CN115470533A - Storage method and device of vehicle sensitive data, electronic equipment and storage medium - Google Patents
Storage method and device of vehicle sensitive data, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN115470533A CN115470533A CN202211116947.XA CN202211116947A CN115470533A CN 115470533 A CN115470533 A CN 115470533A CN 202211116947 A CN202211116947 A CN 202211116947A CN 115470533 A CN115470533 A CN 115470533A
- Authority
- CN
- China
- Prior art keywords
- sensitive data
- data
- characteristic value
- preset
- secret
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The application relates to the technical field of safe storage, in particular to a storage method, a storage device, electronic equipment and a storage medium for vehicle sensitive data, wherein the method comprises the following steps: the method comprises the steps of obtaining sensitive data of a vehicle, judging whether the sensitive data are stored data or not, if the sensitive data are stored data, judging whether leakage risks exist or not based on operation data of the sensitive data, obtaining first target preset information from a preset information pool according to original characteristic values of the sensitive data when the leakage risks do not exist, further generating a first encryption key, encrypting the sensitive data by combining a preset encryption algorithm to obtain first secret state sensitive data, encrypting the first secret state sensitive data again through a preset safety key, and storing the first secret state sensitive data to a target file system. According to the storage method of the vehicle sensitive data, the double-layer encryption safe storage data is adopted, the safe storage data is monitored, the cracking difficulty is increased, and the safety of data storage is improved.
Description
Technical Field
The present application relates to the field of secure storage technologies, and in particular, to a method and an apparatus for storing vehicle sensitive data, an electronic device, and a storage medium.
Background
Along with the development of the intelligent internet automobile, when a user uses intelligent equipment in the automobile, the user needs to collect information such as user fingerprints, human face characteristics and identities to perform identity authentication, and in order to improve the safety of information collected by the user, the sensitive data have higher requirements on safe storage.
In the related art, TEE (Trusted Execution Environment) is generally used in data security storage as a Trusted Execution Environment with a higher security level established based on the TrustZone technology.
However, there are still some security issues with storing data in a TEE. Firstly, a root key used for storage in the TEE system is associated with hardware equipment and cannot be changed, a hacker can use a plurality of defect codes or bugs of Trusted applications in the TEE to take the root key in the TEE system, acquire authority to read and change a storage partition, and randomly access data between TAs (Trusted applications), so that the data security of the TEE can be ensured; secondly, the stored data is not monitored safely, and whether the data is exposed to the risk of snooping and stealing cannot be sensed, so that new data can be continuously leaked after the data is leaked.
Disclosure of Invention
The application provides a storage method and device of vehicle sensitive data, electronic equipment and a storage medium, and aims to solve the problems that in a trusted execution environment of a TEE, the safe storage data of a user can be directly cracked, a data safety monitoring mechanism is lacked, and therefore the safety of the data cannot be sensed.
An embodiment of a first aspect of the present application provides a storage method of vehicle sensitive data, including the following steps: acquiring sensitive data of a vehicle, and judging whether the sensitive data is stored data or not; if the sensitive data are stored data, judging whether the sensitive data have leakage risks or not based on operation data of the sensitive data, and acquiring first target preset information from a preset information pool according to an original characteristic value of the sensitive data when the sensitive data do not have the leakage risks; and generating a first encryption key according to the original characteristic value of the sensitive data and the first target preset information, encrypting the sensitive data through the first encryption key and a preset encryption algorithm to obtain first secret state sensitive data, encrypting the first secret state sensitive data again through a preset security key, and storing the first secret state sensitive data in a target file system to prevent the sensitive data from being stolen.
According to the technical means, the data are safely stored by adopting double-layer encryption and monitoring, when the monitored data are possibly stolen, the encryption key is replaced to safely store the data, the cracking difficulty is increased, and the storage safety is improved.
Further, in an embodiment of the present application, the above method for storing vehicle sensitive data further includes: when the sensitive data have the leakage risk, generating a new characteristic value of the sensitive data based on a preset characteristic value generation rule, and acquiring second target preset information from the preset information pool according to the new characteristic value; generating a second encryption key according to the new characteristic value and the second target preset information, and generating a decryption key according to the original characteristic value of the sensitive data and the first target preset information; and after the first confidential sensitive data is decrypted by the decryption secret key, the decrypted first confidential sensitive data is encrypted by the second encryption key and the preset encryption algorithm to obtain second confidential sensitive data, and the second confidential sensitive data is encrypted again by the preset security key and then stored in the target file system.
According to the technical means, the data are encrypted for the second time, so that the cracking difficulty is increased.
Further, in an embodiment of the present application, the above method for storing vehicle sensitive data further includes: if the sensitive data are not stored data, generating a characteristic value of the sensitive data based on the preset characteristic value to-be-generated rule, and storing the file name, the data type and the characteristic value of the sensitive data in the target file system.
According to the technical means, the data to be stored can be stored based on the data characteristic value, and the storage safety of the data is improved.
Further, in an embodiment of the present application, after storing to the target file system, the method further includes: and monitoring sensitive data in the target file system.
According to the technical means, sensitive data of the user are monitored, and the risk of data stealing is reduced.
Further, in one embodiment of the present application, the sensitive data includes at least one of a user facial feature, a user fingerprint, a user password, and a key certificate.
According to the technical means, a plurality of sensitive data of the user are collected, and the storage safety of the sensitive data of the user is improved.
In a second aspect, an embodiment of the present application provides a storage device for vehicle sensitive data, including: the acquisition module is used for acquiring sensitive data of the vehicle and judging whether the sensitive data is stored data or not; the judging module is used for judging whether the sensitive data has a leakage risk or not based on the operation data of the sensitive data if the sensitive data is the stored data, and acquiring first target preset information from the preset information pool according to the original characteristic value of the sensitive data when the sensitive data does not have the leakage risk; and the first storage module is used for generating a first encryption key according to the original characteristic value of the sensitive data and the first target preset information, encrypting the sensitive data through the first encryption key and a preset encryption algorithm to obtain first secret-state sensitive data, and storing the first secret-state sensitive data to a target file system after encrypting the first secret-state sensitive data again through a preset security key so as to prevent the sensitive data from being stolen.
Further, in an embodiment of the present application, the above storage device for vehicle sensitive data further includes: the first generation module is used for generating a new characteristic value of the sensitive data based on a preset characteristic value generation rule when the sensitive data has the leakage risk, and acquiring second target preset information from the preset information pool according to the new characteristic value; the second generating module is used for generating a second encryption key according to the new characteristic value and the second target preset information and generating a decryption key according to the original characteristic value of the sensitive data and the first target preset information; and the second storage module is used for encrypting the decrypted first confidential sensitive data by the second encryption key and the preset encryption algorithm after decrypting the first confidential sensitive data by the decryption key, and storing the second confidential sensitive data to the target file system after encrypting the second confidential sensitive data again by the preset security key.
Further, in an embodiment of the present application, the above storage device for vehicle sensitive data further includes: and the third storage module is used for generating a characteristic value of the sensitive data based on the preset characteristic value to-be-generated rule if the sensitive data is not stored data, and storing the file name, the data type and the characteristic value of the sensitive data in the target file system.
Further, in an embodiment of the present application, after storing to the target file system, the method further includes: the first storage module further comprises: and the monitoring unit is used for monitoring the sensitive data in the target file system.
Further, in one embodiment of the present application, the sensitive data includes at least one of a user facial feature, a user fingerprint, a user password, and a key certificate.
An embodiment of a third aspect of the present application provides an electronic device, including: the vehicle-mounted data storage system comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor executes the program to realize the vehicle-mounted data storage method according to the embodiment.
A fourth aspect of the present application provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the storage method of vehicle sensitive data as described in the above embodiments.
According to the method and the device, sensitive data of the vehicle are obtained, whether the sensitive data are stored data or not is judged, if the sensitive data are stored data, whether leakage risks exist or not is judged based on operation data of the sensitive data, when the leakage risks do not exist, first target preset information is obtained from a preset information pool according to original characteristic values of the sensitive data, a first encryption key is further generated, the sensitive data are encrypted by combining a preset encryption algorithm to obtain first secret-state sensitive data, and the first secret-state sensitive data are stored in a target file system after being encrypted again through a preset security key. Therefore, the problems that in a trusted execution environment of the TEE, the safe storage data of a user can be directly cracked, a data safety monitoring mechanism is lacked, and the safety of the data cannot be sensed are solved.
Additional aspects and advantages of the present application will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the present application.
Drawings
The foregoing and/or additional aspects and advantages of the present application will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
FIG. 1 is a flowchart of a method for storing vehicle sensitive data according to an embodiment of the present application;
FIG. 2 is a flowchart of an overall method according to one embodiment of the present application;
FIG. 3 is a schematic diagram of data acquisition and use procedure sensitive data acquisition according to one embodiment of the present application;
FIG. 4 is a flow diagram of a data monitoring and transmission routine according to one embodiment of the present application;
FIG. 5 is a diagram illustrating sensitive data one-layer encryption key generation according to one embodiment of the present application;
FIG. 6 is a schematic diagram of an implementation of a data monitoring and transmission program for monitoring sensitive data files according to one embodiment of the present application;
FIG. 7 is a block schematic diagram of a storage device for vehicle sensitive data according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the application.
Description of the reference numerals: 10-storage of vehicle sensitive data; 100-an obtaining module, 200-a judging module and 300-a first storage module.
Detailed Description
Reference will now be made in detail to the embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like reference numerals refer to the same or similar elements or elements having the same or similar functions throughout. The embodiments described below with reference to the accompanying drawings are illustrative and intended to explain the present application and should not be construed as limiting the present application.
The following describes a storage method, device, electronic device and storage medium for vehicle sensitive data according to an embodiment of the present application with reference to the drawings. In order to solve the problem that in a trusted execution environment of a TEE (trusted execution environment) mentioned in the background art, safe storage data of a user can be directly cracked, and a data safety monitoring mechanism is lacked, so that the safety of the data cannot be sensed, the application provides a storage method of vehicle sensitive data. Therefore, the problems that in a trusted execution environment of the TEE, the safe storage data of a user can be directly cracked, a data safety monitoring mechanism is lacked, and the safety of the data cannot be sensed are solved. The data are safely stored by adopting double-layer encryption safety storage data and monitoring the safety storage data and replacing a secret key encryption mode when the monitoring data are possibly stolen, so that the cracking difficulty is increased, and the safety of data storage is improved.
Specifically, fig. 1 is a schematic flowchart of a method for storing vehicle sensitive data according to an embodiment of the present disclosure.
As shown in fig. 1, the method for storing the vehicle sensitive data comprises the following steps:
in step S101, sensitive data of the vehicle is acquired, and it is determined whether the sensitive data is stored data.
Specifically, as shown in fig. 2 and fig. 3, in the embodiment of the present application, first, sensitive data of a vehicle needs to be acquired through a third-party application program of a vehicle-end controller, such as a camera, a fingerprint acquirer, a vehicle-end screen input or a remote receiving mode, where the sensitive data includes at least one of a user face feature, a user fingerprint, a user password, and a key certificate; secondly, after the sensitive data are collected, the third-party application program needs to store and use the sensitive data and send the sensitive data or the use instruction to the data monitoring and transmission program.
Further, the data monitoring and transmission program of the embodiment of the present application may exist in the form of a static library or an application program, and the data acquisition and use program may send data to the data monitoring and transmission program according to a protocol through a library interface call or an IPC (Inter Process Communication), where the protocol format is as follows:
the Name (20 byte) + Command (1 byte) + DataType (1 type) + DataLength (4 byte) + Data (Nbyte), that is, the Name uses 20byte Data segment, and then the Command value of 1byte length, then the Data type of 1byte length, then the length of 4byte Data, and finally the specific Data.
Further, after the sensitive data or the use instruction is sent to the data monitoring and transmission program in the embodiment of the application, the data monitoring and transmission program may analyze the data sent by the data acquisition and use program according to the protocol, and judge whether the sensitive data is the stored data by name.
