CN112118093A - Data encryption/decryption method and related equipment - Google Patents

Data encryption/decryption method and related equipment Download PDF

Info

Publication number
CN112118093A
CN112118093A CN201910544478.3A CN201910544478A CN112118093A CN 112118093 A CN112118093 A CN 112118093A CN 201910544478 A CN201910544478 A CN 201910544478A CN 112118093 A CN112118093 A CN 112118093A
Authority
CN
China
Prior art keywords
service module
key value
fingerprint data
data
fingerprint
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN201910544478.3A
Other languages
Chinese (zh)
Inventor
蒋余厂
贺朝阳
钱慧佳
张敏贤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai OFilm Smart Car Technology Co Ltd
Original Assignee
Shanghai OFilm Smart Car Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai OFilm Smart Car Technology Co Ltd filed Critical Shanghai OFilm Smart Car Technology Co Ltd
Priority to CN201910544478.3A priority Critical patent/CN112118093A/en
Publication of CN112118093A publication Critical patent/CN112118093A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L12/40006Architecture of a communication node
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40208Bus networks characterized by the use of a particular bus standard
    • H04L2012/40215Controller Area Network CAN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/40Bus networks
    • H04L2012/40267Bus for use in transportation systems
    • H04L2012/40273Bus for use in transportation systems the transportation system being a vehicle

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a data encryption/decryption method and related equipment, comprising the following steps: the first business module firstly collects fingerprint data of a user; then the first service module sends an interactive request to the second service module, wherein the interactive request comprises a first random key value component; then receiving request response information sent by the second service module, wherein the request response information comprises a second random key value component; and finally, generating a dynamic encryption key value according to the first random key value component and the second random key value component, and generating encrypted fingerprint data according to the dynamic encryption key value and the fingerprint data, wherein the encrypted fingerprint data is used for encrypting the fingerprint data in the process of sending the fingerprint data to the second service module by the first service module. By adopting the method and the device, the security of fingerprint data transmission is improved, and the fingerprint data is effectively prevented from being maliciously intercepted and captured.

Description

Data encryption/decryption method and related equipment
Technical Field
The application relates to the technical field of automotive electronics, in particular to a data encryption/decryption method and related equipment.
Background
At present, automobiles become vehicles with the highest use frequency in life of people, and along with the development of the internet of vehicles, the automobiles are more and more intelligent, so that great convenience is brought to the life of people. However, similar to the conventional internet, there are also a lot of threats such as network attacks and data interception in the internet of vehicles. For example, in an intelligent vehicle-mounted system of an intelligent automobile, (1) a wireless network communication interface provided by a Telematics BOX (T-BOX) is an important object of reverse analysis and network attack; (2) a Controller Area Network (CAN) bus is a bottom line of Network attack protection; (3) an external device connected with an On-Board Diagnostic (OBD) system may also become a source of attack; (4) chip bugs and firmware bugs in Electronic Control Units (ECUs) are also the subject of major security concerns and network attacks. Besides, there are many components such as a conventional IT operating system and an In-Vehicle Infotainment (IVI) system, which are not listed here. Therefore, the intelligent automobile brings convenience to people and also brings a serious information safety problem.
Disclosure of Invention
The application provides a data encryption/decryption method and related equipment. The safety of fingerprint data transmission can be improved in the distributed vehicle-mounted fingerprint system, and the fingerprint data is effectively prevented from being maliciously intercepted and captured.
A first aspect of an embodiment of the present application provides a data encryption method, including: the first business module firstly collects fingerprint data of a user; then sending an interactive request to a second service module, wherein the interactive request comprises a first random key value component; then receiving request response information sent by the second service module, wherein the request response information comprises a second random key value component; finally, generating a dynamic encryption key value according to the first random key value component and the second random key value component; and generating encrypted fingerprint data according to the dynamic encryption key value and the fingerprint data, wherein the encrypted fingerprint data is used for encrypting the fingerprint data in the process of sending the fingerprint data to the second service module by the first service module. By encrypting the fingerprint data, the problems of data leakage and tampering when the fingerprint data is directly transmitted can be avoided, and the security of issuing transmission is improved.
The vehicle-mounted fingerprint system comprises a data transmission bus;
after the first service module generates encrypted fingerprint data according to the dynamic encryption key value and the fingerprint data, the method further includes:
the first service module sends the encrypted fingerprint data to the second service module through the data transmission bus, and the data transmission bus corresponds to a bus data frame with a preset structure; the data transmission efficiency can be improved through the bus transmission.
The first service module generates encrypted fingerprint data according to the dynamic encryption key value and the fingerprint data, and the generation of the encrypted fingerprint data comprises the following steps: the first service module generates a target bus data frame of the preset structure according to the fingerprint data; and determining the encrypted fingerprint data according to the target bus data frame and the dynamic encryption key value. Compared with the fixed encryption information, the dynamic encryption key value can improve the encryption effect, so that the confidentiality of the fingerprint data is enhanced.
Wherein, the generating, by the first service module, the target bus data frame of the preset structure according to the fingerprint data includes: the first service module determines a frame element of the target bus data frame according to the preset structure, wherein the frame element comprises at least one of an integrity verification code, a validity verification code and a data confusion code; and generating the target bus data frame according to the fingerprint data and the frame element. By adding the integrity verification code, the legality verification code and the data confusion code into the target bus data frame, a data receiving party can provide a data integrity verification basis, and the possibility of cracking a bus transmission protocol can be reduced.
Wherein, the determining, by the first service module, the encrypted fingerprint data according to the target bus data frame and the dynamic encryption key value includes: and the first service module encrypts the target bus data frame according to the dynamic encryption key value and a second preset encryption algorithm to obtain the encrypted fingerprint data. On the basis of the dynamic encryption key value, the encryption effect of the fingerprint data can be greatly improved through the cooperation of an excellent encryption algorithm.
Wherein the generating, by the first service module, the target bus data frame according to the fingerprint data and the frame element includes: the first business module reads a fixed encryption key value from a preset storage space; encrypting the fingerprint data according to the fixed encryption key value and a first preset encryption algorithm; and generating the target bus data frame according to the encrypted fingerprint data and the frame element. The dynamic encryption key value and the dynamic encryption key value are used for double encryption, so that the cracking difficulty of the encrypted fingerprint data can be further improved.
A second aspect of the embodiments of the present application provides another data decryption method, including:
the second service module receives the interactive request sent by the first service module;
the second service module sends request response information to the first service module, wherein the request response information comprises a second random key value component, the second random key value component is used for the first service module to process collected fingerprint data to obtain encrypted fingerprint data, and the encrypted fingerprint data is used for encrypting the fingerprint data in the process of sending the fingerprint data to the second service module by the first service module. By means of mutual interaction of key value components of the first service module and the second service module, the cracking difficulty of the finally obtained encryption key value can be enhanced, the first service module and the second service module can independently generate the encryption key value, and transmission of the encryption key value is avoided.
The vehicle-mounted fingerprint system to which the first service module and the second service module belong comprises a data transmission bus; the interactive request comprises a first random key value component; after the request response message sent by the second service module to the first service module, the method further includes: the second service module receives the encrypted fingerprint data sent by the first service module through the data transmission bus; and extracting the fingerprint data from the encrypted fingerprint data according to the first random key value component and the second random key value component. Compared with the plaintext of the fingerprint data, the encrypted fingerprint data can greatly reduce the possibility of plaintext leakage of the fingerprint data in the transmission process.
The data transmission bus corresponds to a bus data frame with a preset structure;
the second service module extracting the fingerprint data from the encrypted fingerprint data according to the first random key value component and the second random key value component includes: the second service module generates a dynamic encryption key value according to the first random key value component and the second random key value component; decrypting the encrypted fingerprint data according to the dynamic encryption key value and a first preset encryption algorithm to obtain a target bus data frame; and extracting the fingerprint data from the target bus data frame according to the preset structure.
Wherein, according to the preset structure, the extracting, by the second service module, the fingerprint data from the target bus data frame includes: the second service module reads a fixed encryption key value from a preset storage space; extracting a fingerprint ciphertext from the target bus data frame according to the preset structure; and decrypting the fingerprint ciphertext according to the fixed encryption key value and a second preset encryption algorithm to obtain the fingerprint data.
Accordingly, a third aspect of the embodiments of the present application provides a first service module, including:
the acquisition unit is used for acquiring fingerprint data of a user;
a sending unit, configured to send an interaction request to a second service module, where the interaction request includes a first random key value component;
a receiving unit, configured to receive request response information sent by the second service module, where the request response information includes a second random key value component;
an encryption unit, configured to generate a dynamic encryption key value according to the first random key value component and the second random key value component;
the encryption unit is further configured to generate encrypted fingerprint data according to the dynamic encryption key value and the fingerprint data, where the encrypted fingerprint data is used to encrypt the fingerprint data in a process where the first service module sends the fingerprint data to the second service module.
The vehicle-mounted fingerprint system comprises a data transmission bus;
the sending unit is further configured to:
sending the encrypted fingerprint data to the second service module through the data transmission bus, wherein the data transmission bus corresponds to a bus data frame with a preset structure;
the encryption unit is further configured to:
generating a target bus data frame of the preset structure according to the fingerprint data;
and determining the encrypted fingerprint data according to the target bus data frame and the dynamic encryption key value.
Wherein the encryption unit is further configured to:
determining a frame element of the target bus data frame according to the preset structure, wherein the frame element comprises at least one of an integrity verification code, a legality verification code and a data confusion code;
and generating the target bus data frame according to the fingerprint data and the frame element.
Wherein the encryption unit is further configured to:
reading a fixed encryption key value from a preset storage space;
encrypting the fingerprint data according to the fixed encryption key value and a first preset encryption algorithm;
and generating the target bus data frame according to the encrypted fingerprint data and the frame element.
Wherein the encryption unit is further configured to:
and encrypting the target bus data frame according to the dynamic encryption key value and a second preset encryption algorithm to obtain the encrypted fingerprint data.
Accordingly, a fourth aspect of the present embodiment provides a second service module, including:
the receiving unit is used for receiving the interaction request sent by the first service module;
the sending unit is used for sending request response information to the first service module, the request response information comprises a second random key value component, the second random key value component is used for the first service module to process collected fingerprint data to obtain encrypted fingerprint data, and the encrypted fingerprint data is used for encrypting the fingerprint data in the process that the first service module sends the fingerprint data to the second service module.
The vehicle-mounted fingerprint system comprises a data transmission bus; the interactive request comprises a first random key value component;
the receiving unit is further configured to:
receiving the encrypted fingerprint data sent by the first service module through the data transmission bus;
the second service module further comprises a decryption unit configured to:
and extracting the fingerprint data from the encrypted fingerprint data according to the first random key value component and the second random key value component.
The data transmission bus corresponds to a bus data frame with a preset structure;
the decryption unit is further configured to:
generating a dynamic encryption key value according to the first random key value component and the second random key value component;
decrypting the encrypted fingerprint data according to the dynamic encryption key value and a first preset encryption algorithm to obtain a target bus data frame;
and extracting the fingerprint data from the target bus data frame according to the preset structure.
Wherein the decryption unit is further configured to:
reading a fixed encryption key value from a preset storage space;
extracting a fingerprint ciphertext from the target bus data frame according to the preset structure;
and decrypting the fingerprint ciphertext according to the fixed encryption key value and a second preset encryption algorithm to obtain the fingerprint data.
Accordingly, an embodiment of the present application provides another first service module, including: a processor, a memory, a communication interface, and a bus;
the processor, the memory and the communication interface are connected through the bus and complete mutual communication;
the memory stores executable program code;
the processor reads the executable program code stored in the memory to run a program corresponding to the executable program code, so as to execute the data encryption method disclosed by the first aspect of the embodiment of the present application.
Accordingly, an embodiment of the present application provides another second service module, including: a processor, a memory, a communication interface, and a bus;
the processor, the memory and the communication interface are connected through the bus and complete mutual communication;
the memory stores executable program code;
the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, so as to execute the data decryption method disclosed by the second aspect of the embodiment of the present application.
Accordingly, an embodiment of the present application provides a storage medium, where the storage medium is used to store an application program, and the application program is used to execute the data encryption method disclosed in the first aspect of the embodiment of the present application when running.
Accordingly, an embodiment of the present application provides another storage medium, where the storage medium is used to store an application program, and the application program is used to execute the data decryption method disclosed in the second aspect of the embodiment of the present application when the application program is executed.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic structural diagram of a distributed vehicle-mounted fingerprint system provided in an embodiment of the present application;
fig. 2 is a schematic flowchart of a data encryption method provided in an embodiment of the present application;
fig. 3 is a schematic flowchart of an interaction method for dynamic encryption key values according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a bus data frame according to an embodiment of the present application;
FIG. 5 is a schematic structural diagram of encrypted fingerprint data according to an embodiment of the present disclosure;
FIG. 6 is a schematic structural diagram of another encrypted fingerprint data provided in an embodiment of the present application;
fig. 7 is a schematic flowchart of a data encryption/decryption method according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of a first service module according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of a second service module according to an embodiment of the present application;
fig. 10 is a schematic structural diagram of another first service module provided in an embodiment of the present application;
fig. 11 is a schematic structural diagram of another second service module according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a distributed vehicle-mounted fingerprint system according to an embodiment of the present application. As shown, the distributed vehicle-mounted fingerprint system includes: a Door Handle fingerprint identification module (denoted as Door Handle FPA), a vehicle dashboard fingerprint identification module (denoted as Container FPA), a keyless Entry and Start module (PEPS), and a car-in module (denoted as HU). In the system, after the Door Handle FPA collects the fingerprint data, the fingerprint data CAN be sent to the Console FPA through the CAN bus. The Console FPA is a fingerprint recognizer inside the vehicle, can receive fingerprint data sent by the Door Handle FPA, and can independently acquire the fingerprint data of people in the vehicle. The Console FPA, after acquiring the fingerprint data, may send the fingerprint data to PEPS and HU. The PEPS and the HU can verify the fingerprint data after receiving the fingerprint data, and execute corresponding service functions after the verification is passed. When the Door Handle FPA detects that a finger touches the device, the PEPS can be awakened through a hardwire, so that the PEPS can receive fingerprint data conveniently. The CAN bus may be replaced by other buses, such as an Ethernet (Ethernet) bus, and the hard line may be a normal data transmission line. In the system, the fingerprint identification module transmits fingerprint data to other modules through the CAN bus, which brings about the problems of CAN bus protocol being cracked and fingerprint data leakage. And because the fingerprint data is usually used for opening a vehicle door or starting an engine, if the fingerprint data is leaked, the vehicle may be opened illegally or started, which causes serious potential safety hazard. In order to solve this problem, the embodiments of the present application provide the following data encryption algorithm based on the above system.
Referring to fig. 2, fig. 2 is a schematic flow chart of a data encryption method according to an embodiment of the present application. In this embodiment of the present application, the first service module may be a Door Handle FPA or a Console FPA, and the second service module may be a HU module or a Console FPA and PEPS. As shown in the figure, the method in the embodiment of the present application includes:
s201, a first service module collects fingerprint data of a user.
In specific implementation, the first service module can be in a standby state for a long time, and once the finger touch is detected, the first service module immediately restores to a working state so as to operate a preset fingerprint acquisition algorithm and further obtain fingerprint data.
S202, the first service module sends an interactive request to the second service module, and the interactive request comprises a first random key value component.
In a specific implementation, as shown in fig. 3, the interaction request may further include a Handshake signal (Handshake), where the Handshake signal is used to request a connection to the second service module. The first random key value component may be, but is not limited to, a random number rand 1.
S203, the first service module receives a request response message sent by the second service module, where the request response message includes a second random key value component.
In a specific implementation, the second random key value component may be, but is not limited to, a random number rand 2.
And S204, the first service module generates a dynamic encryption key value according to the first random key value component and the second random key value component.
In a specific implementation, the first random key value component and the second random key value component may be spliced to obtain a spliced value, and then a Hash (Hash) value of the spliced value is used as the dynamic encryption key value. For example, rand1 and rand2 are 3689 and 8897, respectively, rand1 and rand2 are spliced to obtain 36898897, and then a Hash value of 36898897 is calculated as a dynamic encryption key value. Because the first random key value component and the second random key value component are random numbers generated in real time in each transmission process, the dynamic encryption key value is generated according to the first random key value component and the second random key value component, the possibility that the dynamic encryption key value is cracked can be greatly improved, and the encryption effect is enhanced.
Optionally, as shown in fig. 3, the first service module may further send a Handshake successful determination signal (Handshake Confirm) and a random number rand3 to the second service module, where rand3 may serve as a third random key value component, and the Handshake Confirm signal may be used to notify the second service module that data reception is ready; then reading a preset Key value component (Key _1) from a pre-designated storage space; and finally, generating a dynamic encryption Key value (Session _ Key) according to the first random Key value component, the second random Key value component, the third Key value component and a preset Key value component, wherein in fig. 3, Gen represents a Generator function. By using the third random key value component and the preset key value component, the cracking difficulty of the dynamic encryption key value can be further increased.
S205, the first service module generates encrypted fingerprint data according to the dynamic encryption key value and the fingerprint data.
It should be noted that, in the embodiment of the present application, the CAN bus corresponds to a bus Data frame with a preset structure, as shown in fig. 4, the bus Data frame includes an integrity verification code (MAC), a legitimacy verification code (Rolling Counter), a Data confusion code (Random), and actual Data to be transmitted (FPA Data). The Rolling Counter can be regarded as a Counter, the value of the Rolling Counter is added with 1 every time of transmission, the Rolling Counter needs to be checked every time a data receiver receives data, and if the difference value of the Rolling counters in bus data frames received twice adjacently is not 1, the data is considered to be illegal, so that the problem of protocol cracking caused by data playback can be avoided. The Random is used for confusing the FPA Data so as to reduce the possibility of cracking the CAN Data transmission protocol, and the Random used in each transmission is a Random number generated in real time. The MAC may be a hash value of combination information obtained by combining a preset Key value (Key _2), the Rolling Counter, the Random, and the FPA Data, that is, the MAC is a hash (Key _2, the Rolling Counter, the Random, and the FPA Data), and the hash represents a function for obtaining the hash value.
In a specific implementation, a target bus data frame with a preset structure may be generated according to the fingerprint data. The frame elements MAC, Rolling Counter, and Random corresponding to the acquired fingerprint data may be determined first; and combining the fingerprint data and the frame elements according to a preset structure to obtain a target bus data frame corresponding to the fingerprint data.
Encrypted fingerprint data may then be determined based on the target bus data frame and the dynamic encryption key value. As shown in fig. 5, the target bus data frame may be encrypted according to a dynamic encryption Key value (Session _ Key) and a preset encryption algorithm, and the encrypted target bus data frame is used as encrypted fingerprint data. The preset Encryption algorithm may be an Advanced Encryption Standard (AES) algorithm, for example, a 128-bit AES (AES-128) algorithm.
Through the MAC, the Rolling Counter and the Random and the dynamic encryption key value, the security of fingerprint data transmission can be improved, and a data receiving party can be provided with a basis for data integrity verification, so that the data receiving party can be ensured to receive complete and untampered fingerprint data.
Alternatively, as shown in fig. 6, the fixed encryption Key (Key _3) may also be read from a preset storage space first. A storage area can be pre-designated in an internal Electrically Erasable Programmable Read-Only Memory (EEPROM) corresponding to the vehicle-mounted fingerprint system, wherein the storage area is specially used for storing preset parameters; the fingerprint data may then be encrypted according to the fixed encryption Key (Key _3) and a first preset encryption algorithm, wherein the first preset encryption algorithm may be, but is not limited to, AES-128 algorithm; then, the MAC, Rolling Counter, and Random corresponding to the acquired fingerprint data are determined, and the encrypted fingerprint data and frame elements are combined according to a preset structure according to the structure of the bus data frame shown in fig. 4, so as to obtain a target bus data frame corresponding to the fingerprint data. And finally, encrypting the target bus data frame according to a dynamic encryption Key value (Session _ Key) and a second preset encryption algorithm to obtain encrypted fingerprint data, wherein the second preset encryption algorithm can be the same as or different from the first preset encryption algorithm. The fingerprint data can be encrypted again on the basis of the dynamic encryption key value through the solid encryption key value, and the confidentiality of the fingerprint data is further improved.
It should be noted that the preset Key value component (Key _1), the preset Key value (Key _2), and the fixed encryption Key value (Key _3) described above may all be stored in advance in a designated storage space in the EEPROM corresponding to the vehicle-mounted fingerprint system, where the preset Key value component (Key _1), the preset Key value (Key _2), and the fixed encryption Key value (Key _3) may be written in the designated storage space by a diagnostic tool or a calibration tool.
In the embodiment of the application, a first service module firstly acquires fingerprint data of a user; then sending an interaction request to a second service module, and receiving request response information sent by the second service module; and then generating a dynamic encryption key value according to the first random key value component and the second random key value component included in the interactive request, and generating a target bus data frame with a preset structure according to the fingerprint data, wherein the target bus data frame is encrypted according to the dynamic encryption key value and a preset encryption algorithm to obtain encrypted fingerprint data. The integrity verification code, the legality verification code and the data confusion code are introduced into the bus data frame, so that the complete transmission of the fingerprint data can be realized, and the transmission safety can be ensured. In addition, the method in the embodiment of the application introduces an AES encryption algorithm into the CAN data frame, innovatively uses a dynamic encryption key value interaction technology, and CAN greatly improve the security of data transmission.
Referring to fig. 7, fig. 7 is a flowchart illustrating a data encryption/decryption method according to an embodiment of the present application. In this embodiment of the present application, the first service module may be a Door Handle FPA or a Console FPA, and the second service module may be a HU, or a Console FPA and a PEPS. As shown in the figure, the method in the embodiment of the present application includes:
s701, a first service module collects user fingerprint data. This step is the same as S201 in the previous embodiment, and is not described again.
S702, the first service module sends an interactive request to the second service module, wherein the interactive request comprises a first random key value component. This step is the same as S202 in the previous embodiment, and is not described again.
S703, the second service module sends a request response message to the first service module, where the request response message includes a second random key value component.
In a specific implementation, the second service module sends a request response message to the first service module through the CAN bus. As shown in fig. 3, the request response information may further include a Handshake acknowledgement signal (Handshake Ack), where the Handshake Ack is a response to the Handshake signal and indicates that the second service module agrees to the connection request of the first service module, that is, the second service module agrees to receive the data sent by the first service module. The second random key value component may be, but is not limited to, a random number rand 2.
S704, the first service module generates a dynamic encryption key value according to the first random key value component and the second random key value component.
In a specific implementation, the first random key value component and the second random key value component may be spliced to obtain a spliced value, and then the Hash value of the spliced value is used as the dynamic encryption key value.
Optionally, after receiving the Handshake confirmation signal sent by the second service module, the first service module may also send a Handshake successful determination signal (Handshake Confirm) and a random number rand3 to the second service module, where rand3 may be used as a third random key value component, and the Handshake Confirm signal may be used to notify the second service module that data reception is ready.
Optionally, the first service module may also read a preset Key value component (Key _1) from a preset storage space; and finally, generating a dynamic encryption Key value (Session _ Key) according to the first random Key value component, the second random Key value component, the third random Key value component and a preset Key value component.
S705, the first service module generates encrypted fingerprint data according to the dynamic encrypted key value and the fingerprint data. This step is the same as S205 in the previous embodiment, and is not described again.
S706, the first service module sends the encrypted fingerprint data to the second service module.
In specific implementation, the first service module may send the encrypted fingerprint data to the second service module through the CAN bus.
And S707, the second service module extracts the fingerprint data from the encrypted fingerprint data.
In a specific implementation, corresponding to the two methods for generating encrypted fingerprint data shown in fig. 5 and fig. 6, the method for extracting fingerprint data from encrypted fingerprint data by the second service module also includes the following two methods:
1. a fingerprint data extraction method corresponding to the generation method of encrypted fingerprint data shown in fig. 5:
firstly, a dynamic encryption key value is generated in the same way as the first service module, and two optional ways are included: (1) and splicing the first random key value component and the second random key value component to obtain a spliced value, and then taking the Hash value of the spliced value as a dynamic encryption key value. (2) As shown in fig. 3, a random number rand3 sent by the first service module and used as a third random key value component may be received first; and reading a preset Key value component (Key _1) from a preset storage space, and generating a dynamic encryption Key value (Session _ Key) according to the first random Key value component, the second random Key value component, the third random Key value component and the preset Key value component.
And then, decrypting the encrypted fingerprint data according to the dynamic encryption key value and a preset encryption algorithm to obtain a target bus data frame. After the target bus data frame is obtained, the MAC, the Random, and the Rolling Counter may be verified, respectively, and if the verification passes, the fingerprint data is extracted from the target bus data frame.
2. A fingerprint data extraction method corresponding to the generation method of encrypted fingerprint data shown in fig. 6:
firstly, a dynamic encryption key value is generated in the same way as the first service module, and a fixed encryption key value is read from a preset storage space. The first service module and the second service module in the vehicle-mounted fingerprint system are modules in the same position, so that the second service module can also read the fixed encryption Key value (Key _3) from the designated storage space in the EEPROM corresponding to the vehicle-mounted fingerprint system, as with the first service module.
And then, decrypting the encrypted fingerprint data according to the dynamic encryption key value and a second preset encryption algorithm to obtain a target bus data frame.
Then, the MAC, Random, and Rolling Counter in the target bus data frame are verified respectively, and if the verification is passed, the fingerprint ciphertext of the target bus data frame, that is, the encrypted fingerprint data, is extracted. And decrypting the fingerprint ciphertext according to the fixed encryption key value and a first preset encryption algorithm to obtain the fingerprint data.
Optionally, after obtaining the fingerprint data, the second service module matches the fingerprint data with fingerprint data stored in the module in advance. If the matching is successful, the identity of the user to which the fingerprint data belongs is verified, and the second service module can execute the corresponding service function. If the matching fails, the authentication of the user fails, and the second service module does not need to execute any service function.
In the embodiment of the application, after the first service module collects the fingerprint data, the first service module interacts with the second service module to generate a relevant parameter of a dynamic encryption key value, so that the first service module and the second service module can respectively generate the dynamic encryption key value according to the relevant parameter, and the first service module and the second service module can also read a fixed encryption key value from a designated storage space. And then the first service module processes the fingerprint data according to the dynamic encryption key value and the fixed encryption key value to obtain encrypted fingerprint mutual data and sends the encrypted fingerprint data to the second service module. The second service module can decrypt and check the encrypted fingerprint data by using the dynamic encryption key value and the fixed encryption key value to obtain the fingerprint data, so that the problems of fingerprint data leakage and virus implantation caused by interception or falsification of the fingerprint data in the transmission process can be avoided, and the security of fingerprint data transmission is improved.
Referring to fig. 8, fig. 8 is a schematic structural diagram of a first service module according to an embodiment of the present disclosure. In this embodiment of the present application, the first service module may be a Door Handle FPA or a Console FPA, and the second service module may be a HU, or a Console FPA and a PEPS. As shown in the figure, the first service module in the embodiment of the present application includes:
the collecting unit 801 is configured to collect fingerprint data of a user.
In specific implementation, the acquisition unit 801 may be in a standby state for a long time, and immediately restores to a working state once a finger touch is detected, so as to operate a preset fingerprint acquisition algorithm, thereby obtaining fingerprint data.
A sending unit 802, configured to send an interaction request to the second service module, where the interaction request includes a first random key value component.
In a specific implementation, as shown in fig. 3, the interaction request may further include a Handshake signal (Handshake), where the Handshake signal is used to request a connection to the second service module. The first random key value component may be, but is not limited to, a random number rand 1.
A receiving unit 803, configured to receive request response information sent by the second service module, where the request response information includes a second random key value component.
In a specific implementation, the second random key value component may be, but is not limited to, a random number rand 2.
An encrypting unit 804 is configured to generate a dynamic encryption key value according to the first random key value component and the second random key value component.
In a specific implementation, the first random key value component and the second random key value component may be spliced to obtain a spliced value, and then the Hash value of the spliced value is used as the dynamic encryption key value. . Because the first random key value component and the second random key value component are random numbers generated in real time in each transmission process, the dynamic encryption key value is generated according to the first random key value component and the second random key value component, the possibility that the dynamic encryption key value is cracked can be greatly improved, and the encryption effect is enhanced.
Optionally, as shown in fig. 3, the first service module may further send a Handshake successful determination signal (Handshake Confirm) and a random number rand3 to the second service module, where rand3 may serve as a third random key value component, and the Handshake Confirm signal may be used to notify the second service module that data reception is ready; then reading a preset Key value component (Key _1) from a pre-designated storage space; and finally, generating a dynamic encryption Key value (Session _ Key) according to the first random Key value component, the second random Key value component, the third Key value component and a preset Key value component, wherein in fig. 3, Gen represents a Generator function. By using the third random key value component and the preset key value component, the cracking difficulty of the dynamic encryption key value can be further increased.
The encryption unit 804 is further configured to generate encrypted fingerprint data according to the dynamic encryption key value and the fingerprint data.
In a specific implementation, a target bus data frame with a preset structure may be generated according to the fingerprint data. The frame elements MAC, Rolling Counter, and Random corresponding to the acquired fingerprint data may be determined first; and combining the fingerprint data and the frame elements according to a preset structure to obtain a target bus data frame corresponding to the fingerprint data.
Encrypted fingerprint data may then be determined based on the target bus data frame and the dynamic encryption key value. As shown in fig. 5, the target bus data frame may be encrypted according to a dynamic encryption Key value (Session _ Key) and a preset encryption algorithm, and the encrypted target bus data frame is used as encrypted fingerprint data. The preset Encryption algorithm may be an Advanced Encryption Standard (AES) algorithm, for example, a 128-bit AES (AES-128) algorithm.
Alternatively, as shown in fig. 6, the fixed encryption Key (Key _3) may also be read from a preset storage space first. A storage area can be pre-designated in an internal Electrically Erasable Programmable Read-Only Memory (EEPROM) corresponding to the vehicle-mounted fingerprint system, wherein the storage area is specially used for storing preset parameters; the fingerprint data may then be encrypted according to the fixed encryption Key (Key _3) and a first preset encryption algorithm, wherein the first preset encryption algorithm may be, but is not limited to, AES-128 algorithm; then, the MAC, Rolling Counter, and Random corresponding to the acquired fingerprint data are determined, and the encrypted fingerprint data and frame elements are combined according to a preset frame structure according to the structure of the bus data frame shown in fig. 4, so as to obtain a target bus data frame corresponding to the fingerprint data. And finally, encrypting the target bus data frame according to a dynamic encryption Key value (Session _ Key) and a second preset encryption algorithm to obtain encrypted fingerprint data, wherein the second preset encryption algorithm can be the same as or different from the first preset encryption algorithm. The fingerprint data can be encrypted again on the basis of the dynamic encryption key value through the solid encryption key value, and the confidentiality of the fingerprint data is further improved.
Optionally, the sending unit 802 is further configured to send the encrypted fingerprint data to the second service module through the CAN bus.
In the embodiment of the application, a first service module firstly acquires fingerprint data of a user; then sending an interaction request to a second service module, and receiving request response information sent by the second service module; and then generating a dynamic encryption key value according to a first random key value component and a second random key value component included in the interactive request and request response information, and generating a target bus data frame with a preset structure according to the fingerprint data, wherein the target bus data frame is encrypted according to the dynamic encryption key value and a preset encryption algorithm to obtain encrypted fingerprint data. The integrity verification code, the legality verification code and the data confusion code are introduced into the bus data frame, so that the complete transmission of the fingerprint data can be realized, and the transmission safety can be ensured. In addition, the method in the embodiment of the application introduces an AES encryption algorithm into the CAN data frame, innovatively uses a dynamic encryption key value interaction technology, and CAN greatly improve the security of data transmission.
Referring to fig. 9, fig. 9 is a schematic structural diagram of a second service module according to an embodiment of the present application. In this embodiment of the present application, the first service module may be a Door Handle FPA or a Console FPA, and the second service module may be a HU, or a Console FPA and a PEPS. As shown in the figure, the second service module in the embodiment of the present application includes:
a receiving unit 901, configured to receive an interaction request sent by a first service module.
In a specific implementation, as shown in fig. 3, the interaction request may include a first random key value component and a Handshake request (Handshake), where the Handshake request is used to request a connection to the second service module. The first random key value component may be, but is not limited to, a random number rand 1.
A sending unit 902, configured to send request response information to the first service module.
In specific implementation, the request response information is sent to the first service module through the CAN bus. As shown in fig. 3, the request response information may further include a Handshake acknowledgement signal (Handshake Ack), where the Handshake Ack is a response to the Handshake signal and indicates that the second service module agrees to the connection request of the first service module, that is, the second service module agrees to receive the data sent by the first service module. The request response information comprises a second random key value component, the second random key value component is used for the first service module to process the collected fingerprint data to obtain encrypted fingerprint data, and the encrypted fingerprint data is used for encrypting the fingerprint data in the process that the first service module sends the fingerprint data to the second service module.
The receiving unit 901 is further configured to receive the encrypted fingerprint data sent by the service module.
A decryption unit 903 for extracting fingerprint data from the encrypted fingerprint data.
In a specific implementation, corresponding to the two methods for generating encrypted fingerprint data shown in fig. 5 and fig. 6, the method for extracting fingerprint data from encrypted fingerprint data by the second service module also includes the following two methods:
1. a fingerprint data extraction method corresponding to the generation method of encrypted fingerprint data shown in fig. 5:
first, a dynamic encryption key value is generated in the same manner as the first service module, as described in S704, two optional manners are included: (1) and splicing the first random key value component and the second random key value component to obtain a spliced value, and then taking the Hash value of the spliced value as a dynamic encryption key value. (2) As shown in fig. 3, a random number rand3 sent by the first service module and used as a third random key value component may be received first; and reading a preset Key value component (Key _1) from a preset storage space, and generating a dynamic encryption Key value (Session _ Key) according to the first random Key value component, the second random Key value component, the third random Key value component and the preset Key value component.
And then, decrypting the encrypted fingerprint data according to the dynamic encryption key value and a preset encryption algorithm to obtain a target bus data frame. The MAC, Random, and Rolling Counter may be verified separately, and if the verification passes, the fingerprint data is extracted from the target bus data frame.
2. A fingerprint data extraction method corresponding to the generation method of encrypted fingerprint data shown in fig. 6:
firstly, a dynamic encryption key value is generated in the same way as the first service module, and a fixed encryption key value is read from a preset storage space. The first service module and the second service module in the vehicle-mounted fingerprint system are modules in the same position, so that the second service module can also read the fixed encryption Key value (Key _3) from the designated storage space in the EEPROM corresponding to the vehicle-mounted fingerprint system, as with the first service module.
And then, decrypting the encrypted fingerprint data according to the dynamic encryption key value and a second preset encryption algorithm to obtain a target bus data frame.
Then, the MAC, Random, and Rolling Counter in the target bus data frame are verified respectively, and if the verification is passed, a fingerprint ciphertext, that is, encrypted fingerprint data, is extracted. And decrypting the fingerprint ciphertext according to the fixed encryption key value and a first preset encryption algorithm to obtain the fingerprint data.
Optionally, the second service module further includes a service execution module, configured to match the fingerprint data with fingerprint data stored in the module in advance after the fingerprint data is obtained. If the matching is successful, the identity of the user to which the fingerprint data belongs is verified, and the second service module can execute the corresponding service function. If the matching fails, the authentication of the user fails, and the second service module does not need to execute any service function.
In the embodiment of the application, after receiving the interaction request of the first service module, the second service module sends the request response information to the first service module, then receives the encrypted fingerprint data sent by the first service module, and analyzes and verifies the encrypted fingerprint data, so that complete and safe fingerprint data can be obtained.
Referring to fig. 10, fig. 10 is a schematic structural diagram of another first service module according to an embodiment of the present application. As shown, the first service module may include: at least one processor 1001, such as a CPU, at least one communication interface 1002, at least one memory 1003, at least one bus 1004. Bus 1004 is used to enable, among other things, connectivity communications between these components. In this embodiment of the present application, the communication interface 1002 of the first service module is a wired sending port, and may also be a wireless device, for example, including an antenna apparatus, configured to perform signaling or data communication with other node devices. The memory 1003 may be a high-speed RAM memory or a non-volatile memory (e.g., at least one disk memory). The memory 1003 may optionally be at least one storage device located remotely from the processor 1001. A set of program codes is stored in the memory 1003 and the processor 1001 is used to call the program codes stored in the memory for performing the following operations:
collecting fingerprint data of a user;
sending an interactive request to a second service module, wherein the interactive request comprises a first random key value component;
receiving request response information sent by the second service module, wherein the request response information comprises a second random key value component;
generating a dynamic encryption key value according to the first random key value component and the second random key value component;
and generating encrypted fingerprint data according to the dynamic encryption key value and the fingerprint data, wherein the encrypted fingerprint data is used for encrypting the fingerprint data in the process of sending the fingerprint data to the second service module by the first service module.
The vehicle-mounted fingerprint system comprises a data transmission bus;
the processor 1001 is further configured to perform the following operation steps:
sending the encrypted fingerprint data to the second service module through the data transmission bus, wherein the data transmission bus corresponds to a bus data frame with a preset structure;
generating encrypted fingerprint data according to the dynamic encryption key value and the fingerprint data comprises:
generating a target bus data frame of the preset structure according to the fingerprint data;
and determining the encrypted fingerprint data according to the target bus data frame and the dynamic encryption key value.
The processor 1001 is further configured to perform the following operation steps:
determining a frame element of the target bus data frame according to the preset structure, wherein the frame element comprises at least one of an integrity verification code, a legality verification code and a data confusion code;
and generating the target bus data frame according to the fingerprint data and the frame element.
The processor 1001 is further configured to perform the following operation steps:
reading a fixed encryption key value from a preset storage space;
encrypting the fingerprint data according to the fixed encryption key value and a first preset encryption algorithm;
and generating the target bus data frame according to the encrypted fingerprint data and the frame element.
The processor 1001 is further configured to perform the following operation steps:
and encrypting the target bus data frame according to the dynamic encryption key value and a second preset encryption algorithm to obtain the encrypted fingerprint data.
Further, the processor may further cooperate with the memory and the communication interface to perform the operations performed by the first service module in the above-mentioned embodiment.
It should be noted that, the embodiment of the present application also provides a storage medium, where the storage medium is used to store an application program, and the application program is used to execute, when running, an operation performed by the first service module in the data encryption/decryption method shown in fig. 2 and fig. 7.
It should be noted that, the embodiment of the present application also provides an application program, where the application program is configured to execute, at runtime, the operation performed by the first service module in the data encryption/decryption method shown in fig. 2 and fig. 7.
Referring to fig. 11, fig. 11 is a schematic structural diagram of another second service module according to an embodiment of the present application. As shown, the second service module may include: at least one processor 1101, such as a CPU, at least one communication interface 1102, at least one memory 1103, at least one bus 1104. Bus 1104 is used to enable, among other things, connectivity communications between these components. In this embodiment of the present application, the communication interface 1102 of the second service module is a wired sending port, and may also be a wireless device, for example, including an antenna apparatus, configured to perform signaling or data communication with other node devices. The memory 1103 may be a high-speed RAM memory or a non-volatile memory (e.g., at least one disk memory). The memory 1103 may optionally be at least one storage device located remotely from the processor 1101. A set of program code is stored in the memory 1103 and the processor 1101 is configured to call the program code stored in the memory for performing the following:
receiving an interaction request sent by a first service module;
sending request response information to the first service module, wherein the request response information comprises a second random key value component, the second random key value component is used for processing the acquired fingerprint data by the first service module to obtain encrypted fingerprint data, and the encrypted fingerprint data is used for encrypting the fingerprint data in the process of sending the fingerprint data to the second service module by the first service module.
The vehicle-mounted fingerprint system comprises a data transmission bus; the interactive request comprises a first random key value component;
the processor 1101 is further configured to perform the following operation steps:
receiving the encrypted fingerprint data sent by the first service module through the data transmission bus;
and extracting the fingerprint data from the encrypted fingerprint data according to the first random key value component and the second random key value component.
The data transmission bus corresponds to a bus data frame with a preset structure;
the processor 1101 is further configured to perform the following operation steps:
generating a dynamic encryption key value according to the first random key value component and the second random key value component;
decrypting the encrypted fingerprint data according to the dynamic encryption key value and a first preset encryption algorithm to obtain a target bus data frame;
and extracting the fingerprint data from the target bus data frame according to the preset structure.
Wherein, the processor 1101 is further configured to perform the following operation steps:
reading a fixed encryption key value from a preset storage space;
extracting a fingerprint ciphertext from the target bus data frame according to the preset structure;
and decrypting the fingerprint ciphertext according to the fixed encryption key value and a second preset encryption algorithm to obtain the fingerprint data.
It should be noted that, the embodiment of the present application also provides a storage medium, where the storage medium is used to store an application program, and the application program is used to execute, when running, an operation performed by the second service module in the data encryption/decryption method shown in fig. 2 and fig. 7.
It should be noted that, the embodiment of the present application also provides an application program, where the application program is configured to execute, when running, an operation performed by the second service module in the data encryption/decryption method shown in fig. 2 and fig. 7.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the application to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others. The above-mentioned embodiments further explain the objects, technical solutions and advantages of the present application in detail. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.

Claims (22)

1. A data encryption method is applied to a vehicle-mounted fingerprint system, the vehicle-mounted fingerprint system comprises a first service module and a second service module, and the method comprises the following steps:
the first service module collects fingerprint data of a user;
the first service module sends an interaction request to the second service module, wherein the interaction request comprises a first random key value component;
the first service module receives request response information sent by the second service module, wherein the request response information comprises a second random key value component;
the first service module generates a dynamic encryption key value according to the first random key value component and the second random key value component;
and the first service module generates encrypted fingerprint data according to the dynamic encryption key value and the fingerprint data, wherein the encrypted fingerprint data is used for encrypting the fingerprint data in the process of sending the fingerprint data to the second service module by the first service module.
2. The method of claim 1, wherein the in-vehicle fingerprint system comprises a data transfer bus;
after the first service module generates encrypted fingerprint data according to the dynamic encryption key value and the fingerprint data, the method further includes:
the first service module sends the encrypted fingerprint data to the second service module through the data transmission bus, and the data transmission bus corresponds to a bus data frame with a preset structure;
the first service module generates encrypted fingerprint data according to the dynamic encryption key value and the fingerprint data, and the generation of the encrypted fingerprint data comprises the following steps:
the first service module generates a target bus data frame of the preset structure according to the fingerprint data;
and the first service module determines the encrypted fingerprint data according to the target bus data frame and the dynamic encryption key value.
3. The method of claim 2, wherein the first traffic module generating the preset structure of the target bus data frame according to the fingerprint data comprises:
the first service module determines a frame element of the target bus data frame according to the preset structure, wherein the frame element comprises at least one of an integrity verification code, a validity verification code and a data confusion code;
and the first service module generates the target bus data frame according to the fingerprint data and the frame element.
4. The method of claim 3, wherein the first traffic module generating the target bus data frame based on the fingerprint data and the frame element comprises:
the first business module reads a fixed encryption key value from a preset storage space;
the first service module encrypts the fingerprint data according to the fixed encryption key value and a first preset encryption algorithm;
and the first service module generates the target bus data frame according to the encrypted fingerprint data and the frame element.
5. The method of any of claims 2-4, wherein the first traffic module determining the encrypted fingerprint data based on the target bus data frame and the dynamic encryption key value comprises:
and the first service module encrypts the target bus data frame according to the dynamic encryption key value and a second preset encryption algorithm to obtain the encrypted fingerprint data.
6. A data decryption method is applied to a vehicle-mounted fingerprint system, the vehicle-mounted fingerprint system comprises a first service module and a second service module, and the method comprises the following steps:
the second service module receives the interactive request sent by the first service module;
the second service module sends request response information to the first service module, wherein the request response information comprises a second random key value component, the second random key value component is used for the first service module to process collected fingerprint data to obtain encrypted fingerprint data, and the encrypted fingerprint data is used for encrypting the fingerprint data in the process of sending the fingerprint data to the second service module by the first service module.
7. The method of claim 6, wherein the in-vehicle fingerprint system comprises a data transfer bus; the interactive request comprises a first random key value component;
after the request response message sent by the second service module to the first service module, the method further includes:
the second service module receives the encrypted fingerprint data sent by the first service module through the data transmission bus;
and the second service module extracts the fingerprint data from the encrypted fingerprint data according to the first random key value component and the second random key value component.
8. The method of claim 7, wherein the data transfer bus corresponds to a predetermined configuration of bus data frames;
the second service module extracting the fingerprint data from the encrypted fingerprint data according to the first random key value component and the second random key value component includes:
the second service module generates a dynamic encryption key value according to the first random key value component and the second random key value component;
the second service module decrypts the encrypted fingerprint data according to the dynamic encryption key value and a first preset encryption algorithm to obtain a target bus data frame;
and the second service module extracts the fingerprint data from the target bus data frame according to the preset structure.
9. The method of claim 8, wherein said extracting the fingerprint data from the target bus data frame by the second traffic module according to the preset configuration comprises:
the second service module reads a fixed encryption key value from a preset storage space;
the second service module extracts a fingerprint ciphertext from the target bus data frame according to the preset structure;
and the second service module decrypts the fingerprint ciphertext according to the fixed encryption key value and a second preset encryption algorithm to obtain the fingerprint data.
10. A first service module, characterized in that, the first service module belongs to a vehicle-mounted fingerprint system, the vehicle-mounted fingerprint system further includes a second service module, the first service module includes:
the acquisition unit is used for acquiring fingerprint data of a user;
a sending unit, configured to send an interaction request to the second service module, where the interaction request includes a first random key value component;
a receiving unit, configured to receive request response information sent by the second service module, where the request response information includes a second random key value component;
an encryption unit, configured to generate a dynamic encryption key value according to the first random key value component and the second random key value component;
the encryption unit is further configured to generate encrypted fingerprint data according to the dynamic encryption key value and the fingerprint data, where the encrypted fingerprint data is used to encrypt the fingerprint data in a process where the first service module sends the fingerprint data to the second service module.
11. The first transaction module of claim 10, wherein the in-vehicle fingerprint system includes a data transfer bus;
the sending unit is further configured to:
sending the encrypted fingerprint data to the second service module through the data transmission bus, wherein the data transmission bus corresponds to a bus data frame with a preset structure;
the encryption unit is further configured to:
generating a target bus data frame of the preset structure according to the fingerprint data;
and determining the encrypted fingerprint data according to the target bus data frame and the dynamic encryption key value.
12. The first traffic module of claim 11, wherein the encryption unit is further to:
determining a frame element of the target bus data frame according to the preset structure, wherein the frame element comprises at least one of an integrity verification code, a legality verification code and a data confusion code;
and generating the target bus data frame according to the fingerprint data and the frame element.
13. The first traffic module of claim 12, wherein the encryption unit is further to:
reading a fixed encryption key value from a preset storage space;
encrypting the fingerprint data according to the fixed encryption key value and a first preset encryption algorithm;
and generating the target bus data frame according to the encrypted fingerprint data and the frame element.
14. The first traffic module of any of claims 11-13, wherein the encryption unit is further configured to:
and encrypting the target bus data frame according to the dynamic encryption key value and a second preset encryption algorithm to obtain the encrypted fingerprint data.
15. A second service module, wherein the second service module belongs to a vehicle-mounted fingerprint system, the vehicle-mounted fingerprint system further comprises a first service module, and the second service module comprises:
a receiving unit, configured to receive an interaction request sent by the first service module;
the sending unit is used for sending request response information to the first service module, the request response information comprises a second random key value component, the second random key value component is used for the first service module to process collected fingerprint data to obtain encrypted fingerprint data, and the encrypted fingerprint data is used for encrypting the fingerprint data in the process that the first service module sends the fingerprint data to the second service module.
16. The second transaction module of claim 15, wherein the in-vehicle fingerprint system includes a data transfer bus; the interactive request comprises a first random key value component;
the receiving unit is further configured to:
receiving the encrypted fingerprint data sent by the first service module through the data transmission bus;
the second service module further comprises a decryption unit configured to:
and extracting the fingerprint data from the encrypted fingerprint data according to the first random key value component and the second random key value component.
17. The second service module according to claim 16, wherein said data transmission bus corresponds to a bus data frame of a predetermined structure;
the decryption unit is further configured to:
generating a dynamic encryption key value according to the first random key value component and the second random key value component;
decrypting the encrypted fingerprint data according to the dynamic encryption key value and a first preset encryption algorithm to obtain a target bus data frame;
and extracting the fingerprint data from the target bus data frame according to the preset structure.
18. The second traffic module of claim 17, wherein the decryption unit is further configured to:
reading a fixed encryption key value from a preset storage space;
extracting a fingerprint ciphertext from the target bus data frame according to the preset structure;
and decrypting the fingerprint ciphertext according to the fixed encryption key value and a second preset encryption algorithm to obtain the fingerprint data.
19. A first service module, comprising: a processor, a memory, a communication interface, and a bus;
the processor, the memory and the communication interface are connected through the bus and complete mutual communication;
the memory stores executable program code;
the processor runs a program corresponding to the executable program code by reading the executable program code stored in the memory for performing the method of any one of claims 1-5.
20. A second service module, comprising: a processor, a memory, a communication interface, and a bus;
the processor, the memory and the communication interface are connected through the bus and complete mutual communication;
the memory stores executable program code;
the processor runs a program corresponding to the executable program code by reading the executable program code stored in the memory for performing the method of any one of claims 6-9.
21. A computer-readable storage medium storing a plurality of instructions adapted to be loaded by a processor and to perform the method according to any one of claims 1 to 5.
22. A computer-readable storage medium storing a plurality of instructions adapted to be loaded by a processor and to perform the method according to any one of claims 6 to 9.
CN201910544478.3A 2019-06-21 2019-06-21 Data encryption/decryption method and related equipment Withdrawn CN112118093A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910544478.3A CN112118093A (en) 2019-06-21 2019-06-21 Data encryption/decryption method and related equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910544478.3A CN112118093A (en) 2019-06-21 2019-06-21 Data encryption/decryption method and related equipment

Publications (1)

Publication Number Publication Date
CN112118093A true CN112118093A (en) 2020-12-22

Family

ID=73795282

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910544478.3A Withdrawn CN112118093A (en) 2019-06-21 2019-06-21 Data encryption/decryption method and related equipment

Country Status (1)

Country Link
CN (1) CN112118093A (en)

Similar Documents

Publication Publication Date Title
CN111131313B (en) Safety guarantee method and system for replacing ECU (electronic control Unit) of intelligent networked automobile
CN106572106B (en) Method for transmitting message between TBOX terminal and TSP platform
CN111181928B (en) Vehicle diagnosis method, server, and computer-readable storage medium
CN106357400B (en) Establish the method and system in channel between TBOX terminal and TSP platform
CN107770159B (en) Vehicle accident data recording method and related device and readable storage medium
CN109190362B (en) Secure communication method and related equipment
CN112396735B (en) Internet automobile digital key safety authentication method and device
CN110690956B (en) Bidirectional authentication method and system, server and terminal
CN115396121B (en) Security authentication method for security chip OTA data packet and security chip device
CN112565265B (en) Authentication method, authentication system and communication method between terminal devices of Internet of things
CN108540457B (en) Safety equipment and biological authentication control method and device thereof
CN113114668B (en) Information transmission method, mobile terminal, storage medium and electronic equipment
CN104735065A (en) Data processing method, electronic device and server
CN111565182B (en) Vehicle diagnosis method and device and storage medium
CN106789024A (en) A kind of remote de-locking method, device and system
CN114915504B (en) Security chip initial authentication method and system
CN114793184B (en) Security chip communication method and device based on third-party key management node
CN109451504B (en) Internet of things module authentication method and system
US20200145220A1 (en) Verification system, verification method and non-transitory computer readable storage medium
CN108989331B (en) Use authentication method of data storage device, device and storage medium thereof
CN108900595B (en) Method, device and equipment for accessing data of cloud storage server and computing medium
CN116781263B (en) Identity authentication and secret key self-updating method among in-vehicle ECUs and readable storage medium
CN109743283B (en) Information transmission method and equipment
CN116456336A (en) External equipment access security authentication method, system, automobile, equipment and storage medium
CN112702304A (en) Vehicle information verification method and device and automobile

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20201222