CN116722985A - Sensitive data protection method and system - Google Patents
Sensitive data protection method and system Download PDFInfo
- Publication number
- CN116722985A CN116722985A CN202310610011.0A CN202310610011A CN116722985A CN 116722985 A CN116722985 A CN 116722985A CN 202310610011 A CN202310610011 A CN 202310610011A CN 116722985 A CN116722985 A CN 116722985A
- Authority
- CN
- China
- Prior art keywords
- sensitive data
- key
- encryption
- ota
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 52
- 238000004806 packaging method and process Methods 0.000 claims description 3
- 230000001172 regenerating effect Effects 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 abstract description 5
- 230000002085 persistent effect Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000001133 acceleration Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000003111 delayed effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012856 packing Methods 0.000 description 1
- 230000002688 persistence Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a sensitive data protection method and a system, which generate an encryption public key through a security module; transmitting the encryption public key to a key server to encrypt an encryption key of sensitive data by the key server by using the encryption public key to obtain a key ciphertext, wherein the encryption key of the sensitive data is used for encrypting the sensitive data in the OTA server; the encrypted sensitive data sent by the OTA server and the secret key ciphertext sent by the secret key server are received and stored, so that the safe transmission and storage of the sensitive data can be realized, the potential safety hazard of the data caused by OTA upgrading is eliminated, the target machine deployed by the OTA has decryption capability, the decryption secret key is not required to be acquired through a network, the encryption and decryption cost of the data is reduced, and the smooth completion of encryption and decryption operations of the sensitive data is ensured.
Description
Technical Field
The present invention relates to the field of data security technologies, and in particular, to a method and system for protecting sensitive data.
Background
OTA is an Over The Air technology (Over The Air), which is a technology for realizing remote management of mobile terminal equipment and SIM card data through an Air interface of mobile communication, and OTA upgrading is an update (such as problem repair, version update, etc.) required by equipment downloading and upgrading through a wireless network, and can be directly downloaded and upgraded through a wireless environment without downloading and upgrading through wired connection. The operating system, the application program and the configuration file of the computer system are updated through OTA, which is an effective means for upgrading the current system, greatly improves the after-sale efficiency and also ensures the safety and the functional freshness of the computer system. Particularly, in the on-vehicle computer system, it has become an indispensable development requirement of the current on-vehicle intelligent controller such as an automatic driving controller, a multimedia controller and the like.
Because the autopilot data contains a configuration file of password information, such as a password of an sftp server used for accessing the T-box by the autopilot controller or a login password of an operating system of the auxiliary CPU accessed by an operating system of the main CPU; there are also profiles that require strict assurance of data integrity and authenticability at the time of use, such as calibration information for the vehicle. Hereinafter, collectively referred to as secret information. When the OTA is required to be upgraded, if the secret information is added into an OTA packet in a plaintext form, the secret information also exists in the plaintext form at an OTA deployment end after the OTA is upgraded, and the secret information becomes a potential safety hazard. In the related art, for this case, a method of adding secret information to an OTA packet in a ciphertext manner is adopted, and after the OTA is deployed on the target machine, the file still exists in the ciphertext form. At this time, there are two existing forms of decryption keys, one is stored in the general external memory of the target machine, so that the secret information equivalent to encryption is stored in plain text. The other is stored in a network server, and a decryption key is required to be acquired through a network during each decryption, so that network delay is caused, the use cost is high, and the decryption operation cannot be performed without a network.
Disclosure of Invention
The invention provides a sensitive data protection method and a sensitive data protection system, which are used for solving the defects that the transmission and storage of sensitive data in the traditional technology have potential safety hazards or decryption operation is delayed and even can not be executed.
The invention provides a sensitive data protection method, which is applied to an OTA deployment terminal, wherein the OTA deployment terminal comprises a security module, and the method comprises the following steps:
generating an encrypted public key through a security module;
the encryption public key is sent to a secret key server, so that the secret key server encrypts an encryption secret key of sensitive data by using the encryption public key to obtain a secret key ciphertext, and the encryption secret key of the sensitive data is used for encrypting the sensitive data in an OTA server;
and receiving and storing the encrypted sensitive data sent by the OTA server and the key ciphertext sent by the key server.
The sensitive data protection method provided by the invention further comprises the following steps:
generating a decryption private key corresponding to the encryption public key through a security module;
decrypting the key ciphertext through the decryption private key to obtain an encryption key of the sensitive data;
and decrypting the encrypted sensitive data through the encryption key of the sensitive data to obtain decrypted sensitive data.
According to the sensitive data protection method provided by the invention, the security module is a trusted platform module or a hardware security module.
According to the method for protecting sensitive data provided by the invention, the encryption of the sensitive data in the OTA server comprises the following steps: encrypting the sensitive data in the OTA server by using a symmetric encryption algorithm;
the encrypting the encryption key of the sensitive data comprises: the encryption key for the sensitive data is encrypted using an asymmetric encryption algorithm.
The invention also provides a sensitive data protection method which is applied to the OTA server and comprises the following steps:
obtaining an encryption key of the sensitive data from a key server;
encrypting the sensitive data by using the encryption key of the sensitive data to obtain encrypted sensitive data;
and sending the encrypted sensitive data to an OTA deployment end.
According to the method for protecting sensitive data provided by the invention, the sensitive data comprises a configuration file, and sending the encrypted sensitive data to an OTA deployment end comprises the following steps:
the sensitive data execute code compiling on the source code corresponding to the configuration file to generate an executable file;
and packaging the executable file and the encrypted configuration file into an OTA data packet and sending the OTA data packet to an OTA deployment end.
The invention also provides a sensitive data protection method, which is applied to the key server and comprises the following steps:
generating an encryption key of the sensitive data, wherein the encryption key of the sensitive data is used for encrypting the sensitive data in the OTA server;
receiving an encryption public key sent by an OTA deployment end, and encrypting an encryption key of sensitive data by using the encryption public key to obtain a key ciphertext;
and sending the secret key ciphertext to an OTA deployment end.
The sensitive data protection method provided by the invention further comprises the following steps:
regenerating an updated encryption key of the sensitive data when the encryption key is invalid or leaked, wherein the updated encryption key is used for re-encrypting the sensitive data in the OTA server;
re-encrypting the updated encryption key of the sensitive data by using the encryption public key to obtain updated key ciphertext;
and sending the updating key ciphertext to the OTA deployment end. The invention also provides a sensitive data protection system, comprising:
OTA deployment end, OTA server and key server;
the OTA deployment end comprises a security module and is used for generating an encryption public key through the security module; transmitting the encrypted public key to a key server;
the key server is used for encrypting the encryption key of the sensitive data by using the encryption public key to obtain a key ciphertext;
the OTA server is used for encrypting the sensitive data by using an encryption key of the sensitive data;
the OTA deployment end is used for receiving and storing the encrypted sensitive data and the key ciphertext sent by the key server.
According to the sensitive data protection system provided by the invention, the OTA deployment end is an automatic driving controller.
The invention provides a sensitive data protection method and a system, wherein the sensitive data protection method comprises the steps of generating an encryption public key through a security module; transmitting the encryption public key to a key server to encrypt an encryption key of sensitive data by the key server by using the encryption public key to obtain a key ciphertext, wherein the encryption key of the sensitive data is used for encrypting the sensitive data in the OTA server; the encrypted sensitive data sent by the OTA server and the secret key ciphertext sent by the secret key server are received, so that the encrypted sensitive data and secret key ciphertext are stored in a common nonvolatile memory of an OTA deployment end, the safe storage of the sensitive data can be realized, the potential safety hazard caused by the fact that the sensitive data are not encrypted after OTA upgrading does not exist, the target machine deployed by the OTA has the capability of storing the sensitive data permanently and safely, and the decryption secret key is not required to be acquired through a network each time.
Drawings
In order to more clearly illustrate the invention or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are some embodiments of the invention, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic flow chart of a method for protecting sensitive data according to the present invention;
FIG. 2 is a second flow chart of the sensitive data protection method according to the present invention;
fig. 3 is a comparison chart of a conventional OTA packet generation flow provided by the present invention and an OTA packet generation flow provided by an embodiment of the present invention;
FIG. 4 is a third flow chart of the sensitive data protection method according to the present invention;
FIG. 5 is a flow chart of a method for protecting sensitive data according to the present invention;
FIG. 6 is a functional block diagram of a sensitive data protection system provided by the present invention;
fig. 7 is a schematic structural diagram of an OTA deployment end provided by the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Fig. 1 is a flowchart of a method for protecting sensitive data according to an embodiment of the present invention, where, as shown in fig. 1, the method for protecting sensitive data according to an embodiment of the present invention is applied to an OTA deployment terminal, and the OTA deployment terminal includes a security module, where the method includes:
step 101, generating an encryption public key through a security module; step 102, sending the encrypted public key to a key server to encrypt the encrypted key of the sensitive data by the key server by using the encrypted public key to obtain a key ciphertext, wherein the encrypted key of the sensitive data is used for encrypting the sensitive data in the OTA server;
in the embodiment of the invention, the sensitive data include, but are not limited to, automatic driving data, cabin control data and the like, and it is to be noted that the sensitive data in the invention can be vehicle-mounted data or sensitive data in a mobile phone or a computer, and the invention does not limit the source of the sensitive data.
In the embodiment of the invention, the key server further comprises verifying the encryption public key before encrypting the encryption key of the sensitive data, and the key server can encrypt the encryption key by using the encryption public key to obtain the key ciphertext under the condition of ensuring that the encryption public key is complete and the encryption public key is from a true trusted platform module or a hardware security module arranged on an OTA deployment end.
Step 103, receiving and storing the encrypted sensitive data sent by the OTA server and the key ciphertext sent by the key server.
In the embodiment of the invention, the target machine deployed by the OTA comprises a persistent storage device, the encrypted sensitive data and the secret key ciphertext are stored on the persistent storage device, and the data still exist after power failure, so that the safe and persistent storage of the sensitive data is realized.
When the OTA is required to be upgraded, if the secret information is added into an OTA packet in a plaintext form, the secret information also exists in the plaintext form at an OTA deployment end after the OTA is upgraded, and the secret information becomes a potential safety hazard. The traditional sensitive data protection method is to add secret information to an OTA packet in a ciphertext mode, and after the OTA is deployed on a target machine, the file still exists in the ciphertext mode. At this point, there are two forms of decryption keys, one of which is stored on the target machine, so that the secret information equivalent to encryption is stored in plain text. The other is stored in a network server, and a decryption key is required to be acquired through a network during each decryption, so that network delay is caused, the use cost is high, and the decryption operation cannot be performed without a network.
The sensitive data protection method provided by the embodiment of the invention generates an encryption public key through the security module; transmitting the encryption public key to a key server to encrypt an encryption key of sensitive data by the key server by using the encryption public key to obtain a key ciphertext, wherein the encryption key of the sensitive data is used for encrypting the sensitive data in the OTA server; the encrypted sensitive data sent by the OTA server and the secret key ciphertext sent by the secret key server are received, so that the encrypted sensitive data and secret key ciphertext are stored in a common nonvolatile memory of an OTA deployment end, the safe storage of the sensitive data can be realized, the potential safety hazard caused by the fact that the sensitive data are not encrypted after OTA upgrading does not exist, the target machine deployed by the OTA has the capability of storing the sensitive data permanently and safely, and the decryption secret key is not required to be acquired through a network each time.
Based on any of the above embodiments, in an embodiment of the present invention, encrypting the sensitive data in the OTA server includes: sensitive data in the OTA server is encrypted using a symmetric encryption algorithm.
Sensitive data such as account passwords, company secret information, vehicle calibration data and the like are objects for encryption operation of encryption keys, and the data security can be improved by using the symmetric encryption algorithm to carry out the encryption operation on the sensitive data. In an embodiment of the present invention, encrypting an encryption key for sensitive data includes: the encryption key for the sensitive data is encrypted using an asymmetric encryption algorithm.
The keys used for encryption and decryption in the asymmetric encryption algorithm are different. The encrypted secret key is a public key and can be disclosed; the decrypted key is a private key, and the confidentiality must be ensured. In order to prevent a file containing secret information from being in a plaintext form from being stored in an OTA packet or a deployment end after OTA upgrading, a decryption key of encrypted data cannot be stored in the same device as the encrypted file in the plaintext form, so that the embodiment of the invention stores the encryption key of sensitive data in a persistent storage device after being encrypted by a public key part of an asymmetric encryption algorithm, a network is not required to be accessed when data decryption operation is carried out, the encryption and decryption cost of the data is reduced, and decryption abnormal conditions caused by network delay do not exist.
In the embodiment of the invention, the sensitive data protection method further comprises the following steps:
generating a decryption private key corresponding to the encryption public key through a security module;
decrypting the key ciphertext through the decryption private key to obtain an encryption key of the sensitive data;
in the embodiment of the invention, the security module generates an encryption public key and a corresponding decryption private key; the decryption private key is stored in the security module and is not read or left in any form of plaintext.
And decrypting the encrypted sensitive data through an encryption key of the sensitive data to obtain decrypted sensitive data.
In some systems with certain security considerations, the decryption key may be pre-injected into the protected storage area of the security module of the target machine on the production line. Thus, although confidentiality and offline decryption can be obtained, when a decryption key is invalid or leaked and needs to be updated, the updating cost of the key is high, and the key cannot be completed in time generally.
In the embodiment of the invention, the sensitive data protection method further comprises the following steps:
when the encryption key is invalid or leaked, the encryption key server uses the encryption public key to re-encrypt the update encryption key of the sensitive data to obtain update key ciphertext;
an updated key ciphertext is received and stored.
When the encryption key is invalid or leaked, the embodiment of the invention can update the encryption key and acquire the re-encrypted sensitive data through OTA with high efficiency, thereby further ensuring the security of the sensitive data.
In the embodiment of the invention, the security module is a trusted platform module or a hardware security module. The trusted platform module is, for example, a TPM (Trusted Platform Module ), the hardware security module is, for example, an HSM (Hardware Secure Module, hardware security module), the security module can be realized in a physical hardware mode, and the security module can also be a virtual hardware security module (vHSM) which can realize equivalent logic through software, runs on a general processor or on a co-processor with an encryption algorithm hardware acceleration function, and is used for generating, permanently and safely storing, and asymmetrically algorithm private keys; the private key part does not leave in the life cycle of the security module or is read out of the security module in a plaintext manner; the corresponding public key part can be read through a software interface provided by the security module; the security module provides a software interface and is also used for reading in the data encrypted by the public key, calling the private key internally to execute decryption operation, and outputting the decrypted data through the security module.
As shown in fig. 2, an embodiment of the present invention provides a method for protecting sensitive data, which is applied to an OTA server, and includes:
step 201, obtaining an encryption key of sensitive data from a key server;
step 202, encrypting the sensitive data by using an encryption key of the sensitive data to obtain encrypted sensitive data;
in the embodiment of the invention, if the encryption key is invalid or leaked, the key server regenerates the update encryption key of the sensitive data, and the OTA server acquires the update encryption key of the sensitive data from the key server; and re-encrypting the sensitive data by using the updated encryption key of the sensitive data to obtain encrypted sensitive data.
And 203, sending the encrypted sensitive data to an OTA deployment end.
In the embodiment of the present invention, the sending of the encrypted sensitive data to the OTA deployment end includes:
the sensitive data execute code compiling on the source code corresponding to the configuration file to generate an executable file;
and packaging the executable file and the encrypted configuration file into an OTA data packet and sending the OTA data packet to an OTA deployment end.
In the embodiment of the invention, the data transmission can be facilitated through the packing operation.
As shown in FIG. 3, in the conventional OTA packet generation flow, since all data is not encrypted, sensitive data such as account passwords, company secret information, vehicle calibration information and the like are transmitted and stored in a plaintext form, so that potential safety hazards are brought.
According to the sensitive data protection method provided by the embodiment of the invention, the sensitive data is classified into the conventional information and the secret information, and the secret data is encrypted and then packaged to generate the OTA packet, so that the sensitive data can be prevented from being leaked, and the security of the sensitive data can be improved.
In the embodiment of the invention, when the OTA server needs to process the file containing the secret information, the OTA server can acquire the encryption key from the key server and encrypt the secret file, and the OTA server discards the encryption key after encrypting the secret file and does not perform persistence storage.
As shown in fig. 4, an embodiment of the present invention provides a method for protecting sensitive data, which is applied to a key server, and includes:
step 401, generating an encryption key of sensitive data, where the encryption key of sensitive data is used to encrypt the sensitive data in the OTA server;
step 402, receiving an encryption public key sent by an OTA deployment end, and encrypting an encryption key of sensitive data by using the encryption public key to obtain a key ciphertext;
in the embodiment of the invention, the key server further comprises verifying the encryption public key before encrypting the encryption key of the sensitive data, and the key server can encrypt the encryption key by using the encryption public key to obtain the key ciphertext under the condition of ensuring that the encryption public key is complete and the encryption public key is from a true trusted platform module or a hardware security module arranged on an OTA deployment end.
Step 403, the key ciphertext is sent to the OTA deployment end.
In an embodiment of the present invention, the key server generates and securely stores a symmetric key (encryption/decryption secret) that is used to encrypt a file containing secret information in an OTA packet. And providing a software interface for receiving and processing the key acquisition request of the OTA server and the key acquisition request of the OTA deployment end.
In the embodiment of the invention, the sensitive data protection method further comprises the following steps:
when the encryption key is invalid or leaked, regenerating an updated encryption key of the sensitive data, wherein the updated encryption key is used for re-encrypting the sensitive data in the OTA server;
re-encrypting the update encryption key of the sensitive data by using the encryption public key to obtain an update key ciphertext;
and sending the updated key ciphertext to the OTA deployment end.
When the encryption key is invalid or leaked, the embodiment of the invention can update the encryption key and acquire the re-encrypted sensitive data through OTA with high efficiency, thereby further ensuring the security of the sensitive data.
As shown in fig. 5, an embodiment of the present invention provides a method for protecting sensitive data, where the overall flow includes:
step 501, an OTA server obtains an encryption key in a key server, and encrypts a secret file containing sensitive data by using the encryption key; the OTA server packages the compiled common file, the common data and the encrypted sensitive data to obtain an OTA upgrade package, and deploys the OTA upgrade package into the target equipment;
step 502, the target device reads the public key of the security module and sends the public key to the key server;
step 503, the key server encrypts the encryption key by using the received public key, and sends the key ciphertext to the target device;
step 504, the security module in the target device decrypts the encryption key, and decrypts the security file deployed in the OTA packet using the encryption key.
The sensitive data protection device provided by the invention is described below, and the sensitive data protection device described below and the sensitive data protection method described above can be referred to correspondingly.
The sensitive data protection device provided by the embodiment of the invention is applied to an OTA deployment end and comprises the following components:
the first generation module is used for generating an encryption public key through the security module;
the first sending module is used for sending the encrypted public key to the key server so as to encrypt the encrypted secret key of the sensitive data by using the encrypted public key through the key server to obtain a secret key ciphertext, wherein the encrypted secret key of the sensitive data is used for encrypting the sensitive data in the OTA server;
and the storage module is used for receiving and storing the encrypted sensitive data sent by the OTA server and the key ciphertext sent by the key server.
In some embodiments of the present invention, the sensitive data protection apparatus further comprises:
the first decryption module is used for decrypting the key ciphertext through the security module to obtain an encryption key of the sensitive data;
the second decryption module is used for decrypting the encrypted sensitive data through the encryption key of the sensitive data to obtain a sensitive data plaintext.
In the embodiment of the invention, the security module is a trusted platform module or a hardware security module.
The sensitive data protection device provided by the embodiment of the invention generates an encryption public key through the security module; transmitting the encryption public key to a key server to encrypt an encryption key of sensitive data by the key server by using the encryption public key to obtain a key ciphertext, wherein the encryption key of the sensitive data is used for encrypting the sensitive data in the OTA server; the method comprises the steps of receiving encrypted sensitive data sent by an OTA server and a secret key ciphertext sent by a secret key server, and storing the encrypted sensitive data and the secret key ciphertext into a persistent storage device to realize safe storage of the sensitive data, wherein potential safety hazards caused by no encryption of the sensitive data after OTA upgrading do not exist, so that an OTA deployed target machine has the capability of persistently and safely storing the sensitive data, and decryption secret keys are not required to be acquired through a network each time.
The embodiment of the invention also provides a sensitive data protection device which is applied to the OTA server and comprises:
the acquisition module is used for acquiring an encryption key of the sensitive data from the key server;
the first encryption module is used for encrypting the sensitive data by using an encryption key of the sensitive data to obtain encrypted sensitive data;
and the second sending module is used for sending the encrypted sensitive data to the OTA deployment end.
The sensitive data protection device provided by the embodiment of the invention acquires the encryption key of the sensitive data from the key server; encrypting the sensitive data by using the encryption key of the sensitive data to obtain encrypted sensitive data; the encrypted sensitive data is sent to the OTA deployment end, so that safe transmission and persistent storage of the sensitive data can be realized, and potential safety hazards of data caused by OTA upgrading are eliminated.
The embodiment of the invention also provides a sensitive data protection device which is applied to the key server and comprises:
the second generation module is used for generating an encryption key of the sensitive data, wherein the encryption key of the sensitive data is used for encrypting the sensitive data in the OTA server;
the receiving module is used for receiving the encryption public key sent by the OTA deployment end, and encrypting the encryption key of the sensitive data by using the encryption public key to obtain a key ciphertext;
and the third sending module is used for sending the secret key ciphertext to the OTA deployment end.
The sensitive data protection device provided by the embodiment of the invention generates the encryption key of the sensitive data, which is used for encrypting the sensitive data in the OTA server; receiving an encryption public key sent by an OTA deployment end, and encrypting an encryption key of sensitive data by using the encryption public key to obtain a key ciphertext; the key ciphertext is sent to the OTA deployment end, so that the safe transmission and storage of the sensitive data can be realized, and the potential safety hazard of the data caused by OTA upgrading is eliminated.
Fig. 6 is a functional block diagram of a sensitive data protection system according to an embodiment of the present invention, where, as shown in fig. 6, the sensitive data protection system according to the embodiment of the present invention includes:
OTA deployment end, OTA server and key server;
the OTA deployment end comprises a security module, and an encryption public key is generated through the security module; transmitting the encrypted public key to a key server;
the key server is used for encrypting the encryption key of the sensitive data by using the encryption public key to obtain a key ciphertext;
the OTA server is used for encrypting the sensitive data in the OTA server by using an encryption key of the sensitive data;
the OTA deployment end is used for receiving and storing the encrypted sensitive data and the key ciphertext sent by the key server.
In the embodiment of the invention, the OTA server and the secret key server are trusted areas, the OTA deployment end is an untrusted area, but a security module in the OTA deployment end is a trusted area, the security module simultaneously generates an encrypted public key and a private key corresponding to the public key, and the encrypted public key is sent to the secret key server by the OTA deployment end so as to encrypt the encrypted secret key generated by the secret key server according to the encrypted public key to obtain a secret key ciphertext.
The encryption key generated by the key server is required to meet the requirement of a symmetric encryption algorithm, and the key server sends the encryption key to the OTA server after receiving the key request sent by the OTA server.
The OTA server encrypts the secret information by using the encryption key, packages the secret information into an OTA packet and sends the OTA packet to the OTA deployment end, and the OTA deployment end stores the secret information encrypted by the encryption key and the encryption key/decryption key encrypted by the encryption public key (the encryption key is the same as the decryption key in the symmetric encryption algorithm).
When the OTA deployment end decrypts the data, the encryption key is decrypted through the private key corresponding to the public key in the security module, and the encryption key is used for decrypting the plaintext data of the secret information.
In the embodiment of the invention, the OTA deployment end is an automatic driving controller.
The sensitive data protection system provided by the embodiment of the invention generates an encryption public key through the security module; transmitting the encryption public key to a key server to encrypt an encryption key of sensitive data by the key server by using the encryption public key to obtain a key ciphertext, wherein the encryption key of the sensitive data is used for encrypting the sensitive data in the OTA server; the encrypted sensitive data sent by the OTA server and the secret key ciphertext sent by the secret key server are received, so that the encrypted sensitive data and secret key ciphertext are stored in a common nonvolatile memory of an OTA deployment end, the safe storage of the sensitive data can be realized, the potential safety hazard caused by the fact that the sensitive data are not encrypted after OTA upgrading does not exist, the target machine deployed by the OTA has the capability of storing the sensitive data permanently and safely, and the decryption secret key is not required to be acquired through a network each time.
Fig. 7 illustrates an entity structure diagram of an OTA deployment end, i.e. a target device, as shown in fig. 7, where the electronic device may include: processor 710, communication interface (Communications Interface) 720, memory 730, and communication bus 740, wherein processor 710, communication interface 720, memory 730 communicate with each other via communication bus 740. Processor 710 may invoke logic instructions in memory 730 to perform a sensitive data protection method comprising: generating an encrypted public key through a security module; transmitting the encryption public key to a key server to encrypt an encryption key of sensitive data by the key server by using the encryption public key to obtain a key ciphertext, wherein the encryption key of the sensitive data is used for encrypting the sensitive data in the OTA server; and receiving and storing the encrypted sensitive data sent by the OTA server and the key ciphertext sent by the key server.
Further, the logic instructions in the memory 730 described above may be implemented in the form of software functional units and may be stored in a computer readable storage medium when sold or used as a stand alone product. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
In another aspect, the present invention also provides a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, is implemented to perform the method of protecting sensitive data provided by the above methods, the method comprising: generating an encrypted public key through a security module; transmitting the encryption public key to a key server to encrypt an encryption key of sensitive data by the key server by using the encryption public key to obtain a key ciphertext, wherein the encryption key of the sensitive data is used for encrypting the sensitive data in the OTA server; receiving and storing encrypted sensitive data sent by an OTA server and a key ciphertext sent by a key server;
and/or the number of the groups of groups,
obtaining an encryption key of the sensitive data from a key server;
encrypting the sensitive data by using an encryption key of the sensitive data to obtain encrypted sensitive data;
and sending the encrypted sensitive data to an OTA deployment end.
And/or the number of the groups of groups,
generating an encryption key of the sensitive data, wherein the encryption key of the sensitive data is used for encrypting the sensitive data in the OTA server;
receiving an encryption public key sent by an OTA deployment end, and encrypting an encryption key of sensitive data by using the encryption public key to obtain a key ciphertext;
and sending the key ciphertext to the OTA deployment end.
The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
From the above description of the embodiments, it will be apparent to those skilled in the art that the embodiments may be implemented by means of software plus necessary general hardware platforms, or of course may be implemented by means of hardware. Based on this understanding, the foregoing technical solution may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as ROM/RAM, a magnetic disk, an optical disk, etc., including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method described in the respective embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (10)
1. The method is characterized in that the method is applied to an OTA deployment terminal, the OTA deployment terminal comprises a security module, and the method comprises the following steps:
generating an encrypted public key through a security module;
the encryption public key is sent to a secret key server, so that the secret key server encrypts an encryption secret key of sensitive data by using the encryption public key to obtain a secret key ciphertext, and the encryption secret key of the sensitive data is used for encrypting the sensitive data in an OTA server;
and receiving and storing the encrypted sensitive data sent by the OTA server and the key ciphertext sent by the key server.
2. The method of claim 1, further comprising:
generating a decryption private key corresponding to the encryption public key through a security module;
decrypting the key ciphertext through the decryption private key to obtain an encryption key of the sensitive data;
and decrypting the encrypted sensitive data through the encryption key of the sensitive data to obtain decrypted sensitive data.
3. The method of claim 1 or 2, wherein the security module is a trusted platform module or a hardware security module.
4. The method for protecting sensitive data according to claim 1 or 2, wherein encrypting the sensitive data in the OTA server comprises: encrypting the sensitive data in the OTA server by using a symmetric encryption algorithm;
the encrypting the encryption key of the sensitive data comprises: the encryption key for the sensitive data is encrypted using an asymmetric encryption algorithm.
5. A method for protecting sensitive data, applied to an OTA server, comprising:
obtaining an encryption key of the sensitive data from a key server;
encrypting the sensitive data by using the encryption key of the sensitive data to obtain encrypted sensitive data;
and sending the encrypted sensitive data to an OTA deployment end.
6. The method of claim 5, wherein the sensitive data comprises a configuration file, and sending the encrypted sensitive data to the OTA deployment end comprises:
the sensitive data execute code compiling on the source code corresponding to the configuration file to generate an executable file;
and packaging the executable file and the encrypted configuration file into an OTA data packet and sending the OTA data packet to an OTA deployment end.
7. A method of sensitive data protection, applied to a key server, comprising:
generating an encryption key of the sensitive data, wherein the encryption key of the sensitive data is used for encrypting the sensitive data in the OTA server;
receiving an encryption public key sent by an OTA deployment end, and encrypting an encryption key of sensitive data by using the encryption public key to obtain a key ciphertext;
and sending the secret key ciphertext to the OTA deployment end.
8. The method of claim 7, further comprising:
regenerating an updated encryption key of the sensitive data when the encryption key is invalid or leaked, wherein the updated encryption key is used for re-encrypting the sensitive data in the OTA server;
re-encrypting the updated encryption key of the sensitive data by using the encryption public key to obtain updated key ciphertext;
and sending the updating key ciphertext to the OTA deployment end.
9. A sensitive data protection system, comprising:
OTA deployment end, OTA server and key server;
the OTA deployment end comprises a security module, wherein the security module is used for generating an encrypted public key and sending the encrypted public key to a secret key server;
the key server is used for encrypting the encryption key of the sensitive data by using the encryption public key to obtain a key ciphertext;
the OTA server is used for encrypting the sensitive data by using an encryption key of the sensitive data;
the OTA deployment end is also used for receiving and storing the encrypted sensitive data and the key ciphertext sent by the key server.
10. The sensitive data protection system of claim 9, wherein the OTA deployment site is an autopilot controller.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310610011.0A CN116722985A (en) | 2023-05-26 | 2023-05-26 | Sensitive data protection method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310610011.0A CN116722985A (en) | 2023-05-26 | 2023-05-26 | Sensitive data protection method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116722985A true CN116722985A (en) | 2023-09-08 |
Family
ID=87867037
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310610011.0A Pending CN116722985A (en) | 2023-05-26 | 2023-05-26 | Sensitive data protection method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116722985A (en) |
-
2023
- 2023-05-26 CN CN202310610011.0A patent/CN116722985A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110225063B (en) | Upgrading method and system of automobile-mounted system, server and vehicle-mounted terminal | |
| US8484486B2 (en) | Integrated cryptographic security module for a network node | |
| CN108566381A (en) | A kind of security upgrading method, device, server, equipment and medium | |
| CN108600222B (en) | Communication method, system and terminal of client application and trusted application | |
| CN110621014B (en) | Vehicle-mounted equipment, program upgrading method thereof and server | |
| WO2002060121A1 (en) | A platform and method for securely transmitting authorization data | |
| EP4258593A1 (en) | Ota update method and apparatus | |
| CN110166489B (en) | Data transmission method, system, equipment and computer medium in Internet of things | |
| CN109690543B (en) | Security authentication method, integrated circuit and system | |
| CN115065472B (en) | Security chip encryption and decryption method and device based on multi-key encryption and decryption | |
| CN115314253B (en) | Data processing method, device, system, equipment and working machine | |
| CN113138775A (en) | Firmware protection method and system for vehicle-mounted diagnosis system | |
| KR102645542B1 (en) | Apparatus and method for in-vehicle network communication | |
| CN115242397A (en) | OTA upgrade security verification method and readable storage medium for vehicle EUC | |
| CN114942729A (en) | Data safety storage and reading method for computer system | |
| CN109960935B (en) | Method, device and storage medium for determining trusted state of TPM (trusted platform Module) | |
| CN110661621A (en) | Mixed encryption and decryption method based on HMAC, AES and RSA | |
| CN109784072B (en) | Security file management method and system | |
| CN116484379A (en) | System starting method, system comprising trusted computing base software, equipment and medium | |
| CN116722985A (en) | Sensitive data protection method and system | |
| CN110855434B (en) | Key processing method, device, terminal equipment and storage medium | |
| CN113672973A (en) | Database system of embedded equipment based on RISC-V architecture of trusted execution environment | |
| CN105430022A (en) | Data input control method and terminal equipment | |
| CN112929871A (en) | OTA upgrade package acquisition method, electronic device and storage medium | |
| CN114338173B (en) | Account registration method, system, equipment and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |