CN113609496A - Method, device, computer program and storage medium for managing, evaluating and processing data - Google Patents
Method, device, computer program and storage medium for managing, evaluating and processing data Download PDFInfo
- Publication number
- CN113609496A CN113609496A CN202110480422.3A CN202110480422A CN113609496A CN 113609496 A CN113609496 A CN 113609496A CN 202110480422 A CN202110480422 A CN 202110480422A CN 113609496 A CN113609496 A CN 113609496A
- Authority
- CN
- China
- Prior art keywords
- data
- key
- encrypted
- metadata
- package
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 72
- 238000004590 computer program Methods 0.000 title claims abstract description 9
- 238000012545 processing Methods 0.000 title claims abstract description 9
- 238000006243 chemical reaction Methods 0.000 claims description 6
- 238000001914 filtration Methods 0.000 claims description 4
- 238000004891 communication Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 5
- 238000012217 deletion Methods 0.000 description 4
- 230000037430 deletion Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 230000004044 response Effects 0.000 description 3
- 238000013459 approach Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012958 reprocessing Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/068—Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2137—Time limited access, e.g. to a computer or data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/062—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/121—Timestamp
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/40—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Power Engineering (AREA)
- Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a method for managing data (D). The method has the step of encrypting the collected data (D) by means of a first cryptographic key (t) in order to generate encrypted data (K). The first key (t) is a key generated specifically for the collected data (D). The method also has the step of combining the first key (T) with a second cryptographic key (p) to generate an encrypted first key (T ') and combining the encrypted first key (T') with metadata (X) to generate a package (T). The metadata (X) has time information for the data (D) that is valid for the data (D). The method also has the step of attaching a cryptographic signature to the package (T). Furthermore, the invention relates to a method for evaluating data, a method for processing data, a device, a computer program and a machine-readable storage medium.
Description
Technical Field
The invention proceeds from a device or a method for managing data, a method for evaluating data and a method for processing data. A computer program and a machine-readable storage medium are also subject matter of the present invention.
Background
Especially in vehicles, it is also possible to accumulate confidential data, for example. The statutory memory period can be applied to such data, for example. In an attack scenario, for example, the wrong time may be pretended.
Disclosure of Invention
Against this background, with the aid of the solution proposed here, a method for managing data, a method for evaluating data and a method for processing data are proposed, as well as a device using such a method and finally a corresponding computer program. Advantageous embodiments and improvements of the device described in the invention can be achieved by the measures listed below.
According to an embodiment, the time-limited access to data, in particular vehicle data, can be realized in particular by: encryption of data may be used to determine the expiration date (Ablaufdatum) of the time information (e.g., storage period) for these data for which an own key may be generated, may be provided with metadata, and then the extended key may be used to decrypt or identify the expiration date of the time information for these data.
Advantageously, according to one embodiment, in particular the data in the vehicle can be encrypted in such a way that Management of the access rights (verwalting or Management) is possible. This makes it possible to use the data only for a certain period of time or for a defined purpose. Therefore, after the data is transmitted from the vehicle, the deletion period can be observed. Possible attack scenarios on the availability of data can be prevented, in which, for example, an integrated deletion function in a vehicle is started prematurely, by pretending the wrong time, in particular the future time, and thus the legal storage period is not adhered to. This also enables time-driven deletion functions, for example, in vehicles, to be saved.
A method for managing data is proposed, wherein the method has the following steps:
encrypting the collected data with a first cryptography (kryptographisch) key to generate encrypted data, wherein the first key is a key generated specifically for the collected data;
combining the first key with the second cryptographic key to generate an encrypted first key, and combining the encrypted first key with metadata to generate a package (Paket), wherein the metadata has time information for the data that is valid for the data; and
a cryptographic signature is appended to the package.
The method can be implemented, for example, in software or hardware form or in a mixture of software and hardware, for example, in a control device or in a device. At least a subset of the steps of the method may be implemented in a control device or devices of the vehicle. The confidential data may come from a device of the vehicle. The collected data may relate to personal data, or to other data that is classified as confidential based on predefined criteria. The predefined criteria may be legal provisions, user preferences, etc. The vehicle may relate to a motor vehicle, such as a passenger car or a truck. The first key may be a key generated specifically for collected confidential data. The metadata may have at least one allocation information that enables allocation between the encrypted data and the packet. The metadata may have valid time information as validity information, which indicates a storage term, a deletion term, and (additionally or alternatively) a generated time stamp. The metadata may-more precisely, the validity information or the time information-have or represent a storage period and (additionally or alternatively) an expiration date of the first cryptographic key. Additionally or alternatively, the metadata may or the validity information or the time information may have or represent a timestamp of a point in time of the collection or generation of the data. From the time stamp, an expiration date can be calculated. In other words, in the combining step, the first key may be encrypted by means of the second key. In an additional step, the package may be signed by means of the signature. The method may also have the step of reading the collected data from an interface to a data source, in particular a data source of a vehicle. The method may also have the step of generating a first key and (additionally or alternatively) metadata. The encrypted data and packets may be provided in the providing step for output to interfaces to data transfer means and (additionally or alternatively) storage means.
According to one embodiment, metadata can be used in the combining step, which metadata is unencrypted or encrypted and is additionally or alternatively provided with a cryptographic signature. Additionally or alternatively, metadata encrypted and (additionally or alternatively) provided with a cryptographic signature may be added to the encrypted data in the encryption step. This embodiment offers the following advantages: suitable variants can be provided for different application scenarios.
In case the subsequently determined time information changes, the combining step may also be re-implemented in order to combine further metadata with the encrypted first key or with the package in order to generate a further package. Here, the other metadata may have time information that has changed with respect to the time information. Other packages may also be signed. Here, the packet may also be referred to as an original packet. Other metadata may have a hash value that is used to identify the original packet. In addition, in this case, further metadata from further packets can be checked in the checking step with regard to the expiration of the changed time information. This embodiment offers the following advantages: for example, the storage life can be extended in an uncomplicated and secure manner.
Furthermore, according to one embodiment of the solution proposed here, a method for evaluating data is proposed, wherein the method has a step of reading a packet, the packet having been created by means of a method according to a variant of the solution proposed here, and a cryptographic signature having been appended to the packet. The method further comprises the step of checking the metadata from the packet in respect of the expiry of the time information in order to generate a check result showing whether the time information has expired or is still valid (laufen). Furthermore, the signature used to sign the package can also be checked in terms of its correctness in the checking step. This embodiment offers the following advantages: it can be checked in a simple and secure way whether the data remains stored or can be deleted.
Furthermore, the method may have the step of decrypting the encrypted first key from the packet by means of a third cryptographic key. Here, the third key may correspond to the second key. The method may also have the step of generating decrypted data from the encrypted data by means of the decrypted first key from the packet. The decryption step and (additionally or alternatively) the generation step may be carried out depending on the result of the check. More precisely, the decryption step and (additionally or alternatively) the generation step may be carried out if the check result generated in the checking step shows that the storage period is still valid. In the generating step, the encrypted data may be decrypted by means of the decrypted first key from the packet to generate decrypted data. This embodiment offers the following advantages: confidential use of data can be achieved in a reliable manner.
Furthermore, the method may have the step of performing conversion and (additionally or alternatively) filtering on the decrypted data in order to anonymize and (additionally or alternatively) convert the decrypted data into the format specified for these data. This embodiment offers the following advantages: the special provisions for the data can be implemented inexpensively and securely.
Here, the decrypting step may be implemented in a trusted environment, or the decrypting step and the checking step, the generating step and (additionally or alternatively) the executing step may be implemented in a trusted environment. The trusted environment may be outside the participant's access and provided by a separate department or institution. In particular, the third key may only be present within the trusted environment. This embodiment offers the following advantages: to meet specific security requirements, at least the decryption step can be implemented in a trusted environment, depending on the application.
Furthermore, according to another embodiment, a method for processing data is proposed, wherein the method has the following steps:
a step of a method for managing data; and
steps of a method for evaluating data.
The advantages of the solution proposed here can also be achieved particularly efficiently and quickly by means of such an embodiment.
The solution proposed here also proposes a device which is designed to carry out, control or carry out the steps of the variants of the method proposed here in the respective unit. The object on which the invention is based can also be achieved quickly and efficiently by means of this embodiment variant of the invention in the form of a device.
To this end, the device may have: at least one computing unit for processing signals or data; at least one storage unit for storing signals or data; at least one interface to a sensor or actuator for reading sensor signals from the sensor or outputting data signals or control signals to the actuator; and/or at least one communication interface for reading or outputting data embedded in a communication protocol. The computing unit may be, for example, a signal processor, a microcontroller, etc., wherein the memory unit may be a flash memory, an EEPROM or a magnetic memory unit. The communication interface can be designed to read or output data wirelessly and/or by wire, wherein the communication interface, which is able to read or output wired data, can read or output these data from or into the respective data transmission line, for example electrically or optically.
In this context, a device is understood to be an electrical device which processes sensor signals and outputs control signals and/or data signals accordingly. The device may have an interface that may be constructed in hardware and/or software. In the case of a hardware configuration, the interface can be part of a so-called system ASIC, for example, which contains the various functions of the device. However, it is also possible that the interface is an integrated circuit of its own, or at least partly consists of discrete components. In the case of a software configuration, the interface can be a software module which is present on the microcontroller, for example, together with other software modules.
Also advantageous is a computer program product or a computer program having a program code, which can be stored on a machine-readable carrier or storage medium (such as a semiconductor memory, a hard disk memory or an optical memory), and which is used, in particular when the program product or the program is implemented on a computer or a device, to carry out, implement and/or manipulate the steps of the method according to one of the embodiments described above.
Drawings
The embodiments presented herein are illustrated in the drawings and further described in the following description. The figures show:
FIG. 1 shows a schematic view of a vehicle having an apparatus according to one embodiment;
FIG. 2 illustrates a flow diagram of a method for management according to one embodiment;
FIG. 3 shows a schematic diagram of a portion of an apparatus according to one embodiment;
FIG. 4 shows a schematic diagram of a package according to one embodiment; and
fig. 5 shows a schematic view of a part of a device according to an embodiment.
In the following description of advantageous embodiments of the invention, the same or similar reference numerals are used for elements which are shown in different figures and which function similarly, wherein a repeated description of these elements is not provided.
Detailed Description
Fig. 1 shows a schematic illustration of a vehicle 100 with a device 110 for managing data D according to an embodiment. According to another embodiment, the device 110 may also be implemented in an environment other than a vehicle. The vehicle 100 relates to a motor vehicle, such as a land vehicle, in particular a passenger car, a truck or another truck.
In the illustration of fig. 1, in addition to the device 110, only the data source 102, the first vehicle device 104 and the second vehicle device 106 of the vehicle 100 are shown by way of example. According to the embodiment shown here, the first vehicle device 104 and the second vehicle device 106 are arranged in a physically separated manner from each other and are connected to each other in a manner capable of transmitting data. The device 110 has devices 122, 124, 126, 132, 134, 136, 138, a first subset of which is arranged in the first vehicle device 104 and a second subset of which is arranged in the second vehicle device 106. According to the exemplary embodiment shown here, the devices 132, 134, 136, 138 of the device 110 arranged in the second vehicle device 106 are implemented in a trusted environment. The means 122, 124, 126, 132, 134, 136, 138 of the apparatus 110 are also discussed in more detail with reference to the following figures.
The device 110 is configured for managing the data D, so that the collected data D is read from the input interface 112 of the data source 102, processed for management, and provided to the output interface 114 for output, either in decrypted form or as filtered or converted data D'. The encrypted data K generated on the basis of the data D and the packet T or the key packet can be transmitted between the devices 122, 124, 126 of the device 110 arranged in the first vehicle device 104 and the devices 132, 134, 136, 138 of the device 110 arranged in the second vehicle device 106.
The device 110 has encryption means 122, combining means 124 and additional means 126. According to the exemplary embodiment shown here, the encryption device 122, the combination device 124 and the add-on device 126 are arranged in the first vehicle device 104. The encryption device 122 is designed to encrypt the collected data D by means of a first cryptographic key in order to generate encrypted data. Here, the first key is a key generated specifically for the collected data D. The combining means 124 is designed to combine the first key with the second cryptographic key in order to generate an encrypted first key and to combine the encrypted first key with the metadata in order to generate the package or the unsigned package. The metadata has a storage term effective for the data D as time information for the data D. The appending device 126 is designed to append a cryptographic signature to the packet or the unsigned packet in order to generate the packet T or the signed packet.
According to one embodiment, the device 110 further has checking means 132, decrypting means 134, generating means 136 and executing means 138. According to the exemplary embodiment shown here, the checking device 132, the decryption device 134, the generation device 136 and the execution device 138 are arranged in the second vehicle device 106. The checking means 132 are designed to check the metadata from the packets T in respect of the expiration of the storage period in order to generate a check result. The check result thus generated shows whether the storage term has expired or is still valid. The decryption means 134, the generation means 136 and (optionally) the execution means 138 are operated on the basis of the examination result. In particular, when the check result shows that the storage period is still valid, the decryption means 134, the generation means 136 and, optionally, the execution means 138 are activated.
The decryption means 134 are designed to decrypt the encrypted first key from the packet T with the aid of the third cryptographic key. The generating device 136 is designed to generate decrypted data D from the encrypted data K by means of the decrypted first key from the packet T. In other words, the generating device 136 is designed to decrypt the encrypted data K with the aid of the decrypted first key from the packet T in order to generate the decrypted data D. According to one embodiment, the execution means 138 are configured to perform a conversion and/or filtering of the decrypted data D in order to anonymize and/or convert the decrypted data D into the format specified for these data, in other words in order to generate filtered or converted data D'.
FIG. 2 illustrates a flow diagram of a method 200 for managing data and a subsequent method 235 for evaluating data, according to one embodiment. The method 200 for managing data and the method 235 for evaluating data may be implemented on the same unit or on different (e.g., spatially separated) units. Furthermore, the steps of the method 200 for managing data and the method 235 for evaluating data can also be carried out in succession in the method 280 for processing data, which consists of the two methods 200 and 235.
In an encryption step 210, in the method 200, the collected data is first encrypted by means of a first cryptographic key in order to generate encrypted data. Here, the first key is a key generated specifically for the collected data. Thereafter, in a combining step 220, the first key is combined with the second cryptographic key to generate an encrypted first key, and the encrypted first key is combined with the metadata to generate the package. According to one embodiment, in the combining step 220, metadata is used that is unencrypted or encrypted and/or equipped with a cryptographic signature. The metadata has a storage life for these data that is valid for these data. Thereafter, in an appending step 230, the cryptographic signature is appended to the package thus generated.
According to one embodiment, in the method 235 for evaluating data, first of all, a package is read in a reading step 237, the package has been created by means of the method 200 according to a variant of the approach proposed here for the method 200 for managing data, and a cryptographic signature has been attached to the package. Furthermore, in the method 235 for evaluating data, then in a checking step 240, metadata from the package is checked in terms of expiration of the storage period in order to generate a check result showing whether the storage period has expired or is still valid. Depending on the result of the check, the decryption step 250 and the generation step 260 are then performed, according to one embodiment. In a decryption step 250, the encrypted first key from the packet is decrypted by means of the third cryptographic key. Thereafter, in a generating step 260, decrypted data is then generated from the encrypted data by means of the decrypted first key from the packet. Optionally, the method 200 is additionally followed by a step 270 of performing a conversion and/or filtering of the decrypted data in order to anonymize and/or convert the decrypted data into a format specified for these data. According to one embodiment, the decryption step 240 is implemented in a trusted environment. According to another embodiment, the decryption step 240 and the checking step 250, the generating step 260 and/or the performing step 270 are all implemented in a trusted environment.
According to one embodiment, if a change in storage age is subsequently determined, the combining step 220 is re-implemented. Here, the combining step 220 is re-implemented in order to combine further metadata with the encrypted first key or with the package in order to generate a further package. The other metadata has a storage term that has changed with respect to the storage term. In subsequent steps of the method, other packages or other metadata are used.
Fig. 3 shows a schematic view of a part of a device 110 for managing data D according to an embodiment. The part of the device 110 shown in fig. 3 corresponds or is similar to the part of the device shown in fig. 1 which is arranged in the first vehicle arrangement. In addition to the device 110, a trigger 301 and a data logger as the data source 102 are also indicated in the illustration of fig. 3. In response to the trigger 101, data D is provided by the data source 102 or read from the data source 102 by the device 110.
According to the embodiment shown here, a key generation means 116 and a metadata generation means 118 of the device 110 are also shown. The key generation device 116 is designed to generate the first key t in response to the trigger 301. The metadata generation device 118 is designed to generate metadata X in response to a trigger 301.
The encryption device 122 is designed to encrypt the data D with the aid of the first key t in order to generate the encrypted data K. The combination device 124 is designed to combine the first key T with the second key p in order to generate an encrypted first key and to combine the encrypted first key with the metadata X in order to generate the package T or first an unsigned package to which the signature is attached in order to finally obtain the package T. However, in fig. 3, the additional devices of the apparatus 110 are omitted from the illustration for the sake of clarity. In addition, packet T is discussed in more detail with reference to fig. 4.
Fig. 4 shows a schematic diagram of a packet T according to an embodiment. Packet T refers to a packet from one of the above figures. In other words, fig. 4 shows a schematic structure of the packet T. The package T has an encrypted first key T 'and metadata X, which are combined into an unsigned package T'. The unsigned package T' together with the signature S yields the package T or the signed package.
Fig. 5 shows a schematic view of a part of a device 110 for managing data D according to an embodiment. The part of the device 110 shown in fig. 3 corresponds or is similar to the part of the device shown in fig. 1 which is arranged in the second vehicle arrangement. Also indicated in fig. 5 is a trusted environment 506, which is for example part of a second vehicle device. According to the embodiment shown here, the checking means 132, the decrypting means 134, the generating means 136 and the executing means 138 are implemented in a trusted environment 506.
In the illustration of fig. 5, the checking means 132 and the decryption means 134 are combined in a schematic block. The checking device 132 is designed to receive the packet T. The decryption means 134 are designed to decrypt the encrypted first key contained in the packet T with the aid of the third key q. The third key q is only present in the trusted environment 506. The first key t and the metadata X, decrypted again, are the output of the block with the checking means 132 and the decryption means 134. The generating means 136 again generate the data D in decrypted form from the encrypted data K by means of the decrypted first key t. The execution means 138 optionally also performs a reprocessing of the data D using the metadata X in order to generate filtered and/or converted data D'.
With reference to the above figures, embodiments are set forth below again in general terms and in other words briefly.
There is a cryptographic key pair, a second key p and a third key q. The second key p is used only for encryption and the third key q is used only for decryption. Here, the second key p and the third key q may be the same.
When data D is collected in the vehicle 100, a new first key t is generated. The collected data D are encrypted by means of the first key t and marked as encrypted data K. Additionally or alternatively, the first key t and the encrypted data K are generated when reading the data D. The first key T is itself provided with metadata X (such as an expiry date) and is encrypted by means of the second key p and is thereafter marked as an unsigned package T'. The first key T is contained in encrypted form in the unsigned package T', the metadata X itself being present in unencrypted form. A packet T is generated in the following manner: a cryptographically secure signature S relating to all the content of the unsigned package T 'is appended to the unsigned package T'. The signature S for the unsigned package T ' can be carried out by means of a key pair (second key p and third key q) or a second or further key pair (p ', q ').
Optionally, the package T and/or the encrypted data K may additionally be provided with encrypted or unencrypted and/or signed metadata X. The metadata X contains at least all the information necessary to assign the packet T to the encrypted data K and the expiration date of the first key T. In addition to or instead of the expiration date, a time stamp of the time point of data generation, which is used for calculating the expiration date, may also be included in the metadata X.
To obtain data D from encrypted data K, the validity of packet T is first checked. For this purpose the signature S and the expiration date or time stamp are checked. This check is performed in the trusted environment 506. The third key q is only present in the trusted environment 506.
If the validity of the packet T is determined, the first key T can be generated by decryption by means of the third key q. The data D may then be generated by decryption from the encrypted data K by means of the first key t. Optionally, the conversion of the data D may be done time-dependently or user-dependently in order to further maintain data protection. Such a conversion may be, for example, anonymizing the data D or removing critical data or converting the data D into a determined format, which again has a protection mechanism in itself. Or may be converted to a format specified by, for example, a licensing authority that determines the country.
In a less restrictive variant, only the decryption of the packet T may be performed in the trusted environment 506 and the first key T may be returned. If the communication with the trusted environment 506 is not itself trusted, the communication with the trusted environment 506 is performed by a communication equipped with additional safeguards. The trusted environment 506 may be outside the participant's access and provided by a separate department.
If, after the generation of the encrypted data, a reason for allowing or requiring a longer storage period for the data D is identified in the device 110 (in which the encrypted data K is generated) and the packet T has already been generated, a new metadata set M' is generated which contains a new storage life by a later expiration date. If no expiration date is stored, but a timestamp, the extended storage life is encoded by other dates (e.g., by event severity). The new metadata set M' additionally contains a hash value of the packet T, for example the SHA-3 hash value or a hash value created by means of another secure hash method, the validity life of which should be extended. A new metadata set M 'is constructed and signed in a similar manner to the unsigned package T' and other packages M are generated. If the packet T is no longer valid, the other packet M is additionally used for checking the validity of the packet T.
Alternatively, the other metadata M' and the package T are used for computing the other package M, wherein the package T is present in the other package M in encrypted form, similar to the first key T in the package T. Therefore, the other packet M is complete and the packet T is no longer needed. The metadata in the new set of metadata M' may exist in encrypted form or as plaintext. The authenticity of the unencrypted metadata is ensured by the signature in the other package M.
The method for extending the storage life can be linked in all given variants in order to extend the storage life several times. All other packets M defining the extension are needed in order to determine the validity of the packet T. In an alternative variant, this is implicitly the case when the last further packet M is present.
The checking of the validity of the packet T may use all the verified metadata of the other packets M, instead of just the packet T, in order to thereby allow an extension of the storage lifetime.
If an embodiment includes an "and/or" association between a first feature and a second feature, this should be interpreted as such: this embodiment has the first feature and the second feature according to one embodiment, while having either only the first feature or only the second feature according to another embodiment.
Claims (11)
1. A method for managing data (D), wherein the method (200) has the steps of:
encrypting (210) the collected data (D) by means of a first cryptographic key (t) so as to generate encrypted data (K);
-combining (220) the first key (T) with a second cryptographic key (p) so as to generate an encrypted first key (T '), and combining the encrypted first key (T') with metadata (X) having time information for the data (D) valid for the data (D) so as to generate a packet (T); and
-attaching (230) a cryptographic signature to the package (T).
2. The method (200) according to claim 1, wherein in the combining step (220) metadata (X) is used that is unencrypted or encrypted and/or equipped with a cryptographic signature (S).
3. The method (200) according to any of the preceding claims, wherein, in case the subsequently determined time information changes, the combining step (220) is re-implemented in order to combine further metadata with the encrypted first key (T') or with the package (T) in order to generate a further package, wherein the further metadata has changed time information with respect to the time information.
4. A method (235) for evaluating data (D), wherein the method (235) has a step (237) of reading a package (T) which has been created by means of the method (200) according to any one of the preceding claims 1 to 3 and to which a cryptographic signature (S) has been attached, wherein the method (235) further has a step (240) of checking the metadata (X) from the package in respect of the expiry of the time information in order to generate a check result showing whether the time information has expired or is still valid.
5. Method (235) according to claim 4, having a step (250) of decrypting the encrypted first key (T') from the packet (T) by means of a third cryptographic key (q), and having a step (260) of generating decrypted data (D) from the encrypted data (K) by means of the decrypted first key (T) from the packet (T), wherein the decrypting step (250) and/or the generating step (260) are carried out depending on the checking result.
6. A method (235) according to claim 5, having the step (270) of performing a conversion and/or filtering of the decrypted data (D) in order to anonymize and/or convert the decrypted data (D) into a format specified for the data (D).
7. The method (235) according to any one of claims 4 to 6, wherein the decrypting step (250) is implemented in a trusted environment (506), or the decrypting step (250) and the checking step (240), the generating step (260) and/or the executing step (270) are implemented in a trusted environment (506).
8. A method (280) for processing data, wherein the method (280) has the steps of:
steps (210, 220, 230) of the method (200) for managing data; and
-steps (240, 250, 260, 270) of the method (235) for evaluating data.
9. An apparatus (110) provided for implementing and/or handling the steps of one of the methods (200, 235) according to any one of the preceding claims in a respective unit (116, 118, 122, 124, 126, 132, 134, 136, 138).
10. A computer program arranged for carrying out and/or handling the steps of at least one of the methods (200, 235) according to any one of the preceding claims.
11. A machine-readable storage medium on which a computer program according to claim 10 is stored.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| DE102020205657.9A DE102020205657A1 (en) | 2020-05-05 | 2020-05-05 | Method and device for managing data |
| DE102020205657.9 | 2020-05-05 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113609496A true CN113609496A (en) | 2021-11-05 |
Family
ID=78231577
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110480422.3A Pending CN113609496A (en) | 2020-05-05 | 2021-04-30 | Method, device, computer program and storage medium for managing, evaluating and processing data |
Country Status (3)
| Country | Link |
|---|---|
| JP (1) | JP2021184597A (en) |
| CN (1) | CN113609496A (en) |
| DE (1) | DE102020205657A1 (en) |
-
2020
- 2020-05-05 DE DE102020205657.9A patent/DE102020205657A1/en active Pending
-
2021
- 2021-04-30 JP JP2021077071A patent/JP2021184597A/en active Pending
- 2021-04-30 CN CN202110480422.3A patent/CN113609496A/en active Pending
Also Published As
| Publication number | Publication date |
|---|---|
| JP2021184597A (en) | 2021-12-02 |
| DE102020205657A1 (en) | 2021-11-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7139424B2 (en) | Vehicle-mounted equipment upgrade method and related equipment | |
| CN108075897B (en) | Controller area network message authentication | |
| EP3474209A1 (en) | Storing blockchain private keys in a sim card | |
| US11082228B2 (en) | Reuse system, key generation device, data security device, in-vehicle computer, reuse method, and computer program | |
| CN109314640B (en) | Vehicle information collection system, vehicle-mounted computer, vehicle information collection device, vehicle information collection method, and recording medium | |
| CA2328101C (en) | Method for verifying the use of public keys generated by an on-board system | |
| US20070028115A1 (en) | Method for guaranteeing the integrity and authenticity of flashware for control devices | |
| US20180113703A1 (en) | Method for updating software of a control device of a vehicle | |
| JP4734089B2 (en) | Car terminal | |
| US8631235B2 (en) | System and method for storing data using a virtual worm file system | |
| JP6704458B2 (en) | In-vehicle processor | |
| KR101015401B1 (en) | Method of checking integrity of data by storing data of common ID in separated database system | |
| KR20200141402A (en) | Method and system for collecting and managing event data which is recorded by vehicle | |
| US8904193B2 (en) | Method for operating a security device | |
| US9276738B2 (en) | Digital tachograph | |
| WO2019142307A1 (en) | Semiconductor device, update data-providing method, update data-receiving method, and program | |
| KR101953908B1 (en) | Security System and Method of Embeded software in Vehicle electric device | |
| JP6299039B2 (en) | Vehicle information collection system, data security device, vehicle information collection method, and computer program | |
| CN113609496A (en) | Method, device, computer program and storage medium for managing, evaluating and processing data | |
| CN108337234B (en) | Vehicle-mounted program file encryption method and device | |
| US20200036710A1 (en) | Method and system for encryption using a radio frequency fingerprint | |
| CN102598014A (en) | Method and system for confidentially providing software components | |
| WO2023000313A1 (en) | Key verification method and related apparatus | |
| US20220123942A1 (en) | Method and system for information transmission | |
| US20130238898A1 (en) | Method for Providing Information for a Controller |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |