CN114095190A - Charging data protection method, device, special case processing terminal and storage medium - Google Patents

Charging data protection method, device, special case processing terminal and storage medium Download PDF

Info

Publication number
CN114095190A
CN114095190A CN202010766933.7A CN202010766933A CN114095190A CN 114095190 A CN114095190 A CN 114095190A CN 202010766933 A CN202010766933 A CN 202010766933A CN 114095190 A CN114095190 A CN 114095190A
Authority
CN
China
Prior art keywords
vehicle
sensitive data
identification code
security
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010766933.7A
Other languages
Chinese (zh)
Inventor
黄琰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Infinite Sensing Technology Co ltd
Original Assignee
Beijing Infinite Sensing Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Infinite Sensing Technology Co ltd filed Critical Beijing Infinite Sensing Technology Co ltd
Priority to CN202010766933.7A priority Critical patent/CN114095190A/en
Publication of CN114095190A publication Critical patent/CN114095190A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07BTICKET-ISSUING APPARATUS; FARE-REGISTERING APPARATUS; FRANKING APPARATUS
    • G07B15/00Arrangements or apparatus for collecting fares, tolls or entrance fees at one or more control points
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Finance (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Electric Propulsion And Braking For Vehicles (AREA)

Abstract

The application belongs to the technical field of communication, and particularly relates to a charging data protection method and device, a special case processing terminal and a storage medium. The charging data protection method comprises the following steps: acquiring vehicle sensitive data of a vehicle-mounted unit; performing identity verification on the security module based on the first secret key; after the identity verification is passed, calculating the vehicle sensitive data through a second secret key in the security module to obtain a first security authentication code; and sending the vehicle sensitive data, the module identification code and the first security identification code to a server so that the authenticity of the vehicle charging data is checked based on the vehicle sensitive data when a second security identification code calculated by the server based on the vehicle sensitive data and the module identification code is consistent with the first security identification code. Therefore, the technical scheme of the application can ensure the authenticity of the vehicle charging data.

Description

Charging data protection method, device, special case processing terminal and storage medium
Technical Field
The application belongs to the technical field of communication, and particularly relates to a charging data protection method and device, a special case processing terminal and a storage medium.
Background
With the continuous development of science and technology, roads play a very important role in the transportation industry. The rapid development of the road can facilitate communication between users and promote the development of economy. In order to adapt to the development of economic technology, when a user drives a vehicle to run on a highway, payment is needed according to the national charge data protection standard. For example, when the user terminal receives the charging data sent by the server, the user can pay according to the charging data.
In the prior art, because vehicle data acquired by a data acquisition system can be unreal, charging data received by a user terminal is inaccurate.
Accordingly, the prior art is in need of improvement and development.
Disclosure of Invention
The embodiment of the application provides a charging data protection method, a charging data protection device, a special case processing terminal and a storage medium, and aims to solve the problem of how to improve the calculation accuracy of vehicle charging data.
In a first aspect, an embodiment of the present application provides a charging data protection method, where the method includes:
acquiring vehicle sensitive data of a vehicle-mounted unit;
performing identity verification on the security module based on the first secret key;
after the identity verification is passed, calculating the vehicle sensitive data through a second secret key in the security module to obtain a first security authentication code;
and sending the vehicle sensitive data, the module identification code and the first security identification code to a server so as to confirm the authenticity of the vehicle charging data based on the vehicle sensitive data when a second security identification code calculated by the server based on the vehicle sensitive data and the module identification code is consistent with the first security identification code.
According to some embodiments, the authenticating the security module based on the first key comprises:
receiving authentication information of the security module, encrypting the authentication information by using the first secret key, and sending the encrypted authentication information to the security module;
and when receiving authentication passing information sent by the security module, confirming that the authentication passes, wherein the authentication passing information is generated when the security module decrypts the encrypted authentication information by using the first secret key and the decrypted authentication information is consistent with the authentication information.
According to some embodiments, before acquiring the vehicle sensitive data of the on-board unit, the method further comprises:
sending a key acquisition request to a server, wherein the key acquisition request comprises a module identification code of the security module, and the module identification code is used for indicating the server to encrypt the first key based on the module identification code and a third key of the security module;
and receiving the first secret key and storing the first secret key in the singlechip.
According to some embodiments, after the identity verification is passed, calculating the vehicle sensitive data by using a second secret key in the security module to obtain a first security authentication code comprises:
calculating the first secure authenticator using an SM4 encryption algorithm based on the second key and the vehicle sensitive data.
According to some embodiments, before calculating the first secure authenticator using the SM4 encryption algorithm based on the second key and the vehicle sensitive data, further comprising:
acquiring the format of the vehicle sensitive data;
and when the format is inconsistent with the preset format, converting the format into the preset format.
In a second aspect, an embodiment of the present application provides a charging data protection apparatus, including:
the sensitive data acquisition unit is used for acquiring vehicle sensitive data of the vehicle-mounted unit;
the identity authentication unit is used for authenticating the security module based on the first secret key;
the authentication code calculation unit is used for calculating the vehicle sensitive data through a second secret key in the security module to obtain a first security authentication code after the identity authentication is passed;
and the identification code sending unit is used for sending the vehicle sensitive data, the module identification code and the first safety identification code to a server so as to confirm the authenticity of the charging data of the vehicle based on the vehicle sensitive data when a second safety identification code calculated by the server based on the vehicle sensitive data and the module identification code is consistent with the first safety identification code.
In a third aspect, an embodiment of the present application provides a charging data protection method, where the method includes:
the method comprises the steps of obtaining vehicle sensitive data, a module identification code and a first safety identification code corresponding to the vehicle sensitive data of a vehicle-mounted unit;
calculating a second security authentication code corresponding to the vehicle sensitive data based on the vehicle sensitive data and the module identification code;
confirming authenticity of the charging data of the vehicle based on the vehicle sensitive data when the second security authentication code and the first security authentication code are identical.
According to some embodiments, before the obtaining the vehicle-mounted unit's vehicle-sensitive data, module identification code, and first security authentication code corresponding to the vehicle-sensitive data, the method further comprises:
receiving a third key and the module identification code;
calculating a first key by adopting an SM4 encryption algorithm based on the third key and the module identification code;
and when a key acquisition request sent by the special case processing terminal is received, sending the first key to the special case processing terminal.
According to some embodiments, the method further comprises:
and when the second security authentication code is inconsistent with the first security authentication code, stopping calculating the charging data of the vehicle and sending prompt information, wherein the prompt information comprises information that the second security authentication code is inconsistent with the first security authentication code.
In a fourth aspect, an embodiment of the present application provides a special case processing terminal, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements any one of the methods described above when executing the computer program.
In a fifth aspect, the present application provides a computer-readable storage medium, on which a computer program is stored, and the computer program is used for implementing any one of the methods described above when executed by a processor.
In a sixth aspect, embodiments of the present application provide a computer program product, where the computer program product includes a non-transitory computer-readable storage medium storing a computer program, where the computer program is operable to cause a computer to perform some or all of the steps as described in the first aspect of embodiments of the present application. The computer program product may be a software installation package.
The embodiment of the application provides a highway charging method, vehicle sensitive data of a vehicle-mounted unit are obtained, identity verification is conducted on a safety module based on a first secret key, after the identity verification is passed, a first safety identification code is obtained through calculation of a second secret key and the vehicle sensitive data in the safety module, the vehicle sensitive data, a module identification code and the first safety identification code are sent to a server, and therefore when the server is consistent with the first safety identification code through calculation of the vehicle sensitive data and the module identification code, authenticity of the vehicle charging data is confirmed based on the vehicle sensitive data. Therefore, the technical scheme of the application can determine whether the vehicle sensitive data are tampered, namely the authenticity of the vehicle sensitive data can be improved, the calculation module can be indicated to calculate the charging data of the vehicle under the condition that the vehicle sensitive data are not tampered, and further the calculation accuracy of the vehicle charging data can be improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flow chart illustrating a charging data protection method according to an embodiment of the present application;
fig. 2 is a schematic view illustrating an application scenario of a charging data protection method or a charging data protection apparatus applied to an embodiment of the present application;
FIG. 3 is a schematic diagram illustrating an example of a special case processing terminal interface according to an embodiment of the present application;
fig. 4 is a flowchart illustrating a charging data protection method according to an embodiment of the present application;
fig. 5 is a flowchart illustrating a charging data protection method according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a charging data protection apparatus according to an embodiment of the present application;
fig. 7 is a flowchart illustrating a charging data protection method according to an embodiment of the present application;
fig. 8 is a flowchart illustrating a charging data protection method according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of a charging data protection apparatus according to an embodiment of the present application;
fig. 10 is a schematic structural diagram of a special case processing terminal according to an embodiment of the present application.
Detailed Description
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The terms "first," "second," and the like in the description and claims of the present application and in the above-described drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
With the continuous development of science and technology, roads play a very important role in the transportation industry. The rapid development of the road can facilitate communication between users, such as returning home in spring festival, and the users can drive vehicles to return to the place B through the road between the place A and the place B, so that the users can pass the festival together with family members in the place B. In addition, rapid development of roads can promote economic development, for example, a user can transport vegetables from place A to place B for sale, and the economic income of the user can be improved.
It is easy to understand that in order to adapt to the development of economic technology, when a user drives a vehicle to run on a highway or operates against regulations, payment is required according to the national charge data protection standard. For example, when the user terminal receives the charging data sent by the server, the user can pay according to the charging data.
However, the road toll system cannot normally and accurately count the toll data of the vehicle due to some inevitable problems such as irregular operation of a driver, equipment failure and the like, and the loss of road toll and illegal toll is caused. Therefore, the vehicle data acquired by the road toll collection system and the vehicle data are falsified in the vehicle data transmission process, so that the vehicle data are not true, and the toll collection data received by the user terminal is not accurate.
The charging data protection method provided by the embodiment of the present application will be described in detail below with reference to fig. 1 to 5. The execution main body of the embodiments shown in fig. 1 to fig. 5 may be, for example, an idiom processing terminal, and the specific execution main body may be a processor of the idiom processing terminal.
Referring to fig. 1, a schematic flow chart of a charging data protection method is provided in the embodiment of the present application. As shown in fig. 1, the method of the embodiment of the present application may include the following steps S101 to S104.
And S101, acquiring vehicle sensitive data of the vehicle-mounted unit.
According to some embodiments, the technical scheme of the application can be used for an electronic toll collection system of an expressway, an artificial toll collection system of the expressway, and a violation toll collection system or a driving toll collection system of various highways. Therefore, the On-board Unit (OBU) according to the embodiment of the present application may be, for example, an On-board Unit (OBU) corresponding to an electronic toll collection system, and the On-board Unit may be, for example, an On-board electronic tag mounted On a windshield of a vehicle. Types of OBUs include, but are not limited to, monolithic and bi-planar.
It is easy to understand that the vehicle-mounted unit of the embodiment of the present application may also be a highway composite pass card, also called CPC card, and the vehicle mounted with the CPC card may be a vehicle without an electronic toll collection system. The vehicle-mounted unit of the embodiment of the application can also be a user card.
The OBU is taken as an example to introduce the on-board unit of the embodiment of the application. The special case processing terminal can read business such as transaction information in the OBU, and accurate charging is realized through interaction with the user, so that communication fee and loss of illegal charging are reduced.
According to some embodiments, fig. 2 shows an application scenario diagram of a charging data protection method or a charging data protection device applied to an embodiment of the present application. Fig. 2 only shows a scenario in which the toll data protection method is applied to an expressway, and the toll data protection method according to the embodiment of the present application may also be applied to other scenarios in which vehicle toll data is calculated. As shown in fig. 2, the exit and entrance of the expressway are provided with special case processing terminals. The special case processing terminal arranged at the exit of the expressway can be arranged at the front end of the exit of the expressway. When the vehicle travels to the front end of the exit of the highway, the user can control the vehicle to stop at a preset position. The processor of the special case processing terminal can now obtain vehicle sensitive data of the on board unit, which may be OBU tag data, for example.
It will be readily appreciated that vehicle sensitive data includes, but is not limited to, the license plate identification of the vehicle, the identification of the on-board unit, the travel path of the vehicle, and the like.
S102, the identity of the security module is verified based on the first secret key.
According to some embodiments, the security module is set in the special case processing terminal when the user installs the special case processing terminal, and the second secret key is set in the security module. The first secret key is a secret key stored in a single chip microcomputer of the special case processing terminal. When a user installs the security module, the special case processing terminal can store the first secret key in the single chip microcomputer. When the processor of the special case processing terminal acquires the vehicle sensitive data of the vehicle-mounted unit, the processor of the special case processing terminal can acquire the first secret key and perform identity verification by using the first secret key.
It is easy to understand that, when the special case processing terminal performs identity verification on the security module based on the first key, the processor of the special case processing terminal may receive the authentication information sent by the security module, encrypt the authentication information using the first key, and send the encrypted authentication information to the security module. When the security module receives the encrypted authentication information, it may detect whether the received encrypted authentication information can be authenticated based on the second key and the authentication information. When the security module detects that the encrypted authentication information passes the authentication, the security module can send authentication passing information to a processor of the special case processing terminal.
And S103, after the identity authentication is passed, calculating through a second secret key in the security module and the vehicle sensitive data to obtain a first security authentication code.
According to some embodiments, the first security authentication code is a first security authentication code calculated by the special case processing terminal through a second secret key in the security module and vehicle sensitive data, and does not refer to a fixed security authentication code. For example, the first security authentication code calculated by the a special case processing terminal through the second key in the a1 security module and the vehicle sensitive data acquired by the a special case processing terminal may be 89564578. The first security authentication code calculated by the B-special case processing terminal through the second key in the B1 security module and the vehicle sensitive data acquired by the B-special case processing terminal may be 85623578.
It is easily understood that, when the security module detects that the authentication is passed, the security module may transmit authentication pass information to the processor of the special case processing terminal. And when the processor of the special processing terminal receives the authentication passing information sent by the security module, the processor can confirm that the identity authentication passes. After the identity verification is passed, the processor of the special processing terminal can calculate through a second secret key and vehicle sensitive data in the security module to obtain a first security authentication code.
Optionally, after the identity verification passes, the processor of the special case processing terminal may calculate the vehicle sensitive data by using an encryption algorithm through a second key in the security module to obtain the first security authentication code. The encryption algorithm includes, but is not limited to, a national secret SM1 algorithm, a national secret SM2 algorithm, a national secret SM3 algorithm, a national secret SM4 algorithm, and the like. The vehicle sensitive data and the first safety identification codes are in one-to-one correspondence, namely after one bit of data in the vehicle sensitive data is tampered, the obtained first safety identification codes are different. The first security authentication code calculated by the processor of the special case processing terminal on the vehicle sensitive data through the second key in the security module may be 25985654, for example.
And S104, sending the vehicle sensitive data, the module identification code and the first safety identification code to the server, so that when the second safety identification code calculated by the server based on the vehicle sensitive data and the module identification code is consistent with the first safety identification code, the authenticity of the vehicle charging data is confirmed based on the vehicle sensitive data.
According to some embodiments, the second security authentication code is a second security authentication code calculated by the server based on the vehicle sensitive data and the module identification code, and does not refer to a fixed security authentication code. For example, the C server calculates the second security authentication code 89564578 based on the C1 vehicle sensitive data and the C2 module identification code. The D server calculates a second security authentication code 85623578 based on the D1 vehicle sensitive data and the D2 module identification code.
It is easy to understand that after the processor of the special case processing terminal obtains the first security identification code through the second secret key and the vehicle sensitive data in the security module, the processor of the special case processing terminal can send the vehicle sensitive data, the module identification code and the first security identification code to the server, so that when the second security identification code and the first security identification code obtained through the calculation of the server based on the vehicle sensitive data and the module identification code are consistent, the authenticity of the vehicle charging data is confirmed based on the vehicle sensitive data.
Optionally, when the server receives the vehicle sensitive data, the module identification code and the first security identification code sent by the processor of the special case processing terminal, the server may calculate the second security identification code based on the vehicle sensitive data and the module identification code. When the server calculates the second security authentication code, it may be detected whether the first security authentication code and the second security authentication code are consistent. When the server detects that the first security authentication code is matched with the second security authentication code, the server can confirm that the authenticity of the vehicle sensitive data is real, namely the server can confirm that the vehicle sensitive data is not tampered, and the server can confirm that the server instructs the calculation module to calculate the charging data based on the vehicle sensitive data to be real. When the server confirms that the charging data calculated by the calculation module based on the vehicle sensitive data is authentic, the server may transmit the charging data to a terminal corresponding to the vehicle. When the server detects that the first and second security identification codes do not match, the server may stop calculating the charging data for the vehicle based on the vehicle sensitive data.
For example, the calculation module calculates the charging data based on the vehicle sensitive data to charge 500 dollars from Q land to W land. When the server confirms that the vehicle sensitive data is real, the server may send the charging data to a terminal corresponding to the vehicle, and the terminal may display the charging data in a preset display manner, at this time, an example schematic diagram of a terminal interface may be as shown in fig. 3. When the terminal receives the charging data, the terminal may also display the charging data based on a display instruction input by the user.
The embodiment of the application provides a charging data protection method, which includes the steps of obtaining vehicle sensitive data of a vehicle-mounted unit, carrying out identity verification on a security module based on a first secret key, calculating a first security identification code through a second secret key and the vehicle sensitive data in the security module after the identity verification is passed, and sending the vehicle sensitive data, a module identification code and the first security identification code to a server, so that when the server is consistent with the first security identification code through a second security identification code calculated based on the vehicle sensitive data and the module identification code, authenticity of the charging data of a vehicle is confirmed based on the vehicle sensitive data. Therefore, the technical scheme of the application can determine whether the vehicle sensitive data is tampered based on the first security identification code and the second security identification code, namely, the authenticity of the vehicle sensitive data can be determined, the calculation module can be instructed to calculate the charging data of the vehicle under the condition that the vehicle sensitive data is not tampered, the real charging data is obtained, and further the calculation accuracy of the vehicle charging data can be improved. In addition, the technical scheme of the application can reduce the situation that the calculation module is instructed to calculate the charging data of the vehicle under the condition that the sensitive data of the vehicle are tampered, can reduce the steps of calculating the charging data of the vehicle, and improves the efficiency of calculating the charging data.
Referring to fig. 4, a flow chart of a charging data protection method is provided in the embodiment of the present application. As shown in fig. 4, the method of the embodiment of the present application may include the following steps S201 to S207. The execution main body of the embodiment of the application is a special case processing terminal, and the specific execution main body can be a processor of the special case processing terminal.
S201, a key obtaining request is sent to the server, the key obtaining request comprises a module identification code of the security module, and the module identification code is used for indicating the server to encrypt the first key based on the module identification code and a third key of the security module.
According to some embodiments, the module identification code refers to an identification code that can uniquely identify the security module, including but not limited to a number, a two-dimensional code, etc. of the security module. For example, the module identification code of the T-security module may be 51245785. The third key refers to a mother key of the security module, and the mother keys of the same type of security module may be the same key. For example, the third key of the T-security module and the third key of the Y-security module may each be 12456325.
According to some embodiments, when the special case processing terminal installs the security module, the special case processing terminal may transmit a key acquisition request to the server. The key acquisition request includes a module identification code of the security module. The module identification code is used for instructing the server to calculate the first key based on the module identification code and the third key of the security module. Therefore, when the server acquires the module identification code and the third key of the security module, the server can calculate the first key by using the SM4 algorithm, and send the calculated first key to the special case processing terminal.
S202, receiving the first secret key and storing the first secret key in the single chip microcomputer.
According to some embodiments, after the special case processing terminal sends the key acquisition request to the server, the special case processing terminal may receive the first key sent by the server. The first key may be calculated by the server based on the module identification code in the key obtaining request and the third key of the security module.
It is easily understood that the module identification code of the T-security module transmitted by the special case processing terminal received by the server may be 51245785. The third key of the T-security module acquired by the server may be 12456325, and the first key calculated by the server using an encryption algorithm may be 58974562, for example. The server may send the first key 58974562 to the special case processing terminal. When the special case processing terminal receives the first key, the special case processing terminal can store the first key 58974562 in the single chip microcomputer.
S203, vehicle sensitive data of the vehicle-mounted unit are acquired.
The specific process is as described above, and is not described herein again.
S204, receiving the authentication information of the security module, encrypting the authentication information by using the first secret key, and sending the encrypted authentication information to the security module.
According to some embodiments, when the special case processing terminal acquires the vehicle sensitive data of the vehicle-mounted unit, the special case processing terminal can read the first secret key from the single chip microcomputer of the special case processing terminal. The first key read by the special case processing terminal may be, for example, 58974562. After the special case processing terminal acquires the first key, the special case processing terminal can receive the authentication information of the security module. The authentication information may be, for example, a random number generated by the security module using a random number generator. The receiving of the authentication information of the security module by the special case terminal may also be performed before the first key is acquired. When the special case processing terminal receives the authentication information sent by the security module, the special case processing terminal can encrypt the authentication information by using the first secret key to generate encrypted authentication information. When the special case processing terminal generates the encrypted authentication information, the special case processing terminal may transmit the encrypted authentication information to the security module.
And S205, when the authentication passing information sent by the security module is received, confirming that the identity verification passes, wherein the authentication passing information is generated when the security module decrypts the encrypted authentication information by using the first secret key and the decrypted authentication information is consistent with the authentication information.
According to some embodiments, when the special processing terminal generates the encrypted authentication information and sends the encrypted authentication information to the security module, the security module may decrypt the encrypted authentication information using the first key to obtain the decrypted authentication information. At this time, the security module may detect whether the decrypted authentication information is consistent with the authentication information sent by the security module to the processor of the special case processing terminal. When the security module confirms that the decrypted authentication information is consistent with the authentication information, the security module can generate authentication passing information and send the authentication passing information to a processor of the special case processing terminal. And when the processor of the special processing terminal receives the authentication passing information sent by the security module, the processor confirms that the identity authentication passes.
It will be readily appreciated that the authentication information transmitted by the security module received by the processor of the smart processing terminal may be the initial random number 58. When the processor of the special handling terminal receives the random number, the processor of the special handling terminal may encrypt the initial random number using first key 58974562 to generate an encrypted random number, which may be, for example, 88. The processor of the special processing terminal may send the encrypted random number 88 to the security module. When the security module receives the encrypted random number 88, the security module may decrypt the encrypted random number 88 using the first key to obtain a decrypted random number. The decrypted random number may be, for example, 58. The security module can confirm that the decrypted random number is consistent with the initial random number, generate authentication passing information and send the authentication passing information to a processor of the special case processing terminal. And when the processor of the special processing terminal receives the authentication passing information sent by the security module, the processor confirms that the identity authentication passes.
And S206, after the identity authentication is passed, calculating a first security authentication code by the security module based on the second secret key and the vehicle sensitive data by adopting an SM4 encryption algorithm.
According to some embodiments, after the processor of the special case processing terminal determines that the identity verification is passed, the processor of the special case processing terminal may calculate the first security authentication code by the security module based on the second key and the vehicle sensitive data using an SM4 encryption algorithm. The SM4 encryption algorithm is a national secret SM4 algorithm, and the national secret SM4 algorithm is a packet data algorithm of a wireless local area network standard, and the algorithm adopts symmetric encryption, wherein the key length and the packet length of the algorithm are 128 bits.
According to some embodiments, please refer to fig. 5, which provides a flowchart of a charging data protection method according to an embodiment of the present application. As shown in fig. 5, the method of the embodiment of the present application may include the following steps S301 to S302 before calculating the first security authentication code using the SM4 encryption algorithm based on the second key and the vehicle sensitive data. S301, acquiring a format of vehicle sensitive data; and S302, when the format is inconsistent with the preset format, converting the format into the preset format.
It is readily understood that the key length and packet length of the SM4 encryption algorithm are both fixed lengths, which may be, for example, 128 bits. The length of the vehicle sensitive data acquired by the special case processing terminal can be any length, so that the special case processing terminal can acquire the format of the vehicle sensitive data when the special case processing terminal acquires the vehicle sensitive data. When the special case processing terminal obtains the format of the sensitive data, whether the format is consistent with a preset format can be detected. When the special case processing terminal detects that the format is inconsistent with the preset format, the special case processing terminal can convert the format and convert the format into the preset format.
Optionally, the preset format set by the special case processing terminal may be 128 bits, for example. When the format of the vehicle sensitive data acquired by the special case processing terminal is 256 bits, the special case processing terminal can convert the vehicle sensitive data and convert the 256-bit vehicle sensitive data into 128-bit vehicle sensitive data. The special case processing terminal performs format conversion on the vehicle sensitive data, so that the steps of calculating the safety authentication code by the special case processing terminal can be reduced, and the condition that the safety authentication code cannot be calculated when the vehicle sensitive data format is not the preset format is reduced.
And S207, sending the vehicle sensitive data, the module identification code and the first safety identification code to a server, so that when a second safety identification code calculated by the server based on the vehicle sensitive data and the module identification code is consistent with the first safety identification code, the authenticity of the vehicle charging data is confirmed based on the vehicle sensitive data.
The specific process is as described above, and is not described herein again.
The embodiment of the application provides a charging data protection method, a received first secret key can be stored in a single chip microcomputer by sending a secret key acquisition request to a server, when vehicle sensitive data of a vehicle-mounted unit are acquired, the first secret key can be sent to a security module, when authentication passing information sent by the security module is received, the authentication passing is confirmed, after the authentication passing, the security module is used for calculating a first security authentication code based on a second secret key and the vehicle sensitive data by adopting an SM4 encryption algorithm, and the vehicle sensitive data, a module identification code and the first security authentication code are sent to the server, so that when the second security authentication code calculated by the server based on the vehicle sensitive data and the module identification code is consistent with the first security authentication code, the authenticity of the vehicle charging data is confirmed based on the vehicle sensitive data. Therefore, according to the technical scheme, whether the vehicle sensitive data are tampered can be determined, namely the authenticity of the vehicle sensitive data can be determined, the calculation module can be instructed to calculate the charging data of the vehicle under the condition that the vehicle sensitive data are not tampered, and the calculation accuracy of the charging data of the vehicle can be improved. Secondly, the technical scheme of the application can reduce the situation that the calculation module is instructed to calculate the charging data of the vehicle under the condition that the sensitive data of the vehicle is tampered, can reduce the steps of calculating the charging data of the vehicle, and improves the efficiency of calculating the charging data of the vehicle. In addition, the special case processing terminal can reduce the steps of the special case processing terminal for calculating the safety authentication code by converting the format of the vehicle sensitive data, and reduce the condition that the safety authentication code cannot be calculated when the format of the vehicle sensitive data is not the preset format.
The above description mainly introduces the scheme of the embodiment of the present application from the perspective of executing processes on the method side. It is understood that the terminal and the server include hardware structures and/or software modules for performing the respective functions in order to implement the above functions. Those of skill in the art would readily appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is performed as hardware or computer software drives hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiment of the present application, the server may be divided into the functional units according to the above method example, for example, each functional unit may be divided corresponding to each function, or two or more functions may be integrated into one processing unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit. It should be noted that the division of the unit in the embodiment of the present application is schematic, and is only a logic function division, and there may be another division manner in actual implementation.
The charging data protection device provided by the embodiment of the present application will be described in detail below with reference to fig. 6. It should be noted that the charging data protection device shown in fig. 6 is used for executing the method of the embodiment shown in fig. 1 to 5 of the present application, and for convenience of description, only the portion related to the embodiment of the present application is shown, and details of the specific technology are not disclosed, please refer to the embodiment shown in fig. 1 to 5 of the present application.
Please refer to fig. 6, which shows a schematic structural diagram of a charging data protection device according to an embodiment of the present application. The charging data protection apparatus 600 may be implemented by software, hardware, or a combination of both as all or a part of the subscriber-specific terminal. According to some embodiments, the charging data protection apparatus 600 includes a sensitive data obtaining unit 601, an identity verification unit 602, an authentication code calculating unit 603, and an authentication code sending unit 604, and is specifically configured to:
the sensitive data acquisition unit 601 is used for acquiring vehicle sensitive data of the vehicle-mounted unit;
an authentication unit 602, configured to authenticate the security module based on the first key;
the authentication code calculation unit 603 is configured to calculate the vehicle sensitive data through a second key in the security module after the identity verification is passed, so as to obtain a first security authentication code;
the identification code sending unit 604 is configured to send the vehicle sensitive data, the module identification code, and the first security identification code to the server, so that when the second security identification code calculated by the server based on the vehicle sensitive data and the module identification code is consistent with the first security identification code, the authenticity of the vehicle charging data is confirmed based on the vehicle sensitive data.
According to some embodiments, the authentication unit 602, configured to, when authenticating the security module based on the first key, specifically:
receiving authentication information of the security module, encrypting the authentication information by using a first secret key, and sending the encrypted authentication information to the security module;
and when receiving authentication passing information sent by the security module, confirming that the identity verification passes, wherein the authentication passing information is generated when the encrypted authentication information is decrypted by the security module by using the first secret key and is consistent with the authentication information.
According to some embodiments, the charging data protection apparatus 600 further includes a key obtaining unit 605, configured to send a key obtaining request to the server before obtaining the vehicle sensitive data of the vehicle-mounted unit, where the key obtaining request includes a module identification code of the security module, and the module identification code is used to instruct the server to encrypt the first key based on the module identification code and a third key of the security module;
and receiving the first key and storing the first key in the singlechip.
According to some embodiments, the authentication code calculation unit 603 is configured to, after the identity verification is passed, when the first secure authentication code is obtained by calculating the vehicle sensitive data by using the second key in the security module, specifically:
based on the second key and the vehicle sensitive data, a first secure authentication code is calculated using an SM4 encryption algorithm.
According to some embodiments, the charging data protection device 600 further comprises a format conversion unit 606 for obtaining a format of the vehicle sensitive data before calculating the first security authentication code using the SM4 encryption algorithm based on the second key and the vehicle sensitive data;
and when the format is inconsistent with the preset format, converting the format into the preset format.
The embodiment of the application provides a toll collection device for a highway, a sensitive data acquisition unit acquires vehicle sensitive data of a vehicle-mounted unit, an identity verification unit verifies an identity of a security module based on a first secret key, an authentication code calculation unit calculates the vehicle sensitive data through a second secret key in the security module after the identity verification is passed to obtain a first security authentication code, and an authentication code sending unit can send the vehicle sensitive data, a module identification code and the first security authentication code to a server, so that the server confirms authenticity of the toll collection data of a vehicle based on the vehicle sensitive data when the second security authentication code calculated based on the vehicle sensitive data and the module identification code is consistent with the first security authentication code. . Therefore, according to the technical scheme, whether the vehicle sensitive data are tampered can be determined, namely the authenticity of the vehicle sensitive data can be determined, the calculation module can be instructed to calculate the charging data of the vehicle under the condition that the vehicle sensitive data are not tampered, and the calculation accuracy of the vehicle charging data can be improved. In addition, the technical scheme of the application can reduce the situation that the calculation module is instructed to calculate the charging data of the vehicle under the condition that the sensitive data of the vehicle are tampered, can reduce the steps of calculating the charging data of the vehicle, and improves the efficiency of calculating the charging data of the vehicle.
The charging data protection method provided by the embodiment of the present application will be described in detail below with reference to fig. 7 to 9. The execution entity of the embodiment shown in fig. 7-9 may be, for example, a server.
Referring to fig. 7, a flow chart of a charging data protection method is provided in the embodiment of the present application. As shown in fig. 7, the method of the embodiment of the present application may include the following steps S401 to S404.
S401, vehicle sensitive data, a module identification code and a first safety identification code corresponding to the vehicle sensitive data of the vehicle-mounted unit are obtained.
According to some embodiments, after the processor of the special case processing terminal calculates the obtained first security authentication code based on the obtained vehicle sensitive data of the on-board unit and the second key, the processor of the special case processing terminal may send the vehicle sensitive data, the module identification code and the first security authentication code to the server. When the server detects the vehicle sensitive data, the module identification code and the first safety identification code sent by the processor of the special case processing terminal, the server can acquire the vehicle sensitive data, the module identification code and the first safety identification code of the vehicle-mounted unit.
According to some embodiments, please refer to fig. 8, which provides a flowchart of an image display method according to an embodiment of the present application. As shown in fig. 8, the method of the embodiment of the present application may further include the following steps S501 to S503 before acquiring the vehicle-mounted unit' S vehicle-sensitive data, the module identification code, and the first security authentication code corresponding to the vehicle-sensitive data. S501, receiving a third key and a module identification code; s502, calculating a first key by adopting an SM4 encryption algorithm based on the third key and the module identification code; and S503, when receiving the key acquisition request sent by the special case processing terminal, sending the first key to the special case processing terminal.
It will be readily appreciated that the server may also receive the third key and the module identification code before the server receives the vehicle sensitive data, the module identification code, and the first security identification code corresponding to the vehicle sensitive data of the on-board unit. The special case processing terminal can send a key acquisition request to the server. The key acquisition request includes a module identification code. Wherein, the third key may be a mother key of the security module in the special case processing terminal. When the server obtains the third key and the module identification code, the server may calculate the first key by using the SM4 encryption algorithm. The server may send the first key to the processor of the special case processing terminal upon receiving the key acquisition request sent by the special case processing terminal. When the processor of the special case processing terminal receives the first key, the processor of the special case processing terminal can store the first key in the single chip microcomputer.
S402, calculating a second safety authentication code corresponding to the vehicle sensitive data based on the vehicle sensitive data and the module identification code.
According to some embodiments, when the server receives the vehicle-sensitive data, the module identification code, and the first security authentication code corresponding to the vehicle-sensitive data of the on-board unit, the server may calculate a second security authentication code corresponding to the vehicle-sensitive data based on the vehicle-sensitive data and the module identification code.
It is easy to understand that when the server receives the vehicle sensitive data, it can detect whether the format of the vehicle sensitive data is the preset format. When the server detects that the format of the vehicle sensitive data is not the preset format, the server can convert the format of the vehicle sensitive data and convert the format of the vehicle sensitive data into the preset format.
Optionally, when the server obtains the vehicle sensitive data and the module identification code, the server may first calculate the first key by using the module identification code and the third key. When the server calculates the first secret key, the server can calculate a second security authentication code corresponding to the vehicle sensitive data based on the first secret key, the vehicle sensitive data and the module identification code.
And S403, calculating the charging data of the vehicle based on the sensitive data of the vehicle when the second security authentication code is consistent with the first security authentication code.
According to some embodiments, when the server calculates the second security authentication code, the server may detect whether the second security authentication code and the first security authentication code are identical. When the server detects that the first security authentication code and the second security authentication code are identical, the server may confirm the authenticity of the charging data of the vehicle based on the vehicle sensitive data.
It is easy to understand that, when the first security authentication code acquired by the server may be UIYTGHUI, for example, and the second security authentication code calculated by the server may be UIYTGHUI, for example, the server detects that the first security authentication code and the second security authentication code are consistent. The server may confirm that the vehicle sensitive data is authentic and the server may instruct the calculation module to calculate the vehicle charging data based on the vehicle sensitive data. For example, the server instructs the calculation module to calculate the charging data for K vehicles to be 520 dollars.
According to some embodiments, when the server detects that the second security authentication code and the first security authentication code are not consistent, the calculation of the charging data of the vehicle is stopped, and a prompt message is issued. The prompt message includes information that the second security authentication code is inconsistent with the first security authentication code. When the second security identification code is inconsistent with the first security identification code, the server determines that the vehicle sensitive data is tampered, the server can stop calculating the charging data of the vehicle at the moment, the accuracy of calculating the vehicle charging data by the server can be improved, and in addition, when the second security identification code is inconsistent with the first security identification code, the server can send prompt information so that a user can check the vehicle sensitive data conveniently, and the calculation time of the charging data of the expressway is shortened.
According to some embodiments, when the server instructs the calculation module to calculate the charging data of the vehicle, the server may transmit the charging data to a corresponding terminal of the vehicle. The terminal may display the charging data in the form of a short message. The terminal may also view the charging data in the corresponding application. For example, when the server calculates that the charging data of the K vehicles may be 520 yuan, the service may transmit the charging data to K terminals corresponding to the K vehicles. When the k terminal receives the charging data, the k terminal can display the charging data in a form of a short message.
The embodiment of the application provides a charging data protection method, which includes the steps of obtaining vehicle sensitive data, a module identification code and a first safety identification code corresponding to the vehicle sensitive data of a vehicle-mounted unit, calculating a second safety identification code corresponding to the vehicle sensitive data based on the vehicle sensitive data and the module identification code, and confirming authenticity of the charging data of a vehicle based on the vehicle sensitive data when the second safety identification code is consistent with the first safety identification code. Therefore, when the second security identification code is consistent with the first security identification code, the server can determine that the vehicle sensitive data is not tampered, namely, the authenticity of the vehicle sensitive data can be determined, and can determine that the calculation module is instructed to calculate the charging data of the vehicle under the condition that the vehicle sensitive data is not tampered, so that the calculation accuracy of the vehicle charging data can be improved. In addition, the server can send prompt information when the second security authentication code is inconsistent with the first security authentication code, so that the convenience of checking vehicle sensitive data by a user can be improved, and the calculation time of the charging data of the highway is shortened.
The charging data protection device provided in the embodiment of the present application will be described in detail below with reference to fig. 9. It should be noted that the charging data protection apparatus shown in fig. 9 is used for executing the method of the embodiment shown in fig. 7-8 of the present application, and for convenience of description, only the portion related to the embodiment of the present application is shown, and details of the specific technology are not disclosed, please refer to the embodiment shown in fig. 7-8 of the present application.
Please refer to fig. 9, which shows a schematic structural diagram of a charging data protection device according to an embodiment of the present application. The charging data protection apparatus 900 may be implemented by software, hardware, or a combination of both as all or a part of the subscriber-specific terminal. According to some embodiments, the charging data protection apparatus 900 includes a data obtaining unit 901, a security authentication code calculating unit 902, and a data calculating unit 903, and is specifically configured to:
the data acquisition unit 901 is used for acquiring vehicle sensitive data, a module identification code and a first safety authentication code corresponding to the vehicle sensitive data of the vehicle-mounted unit;
a security authentication code calculation unit 902, configured to calculate a second security authentication code corresponding to the vehicle sensitive data based on the vehicle sensitive data and the module identification code;
the data calculation unit 903 confirms the authenticity of the charge data of the vehicle based on the vehicle sensitive data when the second security identification code and the first security identification code are identical.
According to some embodiments, the charging data protection device 900 further comprises a key sending unit 904, configured to, before obtaining the vehicle-sensitive data of the on-board unit, the module identification code, and the first security authentication code corresponding to the vehicle-sensitive data, specifically:
receiving a third key and a module identification code;
calculating a first key by adopting an SM4 encryption algorithm based on the third key and the module identification code;
and when a key acquisition request sent by the special case processing terminal is received, sending the first key to the special case processing terminal.
According to some embodiments, the charging data protection apparatus 900 further includes an information prompt unit 905 for stopping calculating the charging data of the vehicle when the second security authentication code is not identical to the first security authentication code, and issuing a prompt including information that the second security authentication code is not identical to the first security authentication code.
The embodiment of the application provides a charging data protection device, vehicle sensitive data, a second secret key, a module identification code and a first safety identification code corresponding to the vehicle sensitive data of a vehicle-mounted unit are obtained through a data obtaining unit, a safety identification code calculating unit calculates a second safety identification code corresponding to the vehicle sensitive data based on the vehicle sensitive data, the second secret key and the module identification code, and when the second safety identification code is consistent with the first safety identification code, the data calculating unit calculates charging data of a vehicle based on the vehicle sensitive data; the data transmitting unit transmits the charging data to a terminal corresponding to the vehicle. Therefore, the charging data protection device can determine that the vehicle sensitive data is not tampered when the second security identification code is consistent with the first security identification code, namely, can determine the authenticity of the vehicle sensitive data, can determine that the calculation module is instructed to calculate the charging data of the vehicle under the condition that the vehicle sensitive data is not tampered, and further can improve the calculation accuracy of the vehicle charging data. In addition, the charging data protection device can send out prompt information when the second safety identification code is inconsistent with the first safety identification code, so that the convenience of checking vehicle sensitive data by a user can be improved, and the calculation time of the charging data of the expressway can be shortened.
Please refer to fig. 10, which is a schematic structural diagram of a special case processing terminal according to an embodiment of the present application. As shown in fig. 10, the special case processing terminal 1000 may include: at least one processor 1001, at least one network interface 1004, a user interface 1003, memory 1005, at least one communication bus 1002.
Wherein a communication bus 1002 is used to enable connective communication between these components.
The user interface 1003 may include a Display screen (Display) and a GPS, and the optional user interface 1003 may also include a standard wired interface and a wireless interface.
The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface), among others.
Processor 1001 may include one or more processing cores, among other things. The processor 1001 connects various parts within the entire feature processing terminal 1000 using various interfaces and lines, and executes various functions of the feature processing terminal 1000 and processes data by executing or executing instructions, programs, code sets, or instruction sets stored in the memory 1005 and calling data stored in the memory 1005. Alternatively, the processor 1001 may be implemented in at least one hardware form of Digital Signal Processing (DSP), Field-Programmable Gate Array (FPGA), and Programmable Logic Array (PLA). The processor 1001 may integrate one or more of a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), a modem, and the like. Wherein, the CPU mainly processes an operating system, a user interface, an application program and the like; the GPU is used for rendering and drawing the content required to be displayed by the display screen; the modem is used to handle wireless communications. It is understood that the modem may not be integrated into the processor 1001, but may be implemented by a single chip.
The Memory 1005 may include a Random Access Memory (RAM) or a Read-Only Memory (Read-Only Memory). Optionally, the memory 1005 includes a non-transitory computer-readable medium. The memory 1005 may be used to store an instruction, a program, code, a set of codes, or a set of instructions. The memory 1005 may include a stored program area and a stored data area, wherein the stored program area may store instructions for implementing an operating system, instructions for at least one function (such as a touch function, a sound playing function, an image playing function, etc.), instructions for implementing the various method embodiments described above, and the like; the storage data area may store data and the like referred to in the above respective method embodiments. The memory 1005 may optionally be at least one memory device located remotely from the processor 1001. As shown in fig. 10, a memory 1005, which is a kind of computer storage medium, may include therein an operating system, a network communication module, a user interface module, and an application program for charging data protection.
In the special case processing terminal 1000 shown in fig. 10, the user interface 1003 is mainly used as an interface for providing input for a user, and acquiring data input by the user; and the processor 1001 may be configured to call an application stored in the memory 1005, and specifically perform the following operations:
acquiring vehicle sensitive data of a vehicle-mounted unit;
performing identity verification on the security module based on the first secret key;
after the identity authentication is passed, calculating the sensitive data of the vehicle through a second secret key in the security module to obtain a first security authentication code;
and sending the vehicle sensitive data, the module identification code and the first safety identification code to a server so as to confirm the authenticity of the vehicle charging data based on the vehicle sensitive data when a second safety identification code calculated by the server based on the vehicle sensitive data and the module identification code is consistent with the first safety identification code.
According to some embodiments, the processor 1001 is configured to, when authenticating the security module based on the first key, specifically perform the following steps:
receiving authentication information of the security module, encrypting the authentication information by using a first secret key, and sending the encrypted authentication information to the security module;
and when receiving authentication passing information sent by the security module, confirming that the identity verification passes, wherein the authentication passing information is generated when the encrypted authentication information is decrypted by the security module by using the first secret key and is consistent with the authentication information.
According to some embodiments, before the processor 1001 is configured to obtain the vehicle sensitive data of the on-board unit, it is further specifically configured to perform the following steps:
sending a key acquisition request to a server, wherein the key acquisition request comprises a module identification code of the security module, and the module identification code is used for indicating the server to encrypt a first key based on the module identification code and a third key of the security module;
and receiving the first key and storing the first key in the singlechip.
According to some embodiments, the processor 1001 is configured to, when the first security authentication code is obtained by calculating the vehicle sensitive data by using the second key in the security module after the identity authentication passes, specifically, perform the following steps:
based on the second key and the vehicle sensitive data, a first secure authentication code is calculated using an SM4 encryption algorithm.
According to some embodiments, the processor 1001 is configured to perform the following steps before calculating the first security authentication code using the SM4 encryption algorithm based on the second key and the vehicle sensitive data:
acquiring the format of the vehicle sensitive data;
and when the format is inconsistent with the preset format, converting the format into the preset format.
The embodiment of the application provides a special case processing terminal, vehicle sensitive data of a vehicle-mounted unit are obtained, identity verification is conducted on a safety module based on a first secret key, after the identity verification is passed, a first safety identification code is obtained through calculation of a second secret key and the vehicle sensitive data in the safety module, the vehicle sensitive data, a module identification code and the first safety identification code are sent to a server, and therefore when the server is consistent with the first safety identification code through calculation of the vehicle sensitive data and the module identification code, authenticity of charging data of a vehicle is confirmed based on the vehicle sensitive data. Therefore, the technical scheme of the application can determine whether the vehicle sensitive data is tampered based on the second security authentication code and the first security authentication code, namely, the authenticity of the vehicle sensitive data can be determined, the calculation module can be instructed to calculate the charging data of the vehicle under the condition that the vehicle sensitive data is not tampered, the real charging data is obtained, and further the calculation accuracy of the vehicle charging data can be improved.
According to some embodiments, the present application also provides a server, which may include: at least one processor, at least one network interface, a user interface, a memory, at least one communication bus. The processor may be configured to invoke an application stored in the memory and specifically perform the following operations:
the method comprises the steps of obtaining vehicle sensitive data, a module identification code and a first safety identification code corresponding to the vehicle sensitive data of a vehicle-mounted unit;
calculating a second security authentication code corresponding to the vehicle sensitive data based on the vehicle sensitive data and the module identification code;
and confirming the authenticity of the charging data of the vehicle based on the vehicle sensitive data when the second security authentication code is consistent with the first security authentication code.
According to some embodiments, the processor is configured to, before obtaining the vehicle-mounted unit's vehicle-sensitive data, the module identification code, and the first security authentication code corresponding to the vehicle-sensitive data, further specifically perform the following steps:
receiving a third key and a module identification code;
calculating a first key by adopting an SM4 encryption algorithm based on the third key and the module identification code;
and when a key acquisition request sent by the special case processing terminal is received, sending the first key to the special case processing terminal.
According to some embodiments, the processor is further specifically configured to perform the steps of:
and when the second safety identification code is inconsistent with the first safety identification code, stopping calculating the charging data of the vehicle and sending prompt information, wherein the prompt information comprises the information that the second safety identification code is inconsistent with the first safety identification code.
The present application also provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the above-described method. The computer-readable storage medium may include, but is not limited to, any type of disk including floppy disks, optical disks, DVD, CD-ROMs, microdrive, and magneto-optical disks, ROMs, RAMs, EPROMs, EEPROMs, DRAMs, VRAMs, flash memory devices, magnetic or optical cards, nanosystems (including molecular memory ICs), or any type of media or device suitable for storing instructions and/or data.
Embodiments of the present application also provide a computer program product comprising a non-transitory computer readable storage medium storing a computer program operable to cause a computer to perform some or all of the steps of any of the charging data protection methods as set forth in the above method embodiments.
It is clear to a person skilled in the art that the solution of the present application can be implemented by means of software and/or hardware. The "unit" and "module" in this specification refer to software and/or hardware that can perform a specific function independently or in cooperation with other components, where the hardware may be, for example, a Field-ProgrammaBLE Gate Array (FPGA), an Integrated Circuit (IC), or the like.
It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present application is not limited by the order of acts described, as some steps may occur in other orders or concurrently depending on the application. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required in this application.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus may be implemented in other manners. For example, the above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one type of division of logical functions, and there may be other divisions when actually implementing, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of some service interfaces, devices or units, and may be an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable memory. With this understanding, the technical solution of the present application may be embodied in the form of a software product, which is stored in a memory and includes several instructions for causing a computer device (which may be a personal computer, a server, a network device, or the like) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned memory comprises: various media capable of storing program codes, such as a usb disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by a program, which is stored in a computer-readable memory, and the memory may include: flash disks, Read-Only memories (ROMs), Random Access Memories (RAMs), magnetic or optical disks, and the like.
The above description is only an exemplary embodiment of the present disclosure, and the scope of the present disclosure should not be limited thereby. That is, all equivalent changes and modifications made in accordance with the teachings of the present disclosure are intended to be included within the scope of the present disclosure. Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.

Claims (11)

1. A charging data protection method, characterized in that the method comprises:
acquiring vehicle sensitive data of a vehicle-mounted unit;
performing identity verification on the security module based on the first secret key;
after the identity verification is passed, calculating the vehicle sensitive data through a second secret key in the security module to obtain a first security authentication code;
and sending the vehicle sensitive data, the module identification code and the first security identification code to a server so as to confirm the authenticity of the vehicle charging data based on the vehicle sensitive data when a second security identification code calculated by the server based on the vehicle sensitive data and the module identification code is consistent with the first security identification code.
2. The charging data protection method according to claim 1, wherein the authenticating the security module based on the first key comprises:
receiving authentication information of the security module, encrypting the authentication information by using the first secret key, and sending the encrypted authentication information to the security module;
and when receiving authentication passing information sent by the security module, confirming that the authentication passes, wherein the authentication passing information is generated when the security module decrypts the encrypted authentication information by using the first secret key and the decrypted authentication information is consistent with the authentication information.
3. The charging data protection method according to claim 1, wherein before acquiring the vehicle-sensitive data of the on-board unit, further comprising:
sending a key acquisition request to a server, wherein the key acquisition request comprises a module identification code of the security module, and the module identification code is used for indicating the server to encrypt the first key based on the module identification code and a third key of the security module;
and receiving the first secret key and storing the first secret key in the singlechip.
4. The charging data protection method according to claim 1, wherein the calculating the vehicle sensitive data through the second key in the security module after the identity verification is passed to obtain a first security authentication code comprises:
calculating the first secure authenticator using an SM4 encryption algorithm based on the second key and the vehicle sensitive data.
5. The charging data protection method according to claim 4, wherein before calculating the first security authentication code using an SM4 encryption algorithm based on the second key and the vehicle-sensitive data, further comprising:
acquiring the format of the vehicle sensitive data;
and when the format is inconsistent with the preset format, converting the format into the preset format.
6. A charging data protection apparatus, characterized in that the apparatus comprises:
the sensitive data acquisition unit is used for acquiring vehicle sensitive data of the vehicle-mounted unit;
the identity authentication unit is used for authenticating the security module based on the first secret key;
the authentication code calculation unit is used for calculating the vehicle sensitive data through a second secret key in the security module to obtain a first security authentication code after the identity authentication is passed;
and the identification code sending unit is used for sending the vehicle sensitive data, the module identification code and the first safety identification code to a server so as to confirm the authenticity of the charging data of the vehicle based on the vehicle sensitive data when a second safety identification code calculated by the server based on the vehicle sensitive data and the module identification code is consistent with the first safety identification code.
7. A charging data protection method, characterized in that the method comprises:
the method comprises the steps of obtaining vehicle sensitive data, a module identification code and a first safety identification code corresponding to the vehicle sensitive data of a vehicle-mounted unit;
calculating a second security authentication code corresponding to the vehicle sensitive data based on the vehicle sensitive data and the module identification code;
confirming authenticity of the charging data of the vehicle based on the vehicle sensitive data when the second security authentication code and the first security authentication code are identical.
8. The charging data protection method according to claim 7, wherein before the obtaining of the vehicle-mounted unit's vehicle-sensitive data, the module identification code, and the first security authentication code corresponding to the vehicle-sensitive data, further comprises:
receiving a third key and the module identification code;
calculating a first key by adopting an SM4 encryption algorithm based on the third key and the module identification code;
and when a key acquisition request sent by the special case processing terminal is received, sending the first key to the special case processing terminal.
9. The charging data protection method according to claim 7, wherein the method further comprises:
and when the second security authentication code is inconsistent with the first security authentication code, stopping calculating the charging data of the vehicle and sending prompt information, wherein the prompt information comprises information that the second security authentication code is inconsistent with the first security authentication code.
10. A special case processing terminal comprising a memory, a processor and a computer program stored in said memory and executable on said processor, characterized in that said processor implements the charging data protection method according to any of the preceding claims 1-5 when executing said computer program.
11. A computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, is adapted to carry out the charging data protection method of any one of the preceding claims 1 to 5.
CN202010766933.7A 2020-08-03 2020-08-03 Charging data protection method, device, special case processing terminal and storage medium Pending CN114095190A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010766933.7A CN114095190A (en) 2020-08-03 2020-08-03 Charging data protection method, device, special case processing terminal and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010766933.7A CN114095190A (en) 2020-08-03 2020-08-03 Charging data protection method, device, special case processing terminal and storage medium

Publications (1)

Publication Number Publication Date
CN114095190A true CN114095190A (en) 2022-02-25

Family

ID=80295399

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010766933.7A Pending CN114095190A (en) 2020-08-03 2020-08-03 Charging data protection method, device, special case processing terminal and storage medium

Country Status (1)

Country Link
CN (1) CN114095190A (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102081744A (en) * 2009-11-30 2011-06-01 中兴通讯股份有限公司 Path identification system and secure interaction method thereof
CN106911655A (en) * 2015-12-23 2017-06-30 北京奇虎科技有限公司 A kind of method of vehicle communication, car-mounted terminal and intelligent automobile
CN108414968A (en) * 2018-01-20 2018-08-17 何世容 A kind of vehicle positioning system and vehicle positioning method in parking lot
CN110061849A (en) * 2019-04-29 2019-07-26 中兴新能源汽车有限责任公司 Verification method, server, mobile unit and the storage medium of mobile unit
CN110149210A (en) * 2019-04-20 2019-08-20 深圳市元征科技股份有限公司 A kind of data transmission method and device
CN110460446A (en) * 2019-07-10 2019-11-15 北京信安世纪科技股份有限公司 The acquisition methods and device of message authentication code
CN110933671A (en) * 2019-11-29 2020-03-27 深圳市国电科技通信有限公司 Data transmission method and system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102081744A (en) * 2009-11-30 2011-06-01 中兴通讯股份有限公司 Path identification system and secure interaction method thereof
CN106911655A (en) * 2015-12-23 2017-06-30 北京奇虎科技有限公司 A kind of method of vehicle communication, car-mounted terminal and intelligent automobile
CN108414968A (en) * 2018-01-20 2018-08-17 何世容 A kind of vehicle positioning system and vehicle positioning method in parking lot
CN110149210A (en) * 2019-04-20 2019-08-20 深圳市元征科技股份有限公司 A kind of data transmission method and device
CN110061849A (en) * 2019-04-29 2019-07-26 中兴新能源汽车有限责任公司 Verification method, server, mobile unit and the storage medium of mobile unit
CN110460446A (en) * 2019-07-10 2019-11-15 北京信安世纪科技股份有限公司 The acquisition methods and device of message authentication code
CN110933671A (en) * 2019-11-29 2020-03-27 深圳市国电科技通信有限公司 Data transmission method and system

Similar Documents

Publication Publication Date Title
CN102184575B (en) System and method for carrying out toll authentication in intelligent transport system
JP3156562B2 (en) Vehicle communication device and traveling vehicle monitoring system
US9705679B2 (en) Data authentication device and data authentication method
CN109190362B (en) Secure communication method and related equipment
CN108876506B (en) Vehicle registration method and device
CN112785734B (en) Electronic toll collection system and method based on two-way authentication
CN109887112B (en) Data processing method and device and electronic equipment
CN111369338A (en) Data processing method and device based on block chain
US20140316992A1 (en) Method for charging an onboard-unit with an electronic ticket
CN110769410B (en) Method, application module, system and terminal for activating a vehicle-mounted unit device
CN111951420A (en) Method and device for safely transmitting ETC broadcast message
US11863688B2 (en) Secure emergency vehicular communication
CN111340969B (en) Non-card ETC offline processing method and device, computer equipment and storage medium
CN114785521B (en) Authentication method, authentication device, electronic equipment and storage medium
CN114095190A (en) Charging data protection method, device, special case processing terminal and storage medium
JP2017097788A (en) Toll collection system and toll collection method
KR102551592B1 (en) Method for preventing mileage tampering of car and mileage recording device using the same
JP2010186319A (en) Credit determining system, on-vehicle device, and credit determining method
WO2019019110A1 (en) Information sending method and vehicle device
CN113946876A (en) Service authentication method and system
JP2004348321A (en) Radio settlement system
US20240144270A1 (en) V2x-based electronic toll collection system and method
CN112640501B (en) Automobile electronic identification transmission method, vehicle-mounted equipment and reader-writer
JP3058128B2 (en) Automatic toll collection system
JP2004178338A (en) Authentication system and settlement system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination