CN105978862A - Data processing method and data processing system - Google Patents

Data processing method and data processing system Download PDF

Info

Publication number
CN105978862A
CN105978862A CN201610265417.XA CN201610265417A CN105978862A CN 105978862 A CN105978862 A CN 105978862A CN 201610265417 A CN201610265417 A CN 201610265417A CN 105978862 A CN105978862 A CN 105978862A
Authority
CN
China
Prior art keywords
key
operation information
gateway
information
seed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610265417.XA
Other languages
Chinese (zh)
Inventor
杨东耳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingwei Hirain Tech Co Ltd
Original Assignee
Beijing Jingwei Hirain Tech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingwei Hirain Tech Co Ltd filed Critical Beijing Jingwei Hirain Tech Co Ltd
Priority to CN201610265417.XA priority Critical patent/CN105978862A/en
Publication of CN105978862A publication Critical patent/CN105978862A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network

Abstract

The invention provides a data processing method and a data processing system. The method comprises the following steps: receiving operation information sent by equipment; judging whether the operation information is key information; if the operation information is key information, decrypting the key information, wherein the operation information is sent after being encrypted by the equipment under the condition that the operation information is key information; and getting the decrypted information. Key operation information transmitted between a gateway and equipment can be encrypted and decrypted, and therefore, on the basis of not affecting the real-time performance of the gateway, the safety of communication between the gateway and the equipment is improved, and the safety performance of vehicles is increased.

Description

A kind of data processing method and system
Technical field
The application relates to communication technical field, particularly relates to a kind of data processing method and system.
Background technology
Along with the continuous progress of science and technology, the Internet has progressed in vehicle.In order to make vehicle Internet communication can be carried out, vehicle is provided with central gateway controller (abbreviation gateway).On vehicle A lot of equipment are connected with gateway, in order to equipment can pass through gateway accessing the Internet.Such as, on vehicle with Gateway be connected multiple controllers, on vehicle with gateway be connected, be easy to be connected the diagnosis interface of diagnostic apparatus.
Although vehicle accesses the Internet, can be user-friendly to a certain extent.But, equipment with Data communication between gateway does not does any encryption, and this makes illegal the Internet equipment be easy to obtain Whole vehicle information, and car load is implemented unfavorable behavior.
To this end, the application provides a kind of data processing method, in order to make the data between equipment and gateway Communication is encrypted, in order to increase the security performance of vehicle.
Summary of the invention
This application provides a kind of data processing method and system, so that the number between equipment and gateway It is encrypted according to communication, in order to increase the security performance of vehicle.
To achieve these goals, the application provides techniques below means:
A kind of data processing method, is applied to gateway, and described method includes:
The operation information that reception equipment sends;
Judge whether described operation information is key message;
If described operation information is key message, then described key message is decrypted operation;Wherein, In the case of described operation information is key message, described operation information is to perform encryption through described equipment Send after operation;
Obtain the decryption information after deciphering.
Preferably, described gateway includes hardware security modules HSPM, the most described to described crucial letter Breath is decrypted operation, including:
Described HSPM is decrypted operation to described critical data.
Preferably, after the described decryption information obtained after deciphering, also include:
If described decryption information meets pre-conditioned, then judge to perform whether to need during described decryption information described The operation user that equipment is corresponding is in released state;
If the operation user needing described equipment corresponding is in released state, then whether judge described operation user It is in released state;
If described operation user is in released state, then perform described decryption information;
If described operation user is not in released state, then controls described operation user and enter released state.
Preferably, described control described operation user enters released state and includes:
Generation enters the unblock seed of released state with described operation user;
After judging that described unblock seed is as critical data, described unblock seed is encrypted operation;
Obtain and send the encryption seed after encryption;
In Preset Time, receive that described equipment sends, based on described encryption seed generate first close Key;
Described first key and the second key being contrasted, wherein, described second key is based on described Unlock what seed generated;
If described first key and the second key agreement, then control described operation user and enter released state.
A kind of data processing method, is applied to equipment, and described method includes:
Determine the operation information sent to gateway;
Judge whether described operation information is key message;
If described operation information is key message, then described operation information is encrypted operation;
Operation information after described gateway sends encryption.
Preferably, also include:
Receive the encryption seed that described gateway sends;
Described encryption seed is decrypted operation and obtains unblock seed;
The first key is generated based on described unblock seed;
Described first key is sent to described gateway.
A kind of data processing method, is applied to gateway, and described method includes:
The operation information that really orientation equipment sends;
Judge whether described operation information is key message;
If described operation information is key message, then described operation information is encrypted operation;
Operation information after described equipment sends encryption.
Preferably, described gateway includes hardware security modules HSPM, described to described operation information It is encrypted operation, including:
Described HSPM is encrypted operation to described information to be sent.
A kind of data handling system, including gateway and multiple equipment of being connected with described gateway;
Described equipment, for determining the operation information sent to gateway, it is judged that whether described operation information is Key message, if described operation information is key message, is then encrypted operation to described operation information, Operation information after described gateway sends encryption;
Described gateway, for receiving the operation information that equipment sends, it is judged that whether described operation information is pass Key information, if described operation information is key message, is then decrypted operation to described key message;Its In, in the case of described operation information is key message, described operation information is for perform through described equipment Send after cryptographic operation, obtain the decryption information after deciphering.
Preferably, described gateway, it is additionally operable to when determining the described decryption information of execution need described equipment corresponding Operation user be in released state, and, described operation user when being not in released state, then controls institute State operation user and enter released state;Wherein, described control described operation user to enter released state concrete Including: generation enters the unblock seed of released state with described operation user, is judging described unblock seed After critical data, described unblock seed is encrypted operation, obtains and send the encryption after encryption Seed, in Preset Time, receives that described equipment sends, that generate based on described encryption seed first Key, contrasts described first key and the second key, and wherein, described second key is for based on institute State and unlock what seed generated, if described first key and the second key agreement, then control described operation user Enter released state;
Described equipment, is additionally operable to receive the encryption seed that described gateway sends, carries out described encryption seed Decryption oprerations also obtains unblock seed, generates the first key based on described unblock seed, sends out to described gateway Send described first key.
By above technological means, it is possible to achieve following beneficial effect:
The application provides a kind of data processing method, and this method can be to the behaviour of transmission between gateway and equipment Encryption and decryption process is carried out as information.Carry out the data volume of encryption and decryption process to reduce gateway, the application is also All of operation information is not carried out encryption and decryption process, but only crucial operation information is encrypted Process, thus on the basis of not affecting gateway real-time, improve the safety communicated between equipment and gateway Property, then increase the security performance of vehicle.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present application or technical scheme of the prior art, below will be to reality Execute the required accompanying drawing used in example or description of the prior art to be briefly described, it should be apparent that below, Accompanying drawing in description is only some embodiments of the application, for those of ordinary skill in the art, On the premise of not paying creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the structural representation of a kind of data handling system disclosed in the embodiment of the present application;
Fig. 2 is the flow chart of a kind of data processing method disclosed in the embodiment of the present application;
Fig. 3 is the flow chart of the embodiment of the present application another data processing method disclosed;
Fig. 4 is the flow chart of the embodiment of the present application another data processing method disclosed;
Fig. 5 is the flow chart of the embodiment of the present application another data processing method disclosed;
Fig. 6 is the flow chart of the embodiment of the present application another data processing method disclosed;
Fig. 7 is the flow chart of the embodiment of the present application another data processing method disclosed;
Fig. 8 is the flow chart of the embodiment of the present application another data processing method disclosed.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present application, the technical scheme in the embodiment of the present application is carried out Clearly and completely describe, it is clear that described embodiment is only some embodiments of the present application, and It is not all, of embodiment.Based on the embodiment in the application, those of ordinary skill in the art are not doing Go out the every other embodiment obtained under creative work premise, broadly fall into the scope of the application protection.
Skilled in the art realises that the application scenarios of the application for convenience, first provide at a kind of data Reason system.As it is shown in figure 1, described system includes gateway 100 and multiple with what described gateway 100 was connected Equipment 200.In order to clearly show that multiple equipment, Fig. 1 uses equipment 1, equipment 2 ... equipment N represents, N is non-zero natural number.
Can communicate between gateway 100 and equipment 200, in order to strengthen between gateway 100 and equipment 200 The safety of communication, gateway 100 and equipment 200 are improved, add wherein by the application respectively Encryption and decryption processes.The processing procedure being respectively directed to gateway 100 and equipment 200 is carried out in detail by subsequent embodiment Describe in detail bright.
First the data handling procedure of equipment is described, this application provides a kind of data processing method, application In equipment.As in figure 2 it is shown, specifically include following steps:
Step 201: determine the operation information sent to gateway.
Equipment can receive the control instruction that operation user issues, and determines that needs are to net according to control instruction Close the operation information sent.
Step 202: judge whether described operation information is key message.The most then enter step S203, Otherwise enter step S205.
Operation information, after determining operation information, can be encrypted by equipment immediately.Due to equipment with Operation information content between gateway is relatively big, so this processing mode can cause converging on gateway much adding Confidential information, so gateway needs to spend a large amount of cpu resource to perform decryption oprerations, and then affects gateway Manage the real-time of other data.
It is understood that the operation information of transmission between equipment and gateway, has plenty of the most important pass Key information, has plenty of hardly important general information.Therefore, in order to not affect the real-time of gateway, this The operation information that equipment is sent by application the most immediately is encrypted operation, but first judges that operation information is No for key message.
In the memory space of equipment, it is previously stored with key message type set, key message set of types Conjunction includes the key message type that multiple technical staff sets.Equipment may determine that in step S201 and determines Information type corresponding to operation information whether in key message type set.
If the information type of operation information is in key message type set, then explanation operation information is crucial Information, otherwise, illustrates operation information non-critical information.
Step 203: if described operation information is key message, then described operation information is encrypted operation.
If operation information is key message, then in order to prevent disabled user from obtaining key message, it is therefore desirable to Key message is encrypted.Equipment can obtain encryption key, utilizes encryption key to operation letter Breath is encrypted operation, and obtains the operation information after encryption.
Step 204: the operation information after described gateway sends encryption.
By the communication link between equipment and gateway, the operation information after gateway sends encryption.
Step S205: directly send operation information to gateway.
If the information type of operation information is not in key message type set, then explanation operation information is general Communication breath.Even if disabled user obtains operation information and does not also result in harmful effect, the most not to letter by ordinary Breath is encrypted.So, equipment directly can send operation information to gateway.
Embodiment shown in Fig. 2 is the processing procedure that equipment performs, and the execution process of gateway is described below. As it is shown on figure 3, specifically include following steps:
Step S301: receive the operation information that equipment sends.
By gateway and communication between devices link, receive the operation information that equipment sends.
Step S302: judge whether described operation information is key message.
Owing to gateway is inconsistent to the processing procedure of general information and key message, therefore, gateway needs to sentence Whether disconnected operation is key message.The most then enter step S303, if otherwise entering step S305.
Step S303: if described operation information is key message, then described key message is decrypted behaviour Make;Wherein, in the case of described operation information is key message, described operation information sets described in warp Send after standby execution cryptographic operation.
If operation information is key message, then gateway learns that needs are decrypted operation to operation information.Cause This obtains decruption key, and is decrypted operation information by decruption key, and obtains the deciphering after deciphering Information.It is understood that operation information is carried out in step S203 by the decruption key of gateway and equipment Encryption key is to cooperate with use.
Owing to a lot of equipment all send the operation information after encrypting to gateway, gateway can use software mode Processing the operation information after the encryption that each equipment sends, but software processing mode is relatively slow, efficiency is relatively Low.Therefore, it can increase a hardware security modules (Hardware Safety in gateway Protection Module, HSPM), or, outside gateway, increase HSPM.Gateway can be by needs The operation information of encryption and decryption sends to HSPM, HSPM process the operation information of encryption and decryption.Due to Hardware handles speed is very fast, it is possible to improve the processing speed to encryption and decryption operation information.
Step S304: obtain the decryption information after deciphering.
Step S305: directly obtain described operation information.
By the embodiment shown in Fig. 2 and Fig. 3 it can be seen that the application can be between gateway and equipment The operation information of transmission carries out encryption and decryption process.The data volume of encryption and decryption process is carried out in order to reduce gateway, The application does not carry out encryption and decryption process to all of operation information, but only to crucial operation information It is encrypted, thus on the basis of not affecting gateway real-time, improves between equipment and gateway logical The safety of letter, increases the security performance of vehicle then.
After gateway obtains decryption information in the embodiment shown in fig. 3, then can perform described solution secret letter Breath.As shown in Figure 4, for performing concrete steps during decryption information:
Step S401: judge whether described decryption information meets pre-conditioned;If then entering step S402, Otherwise, described decryption information is ignored.
Pre-conditioned have a two ways:
First kind of way: pre-conditioned can be empty condition.I.e. meet any condition without decryption information, Then can enter step S402.
The second way: pre-conditioned meet validity judgement condition for decryption information.
Being previously stored with each information type corresponding data form and scope of data in gateway, gateway can obtain The information type of extract operation information, and obtain the data form corresponding with information type and scope of data, so Rear data form and the scope of data judging whether operation information meets correspondence.If meeting, it is determined that operation Information meets validity judgement condition, i.e. meets pre-conditioned.If being unsatisfactory for, it is determined that operation information is not Meet validity judgement condition, be i.e. unsatisfactory for pre-conditioned.
Step S402: if described decryption information meets pre-conditioned, then when judging to perform described decryption information The operation user whether needing described equipment corresponding is in released state;If it is not, then enter step S403, if It is then to enter step S405.
In order to improve the safety of equipment further, can be that equipment arranges multiple operation user, different Operation user has different operating rights.Each operation corresponding opereating specification per family.Further, Each operation user has a two states: blocking and released state.In the lockout condition, operation is used Family only has the use authority of part operation scope, and in the unlocked state, operation user can have whole The use authority of opereating specification.
Therefore, gateway is performing before decryption information, the need of behaviour when first determining whether to perform decryption information It is in released state, i.e. judging to perform opereating specification required during decryption information is blocking as user Corresponding part operation scope, or it is the integrated operation scope of released state pair.
If gateway needs the execution authority of part operation scope when performing decryption information, it is determined that perform institute It is not required to operate user when stating decryption information and is in released state.If gateway needs whole when performing decryption information The execution authority of body opereating specification, it is determined that user need to be operated when performing described decryption information and be in unblock shape State.
Step S403: if needing the operation user that described equipment is corresponding to be in released state, then judge described behaviour Make whether user is in released state;The most then enter step S404, otherwise enter step 405.
By the judgement of step S402, however, it is determined that need to operate user and be in released state, then judge operation Whether user is in released state.If user is in released state, then released state mark is effectively, if using Family is not in released state, then released state mark is invalid.Therefore, can be sentenced by released state mark Determine released state the most effective.
Step S404: if described operation user is not in released state, then control described operation user and enter Released state.
If operation user is not in released state, then controls operation user by technological means and enter unblock shape State.Subsequently into step S405.
Step S405: perform described decryption information.
If operation user is in released state, then gateway can perform decryption information.
Control described operation user is described in detail below and enters the concrete execution process of released state.Such as Fig. 5 Shown in, specifically include following steps:
Step S501: generation enters the unblock seed of released state with described operation user.
Enter released state to prevent illegal user from malicious from ordering about operation user, need to verify further behaviour Make the identity of user.Operation user is made to enter released state to this end, gateway is generated by seed generator Unblock seed.Then, seed will be unlocked to send to equipment.
Step S502: after judging that described unblock seed is as critical data, described unblock seed is carried out Cryptographic operation.
Gateway is when sending unblock seed, through judging that obtaining unlocking seed is critical data, therefore, and profit It is encrypted operation to unlocking seed with encryption key.Then, the encryption seed after encryption is sent.
Step S503: obtain and send the encryption seed after encryption.
Step S504: in Preset Time, receives that described equipment sends, raw based on described encryption seed The first key become.
Equipment can be decrypted operation according to encryption seed and obtain and unlock seed, then according to utilizing seed-close Key maker, generates first key corresponding with unlocking seed.Then the first key is sent to gateway.
Gateway starts timing, if receiving the first key in Preset Time, then in time sending encryption seed Illustrate that the first key is effective.If beyond Preset Time, then illustrate not receive the first key, or receive To the first key lost efficacy, need to resend unblock seed.
Step S505: judge that described first key and the second key are the most consistent, will described first key Contrasting with the second key, wherein, described second key is to generate based on described unblock seed.
Gateway self also can generate the second key according to seed-key generator according to unlocking seed.Theoretical Upper first key and the second key should be consistent.Therefore, gateway judges the first key and the second key The most consistent, if consistent, determine that operation user is for normal users.If inconsistent, illustrate that operating user is Disabled user.
Step S506: if described first key and the second key agreement, then control described operation user and enter Released state.
If the first key and the second key agreement, then explanation operation user is normal users, therefore, controls Operation user enters released state, in order to operation user can perform decryption information.
Step S507: if described first key and the second key are inconsistent, then perform other processing procedure.
Accordingly, the equipment that is described below execution step in releasing process.As shown in Figure 6, specifically wrap Include following steps:
Step S601: receive the encryption seed that described gateway sends.
Step S602: described encryption seed is decrypted operation and obtains unblock seed.
Equipment obtains decruption key, and utilizes decruption key to be decrypted encryption seed, and obtains deciphering After unblock seed.It is understood that determine in decruption key in this step and step S502 adds Decryption key is corresponding.
Step S603: generate the first key based on described unblock seed.
Utilize seed-key generator based on unlocking seed, generate the first key.
Step S604: send described first key to described gateway.
Equipment can perform cryptographic operation when gateway sends operation information, and gateway adds confidential information receiving After need perform decryption oprerations.In like manner, gateway sends operation information to equipment can also perform cryptographic operation, Equipment receive add confidential information after need decryption oprerations.Gateway is described below and sends the process of operation information.
As it is shown in fig. 7, a kind of data processing method, being applied to gateway, described method includes:
Step S701: the operation information that really orientation equipment sends.
Step S702: judge whether described operation information is key message.
Step S703: if described operation information is key message, then described operation information is encrypted behaviour Make;Wherein, described gateway includes hardware security modules HSPM, described enters described operation information Row cryptographic operation, including: described HSPM is encrypted operation to described information to be sent.
Step S704: the operation information after described equipment sends encryption.
Step S705: directly transmit described information to be sent.
In embodiment shown in Fig. 6, gateway sends the process of deciphering seed to equipment, then can send pass by gateway The process of key information.
The execution process of Fig. 7 gateway is similar with the execution process of Fig. 2 equipment, and detailed implementation is at Fig. 2 Shown embodiment is described in detail, does not repeats them here.
Equipment processing procedure reception operation information after is described below, as shown in Figure 8, specifically includes:
Step S801: receive the operation information that gateway sends.
Step S802: judge whether described operation information is key message.
Step S803: if described operation information is key message, then described key message is decrypted behaviour Make;Wherein, in the case of described operation information is key message, described operation information is through described net Send after closing execution cryptographic operation.
Step S804: obtain the decryption information after deciphering.
Step S805: directly obtain described operation information.
The execution process of Fig. 8 gateway is similar with the execution process of Fig. 3 equipment, and detailed implementation is at Fig. 3 Shown embodiment is described in detail, does not repeats them here.
As it is shown in figure 1, present invention also provides a kind of data handling system, including gateway 100 and with institute State multiple equipment 200 that gateway is connected.
Described equipment 200, for determining the operation information sent to gateway, it is judged that whether described operation information For key message, if described operation information is key message, then described operation information is encrypted operation, Operation information after described gateway sends encryption.
Described gateway 100, for receiving the operation information that equipment sends, it is judged that whether described operation information is Key message, if described operation information is key message, is then decrypted operation to described key message; Wherein, in the case of described operation information is key message, described operation information is for hold through described equipment Send after row cryptographic operation, obtain the decryption information after deciphering.
Additionally, described gateway 100, it is additionally operable to when determining the described decryption information of execution need described equipment corresponding Operation user be in released state, and, described operation user when being not in released state, then controls institute State operation user and enter released state;Wherein, described control described operation user to enter released state concrete Including: generation enters the unblock seed of released state with described operation user, is judging described unblock seed After critical data, described unblock seed is encrypted operation, obtains and send the encryption after encryption Seed, in Preset Time, receives that described equipment sends, that generate based on described encryption seed first Key, contrasts described first key and the second key, and wherein, described second key is for based on institute State and unlock what seed generated, if described first key and the second key agreement, then control described operation user Enter released state.
Described equipment 200, is additionally operable to receive the encryption seed that described gateway sends, enters described encryption seed Row decryption oprerations also obtains unblock seed, generates the first key based on described unblock seed, to described gateway Send described first key.
If the function described in the present embodiment method realizes and as independent using the form of SFU software functional unit When production marketing or use, a calculating device-readable can be stored in and take in storage medium.Based on so Understanding, part or the part of this technical scheme that prior art is contributed by the embodiment of the present application can Embodying with the form with software product, this software product is stored in a storage medium, if including Dry instruction with so that calculating equipment (can be personal computer, server, mobile computing device Or the network equipment etc.) perform all or part of step of method described in each embodiment of the application.And it is front The storage medium stated includes: USB flash disk, portable hard drive, read only memory (ROM, Read-Only Memory), Random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various can To store the medium of program code.
In this specification, each embodiment uses the mode gone forward one by one to describe, and each embodiment stresses Being the difference with other embodiments, between each embodiment, same or similar part sees mutually.
Described above to the disclosed embodiments, makes professional and technical personnel in the field be capable of or uses The application.Multiple amendment to these embodiments will be aobvious and easy for those skilled in the art See, generic principles defined herein can in the case of without departing from spirit herein or scope, Realize in other embodiments.Therefore, the application is not intended to be limited to the embodiments shown herein, And it is to fit to the widest scope consistent with principles disclosed herein and features of novelty.

Claims (10)

1. a data processing method, it is characterised in that be applied to gateway, described method includes:
The operation information that reception equipment sends;
Judge whether described operation information is key message;
If described operation information is key message, then described key message is decrypted operation;Wherein, In the case of described operation information is key message, described operation information is to perform encryption through described equipment Send after operation;
Obtain the decryption information after deciphering.
2. the method for claim 1, it is characterised in that described gateway includes that hardware security is protected Module HSPM, the most described is decrypted operation to described key message, including:
Described HSPM is decrypted operation to described critical data.
3. the method for claim 1, it is characterised in that at the described solution secret letter obtained after deciphering After breath, also include:
If described decryption information meets pre-conditioned, then judge to perform whether to need during described decryption information described The operation user that equipment is corresponding is in released state;
If the operation user needing described equipment corresponding is in released state, then whether judge described operation user It is in released state;
If described operation user is in released state, then perform described decryption information;
If described operation user is not in released state, then controls described operation user and enter released state.
4. method as claimed in claim 3, it is characterised in that described control described operation user enter Released state includes:
Generation enters the unblock seed of released state with described operation user;
After judging that described unblock seed is as critical data, described unblock seed is encrypted operation;
Obtain and send the encryption seed after encryption;
In Preset Time, receive that described equipment sends, based on described encryption seed generate first close Key;
Described first key and the second key being contrasted, wherein, described second key is based on described Unlock what seed generated;
If described first key and the second key agreement, then control described operation user and enter released state.
5. a data processing method, it is characterised in that be applied to equipment, described method includes:
Determine the operation information sent to gateway;
Judge whether described operation information is key message;
If described operation information is key message, then described operation information is encrypted operation;
Operation information after described gateway sends encryption.
6. method as claimed in claim 5, it is characterised in that also include:
Receive the encryption seed that described gateway sends;
Described encryption seed is decrypted operation and obtains unblock seed;
The first key is generated based on described unblock seed;
Described first key is sent to described gateway.
7. a data processing method, it is characterised in that be applied to gateway, described method includes:
The operation information that really orientation equipment sends;
Judge whether described operation information is key message;
If described operation information is key message, then described operation information is encrypted operation;
Operation information after described equipment sends encryption.
8. method as claimed in claim 7, it is characterised in that described gateway includes that hardware security is protected Module HSPM, described is encrypted operation to described operation information, including:
Described HSPM is encrypted operation to described information to be sent.
9. a data handling system, it is characterised in that include gateway and multiple with what described gateway was connected Equipment;
Described equipment, for determining the operation information sent to gateway, it is judged that whether described operation information is Key message, if described operation information is key message, is then encrypted operation to described operation information, Operation information after described gateway sends encryption;
Described gateway, for receiving the operation information that equipment sends, it is judged that whether described operation information is pass Key information, if described operation information is key message, is then decrypted operation to described key message;Its In, in the case of described operation information is key message, described operation information is for perform through described equipment Send after cryptographic operation, obtain the decryption information after deciphering.
10. system as claimed in claim 9, it is characterised in that
Described gateway, is additionally operable to when determining and performing described decryption information need the operation that described equipment is corresponding to use Family is in released state, and, when described operation user is not in released state, then controls described operation and use Family enters released state;Wherein, described control described operation user enters released state and specifically includes: raw One-tenth enters the unblock seed of released state with described operation user, is judging that described unblock seed is as closing bond number According to afterwards, described unblock seed is encrypted operation, obtains and send the encryption seed after encryption, In Preset Time, receive the first key that described equipment sends, that generate based on described encryption seed, will Described first key and the second key contrast, and wherein, described second key is to plant based on described unblock Son generates, if described first key and the second key agreement, then controls described operation user and enters unblock State;
Described equipment, is additionally operable to receive the encryption seed that described gateway sends, carries out described encryption seed Decryption oprerations also obtains unblock seed, generates the first key based on described unblock seed, sends out to described gateway Send described first key.
CN201610265417.XA 2016-04-26 2016-04-26 Data processing method and data processing system Pending CN105978862A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610265417.XA CN105978862A (en) 2016-04-26 2016-04-26 Data processing method and data processing system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610265417.XA CN105978862A (en) 2016-04-26 2016-04-26 Data processing method and data processing system

Publications (1)

Publication Number Publication Date
CN105978862A true CN105978862A (en) 2016-09-28

Family

ID=56993139

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610265417.XA Pending CN105978862A (en) 2016-04-26 2016-04-26 Data processing method and data processing system

Country Status (1)

Country Link
CN (1) CN105978862A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116095685A (en) * 2022-06-01 2023-05-09 荣耀终端有限公司 Protection method of key information and terminal equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101908113A (en) * 2010-07-30 2010-12-08 深圳市江波龙电子有限公司 Authentication method and authentication system
CN102833250A (en) * 2012-08-28 2012-12-19 华南理工大学 Security management method and system for vehicular mobile Internet
CN104580352A (en) * 2013-10-28 2015-04-29 通用汽车环球科技运作有限责任公司 Programming vehicle modules from remote devices and related methods and systems
CN105187376A (en) * 2015-06-16 2015-12-23 西安电子科技大学 Safe communication method of internal automobile network in Telematics

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101908113A (en) * 2010-07-30 2010-12-08 深圳市江波龙电子有限公司 Authentication method and authentication system
CN102833250A (en) * 2012-08-28 2012-12-19 华南理工大学 Security management method and system for vehicular mobile Internet
CN104580352A (en) * 2013-10-28 2015-04-29 通用汽车环球科技运作有限责任公司 Programming vehicle modules from remote devices and related methods and systems
CN105187376A (en) * 2015-06-16 2015-12-23 西安电子科技大学 Safe communication method of internal automobile network in Telematics

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116095685A (en) * 2022-06-01 2023-05-09 荣耀终端有限公司 Protection method of key information and terminal equipment
CN116095685B (en) * 2022-06-01 2023-11-14 荣耀终端有限公司 Protection method of key information and terminal equipment

Similar Documents

Publication Publication Date Title
US9875368B1 (en) Remote authorization of usage of protected data in trusted execution environments
JP2022033913A (en) Blockchain implemented method and system
CN103797489B (en) For safely by program perform be tied to and node be locked to trust signature authorized organization system and method
WO2020197724A1 (en) Verifying identity of an emergency vehicle during operation
CN107851167A (en) Protection calculates the technology of data in a computing environment
TWI420339B (en) Software authorization system and method
CN113014539B (en) Internet of things equipment safety protection system and method
CN103607402B (en) A kind of online game data encryption and decryption method and equipment
CN101494541B (en) System and method for implementing security protection of PIN code
CN104902138B (en) Encryption/deciphering system and its control method
CN103500202B (en) Security protection method and system for light-weight database
CN108429719A (en) Cryptographic key protection method and device
CN113014444B (en) Internet of things equipment production test system and safety protection method
CN103888429B (en) Virtual machine starts method, relevant device and system
JP5827724B2 (en) Method and apparatus for entering data
CN107391232A (en) A kind of system level chip SOC and SOC systems
CN106992978A (en) Network safety managing method and server
CN106358246A (en) Access token issuing method and associated equipment
CN105978862A (en) Data processing method and data processing system
US11748521B2 (en) Privacy-enhanced computation via sequestered encryption
CN114697113A (en) Hardware accelerator card-based multi-party privacy calculation method, device and system
Shao et al. Formal analysis of HMAC authorisation in the TPM2. 0 specification
JP6203556B2 (en) Information processing system
CN114124366A (en) Key generation method of trusted chip and related equipment
CN107609405B (en) External secure memory device and system-on-chip SOC

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20160928