CN112702170A - Management method, management system, viewing method and viewing terminal for vehicle data - Google Patents
Management method, management system, viewing method and viewing terminal for vehicle data Download PDFInfo
- Publication number
- CN112702170A CN112702170A CN202011536710.8A CN202011536710A CN112702170A CN 112702170 A CN112702170 A CN 112702170A CN 202011536710 A CN202011536710 A CN 202011536710A CN 112702170 A CN112702170 A CN 112702170A
- Authority
- CN
- China
- Prior art keywords
- data
- key
- authorization
- vehicle data
- vehicle
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 69
- 238000007726 management method Methods 0.000 title claims abstract description 28
- 238000013475 authorization Methods 0.000 claims abstract description 139
- 238000009826 distribution Methods 0.000 claims description 40
- 238000003860 storage Methods 0.000 claims description 31
- 238000012795 verification Methods 0.000 claims description 27
- 238000004422 calculation algorithm Methods 0.000 claims description 18
- 238000013523 data management Methods 0.000 claims description 18
- 238000004891 communication Methods 0.000 claims description 10
- 230000003993 interaction Effects 0.000 claims description 7
- 238000005516 engineering process Methods 0.000 abstract description 16
- 230000005540 biological transmission Effects 0.000 abstract description 8
- 230000008569 process Effects 0.000 description 12
- 238000010586 diagram Methods 0.000 description 9
- 238000004590 computer program Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 7
- 238000012545 processing Methods 0.000 description 4
- 238000013478 data encryption standard Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 244000035744 Hura crepitans Species 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000009792 diffusion process Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Abstract
The invention relates to the field of vehicle data encryption, in particular to a management method, a management system, a checking method and a checking terminal of vehicle data, wherein the management method comprises the steps of carrying out digital signature by adopting a public-private key pair and determining the authorization states of a data checking party and a data providing party; vehicle data is encrypted through a data key, and the data key is encrypted and decrypted by using a dynamic key; the invention integrates the technologies of data encryption and decryption, dynamic key protection, digital signature, key secure transmission, digital signature authorization revocation and the like to form a technical closed loop, realizes the authorization protection of data in service application, verifies the authenticity of data authorization data, realizes the integrated application of combining the digital signature and the key on a personal data authorization protection method, and effectively protects the security of personal vehicle data.
Description
Technical Field
The invention relates to the field of vehicle data encryption, in particular to a vehicle data management method, a vehicle data management system, a vehicle data checking method and a vehicle data checking terminal.
Background
At present, an automobile uploads collected vehicle CAN bus data to an enterprise platform and a public supervision platform through vehicle-mounted Tbox equipment. The public supervision platform is a platform of government background, collected data comprises data such as driving data, state data, battery information, motor information, electric control information, driver operation information, fault information and the like of vehicles, wherein part of the data belongs to personal vehicle information and cannot be provided for a third party to check and use without personal authorization. Due to the reasons of low supervision, insufficient management technology and the like, on one hand, sensitive data related to personal information in data generated and uploaded to enterprises and public platforms in the use process of vehicles cannot be really and effectively protected; on the other hand, for the insurance industry, the second-hand car market and other industries with service requirements on driving data analysis, personal authorization is required to check the data related to private vehicles, authorization data cannot be effectively verified, and the authorized data can be easily copied and transmitted at will and cannot be cancelled.
In the prior art, a common encryption technology is a symmetric encryption and decryption technology, which is an earlier encryption algorithm and is characterized by algorithm disclosure, small calculation amount, high encryption speed, high encryption efficiency, high encryption and decryption speed and difficult cracking property when a long key is used. However, since the same key is used by the sender and the receiver, the confidentiality of the key is crucial to the security of communication, and it is difficult to ensure the secure transmission and management of the key.
CN111327605A discloses a terminal server and a system for transmitting private information, which adopt an asymmetric encryption algorithm to transmit data between a terminal and the server, the terminal and the server generate the same shared secret key through ECDH protocol calculation according to a first private key and a second public key to encrypt and decrypt the data, and send the encrypted data to the server.
In addition, the existing data encryption technology mainly focuses on the utilization of the encryption and decryption technology, only considers the protection of the data, does not protect the key, is usually used alone, and is not integrated with other technologies for application; and often only data is uploaded to a server or a cloud platform, but authenticity of authorized data cannot be verified, and confidentiality of the data in service application cannot be guaranteed.
Disclosure of Invention
In view of technical defects and technical drawbacks existing in the prior art, embodiments of the present invention provide a vehicle data management method, a vehicle data management system, a vehicle data viewing method, and a vehicle data viewing terminal that overcome or at least partially solve the above problems, so as to implement an integrated application of a digital signature and a secret key in a personal data authorization protection method, implement a complete closed-loop technology for authorization, revocation, data encryption and decryption, etc. in a personal vehicle data management and viewing process, and have simple implementation and high security.
As an aspect of the embodiments of the present invention, a management method of vehicle data is provided, where the management method includes digitally signing with a public-private key pair, and determining authorization states of a data viewer and a data provider; vehicle data is encrypted by a data key, and the data key is encrypted and decrypted using a dynamic key.
Further, the method comprises:
receiving a viewing request for viewing data of a data provider by a data viewer;
generating an authorization application digitally signed by a private key, acquiring a public key to verify the validity of the authorization application, and verifying the authorization states of the data viewer and the data provider;
sending the dynamic key to a data viewing party, encrypting vehicle data by using the data key and encrypting the data key by using the dynamic key;
the encrypted data key and vehicle data are returned.
Further, the method comprises:
the dynamic key and the data key adopt a symmetric encryption algorithm; and/or
And the public and private key pair adopts an asymmetric encryption algorithm.
As an aspect of an embodiment of the present invention, there is provided a management system of vehicle data, including:
the vehicle data platform is used for storing vehicle data, encrypting the vehicle data through a digital key and encrypting the digital key through a dynamic key;
the authentication authorization platform is used for carrying out digital signature by adopting a public-private key pair and verifying the authorization state of the data viewer and the data provider;
the key distribution platform is used for providing a public and private key pair for data signature and a digital key and a dynamic key for encrypting and decrypting vehicle data, and a public key and a dynamic key in the public and private key pair are respectively stored in a key distribution platform public key library and a dynamic key library;
when the vehicle data platform receives the data viewing request, the authentication and authorization platform receives an authorization application and carries out authorization state verification; and after the authorization state is verified, the key distribution platform sends the dynamic key to the data viewer, and the vehicle data platform acquires the digital key and the dynamic key from the key distribution platform to encrypt the vehicle data.
Further, the step of verifying the authorization status comprises:
the method comprises the steps that an authentication authorization platform receives an authorization application of a data viewer for viewing data of a data provider, the authorization application acquires a private key of the data viewer through a key distribution platform for digital signature, the authentication authorization platform acquires a public key of the data viewer through the key distribution platform to verify the validity of the authorization application, and the data provider is informed to authorize after the validity verification is passed;
the authentication and authorization platform receives a data authorization acceptance which is digitally signed by a private key of a data provider, acquires a public key of the data provider sent by the key distribution platform, verifies the validity of the data authorization acceptance, and changes the authorization state into the authorized state after the verification is passed.
As still another aspect of the embodiments of the present invention, there is provided a viewing method of vehicle data, the method including:
sending a viewing request of the vehicle data;
obtaining a verification result of the authorization states of the data viewer and the data provider;
confirming the validity of the dynamic key stored in the memory, and when the dynamic key stored in the memory is unavailable, acquiring the dynamic key and storing the dynamic key into the memory;
acquiring a data key encrypted by a dynamic key and vehicle data encrypted by the data key;
and extracting the dynamic key in the memory for decryption to obtain a data key, and checking the vehicle data decrypted by the data key.
Further, the method further comprises:
sending a revocation application; the authorization states of the data viewer and the data provider comprise an authorized state and an unauthorized state;
and converting the authorized state into the unauthorized state according to a revocation application of a data viewer and/or a data provider.
As another aspect of the embodiments of the present invention, there is provided a viewing terminal for vehicle data, the viewing terminal including:
the request module is used for sending a viewing request of the vehicle data through a terminal program;
the authorization verification module is used for acquiring a verification result of the authorization state of the data viewer and the data provider through interaction with the authentication authorization platform;
the checking module is used for confirming the validity of the dynamic key stored in the storage module, and when the dynamic key stored in the storage module is unavailable, the key distribution platform acquires the dynamic key and stores the dynamic key into the storage module;
the acquisition module is used for acquiring the data key encrypted by the dynamic key and the vehicle data encrypted by the data key by the vehicle data platform;
the decryption module is used for extracting the dynamic key in the storage module, decrypting the dynamic key in the storage module to obtain a data key, and decrypting the vehicle data by using the data key;
and the storage module is used for storing the dynamic key in a scattered manner.
As another aspect of the embodiments of the present invention, there is provided an electronic device including at least one memory, at least one processor, a communication bus, and a management program of vehicle data, or a viewing program of vehicle data, stored on the memory,
the communication bus is used for realizing communication connection between the processor and the memory;
the processor is configured to execute the management program of the vehicle data to implement the steps of the management method of the vehicle data according to any one of the above embodiments; or
The processor is configured to execute the viewing program of the vehicle data to implement the steps of the viewing method of the vehicle data according to the above embodiment.
As another aspect of the embodiments of the present invention, there is provided a storage medium having stored thereon at least a management program of vehicle data that realizes the steps of the management method of vehicle data according to any one of the above-described embodiments when executed by a processor, or a viewing program of vehicle data that realizes the steps of the viewing method of vehicle data according to the above-described embodiments when executed by a processor.
The embodiment of the invention at least realizes the following partial technical effects:
the embodiment of the invention provides a vehicle data management method and system, a checking method and a checking terminal based on the vehicle data management method or system, and the vehicle data management method and system can be used for realizing the integrated application of a digital signature and a secret key on a personal data authorization protection method by utilizing secret key safe transmission and secret key storage control technologies, thereby effectively protecting the safety of personal vehicle data. The invention integrates the technologies of data encryption and decryption, dynamic key protection, digital signature, key secure transmission, digital signature authorization revocation and the like to form a technical closed loop, realizes the authorization protection of data in service application, verifies the authenticity of data authorization data, considers the protection of the data in the data encryption and decryption process, and combines the data authorization and the protection of the key to provide the vehicle driving data integrated digital signature and encryption and decryption technology.
In addition, the embodiment of the invention can further check the authorization information of the sent data, realize the withdrawal function and effectively prevent the personal data from being diffused and used continuously in an unauthorized state.
Additional features and advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The objectives and other advantages of the invention will be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
The technical solution of the present invention is further described in detail by the accompanying drawings and embodiments.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
FIG. 1 is a flow chart of a method for managing vehicle data according to an embodiment of the present invention;
FIG. 2 is a detailed flowchart of a method for managing vehicle data according to an embodiment of the present invention;
FIG. 3 is a schematic view of a vehicle data management system according to an embodiment of the present invention;
FIG. 4 is a schematic flow chart of a vehicle data platform receiving a data query according to an embodiment of the present invention;
FIG. 5 is a flowchart of a method for viewing vehicle data according to an embodiment of the present invention;
FIG. 6 is a schematic view of a viewing terminal for vehicle data according to an embodiment of the present invention;
FIG. 7 is a flow chart illustrating interaction between data streams of a viewing terminal for vehicle data in an embodiment of the present invention;
fig. 8 is an interaction diagram of the certificate authority platform and the key distribution platform according to an embodiment of the present invention.
Detailed Description
In order to explain technical contents, achieved objects, and effects of the present invention in detail, the following description is made with reference to the accompanying drawings in combination with the embodiments.
The figures and the following description depict alternative embodiments of the invention to teach those skilled in the art how to make and use the invention. Some conventional aspects have been simplified or omitted for the purpose of teaching the present invention. Those skilled in the art will appreciate that variations or substitutions from these embodiments will fall within the scope of the invention. Those skilled in the art will appreciate that the features described below can be combined in various ways to form multiple variations of the invention. Thus, the present invention is not limited to the following alternative embodiments, but is only limited by the claims and their equivalents.
In one embodiment, as shown in fig. 1, there is provided a management method of vehicle data, the management method including,
s11, performing digital signature by using a public-private key pair, and determining the authorization states of a data viewer and a data provider;
s12 encrypts the vehicle data with the data key and encrypts and decrypts the data key using the dynamic key.
In the embodiment, when the personal data is authorized to be accessed, the digital signature can replace a paper contract, so that the efficient and automatic authorization process is realized, and meanwhile, the encryption technology can be used for preventing the personal data from being randomly diffused and leaked, wherein the digital signature is a public key digital signature, a section of digital string which cannot be forged by others and can be generated only by a sender of the information is also an effective proof for the authenticity of the information sent by the sender of the information; digital signatures are non-repudiatable.
Preferably, the public-private key pair may adopt an asymmetric encryption algorithm; the dynamic key and the data key can adopt a symmetric encryption algorithm; by combining the symmetric encryption algorithm with the digital signature, the data viewer can obtain the right to be checked, and the obtained data content is not verified. The symmetric encryption algorithm is an encryption method using a single-key cryptosystem, and the same key can be used for information encryption and decryption at the same time. Common one-way Encryption algorithms include des (data Encryption standard): the data encryption is standard, the speed is high, and the method is suitable for occasions where a large amount of data is encrypted; 3DES (triple DES): based on DES, three different keys are used for encrypting one block of data for three times, so that the intensity is higher; AES (advanced Encryption Standard) advanced Encryption standard is a next generation Encryption algorithm standard, has high speed and high security level, and supports Encryption of 128, 192, 256 and 512 bit keys; the present implementation preferably employs AES 256; the asymmetric encryption algorithm is a public key encryption technology and is proposed aiming at the defect of a private key cryptosystem (symmetric encryption algorithm). Different from a symmetric cryptosystem, in a public key encryption system, encryption and decryption are relatively independent, two different keys are used for encryption and decryption, an encryption key (a public key) is disclosed to the public, and can be used by anyone, a decryption key (a secret key) is only known by a decryption person, an illegal user cannot calculate the decryption key according to the disclosed encryption key, and the information protection strength is greatly enhanced. The present embodiment preferably employs the RSA asymmetric key encryption algorithm.
In one embodiment, as shown with reference to FIG. 2, the method includes:
s21, receiving a viewing request of a data viewer for viewing data of a data provider;
s22, generating an authorization application digitally signed by a private key, acquiring a public key to verify the validity of the authorization application, and verifying the authorization states of the data viewer and the data provider;
s23 sending the dynamic key to the data viewer, and encrypting the vehicle data with the data key and encrypting the data key with the dynamic key;
s24 returns the encrypted data key and the vehicle data.
In the embodiment, the vehicle data is integrated with a dynamic key protection technology, so that the symmetric key separation transmission and the key dynamic re-encryption protection are realized, the dynamic encryption protection is performed on the key by decrypting the data key through the dynamic key, and the data security is improved by the vehicle data encrypted by the data key and the dynamic key isolation transmission.
Based on the same inventive concept, embodiments of the present invention further provide a vehicle data management system, and the principle of the problem solved by the vehicle data management system is similar to that of the vehicle data management method in the foregoing embodiments, so that the implementation of the vehicle data management system can refer to the foregoing embodiment of the vehicle data management method, and repeated details are omitted.
In one embodiment, there is provided a management system of vehicle data, as illustrated in fig. 3, including:
the vehicle data platform 11 is used for storing vehicle data, encrypting the vehicle data through a digital key and encrypting the digital key through a dynamic key;
the authentication authorization platform 12 is used for performing digital signature by adopting a public-private key pair and verifying the authorization states of a data viewer and a data provider;
the key distribution platform 13 is used for providing a public and private key pair for data signature and a digital key and a dynamic key for encrypting and decrypting vehicle data, wherein a public key and a dynamic key in the public and private key pair are respectively stored in a key distribution platform public key library and a dynamic key library;
when the vehicle data platform 11 receives the data viewing request, the authentication authorization platform 12 receives an authorization application to carry out authorization state verification; after the authorization status is verified, the key distribution platform 13 sends the dynamic key to the data viewer, and the vehicle data platform 11 obtains the digital key and the dynamic key to encrypt the vehicle data from the key distribution platform 13.
In this embodiment, based on the key transmission manner among the authentication authorization platform 12, the key distribution platform 13, the vehicle data platform 14, and the vehicle data viewing terminal 14, the key is obtained through the key distribution platform, and the terminal cannot generate the key; obtaining encrypted data from a vehicle data platform (a service end), wherein the vehicle data platform can be a public supervision platform, such as Beijing quality inspection institute, or a data platform of a host factory, a big data alliance and the like; the embodiment realizes the authorization of the data signature through the private key and the public key, encrypts the data key through the dynamic key, and further effectively protects the security of personal data by using the key secure transmission and key storage control technology.
The public key and the private key are mainly used for identity identification and electronic authorization processes, a terminal registration is a profit-gaining exclusive public-private key pair, the private key is stored in the terminal, and the public key is stored in the key distribution platform. The dynamic key is generated by the key distribution platform when the terminal applies for the dynamic key, and is transmitted to the terminal to be stored in the terminal.
In an embodiment, referring to fig. 4, which is a schematic flow chart illustrating a process of a vehicle data platform receiving a data query, after receiving a data viewing application, a vehicle data public platform first performs authorization status verification between an application terminal (a data viewer) and a data authorization terminal (a data provider), and after the verification is passed, applies a dynamic key for using an authorization terminal and a random data key to a key distribution platform. The data key is used for encrypting vehicle data to be checked, such as vehicle static data, analysis reports and the like, the dynamic key is used for encrypting the data key, and the encrypted data key and the vehicle data are returned to the application terminal to be checked. The vehicle data platform is used for storing vehicle data uploaded by users, such as a public supervision platform; after the vehicle data platform receives the viewing request, interaction is respectively carried out on the authentication authorization platform and the key distribution platform; the key distribution platform is a platform created for the scheme of the embodiment and used for providing a dynamic key and a data key, doubly encrypting the vehicle data in the vehicle data public platform, wherein the data key is used for encrypting the vehicle data, the dynamic key is used for encrypting the data key, and the dynamic key is also used for controlling the terminal to decrypt the data; providing a private key and a public key for authorization state authentication; the authentication and authorization platform is also a platform created in the scheme of this embodiment, and is used for establishing an authorization relationship between the application terminal and the authorization terminal, that is, determining whether to authorize by using a private key to perform data signature.
In one embodiment, the step of authorization status verification comprises:
the method comprises the steps that an authentication authorization platform receives an authorization application of a data viewer for viewing data of a data provider, the authorization application acquires a private key of the data viewer through a key distribution platform for digital signature, the authentication authorization platform acquires a public key of the data viewer through the key distribution platform to verify the validity of the authorization application, and the data provider is informed to authorize after the validity verification is passed;
the authentication and authorization platform receives a data authorization acceptance which is digitally signed by a private key of a data provider, acquires a public key of the data provider sent by the key distribution platform, verifies the validity of the data authorization acceptance, and changes the authorization state into the authorized state after the verification is passed.
In this embodiment, third-party viewing authorization of vehicle data of a person is achieved, the data and the dynamic key can be accessed by a third party for viewing after authorization, a data provider and a data viewer can be mutually converted, on one hand, the data provider and the data viewer can refer to an owner of the vehicle, on the other hand, the data provider and the data viewer also refer to a non-owner of the vehicle, for example, a buyer and a seller in a second-hand vehicle buying and selling process can serve as the data viewer to trigger a data request through a terminal program, and a second-hand vehicle market platform or the buyer needs to access the seller for authorization to view vehicle information. When the scheme is applied, real-name registration and signing of an authorization protocol are required. Preferably, the data authorization and application can be uniformly understood as different functions of the terminal, and the terminal can authorize or apply.
The embodiment provides a personal vehicle data management protection scheme, when vehicle data are provided externally, authorization state verification, key acquisition and data encryption are required, the vehicle data can leave a vehicle data platform after the data and the key are all encrypted, and the decrypted vehicle data can be realized only when a terminal checks the data.
Based on the same inventive concept, embodiments of the present invention further provide a method and a terminal for viewing vehicle data, and because the principle of the problem solved by the method is similar to the method for managing vehicle data of the foregoing embodiments, reference may be made to the foregoing embodiment of the method for managing vehicle data for implementation, and repeated details are omitted.
In one embodiment, as shown in fig. 5, there is provided a viewing method of vehicle data, the method including:
s31, sending a viewing request of the vehicle data;
s32, obtaining the verification result of the authorization state of the data viewer and the data provider;
s33, confirming the validity of the stored dynamic key, and when the stored dynamic key is unavailable, acquiring and storing the dynamic key;
s34, acquiring the data key encrypted by the dynamic key and the vehicle data encrypted by the data key;
s35, the dynamic key in the memory is extracted for decryption to obtain the data key, and the vehicle data decrypted by the data key is checked.
In this embodiment, the query terminal program may request to view data and interact with the plurality of platforms, where the query terminal program automatically checks the availability of the dynamic key without being controlled by the user.
In one embodiment, the method further comprises:
sending a revocation application; the authorization states of the data viewer and the data provider comprise an authorized state and an unauthorized state;
and converting the authorized state into the unauthorized state according to a revocation application of a data viewer and/or a data provider.
The embodiment is a revocation scheme of vehicle personal data authorization, a revocation function is realized for issued data viewing authorization information, after an authorization state is effectively verified, a data provider and a data viewer can both provide a revocation application, the authorized viewing data is effectively prevented from being copied and spread arbitrarily and cannot be revoked, authorized revocation can be realized, a data viewing right of a third party is cancelled, and diffusion of personal data and continuous use of an unauthorized state are effectively prevented.
In one embodiment, a viewing terminal for vehicle data is provided, which is shown in fig. 6, and includes:
a request module 21, configured to send a viewing request of vehicle data through a terminal program;
the authorization verification module 22 is configured to obtain a verification result of the authorization status of the data viewer and the data provider through interaction with the authentication authorization platform;
the checking module 23 is used for confirming the validity of the dynamic key stored in the storage module, and when the dynamic key stored in the storage module is unavailable, the key distribution platform acquires the dynamic key and stores the dynamic key in the storage module;
the obtaining module 24 is configured to obtain, by the vehicle data platform, a data key encrypted by the dynamic key and vehicle data encrypted by the data key;
the decryption module 25 is used for extracting the dynamic key in the storage module, decrypting the dynamic key in the storage module to obtain a data key, and decrypting the vehicle data by using the data key;
and a storage module 26 for storing the dynamic key dispersedly.
In this embodiment, data viewing may be performed through an application terminal, where the application terminal refers to a terminal that triggers data viewing, such as the insurance or second-hand vehicle market client mentioned above, and the specific interaction procedure between the viewing terminal of vehicle data and the management system may be shown in fig. 7, when data is viewed, the authorized terminal firstly logs in by using a dedicated terminal program, when authorized vehicle data is viewed, authorization status verification is performed through an authentication authorization platform, after the verification is passed, whether a dynamic key stored in a memory in a decentralized manner is checked, if the dynamic key is expired or cleared, a new dynamic key is re-applied to a key distribution platform, the terminal program performs decentralized storage management in the memory, and the data key encrypted by the applied dynamic key and the encrypted vehicle data are obtained from the vehicle data platform, and decrypting the vehicle data by using the dynamic key in the memory to obtain a data key, and checking the encrypted vehicle data by using the data key.
In this embodiment, preferably, in all the processes, the dynamic key and the data key are stored in the terminal program memory in a distributed manner, so as to ensure the security of the key to the maximum extent, and the vehicle data temporary file is stored separately by using a dedicated "sandbox" of the terminal program, thereby ensuring that the decrypted file is not leaked.
In this embodiment, the terminal program further provides an operation monitor for monitoring any illegal operations that steal the memory key and the "sandbox" file, and when the illegal operations are found by the monitor, the authentication and authorization platform is immediately notified to revoke the authorization, and the key and data of the terminal program are removed.
In an embodiment, as shown in fig. 8, the interactive method of the viewing terminal and the management system at least includes:
firstly, terminal registration, real-name registration of a vehicle data checking terminal authorizer (data provider) and an authorized party (data viewer) are required to be carried out through an authentication authorization platform when the vehicle data checking terminal authorizer and the authorized party (data viewer) are used, a data using protocol is signed, a private public and private key pair special for data signing is applied to a key distribution platform, a private key is sent to a terminal for storage, the key distribution platform only keeps a public key, and the public key and the private key can adopt an RSA asymmetric secret key encryption technology and are used for a digital signature process.
Wherein, the specific authorization process comprises: when a data checking terminal B (a data checking party) wants to check vehicle data of a terminal A (a data providing party), a data authorization application for checking the terminal A can be sent to an authentication authorization platform, the application information is an application form digitally signed by a private key of the terminal B, the authentication authorization platform can utilize a public key of the terminal B in a secret key distribution platform to verify the validity of the application form, and the terminal A is informed to carry out authorization after the verification; the terminal A can accept the data authorization application of the terminal B by sending an authorization book digitally signed by a private key of the terminal A to the authentication authorization platform, the authentication authorization platform can verify the validity of the authorization book by using a public key of the terminal A of the key distribution platform, and the authorization is completed if the verification is passed. The terminal B is an authorized terminal, specifically an authorized terminal program.
Both the authorizing party and the authorized party can provide revocation authorization or authorized to the platform at any time, wherein the specific steps of the revocation authorization include: any one of the vehicle data viewing terminal authorizing party and the authorized party can apply revocation authorization to the authentication authorization platform through the terminal program, and after the revocation of the authorization, the authorized party cannot view the previously authorized vehicle data.
Step two, dynamic key use application, which may specifically include: when the vehicle data platform receives a data application, the vehicle data platform applies for using a dynamic key of an authorized party to the key distribution platform, the key distribution platform sends the dynamic key which is applied by the authorized party and stored in the dynamic key base to the vehicle data platform for encrypting the data key, and the dynamic key can adopt an AES256 advanced symmetric algorithm encryption standard.
Step three, applying for a random data key, which specifically comprises the following steps: when the vehicle data platform encrypts data, a random data key is applied to the key distribution platform for encrypting vehicle data authorized to be viewed, and the random data key can adopt an AES256 advanced symmetric algorithm encryption standard.
Based on the same inventive concept, embodiments of the present invention further provide an electronic device and a storage medium, and as the principle of the problem solved by the electronic device and the storage medium is similar to the vehicle data management method or the vehicle data viewing method of the foregoing embodiments, reference may be made to the foregoing embodiments of the vehicle data management method or the vehicle data viewing method for implementation, and repeated details are omitted here.
In one embodiment, an electronic device is provided that includes at least one memory, at least one processor, a communication bus, and a vehicle data management program, or a vehicle data viewing program, stored on the memory,
the communication bus is used for realizing communication connection between the processor and the memory;
the processor is configured to execute the management program of the vehicle data to implement the steps of the management method of the vehicle data according to any one of the above embodiments; or
The processor is configured to execute the viewing program of the vehicle data to implement the steps of the viewing method of the vehicle data according to the above embodiment.
In one embodiment, a storage medium is provided, on which at least a management program of vehicle data that realizes the steps of the management method of vehicle data according to any one of the above embodiments when executed by a processor, or a viewing program of vehicle data that realizes the steps of the viewing method of vehicle data according to the above embodiments when executed by a processor is stored.
In the embodiment, the linkage relationship between an authorized person (a data viewing party) and an authorized person (a data providing party) is formed, the mode that personal data authorization is adopted in the prior art to simply submit personal certificates and other data to a platform is broken through, and meanwhile, the data authorized to be viewed is protected and withdrawn; the invention can automate the authorization process in an electronic authorization mode, improves the authorization efficiency and the authorization management capability, also carries out encryption control on the data which is authorized to be checked, and effectively withdraws the checking right of the data when the authorization is withdrawn, thereby effectively protecting the personal vehicle data.
It is emphasized that the method of the invention is equally applicable to personal data other than vehicle data, and that vehicle data in the invention is not intended to be limiting as to the type and use of the data.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (10)
1. A management method of vehicle data, characterized by comprising,
performing digital signature by adopting a public-private key pair, and determining the authorization states of a data viewer and a data provider;
vehicle data is encrypted by a data key, and the data key is encrypted and decrypted using a dynamic key.
2. The method for managing vehicle data according to claim 1, characterized by comprising:
receiving a viewing request for viewing data of a data provider by a data viewer;
generating an authorization application digitally signed by a private key, acquiring a public key to verify the validity of the authorization application, and verifying the authorization states of the data viewer and the data provider;
sending the dynamic key to a data viewing party, encrypting vehicle data by using the data key and encrypting the data key by using the dynamic key;
the encrypted data key and vehicle data are returned.
3. The method for managing vehicle data according to claim 1, characterized by comprising:
the dynamic key and the data key adopt a symmetric encryption algorithm; and/or
And the public and private key pair adopts an asymmetric encryption algorithm.
4. A management system of vehicle data, characterized in that the management system comprises:
the vehicle data platform is used for storing vehicle data, encrypting the vehicle data through a digital key and encrypting the digital key through a dynamic key;
the authentication authorization platform is used for carrying out digital signature by adopting a public-private key pair and verifying the authorization state of the data viewer and the data provider;
the key distribution platform is used for providing a public and private key pair for data signature and a digital key and a dynamic key for encrypting and decrypting vehicle data, and a public key and a dynamic key in the public and private key pair are respectively stored in a key distribution platform public key library and a dynamic key library;
when the vehicle data platform receives the data viewing request, the authentication and authorization platform receives an authorization application and carries out authorization state verification; and after the authorization state is verified, the key distribution platform sends the dynamic key to the data viewer, and the vehicle data platform acquires the digital key and the dynamic key from the key distribution platform to encrypt the vehicle data.
5. The vehicle data management system according to claim 4, wherein the authorization status verification step includes:
the method comprises the steps that an authentication authorization platform receives an authorization application of a data viewer for viewing data of a data provider, the authorization application acquires a private key of the data viewer through a key distribution platform for digital signature, the authentication authorization platform acquires a public key of the data viewer through the key distribution platform to verify the validity of the authorization application, and the data provider is informed to authorize after the validity verification is passed;
the authentication and authorization platform receives a data authorization acceptance which is digitally signed by a private key of a data provider, acquires a public key of the data provider sent by the key distribution platform, verifies the validity of the data authorization acceptance, and changes the authorization state into the authorized state after the verification is passed.
6. A method of viewing vehicle data, the method comprising:
sending a viewing request of the vehicle data;
obtaining a verification result of the authorization states of the data viewer and the data provider;
confirming the validity of the dynamic key stored in the memory, and when the dynamic key stored in the memory is unavailable, acquiring the dynamic key and storing the dynamic key into the memory;
acquiring a data key encrypted by a dynamic key and vehicle data encrypted by the data key;
and extracting the dynamic key in the memory for decryption to obtain a data key, and checking the vehicle data decrypted by the data key.
7. The method of viewing vehicle data as set forth in claim 6, further comprising: sending a revocation application; the authorization states of the data viewer and the data provider comprise an authorized state and an unauthorized state;
and converting the authorized state into the unauthorized state according to a revocation application of a data viewer and/or a data provider.
8. A viewing terminal for vehicle data, the viewing terminal comprising:
the request module is used for sending a viewing request of the vehicle data through a terminal program;
the authorization verification module is used for acquiring a verification result of the authorization state of the data viewer and the data provider through interaction with the authentication authorization platform;
the checking module is used for confirming the validity of the dynamic key stored in the storage module, and when the dynamic key stored in the storage module is unavailable, the key distribution platform acquires the dynamic key and stores the dynamic key into the storage module;
the acquisition module is used for acquiring the data key encrypted by the dynamic key and the vehicle data encrypted by the data key by the vehicle data platform;
the decryption module is used for extracting the dynamic key in the storage module, decrypting the dynamic key in the storage module to obtain a data key, and decrypting the vehicle data by using the data key;
and the storage module is used for storing the dynamic key in a scattered manner.
9. An electronic device comprising at least one memory, at least one processor, a communication bus, and a management program of vehicle data or a viewing program of vehicle data stored on the memory,
the communication bus is used for realizing communication connection between the processor and the memory;
the processor is used for executing the management program of the vehicle data to realize the steps of the management method of the vehicle data according to any one of claims 1 to 3; or
The processor is used for executing the viewing program of the vehicle data to realize the steps of the viewing method of the vehicle data according to claim 4 or 5.
10. A storage medium, characterized in that at least a management program of vehicle data, which implements the steps of the management method of vehicle data according to any one of claims 1 to 3 when executed by a processor, or a viewing program of vehicle data, which implements the steps of the viewing method of vehicle data according to claim 4 or 5 when executed by a processor, is stored on the storage medium.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011536710.8A CN112702170A (en) | 2020-12-23 | 2020-12-23 | Management method, management system, viewing method and viewing terminal for vehicle data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011536710.8A CN112702170A (en) | 2020-12-23 | 2020-12-23 | Management method, management system, viewing method and viewing terminal for vehicle data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112702170A true CN112702170A (en) | 2021-04-23 |
Family
ID=75509271
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011536710.8A Pending CN112702170A (en) | 2020-12-23 | 2020-12-23 | Management method, management system, viewing method and viewing terminal for vehicle data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112702170A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114567434A (en) * | 2022-03-07 | 2022-05-31 | 亿咖通(湖北)技术有限公司 | Storage method of certificate and secret key and electronic equipment |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1481525A (en) * | 2000-10-20 | 2004-03-10 | ¶ | Hidden link dynamic key manager for use in computers systems with database structure for storage of encrypted data and method for storage and retrieval of encrypted data |
| CN101778381A (en) * | 2009-12-31 | 2010-07-14 | 卓望数码技术(深圳)有限公司 | Digital certificate generation method, user key acquisition method, mobile terminal and device |
| WO2016170834A1 (en) * | 2015-04-20 | 2016-10-27 | 株式会社ディー・エヌ・エー | System and method for managing vehicle |
| US20170104589A1 (en) * | 2015-10-13 | 2017-04-13 | TrustPoint Innovation Technologies, Ltd. | System and Method for Digital Key Sharing for Access Control |
| US20170161973A1 (en) * | 2015-12-08 | 2017-06-08 | Smartcar, Inc. | System and method for processing vehicle requests |
| CN109936833A (en) * | 2017-12-15 | 2019-06-25 | 蔚来汽车有限公司 | Vehicle virtual key generates application method and its system and user terminal |
| US20200382328A1 (en) * | 2017-05-03 | 2020-12-03 | Visa International Service Association | System and method for software module binding |
-
2020
- 2020-12-23 CN CN202011536710.8A patent/CN112702170A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1481525A (en) * | 2000-10-20 | 2004-03-10 | ¶ | Hidden link dynamic key manager for use in computers systems with database structure for storage of encrypted data and method for storage and retrieval of encrypted data |
| CN101778381A (en) * | 2009-12-31 | 2010-07-14 | 卓望数码技术(深圳)有限公司 | Digital certificate generation method, user key acquisition method, mobile terminal and device |
| WO2016170834A1 (en) * | 2015-04-20 | 2016-10-27 | 株式会社ディー・エヌ・エー | System and method for managing vehicle |
| US20170104589A1 (en) * | 2015-10-13 | 2017-04-13 | TrustPoint Innovation Technologies, Ltd. | System and Method for Digital Key Sharing for Access Control |
| US20170161973A1 (en) * | 2015-12-08 | 2017-06-08 | Smartcar, Inc. | System and method for processing vehicle requests |
| US20200382328A1 (en) * | 2017-05-03 | 2020-12-03 | Visa International Service Association | System and method for software module binding |
| CN109936833A (en) * | 2017-12-15 | 2019-06-25 | 蔚来汽车有限公司 | Vehicle virtual key generates application method and its system and user terminal |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114567434A (en) * | 2022-03-07 | 2022-05-31 | 亿咖通(湖北)技术有限公司 | Storage method of certificate and secret key and electronic equipment |
| CN114567434B (en) * | 2022-03-07 | 2023-08-11 | 亿咖通(湖北)技术有限公司 | Certificate and key storage method and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109309565B (en) | Security authentication method and device | |
| CN110855671B (en) | Trusted computing method and system | |
| CN112887338B (en) | Identity authentication method and system based on IBC identification password | |
| CN101379487B (en) | Method and apparatus for generating rights object by means of delegation of authority | |
| CN110750803B (en) | Method and device for providing and fusing data | |
| CN105471833A (en) | Safe communication method and device | |
| CN108123795B (en) | Quantum key chip issuing method, application method, issuing platform and system | |
| CN106571951B (en) | Audit log obtaining method, system and device | |
| CN111552270B (en) | Safety authentication and data transmission method and device for vehicle-mounted diagnosis | |
| CN110365486B (en) | Certificate application method, device and equipment | |
| CN103001976A (en) | Safe network information transmission method | |
| CN101695038A (en) | Method and device for detecting SSL enciphered data safety | |
| CN106027503A (en) | Cloud storage data encryption method based on TPM | |
| CN111030814A (en) | Key negotiation method and device | |
| CN103841469A (en) | Digital film copyright protection method and device | |
| CN108809936B (en) | Intelligent mobile terminal identity verification method based on hybrid encryption algorithm and implementation system thereof | |
| CN104484584A (en) | Three-dimensional model copyright protection method based on three-dimensional printing device | |
| CN111539496A (en) | Vehicle information two-dimensional code generation method, two-dimensional code license plate, authentication method and system | |
| CN110611679A (en) | Data transmission method, device, equipment and system | |
| CN109040109B (en) | Data transaction method and system based on key management mechanism | |
| CN112702170A (en) | Management method, management system, viewing method and viewing terminal for vehicle data | |
| CN103414567A (en) | Information monitoring method and system | |
| CN106789060B (en) | Data transmission method and device, data processing method and device, and data transmission system | |
| CN106685646B (en) | Digital certificate key management method and management server | |
| CN115801232A (en) | Private key protection method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 100176 floor 10, building 1, zone 2, yard 9, Taihe 3rd Street, Beijing Economic and Technological Development Zone, Daxing District, Beijing Applicant after: Beijing National New Energy Vehicle Technology Innovation Center Co.,Ltd. Address before: 100089 1705 100176, block a, building 1, No. 10, Ronghua Middle Road, Beijing Economic and Technological Development Zone, Daxing District, Beijing Applicant before: BEIJING NEW ENERGY VEHICLE TECHNOLOGY INNOVATION CENTER Co.,Ltd. |
|
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210423 |