CN113765996A - Method, device, computer program and machine-readable storage medium for protecting vehicle data - Google Patents

Method, device, computer program and machine-readable storage medium for protecting vehicle data Download PDF

Info

Publication number
CN113765996A
CN113765996A CN202110623270.8A CN202110623270A CN113765996A CN 113765996 A CN113765996 A CN 113765996A CN 202110623270 A CN202110623270 A CN 202110623270A CN 113765996 A CN113765996 A CN 113765996A
Authority
CN
China
Prior art keywords
event data
volatile
accident
encrypted
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110623270.8A
Other languages
Chinese (zh)
Inventor
李永强
盐泽和树
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Robert Bosch GmbH
Original Assignee
Robert Bosch GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Robert Bosch GmbH filed Critical Robert Bosch GmbH
Publication of CN113765996A publication Critical patent/CN113765996A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C5/00Registering or indicating the working of vehicles
    • G07C5/08Registering or indicating performance data other than driving, working, idle, or waiting time, with or without registering driving, working, idle or waiting time
    • G07C5/0841Registering performance data
    • G07C5/085Registering performance data using electronic data carriers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C5/00Registering or indicating the working of vehicles
    • G07C5/008Registering or indicating the working of vehicles communicating information to a remotely located station
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2143Clearing memory, e.g. to prevent the data from being stolen
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles

Landscapes

  • Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • Medical Informatics (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • Time Recorders, Dirve Recorders, Access Control (AREA)
  • Traffic Control Systems (AREA)

Abstract

The solution proposed herein relates to a method for protecting data of a vehicle (105). The method has the steps of storing in a non-volatile manner, encrypting, and storing. In the step of storing in a non-volatile manner, temporary event data (110) of the vehicle (105) is stored in a non-volatile manner as non-volatile event data (115) in response to an accident signal (107) representing an accident of the vehicle (105). In the encrypting step, the non-volatile event data (115) is encrypted to obtain encrypted event data (120). In the storing step, the encrypted event data (120) is stored as encrypted permanent event data (125).

Description

Method, device, computer program and machine-readable storage medium for protecting vehicle data
Technical Field
The solution starts from a device or a method for protecting vehicle data. The subject of the present solution is also a computer program.
Background
The event data set for a vehicle capable of highly or fully automated driving can become very large. In order to be able to handle such large data sets during an accident, the order of encryption and storage of the data is important.
Disclosure of Invention
Against this background, a method for protecting vehicle data, a device using the method, and finally a corresponding computer program are proposed by means of the solution proposed here. The measures listed below make it possible to implement advantageous embodiments and improvements of the device described in the invention.
The advantage that can be achieved with the proposed solution is that the method proposed here can ensure that the event data of the vehicle still exist even after the occurrence of a vehicle accident, for example, which is accompanied by an interruption in the vehicle current supply.
A method for protecting vehicle data is proposed, wherein the method has a step of storing in a non-volatile manner, an encryption step and a storage step. In the non-volatile storing, temporary event data of the vehicle is stored in a non-volatile manner as non-volatile event data in response to an accident signal representing a vehicle accident. In the encryption step, the non-volatile event data is encrypted to obtain encrypted event data. In the storing step, the encrypted event data is stored as encrypted permanent event data.
The vehicle may relate to a vehicle capable of highly automated or fully automated driving. Event data may be understood as any data of autonomous driving. For example, the temporary event data may relate to sensed event data or temporarily stored event data of a driving assistance system of the vehicle. The temporary event data may represent data that is typically stored in a so-called accident data store. For example, the temporary event data may include information related to the current speed, direction of motion, or acceleration of the vehicle. In the method proposed here, it is ensured that, after an accident of the vehicle, the temporary event data are first stored in a nonvolatile manner before encryption. This can ensure that, after a possibly directly following interruption of the vehicle current supply, the data is still present even if it has not been encrypted. The method thus advantageously optimizes the sequence of steps in protecting data in order to ensure that no data is lost after a serious accident, for example with a current supply interruption.
In the step of storing in a non-volatile manner, temporary event data, for example in the form of raw data, may be stored in a non-volatile manner as non-volatile event data. In this way, it is possible to protect the still unprocessed data particularly quickly.
According to one embodiment, in the step of storing in a nonvolatile manner, the temporary event data may be stored in a nonvolatile storage device as nonvolatile event data. A non-volatile storage means is understood to be a persistent storage means in which non-volatile event data can be securely stored over a longer period of time (e.g. permanently).
In the storing step, the encrypted event data may additionally or alternatively be stored in a further non-volatile storage as encrypted permanent event data. A further non-volatile memory device is also to be understood as a permanent memory device in which the encrypted permanent event data can be securely stored (e.g. permanently) over a longer period of time. The non-volatile storage device may correspond to or be different from another non-volatile storage device. Thus, for example, event data may exist encrypted and unencrypted.
For example, in the storing step, the nonvolatile event data may be replaced by encrypted permanent event data. In this case, for example, the non-volatile event data can be overwritten, so that only encrypted permanent event data is present. This may create free storage space and prevent at least unencrypted event data from remaining while the current supply is still intact.
Additionally or alternatively, the method may have a deletion step in which the non-volatile event data and (additionally or alternatively) the encrypted persistent event data are deleted. For example, if the non-volatile event data and the encrypted persistent event data are stored in different non-volatile storage devices, the deleting step can be implemented. This step may also be implemented if the non-volatile event data has not been fully covered. In this way, it is also possible to create a storage space and prevent that unencrypted event data and (additionally or alternatively) encrypted event data also exist when the current supply is still intact.
It is also advantageous if according to one embodiment of the method at least one step of the method is carried out using energy from a redundant current supply of the vehicle. This may be helpful, for example, if the universal current supply of the vehicle is interrupted due to an accident.
The method may also have the step of identifying an accident and providing an accident signal. In this case, an accident signal can be provided when an accident is detected. For example, in the identifying step, an accident signal may be provided if the accident has a predetermined severity. The predetermined severity level may represent a serious accident that makes it possible to disable the current supply. Conversely, in the case of a minor accident with a low degree of severity, if it cannot be assumed that the current supply to the vehicle is interrupted, it is not necessary to protect the data before encryption. In order to identify the accident and, if necessary, to determine the severity, known methods can be used. In order to identify the predetermined severity, for example, an acceleration signal of a control device of the vehicle can be read and compared with a threshold value. If the acceleration signal indicates an acceleration below a threshold value, which indicates a minor accident, the step of storing in a non-volatile manner may not be carried out on the contrary, and the temporary event data may be directly encrypted, for example.
According to one embodiment, if the accident signal indicates that the severity of the accident is more severe than a predetermined severity, i.e. relates to an accident classified as severe, the step of storing in a non-volatile manner may be carried out and the non-volatile event data may be encrypted in the encryption step. The steps of the method may thus be carried out as described above. Conversely, if a further accident signal indicates that the severity of the accident is less than the predetermined severity, i.e. the accident is classified as a mild accident, the step of storing in a non-volatile manner may be skipped and the temporary event data may be encrypted in the encryption step to obtain encrypted event data. This makes it possible to speed up the implementation of the method for minor accidents.
The method may also have a reading step of reading the temporary event data through an interface to a ring memory or sensor device of the vehicle. In the reading step, the temporary event data may also be read from one of the other volatile storage devices.
The method can be implemented, for example, in the form of software or hardware or in the form of a mixture of software and hardware, for example, in a control device.
The solution proposed here also proposes an apparatus which is designed to carry out, control or carry out the steps of the variants of the method proposed here in a corresponding device. The task on which the solution is based can also be solved quickly and efficiently by means of the embodiment variant of the solution in the form of a device.
To this end, the device may have at least one computing unit for processing signals or data, at least one memory unit for storing signals or data, at least one interface to the sensor or the actuator for reading sensor signals from the sensor or for outputting data signals or control signals to the actuator, and/or at least one communication interface for reading or outputting data embedded in a communication protocol. The computing unit may be, for example, a signal processor, a microcontroller, etc., wherein the memory unit may be a flash memory, an EEPROM or a magnetic memory unit. The communication interface can be designed to read or output data wirelessly and/or in a wired manner, wherein the communication interface, which can read or output wired data, can read or output these data from or into the respective data transmission line, for example electrically or optically.
In this context, a device is understood to be an electrical device which processes sensor signals and outputs control signals and/or data signals accordingly. The device may have an interface which may be constructed in hardware and/or in software. In a hardware-form construction, the interface may be, for example, part of a so-called system ASIC which contains the various functions of the device. However, it is also possible for the interface to be an integrated circuit of its own or to be composed at least partially of discrete components. In a software-form construction, the interface may be a software module that is present together with other software modules, for example on a microcontroller.
In an advantageous embodiment, a method for protecting vehicle data is controlled by the device. To this end, the device may, for example, access sensor signals, for example accident signals representing a vehicle accident. The control is effected by actuators, for example, a reader for reading an accident signal, a non-volatile memory for storing temporary event data of the vehicle in a non-volatile manner in response to the accident signal, and/or a non-volatile memory for storing encrypted permanent event data of the vehicle, and an encryption device for encrypting the temporary event data to generate encrypted permanent event data.
Also advantageous is a computer program product or a computer program having a program code, which can be stored on a machine-readable carrier or storage medium (for example, a semiconductor memory, a hard disk memory or an optical memory) and is used to carry out, implement and/or manipulate the steps of a method according to one of the embodiments described above, in particular when the program product or the program is implemented on a computer or a device.
Drawings
Embodiments of the solution presented herein are illustrated in the drawings and further elaborated in the following description. The figures show:
FIG. 1 shows a schematic diagram of an apparatus for protecting data of a vehicle according to one embodiment;
FIG. 2 shows a flow diagram of a method for protecting data of a vehicle according to an embodiment;
FIG. 3 shows a block diagram of a method according to an embodiment;
FIG. 4 shows a schematic diagram of a time series of a method according to an embodiment;
FIG. 5 shows a schematic diagram of a time series of a method according to an embodiment; and
fig. 6 shows a schematic diagram of a time sequence t of a method according to an embodiment.
In the following description of an advantageous embodiment of the solution, the same or similar reference numerals are used for elements which are shown in different figures and which function similarly, wherein repeated descriptions of these elements are omitted.
Detailed Description
Fig. 1 shows a schematic diagram of an apparatus 100 for protecting data of a vehicle 105 according to an embodiment.
Merely by way of example, according to this embodiment, the device 100 is accommodated on or in the vehicle 105, for example implemented in a control device of the vehicle 105. According to this embodiment, the vehicle 105 relates to a vehicle 105 capable of highly automated or fully automated driving, also referred to as an autonomous vehicle 105.
The apparatus 100 is configured for storing temporary event data 110 of the vehicle 105 as non-volatile event data 115 in a non-volatile manner in response to an accident signal 107 representative of an accident of the vehicle 105. Furthermore, the device 100 is configured for encrypting the non-volatile event data 115 in order to obtain encrypted event data 120. Further, the device 100 is configured for storing the encrypted event data 120 as encrypted persistent event data 125.
Event data 110 is understood to be any data of the driving operation (e.g., autonomous driving) of vehicle 105. For example, the temporary event data 110 relates to sensed data or temporarily stored data of a driving assistance system of the vehicle 105, for example.
According to this embodiment, in order to protect the data, the device 100 has at least one non-volatile storage means 127 for non-volatile storage, an encryption means 130 for encryption and/or a reading means 135 for reading the accident signal 107 and/or the temporary event data 110. Non-volatile storage 127 is understood to be persistent storage in which non-volatile event data 115 is securely stored over a longer period of time (e.g., permanently). According to this embodiment, the reading device 135 is configured for reading the temporary event data 110 through an interface to a volatile storage device (e.g., the ring memory 137 or the sensor device 139 of the vehicle 105).
According to one embodiment, the apparatus 100 stores the temporary event data 110 in a non-volatile manner in the non-volatile storage 127 as non-volatile event data 115 in response to the incident signal 107. Here, the device 100 is configured for storing temporary event data 110 in the form of raw data as non-volatile event data 115 in a non-volatile manner. According to this embodiment, the device 100 is further configured for replacing the non-volatile event data 110 by the encrypted persistent event data 125 when storing the encrypted persistent event data 125. Here, the non-volatile event data 110 is, for example, overwritten so that only encrypted persistent event data 125 is present in the non-volatile storage 127. According to an alternative embodiment, the apparatus 100 stores the encrypted event data 120 in a further non-volatile storage different from the non-volatile storage 127 as encrypted persistent event data 125. Further non-volatile storage should also be understood as permanent storage, in which the encrypted permanent event data 125 is stored securely (e.g. permanently) over a longer period of time. According to an embodiment, the apparatus 100 is further provided with these further non-volatile storage means. In such embodiments, the apparatus 100 is configured to delete the non-volatile event data 110 when the encrypted persistent event data 125 is stored in these additional non-volatile storage devices. Additionally, according to an embodiment, the device 100 is configured for deleting also the encrypted permanent event data 125, for example after a defined duration.
According to this embodiment, the device 100 is also configured for identifying an accident and providing an accident signal 107 once the accident has been identified. For this purpose, according to this embodiment, the apparatus 100 has an identification means 140. According to this embodiment, the identification means 140 provides the accident signal 107 when the accident has a predetermined severity. The predetermined severity may represent a serious accident that makes a failure of the current supply of the vehicle 105 possible. Conversely, in the case of a minor accident with a low degree of severity, if it cannot be assumed that the current supply to the vehicle 105 is interrupted, the identification means 140 does not provide the accident signal 107 but rather a further accident signal 142 according to this embodiment. In order to identify the predetermined severity, the identification device 140 is designed to read an acceleration signal 145 of an acceleration sensor of a restraint system 150 (ruckhaltesystem) of the vehicle 105, for example, which reaches or exceeds a threshold value. If the acceleration signal 145 indicates an acceleration below a threshold value, which allows a mild accident to be identified, the identification means 140 provides a further accident signal 142 according to this embodiment. In order to detect the severity, the recognition device 140 has an evaluation device according to this exemplary embodiment, which is designed to evaluate the acceleration signal 140 and/or to compare it with a stored threshold value. According to this embodiment, the device 100 is configured for reading the further accident signal 142 as well and, in response to the further accident signal 142, encrypting the temporary event data 110 directly in the encryption means 130 without non-volatile storage and/or subsequently storing it in a non-volatile manner as encrypted permanent event data 125.
According to an alternative embodiment, the device 100 is configured for first storing the temporary event data 110 in a non-volatile manner when an accident is identified, irrespective of the severity of the accident.
According to an embodiment, the apparatus 100 is further configured for performing at least one of the above steps while using energy from redundant current supply devices of the vehicle 105.
The device 100 presented herein enables a method for encrypting and storing an event data set of an autonomous vehicle 105. The event data set for a vehicle 105 capable of highly automated or fully automated driving can become very large. In order to be able to cope with such large data sets during a severe accident, the device 100 proposed herein advantageously optimizes the order of encryption and storage of the data 110, 115, 120, 125.
According to one embodiment, the accident signal 107 is provided by the identification device 140 when an airbag of a restraint system 150 of the vehicle 100 is triggered, whereby the temporary Event Data 110 is stored in a non-volatile manner in a non-volatile storage device 127, which may also be referred to as an "Event Data memory", in english "Event Data Recorder", for short "EDR". The autonomous vehicle 105 requires such a function in order to comply with upcoming regulations on the one hand and also with regard to product liability on the other hand. The data set required by the autonomous vehicle 105 may be much larger than the data set of the airbag event data store, which presents a significant challenge to the processing performance of the responsible control device, which may be a domain control device of the driver assistance system.
The device 100 or the control device for storing data of the automated driving constantly stores the necessary data in a temporary/volatile storage of the vehicle 105, here in the ring memory 137. Once a critical condition, such as an accident, is identified, the apparatus 100 stores data from the volatile storage into the non-volatile storage 127 (which may also be referred to as "persistent storage"). In the device 100, this occurs relatively quickly, since there is no guarantee of current supply after a severe collision. In addition to large amounts of data, the data set may also contain sensitive data, such as data that requires encryption regarding driver privacy. The encryption and storage of large amounts of data is a huge challenge for the responsible device 100.
The solution proposed here makes it possible to optimize the order of encryption and storage of data sets, for example for autonomous driving. Instead of encrypting the data first, the original data is first stored by the device 100 and, after storage, the data is encrypted and saved in the non-volatile memory 127 again. In this way, there is a better chance of: critical data is stored during the incident, even though it may not have been encrypted. When the power supply is available after an accident, according to this embodiment, the stored original data is finally replaced by encrypted data.
In the method proposed here, which is controlled by the device 100, it is possible to switch between a typical data storage method (in which encryption is first carried out and only permanent storage is then carried out) and the nonvolatile storage proposed here, which is carried out before encryption, depending on the severity of the accident. Here, the severity of the accident is detected, for example, by an acceleration sensor of the restraint system 150. According to one exemplary embodiment, the device 100 has a redundant current supply or a self-sufficient device (autarkieeinirichtung) which is designed to ensure a redundant current supply after or when the current supply of the vehicle 105 fails.
According to one exemplary embodiment, the non-volatile memory device 127 for the data of the autonomous driving is implemented or can be implemented in a Control unit, for example a field Control unit (abbreviated to "DASy"), an electronic stability Control unit (abbreviated to "VDC"), and/or a so-called "capture/comparison unit" (abbreviated to "CCU") for a driver assistance system. One of these control devices can be generally used for such a function as a so-called "host control device" (host ECU in english).
FIG. 2 shows a flow diagram of a method 200 for protecting data of a vehicle according to an embodiment. Here, a method 200 may be referred to that can be performed or manipulated by the apparatus described in fig. 1.
The method 200 has a step 205 of storing in a non-volatile manner, an encryption step 210 and a storing step 215. In step 205 of storing in a non-volatile manner, the temporary event data of the vehicle is stored in a non-volatile manner as non-volatile event data in response to the accident signal. The accident signal indicates a recognized vehicle accident. In an encryption step 210, the non-volatile event data is encrypted to obtain encrypted event data. In a storing step 215, the encrypted event data is stored as encrypted permanent event data.
In steps 205, 210, 215, the respective data may be processed on a block-by-block basis or in a continuous data stream.
According to one embodiment, steps 205, 210, 215 are performed independent of the severity of the incident. According to an alternative embodiment, the step 205 of storing in a non-volatile manner is only performed when the accident signal indicates a serious accident. Conversely, if the incident signal indicates a minor incident, step 205 of storing in a non-volatile manner is skipped and the temporary event data is directly encrypted in step 210.
According to an embodiment, the method 200 optionally further has an identifying step 220, a reading step 225 and/or a deleting step 230.
In an identification step 220, an accident is identified and an accident signal is provided. Optionally, the severity of the incident is identified and indicated by the incident signal in step 220. In a reading step 225, the temporary event data is read through an interface to the vehicle's ring memory or sensor device. Here, the temporary event data may be read in the form of one or more electrical signals via a data line. In a deletion step 230, the non-volatile event data and/or the encrypted persistent event data are deleted. According to this embodiment, the deletion step 230 is performed after the encryption step 210 and/or the storage step 215.
The method steps set forth herein may be repeatedly performed so that the temporary event data that is continuously accumulated may be continuously processed.
FIG. 3 illustrates a block diagram 300 of the method 200 according to an embodiment. This may relate to an embodiment of the method 200 depicted in fig. 2.
According to this embodiment, a first block 305 of the block diagram 300 identifies the start of the method. After the start, according to this embodiment, a temporary storage step 310 is implemented, temporarily storing the data in a volatile storage device (e.g. a ring memory). In the subsequent query block 315, it is queried whether a vehicle accident has occurred according to this embodiment. If no accident has occurred, the method ends with a final block 320 according to this embodiment. In contrast, if a vehicle accident has occurred, the step 205 of storing in a nonvolatile manner, the step 210 of encrypting, the step 215 of storing, and/or the step 220 of deleting are sequentially performed according to the embodiment. In a deletion step 220, according to this embodiment, the non-volatile event data and the encrypted permanent event data are deleted. After the deletion step 220, the method ends in a final block 320 according to this embodiment.
Fig. 4 shows a schematic representation of a time sequence t of the method 200 according to an embodiment. The method described in one of fig. 2 or 3 can be used here. The procedure of the method is shown as an example in the case of a vehicle accident without interruption of the current supply. One line marks the accident time point 400 of the accident.
According to one embodiment, the temporary storage step 310 is performed until an incident is indicated. Subsequently, the step 205 of storing in a non-volatile manner, the step 210 of encrypting, the step 215 of storing and the step 230 of deleting are carried out as described above.
In the embodiment shown here, the solution proposed here has no significant advantage compared to the simplified procedure described below on the basis of fig. 6, since the current supply is still available after an accident has occurred. It is assumed here that in the event of a small accident or slight damage to the vehicle, for example in the event of an accident with pedestrians and subsequent inspection of the vehicle or when the vehicle is driven again after the occurrence of an accident, the stored data is protected in encrypted form from unauthorized persons. According to one embodiment, the procedure described on the basis of fig. 4 is carried out even in the presence of a minor accident in which it is assumed that the current supply required for carrying out the method is not interrupted. In contrast, according to an alternative embodiment, the procedure described on the basis of fig. 4 is only carried out when there is a serious accident in which the current supply required for carrying out the method is assumed to be interrupted. In the event of a minor accident, the method described on the basis of fig. 6 is implemented instead.
Fig. 5 shows a schematic representation of a time sequence t of the method 200 according to an embodiment. The method described in one of fig. 2 or 3 can be used here. The procedure of the method is shown as an example in the case of a vehicle accident with an interruption of the current supply. One line marks the accident point in time 400 of the accident and one other line marks the interruption point in time 405 of the interruption of the current supply. According to this embodiment, the interruption time point 405 is arranged after the step 205 of storing in a non-volatile manner and/or during the encryption step 210.
According to this embodiment, the solution proposed herein helps to keep unencrypted data in persistent memory if the current supply is interrupted after an accident. It is assumed here that the vehicle is inspected by law enforcement immediately after a serious accident has occurred and that the vehicle is driven again or that most components are replaced with a low probability.
Fig. 6 shows a schematic representation of a time sequence t of the method 200 according to an embodiment. The method described in one of fig. 2 or 3 can be used here. The procedure of the method is shown as an example in the event of a minor accident of the vehicle in which it is assumed that the current supply is not interrupted. One line marks the accident time point 400 of the accident.
According to one embodiment, the temporary storage step 310 is implemented corresponding to the procedure described on the basis of fig. 4 until an accident is indicated. Subsequently, unlike the flow described on the basis of fig. 4, an encryption step 210 is directly carried out, in which the temporary event data is directly encrypted in order to obtain encrypted event data, which are then permanently stored in a step 215, as described on the basis of fig. 4.

Claims (14)

1. A method (200) for protecting data of a vehicle (105), wherein the method (200) has the following steps:
storing (205) temporary event data (110) of the vehicle (105) in a non-volatile manner as non-volatile event data (115) in response to an accident signal (107) representing an accident of the vehicle (105);
encrypting (210) the non-volatile event data (115) to obtain encrypted event data (120); and
storing (215) the encrypted event data (120) as encrypted persistent event data (125).
2. The method (200) according to claim 1, in which method, in the step of storing in a non-volatile manner (205), the temporary event data (110) in the form of raw data is stored in a non-volatile manner as the non-volatile event data (115).
3. The method (200) according to any one of the preceding claims, in which, in the step of storing in a non-volatile manner (205), the temporary event data (110) is stored in a non-volatile storage (127) as the non-volatile event data (115).
4. The method (200) according to any one of the preceding claims, in which, in the storing step (215), the encrypted event data (120) is stored in a further non-volatile storage as the encrypted permanent event data (125).
5. The method (200) according to any one of the preceding claims, in which, in the storing step (215), the non-volatile event data (115) is replaced by the encrypted permanent event data (125).
6. The method (200) according to any one of the preceding claims, having a deletion step (230) in which the non-volatile event data (115) and/or the encrypted permanent event data (125) are deleted.
7. Method (200) according to any of the preceding claims, in which method at least one step (205, 210, 215, 220, 225, 230; 310) of the method (200) is performed using energy from a redundant current supply of the vehicle (105).
8. The method (200) according to any of the preceding claims, having the step (220) of identifying the incident and providing the incident signal (107) in response to the identification of the incident.
9. The method (200) according to claim 8, wherein in the step of identifying (220), the accident signal (107) is provided if the accident has a predetermined severity.
10. The method (200) according to any one of the preceding claims, in which, if the accident signal (107) indicates that the severity of the accident is more severe than the predetermined severity, the step of storing in a non-volatile manner (205) is carried out and the non-volatile event data is encrypted in the encryption step (210), in which, if a further accident signal (142) indicates that the severity of the accident is less severe than the predetermined severity, the step of storing in a non-volatile manner (205) is skipped and the temporary event data (120) is encrypted in the encryption step (210) in order to obtain the encrypted event data (120).
11. The method (200) according to any one of the preceding claims, having the step (225) of reading the temporary event data (110) by means of an interface to an annular memory (137) or a sensor device (139) of the vehicle (105).
12. An apparatus (100) arranged for implementing and/or handling the steps (205, 210, 215, 220, 225, 230; 310) of the method (200) according to any one of the preceding claims in a respective unit (127, 130, 135, 140).
13. A computer program arranged for carrying out and/or handling the steps (205, 210, 215, 220, 225, 230; 310) of the method (200) according to any one of claims 1 to 11.
14. A machine-readable storage medium on which a computer program according to claim 13 is stored.
CN202110623270.8A 2020-06-04 2021-06-04 Method, device, computer program and machine-readable storage medium for protecting vehicle data Pending CN113765996A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
DE102020207009.1A DE102020207009A1 (en) 2020-06-04 2020-06-04 Method and device for backing up data for a vehicle
DE102020207009.1 2020-06-04

Publications (1)

Publication Number Publication Date
CN113765996A true CN113765996A (en) 2021-12-07

Family

ID=78605262

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110623270.8A Pending CN113765996A (en) 2020-06-04 2021-06-04 Method, device, computer program and machine-readable storage medium for protecting vehicle data

Country Status (3)

Country Link
JP (1) JP2021193560A (en)
CN (1) CN113765996A (en)
DE (1) DE102020207009A1 (en)

Also Published As

Publication number Publication date
JP2021193560A (en) 2021-12-23
DE102020207009A1 (en) 2021-12-09

Similar Documents

Publication Publication Date Title
US8965626B2 (en) Event data recording for vehicles
US7368935B2 (en) Tamper response system for integrated circuits
CN111492361B (en) System and method for side channel based network attack detection
US20020183905A1 (en) Drive recorder for motor vehicle and data reading apparatus for the same
WO2016150700A1 (en) Apparatus and method for recording data associated with a vehicle
US8867746B2 (en) Method for protecting a control device against manipulation
US11200634B2 (en) Dynamic watermarking of vehicle camera images
JP2001147860A (en) Method for protecting data memory
US10025954B2 (en) Method for operating a control unit
JP2018173760A (en) Video recording device and video recording method
CN102257506A (en) Copy safe storage
CN113765996A (en) Method, device, computer program and machine-readable storage medium for protecting vehicle data
US20060152173A1 (en) Method and apparatus for intentionally damaging a solid-state disk
KR101007247B1 (en) Video recording device and method
US20100122056A1 (en) Method and Device for Securely Storing and Securely Reading User Data
US20060107133A1 (en) Tampering-protected microprocessor system and operating procedure for same
JP5353147B2 (en) Face matching system
JP4898357B2 (en) Operation status storage device
JP7003243B2 (en) Safety systems, electronics, vehicles, methods for vehicle electronics
JP7447696B2 (en) Drive recorder operation system
US11381399B2 (en) Enhanced vehicle operation
JP2019160221A (en) Vehicle information processing device, vehicle information processing system, vehicle information processing program, and vehicle information processing method
KR20110005119A (en) Method and apparatus for recording video according to emergency in blackbox system for vehicle
KR100484448B1 (en) Method for partial updating a program of digital video recorder for monitoring
EP4071735A1 (en) Storage control device, control method, program, and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination