CN112118247A - Internet of vehicles data encryption method and system - Google Patents
Internet of vehicles data encryption method and system Download PDFInfo
- Publication number
- CN112118247A CN112118247A CN202010951790.7A CN202010951790A CN112118247A CN 112118247 A CN112118247 A CN 112118247A CN 202010951790 A CN202010951790 A CN 202010951790A CN 112118247 A CN112118247 A CN 112118247A
- Authority
- CN
- China
- Prior art keywords
- encryption
- node
- cryptographic
- current
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0485—Networking architectures for enhanced packet encryption processing, e.g. offloading of IPsec packet processing or efficient security association look-up
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the invention provides a vehicle networking data encryption method and system, wherein in the vehicle networking data encryption process, an encryption field set of a first encryption node is used for executing an encryption process of the first encryption node, when the first encryption node is in an unencrypted mark state in vehicle networking data, a second encryption service of a second encryption node is obtained, and when the second encryption service determines that the second encryption node is not in the current encryption process of the first encryption node, at least the second encryption node is executed in the current encryption process of the first encryption node. Therefore, the condition that the whole encryption process is interrupted when a certain encryption node is in the state of not encrypting the mark for various reasons can be avoided, and the encryption execution efficiency is further improved.
Description
Technical Field
The invention relates to the technical field of pipeline management, in particular to a method and a system for encrypting data of internet of vehicles.
Background
At present, when a certain encryption node is in an unencrypted marker state for various reasons, the whole encryption process is interrupted, and the encryption execution efficiency is affected.
Disclosure of Invention
In view of this, an object of the embodiments of the present invention is to provide a method and a system for encrypting data in an internet of vehicles, which can avoid interruption of an entire encryption process when an encryption node is in an unencrypted flag state for various reasons, so as to improve encryption execution efficiency.
According to one aspect of the embodiment of the invention, a vehicle networking data encryption method is provided and applied to a server, and the method comprises the following steps:
in the process of encrypting the vehicle networking data, executing an encryption process of a first encryption node by using an encryption field set of the first encryption node, wherein the encryption nodes participating in the vehicle networking data at least comprise the first encryption node and a second encryption node;
acquiring a second encryption service of the second encryption node under the condition that the first encryption node is in an unencrypted mark state in the Internet of vehicles data, wherein the first encryption node in the unencrypted mark state is set to not allow encryption node operation to be executed in the Internet of vehicles data;
executing at least the second cryptographic node in a current cryptographic process of the first cryptographic node if it is determined based on the second cryptographic service that the second cryptographic node is not within the current cryptographic process of the first cryptographic node, wherein the current cryptographic process is a cryptographic process executed on a first cryptographic service with the set of cryptographic fields of the first cryptographic node, the first cryptographic service being the cryptographic service in which the first cryptographic node entered the unencrypted mark state.
In one possible example, the step of executing at least the second cryptographic node in a current cryptographic process of the first cryptographic node comprises:
and executing at least the second encryption node in the current encryption process of the first encryption node by using a first execution strategy, wherein the first execution strategy is different from a second execution strategy, and the second execution strategy is used for executing the encryption node in the current encryption process of the first encryption node.
In one possible example, the step of executing at least the second cryptographic node in a current cryptographic process of the first cryptographic node with a first execution policy comprises:
and executing the second encryption node in the current encryption process of the first encryption node according to the first execution strategy, and executing the state information of the second encryption node in the current encryption process of the first encryption node.
In one possible example, the step of executing the second cryptographic node in a current cryptographic process of the first cryptographic node with the first execution policy comprises:
determining an encryption service relationship between the second encryption node and the first encryption node according to the first encryption service of the first encryption node and the second encryption service in which the second encryption node is positioned, wherein the encryption service relationship is used for indicating that the second encryption node is not at least partially in a current encryption process of the first encryption node;
in the case that the encryption service relationship indicates that the second encryption node is partially not in the current encryption process of the first encryption node, executing the part of the second encryption node which is not in the current encryption process of the first encryption node in a manner of setting an execution sequence;
and in the case that the encryption service relationship indicates that the second encryption node is not completely in the current encryption process of the first encryption node, completely executing the second encryption node in the current encryption process of the first encryption node in a mode of setting an execution sequence.
In one possible example, the step of determining a cryptographic service relationship between the second cryptographic node and the first cryptographic node as a function of the first cryptographic service of the first cryptographic node and a second cryptographic service in which the second cryptographic node is located comprises:
determining, by the first cryptographic service and the second cryptographic service, a first cryptographic mating parameter between the first cryptographic node and the second cryptographic node;
under the condition that the first encryption matching parameter is not larger than a null sequence encryption matching parameter of the first encryption node, detecting whether a linkage encryption process exists between the first encryption node and the second encryption node, wherein the null sequence encryption matching parameter is the maximum encryption matching parameter which allows the first encryption node to be visible, and the linkage encryption process is used for at least partially associating the second encryption node with the first encryption node;
when the first encryption cooperation parameter is larger than the empty-sequence encryption cooperation parameter or the linkage encryption process completely associates the second encryption node with the first encryption node, the encryption service relationship is used for indicating that the second encryption node is not completely in the current encryption process of the first encryption node;
and under the condition that the first encryption coordination parameter is not larger than the empty-sequence encryption coordination parameter and the linkage encryption process partially associates the second encryption node with the first encryption node, the encryption service relationship is used for indicating that the second encryption node is partially not in the current encryption process of the first encryption node.
According to another aspect of the embodiment of the present invention, there is provided a vehicle networking data encryption system, applied to a server, the system including:
the first execution module is used for executing an encryption process of a first encryption node by using an encryption field set of the first encryption node in the process of encrypting the vehicle networking data, wherein the encryption nodes participating in the vehicle networking data at least comprise the first encryption node and a second encryption node;
an obtaining module, configured to obtain a second encrypted service of the second encrypted node when the first encrypted node is in an unencrypted flag state in the in-vehicle networking data, where the first encrypted node in the unencrypted flag state is set to disallow execution of an encrypted node operation in the in-vehicle networking data;
a second execution module, configured to execute at least the second cryptographic node in a current cryptographic process of the first cryptographic node if it is determined, based on the second cryptographic service, that the second cryptographic node is not within the current cryptographic process of the first cryptographic node, where the current cryptographic process is a cryptographic process executed on a first cryptographic service with the set of cryptographic fields of the first cryptographic node, and the first cryptographic service is a cryptographic service in which the first cryptographic node enters the unencrypted marked state.
According to another aspect of the embodiments of the present invention, a readable storage medium is provided, and the readable storage medium stores a computer program, and the computer program, when being encrypted by a processor, can execute the steps of the above-mentioned vehicle networking data encryption method.
Compared with the prior art, the method and the system for encrypting the data of the internet of vehicles provided by the embodiment of the invention have the advantages that the encryption process of the first encryption node is executed by using the encryption field set of the first encryption node in the process of encrypting the data of the internet of vehicles, the second encryption service of the second encryption node is obtained under the condition that the first encryption node is in the unencrypted mark state in the data of the internet of vehicles, and at least the second encryption node is executed in the current encryption process of the first encryption node under the condition that the second encryption node is determined not to be in the current encryption process of the first encryption node based on the second encryption service. Therefore, the condition that the whole encryption process is interrupted when a certain encryption node is in the state of not encrypting the mark for various reasons can be avoided, and the encryption execution efficiency is further improved.
In order to make the aforementioned objects, features and advantages of the embodiments of the present invention comprehensible, embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
FIG. 1 illustrates a component diagram of a server provided by an embodiment of the invention;
FIG. 2 is a schematic flow chart illustrating a method for encrypting data in the Internet of vehicles according to an embodiment of the present invention;
fig. 3 shows a functional block diagram of a car networking data encryption system provided by an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood by the scholars in the technical field, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms "first," "second," "third," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are, for example, capable of operation in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Fig. 1 shows an exemplary component schematic of a server 100. The server 100 may include one or more processors 104, such as one or more Central Processing Units (CPUs), each of which may implement one or more hardware threads. The server 100 may also include any storage media 106 for storing any kind of information, such as code, settings, data, etc. For example, and without limitation, storage medium 106 may include any one or more of the following in combination: any type of RAM, any type of ROM, flash memory devices, hard disks, optical disks, etc. More generally, any storage medium may use any technology to store information. Further, any storage medium may provide volatile or non-volatile retention of information. Further, any storage medium may represent a fixed or removable component of server 100. In one case, when the processor 104 executes the associated instructions stored in any storage medium or combination of storage media, the server 100 may perform any of the operations of the associated instructions. The server 100 further comprises one or more drive units 108 for interacting with any storage medium, such as a hard disk drive unit, an optical disk drive unit, etc.
The server 100 also includes input/output 110 (I/O) for receiving various inputs (via input unit 112) and for providing various outputs (via output unit 114)). One particular output mechanism may include a presentation device 116 and an associated Graphical User Interface (GUI) 118. The server 100 may also include one or more network interfaces 120 for exchanging data with other devices via one or more communication units 122. One or more communication buses 124 couple the above-described components together.
The communication unit 122 may be implemented in any manner, such as over a local area network, a wide area network (e.g., the internet), a point-to-point connection, etc., or any combination thereof. The communication unit 122 may include any combination of hardwired links, wireless links, routers, gateway functions, name servers 100, and so forth, governed by any protocol or combination of protocols.
Fig. 2 is a schematic flowchart illustrating a method for encrypting data in a vehicle networking system according to an embodiment of the present invention, where the method for encrypting data in a vehicle networking system is executed by the server 100 shown in fig. 1, and the detailed steps of the method for encrypting data in a vehicle networking system are described as follows.
Step S110, in the process of encrypting the data of the Internet of vehicles, executing an encryption process of a first encryption node by using an encryption field set of the first encryption node, wherein the encryption nodes participating in the data of the Internet of vehicles at least comprise the first encryption node and a second encryption node;
step S120, when the first encryption node is in an unencrypted flag state in the Internet of vehicles data, acquiring a second encryption service of the second encryption node, wherein the first encryption node in the unencrypted flag state is set to disallow execution of encryption node operation in the Internet of vehicles data;
step S130, in a case that it is determined that the second encryption node is not in the current encryption process of the first encryption node based on the second encryption service, at least executing the second encryption node in the current encryption process of the first encryption node, where the current encryption process is an encryption process executed on a first encryption service with the set of encryption fields of the first encryption node, and the first encryption service is an encryption service in which the first encryption node enters the unencrypted mark state.
Based on the above steps, in the process of encrypting the car networking data, the encryption process of the first encryption node is executed by using the encryption field set of the first encryption node, when the first encryption node is in the unencrypted mark state in the car networking data, the second encryption service of the second encryption node is obtained, and when it is determined that the second encryption node is not in the current encryption process of the first encryption node based on the second encryption service, at least the second encryption node is executed in the current encryption process of the first encryption node. Therefore, the condition that the whole encryption process is interrupted when a certain encryption node is in the state of not encrypting the mark for various reasons can be avoided, and the encryption execution efficiency is further improved.
In one possible example, for step S130, the present embodiment may execute at least the second cryptographic node in the current cryptographic process of the first cryptographic node with a first execution policy, where the first execution policy is different from a second execution policy, and the second execution policy is used for executing the cryptographic node in the current cryptographic process of the first cryptographic node.
For example, the second cryptographic node may be executed in the current cryptographic process of the first cryptographic node with the first execution policy, and the state information of the second cryptographic node may be executed in the current cryptographic process of the first cryptographic node.
In detail, in a possible example, the present embodiment may determine an encryption service relationship between the second encryption node and the first encryption node according to the first encryption service of the first encryption node and the second encryption service in which the second encryption node is located, where the encryption service relationship is used to indicate that the second encryption node is at least partially not in a current encryption process of the first encryption node.
On the basis, in the case that the encryption service relationship indicates that the second encryption node is partially not in the current encryption process of the first encryption node, the part of the second encryption node which is not in the current encryption process of the first encryption node is executed in the current encryption process of the first encryption node in a manner of setting the execution sequence.
Then, in the case that the encryption service relationship indicates that the second encryption node is completely not in the current encryption process of the first encryption node, the second encryption node is completely executed in a mode of setting an execution sequence in the current encryption process of the first encryption node.
In detail, in the process of determining the encryption service relationship between the second encryption node and the first encryption node according to the first encryption service of the first encryption node and the second encryption service in which the second encryption node is located, the embodiment may determine the first encryption matching parameter between the first encryption node and the second encryption node by the first encryption service and the second encryption service, in the case that the first encryption coordination parameter is not greater than the null-order encryption coordination parameter of the first encryption node, detecting whether a linkage encryption process exists between the first encryption node and the second encryption node, wherein the null-sequence encryption coordination parameter is a maximum encryption coordination parameter that is allowed to be visible to the first encryption node, the linked encryption process is operable to at least partially associate the second encryption node with the first encryption node.
On this basis, the encryption service relationship may be configured to indicate that the second encryption node is completely absent from the current encryption process of the first encryption node, when the first encryption cooperation parameter is greater than the empty-sequence encryption cooperation parameter or the linkage encryption process completely associates the second encryption node with the first encryption node. Or, when the first encryption cooperation parameter is not greater than the empty-sequence encryption cooperation parameter and the linkage encryption process partially associates the second encryption node with the first encryption node, the encryption service relationship is used to indicate that the second encryption node is partially not in the current encryption process of the first encryption node.
Fig. 3 shows a functional block diagram of a car networking data encryption system 200 provided in an embodiment of the present invention, where the functions implemented by the car networking data encryption system 200 may correspond to the steps executed by the foregoing method. The car networking data encryption system 200 may be understood as the server 100 or a processor of the server 100, or may be understood as a component that is independent from the server 100 or the processor and implements the functions of the present invention under the control of the server 100, as shown in fig. 3, and the functions of the functional modules of the car networking data encryption system 200 are described in detail below.
The first execution module 210 is configured to execute an encryption process of a first encryption node with an encryption field set of the first encryption node in an encryption process of the vehicle networking data, where encryption nodes participating in the vehicle networking data at least include the first encryption node and a second encryption node;
an obtaining module 220, configured to obtain a second encrypted service of the second encrypted node when the first encrypted node is in an unencrypted flag state in the in-vehicle networking data, where the first encrypted node in the unencrypted flag state is set to disallow execution of an encrypted node operation in the in-vehicle networking data;
a second executing module 230, configured to execute at least the second cryptographic node in a current cryptographic process of the first cryptographic node if it is determined that the second cryptographic node is not in the current cryptographic process of the first cryptographic node based on the second cryptographic service, where the current cryptographic process is a cryptographic process executed on a first cryptographic service with the set of cryptographic fields of the first cryptographic node, and the first cryptographic service is a cryptographic service in which the first cryptographic node enters the unencrypted mark state.
In one possible example, the second execution module 230 executes at least the second cryptographic node in the current cryptographic process of the first cryptographic node by:
and executing at least the second encryption node in the current encryption process of the first encryption node by using a first execution strategy, wherein the first execution strategy is different from a second execution strategy, and the second execution strategy is used for executing the encryption node in the current encryption process of the first encryption node.
In one possible example, the second enforcement module 230 enforces at least the second cryptographic node in its current cryptographic process with a first enforcement policy by:
and executing the second encryption node in the current encryption process of the first encryption node according to the first execution strategy, and executing the state information of the second encryption node in the current encryption process of the first encryption node.
In one possible example, the second execution module 230 executes the second cryptographic node in the current cryptographic process of the first cryptographic node with the first execution policy by:
determining an encryption service relationship between the second encryption node and the first encryption node according to the first encryption service of the first encryption node and the second encryption service in which the second encryption node is positioned, wherein the encryption service relationship is used for indicating that the second encryption node is not at least partially in a current encryption process of the first encryption node;
in the case that the encryption service relationship indicates that the second encryption node is partially not in the current encryption process of the first encryption node, executing the part of the second encryption node which is not in the current encryption process of the first encryption node in a manner of setting an execution sequence;
and in the case that the encryption service relationship indicates that the second encryption node is not completely in the current encryption process of the first encryption node, completely executing the second encryption node in the current encryption process of the first encryption node in a mode of setting an execution sequence.
In one possible example, the second execution module 230 determines the cryptographic service relationship between the second cryptographic node and the first cryptographic node by:
determining, by the first cryptographic service and the second cryptographic service, a first cryptographic mating parameter between the first cryptographic node and the second cryptographic node;
under the condition that the first encryption matching parameter is not larger than a null sequence encryption matching parameter of the first encryption node, detecting whether a linkage encryption process exists between the first encryption node and the second encryption node, wherein the null sequence encryption matching parameter is the maximum encryption matching parameter which allows the first encryption node to be visible, and the linkage encryption process is used for at least partially associating the second encryption node with the first encryption node;
when the first encryption cooperation parameter is larger than the empty-sequence encryption cooperation parameter or the linkage encryption process completely associates the second encryption node with the first encryption node, the encryption service relationship is used for indicating that the second encryption node is not completely in the current encryption process of the first encryption node;
and under the condition that the first encryption coordination parameter is not larger than the empty-sequence encryption coordination parameter and the linkage encryption process partially associates the second encryption node with the first encryption node, the encryption service relationship is used for indicating that the second encryption node is partially not in the current encryption process of the first encryption node.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus and method embodiments described above are illustrative only, as the flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, the functional modules in the embodiments of the present invention may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
Alternatively, all or part of the implementation may be in software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any drawing credit or debit acknowledgement in the claims should not be construed as limiting the claim concerned.
Claims (10)
1. A vehicle networking data encryption method is applied to a server, and comprises the following steps:
in the process of encrypting the vehicle networking data, executing an encryption process of a first encryption node by using an encryption field set of the first encryption node, wherein the encryption nodes participating in the vehicle networking data at least comprise the first encryption node and a second encryption node;
acquiring a second encryption service of the second encryption node under the condition that the first encryption node is in an unencrypted mark state in the Internet of vehicles data, wherein the first encryption node in the unencrypted mark state is set to not allow encryption node operation to be executed in the Internet of vehicles data;
executing at least the second cryptographic node in a current cryptographic process of the first cryptographic node if it is determined based on the second cryptographic service that the second cryptographic node is not within the current cryptographic process of the first cryptographic node, wherein the current cryptographic process is a cryptographic process executed on a first cryptographic service with the set of cryptographic fields of the first cryptographic node, the first cryptographic service being the cryptographic service in which the first cryptographic node entered the unencrypted mark state.
2. The vehicle networking data encryption method of claim 1, wherein the step of executing at least the second encryption node in the current encryption process of the first encryption node comprises:
and executing at least the second encryption node in the current encryption process of the first encryption node by using a first execution strategy, wherein the first execution strategy is different from a second execution strategy, and the second execution strategy is used for executing the encryption node in the current encryption process of the first encryption node.
3. The vehicle networking data encryption method according to claim 2, wherein the step of executing at least the second encryption node in a current encryption process of the first encryption node with a first execution policy comprises:
and executing the second encryption node in the current encryption process of the first encryption node according to the first execution strategy, and executing the state information of the second encryption node in the current encryption process of the first encryption node.
4. The vehicle networking data encryption method of claim 3, wherein the step of executing the second encryption node in the current encryption process of the first encryption node with the first execution policy comprises:
determining an encryption service relationship between the second encryption node and the first encryption node according to the first encryption service of the first encryption node and the second encryption service in which the second encryption node is positioned, wherein the encryption service relationship is used for indicating that the second encryption node is not at least partially in a current encryption process of the first encryption node;
in the case that the encryption service relationship indicates that the second encryption node is partially not in the current encryption process of the first encryption node, executing the part of the second encryption node which is not in the current encryption process of the first encryption node in a manner of setting an execution sequence;
and in the case that the encryption service relationship indicates that the second encryption node is not completely in the current encryption process of the first encryption node, completely executing the second encryption node in the current encryption process of the first encryption node in a mode of setting an execution sequence.
5. The vehicle networking data encryption method according to claim 4, wherein the step of determining the encryption service relationship between the second encryption node and the first encryption node according to the first encryption service of the first encryption node and a second encryption service in which the second encryption node is located comprises:
determining, by the first cryptographic service and the second cryptographic service, a first cryptographic mating parameter between the first cryptographic node and the second cryptographic node;
under the condition that the first encryption matching parameter is not larger than a null sequence encryption matching parameter of the first encryption node, detecting whether a linkage encryption process exists between the first encryption node and the second encryption node, wherein the null sequence encryption matching parameter is the maximum encryption matching parameter which allows the first encryption node to be visible, and the linkage encryption process is used for at least partially associating the second encryption node with the first encryption node;
when the first encryption cooperation parameter is larger than the empty-sequence encryption cooperation parameter or the linkage encryption process completely associates the second encryption node with the first encryption node, the encryption service relationship is used for indicating that the second encryption node is not completely in the current encryption process of the first encryption node;
and under the condition that the first encryption coordination parameter is not larger than the empty-sequence encryption coordination parameter and the linkage encryption process partially associates the second encryption node with the first encryption node, the encryption service relationship is used for indicating that the second encryption node is partially not in the current encryption process of the first encryption node.
6. A car networking data encryption system is characterized in that the system is applied to a server, and the system comprises:
the first execution module is used for executing an encryption process of a first encryption node by using an encryption field set of the first encryption node in the process of encrypting the vehicle networking data, wherein the encryption nodes participating in the vehicle networking data at least comprise the first encryption node and a second encryption node;
an obtaining module, configured to obtain a second encrypted service of the second encrypted node when the first encrypted node is in an unencrypted flag state in the in-vehicle networking data, where the first encrypted node in the unencrypted flag state is set to disallow execution of an encrypted node operation in the in-vehicle networking data;
a second execution module, configured to execute at least the second cryptographic node in a current cryptographic process of the first cryptographic node if it is determined, based on the second cryptographic service, that the second cryptographic node is not within the current cryptographic process of the first cryptographic node, where the current cryptographic process is a cryptographic process executed on a first cryptographic service with the set of cryptographic fields of the first cryptographic node, and the first cryptographic service is a cryptographic service in which the first cryptographic node enters the unencrypted marked state.
7. The internet of vehicles data encryption system of claim 6, wherein the second execution module executes at least the second encryption node in the current encryption process of the first encryption node by:
and executing at least the second encryption node in the current encryption process of the first encryption node by using a first execution strategy, wherein the first execution strategy is different from a second execution strategy, and the second execution strategy is used for executing the encryption node in the current encryption process of the first encryption node.
8. The internet of vehicles data encryption system of claim 7, wherein the second enforcement module enforces at least the second encryption node in a current encryption process of the first encryption node with a first enforcement policy by:
and executing the second encryption node in the current encryption process of the first encryption node according to the first execution strategy, and executing the state information of the second encryption node in the current encryption process of the first encryption node.
9. The internet of vehicles data encryption system of claim 8, wherein the second enforcement module enforces the second encryption node in the current encryption process of the first encryption node with the first enforcement policy by:
determining an encryption service relationship between the second encryption node and the first encryption node according to the first encryption service of the first encryption node and the second encryption service in which the second encryption node is positioned, wherein the encryption service relationship is used for indicating that the second encryption node is not at least partially in a current encryption process of the first encryption node;
in the case that the encryption service relationship indicates that the second encryption node is partially not in the current encryption process of the first encryption node, executing the part of the second encryption node which is not in the current encryption process of the first encryption node in a manner of setting an execution sequence;
and in the case that the encryption service relationship indicates that the second encryption node is not completely in the current encryption process of the first encryption node, completely executing the second encryption node in the current encryption process of the first encryption node in a mode of setting an execution sequence.
10. The internet of vehicles data encryption system of claim 9, wherein the second execution module determines the encrypted service relationship between the second encryption node and the first encryption node by:
determining, by the first cryptographic service and the second cryptographic service, a first cryptographic mating parameter between the first cryptographic node and the second cryptographic node;
under the condition that the first encryption matching parameter is not larger than a null sequence encryption matching parameter of the first encryption node, detecting whether a linkage encryption process exists between the first encryption node and the second encryption node, wherein the null sequence encryption matching parameter is the maximum encryption matching parameter which allows the first encryption node to be visible, and the linkage encryption process is used for at least partially associating the second encryption node with the first encryption node;
when the first encryption cooperation parameter is larger than the empty-sequence encryption cooperation parameter or the linkage encryption process completely associates the second encryption node with the first encryption node, the encryption service relationship is used for indicating that the second encryption node is not completely in the current encryption process of the first encryption node;
and under the condition that the first encryption coordination parameter is not larger than the empty-sequence encryption coordination parameter and the linkage encryption process partially associates the second encryption node with the first encryption node, the encryption service relationship is used for indicating that the second encryption node is partially not in the current encryption process of the first encryption node.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010951790.7A CN112118247B (en) | 2020-09-11 | 2020-09-11 | Internet of vehicles data encryption method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010951790.7A CN112118247B (en) | 2020-09-11 | 2020-09-11 | Internet of vehicles data encryption method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112118247A true CN112118247A (en) | 2020-12-22 |
| CN112118247B CN112118247B (en) | 2022-04-12 |
Family
ID=73802940
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010951790.7A Active CN112118247B (en) | 2020-09-11 | 2020-09-11 | Internet of vehicles data encryption method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112118247B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107483393A (en) * | 2016-11-22 | 2017-12-15 | 宝沃汽车(中国)有限公司 | Communication means, server and the communication system of car networking |
| CN108292993A (en) * | 2015-09-18 | 2018-07-17 | 翠里姆股份有限公司 | For improve computer network computer execute encryption method and for its terminal, system and computer-readable medium |
| CN109951479A (en) * | 2019-03-19 | 2019-06-28 | 中国联合网络通信集团有限公司 | A kind of communication means, equipment and communication system |
| CN111385332A (en) * | 2018-12-29 | 2020-07-07 | 顺丰科技有限公司 | Internet of things equipment, Internet of things platform access method and equipment |
-
2020
- 2020-09-11 CN CN202010951790.7A patent/CN112118247B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108292993A (en) * | 2015-09-18 | 2018-07-17 | 翠里姆股份有限公司 | For improve computer network computer execute encryption method and for its terminal, system and computer-readable medium |
| CN107483393A (en) * | 2016-11-22 | 2017-12-15 | 宝沃汽车(中国)有限公司 | Communication means, server and the communication system of car networking |
| CN111385332A (en) * | 2018-12-29 | 2020-07-07 | 顺丰科技有限公司 | Internet of things equipment, Internet of things platform access method and equipment |
| CN109951479A (en) * | 2019-03-19 | 2019-06-28 | 中国联合网络通信集团有限公司 | A kind of communication means, equipment and communication system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112118247B (en) | 2022-04-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112118247B (en) | Internet of vehicles data encryption method and system | |
| CN112100844B (en) | Internet of vehicles information configuration simulation method and system | |
| CN111324753B (en) | Media information publishing management method and system | |
| CN113810356A (en) | Cloud server encryption management method and system | |
| CN111951143A (en) | Scientific and technological information policy issuing method and system | |
| CN111355717A (en) | Encryption method and system for scientific and technological achievement transfer protocol | |
| CN111767561B (en) | Enterprise financial road information processing method and system | |
| CN112073468A (en) | Internet connection method and system of central management server | |
| CN111767437B (en) | Enterprise science and technology project management method and system | |
| CN111783122B (en) | Research and development trial-production information management method and system | |
| CN111353695A (en) | Intelligent hanging production line management method and system | |
| CN113901509A (en) | Member information encryption method and system | |
| CN113886844A (en) | Customer information management method and system | |
| CN111309344A (en) | Product installation information management method and system | |
| CN113901486A (en) | Intelligent medical information encryption method and system | |
| CN113821375A (en) | Database backup encryption method and system | |
| CN113222444A (en) | Intelligent office scheduling method and system based on big data | |
| CN113282596A (en) | Data updating method and system for live broadcast delivery service | |
| CN114118983A (en) | Information detection method and system for crystal sample | |
| CN111340448A (en) | Scientific and technological information policy issuing method and system | |
| CN113902235A (en) | Intelligent traffic information scheduling method and system based on cloud computing service | |
| CN113206818A (en) | Cloud server safety protection method and system | |
| CN113282480A (en) | Software development testing method and system | |
| CN111355727A (en) | Safety protection method and system for enterprise technology promotion information | |
| CN114006710A (en) | Intelligent medical data access method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |