CN118337513A - Data security transmission method, device, medium and program product - Google Patents
Data security transmission method, device, medium and program product Download PDFInfo
- Publication number
- CN118337513A CN118337513A CN202410598870.7A CN202410598870A CN118337513A CN 118337513 A CN118337513 A CN 118337513A CN 202410598870 A CN202410598870 A CN 202410598870A CN 118337513 A CN118337513 A CN 118337513A
- Authority
- CN
- China
- Prior art keywords
- data
- key
- server
- vehicle
- public key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 73
- 238000000034 method Methods 0.000 title claims abstract description 48
- 238000012795 verification Methods 0.000 claims abstract description 14
- 238000004590 computer program Methods 0.000 claims description 6
- 230000006855 networking Effects 0.000 claims description 3
- 230000004044 response Effects 0.000 claims description 3
- 230000002457 bidirectional effect Effects 0.000 claims description 2
- 230000008569 process Effects 0.000 description 12
- 238000012545 processing Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 6
- 230000002093 peripheral effect Effects 0.000 description 3
- 230000007547 defect Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013524 data verification Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000003032 molecular docking Methods 0.000 description 1
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The application discloses a data security transmission method, equipment, medium and program product, wherein the method comprises the following steps: the vehicle machine end and the server end exchange public keys; the vehicle machine end encrypts the data to be transmitted by using the second public key to obtain a digest, and signs the data to be transmitted and the digest by using the first private key to obtain pre-transmission data; the vehicle machine end encrypts the pre-transmission data by using the first key and sends the encrypted data to the server end; the server decrypts the encrypted data by using the first key; the server side uses the first public key to check the decrypted data; after the signature verification is successful, the server end decrypts the decrypted data by using the second private key to obtain real data; the first public key and the first private key are generated by the vehicle-mounted terminal, and the second public key and the second private key are generated by the server terminal; the first secret key is dynamically generated by the vehicle-mounted terminal and the server terminal based on the agreed content of the first two parties; and the second secret key is dynamically generated by the vehicle-mounted terminal and the server terminal based on the second double-party agreed content.
Description
Technical Field
The invention relates to a data security transmission method, equipment, medium and program product for an internet of vehicles system.
Background
There is a risk of data leakage and tampering in network data transmission in the internet of vehicles system of the vehicle and the server, for example, by stealing transmission data or changing transmission data in daily network requests, which seriously threatens the sharing, interactivity and openness of network resources. In order to protect the security of transmitted data, various sophisticated and effective cryptographic schemes have been developed. However, these schemes rely on hardware, one-way encryption, which severely increases the cost of use and docking for the user.
There is already a method in industry for realizing secure data transmission: the data is encrypted using an encryptor prior to transmission of the data. The method has the defects that: only one-way transmission security, such as two-way transmission of data and verification of the validity of the content of the data, is guaranteed, the method is completely disabled, and the root cause of the defect is that: this approach must be implemented with hardware-based encryption algorithms.
Disclosure of Invention
The invention provides a data security transmission method, electronic equipment and a computer readable medium for a vehicle networking system, which can achieve the security transmission of data by processing the security and legitimacy of the data before the data interaction based on an algorithm of a software layer.
The embodiment of the application provides a data security transmission method, which is used for a vehicle-mounted terminal and comprises the following steps:
receiving the second public key from the server;
Encrypting the data to be transmitted by using the second public key to obtain a digest, and signing the data to be transmitted and the digest by using a first private key to obtain pre-transmission data; and
Encrypting the pre-transmission data by using a first key and sending out the encrypted pre-transmission data; and
Decrypting the encrypted data received from the server by using a second secret key, and checking the decrypted data by using the second public key;
Under the condition that the signature verification is successful, the decrypted data is decrypted by using a second private key to obtain real data;
The first private key is generated by the vehicle-mounted terminal, and the second public key is generated by the server terminal;
The first secret key is dynamically generated by the vehicle machine end and the server end based on the agreed content of the first two parties; and
The second secret key is dynamically generated by the vehicle machine side and the server side based on second double-party appointed content.
The embodiment of the application provides a data security transmission method, which is used for a server and comprises the following steps:
Receiving a first public key from a vehicle machine;
Encrypting the data to be transmitted by using the first public key to obtain a digest, and signing the data to be transmitted and the digest by using a second private key to obtain pre-transmission data; and
Encrypting the pre-transmission data by using a second key and sending out the encrypted pre-transmission data; and
Decrypting the encrypted data received by the vehicle terminal by using a first secret key, and checking the decrypted data by using the first public key;
under the condition that the signature verification is successful, decrypting the decrypted data by using a first private key to obtain real data;
The first public key is generated by the vehicle machine side, and the second private key is generated by the server side.
The first secret key is dynamically generated by the vehicle machine end and the server end based on the agreed content of the first two parties; and
The second secret key is dynamically generated by the vehicle machine side and the server side based on second double-party appointed content.
The embodiment of the application provides a data security transmission method, which is used for a vehicle networking system comprising a vehicle machine end and a server end, and comprises the following steps:
the vehicle machine end and the server end exchange public keys;
the vehicle machine end encrypts data to be transmitted by using a second public key to obtain an abstract, and signs the data to be transmitted and the abstract by using a first private key to obtain pre-transmission data; and
The vehicle machine end encrypts the pre-transmission data by using a first secret key and sends the encrypted data to the server end;
The server decrypts the encrypted data by using the first key;
The server side uses the first public key to check the decrypted data;
After the signature verification is successful, the server side decrypts the decrypted data by using the second private key to obtain real data;
The server encrypts data to be transmitted by using a first public key to obtain an abstract, and signs the data to be transmitted and the abstract by using a second private key to obtain pre-transmission data; and
The server encrypts the pre-transmission data by using a second key and sends the encrypted data to the vehicle machine side;
The vehicle-mounted terminal uses the second secret key to decrypt the encrypted data;
The vehicle-mounted terminal uses the second public key to check the decrypted data;
after the signature verification is successful, the vehicle-mounted terminal decrypts the decrypted data by using the first private key to obtain real data;
the first public key and the first private key are generated by a vehicle-mounted terminal, and the second public key and the second private key are generated by a server terminal;
The first secret key is dynamically generated by the vehicle machine end and the server end based on the agreed content of the first two parties; and
The second secret key is dynamically generated by the vehicle machine side and the server side based on second double-party appointed content.
Optionally, the public key exchange includes:
the vehicle-mounted terminal encrypts the first public key by using the first secret key to obtain first data;
The server side obtains the first data, decrypts the first data by using the first secret key to obtain the first public key and stores the first public key;
the server encrypts the second public key by using a second secret key to obtain second data;
And the vehicle-mounted terminal acquires the second data, decrypts the second data by using the second secret key to obtain the second public key and stores the second public key.
Optionally, the first both parties agree on a path and a time for sending out the request by the vehicle-mounted terminal.
Optionally, the second double-sided contract includes a response time.
An embodiment of the present application provides an electronic device including a memory storing computer-executable instructions and a processor; the instructions, when executed by the processor, cause the apparatus to perform the aforementioned method.
Embodiments of the present application provide a computer readable medium storing one or more programs executable by one or more processors to implement the foregoing methods.
Embodiments of the present application provide a computer program product comprising a computer program which, when executed by a processor, implements the aforementioned method.
The data security transmission method, the electronic equipment, the medium and the program product provided by the application realize bidirectional security transmission and legal verification of data in a software layer without depending on hardware.
Drawings
FIG. 1 is an application scenario diagram according to an embodiment of the present invention;
FIG. 2 is a flow chart of public key exchange according to an embodiment of the invention;
FIG. 3 is a diagram of data exchange between a vehicle-mounted device and a server according to an embodiment of the present invention;
FIG. 4 is a flow chart of transmitting data at a vehicle side according to an embodiment of the invention;
FIG. 5 is a flow chart of an on-board terminal receiving data according to an embodiment of the invention;
FIG. 6 is a flow chart of a server side sending data according to an embodiment of the invention;
FIG. 7 is a flow chart of a server receiving data according to an embodiment of the invention;
fig. 8 is a block diagram of an electronic device according to an embodiment of the invention.
Detailed Description
The application will be further described with reference to specific examples and figures. It should be understood that the illustrative embodiments of the present disclosure, including but not limited to, data secure transmission methods, apparatus, electronic devices, media, and program products, are described herein in terms of specific embodiments for the purpose of illustrating the application and not for the purpose of limiting the same. Furthermore, for convenience of description, only some, but not all, structures or processes related to the present application are shown in the drawings.
For the purpose of making the objects, technical solutions and advantages of the present application more apparent, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
Fig. 1 is an application scenario diagram of an embodiment of the present application, where a vehicle terminal 110 and a server terminal 130 are connected through a network 120, the server terminal 130 pushes a message to the vehicle terminal 110 through the network 120, and the vehicle terminal 110 receives the message pushed by the server terminal 130 through a browser or an application program. The vehicle terminal 110 may operate in an electronic device, which may be a vehicle-mounted device or the like. The server 130 may be an independent physical server, a server cluster composed of a plurality of physical servers, or a cloud server capable of performing cloud computing. The network 120 may be a wired network, a wireless network, or a combination of a wired network and a wireless network.
The data security transmission method of the present application will be described in detail with reference to the scenario shown in fig. 1.
Referring to fig. 2 first, fig. 2 is a flowchart of a public key exchange 200 according to an embodiment of the present application, and the data security transmission method of the present application first needs a vehicle-mounted device and a server to obtain public keys generated by each other, so as to encrypt and decrypt data by using the public keys of each other. The first public key and the first private key are generated by the vehicle-mounted terminal according to an asymmetric encryption algorithm, and the second public key and the second private key are generated by the server terminal according to the asymmetric encryption algorithm. It is noted that the asymmetric encryption algorithm used in this embodiment is the RSA algorithm, but it will be appreciated by those skilled in the art that any possible asymmetric encryption algorithm is available, including but not limited to the Elgamal, knapsack, rabin, D-H, ECC (elliptic Curve encryption algorithm) algorithms.
Through public key exchange, the vehicle-mounted terminal can receive the second public key generated by the server terminal and store the second public key in the vehicle-mounted terminal, and the server terminal can receive the second public key generated by the vehicle-mounted terminal and store the second public key in the server terminal. The specific steps of the public key exchange 200 are as follows:
In step 210, the vehicle-mounted terminal performs MD5 algorithm on the first agreed content of both parties and converts hexadecimal system to dynamically generate a first key;
in step 220, the vehicle-mounted device encrypts the first public key by using the first secret key to obtain first data,
In step 230, the server obtains the first data, decrypts the first data using the first key to obtain the first public key and stores the first public key in the server,
In step 240, the server side performs an MD5 algorithm on the second double-sided contract content and converts hexadecimal to dynamically generate a second key.
Furthermore, it will be appreciated by those skilled in the art that the use of the MD5 algorithm to generate the first and second keys is merely one example, and any possible hashing algorithm may be used to generate the first and second keys, including but not limited to SHA-1, SHA-256, SHA-512, blake2, and the like.
In step 250, the server encrypts the second public key with the second key to obtain second data.
In step 260, the vehicle-mounted device obtains the second data, decrypts the second data with the second key to obtain the second public key, and stores the second public key in the vehicle-mounted device.
The first two-party contracted content includes, but is not limited to, a path and a request time of the vehicle-mounted terminal sending a request to the server terminal, and the second two-party contracted content includes, but is not limited to, a response time of the server terminal responding to the vehicle-mounted terminal request.
Through the steps, the vehicle machine side and the server side complete public key exchange, so that the public key and private key pairs of the two parties can be utilized to carry out safe encryption transmission of data. Next, the data security transmission method will be described in detail with respect to both the vehicle side and the server side, the vehicle side, and the server side.
Reference is next made to fig. 3. Fig. 3 is a data flow diagram of data exchange 300 between a vehicle-side and a server-side according to an embodiment of the present application. The data exchange 300 includes the following data exchange steps between the vehicle-mounted terminal and the server terminal:
In step 301, the vehicle side and the server side perform public key exchange, and the public key exchange manner is referred to the above description of fig. 2, which is not described herein.
In step 302, the vehicle-mounted device encrypts the data to be transmitted by using the second public key to obtain a digest, and signs the data to be transmitted and the digest by using the first private key to obtain pre-transmission data.
The second public key and the first private key are generated by the vehicle-mounted terminal according to an asymmetric encryption algorithm, and it is noted that the asymmetric encryption algorithm used in the present embodiment is an RSA algorithm, but those skilled in the art will understand that any possible asymmetric encryption algorithm is available, including but not limited to Elgamal, knapsack algorithm, rabin, D-H, ECC (elliptic curve encryption algorithm), and the like.
In step 303, the vehicle uses the first key to encrypt the pre-transmission data, and sends the encrypted data to the server.
In step 304, the server decrypts the encrypted data using the first key, and if the decryption fails, the data exchange is ended.
In step 305, the server uses the first public key to check the decrypted data, and if the check fails, the data exchange is ended.
In step 306, after the signature verification is successful, the server end decrypts the decrypted data by using the second private key to obtain real data, and applies the obtained real data to server service processing, and if decryption fails, data exchange is ended.
Steps 301 to 306 above are the process of transmitting data by the vehicle side and receiving data by the server side.
In step 307, the server encrypts the data to be transmitted using the first public key to obtain a digest, and signs the data to be transmitted and the digest using the second private key to obtain pre-transmitted data, as in the previous step, any possible asymmetric encryption algorithm may be used to generate the first public key and the second private key, including but not limited to Elgamal, knapsack algorithm, rabin, D-H, ECC (elliptic curve encryption algorithm) algorithm, and the like.
In step 308, the server encrypts the pre-transmission data using the second key and sends the encrypted data to the vehicle side.
In step 309, the vehicle-mounted device decrypts the encrypted data using the second key, and sends the encrypted data to the server.
In step 310, the vehicle-mounted device uses the second public key to check the decrypted data, and if the check fails, the data exchange is ended.
In step 311, after the signature verification is successful, the vehicle-mounted terminal decrypts the decrypted data by using the first private key to obtain real data, and applies the obtained real data to vehicle-mounted service processing, and if decryption fails, data exchange is ended.
Steps 307 to 311 above are the process of transmitting data by the server side and receiving data by the vehicle side.
It will be understood by those skilled in the art that the data exchange step described in fig. 3 only represents a process of processing and transmitting data, and is not limited to a sequence relationship of data transmission, and the data may be sent from the vehicle side to the server side, or the data may be sent from the server side to the vehicle side, or the data may be sent from the vehicle side to the server side and the data may be sent from the server side to the vehicle side at the same time.
Next, data transmission will be described by a data transmission and reception process performed from the vehicle side and a data transmission and reception process performed from the server side, respectively. Referring first to fig. 4, fig. 4 shows a process 400 of transmitting data at a vehicle side, including performing the following steps:
At step 410, the data to be transmitted is encrypted using the second public key to obtain a digest, and the encryption of the data to be transmitted using the second public key is performed using an RSA encryption algorithm.
In step 420, the pre-transmission data is obtained by signing the data to be transmitted and the digest using the first private key.
At step 430, the pre-transmission data is encrypted and issued using the first key, the encryption of the pre-transmission data using the first key being performed using the AES encryption algorithm.
Referring then to fig. 5, fig. 5 shows a process 500 for receiving data at a vehicle-mounted terminal, comprising the steps of:
in step 510, the encrypted data received from the server is decrypted using the second key, and if the decryption fails, the data transmission is ended.
The encrypted data received from the server side is performed using the second key and the AES algorithm, it should be noted that the AES algorithm is only an example, and any possible symmetric encryption algorithm is available, including but not limited to DES, 3DES, IDEA, etc.
In step 520, the decrypted data is checked by using the second public key, if the checked data does not pass, the data is considered as illegal data, and is intercepted, and the data transmission is ended.
In step 530, under the condition that the signature verification is successful, the decrypted data is decrypted by using the first private key to obtain real data, the real data is used for service processing, and meanwhile, if the decryption fails, the data transmission is ended.
The second public key and the first private key used in the process of transmitting and receiving data from the vehicle side are generated according to an asymmetric encryption algorithm, and it should be noted that the asymmetric encryption algorithm used in this embodiment is an RSA algorithm, but those skilled in the art will understand that any possible asymmetric encryption algorithm is available, including but not limited to Elgamal, knapsack algorithm, rabin, D-H, ECC (elliptic curve encryption algorithm), and the like. In addition, the first key and the second key are generated by a hash algorithm, and any possible hash algorithm may be used to generate the first key and the second key, including but not limited to SHA-1, SHA-256, SHA-512, blake2, etc.
Reference is next made to fig. 6. Fig. 6 shows a process 600 for server-side data transmission, comprising the steps of:
At step 610, the data to be transmitted is encrypted using the first public key to obtain a digest, and the encryption of the data to be transmitted using the first public key is performed using an RSA encryption algorithm.
In step 620, the pre-transmission data is obtained by signing the data to be transmitted and the digest using the second private key.
At step 630, the pre-transmission data is encrypted and issued using the second key, which is encrypted using the AES encryption algorithm.
Referring then to fig. 7, fig. 7 shows a process 700 for a server to receive data, comprising the steps of:
At step 710, the encrypted data received from the server is decrypted using the first key, and if decryption fails, the data transmission is terminated, and the encrypted data received from the server is performed using the first key and AES algorithm, it should be noted that the AES algorithm is only an example, and any possible symmetric encryption algorithm is available, including, but not limited to DES, 3DES, IDEA, and the like.
In step 720, the decrypted data is checked by using the first public key, if the checked data does not pass, the data is considered to be illegal data, and is intercepted, and the data transmission is ended.
In step 730, under the condition that the signature verification is successful, the decrypted data is decrypted by using the second private key to obtain real data, the real data is used for service processing, and meanwhile, if the decryption fails, the data transmission is ended.
The second public key and the first private key used in the process of transmitting and receiving data from the vehicle side are generated according to an asymmetric encryption algorithm, and it should be noted that the asymmetric encryption algorithm used in the present embodiment is an RSA algorithm, but those skilled in the art will understand that any possible asymmetric encryption algorithm is available, including but not limited to Elgamal, knapsack algorithm, rabin, D-H, ECC (elliptic curve encryption algorithm). In addition, the first key and the second key are generated by a hash algorithm, and any possible hash algorithm may be used to generate the first key and the second key, including but not limited to SHA-1, SHA-256, SHA-512, blake2, etc.
Through the description of the three aspects of data security transmission, the method provided by the invention can be used for enabling the two data transmission parties to conduct secure data exchange by dynamically generating the certificate based on the software algorithm without depending on hardware equipment such as an encryption machine, and has the outstanding advantages of convenience in use and low cost. Meanwhile, the method has good universality, and can be used in an Internet of vehicles system and other use scenes needing data transmission between the client and the server.
Referring now to fig. 8, shown is a block diagram of an electronic device 800 in accordance with one embodiment of the present application. The device 800 may include one or more processors 802, system control logic 808 coupled to at least one of the processors 802, a system memory 804 coupled to the system control logic 808, a non-volatile memory (NVM) 806 coupled to the system control logic 808, and a network interface 810 coupled to the system control logic 808.
The processor 802 may include one or more single-core or multi-core processors. The processor 802 may include any combination of general-purpose and special-purpose processors (e.g., graphics processor, application processor, baseband processor, etc.). In embodiments herein, the processor 802 may be configured to perform the data security transmission method in the present embodiment.
In some embodiments, the system control logic 808 may include any suitable interface controller to provide any suitable interface to at least one of the processors 802 and/or any suitable device or component in communication with the system control logic 808.
In some embodiments, the system control logic 808 may include one or more memory controllers to provide an interface to the system memory 804. The system memory 804 may be used for loading and storing data and/or instructions. The memory 804 of the device 800 may include any suitable volatile memory in some embodiments, such as a suitable Dynamic Random Access Memory (DRAM).
NVM/memory 806 may include one or more tangible, non-transitory computer-readable media for storing data and/or instructions. In some embodiments, NVM/memory 806 may include any suitable nonvolatile memory, such as flash memory, and/or any suitable nonvolatile storage device, such as at least one of HDD (HARD DISK DRIVE ), CD (Compact Disc) drive, DVD (DIGITAL VERSATILE DISC ) drive.
NVM/memory 806 may include a portion of a storage resource installed on the apparatus of device 800, or it may be accessed by, but not necessarily part of, the device. For example, NVM/storage 806 may be accessed over a network via network interface 810.
In particular, system memory 804 and NVM/storage 806 may each include: a temporary copy and a permanent copy of instruction 820. The instructions 820 may include: instructions that when executed by at least one of the processors 802 cause the device 800 to implement secure transmission of data in this embodiment. In some embodiments, instructions 820, hardware, firmware, and/or software components thereof may additionally/alternatively be disposed in system control logic 808, network interface 810, and/or processor 802.
In some embodiments, the network interface 810 may be integrated with other components of the device 800. For example, the network interface 810 may be integrated with at least one of the processor 802, the system memory 804, the nvm/storage 806, and a firmware device (not shown) having instructions that, when executed by at least one of the processor 802, implement the data security transmission method of the present embodiment. The network interface 810 may further include any suitable hardware and/or firmware to provide a multiple-input multiple-output radio interface.
In one embodiment, at least one of the processors 802 may be packaged together with logic for one or more controllers of the system control logic 808 to form a System In Package (SiP). In one embodiment, at least one of the processors 802 may be integrated on the same die with logic for one or more controllers of the system control logic 808 to form a system on a chip (SoC).
The device 800 may further include: input/output (I/O) device 812.I/O device 812 may include a user interface to enable a user to interact with device 800; the design of the peripheral component interface enables the peripheral component to also interact with the device 800.
In some embodiments, the user interface may include, but is not limited to, a display (e.g., a liquid crystal display, a touch screen display, etc.), a speaker, a microphone, one or more cameras (e.g., still image cameras and/or video cameras), a flashlight (e.g., light emitting diode flash), and a keyboard.
In some embodiments, the peripheral component interface may include, but is not limited to, a non-volatile memory port, an audio jack, and a power interface.
It should be understood that the illustrated structure of the embodiment of the present application does not constitute a specific limitation on the electronic device 800. In other embodiments of the application, electronic device 800 may include more or less components than illustrated, or certain components may be combined, or certain components may be split, or different arrangements of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
Program code may be applied to input instructions to perform the functions described herein and generate output information. The output information may be applied to one or more output devices in a known manner. For the purposes of this application, a processing system includes any system having a processor such as, for example, a Digital Signal Processor (DSP), a microcontroller, an Application Specific Integrated Circuit (ASIC), or a microprocessor.
The program code may be implemented in a high level procedural or object oriented programming language to communicate with a processing system. Program code may also be implemented in assembly or machine language, if desired. Indeed, the mechanisms described herein are not limited in scope to any particular programming language. In either case, the language may be a compiled or interpreted language.
One or more aspects of at least one embodiment may be implemented by representative instructions stored on a computer readable storage medium, which represent various logic in a processor, which when read by a machine, cause the machine to fabricate logic to perform the techniques described herein. These representations, referred to as "IP cores," may be stored on a tangible computer readable storage medium and provided to a plurality of customers or production facilities for loading into the manufacturing machine that actually manufactures the logic or processor.
One embodiment of the present application discloses a computer readable medium storing one or more programs executable by one or more processors to implement the method of the present application.
One embodiment of the application discloses a computer program product comprising a computer program which, when executed by a processor, implements the method of the application.
The foregoing describes embodiments of the present application in terms of specific examples, and other advantages and effects of the present application will be readily apparent to those skilled in the art from the disclosure herein. While the description of the application will be described in connection with the preferred embodiments, it is not intended to limit the inventive features to the implementation. Furthermore, some specific details are omitted from the description in order to avoid obscuring the application. It should be noted that, without conflict, the embodiments of the present application and features of the embodiments may be combined with each other.
Moreover, various operations will be described as multiple discrete operations in a manner that is most helpful in understanding the illustrative embodiments; however, the order of description should not be construed as to imply that these operations are necessarily order dependent. In particular, these operations need not be performed in the order of presentation.
The terms "comprising," "having," and "including" are synonymous, unless the context dictates otherwise.
As used herein, the term "module" or "unit" may refer to, be or include: an Application Specific Integrated Circuit (ASIC), an electronic circuit, a processor (shared, dedicated, or group) and/or memory that execute one or more software or firmware programs, a combinational logic circuit, and/or other suitable components that provide the described functionality.
In the drawings, some structural or methodological features are shown in a particular arrangement and/or order. However, it should be understood that such a particular arrangement and/or ordering may not be required. In some embodiments, these features may be arranged in a different manner and/or order than shown in the illustrative figures. Additionally, the inclusion of structural or methodological features in a particular figure is not meant to imply that such features are required in all embodiments, and in some embodiments, may not be included or may be combined with other features.
It will be understood that, although the terms "first," "second," etc. may be used herein to describe various elements or data, these elements or data should not be limited by these terms. These terms are only used to distinguish one feature from another. For example, a first feature may be referred to as a second feature, and similarly a second feature may be referred to as a first feature, without departing from the scope of the example embodiments.
It should be noted that in this specification, like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures.
While the invention has been shown and described with reference to certain preferred embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention.
Claims (9)
1. The data security transmission method is used for a vehicle-mounted terminal and is characterized by comprising the following steps:
receiving the second public key from the server;
Encrypting the data to be transmitted by using the second public key to obtain a digest, and signing the data to be transmitted and the digest by using a first private key to obtain pre-transmission data; and
Encrypting the pre-transmission data by using a first key and sending out the encrypted pre-transmission data; and
Decrypting the encrypted data received from the server by using a second secret key, and checking the decrypted data by using the second public key;
under the condition that the signature verification is successful, decrypting the decrypted data by using a first private key to obtain real data;
The first private key is generated by the vehicle-mounted terminal, and the second public key is generated by the server terminal;
The first secret key is dynamically generated by the vehicle machine end and the server end based on the agreed content of the first two parties; and
The second secret key is dynamically generated by the vehicle machine side and the server side based on second double-party appointed content.
2. A data security transmission method for a server, comprising:
Receiving a first public key from a vehicle machine;
Encrypting the data to be transmitted by using the first public key to obtain a digest, and signing the data to be transmitted and the digest by using a second private key to obtain pre-transmission data; and
Encrypting the pre-transmission data by using a second key and sending out the encrypted pre-transmission data; and
Decrypting the encrypted data received by the vehicle terminal by using a first secret key, and checking the decrypted data by using the first public key;
Under the condition that the signature verification is successful, the decrypted data is decrypted by using a second private key to obtain real data;
The first public key is generated by the vehicle machine side, and the second private key is generated by the server side.
The first secret key is dynamically generated by the vehicle machine end and the server end based on the agreed content of the first two parties; and
The second secret key is dynamically generated by the vehicle machine side and the server side based on second double-party appointed content.
3. The data security transmission method is used for a vehicle networking system comprising a vehicle machine end and a server end, and is characterized by comprising the following steps:
the vehicle machine end and the server end exchange public keys;
the vehicle machine end encrypts data to be transmitted by using a second public key to obtain an abstract, and signs the data to be transmitted and the abstract by using a first private key to obtain pre-transmission data; and
The vehicle machine end encrypts the pre-transmission data by using a first secret key and sends the encrypted data to the server end;
The server decrypts the encrypted data by using the first key;
the server side uses the first public key to check the decrypted data;
after the signature verification is successful, the server side decrypts the decrypted data by using the second private key to obtain real data;
The server encrypts data to be transmitted by using a first public key to obtain an abstract, and signs the data to be transmitted and the abstract by using a second private key to obtain pre-transmission data; and
The server encrypts the pre-transmission data by using a second key and sends the encrypted data to the vehicle machine side;
The vehicle-mounted terminal uses the second secret key to decrypt the encrypted data;
The vehicle-mounted terminal uses the second public key to check the decrypted data;
after the signature verification is successful, the vehicle-mounted terminal decrypts the decrypted data by using the first private key to obtain real data;
the first public key and the first private key are generated by a vehicle-mounted terminal, and the second public key and the second private key are generated by a server terminal;
The first secret key is dynamically generated by the vehicle machine end and the server end based on the agreed content of the first two parties; and
The second secret key is dynamically generated by the vehicle machine side and the server side based on second double-party appointed content.
4. A method of securely transmitting data according to claim 3, wherein said public key exchange comprises:
the vehicle-mounted terminal encrypts the first public key by using the first secret key to obtain first data;
The server side obtains the first data, decrypts the first data by using the first secret key to obtain the first public key and stores the first public key;
the server encrypts the second public key by using a second secret key to obtain second data;
And the vehicle-mounted terminal acquires the second data, decrypts the second data by using the second secret key to obtain the second public key and stores the second public key.
5. The method for securely transmitting data according to any one of claims 1 to 4, wherein the first two parties agree on a path and a time for the vehicle to issue a request.
6. The method of any of claims 1-4, wherein the second bidirectional contract includes a response time.
7. An electronic device comprising a memory storing computer executable instructions and a processor; the instructions, when executed by the processor, cause the apparatus to implement the method of any one of claims 1 to 4.
8. A computer readable medium, characterized in that it stores one or more programs executable by one or more processors to implement the method of any of claims 1 to 4.
9. A computer program product comprising a computer program which, when executed by a processor, implements the method of any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410598870.7A CN118337513A (en) | 2024-05-14 | 2024-05-14 | Data security transmission method, device, medium and program product |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410598870.7A CN118337513A (en) | 2024-05-14 | 2024-05-14 | Data security transmission method, device, medium and program product |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118337513A true CN118337513A (en) | 2024-07-12 |
Family
ID=91778848
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410598870.7A Pending CN118337513A (en) | 2024-05-14 | 2024-05-14 | Data security transmission method, device, medium and program product |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118337513A (en) |
-
2024
- 2024-05-14 CN CN202410598870.7A patent/CN118337513A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111181720B (en) | Service processing method and device based on trusted execution environment | |
| US10341106B2 (en) | Location aware cryptography | |
| CN110391900B (en) | Private key processing method based on SM2 algorithm, terminal and key center | |
| US8660266B2 (en) | Method of delivering direct proof private keys to devices using an on-line service | |
| CN111082934A (en) | Cross-domain secure multiparty computing method and device based on trusted execution environment | |
| CN109728914B (en) | Digital signature verification method, system, device and computer readable storage medium | |
| US7693286B2 (en) | Method of delivering direct proof private keys in signed groups to devices using a distribution CD | |
| US10601590B1 (en) | Secure secrets in hardware security module for use by protected function in trusted execution environment | |
| JP2008506338A (en) | A method for directly distributing a certification private key to a device using a distribution CD | |
| CN109450620B (en) | Method for sharing security application in mobile terminal and mobile terminal | |
| US10686769B2 (en) | Secure key caching client | |
| JP2023533319A (en) | FIRMWARE DATA VERIFICATION APPARATUS AND METHOD AND FIRMWARE UPDATE APPARATUS, METHOD AND SYSTEM | |
| US10848312B2 (en) | Zero-knowledge architecture between multiple systems | |
| CN115150821A (en) | Offline package transmission and storage method and device | |
| CN117081736A (en) | Key distribution method, key distribution device, communication method, and communication device | |
| CN117560150A (en) | Key determination method, device, electronic equipment and computer readable storage medium | |
| CN115296807B (en) | Key generation method, device and equipment for preventing industrial control network viruses | |
| CN116866333A (en) | Method and device for transmitting encrypted file, electronic equipment and storage medium | |
| CN113935018B (en) | Password operation method, system on chip and computer equipment | |
| CN114553557B (en) | Key calling method, device, computer equipment and storage medium | |
| CN118337513A (en) | Data security transmission method, device, medium and program product | |
| CN112398818B (en) | Software activation method and related device thereof | |
| CN112055071B (en) | Industrial control safety communication system and method based on 5G | |
| CN111431846B (en) | Data transmission method, device and system | |
| CN109617876A (en) | Data encryption, decryption method and system based on Http agreement |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |