CN117956451A - Data security transmission method and system based on OBU storage key - Google Patents

Data security transmission method and system based on OBU storage key Download PDF

Info

Publication number
CN117956451A
CN117956451A CN202410353459.3A CN202410353459A CN117956451A CN 117956451 A CN117956451 A CN 117956451A CN 202410353459 A CN202410353459 A CN 202410353459A CN 117956451 A CN117956451 A CN 117956451A
Authority
CN
China
Prior art keywords
target vehicle
roadside unit
unit
data
vehicle
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410353459.3A
Other languages
Chinese (zh)
Inventor
何玉容
黄卫民
陈文倩
赖薪宇
邓俊锐
林鹏科
戴建朗
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Mainchance Communication Technology Co ltd
Original Assignee
Guangzhou Mainchance Communication Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Mainchance Communication Technology Co ltd filed Critical Guangzhou Mainchance Communication Technology Co ltd
Priority to CN202410353459.3A priority Critical patent/CN117956451A/en
Publication of CN117956451A publication Critical patent/CN117956451A/en
Pending legal-status Critical Current

Links

Landscapes

  • Traffic Control Systems (AREA)

Abstract

The invention discloses a data security transmission method and system based on an OBU storage key, comprising the following steps: acquiring navigation data of a target vehicle, determining a driving route of the target vehicle, and further obtaining each roadside unit on the driving route; the identity information of the target vehicle and the public key corresponding to the vehicle-mounted unit are sequentially sent to each roadside unit; the vehicle-mounted unit receives the public key sent by the roadside unit and establishes a private data communication channel with the roadside unit; according to the storage key in the vehicle-mounted unit, encrypting the private data to be transmitted in sequence, decomposing the field of the storage key through the identity information of the roadside unit, and transmitting the encrypted private data and the decomposed storage key to the roadside unit; restoring the decomposed storage key, and decrypting the encrypted private data through the restored storage key, so that the original private data in the vehicle-mounted unit of the target vehicle is obtained.

Description

Data security transmission method and system based on OBU storage key
Technical Field
The invention relates to the technical field of data security transmission, in particular to a data security transmission method and system based on an OBU (on-board unit) storage key.
Background
An On Board Unit (OBU) is an On Board electronic tag device for a vehicle to communicate with a roadside Unit, and is a microwave device using DSRC (DEDICATED SHORT RANGE COMMUNICATION ) technology, which can communicate with a roadside Unit (RSU). The system is mainly applied to an electronic toll collection (ETC, electronic Toll Collection), the OBU is usually installed in a vehicle, and information is exchanged with the RSU through microwaves, so that quick passing and transmission and reading of vehicle data are realized.
Currently, OBU is used as an identification and information processing device of a vehicle, and needs to store some key security information to ensure that communication with RSU is not intercepted or tampered with by an unauthorized third party. However, the current OBU and RSU encrypt data only through a simple public key certificate, DES/3DES and other cryptographic algorithms, but the situation that a large amount of encrypted data is stolen in the transmission process cannot be avoided, so that lawbreakers can violently crack the encrypted data through a large amount of data, the problems of leakage and theft in the transmission process of the data between the OBU and the RSU cannot be avoided, meanwhile, the transmission flow direction of the data between the OBU and the RSU cannot be monitored, data backtracking cannot be accurately performed, and the safety of data transmission between the existing OBU and the RSU is lower.
Disclosure of Invention
The invention provides a data security transmission method based on an OBU storage key, which aims to solve the technical problem of lower security of data transmission between the existing OBU and RSU in the prior art.
In order to solve the above technical problems, an embodiment of the present invention provides a data security transmission method based on an OBU storage key, including:
Acquiring navigation data of a target vehicle, determining a driving route of the target vehicle according to the navigation data, and further obtaining each roadside unit on the driving route; the vehicle-mounted unit is arranged on the target vehicle and can carry out data communication with all roadside units;
the identity information of the target vehicle and the public keys corresponding to the vehicle-mounted units of the target vehicle are sequentially sent to each roadside unit, so that the roadside units can continuously search for the target vehicle within a preset range according to the identity information, and when the target vehicle is searched, the public keys are sent to the target vehicle through a public communication channel;
Responding to the roadside unit on the driving route each time the target vehicle passes by, receiving a public key sent by the roadside unit by the vehicle-mounted unit, and carrying out identity verification of the roadside unit according to the public key, so that after the identity verification of the roadside unit is passed, a private data communication channel is established between the vehicle-mounted unit and the roadside unit;
After the vehicle-mounted unit establishes data communication of a private data communication channel with any roadside unit, encrypting private data to be sent in sequence according to a storage key in the vehicle-mounted unit, decomposing a field of the storage key through identity information of the roadside unit, and further sending the encrypted private data and the decomposed storage key to the roadside unit through the private data communication channel; the vehicle-mounted unit is provided with a plurality of storage keys, and each storage key corresponds to each roadside unit;
And after the roadside unit receives the encrypted privacy data and the decomposed storage key, restoring the decomposed storage key according to the identity information of the roadside unit, and decrypting the encrypted privacy data through the restored storage key, so that the original privacy data in the vehicle-mounted unit of the target vehicle is obtained.
Preferably, the method further comprises:
Until the target vehicle passes through all roadside units on the driving route, the roadside units all receive and obtain privacy data sent by vehicle-mounted units of the target vehicle;
generating a connection topological graph of each roadside unit based on the position information according to the sequence of each roadside unit for receiving the privacy data and the position information of each roadside unit;
according to the driving route and navigation data of the target vehicle, performing anastomosis verification on the connection topological graph;
when the driving route of the target vehicle is matched with the connection topological graph, uploading the privacy data received by each roadside unit to a cloud;
And when the driving route of the target vehicle does not coincide with the connection topological graph, sealing and storing the privacy data received by each roadside unit, and generating a privacy data leakage risk alarm of the target vehicle.
As a preferred solution, the obtaining navigation data of the target vehicle, and determining a driving route of the target vehicle according to the navigation data, so as to obtain each roadside unit on the driving route, specifically includes:
acquiring navigation data of a target vehicle, and generating a plurality of target driving routes of the target vehicle according to the navigation data; the target driving route is obtained by calculating initial information and destination information of the target vehicle;
And determining the driving route of the target vehicle in response to the selection of the target driving route by the user, thereby obtaining all roadside units according to the driving route, and numbering the passing sequence of the target vehicle for all the roadside units.
As a preferred solution, the identity information of the target vehicle and the public key corresponding to the vehicle-mounted unit thereof are sequentially sent to each roadside unit, so that the roadside unit continuously searches for the target vehicle within a preset range according to the identity information, and sends the public key to the target vehicle through a public communication channel when the target vehicle is searched, specifically:
acquiring the identity information of the target vehicle and a public key corresponding to the vehicle-mounted unit of the target vehicle, and sequentially sending the identity information of the target vehicle to each roadside unit;
And continuously acquiring the identity information of all vehicles by the roadside unit within a preset range, checking and comparing the identity information of all vehicles according to the identity information of the target vehicle until the vehicles which are the same as the identity information of the target vehicle are checked, taking the vehicles as the target vehicles which are obtained by searching, and sending the public key to the target vehicles which are obtained by searching through a public communication channel.
As a preferred solution, the responding to the target vehicle passing through the roadside unit on the driving route each time, the vehicle-mounted unit receives the public key sent by the roadside unit, and performs identity verification of the roadside unit according to the public key, so that after the identity verification of the roadside unit passes, a private data communication channel is established between the vehicle-mounted unit and the roadside unit, specifically:
responding to the road side unit on the driving route each time the target vehicle passes by, and receiving a public key sent by the road side unit by the vehicle-mounted unit through a public communication channel;
Verifying the public key according to a preset certificate, so that the identity of the roadside unit is verified according to the verification result and the passing sequence number of the target vehicle; the preset certificate stores validity verification information of public keys of all roadside units;
After the identity of the roadside unit passes the verification, establishing a privacy data communication channel according to the identity of the roadside unit; the privacy data communication channel between the vehicle-mounted unit and the roadside unit maintains a preset duration time, and the preset duration time is calculated according to a preset range of the roadside unit and the average running speed of the target vehicle.
As a preferred solution, after the on-board unit establishes data communication of a private data communication channel with any roadside unit, according to a storage key in the on-board unit, the on-board unit encrypts the private data to be sent in sequence, and decomposes a field of the storage key through identity information of the roadside unit, and further sends the encrypted private data and the decomposed storage key to the roadside unit through the private data communication channel, specifically:
after the vehicle-mounted unit establishes data communication of a private data communication channel with any roadside unit, encoding and encrypting a header file of private data to be transmitted according to a storage key corresponding to the roadside unit; the number of the privacy data to be sent is several, and each privacy data comprises a header file, a data file and a nonsensical file;
According to the public key of the roadside unit, encoding and encrypting the data file of the private data to be transmitted;
decomposing the storage key according to the number of the private data, so that each private data corresponds to a character segment of the decomposed storage key, and adding the character segment of the storage key into a meaningless file of the private data; the sequence of each private data transmission is the arrangement sequence of the corresponding character segments of the storage key;
And sequentially sending the encrypted header file, the encrypted data file and the meaningless file added with the storage key character segment in each private data to the roadside unit through the private data communication channel.
As a preferred solution, the roadside unit receives the encrypted private data and the decomposed storage key, restores the decomposed storage key according to the identity information of the roadside unit, and decrypts the encrypted private data through the restored storage key, thereby obtaining the original private data in the vehicle-mounted unit of the target vehicle, specifically including:
Restoring a storage key of a character segment in a meaningless file according to the identity information of the roadside unit and the receiving sequence of each private data after the roadside unit receives the encrypted header file, the encrypted data file and the meaningless file added with the character segment of the storage key;
Decrypting the encrypted header file according to the restored storage key to obtain the header file of each private data;
decrypting the encrypted data file according to the public key of the roadside unit, and restoring and obtaining each original private data according to the header file of each private data.
Correspondingly, the invention also provides a data security transmission system based on the OBU storage key, which comprises the following steps: the device comprises an acquisition module, a search module, a communication module, an encryption module and a decryption module;
The acquisition module is used for acquiring navigation data of a target vehicle, determining a driving route of the target vehicle according to the navigation data, and further obtaining each roadside unit on the driving route; the vehicle-mounted unit is arranged on the target vehicle and can carry out data communication with all roadside units;
The searching module is used for sequentially sending the identity information of the target vehicle and the public keys corresponding to the vehicle-mounted units of the target vehicle to each roadside unit, so that the roadside units can continuously search the target vehicle within a preset range according to the identity information, and send the public keys to the target vehicle through a public communication channel when the target vehicle is searched;
The communication module is used for responding to the roadside unit on the driving route, the vehicle-mounted unit receives the public key sent by the roadside unit, and performs identity verification of the roadside unit according to the public key, so that after the identity verification of the roadside unit is passed, a private data communication channel is established between the vehicle-mounted unit and the roadside unit;
The encryption module is used for encrypting the private data to be sent according to the storage key in the vehicle-mounted unit after the vehicle-mounted unit establishes data communication of the private data communication channel with any roadside unit, decomposing the field of the storage key through the identity information of the roadside unit, and further sending the encrypted private data and the decomposed storage key to the roadside unit through the private data communication channel; the vehicle-mounted unit is provided with a plurality of storage keys, and each storage key corresponds to each roadside unit;
the decryption module is configured to restore the decomposed storage key according to the identity information of the roadside unit after the roadside unit receives the encrypted private data and the decomposed storage key, and further decrypt the encrypted private data through the restored storage key, thereby obtaining the original private data in the vehicle-mounted unit of the target vehicle.
Correspondingly, the invention further provides a terminal device, which comprises a processor, a memory and a computer program stored in the memory and configured to be executed by the processor, wherein the processor realizes the data security transmission method based on the OBU storage key when executing the computer program.
Correspondingly, the invention further provides a computer readable storage medium, which comprises a stored computer program, wherein the computer program is used for controlling equipment where the computer readable storage medium is located to execute the data security transmission method based on the OBU storage key according to any one of the above.
Compared with the prior art, the embodiment of the invention has the following beneficial effects:
According to the technical scheme, the navigation data of the target vehicle are acquired, the passing roadside units are determined in advance through the driving route of the target vehicle, so that the identity information of the target vehicle and the public key of the corresponding vehicle-mounted unit are sent in advance, the target vehicle and the identity verification can be determined quickly when the target vehicle passes the corresponding roadside units, meanwhile, the privacy data communication channel is constructed, the privacy data can be transmitted in the privacy data communication channel, the risk of stealing the privacy data in the transmission process is reduced, meanwhile, the encryption of the data and the decomposition of the storage key are realized through the storage key stored in the vehicle-mounted unit, the difficulty of the violent cracking of the privacy data is further improved, meanwhile, the storage key corresponds to each roadside unit, the way that the violent cracking of the privacy data cannot be realized by adopting a rule of big data analysis by illegal molecules is ensured, and the safety of data transmission communication between the vehicle-mounted unit and the roadside units is ensured.
Drawings
Fig. 1: the method for safely transmitting the data based on the OBU storage key comprises the following steps of a flow chart;
fig. 2: the data security transmission device based on the OBU storage key is provided by the embodiment of the invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Example 1
Referring to fig. 1, a data security transmission method based on an OBU storage key according to an embodiment of the present invention includes the following steps S101 to S105:
Step S101: acquiring navigation data of a target vehicle, determining a driving route of the target vehicle according to the navigation data, and further obtaining each roadside unit on the driving route; the vehicle-mounted unit is arranged on the target vehicle and can be in data communication with all roadside units.
As a preferred solution of this embodiment, the obtaining navigation data of the target vehicle, and determining a driving route of the target vehicle according to the navigation data, so as to obtain each roadside unit on the driving route specifically includes:
Acquiring navigation data of a target vehicle, and generating a plurality of target driving routes of the target vehicle according to the navigation data; the target driving route is obtained by calculating initial information and destination information of the target vehicle; and determining the driving route of the target vehicle in response to the selection of the target driving route by the user, thereby obtaining all roadside units according to the driving route, and numbering the passing sequence of the target vehicle for all the roadside units.
In this embodiment, the target driving route is calculated by the target vehicle in the initial information and the destination information, and may be calculated by using an efficient route planning algorithm (such as Dijkstra, a, etc.) in combination with real-time traffic conditions, road information, etc. through the initial information and the destination information of the target vehicle based on the current navigation system, and further, the target driving route may be calculated based on factors such as road conditions, traffic rules, real-time traffic flow, predicted driving time, etc. Wherein the target driving route is at least one.
In this embodiment, real-time navigation data including information such as a position, a speed, and a heading of a vehicle is acquired from a navigation system of a target vehicle, and may be read through a vehicle-mounted communication interface (e.g., OBD-II) or acquired from a cloud service through a wireless communication module (e.g., 4G/5G, wi-Fi). Meanwhile, the selection of a target driving route by a user is responded quickly, a final driving route is determined, and after the driving route is determined, all roadside units which the vehicle will pass through can be identified through a Geographic Information System (GIS) and route data and are numbered sequentially.
It can be appreciated that by adopting a powerful encryption algorithm and a security protocol, the security of the vehicle navigation data and the driving route information in the transmission and storage processes is ensured, and sensitive information is prevented from being accessed by unauthorized or maliciously attacked. And the high-precision navigation system and the reliable communication technology are utilized to ensure that the data transmission between the vehicle and the roadside units is accurate, reduce route planning errors, limit the authority of the roadside units through which the vehicle passes, and avoid that other roadside units collect and utilize the data after reading the data.
Further, when the vehicle is traveling, a change of the traveling route of the vehicle may occur, and since all possible traveling routes of the target vehicle have been calculated in advance in this embodiment, when the vehicle deviates from the navigation traveling other route, the traveling route of the target vehicle after the deviation may be rapidly determined, and further the roadside units on the traveling route after the deviation and the serial numbers of the passing roadside units of the target vehicle are updated in real time, so that the public key and the identity information of the target vehicle can be rapidly transmitted to the roadside units after the future update in advance.
Step S102: and sequentially sending the identity information of the target vehicle and the public keys corresponding to the vehicle-mounted units to each roadside unit, so that the roadside units can continuously search the target vehicle within a preset range according to the identity information, and when the target vehicle is searched, sending the public keys to the target vehicle through a public communication channel.
As a preferred solution of this embodiment, the identity information of the target vehicle and the public key corresponding to the vehicle-mounted unit thereof are sequentially sent to each roadside unit, so that the roadside unit continuously searches for the target vehicle within a preset range according to the identity information, and when the target vehicle is searched, sends the public key to the target vehicle through a public communication channel, specifically:
acquiring the identity information of the target vehicle and a public key corresponding to the vehicle-mounted unit of the target vehicle, and sequentially sending the identity information of the target vehicle to each roadside unit; and continuously acquiring the identity information of all vehicles by the roadside unit within a preset range, checking and comparing the identity information of all vehicles according to the identity information of the target vehicle until the vehicles which are the same as the identity information of the target vehicle are checked, taking the vehicles as the target vehicles which are obtained by searching, and sending the public key to the target vehicles which are obtained by searching through a public communication channel.
In this embodiment, the identity information of the target vehicle may be obtained from an on-board unit (OBU) of the target vehicle, and the identity information may include, but is not limited to, a unique identifier of the vehicle (e.g., a license plate number, a vehicle identification number VIN, etc.). Further, the identity information of the target vehicle is transmitted to each roadside unit (RSU), and in order to be able to ensure the security and accuracy of data transmission, an encryption channel or a security protocol may be used to protect the information from tampering or leakage during transmission. Meanwhile, the roadside units need to continuously acquire identity information of all passing vehicles within a preset range, and signals of different vehicles can be distinguished and identified through DSRC or C-V2X and strong signal processing capability.
In this embodiment, after the roadside unit receives the vehicle information, it needs to check and compare the information to find out the vehicle matching with the identity information of the target vehicle, so as to ensure that the target vehicle is accurately identified in a plurality of vehicles. Once the roadside unit finds the target vehicle through verification, the previously acquired public key may be sent to the target vehicle over a common communication channel, where the common channel must be capable of supporting high bandwidth and low latency data transmission to ensure immediacy. In order to ensure secure distribution and management of the public key, and avoid being acquired by an unauthorized third party, a digital certificate issued by a preset Certification Authority (CA) may be used to ensure the authenticity and validity of the public key.
In this embodiment, the encryption technology and the security protocol are utilized to ensure the security of the data (especially the public key) transmitted on the public communication channel, prevent the sensitive information from being intercepted or tampered, and simultaneously ensure that only the target vehicle can receive the corresponding public key through the accurate vehicle identity information matching mechanism, thereby reducing the possibility of error transmission, improving the speed of identifying and verifying the vehicle identity information by the roadside units, and sending the public key to the target vehicle quickly and safely, so as to improve the operation efficiency of the whole system.
Step S103: and responding to the roadside unit on the driving route each time the target vehicle passes by, receiving the public key sent by the roadside unit by the vehicle-mounted unit, and carrying out identity verification of the roadside unit according to the public key, so that after the identity verification of the roadside unit is passed, a private data communication channel is established between the vehicle-mounted unit and the roadside unit.
As a preferred solution of this embodiment, the responding to the target vehicle passing through the roadside unit on the driving route each time, the vehicle-mounted unit receives the public key sent by the roadside unit, and performs identity verification of the roadside unit according to the public key, so that after the identity verification of the roadside unit passes, a private data communication channel is established between the vehicle-mounted unit and the roadside unit, specifically:
Responding to the road side unit on the driving route each time the target vehicle passes by, and receiving a public key sent by the road side unit by the vehicle-mounted unit through a public communication channel; verifying the public key according to a preset certificate, so that the identity of the roadside unit is verified according to the verification result and the passing sequence number of the target vehicle; the preset certificate stores validity verification information of public keys of all roadside units; after the identity of the roadside unit passes the verification, establishing a privacy data communication channel according to the identity of the roadside unit; the privacy data communication channel between the vehicle-mounted unit and the roadside unit maintains a preset duration time, and the preset duration time is calculated according to a preset range of the roadside unit and the average running speed of the target vehicle.
In this embodiment, when the target vehicle passes through any roadside unit on the driving route, the vehicle-mounted unit receives the public key sent by the roadside unit through the public communication channel, and performs preliminary authentication on the roadside unit by using the public key sent by the roadside unit and the preset certificate, so as to determine validity of the public key sent by the roadside unit, and avoid the condition that the public key is packaged or tampered by leakage. Meanwhile, the authorized legitimacy of the roadside unit is determined through the passing sequence numbers of the target vehicle, the vehicle is prevented from passing through the roadside unit which is not determined through the pre-navigation data, and illegal molecules are prevented from establishing fake verification identities through cloning or copying the processing information of the roadside unit, so that the validity verification information of the public key of the roadside unit can be accurately and efficiently determined.
In this embodiment, after the identity of the roadside unit passes the verification, a private data communication channel with a preset duration is constructed between the vehicle-mounted unit and the roadside unit, so that timeliness of data transmission between the vehicle-mounted unit and the roadside unit can be ensured.
In this embodiment, the on-board unit (OBU) needs to receive the public key sent by the RSU through the public communication channel each time it passes by the roadside unit (RSU), and the OBU needs to have efficient signal receiving and processing capabilities. Meanwhile, the OBU needs to verify the received public key according to a preset certificate, so that the validity and the authenticity of the public key are ensured. The preset certificate should store validity verification information of the public key of each RSU for quick verification. After verifying the public key, the OBU verifies the identity of the RSU according to the passing sequence number of the target vehicle, so that the key of communication safety can be ensured, and unauthorized RSU can be prevented from communicating. After the identity verification is passed, a private data communication channel is established between the OBU and the RSU so as to ensure the safety and privacy of data transmission.
Further, the maintenance time of the private data communication channel is calculated through the preset range of the RSU and the average running speed of the target vehicle, so that even under the condition of high-speed movement, the communication connection is not interrupted due to out-of-range, the communication time is limited, and the situation that the data is stolen due to long-time opening of the channel is avoided. In addition, all communications should conform to national or industry security standards, such as GB/T21053-2007 information security technology public key infrastructure PKI system security level protection specifications, etc., throughout the process to ensure the security and reliability of the communications. Meanwhile, the implementation of the embodiment also needs to depend on the development of the internet of vehicles technology, such as LTE-V2X, and the like, which can support the technical requirements of road side units of direct communication, and provides a foundation for communication between an OBU and an RSU.
Step S104: after the vehicle-mounted unit establishes data communication of a private data communication channel with any roadside unit, encrypting private data to be sent in sequence according to a storage key in the vehicle-mounted unit, decomposing a field of the storage key through identity information of the roadside unit, and further sending the encrypted private data and the decomposed storage key to the roadside unit through the private data communication channel; wherein, there are a plurality of storage keys in the on-vehicle unit, each storage key corresponds to each roadside unit.
As a preferred solution of this embodiment, after the vehicle-mounted unit establishes data communication of a private data communication channel with any roadside unit, according to a storage key in the vehicle-mounted unit, the method sequentially encrypts the private data to be sent, and decomposes a field of the storage key by identity information of the roadside unit, and further sends the encrypted private data and the decomposed storage key to the roadside unit through the private data communication channel, specifically:
After the vehicle-mounted unit establishes data communication of a private data communication channel with any roadside unit, encoding and encrypting a header file of private data to be transmitted according to a storage key corresponding to the roadside unit; the number of the privacy data to be sent is several, and each privacy data comprises a header file, a data file and a nonsensical file; according to the public key of the roadside unit, encoding and encrypting the data file of the private data to be transmitted; decomposing the storage key according to the number of the private data, so that each private data corresponds to a character segment of the decomposed storage key, and adding the character segment of the storage key into a meaningless file of the private data; the sequence of each private data transmission is the arrangement sequence of the corresponding character segments of the storage key; and sequentially sending the encrypted header file, the encrypted data file and the meaningless file added with the storage key character segment in each private data to the roadside unit through the private data communication channel.
In this embodiment, after the on-board unit establishes data communication of the private data communication channel with any roadside unit, the header file of the private data to be transmitted is encoded and encrypted by calling the storage key corresponding to the roadside unit. Wherein each storage key corresponds to a roadside unit. In an exemplary embodiment, each on-board unit stores a plurality of storage keys in advance, preferably, 10 storage keys may be used, and for the first 10 roadside units, one storage key may be corresponding to one storage key one by one, then for the 11 th roadside unit, the first storage key may be reused, so as to realize recycling of the storage keys, further reduce memory resource usage of the on-board units for the storage keys, and as the number of the storage keys stored in advance by the on-board units is larger, the difficulty of violently cracking the corresponding storage keys of each roadside unit is larger. Further, according to each running, the same number of storage keys can be randomly generated after the number of roadside units on the running route is determined in the vehicle-mounted unit, so that the storage keys corresponding to each roadside unit are different, and the safety of the storage keys is ensured.
In this embodiment, the number of the private data to be transmitted is several, so there is a sequence of transmission of the private data, so that in combination with the presence of the aged private data communication channel in step S103, security of data transmission can be ensured, and leakage of all private data transmission is avoided. Meanwhile, each private data includes a header file, a data file and a nonsensical file, and the header file is a description of each data in the data file, so that even if the data file is leaked, a lawbreaker can obtain only a meaningless and disordered stack of data as long as the security of the header file data can be ensured. Therefore, the header file is encrypted by the storage key with highest security, so that the security of private data can be ensured, and meanwhile, the problem that the data transmission efficiency is low due to the complexity of an encryption process is avoided. The public key is used for encrypting the data file, so that the public key encryption mode adopted by the vehicle in the driving stage is the same, repeated execution of excessive encryption steps is avoided, and the data encryption efficiency is improved. In addition, after the header files of all the private data are encrypted through the storage key, the storage key is decomposed, and the storage key is stored in the nonsensical file, and along with the sending of each private data, the storage key is sent to the roadside unit, so that the character segments decomposed by the storage key can be sequentially sent to the legal roadside unit in combination with the time-limited built private data communication channel, even if an illegal person can intercept part of the private data, the final storage key cannot be restored, and meanwhile, all the private data can be transmitted to the outside of the legal roadside unit through the time-limited private data communication channel, and all the character segments added to the nonsensical file can be synchronously sent to the roadside unit, so that the roadside unit can restore the storage key to realize decryption of the private data.
In this embodiment, after the on-board unit (OBU) establishes a private data communication channel with any one of the roadside units (RSU), a storage key needs to be invoked and allocated to each private data to be transmitted. Wherein the storage key may be randomly generated and sufficiently complex to provide sufficient security; or may be recycled through a list. Furthermore, the header file of the private data to be transmitted is encoded and encrypted, and may be encrypted according to the storage key of the corresponding roadside unit using a symmetric encryption algorithm (e.g., AES) or an asymmetric encryption algorithm (e.g., RSA). And the data file of the private data to be transmitted is coded and encrypted, and a symmetric encryption algorithm or an asymmetric encryption algorithm can be used as well, so that encryption can be performed according to the public key of the roadside unit.
In this embodiment, the storage key is decomposed according to the number of private data, so that each private data has a corresponding character segment. Then, the decomposed character segments of the storage key are added into the meaningless file of the private data, so that the sending sequence of each private data is carried out according to the arrangement sequence of the corresponding character segments of the storage key, and the receiving party can be ensured to correctly restore the original private data. And sequentially sending the encrypted header file, the encrypted data file and the meaningless file added with the storage key character segments in each piece of private data to the roadside unit through a private data communication channel, wherein all communication is in accordance with national or industry safety standards, such as the technical requirements of protection of the Public Key Infrastructure (PKI) system safety level of the GB/T21053-2007 information safety technology, so as to ensure the safety and reliability of the communication.
Step S105: and after the roadside unit receives the encrypted privacy data and the decomposed storage key, restoring the decomposed storage key according to the identity information of the roadside unit, and decrypting the encrypted privacy data through the restored storage key, so that the original privacy data in the vehicle-mounted unit of the target vehicle is obtained.
As a preferred solution of this embodiment, the roadside unit receives the encrypted private data and the decomposed storage key, restores the decomposed storage key according to the identity information of the roadside unit, and further decrypts the encrypted private data through the restored storage key, thereby obtaining the original private data in the vehicle-mounted unit of the target vehicle, specifically including:
Restoring a storage key of a character segment in a meaningless file according to the identity information of the roadside unit and the receiving sequence of each private data after the roadside unit receives the encrypted header file, the encrypted data file and the meaningless file added with the character segment of the storage key; decrypting the encrypted header file according to the restored storage key to obtain the header file of each private data; decrypting the encrypted data file according to the public key of the roadside unit, and restoring and obtaining each original private data according to the header file of each private data.
In this embodiment, after the roadside unit receives the encrypted header file, the encrypted data file and the meaningless file added with the storage key character segments, the public key is determined according to the identity information of the roadside unit, the storage key character segments in the meaningless file are spliced and restored according to the receiving sequence of each private data, and then the encrypted header file is decrypted according to the restored storage key, so as to obtain the header file of each private data. Thereby decrypting the data file according to the public key and classifying the data information in the data file according to the header file of the private data.
As a preferred solution of this embodiment, the embodiment of the present invention further includes:
until the target vehicle passes through all roadside units on the driving route, the roadside units all receive and obtain privacy data sent by vehicle-mounted units of the target vehicle; generating a connection topological graph of each roadside unit based on the position information according to the sequence of each roadside unit for receiving the privacy data and the position information of each roadside unit; according to the driving route and navigation data of the target vehicle, performing anastomosis verification on the connection topological graph; when the driving route of the target vehicle is matched with the connection topological graph, uploading the privacy data received by each roadside unit to a cloud; and when the driving route of the target vehicle does not coincide with the connection topological graph, sealing and storing the privacy data received by each roadside unit, and generating a privacy data leakage risk alarm of the target vehicle.
In this embodiment, according to the sequence in which each RSU receives the privacy data and the position information of each RSU, a connection topology map based on the position information is generated, and anastomosis verification is performed, by acquiring and processing the navigation data in real time, and performing efficient image matching and verification, and further by performing anastomosis verification on the connection topology map through the driving route of the target vehicle and the navigation data, the driving route of the vehicle can be monitored in real time, abnormal situations can be found and processed in time, and the driving safety of the vehicle can be improved. And uploading the privacy data received by each RSU to the cloud when the driving route of the target vehicle is matched with the connection topological graph. And when the private data do not agree with each other, sealing and storing the private data received by each RSU, and generating a private data leakage risk alarm of the target vehicle.
The implementation of the above embodiment has the following effects:
According to the technical scheme, the navigation data of the target vehicle are acquired, the passing roadside units are determined in advance through the driving route of the target vehicle, so that the identity information of the target vehicle and the public key of the corresponding vehicle-mounted unit are sent in advance, the target vehicle and the identity verification can be determined quickly when the target vehicle passes the corresponding roadside units, meanwhile, the privacy data communication channel is constructed, the privacy data can be transmitted in the privacy data communication channel, the risk of stealing the privacy data in the transmission process is reduced, meanwhile, the encryption of the data and the decomposition of the storage key are realized through the storage key stored in the vehicle-mounted unit, the difficulty of the violent cracking of the privacy data is further improved, meanwhile, the storage key corresponds to each roadside unit, the way that the violent cracking of the privacy data cannot be realized by adopting a rule of big data analysis by illegal molecules is ensured, and the safety of data transmission communication between the vehicle-mounted unit and the roadside units is ensured.
Example two
Referring to fig. 2, the data security transmission system based on an OBU storage key provided by the present invention includes: an acquisition module 201, a search module 202, a communication module 203, an encryption module 204 and a decryption module 205;
the acquiring module 201 is configured to acquire navigation data of a target vehicle, determine a driving route of the target vehicle according to the navigation data, and further obtain each roadside unit on the driving route; the vehicle-mounted unit is arranged on the target vehicle and can carry out data communication with all roadside units;
The searching module 202 is configured to sequentially send the identity information of the target vehicle and the public key corresponding to the on-board unit thereof to each roadside unit, so that the roadside unit continuously searches for the target vehicle within a preset range according to the identity information, and when the target vehicle is searched, sends the public key to the target vehicle through a public communication channel;
the communication module 203 is configured to, in response to the target vehicle passing by a roadside unit on the driving route each time, receive a public key sent by the roadside unit, and perform identity verification of the roadside unit according to the public key, so that after the identity verification of the roadside unit is passed, establish a private data communication channel between the vehicle-mounted unit and the roadside unit;
The encryption module 204 is configured to encrypt the private data to be sent in sequence according to the storage key in the on-board unit after the on-board unit establishes data communication of the private data communication channel with any roadside unit, decompose a field of the storage key according to identity information of the roadside unit, and send the encrypted private data and the decomposed storage key to the roadside unit through the private data communication channel; the vehicle-mounted unit is provided with a plurality of storage keys, and each storage key corresponds to each roadside unit;
The decryption module 205 is configured to restore the decomposed storage key according to the identity information of the roadside unit after the roadside unit receives the encrypted private data and the decomposed storage key, and further decrypt the encrypted private data through the restored storage key, thereby obtaining the original private data in the on-board unit of the target vehicle.
Preferably, the method further comprises:
Until the target vehicle passes through all roadside units on the driving route, the roadside units all receive and obtain privacy data sent by vehicle-mounted units of the target vehicle;
generating a connection topological graph of each roadside unit based on the position information according to the sequence of each roadside unit for receiving the privacy data and the position information of each roadside unit;
according to the driving route and navigation data of the target vehicle, performing anastomosis verification on the connection topological graph;
when the driving route of the target vehicle is matched with the connection topological graph, uploading the privacy data received by each roadside unit to a cloud;
And when the driving route of the target vehicle does not coincide with the connection topological graph, sealing and storing the privacy data received by each roadside unit, and generating a privacy data leakage risk alarm of the target vehicle.
As a preferred solution, the obtaining navigation data of the target vehicle, and determining a driving route of the target vehicle according to the navigation data, so as to obtain each roadside unit on the driving route, specifically includes:
acquiring navigation data of a target vehicle, and generating a plurality of target driving routes of the target vehicle according to the navigation data; the target driving route is obtained by calculating initial information and destination information of the target vehicle;
And determining the driving route of the target vehicle in response to the selection of the target driving route by the user, thereby obtaining all roadside units according to the driving route, and numbering the passing sequence of the target vehicle for all the roadside units.
As a preferred solution, the identity information of the target vehicle and the public key corresponding to the vehicle-mounted unit thereof are sequentially sent to each roadside unit, so that the roadside unit continuously searches for the target vehicle within a preset range according to the identity information, and sends the public key to the target vehicle through a public communication channel when the target vehicle is searched, specifically:
acquiring the identity information of the target vehicle and a public key corresponding to the vehicle-mounted unit of the target vehicle, and sequentially sending the identity information of the target vehicle to each roadside unit;
And continuously acquiring the identity information of all vehicles by the roadside unit within a preset range, checking and comparing the identity information of all vehicles according to the identity information of the target vehicle until the vehicles which are the same as the identity information of the target vehicle are checked, taking the vehicles as the target vehicles which are obtained by searching, and sending the public key to the target vehicles which are obtained by searching through a public communication channel.
As a preferred solution, the responding to the target vehicle passing through the roadside unit on the driving route each time, the vehicle-mounted unit receives the public key sent by the roadside unit, and performs identity verification of the roadside unit according to the public key, so that after the identity verification of the roadside unit passes, a private data communication channel is established between the vehicle-mounted unit and the roadside unit, specifically:
responding to the road side unit on the driving route each time the target vehicle passes by, and receiving a public key sent by the road side unit by the vehicle-mounted unit through a public communication channel;
Verifying the public key according to a preset certificate, so that the identity of the roadside unit is verified according to the verification result and the passing sequence number of the target vehicle; the preset certificate stores validity verification information of public keys of all roadside units;
After the identity of the roadside unit passes the verification, establishing a privacy data communication channel according to the identity of the roadside unit; the privacy data communication channel between the vehicle-mounted unit and the roadside unit maintains a preset duration time, and the preset duration time is calculated according to a preset range of the roadside unit and the average running speed of the target vehicle.
As a preferred solution, after the on-board unit establishes data communication of a private data communication channel with any roadside unit, according to a storage key in the on-board unit, the on-board unit encrypts the private data to be sent in sequence, and decomposes a field of the storage key through identity information of the roadside unit, and further sends the encrypted private data and the decomposed storage key to the roadside unit through the private data communication channel, specifically:
after the vehicle-mounted unit establishes data communication of a private data communication channel with any roadside unit, encoding and encrypting a header file of private data to be transmitted according to a storage key corresponding to the roadside unit; the number of the privacy data to be sent is several, and each privacy data comprises a header file, a data file and a nonsensical file;
According to the public key of the roadside unit, encoding and encrypting the data file of the private data to be transmitted;
decomposing the storage key according to the number of the private data, so that each private data corresponds to a character segment of the decomposed storage key, and adding the character segment of the storage key into a meaningless file of the private data; the sequence of each private data transmission is the arrangement sequence of the corresponding character segments of the storage key;
And sequentially sending the encrypted header file, the encrypted data file and the meaningless file added with the storage key character segment in each private data to the roadside unit through the private data communication channel.
As a preferred solution, the roadside unit receives the encrypted private data and the decomposed storage key, restores the decomposed storage key according to the identity information of the roadside unit, and decrypts the encrypted private data through the restored storage key, thereby obtaining the original private data in the vehicle-mounted unit of the target vehicle, specifically including:
Restoring a storage key of a character segment in a meaningless file according to the identity information of the roadside unit and the receiving sequence of each private data after the roadside unit receives the encrypted header file, the encrypted data file and the meaningless file added with the character segment of the storage key;
Decrypting the encrypted header file according to the restored storage key to obtain the header file of each private data;
decrypting the encrypted data file according to the public key of the roadside unit, and restoring and obtaining each original private data according to the header file of each private data.
It will be clear to those skilled in the art that, for convenience and brevity of description, reference may be made to the corresponding process in the foregoing method embodiment for the specific working process of the above-described apparatus, which is not described herein again.
The implementation of the above embodiment has the following effects:
According to the technical scheme, the navigation data of the target vehicle are acquired, the passing roadside units are determined in advance through the driving route of the target vehicle, so that the identity information of the target vehicle and the public key of the corresponding vehicle-mounted unit are sent in advance, the target vehicle and the identity verification can be determined quickly when the target vehicle passes the corresponding roadside units, meanwhile, the privacy data communication channel is constructed, the privacy data can be transmitted in the privacy data communication channel, the risk of stealing the privacy data in the transmission process is reduced, meanwhile, the encryption of the data and the decomposition of the storage key are realized through the storage key stored in the vehicle-mounted unit, the difficulty of the violent cracking of the privacy data is further improved, meanwhile, the storage key corresponds to each roadside unit, the way that the violent cracking of the privacy data cannot be realized by adopting a rule of big data analysis by illegal molecules is ensured, and the safety of data transmission communication between the vehicle-mounted unit and the roadside units is ensured.
Example III
Correspondingly, the invention also provides a terminal device, comprising: a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, the processor implementing the OBU storage key based data security transmission method according to any one of the embodiments above when executing the computer program.
The terminal device of this embodiment includes: a processor, a memory, a computer program stored in the memory and executable on the processor, and computer instructions. The processor, when executing the computer program, implements the steps of the first embodiment described above, such as steps S101 to S105 shown in fig. 1. Or the processor, when executing the computer program, performs the functions of the modules/units of the apparatus embodiments described above, such as the encryption module 204.
The computer program may be divided into one or more modules/units, which are stored in the memory and executed by the processor to accomplish the present invention, for example. The one or more modules/units may be a series of computer program instruction segments capable of performing the specified functions, which instruction segments are used for describing the execution of the computer program in the terminal device. For example, the encryption module 204 is configured to encrypt, in sequence, the private data to be sent according to the storage key in the on-board unit after the on-board unit establishes data communication of the private data communication channel with any roadside unit, and decompose a field of the storage key through identity information of the roadside unit, and further send the encrypted private data and the decomposed storage key to the roadside unit through the private data communication channel; wherein, there are a plurality of storage keys in the on-vehicle unit, each storage key corresponds to each roadside unit.
The terminal equipment can be computing equipment such as a desktop computer, a notebook computer, a palm computer, a cloud server and the like. The terminal device may include, but is not limited to, a processor, a memory. It will be appreciated by those skilled in the art that the schematic diagram is merely an example of a terminal device and does not constitute a limitation of the terminal device, and may include more or less components than illustrated, or may combine some components, or different components, e.g., the terminal device may further include an input-output device, a network access device, a bus, etc.
The Processor may be a central processing unit (Central Processing Unit, CPU), other general purpose Processor, digital signal Processor (DIGITAL SIGNAL Processor, DSP), application SPECIFIC INTEGRATED Circuit (ASIC), off-the-shelf Programmable gate array (Field-Programmable GATE ARRAY, FPGA) or other Programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. The general purpose processor may be a microprocessor or the processor may be any conventional processor or the like, which is a control center of the terminal device, and which connects various parts of the entire terminal device using various interfaces and lines.
The memory may be used to store the computer program and/or the module, and the processor may implement various functions of the terminal device by running or executing the computer program and/or the module stored in the memory and invoking data stored in the memory. The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to the use of the mobile terminal, etc. In addition, the memory may include high-speed random access memory, and may also include non-volatile memory, such as a hard disk, memory, plug-in hard disk, smart memory card (SMART MEDIA CARD, SMC), secure Digital (SD) card, flash memory card (FLASH CARD), at least one disk storage device, flash memory device, or other volatile solid-state storage device.
Wherein the terminal device integrated modules/units may be stored in a computer readable storage medium if implemented in the form of software functional units and sold or used as stand alone products. Based on such understanding, the present invention may implement all or part of the flow of the method of the above embodiment, or may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, and when the computer program is executed by a processor, the computer program may implement the steps of each of the method embodiments described above. Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), an electrical carrier signal, a telecommunications signal, a software distribution medium, and so forth. It should be noted that the computer readable medium contains content that can be appropriately scaled according to the requirements of jurisdictions in which such content is subject to legislation and patent practice, such as in certain jurisdictions in which such content is subject to legislation and patent practice, the computer readable medium does not include electrical carrier signals and telecommunication signals.
Example IV
Correspondingly, the invention further provides a computer readable storage medium, which comprises a stored computer program, wherein when the computer program runs, the equipment where the computer readable storage medium is located is controlled to execute the data security transmission method based on the OBU storage key according to any embodiment.
The foregoing embodiments have been provided for the purpose of illustrating the general principles of the present invention, and are not to be construed as limiting the scope of the invention. It should be noted that any modifications, equivalent substitutions, improvements, etc. made by those skilled in the art without departing from the spirit and principles of the present invention are intended to be included in the scope of the present invention.

Claims (10)

1. A data security transmission method based on an OBU storage key, comprising:
Acquiring navigation data of a target vehicle, determining a driving route of the target vehicle according to the navigation data, and further obtaining each roadside unit on the driving route; the vehicle-mounted unit is arranged on the target vehicle and can carry out data communication with all roadside units;
the identity information of the target vehicle and the public keys corresponding to the vehicle-mounted units of the target vehicle are sequentially sent to each roadside unit, so that the roadside units can continuously search for the target vehicle within a preset range according to the identity information, and when the target vehicle is searched, the public keys are sent to the target vehicle through a public communication channel;
Responding to the roadside unit on the driving route each time the target vehicle passes by, receiving a public key sent by the roadside unit by the vehicle-mounted unit, and carrying out identity verification of the roadside unit according to the public key, so that after the identity verification of the roadside unit is passed, a private data communication channel is established between the vehicle-mounted unit and the roadside unit;
After the vehicle-mounted unit establishes data communication of a private data communication channel with any roadside unit, encrypting private data to be sent in sequence according to a storage key in the vehicle-mounted unit, decomposing a field of the storage key through identity information of the roadside unit, and further sending the encrypted private data and the decomposed storage key to the roadside unit through the private data communication channel; the vehicle-mounted unit is provided with a plurality of storage keys, and each storage key corresponds to each roadside unit;
And after the roadside unit receives the encrypted privacy data and the decomposed storage key, restoring the decomposed storage key according to the identity information of the roadside unit, and decrypting the encrypted privacy data through the restored storage key, so that the original privacy data in the vehicle-mounted unit of the target vehicle is obtained.
2. The method for securely transmitting data based on an OBU memory key of claim 1, further comprising:
Until the target vehicle passes through all roadside units on the driving route, the roadside units all receive and obtain privacy data sent by vehicle-mounted units of the target vehicle;
generating a connection topological graph of each roadside unit based on the position information according to the sequence of each roadside unit for receiving the privacy data and the position information of each roadside unit;
according to the driving route and navigation data of the target vehicle, performing anastomosis verification on the connection topological graph;
when the driving route of the target vehicle is matched with the connection topological graph, uploading the privacy data received by each roadside unit to a cloud;
And when the driving route of the target vehicle does not coincide with the connection topological graph, sealing and storing the privacy data received by each roadside unit, and generating a privacy data leakage risk alarm of the target vehicle.
3. The method for securely transmitting data based on an OBU storage key according to claim 2, wherein the steps of obtaining navigation data of a target vehicle, determining a driving route of the target vehicle according to the navigation data, and obtaining each roadside unit on the driving route comprise:
acquiring navigation data of a target vehicle, and generating a plurality of target driving routes of the target vehicle according to the navigation data; the target driving route is obtained by calculating initial information and destination information of the target vehicle;
And determining the driving route of the target vehicle in response to the selection of the target driving route by the user, thereby obtaining all roadside units according to the driving route, and numbering the passing sequence of the target vehicle for all the roadside units.
4. The method for securely transmitting data based on an OBU storage key according to claim 3, wherein the identity information of the target vehicle and the public key corresponding to the on-board unit thereof are sequentially transmitted to each roadside unit, so that the roadside unit continuously searches for the target vehicle within a preset range according to the identity information, and when the target vehicle is searched, the public key is transmitted to the target vehicle through a public communication channel, specifically:
acquiring the identity information of the target vehicle and a public key corresponding to the vehicle-mounted unit of the target vehicle, and sequentially sending the identity information of the target vehicle to each roadside unit;
And continuously acquiring the identity information of all vehicles by the roadside unit within a preset range, checking and comparing the identity information of all vehicles according to the identity information of the target vehicle until the vehicles which are the same as the identity information of the target vehicle are checked, taking the vehicles as the target vehicles which are obtained by searching, and sending the public key to the target vehicles which are obtained by searching through a public communication channel.
5. The method for securely transmitting data based on an OBU storage key according to claim 4, wherein said responding to each time said target vehicle passes a roadside unit on said driving route, said on-board unit receives a public key transmitted by said roadside unit and performs identity verification of said roadside unit according to said public key, so that after the identity verification of said roadside unit passes, a private data communication channel is established between said on-board unit and said roadside unit, specifically:
responding to the road side unit on the driving route each time the target vehicle passes by, and receiving a public key sent by the road side unit by the vehicle-mounted unit through a public communication channel;
Verifying the public key according to a preset certificate, so that the identity of the roadside unit is verified according to the verification result and the passing sequence number of the target vehicle; the preset certificate stores validity verification information of public keys of all roadside units;
After the identity of the roadside unit passes the verification, establishing a privacy data communication channel according to the identity of the roadside unit; the privacy data communication channel between the vehicle-mounted unit and the roadside unit maintains a preset duration time, and the preset duration time is calculated according to a preset range of the roadside unit and the average running speed of the target vehicle.
6. The method for securely transmitting data based on an OBU storage key according to claim 5, wherein after the on-board unit establishes data communication of a private data communication channel with any one of the roadside units, the on-board unit encrypts the private data to be transmitted in sequence according to the storage key in the on-board unit, and decomposes the field of the storage key according to the identity information of the roadside unit, and further transmits the encrypted private data and the decomposed storage key to the roadside unit according to the private data communication channel, specifically:
after the vehicle-mounted unit establishes data communication of a private data communication channel with any roadside unit, encoding and encrypting a header file of private data to be transmitted according to a storage key corresponding to the roadside unit; the number of the privacy data to be sent is several, and each privacy data comprises a header file, a data file and a nonsensical file;
According to the public key of the roadside unit, encoding and encrypting the data file of the private data to be transmitted;
decomposing the storage key according to the number of the private data, so that each private data corresponds to a character segment of the decomposed storage key, and adding the character segment of the storage key into a meaningless file of the private data; the sequence of each private data transmission is the arrangement sequence of the corresponding character segments of the storage key;
And sequentially sending the encrypted header file, the encrypted data file and the meaningless file added with the storage key character segment in each private data to the roadside unit through the private data communication channel.
7. The method for securely transmitting data based on an OBU storage key according to claim 6, wherein the roadside unit to be received with the encrypted private data and the decomposed storage key restores the decomposed storage key according to the identity information of the roadside unit, and further decrypts the encrypted private data by the restored storage key, thereby obtaining the original private data in the on-board unit of the target vehicle, specifically:
Restoring a storage key of a character segment in a meaningless file according to the identity information of the roadside unit and the receiving sequence of each private data after the roadside unit receives the encrypted header file, the encrypted data file and the meaningless file added with the character segment of the storage key;
Decrypting the encrypted header file according to the restored storage key to obtain the header file of each private data;
decrypting the encrypted data file according to the public key of the roadside unit, and restoring and obtaining each original private data according to the header file of each private data.
8. A data security transmission system based on OBU storage keys, comprising: the device comprises an acquisition module, a search module, a communication module, an encryption module and a decryption module;
The acquisition module is used for acquiring navigation data of a target vehicle, determining a driving route of the target vehicle according to the navigation data, and further obtaining each roadside unit on the driving route; the vehicle-mounted unit is arranged on the target vehicle and can carry out data communication with all roadside units;
The searching module is used for sequentially sending the identity information of the target vehicle and the public keys corresponding to the vehicle-mounted units of the target vehicle to each roadside unit, so that the roadside units can continuously search the target vehicle within a preset range according to the identity information, and send the public keys to the target vehicle through a public communication channel when the target vehicle is searched;
The communication module is used for responding to the roadside unit on the driving route, the vehicle-mounted unit receives the public key sent by the roadside unit, and performs identity verification of the roadside unit according to the public key, so that after the identity verification of the roadside unit is passed, a private data communication channel is established between the vehicle-mounted unit and the roadside unit;
The encryption module is used for encrypting the private data to be sent according to the storage key in the vehicle-mounted unit after the vehicle-mounted unit establishes data communication of the private data communication channel with any roadside unit, decomposing the field of the storage key through the identity information of the roadside unit, and further sending the encrypted private data and the decomposed storage key to the roadside unit through the private data communication channel; the vehicle-mounted unit is provided with a plurality of storage keys, and each storage key corresponds to each roadside unit;
the decryption module is configured to restore the decomposed storage key according to the identity information of the roadside unit after the roadside unit receives the encrypted private data and the decomposed storage key, and further decrypt the encrypted private data through the restored storage key, thereby obtaining the original private data in the vehicle-mounted unit of the target vehicle.
9. A terminal device comprising a processor, a memory and a computer program stored in the memory and configured to be executed by the processor, the processor implementing the method of data secure transmission based on OBU storage keys according to any one of claims 1 to 7 when the computer program is executed.
10. A computer readable storage medium, characterized in that the computer readable storage medium comprises a stored computer program, wherein the computer program, when run, controls a device in which the computer readable storage medium is located to perform the method for secure transmission of data based on OBU storage keys according to any one of claims 1 to 7.
CN202410353459.3A 2024-03-27 2024-03-27 Data security transmission method and system based on OBU storage key Pending CN117956451A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410353459.3A CN117956451A (en) 2024-03-27 2024-03-27 Data security transmission method and system based on OBU storage key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410353459.3A CN117956451A (en) 2024-03-27 2024-03-27 Data security transmission method and system based on OBU storage key

Publications (1)

Publication Number Publication Date
CN117956451A true CN117956451A (en) 2024-04-30

Family

ID=90796611

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410353459.3A Pending CN117956451A (en) 2024-03-27 2024-03-27 Data security transmission method and system based on OBU storage key

Country Status (1)

Country Link
CN (1) CN117956451A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170092126A1 (en) * 2015-09-28 2017-03-30 Renesas Electronics Corporation Data processing device and in-vehicle communication device
US20200005633A1 (en) * 2018-06-28 2020-01-02 Cavh Llc Cloud-based technology for connected and automated vehicle highway systems
CN111083098A (en) * 2019-06-17 2020-04-28 南通大学 Credible LBS service protocol implementation method based on privacy protection
CN112243234A (en) * 2020-07-21 2021-01-19 丹阳市威鼎汽配有限公司 Identity-based privacy security protection method for Internet of vehicles
CN114567473A (en) * 2022-02-23 2022-05-31 南通大学 Zero-trust mechanism-based Internet of vehicles access control method
CN115499119A (en) * 2022-08-18 2022-12-20 郑州轻工业大学 PUF-based vehicle authentication method with privacy protection function

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170092126A1 (en) * 2015-09-28 2017-03-30 Renesas Electronics Corporation Data processing device and in-vehicle communication device
US20200005633A1 (en) * 2018-06-28 2020-01-02 Cavh Llc Cloud-based technology for connected and automated vehicle highway systems
CN111083098A (en) * 2019-06-17 2020-04-28 南通大学 Credible LBS service protocol implementation method based on privacy protection
CN112243234A (en) * 2020-07-21 2021-01-19 丹阳市威鼎汽配有限公司 Identity-based privacy security protection method for Internet of vehicles
CN114567473A (en) * 2022-02-23 2022-05-31 南通大学 Zero-trust mechanism-based Internet of vehicles access control method
CN115499119A (en) * 2022-08-18 2022-12-20 郑州轻工业大学 PUF-based vehicle authentication method with privacy protection function

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
赵煜 等: ""车联网隐私保护技术研究"", 《网络安全技术与应用》, 11 January 2023 (2023-01-11) *

Similar Documents

Publication Publication Date Title
CN108171430B (en) Data processing method, vehicle-mounted equipment and UBI analysis center server
US9601016B2 (en) Communication system, vehicle-mounted terminal, roadside device
JP6065113B2 (en) Data authentication apparatus and data authentication method
US7742603B2 (en) Security for anonymous vehicular broadcast messages
EP3769549B1 (en) Method and system for onboard equipment misbehavior detection report routing
CN112399382A (en) Vehicle networking authentication method, device, equipment and medium based on block chain network
US20200235946A1 (en) Security management system for vehicle communication, operating method thereof, and message-processing method of vehicle communication service provision system having the same
CN110365486B (en) Certificate application method, device and equipment
CN109190362B (en) Secure communication method and related equipment
KR102256730B1 (en) System and method for vehicle verification and communication
JP2008060789A (en) Public key distribution system and public key distribution method
CN104053149A (en) Method and system for realizing security mechanism of vehicle networking equipment
CN106789925A (en) Information of vehicles safe transmission method and device in car networking
Labrador et al. Implementing blockchain technology in the Internet of Vehicle (IoV)
CN106657021B (en) Vehicle message authentication method and device in Internet of vehicles
CN112511983A (en) Privacy protection system and protection method based on position of Internet of vehicles
CN117956451A (en) Data security transmission method and system based on OBU storage key
CN115802347A (en) Method and device for authenticating identity of terminal in Internet of vehicles, electronic equipment and storage medium
CN116074061A (en) Data processing method and device for rail transit, electronic equipment and storage medium
CN1415084A (en) Method and system for managing property
CN112311532B (en) Communication method and communication system between vehicles
CN114584347A (en) Verification short message receiving and sending method, server, terminal and storage medium
CN109068275B (en) Safe driving control method, system and computer readable storage medium
JP2002109593A (en) Radiocommunication equipment and method of information change
US20050075144A1 (en) Information service system for vehicle

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination