionally, the server is configured to verify the signature information when receiving the encrypted exchange key and the signature information sent by the first device; after the signature information passes verification, the encrypted exchange key is decrypted by adopting the private key of the server, and the decrypted exchange key is used for communicating with the first device.
Optionally, the server is further configured to send a digital certificate of the server to the first device;
The first device is configured to perform authentication on the server according to the digital certificate of the server when the received digital certificate of the server, and generate an exchange key after the authentication of the server passes.
Optionally, the first device is configured to send, to the second device, the digital certificate of the first device, the digital certificate of the server, and the exchange key;
the second device is configured to perform identity verification on the first device according to the digital certificate of the first device, and perform identity verification on the server according to the digital certificate of the server; after the identity of the first device and the server pass, encrypting the exchange key by adopting a stored private key of the first device.
The specification provides a trusted verification method, wherein unmanned equipment is loaded with first equipment and second equipment; the first device is an untrusted device, the second device is a trusted device, and a private key of the first device is stored in the second device; the method is for a first device, the method comprising:
generating an exchange key, sending the exchange key to the second device, enabling the second device to sign the exchange key by adopting a stored private key of the first device to obtain signature information, and sending the signature information to the first device;
And transmitting the exchange key and the signature information to the server in response to the received signature information transmitted by the second device, so that the server verifies the signature information after receiving the exchange key and the signature information, and communicates with the first device by adopting the exchange key after the signature information is verified.
Optionally, before sending the exchange key to the second device, the method further comprises:
receiving the public key of the server, and encrypting the exchange key by adopting the received public key of the server;
the method for transmitting the exchange key to the second device specifically comprises the following steps:
and sending the encrypted exchange key to the second device, so that the second device signs the encrypted exchange key by adopting the private key of the first device.
Optionally, generating the exchange key specifically includes:
receiving a digital certificate of the server, and carrying out identity verification on the server according to the digital certificate of the server;
and generating an exchange key after the identity of the server passes the authentication.
Optionally, the exchange key is sent to the second device, specifically including:
And sending the digital certificate of the first device, the digital certificate of the server and the exchange key to the second device, so that the second device performs identity verification on the first device according to the digital certificate of the first device, performs identity verification on the server according to the digital certificate of the server, and signs the exchange key by adopting a stored private key of the first device after the identity verification of the first device and the server is passed.
The specification provides a trusted verification method, wherein unmanned equipment is loaded with first equipment and second equipment; the first device is an untrusted device, the second device is a trusted device, and a private key of the first device is stored in the second device; the method is for a second device, the method comprising:
responding to the received exchange key sent by the first equipment, and signing the exchange key by adopting a stored private key of the first equipment to obtain signature information;
and sending the signature information to the first device, so that the first device sends the received signature information and the exchange key to a server, the server can verify the signature information, and after the signature information is verified, the first device communicates with the exchange key.
Optionally, in response to receiving the exchange key sent by the first device, signing the exchange key by adopting the stored private key of the first device, including:
responding to the received digital certificate of the first device, the digital certificate of the server and the exchange key, and carrying out identity verification on the first device according to the digital certificate of the first device and carrying out identity verification on the server according to the digital certificate of the server;
and after the identity verification of the first equipment and the server is passed, adopting a stored private key of the first equipment to sign the exchange key.
The present specification provides a trusted verification apparatus comprising:
the generation module is used for generating an exchange key, sending the exchange key to the second equipment, enabling the second equipment to sign the exchange key by adopting the stored private key of the first equipment to obtain signature information, and sending the signature information to the first equipment;
and the first sending module is used for responding to the received signature information sent by the second equipment, sending the exchange key and the signature information to the server, enabling the server to verify the signature information after receiving the exchange key and the signature information, and adopting the exchange key to communicate with the first equipment after the signature information is verified.
The present specification provides a trusted verification apparatus comprising:
the receiving module is used for responding to the received exchange key sent by the first equipment, adopting the stored private key of the first equipment and signing the exchange key to obtain signature information;
and the second sending module is used for sending the signature information to the first equipment, so that the first equipment sends the received signature information and the exchange key to a server, the server can verify the signature information, and after the signature information passes the verification, the first equipment communicates with the exchange key.
The present specification provides a computer readable storage medium storing a computer program which when executed by a processor implements the above-described trust verification method.
The present specification provides an unmanned device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the above-described method of trusted verification when executing the program.
The above-mentioned at least one technical scheme that this specification adopted can reach following beneficial effect:
The unmanned trusted verification system comprises a server and unmanned equipment, wherein the unmanned equipment is provided with first equipment and second equipment, the first equipment is non-trusted equipment, the second equipment is trusted equipment, and a private key of the first equipment is stored in the second equipment. Before the first device establishes communication with the server, the first device generates an exchange key and sends the exchange key to the second device, the second device signs the exchange key by adopting a stored private key of the first device to obtain signature information, and the second device sends the signature information to the first device. The first device sends the exchange key and the signature information to the server, the server verifies the signature information, and after the signature information passes the verification, the first device communicates with the exchange key.
In order to avoid the private key stored in the non-trusted device from being stolen by an attacker, in the system, the private key of the non-trusted device is stored in the trusted device for the trusted device and the non-trusted device carried on the same unmanned device, so that communication connection between the first device and a server is not affected, the private key of the first device can still be normally used for signing the exchange key, and meanwhile, the private key of the non-trusted device can be always stored in a safe trusted environment, and the private key of the non-trusted device is protected from being stolen by the attacker.
Drawings
The accompanying drawings, which are included to provide a further understanding of the specification, illustrate and explain the exemplary embodiments of the present specification and their description, are not intended to limit the specification unduly. In the drawings:
FIG. 1 is a schematic flow chart of a trusted verification system in the present specification;
FIG. 2 is a schematic diagram of a trusted verification device provided in the present specification;
FIG. 3 is a schematic diagram of a trusted verification device provided in the present specification;
fig. 4 is a schematic view of the electronic device corresponding to fig. 1 provided in the present specification.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the present specification more apparent, the technical solutions of the present specification will be clearly and completely described below with reference to specific embodiments of the present specification and corresponding drawings. It will be apparent that the described embodiments are only some, but not all, of the embodiments of the present specification. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are intended to be within the scope of the present disclosure.
When the unmanned equipment operates, each equipment carried on the unmanned equipment needs to communicate with a server, and in the prior art, the process of establishing communication between the equipment and the server is as follows: first, the device sends a connection request for establishing a communication connection to the server, and the server receives the connection request sent by the device and sends a digital certificate of the server itself to the device. After receiving the digital certificate of the server, the equipment firstly verifies the identity of the server according to the digital certificate of the server, generates an exchange key after the identity of the server passes the verification, signs the exchange key by using the private key of the equipment to obtain signature information, and can send the exchange key and the signature information to the server. After receiving the exchange key and the signature information sent by the device, the server verifies the signature information, and after the signature information passes the verification, the server can communicate with the device by adopting the exchange key.
Devices carried on unmanned devices are generally classified into: trusted devices and untrusted devices. A trusted device refers to a device with trusted computing power that is in a secure trusted environment, and an untrusted device refers to a device without trusted computing power that is in an unsecure ordinary environment.
Where trusted computing can increase the security of the device, it is understood that in actual operation, a trusted device with trusted computing capabilities in a secure trusted environment is not easily stolen by an attacker to any data stored therein, e.g., private keys, while data stored in an untrusted device without trusted computing capabilities in an unsecure ordinary environment is often easily stolen by an attacker.
In general, the number of trusted devices mounted on the unmanned device is small, and the non-trusted device is difficult to install a trusted environment in the follow-up, so that the non-trusted device cannot be converted into the trusted device.
In order to solve the above-mentioned problem, the present description provides a trusted verification system, in order to avoid an attacker from stealing the private key of an untrusted device mounted on an unmanned device, the private key of the untrusted device is stored in a trusted device mounted on the same unmanned device, so that the private key of the untrusted device is always in a secure trusted environment.
The following describes in detail the technical solutions provided by the embodiments of the present specification with reference to the accompanying drawings.
Fig. 1 is a schematic flow chart of trusted verification in the present specification, specifically including the following steps:
s100: the first device generates an exchange key.
S102: the first device sends the exchange key to the second device.
Because the private key stored in the trusted device is difficult to steal by an attacker, and the private key stored in the untrusted device is often easy to steal by an attacker, the core idea of the trusted verification method provided in the specification is as follows: the private key of the non-trusted device is stored in the trusted device, so that the private key is always in a safe trusted environment, and the private key of the non-trusted device can be prevented from being stolen by an attacker.
Based on the core ideas described above, the present specification provides a trusted verification system for unmanned driving, wherein the trusted verification system comprises: the system comprises a server and unmanned equipment, wherein the unmanned equipment is loaded with first equipment and second equipment, the first equipment is non-trusted equipment, the second equipment is trusted equipment, and a private key of the first equipment is stored in the second equipment.
The unmanned device mentioned in the specification may refer to a device capable of realizing automatic driving, such as an unmanned vehicle, an unmanned plane, a robot, an automatic distribution device, and the like. Based on the above, the unmanned equipment applying the method for trusted verification provided by the specification can be used for executing the delivery tasks in the delivery field, such as the service scenes of delivery of express, logistics, takeaway and the like by using the unmanned equipment.
The first device may generate the exchange key during a process in which the first device establishes communication with the server. After the first device establishes communication connection with the server, the first device and the server can use the exchange key for encrypting/decrypting the data to be exchanged.
Because the private key of the first device is required to be used to sign the exchange key before the server is sent to the exchange key, and the private key of the first device is stored in the second device, the first device may send the exchange key generated in step S100 to the second device, so that the second device signs the exchange key with the stored private key of the first device.
It should be noted that the first device and the second device are not a designated certain device mounted on the unmanned device, the first device may be any one of the non-trusted devices mounted on the unmanned device, and the second device may be any one of the trusted devices mounted on the unmanned device where the first device is located.
S104: and the second equipment signs the exchange key by adopting the stored private key of the first equipment to obtain signature information.
S106: the second device sends the signature information to the first device.
When the second device receives the exchange key sent by the first device, the second device can sign the exchange key by adopting the private key of the first device stored in the second device, so that signature information can be obtained, and then the second device can send the signature information to the first device.
S108: the first device sends the exchange key and the signature information to a server.
After receiving the signature information sent by the second device, the first device may send the exchange key and the signature information to the server.
S110: and the server verifies the signature information and communicates with the first device by adopting the exchange key after the signature information passes the verification.
After receiving the signature information and the exchange key sent by the first device, the server can verify the signature information, specifically, the server can decrypt the signature information by adopting the public key of the first device, then compare the decrypted signature information with the exchange key, and if the decrypted signature information is consistent with the content of the exchange key, the signature information is verified. After the signature information passes the verification, the server can communicate with the first device by adopting the exchange key, namely, the information to be transmitted is encrypted and decrypted by the exchange key during the communication.
If the decrypted signature information is inconsistent with the content of the exchange key, determining that the signature information is not verified, and failing to establish communication connection between the server and the first device.
Based on the trusted verification system shown in fig. 1, in the prior art, the private key of each device is usually stored in the device itself, and when the device is in an unsafe non-trusted environment, the private key stored in the device itself is easily stolen by an attacker. Therefore, in the description, the private key of the non-trusted device is stored in the trusted device, so that the private key is always stored in a safe and trusted environment, the steal of an attacker can be avoided, and the safety of the private key is ensured. In addition, in the process of establishing communication between the first device and the server, the private key of the first device can still be normally adopted to sign the exchange key, and the communication connection between the first device and the server is not affected.
Further, in order to ensure communication security, when the first device and the server are in communication connection, the public key of the server may be used to encrypt the exchange key generated in step S100, the first device may send the encrypted exchange key to the second device, when the second device receives the encrypted exchange key sent by the first device, the second device signs the encrypted exchange key with the stored private key of the first device to obtain signature information, and then the second device may send the signature information to the first device, and the first device may send the encrypted exchange key and the signature information to the server. The server verifies the signature information when receiving the encrypted exchange key and the signature information sent by the first device, after the signature information is verified, the server can decrypt the encrypted exchange key by adopting the private key of the server, and then the first device and the server can communicate by adopting the decrypted exchange key.
The method that the first device obtains the public key of the server may include: the server actively sends the public key of the server to the first device, and may further include: the first device obtains the public key of the server from the certificate authority (Certificate Authority, CA), and in addition, the first device may obtain the public key of the server through other obtaining manners, which is not limited in this specification.
In addition, in order to ensure communication security, during the process of establishing communication connection between the first device and the server, the first device, the server and the second device may verify the identity of the sender before executing each step of the trusted verification method. Specifically, when establishing the communication connection, the first device may first send a connection request for establishing the communication connection to the server, and after receiving the connection request sent by the first device, the server sends the digital certificate of the server to the first device, and at the same time, requests the digital certificate of the first device from the first device. After receiving the digital certificate of the server, the first device may perform authentication on the server according to the digital certificate of the server, and after the authentication of the server passes, execute step S100 to generate the exchange key. Likewise, the first device may send the digital certificate of the first device and the digital certificate of the server to the second device simultaneously when sending the exchange key to the second device.
When the second device receives the digital certificate of the first device, the digital certificate of the server and the exchange key, which are sent by the first device, the second device can perform identity verification on the first device according to the digital certificate of the first device, and perform identity verification on the server according to the digital certificate of the server. After the identity verification of the first device and the server are passed, step S104 is executed, namely, the stored private key of the first device is adopted to sign the exchange key, so as to obtain signature information, and the signature information is sent to the first device. Similarly, the first device may send the digital certificate, the exchange key, and the signature information of the first device to the server together after receiving the signature information sent by the second device.
When the server receives the exchange key, the signature information and the digital certificate of the first device, the server may perform authentication on the first device according to the digital certificate of the first device, and after the authentication of the first device passes, step S110 is performed, that is, the signature information is verified. After the signature information is verified, the server may establish a communication connection with the first device using the exchange key.
It should be noted that, in the process of establishing communication or performing communication with the server, the non-trusted device mounted on the unmanned device may use a private Key of the non-trusted device itself, and may use a user name, a password, an Access Key ID (AK), a secret Access Key (Secret Access Key, SK), and other identity credentials of the non-trusted device itself. In order to avoid that the private key and other identity credentials of the non-trusted device are stolen by an attacker, in this specification the private key and the identity credentials of the non-trusted device may be stored in the trusted device, wherein the trusted device and the non-trusted device are piggybacked on the same unmanned device.
The above-mentioned trust verification method provided for one or more embodiments of the present specification further provides a corresponding trust verification device based on the same thought, as shown in fig. 2.
Fig. 2 is a schematic diagram of a trusted verification device provided in the present specification, specifically including:
a generating module 201, a first sending module 202, wherein:
a generating module 201, configured to generate an exchange key, send the exchange key to the second device, enable the second device to sign the exchange key by using a stored private key of the first device, obtain signature information, and send the signature information to the first device;
And a first sending module 202, configured to send the exchange key and the signature information to the server in response to the received signature information sent by the second device, so that the server verifies the signature information after receiving the exchange key and the signature information, and after the signature information is verified, uses the exchange key to communicate with the first device.
Optionally, the generating module 201 is further configured to receive a public key of the server, and encrypt the exchange key with the received public key of the server; the generating module 201 is specifically configured to send the encrypted exchange key to the second device, so that the second device signs the encrypted exchange key by using the private key of the first device.
Optionally, the generating module 201 is specifically configured to receive a digital certificate of the server, and perform identity verification on the server according to the digital certificate of the server; and generating an exchange key after the identity of the server passes the authentication.
Optionally, the first sending module 202 is specifically configured to send the digital certificate of the first device, the digital certificate of the server, and the exchange key to the second device, so that the second device performs identity verification on the first device according to the digital certificate of the first device, performs identity verification on the server according to the digital certificate of the server, and signs the exchange key by using the stored private key of the first device after the identity verification of the first device and the server is passed.
The above-mentioned trust verification method provided for one or more embodiments of the present disclosure further provides a corresponding trust verification device based on the same concept, as shown in fig. 3.
Fig. 3 is a schematic diagram of a trusted verification device provided in the present specification, specifically including:
a receiving module 301, a second sending module 302, wherein:
a receiving module 301, configured to respond to a received exchange key sent by the first device, and sign the exchange key with a stored private key of the first device to obtain signature information;
and the second sending module 302 is configured to send the signature information to the first device, so that the first device sends the received signature information and the exchange key to a server, so that the server verifies the signature information, and after the signature information is verified, the first device communicates with the first device by using the exchange key.
Optionally, the receiving module 301 is specifically configured to respond to the received digital certificate of the first device, the digital certificate of the server, and the exchange key, and perform identity verification on the first device according to the digital certificate of the first device, and perform identity verification on the server according to the digital certificate of the server; and after the identity verification of the first equipment and the server is passed, adopting a stored private key of the first equipment to sign the exchange key.
The present specification also provides a computer readable storage medium storing a computer program operable to perform the trusted verification method provided in fig. 1 above.
The present specification also provides a schematic structural diagram of the electronic device shown in fig. 4. At the hardware level, the unmanned device includes a processor, an internal bus, a network interface, a memory, and a non-volatile storage, as described in fig. 4, although other hardware required by other services may be included. The processor reads the corresponding computer program from the non-volatile memory into the memory and then runs to implement the trusted verification method described above with respect to fig. 1. Of course, other implementations, such as logic devices or combinations of hardware and software, are not excluded from the present description, that is, the execution subject of the following processing flows is not limited to each logic unit, but may be hardware or logic devices.
In the 90 s of the 20 th century, improvements to one technology could clearly be distinguished as improvements in hardware (e.g., improvements to circuit structures such as diodes, transistors, switches, etc.) or software (improvements to the process flow). However, with the development of technology, many improvements of the current method flows can be regarded as direct improvements of hardware circuit structures. Designers almost always obtain corresponding hardware circuit structures by programming improved method flows into hardware circuits. Therefore, an improvement of a method flow cannot be said to be realized by a hardware entity module. For example, a programmable logic device (Programmable Logic Device, PLD) (e.g., field programmable gate array (Field Programmable Gate Array, FPGA)) is an integrated circuit whose logic function is determined by the programming of the device by a user. A designer programs to "integrate" a digital system onto a PLD without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Moreover, nowadays, instead of manually manufacturing integrated circuit chips, such programming is mostly implemented by using "logic compiler" software, which is similar to the software compiler used in program development and writing, and the original code before the compiling is also written in a specific programming language, which is called hardware description language (Hardware Description Language, HDL), but not just one of the hdds, but a plurality of kinds, such as ABEL (Advanced Boolean Expression Language), AHDL (Altera Hardware Description Language), confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (Java Hardware Description Language), lava, lola, myHDL, PALASM, RHDL (Ruby Hardware Description Language), etc., VHDL (Very-High-Speed Integrated Circuit Hardware Description Language) and Verilog are currently most commonly used. It will also be apparent to those skilled in the art that a hardware circuit implementing the logic method flow can be readily obtained by merely slightly programming the method flow into an integrated circuit using several of the hardware description languages described above.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer readable medium storing computer readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, application specific integrated circuits (Application Specific Integrated Circuit, ASIC), programmable logic controllers, and embedded microcontrollers, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, atmel AT91SAM, microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic of the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller in a pure computer readable program code, it is well possible to implement the same functionality by logically programming the method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers, etc. Such a controller may thus be regarded as a kind of hardware component, and means for performing various functions included therein may also be regarded as structures within the hardware component. Or even means for achieving the various functions may be regarded as either software modules implementing the methods or structures within hardware components.
The system, apparatus, module or unit set forth in the above embodiments may be implemented in particular by a computer chip or entity, or by a product having a certain function. One typical implementation is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being functionally divided into various units, respectively. Of course, the functions of each element may be implemented in one or more software and/or hardware elements when implemented in the present specification.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.
It will be appreciated by those skilled in the art that embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, the present specification may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present description can take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
The description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for system embodiments, since they are substantially similar to method embodiments, the description is relatively simple, as relevant to see a section of the description of method embodiments.
The foregoing is merely exemplary of the present disclosure and is not intended to limit the disclosure. Various modifications and alterations to this specification will become apparent to those skilled in the art. Any modifications, equivalent substitutions, improvements, or the like, which are within the spirit and principles of the present description, are intended to be included within the scope of the claims of the present description.

Claims (15)

1. A trusted verification system for unmanned vehicles, the trusted verification system comprising: a server, an unmanned device; the unmanned device is provided with a first device and a second device; the first device is an untrusted device, and the second device is a trusted device; the private key of the first device is stored in the second device;
the first device is configured to generate an exchange key, and send the exchange key to the second device; after receiving the signature information sent by the second device, sending the exchange key and the signature information to the server;
The second device is configured to, when receiving the exchange key sent by the first device, sign the exchange key with a stored private key of the first device to obtain signature information, and send the signature information to the first device;
the server is used for verifying the signature information when receiving the exchange key and the signature information sent by the first device; and after the signature information passes verification, the exchange key is used for communication with the first device.
2. The trust verification system of claim 1, wherein the server is further configured to send a public key of the server to the first device when establishing a communication connection with the first device;
the first device is configured to encrypt an exchange key by using the received public key of the server, and send the encrypted exchange key to the second device;
and the second device is used for signing the encrypted exchange key by adopting the stored private key of the first device to obtain signature information.
3. The trust verification system of claim 2, wherein the server is configured to verify the signature information upon receipt of the encrypted exchange key and the signature information sent by the first device; after the signature information passes verification, the encrypted exchange key is decrypted by adopting the private key of the server, and the decrypted exchange key is used for communicating with the first device.
4. The trust verification system of claim 1, wherein the server is further configured to send a digital certificate of the server to the first device;
the first device is configured to perform authentication on the server according to the digital certificate of the server when the received digital certificate of the server, and generate an exchange key after the authentication of the server passes.
5. The trust verification system of claim 1, wherein the first device is to send a digital certificate of the first device, a digital certificate of the server, and the exchange key to the second device;
the second device is configured to perform identity verification on the first device according to the digital certificate of the first device, and perform identity verification on the server according to the digital certificate of the server; after the identity of the first device and the server pass, encrypting the exchange key by adopting a stored private key of the first device.
6. The trusted verification method is characterized in that unmanned equipment is loaded with first equipment and second equipment; the first device is an untrusted device, the second device is a trusted device, and a private key of the first device is stored in the second device; the method is for a first device, the method comprising:
Generating an exchange key, sending the exchange key to the second device, enabling the second device to sign the exchange key by adopting a stored private key of the first device to obtain signature information, and sending the signature information to the first device;
and responding to the received signature information sent by the second equipment, sending the exchange key and the signature information to a server, enabling the server to verify the signature information after receiving the exchange key and the signature information, and adopting the exchange key to communicate with the first equipment after the signature information is verified.
7. The method of claim 6, wherein prior to sending the exchange key to the second device, the method further comprises:
receiving the public key of the server, and encrypting the exchange key by adopting the received public key of the server;
the method for transmitting the exchange key to the second device specifically comprises the following steps:
and sending the encrypted exchange key to the second device, so that the second device signs the encrypted exchange key by adopting the private key of the first device.
8. The method of claim 6, wherein generating the exchange key comprises:
receiving a digital certificate of the server, and carrying out identity verification on the server according to the digital certificate of the server;
and generating an exchange key after the identity of the server passes the authentication.
9. The method of claim 6, wherein sending the exchange key to the second device comprises:
and sending the digital certificate of the first device, the digital certificate of the server and the exchange key to the second device, so that the second device performs identity verification on the first device according to the digital certificate of the first device, performs identity verification on the server according to the digital certificate of the server, and signs the exchange key by adopting a stored private key of the first device after the identity verification of the first device and the server is passed.
10. The trusted verification method is characterized in that unmanned equipment is loaded with first equipment and second equipment; the first device is an untrusted device, the second device is a trusted device, and a private key of the first device is stored in the second device; the method is for a second device, the method comprising:
Responding to the received exchange key sent by the first equipment, and signing the exchange key by adopting a stored private key of the first equipment to obtain signature information;
and sending the signature information to the first device, so that the first device sends the received signature information and the exchange key to a server, the server can verify the signature information, and after the signature information is verified, the first device communicates with the exchange key.
11. The method of claim 10, wherein signing the exchange key with the stored private key of the first device in response to receiving the exchange key sent by the first device, comprises:
responding to the received digital certificate of the first device, the digital certificate of the server and the exchange key, and carrying out identity verification on the first device according to the digital certificate of the first device and carrying out identity verification on the server according to the digital certificate of the server;
and after the identity verification of the first equipment and the server is passed, adopting a stored private key of the first equipment to sign the exchange key.
12. A trusted verification apparatus for an unmanned device, wherein the unmanned device is equipped with a first device and a second device, the first device is an untrusted device, the second device is a trusted device, a private key of the first device is stored in the second device, the apparatus is for the first device, the trusted verification apparatus comprising:
the generation module is used for generating an exchange key, sending the exchange key to the second equipment, enabling the second equipment to sign the exchange key by adopting the stored private key of the first equipment to obtain signature information, and sending the signature information to the first equipment;
and the first sending module is used for responding to the received signature information sent by the second equipment, sending the exchange key and the signature information to a server, enabling the server to verify the signature information after receiving the exchange key and the signature information, and adopting the exchange key to communicate with the first equipment after the signature information is verified.
13. A trusted verification apparatus for an unmanned device, wherein the unmanned device is equipped with a first device and a second device, the first device is an untrusted device, the second device is a trusted device, a private key of the first device is stored in the second device, the apparatus is for the second device, the trusted verification apparatus comprising:
The receiving module is used for responding to the received exchange key sent by the first equipment, adopting the stored private key of the first equipment and signing the exchange key to obtain signature information;
and the second sending module is used for sending the signature information to the first equipment, so that the first equipment sends the received signature information and the exchange key to a server, the server can verify the signature information, and after the signature information is verified, the first equipment is communicated with the exchange key.
14. A computer readable storage medium, characterized in that the storage medium stores a computer program which, when executed by a processor, implements the method of any of the preceding claims 6-11.
15. An unmanned device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any of the preceding claims 6-11 when executing the program.
CN202210026527.6A 2022-01-11 2022-01-11 Trusted verification system, trusted verification device, trusted verification storage medium and electronic equipment Active CN114553428B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210026527.6A CN114553428B (en) 2022-01-11 2022-01-11 Trusted verification system, trusted verification device, trusted verification storage medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210026527.6A CN114553428B (en) 2022-01-11 2022-01-11 Trusted verification system, trusted verification device, trusted verification storage medium and electronic equipment

Publications (2)

Publication Number Publication Date
CN114553428A CN114553428A (en) 2022-05-27
CN114553428B true CN114553428B (en) 2023-09-22

Family

ID=81669002

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210026527.6A Active CN114553428B (en) 2022-01-11 2022-01-11 Trusted verification system, trusted verification device, trusted verification storage medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN114553428B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009051471A2 (en) * 2007-09-20 2009-04-23 Mimos Berhad Trusted computer platform method and system without trust credential
CN102428675A (en) * 2009-05-20 2012-04-25 微软公司 Portable secure computing network
CN105450406A (en) * 2014-07-25 2016-03-30 华为技术有限公司 Data processing method and device

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8499154B2 (en) * 2009-01-27 2013-07-30 GM Global Technology Operations LLC System and method for establishing a secure connection with a mobile device
WO2020051226A1 (en) * 2018-09-05 2020-03-12 Whitefox Defense Technologies, Inc. Integrated secure device manager systems and methods for cyber-physical vehicles
US11012241B2 (en) * 2018-09-10 2021-05-18 Dell Products L.P. Information handling system entitlement validation

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009051471A2 (en) * 2007-09-20 2009-04-23 Mimos Berhad Trusted computer platform method and system without trust credential
CN102428675A (en) * 2009-05-20 2012-04-25 微软公司 Portable secure computing network
CN105450406A (en) * 2014-07-25 2016-03-30 华为技术有限公司 Data processing method and device

Also Published As

Publication number Publication date
CN114553428A (en) 2022-05-27

Similar Documents

Publication Publication Date Title
CN111680305B (en) Data processing method, device and equipment based on block chain
CN110222531B (en) Method, system and equipment for accessing database
CN111683103B (en) Information interaction method and device
CN112714117B (en) Service processing method, device, equipment and system
US20200104528A1 (en) Data processing method, device and system
KR20200013057A (en) Service Authorization Method, Apparatus, and Device
KR101745843B1 (en) Methods and devices for protecting private data
CN109450620B (en) Method for sharing security application in mobile terminal and mobile terminal
EP3885954B1 (en) Security reinforcement architecture, encryption and decryption method, car networking terminal, and vehicle
CN109560933B (en) Authentication method and system based on digital certificate, storage medium and electronic equipment
CN114629639A (en) Key management method and device based on trusted execution environment and electronic equipment
CN113704826A (en) Privacy protection-based business risk detection method, device and equipment
US11520859B2 (en) Display of protected content using trusted execution environment
CN109960935B (en) Method, device and storage medium for determining trusted state of TPM (trusted platform Module)
CN113438205A (en) Block chain data access control method, node and system
CN113724482B (en) Radio frequency remote control method and device, storage medium and electronic equipment
CN114553428B (en) Trusted verification system, trusted verification device, trusted verification storage medium and electronic equipment
CN115603943A (en) Method and device for off-line identity authentication, storage medium and electronic equipment
CN114301606B (en) Unmanned equipment key management system, method, device, equipment and storage medium
CN115967905A (en) Data transmission system and method
CN114338197B (en) Vehicle and remote cabin connection authentication method, device, system and readable storage medium
CN117439781A (en) Identity authentication method, device and storage medium
CN115733672A (en) Data processing method, device and equipment
CN117349856A (en) Data circulation method and device, storage medium and electronic equipment
CN117436875A (en) Service execution method and device, storage medium and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant