CN114039721B - Key management method and device for vehicle-mounted multimedia system - Google Patents

Key management method and device for vehicle-mounted multimedia system Download PDF

Info

Publication number
CN114039721B
CN114039721B CN202010698408.6A CN202010698408A CN114039721B CN 114039721 B CN114039721 B CN 114039721B CN 202010698408 A CN202010698408 A CN 202010698408A CN 114039721 B CN114039721 B CN 114039721B
Authority
CN
China
Prior art keywords
vehicle
key data
key
data
multimedia system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010698408.6A
Other languages
Chinese (zh)
Other versions
CN114039721A (en
Inventor
薛鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Co Wheels Technology Co Ltd
Original Assignee
Beijing Co Wheels Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Co Wheels Technology Co Ltd filed Critical Beijing Co Wheels Technology Co Ltd
Priority to CN202010698408.6A priority Critical patent/CN114039721B/en
Publication of CN114039721A publication Critical patent/CN114039721A/en
Application granted granted Critical
Publication of CN114039721B publication Critical patent/CN114039721B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the disclosure discloses a key management method of a vehicle-mounted multimedia system, relates to the technical field of vehicle-mounted terminal information security, and mainly aims to improve the security and universality of key data of the vehicle-mounted multimedia system. The main technical scheme of the embodiment of the disclosure comprises: the cloud system distributes vehicle identifications for the security chips of the vehicle-mounted multimedia system, wherein the vehicle identifications have uniqueness; the cloud system generates key data corresponding to the vehicle identifier, wherein the key data is shared by a plurality of application programs in the vehicle-mounted multimedia system; the cloud system provides the vehicle identification and the key data corresponding to the vehicle identification to an MES system, and the MES system executes a management system for the production process of a manufacturing enterprise; and the MES system fills the key data into the security chip based on the vehicle identification, so that the security chip encrypts the communication data of each application program by using the key data.

Description

Key management method and device for vehicle-mounted multimedia system
Technical Field
The embodiment of the disclosure relates to the technical field of vehicle-mounted terminal information security control, in particular to a key management method and device of a vehicle-mounted multimedia system.
Background
The vehicle-mounted multimedia system is a multimedia system embedded and installed in an automobile environment for use, and a plurality of application programs can be deployed on the vehicle-mounted multimedia system so as to meet the various requirements of users, such as navigation, communication, entertainment and the like. In order to meet the demands of users, applications in the vehicle-mounted multimedia system frequently interact with other devices or cloud systems in the vehicle. Along with popularization of the Internet of vehicles, security of information interaction of the vehicle-mounted multimedia system is gradually valued, construction of public key infrastructure is gradually mature, and security assurance of communication and system operation in the vehicle-mounted multimedia system is transferred from perfection of a security mechanism to security use of public and private keys and symmetric keys in use of the public key system. The key for ensuring the safe use of the key data and preventing leakage is the key of the safety of the vehicle-mounted multimedia system.
Currently, applications in vehicle-mounted multimedia systems accomplish the interaction of information using only key data provided by the provider to which they belong. For example, key data used by an instant messaging application to encrypt chat records originates from the provider of the messaging application and is only available to the instant messaging application itself. In addition, since the key data of the application program is usually stored in the data partition of the main storage device of the vehicle-mounted multimedia system, once the factory setting of the vehicle-mounted multimedia system occurs, the key data will be lost, and the key data in the data partition has poor protection and is easily stolen maliciously. In the existing mode, the security and the universality of key data of the vehicle-mounted multimedia system are poor.
Disclosure of Invention
In view of this, the embodiments of the present disclosure provide a method and an apparatus for managing a key of a vehicle-mounted multimedia system, which are mainly aimed at improving the security and versatility of key data of the vehicle-mounted multimedia system. The main technical scheme comprises the following steps:
in a first aspect, embodiments of the present disclosure provide a key management method of an in-vehicle multimedia system, the method including:
the cloud system distributes vehicle identifications for security chips of the vehicle-mounted multimedia system, wherein the vehicle identifications have uniqueness;
the cloud system generates key data corresponding to the vehicle identifier, wherein the key data is shared by a plurality of application programs in the vehicle-mounted multimedia system;
the cloud system provides the vehicle identifier and the key data corresponding to the vehicle identifier to an MES system, wherein the MES system is an execution management system for a production process of a manufacturing enterprise;
and the MES system fills the key data into the security chip based on the vehicle identification, so that the security chip encrypts the communication data of each application program by using the key data.
In a second aspect, an embodiment of the present disclosure provides a key management method of an on-vehicle multimedia system, applied to a security chip in the on-vehicle multimedia system, the method including:
Acquiring communication data of an application program in a vehicle-mounted multimedia system;
encrypting the communication data by utilizing key data corresponding to the application program; the key data is filled in the security chip and is shared by a plurality of application programs in the vehicle-mounted multimedia system;
and providing the encrypted communication data to a receiver of the communication data.
In a third aspect, embodiments of the present disclosure provide a key management apparatus of an in-vehicle multimedia system, the apparatus including:
the cloud system is used for distributing vehicle identifications to the security chips of the vehicle-mounted multimedia system; generating key data corresponding to the vehicle identification; providing the vehicle identification and the key data corresponding to the vehicle identification to an MES system; wherein the vehicle identification has uniqueness; the key data is shared by a plurality of application programs in the vehicle-mounted multimedia system; the MES system is a manufacturing process execution management system of a manufacturing enterprise;
and the MES system is used for filling the key data into the security chip based on the vehicle identification so that the security chip can encrypt communication data of each application program by using the key data.
In a fourth aspect, embodiments of the present disclosure provide a security chip in a vehicle-mounted multimedia system, the security chip comprising:
the acquisition unit is used for acquiring communication data of an application program in the vehicle-mounted multimedia system;
an encryption unit configured to encrypt the communication data using key data corresponding to the application program; the key data is filled in the security chip and is shared by a plurality of application programs in the vehicle-mounted multimedia system;
and the sending unit is used for providing the encrypted communication data to a receiving party of the communication data.
In a fifth aspect, embodiments of the present disclosure provide a key management system of an in-vehicle multimedia system, including: the key management device of the in-vehicle multimedia system according to the third aspect, and the in-vehicle multimedia system in which the security chip in the in-vehicle multimedia system according to the fourth aspect is disposed.
In a sixth aspect, an embodiment of the present disclosure provides a storage medium, where the storage medium includes a stored program, and when the program runs, controls a device where the storage medium is located to execute the key management method of the vehicle-mounted multimedia system described in the first aspect, or execute the key management method of the vehicle-mounted multimedia system described in the second aspect.
In a seventh aspect, embodiments of the present disclosure provide a human-machine interaction device comprising a storage medium coupled to one or more processors configured to execute program instructions stored in the storage medium; when the program instructions run, the key management method of the vehicle-mounted multimedia system according to the first aspect is executed, or the key management method of the vehicle-mounted multimedia system according to the second aspect is executed.
By means of the technical scheme, the key management method and device of the vehicle-mounted multimedia system, and the cloud system distributes unique vehicle identifications for the security chips of the vehicle-mounted multimedia system. The cloud system generates key data corresponding to the vehicle identification, and the key data is shared by a plurality of application programs in the vehicle-mounted multimedia system. The cloud system provides the vehicle identification and the key data corresponding to the vehicle identification to the MES system. The MES system fills the key data into the security chip based on the vehicle identification, so that the security chip encrypts the communication data of each application program by using the key data. It can be seen that the embodiments of the present disclosure realize that different vehicles have different key data, and even if the key data on one vehicle is stolen maliciously, the security of the key data on other vehicles is not affected. In order to increase the versatility of the key data, a plurality of applications in the in-vehicle multimedia system share the same key data. In addition, the key data is uniformly managed by the security chip, so that the risk of malicious theft of the key data can be reduced. Therefore, the scheme provided by the embodiment of the disclosure improves the safety and the universality of the key data of the vehicle-mounted multimedia system.
The foregoing description is merely an overview of the technical solutions of the embodiments of the present disclosure, and may be implemented according to the content of the specification in order to make the technical means of the embodiments of the present disclosure more clearly understood, and in order to make the foregoing and other objects, features and advantages of the embodiments of the present disclosure more comprehensible, the following detailed description of the embodiments of the present disclosure.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the embodiments of the disclosure. Also, like reference numerals are used to designate like parts throughout the figures. In the drawings:
FIG. 1 illustrates a flow chart of a key management method for an in-vehicle multimedia system provided by an embodiment of the present disclosure;
FIG. 2 illustrates a flow chart of another key management method for an in-vehicle multimedia system provided by an embodiment of the present disclosure;
FIG. 3 illustrates a flow chart of a key management method of yet another in-vehicle multimedia system provided by an embodiment of the present disclosure;
FIG. 4 illustrates a flow chart of a key management method of yet another in-vehicle multimedia system provided by an embodiment of the present disclosure;
Fig. 5 shows a block diagram of a key management apparatus of a vehicle-mounted multimedia system according to an embodiment of the present disclosure;
FIG. 6 shows a block diagram of a security chip of an in-vehicle multimedia system provided by an embodiment of the present disclosure;
FIG. 7 illustrates a block diagram of the components of a security chip of another in-vehicle multimedia system provided by an embodiment of the present disclosure;
fig. 8 shows a block diagram of a key management system of an in-vehicle multimedia system according to an embodiment of the present disclosure.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
In a first aspect, an embodiment of the present disclosure provides a key management method of a vehicle-mounted multimedia system, where the method is applied to a key management device of a vehicle-mounted multimedia system composed of a cloud system and an MES system, as shown in fig. 1, and the method mainly includes:
101. The cloud system distributes vehicle identifications for the security chips of the vehicle-mounted multimedia system.
The vehicle-mounted multimedia system is a multimedia system embedded and installed in an automobile environment for use, and a plurality of application programs can be deployed on the vehicle-mounted multimedia system so as to meet the various requirements of users, such as navigation, communication, entertainment and the like. In order to improve the security and versatility of key data in an in-vehicle multimedia navigation system, a security chip is deployed in the in-vehicle multimedia system to communicate the management and use of key data to the security chip. The safety standard of the safety chip is EAL5+ level or above. It should be noted that, in order to avoid the loss of key data, the security chip should also have the following functions: when the vehicle-mounted multimedia system is restored to the factory setting, the key data in the security chip is not affected, that is, once the key data is filled into the security chip, any other operation cannot delete the key data as long as the vehicle enterprise does not perform the refilling operation or the upgrading operation.
The cloud system is a cloud system used by a vehicle enterprise to manage and maintain information related to the vehicle. The cloud system needs to allocate a vehicle identifier to a security chip of the vehicle-mounted multimedia system so that one security chip can only be used in one vehicle, and therefore the uniqueness of the key data of each vehicle is achieved after the security chip is filled with the key data. The vehicle identifier allocated to the security chip by the cloud system has uniqueness, that is, the vehicle identifier of each vehicle is different. The vehicle identification may be, but is not limited to, VIN (Vehicle Identification Number ) or vehicle-to-machine serial number or PIN (Personal Identification Number, identification code).
The time for the cloud system to distribute the vehicle identifier to the security chip of the vehicle-mounted multimedia system at least comprises the following two steps:
first, when the security chip is not delivered to the vehicle enterprise, the provider of the security chip requests the cloud system to allocate the vehicle identifier. And when the cloud system receives a request of a safety chip provider, generating a plurality of vehicle identifications in batches, and providing the generated vehicle identifications in batches to the provider in a queue form. After the provider receives the vehicle identifications, each vehicle identification is written into a security chip correspondingly. After the vehicle enterprise receives the safety chip of the supplier, the safety chip is correspondingly deployed in the vehicle-mounted multimedia system.
Second, the security chips have been deployed in vehicles, and vehicle identifications are assigned to the respective security chips before the vehicles leave the factory, so that the respective security chips are filled with key data based on the vehicle identifications before the vehicles leave the factory.
102. And the cloud system generates key data corresponding to the vehicle identifier, wherein the key data is shared by a plurality of application programs in the vehicle-mounted multimedia system.
In order to ensure the security of the key, the situation that the key data in different vehicle-mounted multimedia systems can be shared is avoided, and the key data generated by the cloud system has uniqueness, that is, different vehicle identifications correspond to different key data. The key data described herein may be an asymmetric key (RSE public-private key pair) and/or a symmetric key (AES key).
The following describes a method for generating key data corresponding to a vehicle identifier by using a cloud system:
first, an asymmetric key in the key data is generated using a preset asymmetric key function, and/or a symmetric key in the key data is generated using a preset symmetric key generation function.
Second, the cloud system generates a random number for the vehicle identifier, and generates key data corresponding to the vehicle identifier based on a combination result of the vehicle identifier and the random number. In this method, since the vehicle identifier is unique data, even if a random number with poor randomness is generated by the random number, the uniqueness of the key data corresponding to the vehicle identifier can be ensured. It should be noted that, based on the combination result of the vehicle identifier and the random number, the process of generating the key data corresponding to the vehicle identifier at least includes the following two processes: firstly, directly taking a combination result of a vehicle identifier and a random number as key data corresponding to the vehicle identifier; and secondly, taking the combination result of the vehicle identification and the random number as seed parameters of an asymmetric key function and/or a symmetric key generation function, and generating key data by the asymmetric key function and/or the symmetric key generation function.
The key data generated by the cloud data are shared by a plurality of application programs in the vehicle-mounted multimedia system, and when each application program carries out data interaction with the cloud system or other subsystems in the vehicle (such as mcu, a vehicle-mounted Ethernet gateway and an instrument panel system), the same key data are adopted to complete the data, so that unified management of the key data is facilitated.
Further, the amount of key data corresponding to the vehicle identifier generated by the cloud system is related to the requirement that the key data is used by the deployed application program in the vehicle-mounted multimedia system:
when all application programs deployed in the vehicle-mounted multimedia system need to share the same key data, the cloud system generates key data corresponding to the vehicle identifier, and the key data is shared by all application programs in the vehicle-mounted multimedia system.
When all applications deployed in the vehicle-mounted multimedia system are divided into different groups, there are a plurality of applications in each group, and the different groups have different key data requirements. The number of key data corresponding to the vehicle identifier generated by the cloud system will be multiple. Each group has a corresponding piece of key data that is shared by a plurality of applications in the group. After a plurality of key data are filled into the MES system, the security chip uses each key data to encrypt only the communication data of the application program corresponding to the key data. The packets involved in this manner may be related to the service or the provider of the application. For example, applications of the same service are grouped into a group; for example, applications from the same provider are grouped together. Because different groups have different key data, if data leakage occurs between application programs of different groups, the security of the data can be ensured.
103. And the cloud system provides the vehicle identifier and the key data corresponding to the vehicle identifier for the MES system.
The MES system is a manufacturing process execution management system for a manufacturing enterprise.
In order to ensure the safety of the transmission of the vehicle identification and the key data and avoid the tampering or malicious interception of the key data in the transmission process, the cloud system can encrypt the vehicle identification and the key data before providing the vehicle identification and the key data corresponding to the vehicle identification to the MES system, and provide the encrypted key data and the vehicle identification to the MES system.
If the safety of the vehicle identification and the key data transmission needs to be further improved, the cloud system performs signature operation after encrypting the vehicle identification and the key data, and then provides the signed key data and the vehicle identification for the MES system.
The cloud system can provide the vehicle identification and the key data corresponding to the vehicle identification to the MES system in a WebService mode. Further, in order to reduce the number of data transmissions between the cloud system and the MES system, the cloud system may provide the MES system with a plurality of vehicle identifications and a plurality of key data corresponding to the plurality of vehicle identifications at a time. The key data provided once enables the MES system to perform the key data filling operation within a set period of time, illustratively one week.
104. And the MES system fills the key data into the security chip based on the vehicle identification, so that the security chip encrypts the communication data of each application program by using the key data.
When the MES system is used for filling the key data into the security chips, firstly, determining which key data needs to be filled into which security chips according to the vehicle identification, and secondly, after determining the security chips corresponding to the key data, filling the key data into the security chips.
In order to ensure the source of the key data and the confidentiality of the key data, the MES system needs to encrypt the key data before filling the key data into the security chip. The encryption process of the key data may be: encrypting the key data by using the root public key, and filling the encrypted key data into a security chip; and then the security chip decrypts the key data by adopting a root private key corresponding to the root public key, and after the decryption is successful, the security chip stores the key data, so that the filling of the key data is completed. In order to further improve the security of the key data, the key data may be encrypted with at least one set key before being encrypted with the root public key, and then the encrypted key data may be encrypted with the root public key. Or in order to further improve the security of the key data, after the key data is encrypted by using the root public key, signature processing is carried out on the key data, so that the security chip needs prior signing when receiving the key data, and the security chip finishes filling of the key data after signing and decryption are successful.
After the key data is successfully filled into the security chip, the security chip encrypts communication data of each application program sharing the key data by using the key data. Because the key data used in encryption processing is derived from the cloud system of the vehicle enterprise, the security of the communication data of each application program can be ensured to the greatest extent.
According to the key management method of the vehicle-mounted multimedia system, which is provided by the embodiment of the disclosure, the cloud system distributes unique vehicle identifications for the security chips of the vehicle-mounted multimedia system. The cloud system generates key data corresponding to the vehicle identification, and the key data is shared by a plurality of application programs in the vehicle-mounted multimedia system. The cloud system provides the vehicle identification and the key data corresponding to the vehicle identification to the MES system. The MES system fills the key data into the security chip based on the vehicle identification, so that the security chip encrypts the communication data of each application program by using the key data. It can be seen that the embodiments of the present disclosure realize that different vehicles have different key data, and even if the key data on one vehicle is stolen maliciously, the security of the key data on other vehicles is not affected. In order to increase the versatility of the key data, a plurality of applications in the in-vehicle multimedia system share the same key data. In addition, the key data is uniformly managed by the security chip, so that the risk of malicious theft of the key data can be reduced. Therefore, the scheme provided by the embodiment of the disclosure improves the safety and the universality of the key data of the vehicle-mounted multimedia system.
In a second aspect, according to the method of the first aspect, another embodiment of the disclosure further provides a key management method of an in-vehicle multimedia system, as shown in fig. 2, where the method mainly includes:
201. the cloud system distributes vehicle identifications for the security chips of the vehicle-mounted multimedia system.
202. The cloud system generates key data corresponding to the vehicle identification.
The key data is shared by a plurality of application programs in the vehicle-mounted multimedia system.
203. The cloud system correspondingly stores the vehicle identification and the key data.
The cloud system correspondingly stores the vehicle identification and the key data, and aims at the following two points: firstly, the corresponding relation between the vehicle and the key data is maintained, and the key data of the security chip is prepared for updating later. And secondly, when the cloud system receives the encrypted communication data sent by the vehicle-mounted multimedia system, the cloud system decrypts the encrypted communication data by utilizing the stored key data based on the vehicle identification so as to perform data operation based on the data obtained after decryption. The encrypted communication data is obtained by encrypting the communication data of the application program sharing the key data by the security chip by using the filled key data.
204. The cloud system provides the vehicle identification and the key data corresponding to the vehicle identification to the MES system.
205. The MES system determines the security chip to be filled with the key data based on the vehicle identification.
206. The MES system encrypts the key data and transmits and fills the processed key data to the security chip.
In order to ensure the source of the key data and the confidentiality of the key data, the MES system only fills the key data into the security chip after encrypting the key data. The encryption process of the key data may be: encrypting the key data by using the root public key, and filling the encrypted key data into a security chip; and then the security chip decrypts the key data by adopting a root private key corresponding to the root public key, and after the decryption is successful, the security chip stores the key data, so that the filling of the key data is completed. In order to further improve the security of the key data, the key data may be encrypted with at least one set key before being encrypted with the root public key, and then the encrypted key data may be encrypted with the root public key. Or in order to further improve the security of the key data, after the key data is encrypted by using the root public key, signature processing is carried out on the key data, so that the security chip needs prior signing when receiving the key data, and the security chip finishes filling of the key data after signing and decryption are successful.
207. The MES system judges whether the filling success information fed back by the safety chip is received within a set time length; if the MES system does not receive the filling success information fed back by the safety chip within the set time length, executing 208; otherwise, 209 is performed.
The filling success information is sent after the security chip decrypts and signs the processed key data successfully and stores the key data. If the security chip feeds back the filling success information to the MES system, it indicates that the key data has been successfully filled into the security chip, and the security chip can use the key data, and at this time, the execution 210 is completed. If the secure chip does not feed back the filling success information to the MES system within a set period of time, it is indicated that the key data is not successfully filled into the secure chip, and the key data has a problem in a process of transmitting from the MES system to the secure chip or in a process of decrypting the key data by the secure chip, then in order to ensure that the key data can be successfully filled into the secure chip, execution 208 is required.
208. The MES system carries out encryption processing on the key data again, and the key data after the reprocessing is filled into the security chip.
In order to ensure that the key data can be successfully filled into the security chip, the key data needs to be encrypted again, and the encryption mode of encrypting the key data again can be the same as that of the previous encryption. Optionally, in order to exclude the possibility that the filling was unsuccessful due to the last encryption process, the encryption manner of re-encrypting the key data is different from the method of the last encryption process. In addition, in order to further improve the security of the key data transmission, a signature operation may be performed after the key data is encrypted.
In order to avoid re-encrypting the key data an unlimited number of times, it is necessary to determine the number of times the key data is re-encrypted before re-encrypting the encrypted data. If the number of re-encryption is determined to reach the preset number threshold, re-encryption is stopped, and the re-encryption is stopped, so that the problem of failure in filling the key data cannot be solved. At this time, a reminder for the failure of the secure chip to be infused needs to be displayed, so that the business personnel can perform exception handling based on the reminder. If the number of times of re-encryption is determined to not reach the preset number of times threshold, the problem that the re-filling mode after re-encryption is likely to solve the problem of the filling failure of the key data to a certain extent is described, and the key data is re-encrypted.
In addition, the manner of filling the reprocessed key data into the secure chip is based on the same manner as in 206 above, and thus will not be described in detail here.
209. The cloud system judges whether encrypted communication data sent by the vehicle-mounted multimedia system are received or not; executing 210 by the cloud system when the encrypted communication data sent by the vehicle-mounted multimedia system is received; otherwise, the step is continued.
The encrypted communication data described herein is data obtained by encrypting communication data of an application program sharing the key data by the secure chip using the key data which it is filled with. Because the key data used for encrypting the communication data is derived from the cloud system of the vehicle enterprise and is irrelevant to the provider of the application program, the cloud system can conveniently decrypt the communication data.
210. The cloud system decrypts the encrypted communication data by using the stored key data so as to perform data operation based on the data obtained after the decryption.
The cloud system decrypts the encrypted communication data by using the stored key data to obtain the communication data, and the communication data can be subjected to data operation to form corresponding result data. The cloud system can encrypt the result data by using the key data and then transmit the result data back to the vehicle-mounted multimedia system again so that the security chip in the vehicle-mounted multimedia decrypts the result data and provides the result data for corresponding application programs to perform corresponding data operation.
In a third aspect, an embodiment of the present disclosure provides a key management method of a vehicle-mounted multimedia system, as shown in fig. 3, applied to a security chip in the vehicle-mounted multimedia system, where the method mainly includes:
301. Communication data of an application program in the vehicle-mounted multimedia system is acquired.
In order to improve the security and versatility of key data in a vehicle-mounted multimedia navigation system, a security chip is deployed in the vehicle-mounted multimedia system. The security chip is internally filled with key data shared by a plurality of application programs in the vehicle-mounted multimedia system, and management and use of the key data are transmitted to the security chip. The safety standard of the safety chip is EAL5+ level or above. It should be noted that, in order to avoid the loss of key data, the security chip should also have the following functions: when the vehicle-mounted multimedia system is restored to the factory setting, the key data in the security chip is not affected, that is, once the key data is filled into the security chip, any other operation cannot delete the key data as long as the vehicle enterprise does not perform the refilling operation or the key upgrading operation.
The security chip is responsible for encrypting communication data of a plurality of application programs sharing key data, so once an application program needing to communicate outwards exists, the security chip acquires the communication data of the application program to carry out encryption processing.
The vehicle-mounted multimedia system is divided into a kernel space and a user space. The kernel space authority level is high and is responsible for managing allocation and driving of hardware resources. The user space cannot access hardware and peripherals and needs support through the kernel space. In order to integrate the security chip into the vehicle-mounted multimedia system, so that the security chip can acquire communication data of the application program, the security chip provides an access interface for a user space of the vehicle-mounted multimedia system to acquire the communication data through the access interface.
302. And encrypting the communication data by using the key data corresponding to the application program.
The security chip is internally filled with key data common to a plurality of applications in the vehicle-mounted multimedia system. When all applications deployed in the vehicle-mounted multimedia system need to share the same key data, only one key data exists in the security chip. When all application programs deployed in the vehicle-mounted multimedia system are divided into different groups, and each group is provided with a plurality of application programs, the security chip is provided with a plurality of key data, and each key data corresponds to a plurality of application programs in one group.
The safety chip encrypts the communication data by using the key data corresponding to the application program, and the encryption data processing mode is agreed by the vehicle-mounted multimedia system and the receiver of the communication data. Illustratively, the recipient may be several of the following: the cloud system, that is, the application program needs to interact with the cloud system of the vehicle enterprise; and secondly, other subsystems in the vehicle (such as mcu, on-board Ethernet gateway, instrument panel system). It should be noted that, when the receiving party is another subsystem in the vehicle, the cloud system needs to inform the other subsystem of the key data so that the other subsystem can communicate with the application program.
When the security chip encrypts communication data using the key data corresponding to the application program, an encryption processing method needs to be called from an API support library in the user space of the in-vehicle multimedia system to encrypt the communication data according to the encryption processing method and the key data. The API support library is used for packaging encryption processing methods, such as an encryption and decryption method, a signature verification method and the like related to key data, and is in butt joint with the communication library.
303. And providing the encrypted communication data to a receiver of the communication data.
After the communication data is encrypted by the security chip, the encrypted communication data is provided to a receiver of the communication data according to a communication protocol provided by a communication library in the user space. The communication library provides communication between the user space and the security chip and is responsible for protocol analysis and data transmission.
When the encrypted communication data is provided to the receiving party of the communication data, a session connection of the secure socket is established with the receiving party, and the encrypted communication data is provided to the cloud system of the communication data through the session connection. Session connection using secure sockets may establish a secure communication session with a recipient, thereby preventing communication data from being monitored and falsified.
According to the key management method of the vehicle-mounted multimedia system, different vehicles are provided with different key data, and even if the key data on one vehicle is stolen maliciously, the security of the key data on other vehicles is not affected. In order to increase the versatility of the key data, a plurality of applications in the in-vehicle multimedia system share the same key data. In addition, the key data is uniformly managed by the security chip, so that the risk of malicious theft of the key data is reduced. Therefore, the scheme provided by the embodiment of the disclosure improves the safety and the universality of the key data of the vehicle-mounted multimedia system.
In a fourth aspect, according to the method of the third aspect, another embodiment of the disclosure further provides a key management method of an in-vehicle multimedia system, as shown in fig. 4, where the method mainly includes:
401. communication data of an application program in the vehicle-mounted multimedia system is acquired.
402. And receiving the random number signed by the first private key sent by the vehicle-mounted multimedia system.
Some lawbreakers may place a deployed security chip of a non-current vehicle-mounted multimedia system on the current multimedia system for use, and then in order to prevent such a security chip from being stolen, the security chip needs to verify the vehicle-mounted multimedia system after acquiring the communication data.
The verification needs to use a public-private key pair formed by a first private key and a first public key, wherein the public-private key pair is generated by an operating system of the vehicle-mounted multimedia system through a secure execution environment. When the security chip is deployed in the vehicle-mounted multimedia system, the first public key is imported into the security chip. Therefore, the corresponding relation between the vehicle-mounted multimedia system and the security chip can be verified through the first private key and the first public key.
The vehicle multimedia system may sign a random number using the first private key, the random number being randomly generated by a random number generating function, the random numbers used for different verifications.
403. The random number signed by the first private key is signed with the first public key stored in itself, and either 404 or 406 is performed.
The first private key and the first public key are key pairs generated by an operating system of the vehicle-mounted multimedia system through a secure execution environment.
After receiving the random number signed by the first private key, the security chip adopts the first public key stored by itself to carry out signature verification. If the verification passes, it indicates that the vehicle multimedia system corresponds to the security chip, and the security chip is not likely to be stolen, so that 404 is executed. If the verification signature fails, it indicates that the vehicle-mounted multimedia system does not correspond to the security chip, and the security chip is likely to be stolen, so that 406 is executed.
404. If the random number signed by the first private key is successfully signed, the communication data is encrypted by the key data corresponding to the application program.
If the random number signed by the first private key is successfully signed, the fact that the vehicle-mounted multimedia system is corresponding to the security chip is indicated, the security chip is not likely to be stolen, and the communication data is encrypted by utilizing the key data corresponding to the application program. The encryption process may be: and encrypting the communication data encrypted by the key data by utilizing the public key agreed by the data receiver, so that the data receiver security chip adopts the private key corresponding to the public key to decrypt the encrypted data, and then carrying out decryption processing on the decrypted data of the key data. In order to further improve the security of the communication data, the data is signed after being encrypted by the root public key, so that when the communication data is received by the receiver, the receiver needs to sign a priori, and the plaintext of the communication data is obtained after the signature verification and decryption are successful.
405. And providing the encrypted communication data to a receiving party of the communication data, and ending the current flow.
406. And if the random number signature verification of the first private key signature is unsuccessful, deleting the communication data.
If the random number signature of the first private key is unsuccessful, the fact that the vehicle-mounted multimedia system is not corresponding to the security chip is indicated, the security chip is likely to be stolen, and in order to ensure the security of communication data, the communication data are deleted.
Optionally, in order to enable the vehicle enterprise to know which security chips are stolen at the time, loss of the vehicle owner is reduced, after the random number signed by the first private key is checked and signed unsuccessfully, a theft notification can be sent to the cloud system, so that the vehicle enterprise performs corresponding exception handling based on the theft notification.
In a fifth aspect, according to the method shown in fig. 1 or fig. 2, another embodiment of the present disclosure further provides a key management apparatus of an in-vehicle multimedia system, as shown in fig. 5, where the apparatus mainly includes:
the cloud system 51 is used for distributing vehicle identifications to the security chips of the vehicle-mounted multimedia system; generating key data corresponding to the vehicle identification; providing the vehicle identification and the key data corresponding to the vehicle identification to the MES system 52; wherein the vehicle identification has uniqueness; the key data is shared by a plurality of application programs in the vehicle-mounted multimedia system; the MES system is a manufacturing process execution management system of a manufacturing enterprise;
The MES system 51 is configured to fill the key data into the security chip based on the vehicle identifier, so that the security chip encrypts the communication data of each application program using the key data.
According to the key management device of the vehicle-mounted multimedia system, which is provided by the embodiment of the disclosure, the cloud system distributes unique vehicle identifications for the security chips of the vehicle-mounted multimedia system. The cloud system generates key data corresponding to the vehicle identification, and the key data is shared by a plurality of application programs in the vehicle-mounted multimedia system. The cloud system provides the vehicle identification and the key data corresponding to the vehicle identification to the MES system. And the MES system fills the key data into the security chip based on the vehicle identification, so that the security chip encrypts the communication data of each application program by using the key data. It can be seen that, in the embodiment of the present disclosure, different vehicles have different key data, and even if the key data on one vehicle is stolen maliciously, the security of the key data on other vehicles is not affected. In order to increase the versatility of the key data, a plurality of applications in the in-vehicle multimedia system share the same key data. In addition, the key data is uniformly managed by the security chip, so that the risk of malicious theft of the key data is reduced. Therefore, the scheme provided by the embodiment of the disclosure improves the safety and the universality of the key data of the vehicle-mounted multimedia system.
In some embodiments, the cloud system 51 is configured to generate a random number for the vehicle identification; and generating key data corresponding to the vehicle identification based on the combination result of the vehicle identification and the random number.
In some embodiments, the MES system 52 is configured to determine, based on the vehicle identification, a security chip to be filled with the key data; and carrying out encryption processing on the key data, and transmitting and filling the processed key data to the security chip.
In some embodiments, the MES system is further configured to, if the filling success information fed back by the security chip is not received within a set period of time, encrypt the key data again, and transmit and fill the reprocessed key data to the security chip; the filling success information is sent after the security chip decrypts and signs the processed key data successfully, and stores the key data.
In some embodiments, the cloud system is further configured to, after generating the key data corresponding to the vehicle identifier, store the vehicle identifier and the key data correspondingly; when the encrypted communication data sent by the vehicle-mounted multimedia system is received, decrypting the encrypted communication data by utilizing the key data so as to perform data operation based on the data obtained after the decryption; the encrypted communication data is obtained by encrypting the communication data of the application program sharing the key data by the security chip by using the filled key data.
The key management device of the vehicle-mounted multimedia system provided by the embodiment of the fifth aspect may be used to perform the key management method of the vehicle-mounted multimedia system provided by the embodiment of the first aspect or the second aspect, and the related meaning and specific implementation manner of the key management device of the vehicle-mounted multimedia system may be referred to the related description in the embodiment of the first aspect or the second aspect, which are not described in detail herein.
In a sixth aspect, according to the method shown in fig. 3 or fig. 4, another embodiment of the present disclosure further provides a security chip in a vehicle-mounted multimedia system, as shown in fig. 6, where the security chip mainly includes:
an acquisition unit 61 for acquiring communication data of an application program in the in-vehicle multimedia system;
an encryption unit 62 for encrypting the communication data using the key data corresponding to the application program; the key data is filled in the security chip and is shared by a plurality of application programs in the vehicle-mounted multimedia system;
a transmitting unit 63 for providing the encrypted communication data to a receiving party of the communication data.
The security chip in the vehicle-mounted multimedia system provided by the embodiment of the disclosure realizes that different vehicles have different key data, and even if the key data on one vehicle is stolen maliciously, the security of the key data on other vehicles is not affected. In order to increase the versatility of the key data, a plurality of applications in the in-vehicle multimedia system share the same key data. In addition, the key data is uniformly managed by the security chip, so that the risk of malicious theft of the key data is reduced. Therefore, the scheme provided by the embodiment of the disclosure improves the safety and the universality of the key data of the vehicle-mounted multimedia system.
In some embodiments, as shown in fig. 7, the security chip further includes:
a signature verification unit 64, configured to receive a random number signed with a first private key sent by the vehicle-mounted multimedia system; signing the random number signed by the first private key by using a first public key stored in the random number signing device, wherein the first private key and the first public key are key pairs generated by an operating system of the vehicle-mounted multimedia system through a secure execution environment;
an encryption unit 62, configured to encrypt the communication data with key data corresponding to the application program if the verification unit 64 successfully verifies the random number signed by the first private key;
a deleting unit 65, configured to delete the communication data if the random number signed by the first private key by the signing unit 64 is not signed successfully.
In some embodiments, as shown in fig. 7, the transmitting unit 63 includes:
an establishing module 631, configured to establish a session connection of a secure socket with the cloud system;
the sending module 632 is configured to provide the encrypted communication data to the cloud system of the communication data through the session connection.
In some embodiments, as shown in fig. 7, the acquisition unit 61 includes:
The receiving module 611 is configured to obtain the communication data through an access interface, where the access interface is an access interface provided by the security chip for a user space of the vehicle-mounted multimedia system.
In some embodiments, as shown in fig. 7, the encryption unit 62 is configured to invoke an encryption processing method from an API-supported library in a user space of the in-vehicle multimedia system; encrypting the communication data according to the key data and the called encryption processing method.
In some embodiments, as shown in fig. 7, the sending unit 63 is configured to provide the encrypted communication data to a receiver of the communication data according to a communication protocol provided by a communication library in the user space.
The security chip of the vehicle-mounted multimedia system provided by the embodiment of the sixth aspect may be used to perform the key management method of the vehicle-mounted multimedia system provided by the embodiment of the third aspect or the fourth aspect, and the related meaning and specific implementation manner of the key management method of the vehicle-mounted multimedia system may be referred to the related description in the embodiment of the third aspect or the fourth aspect, which are not described in detail herein.
In a seventh aspect, another embodiment of the present disclosure further provides a key management system of an in-vehicle multimedia system, as shown in fig. 8, the system mainly including:
The key management device 81 of the in-vehicle multimedia system according to the fifth aspect, and the in-vehicle multimedia system 82 in which the security chip of the in-vehicle multimedia system according to the sixth aspect is disposed.
The key management system of the vehicle-mounted multimedia system provided by the embodiment of the disclosure realizes that different vehicles have different key data, and even if the key data on one vehicle is stolen maliciously, the security of the key data on other vehicles is not affected. In order to increase the versatility of the key data, a plurality of applications in the in-vehicle multimedia system share the same key data. In addition, the key data is uniformly managed by the security chip, so that the risk of malicious theft of the key data is reduced. Therefore, the scheme provided by the embodiment of the disclosure improves the safety and the universality of the key data of the vehicle-mounted multimedia system.
The key management system of the vehicle-mounted multimedia system provided by the embodiments of the seventh aspect, the relevant meaning and specific implementation manner for the key management system of the vehicle-mounted multimedia system may be referred to the relevant descriptions in the embodiments of the first aspect to the fourth aspect, and will not be described in detail herein.
In an eighth aspect, an embodiment of the present disclosure provides a storage medium, where the storage medium includes a stored program, where the program, when executed, controls a device where the storage medium is located to perform the key management method of the in-vehicle multimedia system of any one of the first aspect or the second aspect, or perform the key management method of the in-vehicle multimedia system of any one of the third aspect or the fourth aspect.
The storage medium may include volatile memory, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM), among other forms in computer readable media, the memory including at least one memory chip.
In a ninth aspect, embodiments of the present disclosure provide a human-machine interaction device comprising a storage medium coupled to one or more processors configured to execute program instructions stored in the storage medium; the program instructions, when executed, perform the key management method of the in-vehicle multimedia system of any one of the first aspect or the second aspect, or perform the key management method of the in-vehicle multimedia system of any one of the third aspect or the fourth aspect.
In the foregoing embodiments, the descriptions of the embodiments are emphasized, and for parts of one embodiment that are not described in detail, reference may be made to related descriptions of other embodiments.
It will be apparent to those skilled in the art that embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, embodiments of the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Moreover, embodiments of the present disclosure may take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, etc., such as Read Only Memory (ROM) or flash RAM. Memory is an example of a computer-readable medium.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises an element.
It will be appreciated by those skilled in the art that embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, embodiments of the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Moreover, embodiments of the present disclosure may take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and variations of the present application will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. which come within the spirit and principles of the application are to be included in the scope of the claims of the present application.

Claims (16)

1. A key management method for a vehicle-mounted multimedia system, the method comprising:
the cloud system distributes vehicle identifications for security chips of the vehicle-mounted multimedia system, wherein the vehicle identifications have uniqueness;
the cloud system generates key data corresponding to the vehicle identifier, wherein the key data is shared by a plurality of application programs in the vehicle-mounted multimedia system;
the cloud system provides the vehicle identifier and the key data corresponding to the vehicle identifier to an MES system, wherein the MES system is an execution management system for a production process of a manufacturing enterprise;
and the MES system fills the key data into the security chip based on the vehicle identification, so that the security chip encrypts the communication data of each application program by using the key data.
2. The method of claim 1, wherein the cloud system generating key data corresponding to the vehicle identification comprises:
the cloud system generates a random number for the vehicle identifier;
and the cloud system generates key data corresponding to the vehicle identifier based on a combination result of the vehicle identifier and the random number.
3. The method of claim 1, wherein the MES system filling the key data into the security chip based on the vehicle identification, comprising:
the MES system determines a security chip needing to be filled with the key data based on the vehicle identification;
and the MES system encrypts the key data and transmits and fills the processed key data to the security chip.
4. A method according to claim 3, characterized in that the method further comprises:
if the MES system does not receive the filling success information fed back by the safety chip within a set time period, carrying out encryption processing on the key data again, and filling the key data after the re-processing to the safety chip; the filling success information is sent after the security chip decrypts and signs the processed key data successfully, and stores the key data.
5. The method of claim 1, wherein after the cloud system generates the key data corresponding to the vehicle identification, the method further comprises, before the cloud system provides the vehicle identification and the key data corresponding to the vehicle identification to a MES system:
the cloud system correspondingly stores the vehicle identification and the key data;
when the cloud system receives the encrypted communication data sent by the vehicle-mounted multimedia system, decrypting the encrypted communication data by utilizing the key data so as to perform data operation based on the data obtained after the decryption; the encrypted communication data is obtained by encrypting the communication data of the application program sharing the key data by the security chip by using the filled key data.
6. A key management method for a vehicle-mounted multimedia system, which is applied to a security chip in the vehicle-mounted multimedia system, the method comprising:
acquiring communication data of an application program in a vehicle-mounted multimedia system;
encrypting the communication data by utilizing key data corresponding to the application program; the key data are filled in the security chip and are shared by a plurality of application programs in the vehicle-mounted multimedia system, the key data are provided by a cloud system to an MES system by a vehicle identifier and the key data corresponding to the vehicle identifier, so that the MES system is filled in the security chip based on the vehicle identifier, the vehicle identifier has uniqueness, and the MES system is an execution management system for a production process of a manufacturing enterprise;
And providing the encrypted communication data to a receiver of the communication data.
7. The method of claim 6, wherein after acquiring the communication data of the application program in the vehicle-mounted multimedia system, before encrypting the communication data using the key data corresponding to the application program, the method further comprises:
receiving a random number signed by a first private key sent by the vehicle-mounted multimedia system;
signing the random number signed by the first private key by using a first public key stored in the random number signing device, wherein the first private key and the first public key are key pairs generated by an operating system of the vehicle-mounted multimedia system through a secure execution environment;
if the random number signed by the first private key is successfully signed, encrypting the communication data by utilizing the key data corresponding to the application program;
and if the random number signature verification of the first private key signature is unsuccessful, deleting the communication data.
8. The method of claim 6, wherein providing the encrypted communication data to a recipient of the communication data, the recipient being the cloud system, comprises:
establishing session connection of a secure socket with the cloud system;
And providing the encrypted communication data to the cloud system of the communication data through the session connection.
9. The method of claim 6, wherein acquiring communication data of an application in the in-vehicle multimedia system comprises:
and acquiring the communication data through an access interface, wherein the access interface is an access interface provided by the security chip for a user space of the vehicle-mounted multimedia system.
10. The method of claim 6, wherein encrypting the communication data using key data corresponding to the application program comprises:
calling an encryption processing method from an API support library in a user space of the vehicle-mounted multimedia system;
encrypting the communication data according to the key data and the called encryption processing method.
11. The method of claim 10, wherein providing the encrypted communication data to the recipient of the communication data comprises:
and providing the encrypted communication data to a receiver of the communication data according to a communication protocol provided by a communication library in the user space.
12. A key management apparatus of a vehicle-mounted multimedia system, the apparatus comprising:
The cloud system is used for distributing vehicle identifications to the security chips of the vehicle-mounted multimedia system; generating key data corresponding to the vehicle identification; providing the vehicle identification and the key data corresponding to the vehicle identification to an MES system; wherein the vehicle identification has uniqueness; the key data is shared by a plurality of application programs in the vehicle-mounted multimedia system; the MES system is a manufacturing process execution management system of a manufacturing enterprise;
and the MES system is used for filling the key data into the security chip based on the vehicle identification so that the security chip can encrypt communication data of each application program by using the key data.
13. A security chip in a vehicle-mounted multimedia system, the security chip comprising:
the acquisition unit is used for acquiring communication data of an application program in the vehicle-mounted multimedia system;
an encryption unit configured to encrypt the communication data using key data corresponding to the application program; the key data are filled in the security chip and are shared by a plurality of application programs in the vehicle-mounted multimedia system, the key data are provided by a cloud system to an MES system by a vehicle identifier and the key data corresponding to the vehicle identifier, so that the MES system is filled in the security chip based on the vehicle identifier, the vehicle identifier has uniqueness, and the MES system is an execution management system for a production process of a manufacturing enterprise;
And the sending unit is used for providing the encrypted communication data to a receiving party of the communication data.
14. A key management system for a vehicle-mounted multimedia system, comprising: the key management device of the in-vehicle multimedia system of claim 12, and the in-vehicle multimedia system in which the security chip in the in-vehicle multimedia system of claim 13 is disposed.
15. A storage medium comprising a stored program, wherein the program, when run, controls a device in which the storage medium is located to perform the key management method of the in-vehicle multimedia system according to any one of claims 1 to 5, or to perform the key management method of the in-vehicle multimedia system according to any one of claims 6 to 11.
16. A human-machine interaction device, the device comprising a storage medium coupled to one or more processors configured to execute program instructions stored in the storage medium; the program instructions, when executed, perform the key management method of the in-vehicle multimedia system according to any one of claims 1 to 5, or perform the key management method of the in-vehicle multimedia system according to any one of claims 6 to 11.
CN202010698408.6A 2020-07-20 2020-07-20 Key management method and device for vehicle-mounted multimedia system Active CN114039721B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010698408.6A CN114039721B (en) 2020-07-20 2020-07-20 Key management method and device for vehicle-mounted multimedia system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010698408.6A CN114039721B (en) 2020-07-20 2020-07-20 Key management method and device for vehicle-mounted multimedia system

Publications (2)

Publication Number Publication Date
CN114039721A CN114039721A (en) 2022-02-11
CN114039721B true CN114039721B (en) 2023-09-22

Family

ID=80134046

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010698408.6A Active CN114039721B (en) 2020-07-20 2020-07-20 Key management method and device for vehicle-mounted multimedia system

Country Status (1)

Country Link
CN (1) CN114039721B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101873587A (en) * 2010-05-27 2010-10-27 大唐微电子技术有限公司 Wireless communication device and method for realizing service security thereof
CN103138919A (en) * 2013-01-18 2013-06-05 广东华大集成技术有限责任公司 Front-end secret key filling system and method of secret key filling
CN106658493A (en) * 2016-10-17 2017-05-10 东软集团股份有限公司 Key management method, device and system
CN108696360A (en) * 2018-04-16 2018-10-23 北京虎符信息技术有限公司 A kind of CA certificate distribution method and system based on CPK keys
CN109040063A (en) * 2018-08-01 2018-12-18 百度在线网络技术(北京)有限公司 Determination method, apparatus, equipment and the storage medium of vehicle ECU key
CN109495454A (en) * 2018-10-26 2019-03-19 北京车和家信息技术有限公司 Authentication method, device, cloud server and vehicle
CN110188558A (en) * 2019-05-29 2019-08-30 深圳市元征科技股份有限公司 A kind of data processing method and relevant device
CN111186414A (en) * 2019-12-31 2020-05-22 深圳前海智安信息科技有限公司 Automobile Bluetooth key safety management system and method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110730065B (en) * 2018-07-17 2022-04-08 关楗股份有限公司 Token device for key backup device and key backup system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101873587A (en) * 2010-05-27 2010-10-27 大唐微电子技术有限公司 Wireless communication device and method for realizing service security thereof
CN103138919A (en) * 2013-01-18 2013-06-05 广东华大集成技术有限责任公司 Front-end secret key filling system and method of secret key filling
CN106658493A (en) * 2016-10-17 2017-05-10 东软集团股份有限公司 Key management method, device and system
CN108696360A (en) * 2018-04-16 2018-10-23 北京虎符信息技术有限公司 A kind of CA certificate distribution method and system based on CPK keys
CN109040063A (en) * 2018-08-01 2018-12-18 百度在线网络技术(北京)有限公司 Determination method, apparatus, equipment and the storage medium of vehicle ECU key
CN109495454A (en) * 2018-10-26 2019-03-19 北京车和家信息技术有限公司 Authentication method, device, cloud server and vehicle
CN110188558A (en) * 2019-05-29 2019-08-30 深圳市元征科技股份有限公司 A kind of data processing method and relevant device
CN111186414A (en) * 2019-12-31 2020-05-22 深圳前海智安信息科技有限公司 Automobile Bluetooth key safety management system and method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Android数据安全存储平台的设计与实现;田伟;高能;王平建;张令臣;;信息网络安全(09);全文 *

Also Published As

Publication number Publication date
CN114039721A (en) 2022-02-11

Similar Documents

Publication Publication Date Title
US10326743B2 (en) Secured data transmission using identity-based cryptography
CN109547445A (en) A kind of method and system that verifying client network requests are legal
CN111163036B (en) Data sharing method, device, client, storage medium and system
CN110740038B (en) Blockchain and communication method, gateway, communication system and storage medium thereof
US20220311767A1 (en) Method and system for granting remote access to an electronic device
CN111917538A (en) Secret key derivation method and device based on vehicle-mounted equipment and vehicle-mounted equipment
CN107920060B (en) Data access method and device based on account
CN115150821A (en) Offline package transmission and storage method and device
CN110138765B (en) Data processing method, data processing device, computer equipment and computer readable storage medium
CN112839013A (en) Key transmission method, device and computer readable storage medium
CN114372242A (en) Ciphertext data processing method, authority management server and decryption server
CN113312655A (en) File transmission method based on redirection, electronic equipment and readable storage medium
CN111131160B (en) User, service and data authentication system
US20190305940A1 (en) Group shareable credentials
CN114039721B (en) Key management method and device for vehicle-mounted multimedia system
WO2022171177A1 (en) Communication key configuration method and apparatus
JP2017060031A (en) On-vehicle control system, vehicle, management device, on-vehicle computer, data sharing method, and computer program
US11856091B2 (en) Data distribution system, data processing device, and program
CN111431846B (en) Data transmission method, device and system
CN102510431A (en) Method, system, device and user terminal for obtaining remote resource
CN114640491A (en) Communication method and system
CN112702170A (en) Management method, management system, viewing method and viewing terminal for vehicle data
CN114666119B (en) Data processing method, device, electronic equipment and medium
CN117527262B (en) Method for constructing automobile security OTA based on chip
CN115174577B (en) Resource access method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant