CN111092843A - Data desensitization and security authorization system for Internet of vehicles - Google Patents
Data desensitization and security authorization system for Internet of vehicles Download PDFInfo
- Publication number
- CN111092843A CN111092843A CN201811238305.0A CN201811238305A CN111092843A CN 111092843 A CN111092843 A CN 111092843A CN 201811238305 A CN201811238305 A CN 201811238305A CN 111092843 A CN111092843 A CN 111092843A
- Authority
- CN
- China
- Prior art keywords
- vehicle
- authorization
- data
- authorization code
- service module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 229
- 238000000586 desensitisation Methods 0.000 title claims description 31
- 238000000034 method Methods 0.000 claims abstract description 34
- 238000012795 verification Methods 0.000 claims description 31
- 230000006855 networking Effects 0.000 claims description 30
- 230000002452 interceptive effect Effects 0.000 claims description 23
- 210000001503 joint Anatomy 0.000 claims description 16
- 238000003032 molecular docking Methods 0.000 claims description 12
- 238000011084 recovery Methods 0.000 claims description 9
- 230000002457 bidirectional effect Effects 0.000 claims description 8
- 238000012790 confirmation Methods 0.000 claims description 8
- 230000008569 process Effects 0.000 claims description 8
- 230000000977 initiatory effect Effects 0.000 claims 1
- 230000007246 mechanism Effects 0.000 abstract description 5
- RTAQQCXQSZGOHL-UHFFFAOYSA-N Titanium Chemical compound [Ti] RTAQQCXQSZGOHL-UHFFFAOYSA-N 0.000 description 15
- 229910052719 titanium Inorganic materials 0.000 description 15
- 239000010936 titanium Substances 0.000 description 15
- 101100100937 Giardia intestinalis TSP11 gene Proteins 0.000 description 14
- 238000010586 diagram Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 6
- 230000000694 effects Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000006243 chemical reaction Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 229910000734 martensite Inorganic materials 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Abstract
The invention discloses a system and a method for desensitizing data and authorizing safety of Internet of vehicles, which comprises an owner authorization mechanism, a mechanism for converting vehicle VIN into authorization codes, and authentication and circulation of the authorization codes applied in the whole internal and external systems of a vehicle factory, wherein the external use authorization codes are exchanged by the VIN codes in the system and the method, so that the safety problems that data are leaked and repeatedly used by other ways due to circulation of the VIN codes in the external systems of the vehicle factory can be effectively avoided, except for a third-party system for mastering the authorization codes, other systems can not obtain the vehicles corresponding to the data and the authorization codes even if the data and the authorization codes are obtained, and the vehicles can not be used as the data for accurately servicing single vehicles; the data can be used more freely by a third-party system to obtain vehicle group analysis reports and help obtain more accurate industry analysis conclusion, and the mode enables an external business system to perform clustering and group analysis on group vehicles more easily.
Description
Technical Field
The invention relates to a safe use method of vehicle networking data, in particular to a system for solving desensitization and safe authorization of front-loading vehicle networking data by using an authorization code and a method for realizing the system.
Background
With the popularization of the internet of vehicles, the internet of vehicles has become an important technology in modern vehicle systems, and the functions of the vehicles are greatly improved. The internet of Vehicles (Internet of Vehicles) is a huge interactive network formed by information such as vehicle position, speed, route and the like, and the vehicle can finish the collection of self environment and state information through devices such as a GPS, an RFID, a sensor, a camera image solution and the like; through the internet technology, all vehicles can transmit and gather various information of the vehicles to the central resolver; through computer technology, the information of a large number of vehicles can be analyzed and solved, so that the optimal routes of different vehicles can be calculated, road conditions can be reported in time, the period of a signal lamp can be arranged, and the like. The popularization of the car networking enables the value generated by using the real-time and historical data of the car to be a direction of continuous depth, and especially in the transportation industry, no matter in the car renting field, the logistics field and the financial wind control field, the digital utilization of the car data can bring huge new industrial change value, for example, the change of the taxi field brought by the fact that a dripping company matches the position of a user with the position of the user through the real-time position of the car.
The vehicle is safer and more reliable through the function application of the internet of vehicles, and the data of the vehicle which can be openly obtained is urgently needed to be utilized in society. However, the vehicle data owned by the vehicle owner is actually stored in the car networking system of the car factory. In the existing society, data of the front loading network is obtained through a vehicle VIN code (engine number), an external system directly calls an API (application program interface) opened by an internal system of a vehicle factory through the VIN code to obtain the data of the vehicle, and the method ensures that the contradiction exists between the requirement of a vehicle owner on utilizing the data and the requirement of the vehicle factory on opening the data to the external system of the vehicle factory.
In addition, the automobile factory is used as a storage party of the vehicle data, huge potential safety hazards exist when the data is opened to the outside, whether the vehicle data can be safely used outside the automobile factory or not can be safely given, a vehicle owner does not have a reasonable authorization and recovery authorization mechanism, the vehicle data can be used by the owner or not, whether the data can be reused infinitely or not can be influenced by abuse of the vehicle data, and the like.
In view of the above problems, the OTONOMO corporation has published a patent technology for data desensitization, publication number WO2017208236a1, which uses OTONOMOid to replace VIN code for data desensitization, but in the patent technology, unidirectional and/or bidirectional conversion is performed from a computer system to data and then to a third party service end, and in the whole process of circulation and conversion, there are still security problems of data leakage and repeated use by other ways.
Accordingly, there is a need for improvements in the art that address the above-mentioned deficiencies.
Disclosure of Invention
In view of the above-mentioned defects in the prior art, the technical problem to be solved by the present invention is to provide a method combining data desensitization and security authorization, so as to solve the security problem of the car networking data in the circulation process of the internal and external systems of the car factory.
In order to solve the problems, the invention provides a data desensitization and security authorization system for the Internet of vehicles, which comprises a network service module and a data support platform, wherein the network service module is in butt joint with the data support platform to perform data security verification.
The network service module receives a Vehicle VIN code (Vehicle Identification Number), and generates an authorization code according to the Vehicle VIN code, wherein the authorization code configures authorization information; the network Service module is in butt joint with a car factory TSP (Telematics Service Provider), and sends the generated authorization code to the car factory TSP and the corresponding car through the car factory TSP; and the network service module logs out the validity of the authorization code after receiving the request for logging out the authorization code.
Further, the authorization application of the vehicle owner can be completed by an interactive interface provided by an owner App of the vehicle factory, and can also be completed by a mode of offline information batch input provided by a vehicle factory network service module.
Based on the network service module, when a vehicle owner applies for the data use right of the own vehicle to a vehicle factory, the VIN code of the corresponding vehicle is sent to the network service module through the TSP or the APP, and after the VIN code of the vehicle is received by the network service module, the authorization code corresponding to the vehicle is generated according to the VIN code of the vehicle; and the authorization code is sent to the TSP of the vehicle factory through the sending module, and the vehicle owner obtains the authorization code.
Based on the network service module, if the vehicle owner does not agree to provide the vehicle networking data for external use any more, the vehicle owner requests the network service module to recover the authorization authority, the network service module logs out the validity of the given corresponding authorization code, and at the moment, an external system continues to use the authorization code to perform data request or reverse control operation and is prohibited to be accessed by the network service module, so that the purpose of safety control is achieved.
The system also comprises a data supporting platform, the data supporting platform is in butt joint with the TSP of the car factory so as to realize butt joint with the network service module, the data supporting platform receives the authorization code and sends the authorization code to the TSP, and the network service module carries out validity check on the authorization code received by the TSP of the car factory.
Based on the data support platform, after a vehicle owner obtains an authorization code, when vehicle-associated data is used externally, a vehicle user used externally sends the authorization code corresponding to a vehicle to the data support platform to initiate vehicle data authorization relationship confirmation, the data support platform forwards the received authorization code to the TSP, the network service module checks the authorization code received by the TSP of the vehicle plant and verifies the authorization code, if the verification is successful, the authorization work is confirmed by the vehicle owner and the vehicle plant, and the vehicle owner can use the vehicle networking data.
The system may further include a third party service platform that interfaces with the data support platform and sends the authorization code obtained from the owner of the vehicle that obtained the authorization code to the data support platform for verification.
Based on the third-party service platform, the third-party service platform provides an interactive interface between a vehicle owner and a vehicle factory, the vehicle owner inputs the authorization code into the third-party service platform after obtaining the authorization code, the third-party service platform is in butt joint with the data supporting platform, and the authorization code is sent to the data supporting platform through the service platform on the ground for verification.
Further, the connection between the network service module and the TSP belongs to bidirectional connection.
Furthermore, the butt-joint between the network service module and the data support platform and the butt-joint between the data support platform and the third-party service platform are both bidirectional butt-joint, and the butt-joint identifier is the authorization code issued by the network service module.
Further, the user networking data or the reverse operation control vehicle of the vehicle factory received in the third-party service platform are interacted with the network service module through the data support platform, and the interactive identifier is the authorization code.
The invention also provides a method for desensitizing data and authorizing safety of the Internet of vehicles, which is realized based on the system and comprises the following steps:
s1: the network service module in the vehicle factory receives an authorization request from a vehicle owner, and generates an authorization code corresponding to a vehicle according to a corresponding vehicle VIN code in a TSP (Total suspended Specification) of the vehicle factory;
s2: the third-party service platform receives the authorization code input by the vehicle owner, forwards the authorization code to the data support platform and initiates vehicle authorization relationship confirmation;
s3: the data support platform receives an authorization code from the third-party service platform and forwards the authorization code to the TSP, and the network service module performs validity check on the authorization code received by the TSP;
s4: if the verification result of the step S3 is successful, the authorization is confirmed by the vehicle manufacturer and the vehicle owner, and the subsequent vehicle interacts with the vehicle networking data or the command of reversely controlling the vehicle through the network service module and the data support platform in the process of using the third-party service platform, and the authorization code is an interactive identifier; if the verification result in the step S3 is unsuccessful, the use permission of the Internet of vehicles data cannot be obtained;
s5: if the authorization requirement of the vehicle owner is finished, the network service module receives a vehicle authorization permission recovery request from the vehicle owner and logs out the validity of the given authorization code.
Further, the authorization application of the vehicle owner can be completed by an interactive interface provided by an owner App of the vehicle factory, and can also be completed by a mode of offline information batch input provided by a vehicle factory network service module.
Further, after the validity of the authorization code is cancelled, the external system continues to use the authorization code to perform data request or reverse control operation, and the access is prohibited by the network service module, so that the purpose of security management and control is achieved.
The invention also provides a method for desensitizing data and authorizing safety of the Internet of vehicles, which is realized based on the system and comprises the following steps:
a1: the vehicle owner sends a request for using the vehicle networking data to a vehicle factory, the vehicle VIN code is sent to the network service module, and the network service module in the vehicle factory generates an authorization code according to the VIN code;
a2: the vehicle owner inputs the authorization code into the third-party service platform, and the authorization code is sent to the data support platform through the third-party service platform to confirm the vehicle authorization relationship;
a3: the data support platform receives an authorization code from a third-party service platform and sends the authorization code to the TSP, and the network service module performs validity check on the authorization code received by the TSP;
a4: if the verification result of the step A3 is successful, the authorization is confirmed by the vehicle manufacturer and the vehicle owner, the subsequent vehicle interacts the vehicle networking data or the command of reversely controlling the vehicle through the network service module and the data support platform in the process of using the third-party service platform, and the authorization code is an interactive identifier; if the verification result in the step A3 is unsuccessful, the use permission of the Internet of vehicles data cannot be obtained;
a5: if the authorization requirement of the vehicle owner is finished, a recovery request of the vehicle authorization authority is sent to the vehicle factory, and the validity of the authorization code is cancelled by the network service module.
Furthermore, the authorization application of the vehicle owner can be completed by an interactive interface provided by a vehicle owner App of a vehicle factory, and can also be completed by a mode of offline information batch input provided by a vehicle factory network service module;
further, after the validity of the authorization code is cancelled, the external system continues to use the authorization code to perform data request or reverse control operation, and the access is prohibited by the network service module, so that the purpose of security management and control is achieved.
Based on the above system and method for vehicle networking data desensitization and security authorization, the present invention also provides a computer readable medium for data desensitization and security authorization over a computer network, comprising a set of instructions that when executed cause at least one computer solution to perform the above system and method for vehicle networking data desensitization and security authorization.
By implementing the method for desensitizing data and authorizing safety of the Internet of vehicles, provided by the invention, the following technical effects are achieved:
the technology of the invention comprises a complete set of methods such as an owner authorization mechanism, a mechanism for converting a vehicle VIN into an authorization code, and authentication and circulation of the authorization code applied in the whole internal and external systems of a vehicle factory, wherein the VIN is converted into the authorization code used externally in the authorization process, the VIN is not required to be circulated and converted in the whole method, and the authorization code is completely used as a certificate, so that the data leakage caused by circulation of the VIN code in the external systems of the vehicle factory can be effectively avoided, and the safety problem of repeated use by other ways is solved; also, the method does not relate to the situation of a leaked single vehicle, and the data can be used more freely for a third-party system to generate a vehicle group analysis report and help to obtain a more accurate industry analysis conclusion, so that the external business system is easier to cluster and group analyze group vehicles.
The invention solves the problem of safety of the open data of the vehicle factory through a technical means, and the open data of the vehicle factory is not worried by the vehicle factory through an authorization code method on the premise of authorization of a vehicle owner, thereby providing massive data sources for trillion markets and helping a company using social vehicle data to develop business more accurately and efficiently.
After the validity of the authorization code is cancelled, the network service module forbids access even if the external system continues to take the authorization code to perform data request or reverse control operation, thereby achieving the purpose of safety control.
Drawings
The conception, the specific structure and the technical effects of the present invention will be further described with reference to the accompanying drawings to fully understand the objects, the features and the effects of the present invention.
FIG. 1 is a simplified schematic diagram of a vehicle networking data desensitization and security authorization system according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of multi-party interaction of vehicle networking data desensitization and security authorization according to an embodiment of the invention;
FIG. 3 is a schematic diagram illustrating a process of performing vehicle networking data desensitization and security authorization on the part of a vehicle manufacturer according to an embodiment of the present invention;
FIG. 4 is a schematic flow diagram of a vehicle owner side performing vehicle networking data desensitization and security authorization in accordance with an embodiment of the present invention;
fig. 5 is a schematic diagram of a car networking implementation system according to an embodiment of the invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in figures 1 and 2, the car networking data desensitization and security authorization system comprises a network service module 10 and a data support module 20, wherein the network service module 10 is in butt joint with the data support platform 20 to perform data security verification.
The network Service module 10 includes a receiving module 101, a generating module 102, a sending module 103, a logout module 104 and a verification module 105, where the receiving module 101 interfaces with a car plant TSP11(Telematics Service Provider) and/or a car owner, receives an authorization request from the car plant TSP11 and/or the car owner, and receives a Vehicle VIN code (Vehicle Identification Number) in the TSP 11; the generation module 102 generates an authorization code 12 corresponding to the vehicle according to the vehicle VIN code received by the receiving module 101, wherein the authorization code 12 configures authorization information; the sending module 103 is in butt joint with the TSP11 of the vehicle factory, and sends the authorization code 12 generated by the generating module 102 to the TSP11 of the vehicle factory, and further sends the authorization code to the corresponding vehicle; the verification module 105 is in butt joint with the TSP11 of the truck factory to verify the authorization code 12 to be confirmed, which is received by the TSP of the truck factory; the cancellation module 104, upon receiving an authorization code 12 cancellation request, cancels the authorization code 12 validity.
Further, the authorization application of the vehicle owner can be completed by an interactive interface provided by an owner App of the vehicle factory, and can also be completed by a mode of offline batch information input provided by the network service module 10 of the vehicle factory.
Based on the network service module 10, when a vehicle owner applies for the data use right of the own vehicle to a vehicle manufacturer, the TSP11 sends the VIN code of the corresponding vehicle to the network service module 10, and after the receiving module 101 of the network service module 10 receives the VIN code of the vehicle, the generating module 102 generates the authorization code 12 corresponding to the vehicle according to the VIN code of the vehicle; and transmits the authorization code 12 to the TSP11 through the transmission module 103, and the vehicle owner acquires the authorization code 12 through the TSP 11.
Based on the network service module 10, if the vehicle owner no longer agrees to provide the internet of vehicles data for external use, the vehicle owner requests the network service module 10 to recover the authorization right, and the logout module 104 of the network service module 10 logs out the validity of the corresponding authorization code 12, at this time, the external system continues to use the authorization code 12 to perform data request or reverse control operation, and access is prohibited by the network service module 10, so as to achieve the purpose of security control.
The system further comprises a data supporting platform 20, wherein the data supporting platform 20 is in butt joint with the TSP11 of the vehicle factory and comprises an authorization code receiving module 201 and an authorization code sending module 202, and the authorization code receiving module 201 receives the authorization code 12 to be confirmed; the authorization code sending module 202 sends the authorization code 12 to the plant TSP11, and the verification module 105 of the network service module 10 verifies the validity.
Based on the data support platform 20, after the vehicle owner obtains the authorization code 12, when the vehicle owner uses the vehicle connection data to the outside, the vehicle user who uses the vehicle sends the authorization code 12 corresponding to the vehicle to the data support platform 20 to initiate confirmation of the vehicle data authorization relationship, the data support platform 20 forwards the received authorization code 12 to be confirmed to the TSP of the vehicle factory, the network service module 10 performs verification, if the verification is successful, it is indicated that the authorization work is confirmed by the vehicle owner and the vehicle factory, and the vehicle owner can use the vehicle connection data.
The system may further include a third party service platform 3, the third party service platform 3 interfacing with the data support platform 20 and sending the authorization code 12 obtained from the owner of the vehicle that obtained the authorization code 12 to the data support platform 20 for verification.
Based on the third-party service platform 3, the third-party service platform 3 provides an interactive interface between the vehicle owner and the vehicle factory, after the vehicle owner obtains the authorization code 12, the authorization code 12 is input into the third-party service platform 3, the third-party service platform 3 is in butt joint with the data support platform 20, and the authorization code 12 is sent to the data support platform 20 through the service platform on the ground for verification.
Further, the interface between the network service module 10 and the TSP is a bidirectional interface.
Further, the docking between the network service module 10 and the data support platform 20 and the docking between the data support platform 20 and the third-party service platform 3 are both bidirectional docking, and the identifier of the docking is the authorization code 12 issued by the network service module 10.
Further, the user networking data or the reverse operation control vehicle of the vehicle factory received in the third-party service platform 3 are interacted with the network service module 10 through the data support platform 20, and the interacted identifier is the authorization code 12.
The invention also provides a method for desensitizing data and authorizing safety of the Internet of vehicles, which is realized based on the system and comprises the following steps:
s1: the network service module 10 in the vehicle factory receives an authorization request from a vehicle owner, and generates an authorization code 12 corresponding to a vehicle according to a corresponding vehicle VIN code in the TSP11 of the vehicle factory; s101
S2: the third-party service platform 3 receives the authorization code 12 recorded by the vehicle owner, forwards the authorization code 12 to the data support platform 20, and initiates vehicle authorization relationship confirmation; s102
S3: the data support platform 20 receives the authorization code 12 from the third-party service platform 3, forwards the authorization code 12 to the TSP11 of the truck factory, and the network service module 10 performs validity check; s103
S4: if the verification result in the step S3 is successful, the authorization is confirmed by the vehicle manufacturer and the vehicle owner, and when the subsequent vehicle is in use on the third-party service platform 3, the internet-of-vehicles data or the instructions for reverse vehicle control interact with the data support platform 20 through the network service module 10, and the authorization code 12 is an interactive identifier; if the verification result in the step S3 is unsuccessful, the use permission of the Internet of vehicles data cannot be obtained; s104
S5: if the authorization requirement of the vehicle owner is over, the network service module 10 receives the vehicle authorization permission recovery request from the vehicle owner, and logs out the validity of the given authorization code 12. S105
Further, the authorization application of the vehicle owner can be completed by an interactive interface provided by an owner App of the vehicle factory, and can also be completed by a mode of offline batch information input provided by the network service module 10 of the vehicle factory.
Further, after the validity of the authorization code 12 is cancelled, the external system continues to use the authorization code 12 to perform data request or reverse control operation, which is prohibited from being accessed by the network service module 10, so as to achieve the purpose of security management and control.
The invention also provides a method for desensitizing data and authorizing safety of the Internet of vehicles, which is realized based on the system and comprises the following steps:
a1: the vehicle owner sends a request for using the vehicle networking data to a vehicle factory, the VIN code of the vehicle is transmitted to the network service module 10 through the TSP11 of the vehicle factory, and the network service module 10 in the vehicle factory generates an authorization code 12 according to the VIN code; a101
A2: the vehicle owner inputs the authorization code 12 into the third-party service platform 3, and sends the authorization code 12 to the data support platform 20 through the third-party service platform 3 to confirm the vehicle authorization relationship; a102
A3: the data support platform 20 receives the authorization code 12 from the third-party service platform 3, forwards the authorization code 12 to the TSP11 of the vehicle manufacturer, and the network service module 10 performs validity check; a103
A4: if the verification result in the step a3 is successful, the authorization is confirmed by the vehicle manufacturer and the vehicle owner, when the subsequent vehicle is in use at the third-party service platform 3, the internet-of-vehicles data or the instructions for reverse vehicle control interact with the data support platform 20 through the network service module 10, and the authorization code 12 is an interactive identifier; if the verification result in the step A3 is unsuccessful, the use permission of the Internet of vehicles data cannot be obtained; a104
A5: if the authorization requirement of the vehicle owner is finished, a recovery request of the vehicle authorization authority is sent to the vehicle factory, and the validity of the authorization code 12 is cancelled by the network service module 10. A105
Further, the authorization application of the vehicle owner can be completed by an interactive interface provided by a vehicle owner App of a vehicle factory, and can also be completed by a mode of offline batch information input provided by the vehicle factory network service module 10;
further, after the validity of the authorization code 12 is cancelled, the external system continues to use the authorization code 12 to perform data request or reverse control operation, which is prohibited from being accessed by the network service module 10, so as to achieve the purpose of security management and control.
Based on the above system and method for vehicle networking data desensitization and security authorization, the present invention also provides a computer readable medium for data desensitization and security authorization over a computer network, comprising a set of instructions that when executed cause at least one computer solution to perform the above system and method for vehicle networking data desensitization and security authorization.
The following description will be made by taking a specific system designed by the titanium martensite as an example.
As shown in fig. 4, which is a specific system diagram of a ti-ma company design, in order to complete the ti-ma design of the system, a "ti-ma data service support platform 20 a" is implemented to be equivalent to the data support platform 20 of the present invention, and a "car factory external service module 10 a" is placed in a car factory to be equivalent to the network service module 10 of the present invention, and the ti-ma data service support platform 20a outside the car factory and the external service module in the car factory cooperate to complete the method of desensitization of data security; the "virtual cloud key 12 a" corresponds to the authorization code in the present invention.
With reference to fig. 1, fig. 2, and fig. 5, the system includes an external service module 10a for a vehicle factory, where the external service module 10a for a vehicle factory generates a unique authorization code corresponding to each vehicle, and the authorization code is defined as a virtual cloud key 12 a; the external service module 10a of the vehicle factory is positioned in the vehicle factory and is in butt joint with the vehicle networking 11 of the vehicle factory; when a Vehicle owner applies for the data use right of the own Vehicle to a Vehicle factory, the Vehicle owner authorizes to obtain the virtual cloud key 12a generated by the external service module 10a of the Vehicle factory through the Vehicle Identification Number (VIN code) of the Vehicle; the virtual cloud key 12a is a unique identification corresponding to each vehicle, and is a dynamic identification command.
The system further comprises a titanium horse data service supporting platform 20a, the titanium horse data service supporting platform 20a is in butt joint with the vehicle factory and vehicle network 11, legitimacy verification of using the virtual cloud key 12a is conducted on the external service module 10a through the vehicle factory, after a vehicle owner obtains the virtual cloud key 12a, when vehicle connection data is used externally, the obtained virtual cloud key 12a is sent to the titanium horse data service supporting platform 20a to initiate vehicle data authorization relation confirmation, the titanium horse data service supporting platform 20a forwards the received virtual cloud key 12a to the vehicle factory and vehicle network, the vehicle factory verifies the external service module 10a, if verification is successful, authorization work is confirmed to obtain confirmation of the vehicle owner and the vehicle factory, and the vehicle owner can use the vehicle network 11 data.
The system can further comprise a third-party service platform 3, the third-party service platform 3 comprises a third-party service end 30 and a third-party service end system 31, the third-party service end 30 provides an interactive interface between a vehicle owner and/or a user and a vehicle factory, the vehicle owner and/or the user inputs the virtual cloud key 12a into the third-party service end 30 after obtaining the virtual cloud key 12a, the third-party service end system 31 inside the third-party service end 30 is in butt joint with the titanium horse data service supporting platform 20a, and the virtual cloud key 12a is sent to the titanium horse data service supporting platform 20a through the third-party service end system 31 to be verified.
Further, the authorization application of the vehicle owner can be completed by an interactive interface provided by the vehicle owner App of the vehicle factory, and can also be completed by a mode of offline batch information input provided by the external service module 10a of the vehicle factory.
Further, the docking between the external service module 10a of the car factory and the TSP11 belongs to a bidirectional docking.
Further, the docking between the external service module 10a of the vehicle factory and the titanium horse data service support platform 20a and the docking between the titanium horse data service support platform 20a and the third-party service end system 31 are both bidirectional docking, and the docked identifier is the virtual cloud key 12a issued by the external service module 10a of the vehicle factory.
Further, the data of the internet of vehicles 11 used by the user or the reverse operation control vehicle of the vehicle factory, which are received by the third-party service end 30 and the third-party service end system 31, are interacted with the external service module 10a of the vehicle factory through the titanium horse data service support platform 20a, and the interacted identifier is the virtual cloud key 12 a.
Further, when the vehicle owner no longer agrees to provide the data of the internet of vehicles 11 for external use, the vehicle owner requests the external service module 10a of the vehicle factory to recover the authorization authority, and the external service module 10a of the vehicle factory cancels the validity of the corresponding virtual cloud key 12a, at this time, the external system continues to use the virtual cloud key 12a to perform data request or reverse control operation, and the external service module 10a of the vehicle factory is prohibited from accessing, so as to achieve the purpose of security control.
With reference to fig. 3 and 5, as a vehicle factory side, a specific method for solving data desensitization and security authorization of the internet of vehicles 11 by using the virtual cloud key 12a includes the following steps:
s1: the external service module 10a in the vehicle factory receives an authorization request from a vehicle owner, and generates a virtual cloud key 12a corresponding to the vehicle according to the vehicle VIN code; s101
S2: the third-party service end 30 and the third-party service end system 31 receive the virtual cloud key 12a input by the vehicle owner, forward the virtual cloud key 12a to the titanium horse data service support platform 20a, and initiate vehicle authorization relationship confirmation; s102
S3: the titanium horse data service support platform 20a receives the virtual cloud key 12a from the third-party service end 30 and the third-party service end system 31, forwards the virtual cloud key 12a to the vehicle factory and vehicle network 11, and performs validity check on the external service module 10a by the vehicle factory; s103
S4: if the verification result in the step S3 is successful, the authorization is confirmed by the vehicle manufacturer and the owner of the vehicle, and when the subsequent vehicle is used at the third-party service end 30, the external service module 10a and the ti-ma data service support platform 20a interact with the data of the internet of vehicles 11 or the instructions of the reverse operation vehicle through the vehicle manufacturer, and the virtual cloud key 12a is an interactive identifier; if the check result in the step S3 is unsuccessful, the usage of the data of the internet of vehicles 11 cannot be obtained; s104
S5: if the authorization requirement of the vehicle owner is finished, the vehicle factory external service module 10a receives a vehicle authorization authority recovery request from the vehicle owner, and cancels the validity of the given virtual cloud key 12 a. 105
Further, the authorization application of the vehicle owner can be completed by an interactive interface provided by the vehicle owner App of the vehicle factory, and can also be completed by a mode of offline batch information input provided by the external service module 10a of the vehicle factory.
Further, after the validity of the virtual cloud key 12a is cancelled, the external system continues to use the virtual cloud key 12a to perform data request or reverse control operation, and the external service module 10a is prohibited from accessing by the vehicle manufacturer, so as to achieve the purpose of security control.
With reference to fig. 4 and 5, as a vehicle owner side, a specific method for solving data desensitization and security authorization of the internet of vehicles 11 by using the virtual cloud key 12a includes the following steps:
a1: a vehicle owner (which may be an individual or an enterprise) sends a request for using the data of the internet of vehicles 11 to a vehicle factory, and transmits a vehicle VIN code to the vehicle factory, and an external service module 10a in the vehicle factory generates a virtual cloud key 12a according to the VIN code; a101
A2: the vehicle owner inputs the virtual cloud key 12a into the third-party service end 30, and the virtual cloud key 12a is sent to the titanium horse data service supporting platform 20a through a third-party service end system 31 inside the third-party service end 30 to confirm the vehicle authorization relationship; a102
A3: the titanium horse data service support platform 20a receives the virtual cloud key 12a from the third-party service end 30 and the third-party service end system 31, forwards the virtual cloud key 12a to the vehicle factory and vehicle network 11, and performs validity check on the external service module 10a by the vehicle factory; a103
A4: if the verification result in the step a3 is successful, the authorization is confirmed by the vehicle manufacturer and the owner of the vehicle, when the subsequent vehicle is used at the third-party service end 30, the data of the internet of vehicles 11 or the instructions for reversely operating the vehicle are interacted with the external service module 10a and the titanium horse data service support platform 20a through the vehicle manufacturer, and the virtual cloud key 12a is an interactive identifier; if the verification result in the step a3 is unsuccessful, the use of the data of the internet of vehicles 11 cannot be obtained; a104
A5: if the authorization requirement of the vehicle owner is finished, a recovery request of the vehicle authorization authority is sent to the vehicle factory, and the validity of the virtual cloud key 12a is cancelled by the external service module 10a of the vehicle factory. A105
Further, the authorization application of the vehicle owner can be completed by an interactive interface provided by a vehicle owner App of the vehicle factory, and can also be completed by a mode that the vehicle factory provides offline information batch input to the external service module 10 a;
further, after the validity of the virtual cloud key 12a is cancelled, the external system continues to use the virtual cloud key 12a to perform data request or reverse control operation, and the external service module 10a is prohibited from accessing by the vehicle manufacturer, so as to achieve the purpose of security control.
The foregoing detailed description of the preferred embodiments of the invention has been presented. It should be understood that numerous modifications and variations could be devised by those skilled in the art in light of the present teachings without departing from the inventive concepts. Therefore, the technical solutions available to those skilled in the art through logic analysis, reasoning and limited experiments based on the prior art according to the concept of the present invention should be within the scope of protection defined by the claims.
Claims (9)
1. A data desensitization and security authorization system for the Internet of vehicles is characterized by comprising a network service module and a data support platform, wherein the network service module is in butt joint with the data support platform to perform data security verification;
the network service module receives a vehicle VIN code and generates an authorization code according to the vehicle VIN code, wherein the authorization code configures authorization information; the network service module is in butt joint with the TSP of the vehicle factory, and sends the generated authorization code to the TSP of the vehicle factory so as to send the authorization code to the corresponding vehicle; the network service module receives the authorization code logout request and then logs out the validity of the authorization code;
the data support platform is in butt joint with the TSP, the received authorization code is sent to the TSP, and the network service module conducts validity check on the authorization code received by the TSP.
2. A data desensitization and security authorization system according to claim 1, wherein each vehicle uniquely corresponds to one of the authorization codes.
3. The data desensitization and security authorization system according to claim 1, wherein the system further comprises a third party service platform that interfaces with the data support platform to send the authorization code obtained from the owner of the vehicle that obtained the authorization code to the data support platform for verification.
4. A data desensitization and security authorization system according to claim 1, characterized in that the interface between the network service module and TSP is a bidirectional interface.
5. The data desensitization and security authorization system according to claim 3, wherein the docking of the network service module with the data support platform and the data support platform with the third party service platform are both bi-directional docking, and the identifier of the docking is the authorization code issued by the network service module.
6. The data desensitization and security authorization system according to claim 5, wherein the third party service platform receives usage vehicle networking data or the reverse operation of the vehicle plant controls that vehicles interact with the network service module through the data support platform, the interactive identifier being the authorization code.
7. A method for desensitization and security authorization of data in Internet of vehicles comprises the following steps:
s1: the network service module of claim 1 in a vehicle factory receiving an authorization request from a vehicle owner, generating an authorization code for a corresponding vehicle according to a corresponding vehicle VIN code in a TSP of the vehicle factory;
s2: the third-party service platform of claim 3 receiving an authorization code entered by a vehicle owner, forwarding the authorization code to the data support platform of claim 1, and initiating vehicle authorization relationship confirmation;
s3: the data support platform receives an authorization code from the third-party service platform and sends the authorization code to the TSP, and the network service module performs validity check on the authorization code received by the TSP;
s4: if the verification result of the step S3 is successful, the authorization is confirmed by the vehicle manufacturer and the vehicle owner, and the subsequent vehicle interacts with the vehicle networking data or the command of reversely controlling the vehicle through the network service module and the data support platform in the process of using the third-party service platform, and the authorization code is an interactive identifier; if the verification result in the step S3 is unsuccessful, the use permission of the Internet of vehicles data cannot be obtained;
s5: if the authorization requirement of the vehicle owner is finished, the network service module receives a vehicle authorization permission recovery request from the vehicle owner and logs out the validity of the given authorization code.
8. A method for desensitizing data and authorizing safety of Internet of vehicles specifically comprises the following steps:
a1: the vehicle owner sends a request for using the vehicle networking data to a vehicle factory, and transmits a vehicle VIN code to the network service module according to claim 1 through a TSP of the vehicle factory, and the network service module in the vehicle factory generates an authorization code according to the VIN code;
a2: the vehicle owner enters the authorization code into the third-party service platform as claimed in claim 3, and the authorization code is sent to the data support platform through the third-party service platform to confirm the vehicle authorization relationship;
a3: the data support platform of claim 1 receiving an authorization code from a third party service platform and sending the authorization code to the TSP, the network service module performing a validity check on the authorization code received by the TSP;
a4: if the verification result of the step A3 is successful, the authorization is confirmed by the vehicle manufacturer and the vehicle owner, the subsequent vehicle interacts the vehicle networking data or the command of reversely controlling the vehicle through the network service module and the data support platform in the process of using the third-party service platform, and the authorization code is an interactive identifier; if the verification result in the step A3 is unsuccessful, the use permission of the Internet of vehicles data cannot be obtained;
a5: if the authorization requirement of the vehicle owner is finished, a recovery request of the vehicle authorization authority is sent to the vehicle factory, and the validity of the authorization code is cancelled by the network service module.
9. A computer readable medium based on the system and method for vehicle networking data desensitization and security authorization according to any of claims 1-8, wherein the computer readable medium is for data desensitization and security authorization over a computer network, comprising a set of instructions that when executed cause at least one computer to perform the system and method for addressing vehicle networking data desensitization and security authorization.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811238305.0A CN111092843A (en) | 2018-10-23 | 2018-10-23 | Data desensitization and security authorization system for Internet of vehicles |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811238305.0A CN111092843A (en) | 2018-10-23 | 2018-10-23 | Data desensitization and security authorization system for Internet of vehicles |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111092843A true CN111092843A (en) | 2020-05-01 |
Family
ID=70392419
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811238305.0A Pending CN111092843A (en) | 2018-10-23 | 2018-10-23 | Data desensitization and security authorization system for Internet of vehicles |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111092843A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113051614A (en) * | 2021-03-26 | 2021-06-29 | 支付宝(杭州)信息技术有限公司 | Information access processing method, device, equipment and system |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105094901A (en) * | 2015-07-14 | 2015-11-25 | 广州橙行智动汽车科技有限公司 | Remote after-service on-line ECU refresh method and diagnosis apparatus |
| CN105117657A (en) * | 2015-07-22 | 2015-12-02 | 南京邮电大学 | Smart service based open authorization access design method and system |
| CN105491084A (en) * | 2014-09-16 | 2016-04-13 | 钛马信息网络技术有限公司 | IOV (Internet of vehicles) system based on OTA protocol, and control method therefor |
| CN106375312A (en) * | 2016-08-31 | 2017-02-01 | 长城汽车股份有限公司 | Virtual key authorization method and system, mobile terminal and server |
| CN106394486A (en) * | 2016-08-31 | 2017-02-15 | 长城汽车股份有限公司 | Authorization method and system of virtual key and server |
| CN107650863A (en) * | 2017-09-19 | 2018-02-02 | 大陆汽车投资(上海)有限公司 | Vehicle sharing method and system |
| CN107888612A (en) * | 2017-11-29 | 2018-04-06 | 北京汽车股份有限公司 | Vehicle and its without key start control method, control system |
| CN108122311A (en) * | 2017-11-30 | 2018-06-05 | 北京九五智驾信息技术股份有限公司 | Vehicle virtual key realization method and system |
| US20180174376A1 (en) * | 2014-10-31 | 2018-06-21 | Aeris Communications, Inc. | Automatic connected vehicle subsequent owner enrollment process |
| CN108320388A (en) * | 2017-12-29 | 2018-07-24 | 中国银联股份有限公司 | Charge processing method and equipment and vehicle payment system |
-
2018
- 2018-10-23 CN CN201811238305.0A patent/CN111092843A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105491084A (en) * | 2014-09-16 | 2016-04-13 | 钛马信息网络技术有限公司 | IOV (Internet of vehicles) system based on OTA protocol, and control method therefor |
| US20180174376A1 (en) * | 2014-10-31 | 2018-06-21 | Aeris Communications, Inc. | Automatic connected vehicle subsequent owner enrollment process |
| CN105094901A (en) * | 2015-07-14 | 2015-11-25 | 广州橙行智动汽车科技有限公司 | Remote after-service on-line ECU refresh method and diagnosis apparatus |
| CN105117657A (en) * | 2015-07-22 | 2015-12-02 | 南京邮电大学 | Smart service based open authorization access design method and system |
| CN106375312A (en) * | 2016-08-31 | 2017-02-01 | 长城汽车股份有限公司 | Virtual key authorization method and system, mobile terminal and server |
| CN106394486A (en) * | 2016-08-31 | 2017-02-15 | 长城汽车股份有限公司 | Authorization method and system of virtual key and server |
| CN107650863A (en) * | 2017-09-19 | 2018-02-02 | 大陆汽车投资(上海)有限公司 | Vehicle sharing method and system |
| CN107888612A (en) * | 2017-11-29 | 2018-04-06 | 北京汽车股份有限公司 | Vehicle and its without key start control method, control system |
| CN108122311A (en) * | 2017-11-30 | 2018-06-05 | 北京九五智驾信息技术股份有限公司 | Vehicle virtual key realization method and system |
| CN108320388A (en) * | 2017-12-29 | 2018-07-24 | 中国银联股份有限公司 | Charge processing method and equipment and vehicle payment system |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113051614A (en) * | 2021-03-26 | 2021-06-29 | 支付宝(杭州)信息技术有限公司 | Information access processing method, device, equipment and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107650863B (en) | Vehicle sharing method and system | |
| AU2013204965B2 (en) | A system, method, computer program and data signal for the registration, monitoring and control of machines and devices | |
| CN204926181U (en) | Unmanned on duty electric automobile leases system | |
| CN107610280B (en) | Refueling control method and system | |
| CN104992364A (en) | Unattended electric car rental system and rental method | |
| CN109637034B (en) | Vehicle time-sharing leasing method and system based on virtual key | |
| CN108569250A (en) | The automatic authorization method of bluetooth key based on shared automobile | |
| CN109361715B (en) | Virtual cloud key generation and authorization method and system | |
| CN106383757A (en) | Vehicle-mounted software updating method and device | |
| CN105187438A (en) | Equipment authorization method, device and system | |
| CN105376204A (en) | User terminal, authority granting method and system thereof | |
| US11367356B1 (en) | Autonomous fleet service management | |
| US11347836B2 (en) | Method for authenticating a vehicle, authentication unit, service unit and central computer unit external to the vehicle | |
| CN113570758A (en) | Remote monitoring terminal and vehicle Bluetooth key management method | |
| Dobaj et al. | Cybersecurity Threat Analysis, Risk Assessment and Design Patterns for Automotive Networked Embedded Systems: A Case Study. | |
| CN111092843A (en) | Data desensitization and security authorization system for Internet of vehicles | |
| EP3907673A1 (en) | Authorization of vehicle repairs | |
| CN104883342A (en) | Account authority management system, account authority management method and device thereof | |
| KR20200032512A (en) | Method for diagnosing and maintenancing of vehicle condition during electric vehicle charging, and its system | |
| CN105630477A (en) | Method and device for upgrading application program of vehicle-mounted terminal | |
| CN113284295A (en) | Method, electronic device, and computer storage medium for renting vehicle | |
| CN115442411A (en) | Vehicle end management method and vehicle end management system based on terminal internet | |
| CN112810567B (en) | Method, apparatus, and computer-readable storage medium for information processing | |
| WO2021019637A1 (en) | Security device, server device, security system, and security function setting method | |
| EP3951671A1 (en) | Vehicle service authorization |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200501 |
|
| RJ01 | Rejection of invention patent application after publication |