In step S102, if the sensitive data is stored data, whether the sensitive data has a leakage risk is determined based on the operation data of the sensitive data, and when the sensitive data does not have a leakage risk, the first target preset information is obtained from the preset information pool according to the original characteristic value of the sensitive data.
Specifically, as shown in fig. 4, all operations of the data monitoring and transmission program according to the embodiment of the present application after receiving data from the transmission channel are performed in the trusted execution environment. If the sensitive data received by the embodiment of the application is the stored data, the monitoring information of the sensitive data is extracted, and whether the sensitive data faces the stealing risk is judged through the monitoring information. It should be noted that, when sensitive data is stored, two situations need to be distinguished through the monitoring results of the data monitoring and transmission program: one is the safe storage of normal state data; and the other is safe storage of risk state data.
Optionally, if the sensitive data received in the embodiment of the present application has no leakage risk, that is, when the data is stored safely in a normal state, the data encryption and storage program uses the original feature value to obtain the first target preset information from the preset information pool through shift operation.
In step S103, a first encryption key is generated according to the original characteristic value of the sensitive data and the first target preset information, the sensitive data is encrypted through the first encryption key and a preset encryption algorithm to obtain first secret-state sensitive data, and the first secret-state sensitive data is encrypted again through a preset security key and then stored in a target file system, so as to prevent the sensitive data from being stolen.
The preset encryption algorithm may be an encryption algorithm set by a person skilled in the art according to an actual storage requirement, and preferably, in the embodiment of the present application, an HMAC (Hash-based Message Authentication Code) encryption algorithm may be adopted, or other algorithms having an encryption function may also be adopted, which is not specifically limited herein.
Specifically, as shown in fig. 5, in the embodiment of the present application, a first Encryption key PK (Public key) is generated through an HMAC algorithm by using an original feature value and first target preset information, a first layer of Encryption is performed on sensitive data by using PK and AES128 (Advanced Encryption Standard) algorithms to obtain first secret sensitive data, then, a second layer of Encryption is performed on the first secret sensitive data by using a TEE system security key through a TEE system interface, the data is stored in a file system, and the sensitive data in the target file system is continuously monitored to avoid stealing the sensitive data.
Further, in an embodiment of the present application, the above method for storing vehicle sensitive data further includes: when the sensitive data have leakage risks, generating a new characteristic value of the sensitive data based on a preset characteristic value generation rule, and acquiring second target preset information from a preset information pool according to the new characteristic value; generating a second encryption key according to the new characteristic value and second target preset information, and generating a decryption key according to the original characteristic value of the sensitive data and the first target preset information; and after the first confidential sensitive data is decrypted by the decryption secret key, the decrypted first confidential sensitive data is encrypted by the second encryption key and a preset encryption algorithm, and the second confidential sensitive data is encrypted again by the preset security key and then stored in the target file system.
Specifically, if the sensitive data received in the embodiment of the present application has a leakage risk, that is, when the risk state data is safely stored, a new feature value of the sensitive data and an updated monitoring information table need to be generated again through a generation rule, second target preset information needs to be obtained from a preset information pool according to the new feature value, meanwhile, a second encryption key needs to be generated by using the original feature value and the second target preset information, a decryption key is generated according to the original feature value of the sensitive data and the first target preset, and the sensitive data is decrypted; then, generating a second encryption key PK through an HMAC algorithm according to the original characteristic value and second target preset information, performing first-layer encryption on the sensitive data by using PK and AES128 algorithms to obtain second-layer encrypted sensitive data, performing second-layer encryption on the second-layer encrypted sensitive data by using a TEE system security key through a TEE system interface, storing the data into a file system, and continuously monitoring the sensitive data in a target file system; and finally, sending the original characteristic value, the newly generated characteristic value, the sensitive data and the like to a data encryption and storage program through a bottom layer transmission channel.
It should be noted that, in order to avoid confusion of file names, file paths, and the like of the sensitive data, the data monitoring and transmission program binds the confused file names, file paths, and the like with the actual names of the sensitive data, creates and maintains a monitoring information table for each sensitive data, updates and saves information in the monitoring information table, and monitors the sensitive data file. The information in the monitoring information table includes the name, type, characteristic value, storage path, storage name in the TEE, and the like of the sensitive data.
Specifically, the sensitive data collected in the embodiment of the application is processed by a trusted application program on the TEE side and then stored in a file system anonymously, and the file authority is only read and written by a root user, so that only the trusted application program can operate the sensitive data under normal conditions, and a data monitoring and transmission program utilizes the characteristic to add monitoring to the sensitive data file stored safely, and judges that the sensitive data has risks of being sniffed and stolen through monitoring events such as opening, reading, attribute modification, movement and the like of the file which appear outside authorized operation, as shown in fig. 6, the following is detailed description of each event:
access: the monitored files are read from the monitored directories.
And (3) modifying: the written file is read from the monitored directory.
attrib: the directory is monitored for files whose metadata has been modified, including timestamps, file permissions, extended attributes, and the like.
close: it is monitored that a file in a directory is closed, regardless of how it is opened.
open: the files in the watch directory have been opened.
moved _ to: the file or directory has been moved into the monitoring directory.
moved _ from: files or directories are moved from the monitoring directory.
delete: the file or directory is deleted in the listening directory.
Further, in an embodiment of the present application, the above method for storing vehicle sensitive data further includes: and if the sensitive data are not stored data, generating a characteristic value of the sensitive data based on a preset characteristic value to-be-generated rule, and storing the file name, the data type and the characteristic value of the sensitive data in a target file system.
Preferably, the preset characteristic value of the embodiment of the present application is a 16-byte array generated by a random number.
Specifically, if the sensitive data received in the embodiment of the application is the non-stored data, a characteristic value of the sensitive data is generated based on a preset characteristic value to-be-generated rule, and a monitoring information table of the sensitive data is created to record and store information such as a file name, a data type, and a characteristic value of the sensitive data to a target file system.
According to the storage method of the vehicle sensitive data, the sensitive data of the vehicle are obtained, whether the sensitive data are stored data or not is judged, if the sensitive data are the stored data, whether the sensitive data have a leakage risk or not is judged based on the operation data of the sensitive data, when the leakage risk does not exist, the first target preset information is obtained from the preset information pool according to the original characteristic value of the sensitive data, the first encryption key is further generated, the sensitive data are encrypted by combining with a preset encryption algorithm to obtain the first secret state sensitive data, and the first secret state sensitive data are stored in the target file system after being encrypted again through the preset security key. Therefore, the problems that in a trusted execution environment of the TEE, safe storage data of a user can be directly cracked, a data safety monitoring mechanism is lacked, and therefore the safety of the data cannot be perceived are solved. The data are safely stored by adopting double-layer encryption safety storage data and monitoring the safety storage data and replacing a secret key encryption mode when the monitoring data are possibly stolen, so that the cracking difficulty is increased, and the safety of data storage is improved.
Next, a storage device for vehicle sensitive data according to an embodiment of the present application will be described with reference to the drawings.
FIG. 7 is a block diagram illustrating an exemplary storage device for vehicle sensitive data.
As shown in fig. 7, the storage device 10 for vehicle sensitive data includes: the device comprises an acquisition module 100, a judgment module 200 and a first storage module 300.
The acquiring module 100 is configured to acquire sensitive data of a vehicle and determine whether the sensitive data is stored data;
the judging module 200 is configured to judge whether the sensitive data has a leakage risk based on operation data of the sensitive data if the sensitive data is stored data, and acquire first target preset information from a preset information pool according to an original characteristic value of the sensitive data when the sensitive data does not have the leakage risk; and
the first storage module 300 is configured to generate a first encryption key according to an original characteristic value of the sensitive data and first target preset information, encrypt the sensitive data through the first encryption key and a preset encryption algorithm to obtain first secret-state sensitive data, encrypt the first secret-state sensitive data again through a preset security key, and store the first secret-state sensitive data in a target file system to avoid the sensitive data from being stolen.
Further, in an embodiment of the present application, the storage device 10 for vehicle sensitive data further includes: the device comprises a first generating module, a second generating module and a second storage module.
The first generation module is used for generating a new characteristic value of the sensitive data based on a preset characteristic value generation rule when the sensitive data has a leakage risk, and acquiring second target preset information from a preset information pool according to the new characteristic value;
the second generation module is used for generating a second encryption key according to the new characteristic value and second target preset information and generating a decryption key according to the original characteristic value of the sensitive data and the first target preset information;
and the second storage module is used for encrypting the second secret-state sensitive data of the decrypted first secret-state sensitive data through a second encryption key and a preset encryption algorithm after the first secret-state sensitive data is decrypted through the decryption secret key, and storing the second secret-state sensitive data to the target file system after the second secret-state sensitive data is encrypted again through the preset security key.
Further, in an embodiment of the present application, the storage device 10 for vehicle sensitive data further includes:
and the third storage module is used for generating a characteristic value of the sensitive data based on a preset characteristic value to-be-generated rule if the sensitive data is not stored data, and storing the file name, the data type and the characteristic value of the sensitive data to a target file system.
Further, in an embodiment of the present application, after storing to the target file system, the first storage module 300 further includes:
and the monitoring unit is used for monitoring the sensitive data in the target file system.
Further, in one embodiment of the present application, the sensitive data includes at least one of a user facial feature, a user fingerprint, a user password, and a key certificate.
According to the storage device for the vehicle sensitive data, the sensitive data of the vehicle are obtained, whether the sensitive data are stored data is judged, if the sensitive data are stored data, whether the sensitive data have a leakage risk is judged based on the operation data of the sensitive data, when the leakage risk does not exist, first target preset information is obtained from a preset information pool according to the original characteristic value of the sensitive data, a first encryption key is further generated, the sensitive data are encrypted by combining a preset encryption algorithm to obtain first secret state sensitive data, the first secret state sensitive data are encrypted again through a preset safety key, and then the first secret state sensitive data are stored in a target file system. Therefore, the problems that in a trusted execution environment of the TEE, safe storage data of a user can be directly cracked, a data safety monitoring mechanism is lacked, and therefore the safety of the data cannot be perceived are solved. The data are safely stored by adopting double-layer encryption safety storage data and monitoring the safety storage data and replacing a secret key encryption mode when the monitoring data are possibly stolen, so that the cracking difficulty is increased, and the safety of data storage is improved.
Fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present application. The electronic device may include:
a memory 801, a processor 802, and a computer program stored on the memory 801 and executable on the processor 802.
The processor 802, when executing the program, implements the method of storing vehicle sensitive data provided in the embodiments described above.
Further, the electronic device further includes:
a communication interface 803 for communicating between the memory 801 and the processor 802.
A memory 801 for storing computer programs operable on the processor 802.
The Memory 801 may include a high-speed RAM (Random Access Memory) Memory, and may also include a non-volatile Memory, such as at least one disk Memory.
If the memory 801, the processor 802 and the communication interface 803 are implemented independently, the communication interface 803, the memory 801 and the processor 802 may be connected to each other via a bus and communicate with each other. The bus may be an ISA (Industry Standard Architecture) bus, a PCI (Peripheral Component interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 8, but this is not intended to represent only one bus or type of bus.
Optionally, in a specific implementation, if the memory 801, the processor 802, and the communication interface 803 are integrated on one chip, the memory 801, the processor 802, and the communication interface 803 may complete communication with each other through an internal interface.
The processor 802 may be a Central Processing Unit (CPU), an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits configured to implement embodiments of the present Application.
Embodiments of the present application further provide a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the above method for storing vehicle sensitive data.
In the description of the present specification, reference to the description of "one embodiment," "some embodiments," "an example," "a specific example," or "some examples" or the like means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present application. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or N embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present application, "N" means at least two, e.g., two, three, etc., unless explicitly defined otherwise.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more N executable instructions for implementing steps of a custom logic function or process, and alternate implementations are included within the scope of the preferred embodiment of the present application in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the embodiments of the present application.
It should be understood that portions of the present application may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the N steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system. If implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are well known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a programmable gate array, a field programmable gate array, or the like.
It will be understood by those skilled in the art that all or part of the steps carried out in the method for implementing the above embodiment may be implemented by hardware that is related to instructions of a program, and the program may be stored in a computer readable storage medium, and when executed, the program includes one or a combination of the steps of the method embodiment.
Although embodiments of the present application have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present application, and that variations, modifications, substitutions and alterations may be made to the above embodiments by those of ordinary skill in the art within the scope of the present application.
Claims (10)
1. A method of storing vehicle sensitive data, comprising the steps of:
acquiring sensitive data of a vehicle, and judging whether the sensitive data is stored data or not;
if the sensitive data are stored data, judging whether the sensitive data have leakage risks or not based on operation data of the sensitive data, and acquiring first target preset information from a preset information pool according to an original characteristic value of the sensitive data when the sensitive data do not have the leakage risks; and
and generating a first encryption key according to the original characteristic value of the sensitive data and the first target preset information, encrypting the sensitive data through the first encryption key and a preset encryption algorithm to obtain first secret state sensitive data, and storing the first secret state sensitive data to a target file system after encrypting the first secret state sensitive data again through a preset security key so as to prevent the sensitive data from being stolen.
2. The method of claim 1, further comprising:
when the sensitive data have the leakage risk, generating a new characteristic value of the sensitive data based on a preset characteristic value generation rule, and acquiring second target preset information from the preset information pool according to the new characteristic value;
generating a second encryption key according to the new characteristic value and the second target preset information, and generating a decryption key according to the original characteristic value of the sensitive data and the first target preset information;
and after the first confidential sensitive data is decrypted by the decryption secret key, the decrypted first confidential sensitive data is encrypted by the second encryption key and the preset encryption algorithm to obtain second confidential sensitive data, and the second confidential sensitive data is encrypted again by the preset security key and then stored in the target file system.
3. The method of claim 2, further comprising:
if the sensitive data are not stored data, generating a characteristic value of the sensitive data based on the preset characteristic value to-be-generated rule, and storing the file name, the data type and the characteristic value of the sensitive data in the target file system.
4. The method of claim 3, further comprising, after storing to the target file system:
and monitoring sensitive data in the target file system.
5. The method of any of claims 1-4, wherein the sensitive data comprises at least one of a user facial feature, a user fingerprint, a user password, and a key certificate.
6. A device for storing sensitive data in a vehicle, comprising:
the acquisition module is used for acquiring sensitive data of the vehicle and judging whether the sensitive data is stored data or not;
the judging module is used for judging whether the sensitive data has a leakage risk or not based on the operation data of the sensitive data if the sensitive data is the stored data, and acquiring first target preset information from a preset information pool according to the original characteristic value of the sensitive data when the sensitive data does not have the leakage risk; and
the first storage module is used for generating a first encryption key according to the original characteristic value of the sensitive data and the first target preset information, encrypting the sensitive data through the first encryption key and a preset encryption algorithm to obtain first secret-state sensitive data, and storing the first secret-state sensitive data to a target file system after encrypting the first secret-state sensitive data again through a preset security key so as to prevent the sensitive data from being stolen.
7. The apparatus of claim 6, further comprising:
the first generation module is used for generating a new characteristic value of the sensitive data based on a preset characteristic value generation rule when the sensitive data has the leakage risk, and acquiring second target preset information from the preset information pool according to the new characteristic value;
the second generation module is used for generating a second encryption key according to the new characteristic value and the second target preset information and generating a decryption key according to the original characteristic value of the sensitive data and the first target preset information;
and the second storage module is used for encrypting the decrypted first secret-state sensitive data by the second encryption key and the preset encryption algorithm after decrypting the first secret-state sensitive data by the decryption key, and storing the second secret-state sensitive data to the target file system after encrypting the second secret-state sensitive data again by the preset security key.
8. The apparatus of claim 7, further comprising:
and the third storage module is used for generating a characteristic value of the sensitive data based on the preset characteristic value to-be-generated rule if the sensitive data is not stored data, and storing the file name, the data type and the characteristic value of the sensitive data to the target file system.
9. An electronic device, comprising: memory, a processor and a computer program stored on the memory and executable on the processor, the processor executing the program to implement the method of storing vehicle sensitive data according to any of claims 1-5.
10. A computer-readable storage medium, on which a computer program is stored, characterized in that the program is executed by a processor for implementing a method for storing vehicle sensitive data according to any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211116947.XA CN115470533A (en) | 2022-09-14 | 2022-09-14 | Storage method and device of vehicle sensitive data, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211116947.XA CN115470533A (en) | 2022-09-14 | 2022-09-14 | Storage method and device of vehicle sensitive data, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115470533A true CN115470533A (en) | 2022-12-13 |
Family
ID=84333131
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211116947.XA Pending CN115470533A (en) | 2022-09-14 | 2022-09-14 | Storage method and device of vehicle sensitive data, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115470533A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116150796A (en) * | 2023-04-18 | 2023-05-23 | 安羚科技(杭州)有限公司 | Data protection method and device for data leakage prevention system |
| CN117235805A (en) * | 2023-11-16 | 2023-12-15 | 中汽智联技术有限公司 | Vehicle data processing system, processing method, device and medium |
| CN117560227A (en) * | 2024-01-10 | 2024-02-13 | 深圳市博昌智控科技有限公司 | Intelligent traffic message encryption transmission method, device, equipment and storage medium |
-
2022
- 2022-09-14 CN CN202211116947.XA patent/CN115470533A/en active Pending
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116150796A (en) * | 2023-04-18 | 2023-05-23 | 安羚科技(杭州)有限公司 | Data protection method and device for data leakage prevention system |
| CN116150796B (en) * | 2023-04-18 | 2023-12-08 | 安羚科技(杭州)有限公司 | Data protection method and device for data leakage prevention system |
| CN117235805A (en) * | 2023-11-16 | 2023-12-15 | 中汽智联技术有限公司 | Vehicle data processing system, processing method, device and medium |
| CN117235805B (en) * | 2023-11-16 | 2024-02-23 | 中汽智联技术有限公司 | Vehicle data processing system, processing method, device and medium |
| CN117560227A (en) * | 2024-01-10 | 2024-02-13 | 深圳市博昌智控科技有限公司 | Intelligent traffic message encryption transmission method, device, equipment and storage medium |
| CN117560227B (en) * | 2024-01-10 | 2024-04-09 | 深圳市博昌智控科技有限公司 | Intelligent traffic message encryption transmission method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR100737628B1 (en) | Attestation using both fixed token and portable token | |
| CN115470533A (en) | Storage method and device of vehicle sensitive data, electronic equipment and storage medium | |
| JP4689945B2 (en) | Resource access method | |
| US8458801B2 (en) | High-assurance secure boot content protection | |
| KR100611687B1 (en) | Multi-token seal and unseal | |
| EP1391802B1 (en) | Saving and retrieving data based on symmetric key encryption | |
| US6775776B1 (en) | Biometric-based authentication in a nonvolatile memory device | |
| EP3688652A1 (en) | Device and method for data security with trusted execution environment | |
| JP2005128996A (en) | Information processing apparatus and system, and program | |
| WO2005081115A1 (en) | Application-based access control system and method using virtual disk | |
| WO2002001368A2 (en) | Embedded security device within a nonvolatile memory device | |
| JP5354001B2 (en) | Information processing apparatus, information processing system, and program | |
| CN113168480A (en) | Trusted execution based on environmental factors | |
| WO2021051591A1 (en) | Secure keyboard realizing method and apparatus, and computer device and storage medium | |
| CN112269547A (en) | Active and controllable hard disk data deleting method and device without operating system | |
| JP4084971B2 (en) | Data protection apparatus, data protection method and program used in electronic data exchange system | |
| CN110932853B (en) | Key management device and key management method based on trusted module | |
| CN116594567A (en) | Information management method and device and electronic equipment | |
| CN108345804A (en) | A kind of storage method in trusted computation environment and device | |
| JP2007188307A (en) | Data file monitor apparatus | |
| CN108345803B (en) | Data access method and device of trusted storage equipment | |
| JPH10340232A (en) | File copy preventing device, and file reader | |
| CN117610083A (en) | File verification method and device, electronic equipment and computer storage medium | |
| CN118013505A (en) | Equipment locking method and device and electronic equipment | |
| JP2002259221A (en) | Device for automatically erasing information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |