WO2024016486A1 - Data transmission method and apparatus, device, and computer readable storage medium - Google Patents

Data transmission method and apparatus, device, and computer readable storage medium Download PDF

Info

Publication number
WO2024016486A1
WO2024016486A1 PCT/CN2022/124319 CN2022124319W WO2024016486A1 WO 2024016486 A1 WO2024016486 A1 WO 2024016486A1 CN 2022124319 W CN2022124319 W CN 2022124319W WO 2024016486 A1 WO2024016486 A1 WO 2024016486A1
Authority
WO
WIPO (PCT)
Prior art keywords
identity verification
encrypted
controller
control instruction
authenticator
Prior art date
Application number
PCT/CN2022/124319
Other languages
French (fr)
Chinese (zh)
Inventor
杨斌
范永钊
谢天礼
李晓波
邓云飞
Original Assignee
广州汽车集团股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 广州汽车集团股份有限公司 filed Critical 广州汽车集团股份有限公司
Publication of WO2024016486A1 publication Critical patent/WO2024016486A1/en

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00896Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys specially adapted for particular uses
    • BPERFORMING OPERATIONS; TRANSPORTING
    • B60VEHICLES IN GENERAL
    • B60RVEHICLES, VEHICLE FITTINGS, OR VEHICLE PARTS, NOT OTHERWISE PROVIDED FOR
    • B60R25/00Fittings or systems for preventing or indicating unauthorised use or theft of vehicles
    • B60R25/20Means to switch the anti-theft system on or off
    • B60R25/24Means to switch the anti-theft system on or off using electronic identifiers containing a code not memorised by the user
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0464Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles

Definitions

  • Embodiments of the present application belong to the field of transportation, and in particular relate to a data transmission method, device, equipment, and computer-readable storage medium.
  • the traditional distributed electronic and electrical architecture includes independent engine anti-theft system design, VCU (Vehicle control unit, vehicle controller) anti-theft system design, BMS (Battery Management System, battery management system) anti-theft system design, electronic key and digital key anti-theft system design System design, etc., with the rapid development of modern automobile intelligence and electrification, the proportion of automobile electronics and software is getting higher and higher.
  • the original traditional distributed electronic and electrical architecture can no longer meet the existing functional needs. Based on the traditional distributed electronic and electrical architecture, it is generally possible to unlock by sending a signal through an electronic key or digital key, and the security is not high.
  • embodiments of the present application respectively provide a data transmission method, device, equipment, and computer-readable storage medium to authenticate the identity of the authenticating party and perform secondary encryption during the request data transmission process.
  • a data transmission method which is applied to the general controller and includes: receiving encrypted request data sent by the authenticator; wherein the encrypted request data is the authenticator's request data. Obtained by encrypting the requesting party after passing the identity verification; performing identity verification on the authenticating party to obtain the identity verification result of the authenticating party; if the identity verification result of the authenticating party indicates that the verification is successful, the encrypted Generate control instructions based on the request data, and encrypt the control instructions to obtain encrypted control instructions; send the encrypted control instructions to the sub-controller, so that the sub-controller can process the encrypted control instructions.
  • the control instructions are decrypted, and control processing is performed according to the decrypted control instructions.
  • another data transmission method is provided, which is applied to the sub-controller, including: receiving an encrypted control instruction sent by the general controller; wherein the encrypted control instruction is the After the total controller successfully authenticates the authenticator, it generates a control instruction based on the encrypted request data sent by the authenticator, and encrypts the control instruction; the encrypted control instruction is Decrypt to obtain the decrypted control instructions, and perform control processing according to the decrypted control instructions.
  • another data transmission method is provided, which is applied to the authenticating party, including: receiving the request data sent by the requesting party; performing identity verification on the requesting party to obtain the identity verification of the requesting party Result; If the identity verification result of the requester indicates that the verification is successful, the request data is encrypted to obtain the encrypted request data; the encrypted request data is sent to the total controller so that the total controller After the controller successfully authenticates the authenticator, it generates a control instruction based on the encrypted request data, and encrypts the control instruction to obtain an encrypted control instruction.
  • an information processing device which is applied to the general controller and includes: an encrypted request receiving module configured to receive encrypted request data sent by the authenticating party; wherein the encrypted The request data is encrypted after the authenticator passes the identity verification of the requester; the authenticator identity verification module is configured to perform identity verification on the authenticator and obtain the identity verification result of the authenticator; control instructions An encryption module configured to generate a control instruction based on the encrypted request data if the identity verification result of the authenticator indicates that the verification is successful, and encrypt the control instruction to obtain an encrypted control instruction; encryption control The instruction sending module is configured to send the encrypted control instruction to the sub-controller, so that the sub-controller decrypts the encrypted control instruction and performs control processing according to the decrypted control instruction.
  • the encrypted request data includes a random number used by the authenticator;
  • the authenticator identity verification module includes: a random number acquisition unit configured to acquire the random number, and record Regarding the time corresponding to the authenticator and the time corresponding to the total controller when obtaining the random number;
  • the authenticator verification success unit is configured to detect that the random number is not stored, and the authenticator corresponding If the time matches the time corresponding to the total controller, it is determined that the identity verification of the authenticator is successful, and an identity verification result used to represent the success of the identity verification of the authenticator is obtained;
  • the authenticator verification failure unit is configured If it is detected that the random number is stored, or the time corresponding to the authenticator does not match the time corresponding to the total controller, then it is determined that the identity verification of the authenticator failed, and the method used to characterize the The authentication result of the authenticator's failed authentication.
  • another information processing device which is applied to a sub-controller and includes: an encrypted control instruction receiving module configured to receive an encrypted control instruction sent by the general controller; wherein, The encrypted control instruction is obtained by the general controller generating a control instruction based on the encrypted request data sent by the authenticator after successfully authenticating the authenticator, and encrypting the control instruction;
  • the control instruction decryption module is configured to decrypt the encrypted control instruction, obtain the decrypted control instruction, and perform control processing according to the decrypted control instruction.
  • control instruction decryption module includes: a requesting party's identity verification result receiving unit configured to receive the requesting party's identity verification result sent by the authenticating party; a control instruction decryption unit configured to: If the identity verification result of the requesting party indicates that the verification is successful, the encrypted control instruction is decrypted to obtain the decrypted control instruction.
  • another information processing device applied to the authenticator, including: a request data receiving module configured to receive the request data sent by the requesting party; a requesting party identity verification module configured to Perform identity verification on the requester to obtain the identity verification result of the requester; a request data encryption module configured to encrypt the request data if the identity verification result of the requester indicates that the verification is successful, and obtain Encrypted request data;
  • the encrypted request data sending module is configured to send the encrypted request data to the general controller, so that after the general controller successfully authenticates the authentication party, it can send the encrypted request data to the authenticator according to the encrypted request data.
  • the subsequent request data is used to generate a control instruction, and the control instruction is encrypted to obtain an encrypted control instruction.
  • the information processing device further includes: a control sending module configured to send the identity verification result of the requesting party to a sub-controlling party, so that the sub-controlling party When the identity verification result indicates that the verification is successful, the encrypted control instruction is decrypted to obtain the decrypted control instruction.
  • the authenticator includes a server, and the requester includes an application program;
  • the request data receiving module includes: a request data receiving unit configured to receive request data sent by the application program through the network;
  • the requester identity verification module includes: an identity verification unit of the application program, configured to authenticate the application program and obtain the identity verification result of the application program.
  • the authenticator includes a receiver
  • the requester includes an initiator
  • the request data receiving module includes: receiving request data sent by the initiator through the network
  • the requester identity verification module includes: Perform identity verification on the initiator to obtain an identity verification result of the initiator.
  • the requester is a signal transmitter
  • the authenticator is an anti-theft controller of a vehicle
  • the request data includes a random number used by the signal transmitter
  • the requester identity verification module It includes: a vehicle random number obtaining unit configured to obtain the random number, and record the time corresponding to the signal transmitter and the time corresponding to the anti-theft controller when obtaining the random number; the signal transmitter identity verification is successful.
  • the unit is configured to determine that the identity verification of the signal transmitter is successful if it detects that the random number is not stored and the time corresponding to the signal transmitter matches the time corresponding to the anti-theft controller, and obtain An identity verification result used to represent the successful identity verification of the signal transmitter;
  • the signal transmitter identity verification failure unit is configured to detect that the random number is stored, or the time corresponding to the signal transmitter and the If the time corresponding to the anti-theft controller does not match, it is determined that the identity verification of the signal transmitter has failed, and an identity verification result used to represent the identity verification failure of the signal transmitter is obtained.
  • the requester is a signal transmitter
  • the authenticator is an anti-theft controller of the vehicle
  • the anti-theft controller includes a remote anti-theft device and/or a local anti-theft device
  • the requester identity verification module It includes: a first vehicle signal transmitter verification unit configured for the remote anti-theft device to perform identity verification on the mobile terminal to obtain an identity verification result of the signal transmitter; or a second vehicle signal transmitter verification unit configured to perform identity verification on the mobile terminal.
  • the local anti-theft device is configured to perform identity verification on the key and obtain the identity verification result of the signal transmitter.
  • the anti-theft controller includes a remote anti-theft device and a local anti-theft device
  • the requester identity verification module includes: a first vehicle verification unit configured as the remote anti-theft device to the mobile terminal Perform identity verification to obtain the identity verification result of the mobile terminal; a second vehicle verification unit configured as the local anti-theft device to perform identity verification on the key to obtain the identity verification result of the key; vehicle signal transmitter identity
  • the verification unit is configured to obtain the identity verification result of the signal transmitter based on the identity verification result of the mobile terminal and the identity verification result of the key.
  • the identity verification result of the signal transmitter includes a successful verification result and a failed verification result; the successful verification result indicates that the identity of the mobile terminal and the identity of the key have passed the verification; The failed verification result indicates that at least one of the identity of the mobile terminal or the identity of the key has failed to pass verification.
  • an electronic device including: a controller; and a memory for storing one or more programs, to execute when the one or more programs are executed by the controller.
  • the above data transmission method including: a controller; and a memory for storing one or more programs, to execute when the one or more programs are executed by the controller.
  • a computer-readable storage medium on which computer-readable instructions are stored.
  • the computer-readable instructions are executed by a processor of the computer, the computer is caused to execute the above-mentioned data. Transmission method.
  • a computer program product or computer program includes computer instructions, and the computer instructions are stored in a computer-readable storage medium.
  • the processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device performs the above-mentioned data transmission method.
  • the request data sent by the authenticator is encrypted after the authenticator passes the identity verification of the requester; the identity verification of the authenticator is performed to obtain the identity verification result of the authenticator; If the identity verification result of the authenticator indicates that the verification is successful, the control instructions are generated based on the encrypted request data, and the control instructions are encrypted to obtain the encrypted control instructions; the identity of the authenticator is verified to avoid disguised authenticators. approved.
  • the encrypted control instruction is sent to the sub-controller, so that the sub-controller decrypts the encrypted control instruction and performs control processing according to the decrypted control instruction.
  • the authenticator performs the first encrypted transmission of the request data.
  • the controller generates control instructions based on the encrypted request data and encrypts the control instructions. That is, a second encryption is performed during the transmission of the request data. Only the relevant key is known Only in this way can the relevant data in the encrypted data be obtained, ensuring the security during the transmission of request data and control instructions and avoiding data leakage.
  • Figure 1 is a flow chart of a data transmission method according to an exemplary embodiment of the present application.
  • Figure 2 is a flow chart of another data transmission method based on the embodiment shown in Figure 1;
  • Figure 3 is a flow chart of another data transmission method according to an exemplary embodiment of the present application.
  • Figure 4 is a flow chart of another data transmission method proposed based on the embodiment shown in Figure 3;
  • Figure 5 is a flow chart of another data transmission method according to an exemplary embodiment of the present application.
  • Figure 6 is a schematic diagram of an application scenario of a data transmission method according to an exemplary embodiment of the present application.
  • Figure 7 is a schematic diagram of the vehicle domain control architecture shown in an exemplary embodiment of the present application.
  • Figure 8 is a flow chart of another data transmission method proposed based on the embodiment shown in Figure 5;
  • Figure 9 is a flow chart of another data transmission method proposed based on the embodiment shown in Figure 5;
  • Figure 10 is a flow chart of another data transmission method proposed based on the embodiment shown in Figure 5;
  • Figure 11 is a flow chart of another data transmission method proposed based on the embodiment shown in Figure 5;
  • Figure 12 is a flow chart of another data transmission method proposed based on the embodiment shown in Figure 11;
  • Figure 13 is a schematic structural diagram of an information processing device according to an exemplary embodiment of the present application.
  • Figure 14 is a schematic structural diagram of another information processing device according to an exemplary embodiment of the present application.
  • Figure 15 is a schematic structural diagram of another information processing device according to an exemplary embodiment of the present application.
  • Figure 16 is a schematic structural diagram of a computer system of an electronic device according to an exemplary embodiment of the present application.
  • the "plurality” mentioned in this application means two or more than two.
  • “And/or” describes the association of related objects, indicating that there can be three relationships.
  • a and/or B can mean: A exists alone, A and B exist simultaneously, and B exists alone.
  • the character “/” generally indicates that the related objects are in an "or” relationship.
  • FIG. 1 is a flow chart of a data transmission method according to an exemplary embodiment of the present application. This method applies to the total controller, including at least S110 to S140. The details are as follows:
  • S110 Receive the encrypted request data sent by the authenticator; the encrypted request data is encrypted after the authenticator passes the identity verification of the requester.
  • the master controller receives the encrypted request data sent by the authenticator after passing the authentication of the requester.
  • the requester can be a terminal that sends the request data, such as a mobile phone, a computer, or an application in the mobile phone.
  • the authenticator has the function of verifying the identity of the requester.
  • the authenticator is an independent physical server, or it can be a server cluster or distributed system composed of multiple physical servers. Multiple servers can form a blockchain, and the server is a block chain. There are no restrictions on the nodes on the chain.
  • the requesting party is the requesting APP in the mobile phone and the server in the authenticating party's cloud.
  • the encrypted request data is encrypted after the authenticating party passes the identity verification of the requesting party.
  • the user sends the request data to the receiving end of the server through the requesting APP in the mobile phone.
  • the server receives the request data, it verifies the account identity of the requesting APP in the mobile phone.
  • the authenticator encrypts the requesting data. Outgoing.
  • S120 Perform identity verification on the authenticator and obtain the identity verification result of the authenticator.
  • the overall controller can be a central controller/unit, that is, a controller/unit that integrates control of the entire device. It controls multiple sub-controllers/units. It has the function of verifying the identity of the authenticating party, and also has the ability to encrypt control instructions and send control instructions. function.
  • the master controller performs identity verification on the authenticator. For example, the master controller receives the encrypted request data from the authenticator, authenticates the identity of the authenticator, and obtains the identity verification result indicating whether the authentication of the authenticator is successful or failed.
  • the general controller decrypts the encrypted request data and obtains the decrypted request data.
  • the total controller generates a control instruction corresponding to the request data based on the decrypted request data, and encrypts it to obtain the encrypted control instruction, which is similar to encrypting the request data for the second time.
  • the authenticator encrypts the request data according to the specified encryption key and sends it to the master controller.
  • the master controller can decrypt the encrypted request data according to the decryption key that matches the specified encryption key. , get the decrypted request data.
  • the control instructions can be encrypted using the designated encryption key used by the authenticator, or other keys can be used to encrypt the control instructions. Just ensure that the main controller uses the encryption key to encrypt the control instructions. The key matches the decryption key used by the sub-controller to decrypt the control instructions.
  • S140 Send the encrypted control instruction to the sub-controller, so that the sub-controller can decrypt the encrypted control instruction and perform control processing according to the decrypted control instruction.
  • the sub-controller is the downstream party of the main controller, that is, the sub-controller is controlled by the main controller, and the main controller can control the sub-controller to perform control processing by sending relevant control instructions to the sub-controller.
  • the sub-controller receives the encrypted control instruction sent by the main controller, uses the matching decryption key to decrypt the encrypted control instruction, and performs control processing according to the decrypted control instruction.
  • This embodiment receives the encrypted request data sent by the authenticator after the authenticator passes the authentication of the requester, and then encrypts the request data before sending it, because it can only be decrypted by using the relevant key, ensuring that the request data is Security during transmission avoids request data leakage.
  • the identity of the authenticator is verified to obtain the identity verification result of the authenticator; if the identity verification result of the authenticator indicates that the verification is successful, the control instructions are generated based on the encrypted request data, and the control instructions are encrypted to obtain the encrypted Control instructions; the identity of the authenticator is verified to prevent the disguised authenticator from passing the verification.
  • the encrypted control instruction is sent to the sub-controller, so that the sub-controller decrypts the encrypted control instruction and performs control processing according to the decrypted control instruction.
  • the authenticator performs the first encrypted transmission of the request data.
  • the controller generates control instructions based on the encrypted request data and encrypts the control instructions. That is, a second encryption is performed during the transmission of the request data. Only the relevant key is used. Only in this way can the control instructions in the encrypted control instructions be obtained, which ensures the security during the transmission of the control instructions and avoids the leakage of the control instructions.
  • Figure 2 is a flow chart of another data transmission method based on the embodiment shown in Figure 1.
  • the method at least includes S210 to S230.
  • the encrypted request data includes the random number used by the authenticator. The details are as follows:
  • S210 Obtain a random number, and record the time corresponding to the authenticator and the time corresponding to the total controller when obtaining the random number.
  • the random number is the number used by the authenticator and the total controller.
  • the random number is 4 and the stored random numbers include 1, 2 and 3, then the random number 4 has not been used.
  • the time corresponding to the authenticator is 10:10, and the time corresponding to the total controller is 10:10. is 10:10, then the two times are the same, and the identity of the authenticator has passed the verification of the master controller.
  • the random number is 4, and the stored random numbers include 2, 3 and 4, then the random number 4 has been used; or the time corresponding to the authenticator is 10:10, and the time corresponding to the total controller is 10: 00, then the two times are inconsistent; or it is detected that a random number is stored, and the time corresponding to the authenticator does not match the time corresponding to the general controller, which indicates that the identity of the authenticator has not been verified by the general controller, and the authenticator's
  • the authentication result indicates an authentication failure.
  • this embodiment can also prevent replay attacks by programming changed rolling codes, so that the transmission process of request data becomes more secure.
  • This embodiment prevents replay attacks by detecting whether the encrypted request data includes the random number used by the authenticator, as well as the timestamps of the authenticator and the general controller, so that the general controller can accurately verify the identity of the authenticator, thereby This makes the identity verification results of the authenticating party more accurate.
  • FIG. 3 is a flow chart of another data transmission method according to an exemplary embodiment of the present application. This method applies to sub-controllers, including at least S310 to S320. The details are as follows:
  • S310 Receive the encrypted control instruction sent by the general controller; wherein, the encrypted control instruction is generated by the general controller based on the encrypted request data sent by the authenticator after successful identity verification of the authenticator, and The control instructions are encrypted.
  • the sub-controller receives the encrypted control instruction sent by the main controller.
  • the encrypted control instruction is obtained by the main controller encrypting the control instruction using a designated encryption key.
  • S320 Decrypt the encrypted control instruction to obtain the decrypted control instruction, and perform control processing according to the decrypted control instruction.
  • the sub-controller uses the designated decryption key to decrypt the received encrypted control instruction, and performs control processing according to the decrypted control instruction.
  • the designated decryption key and the designated encryption key are matching key pairs.
  • the relevant data is transmitted with the sub-controller as the executor, and the received encrypted control instructions are decrypted and the control processing is performed according to the decrypted control instructions to complete the request in the encrypted request data. control operations.
  • the request data is equivalent to segmented secondary encryption, ensuring the security during the request data transmission process and avoiding request data leakage.
  • FIG. 4 is a flow chart of another data transmission method proposed based on the embodiment shown in FIG. 3 .
  • the method also includes S410 to S420 in S320 as shown in Figure 3, which are introduced in detail below:
  • S410 Receive the identity verification result of the requester sent by the authenticator.
  • the authenticator verifies the identity of the requesting party and then sends the identity verification result of the requesting party to the sub-controller, including the verification result of success or failure of the requesting party's identity verification.
  • This embodiment further illustrates the precondition for the sub-controller to decrypt the encrypted control instruction, that is, it needs to receive the verification result of the requester's identity verification from the authenticator, thereby making the entire data transmission process more secure to prevent transmission Data leakage or tampering occurs in various aspects.
  • FIG. 5 is a flow chart of another data transmission method according to an exemplary embodiment of the present application. This method applies to authenticators, including at least S510 to S540. The details are as follows:
  • the authenticator receives the request data sent by the requester, and the request data carries the identity information of the sender.
  • S520 Perform identity verification on the requester and obtain the identity verification result of the requester.
  • the authenticator matches the identity information of the sender carried in the request data with the identity information of the requester. If they match, it means that the requester has passed the identity verification, and the identity verification result means that the verification is successful; if they do not match, it means that the requester has not. Authentication is passed and its authentication result represents an authentication failure.
  • This embodiment limits that if the requesting party passes the identity verification, the authenticating party will encrypt the request data to obtain encrypted request data.
  • the encrypted request data carries the sender's identity information, that is, it carries the authenticating party's own identity information. Identity Information.
  • S540 Send the encrypted request data to the master controller, so that after the master controller successfully authenticates the authenticator, it generates a control instruction based on the encrypted request data, encrypts the control instruction, and obtains the encrypted Control instruction.
  • the master controller receives the encrypted request data carrying the sender's identity information sent by the authenticator, and performs identity verification on the authenticator. Based on the identity information of the sender carried in the encrypted request data and the preset authentication party's The identity information is matched. If the match is successful, it means that the identity of the authenticator has passed the verification of the master controller.
  • relevant data is transmitted with the authenticator as the executor.
  • the request data sent by the requester who has passed the identity authentication is encrypted, and the encrypted request data is sent to the master controller, so that the master controller can verify the authentication.
  • the control instruction is generated based on the encrypted request data, and the control instruction is encrypted to obtain the encrypted control instruction.
  • the request data is equivalent to segmented secondary encryption, ensuring the security during the request data transmission process and avoiding request data leakage.
  • the encrypted control instructions are decrypted to obtain the decrypted control instructions.
  • This embodiment is different from the traditional request control process.
  • the requester sends request data to the sub-controller, so that the sub-controller can perform control processing according to the request data. It did not send the request data to the general controller. It lacked the processing of the request data by the general controller, which reduced its integrated control performance. It also lacked the identity authentication of the requester, and the request data was not encrypted during the transmission process to prevent duplication. Put the attack and other processing.
  • the controller needs to receive the verification result that the requester's identity is successfully authenticated before decrypting the encrypted control instructions.
  • the encrypted control instructions are generated by the total controller based on the encryption of the request data, that is, the request data is in During the transmission process, it has undergone secondary encryption to prevent theft to ensure the security of data transmission.
  • FIG. 6 is a schematic diagram of an application scenario of a data transmission method according to an exemplary embodiment of the present application.
  • the smart client APP and electronic key are the requesters
  • the server and key signal receiver of the cloud server are the authenticators
  • the central domain control unit is the master controller
  • the power output control unit is the sub-controller.
  • This embodiment also provides a vehicle domain control architecture, in which the central domain control unit can also be connected to control other units, as shown in Figure 7.
  • Figure 7 is a vehicle domain control architecture illustrated in an exemplary embodiment of the present application. Schematic diagram. Among them, the central domain control unit is located in the central domain, and the power output end control unit is located in the power domain.
  • the vehicle domain control architecture is not only compatible with the domain control architecture that separates the central domain and the power domain, but is also compatible with other domain control architectures, forming a highly integrated domain control architecture.
  • the central domain in addition to connecting the control power domain, the central domain also connects the control: front area controller, left area controller, right area controller, rear area controller, cockpit domain, intelligent driving domain and chassis safety domain.
  • This vehicle domain control architecture not only meets the new national standards, but also meets the anti-theft requirements of power systems such as European standards. Without increasing the hardware cost, it improves the anti-theft performance of the vehicle power domain system, making vehicle anti-theft safer and more reliable.
  • the user can trigger a request for domain control of the vehicle through the remote anti-theft module or the local anti-theft module.
  • the user sends request data to the server of the cloud server through the smart client APP in the remote anti-theft module.
  • the server verifies the identity of the smart client APP, for example, verifies the account ID (Identity document, identification number) of the smart client APP, and obtains the identity verification result or failed identity verification result.
  • the user sends the original request data through the electronic key, and the signal receiver authenticates the electronic key.
  • the server or key signal receiver on the cloud server encrypts the request data based on SecOc (Secure Onboard Communication, SecOc, encrypted communication), and transmits the encrypted request data to the central domain control unit based on E2E (End to End, end-to-end) , the total controlling party in this application.
  • the central domain control unit decrypts the encrypted request data, generates control instructions based on the decrypted request data, encrypts them and transmits them to the power output end control unit, which is the sub-controller of this application.
  • the power output end control unit receives the encrypted control instructions and can directly decrypt them, and then performs control processing according to the decrypted control instructions.
  • the power output control unit needs to receive the verification result that the requester's identity is passed from the remote anti-theft module or the local anti-theft module, so that the power output control unit can decrypt the encrypted control instructions, and then Control processing is performed based on the decrypted control instructions. If the relevant verification results are not received, or the verification results indicate that the requester's identity verification failed, the power output control unit will not perform the decryption operation and stop subsequent control processing operations.
  • the remote anti-theft module or the local anti-theft module can encrypt the identity verification result of the requester based on SecOc, and send the encrypted identity verification result of the requester to the power output control unit based on E2E.
  • the existing IMMO (Immobilizer, engine anti-theft locking system) is developed on the basis of the universal VATS. It inherits the idea of VATS in terms of anti-theft principles, that is, it uses the password of the chip in the key to match the password in the starter switch. Control the starting of the engine to prevent theft.
  • remote anti-theft and local anti-theft need to be carried out at the same time, that is, the remote and local anti-theft modules are started at the same time to verify the identities of the smart client APP and the electronic key, and it is determined that the functions of both modules are target users. Triggered to improve the vehicle's anti-theft performance.
  • the remote anti-theft module and the local anti-theft module in this embodiment constitute the identity information verification system of the requesting party. They can independently verify the identity information of the requesting party.
  • the remote and local anti-theft modules can also be started at the same time to verify the smart client APP and electronic files. The identity of the key is verified and it is determined that the functions of the two modules are triggered by the target user, thereby enhancing the anti-theft function of the vehicle.
  • the power output control unit needs to receive the identity verification result of the requester sent by the remote anti-theft module and/or the local anti-theft module, and use the identity verification result to determine whether the identity of the requester has passed the verification. Only after the party's identity verification passes, the power output control unit decrypts the encrypted control instructions and performs control processing based on the decrypted control instructions, making the entire data transmission process more secure.
  • FIG. 8 is a flow chart of another data transmission method proposed based on the embodiment shown in FIG. 5 .
  • the authenticator includes the server
  • the requester includes the application
  • the method S510 includes S810
  • the S520 includes S820.
  • S810 Receive request data sent by the application through the network.
  • S820 Perform authentication on the application program and obtain the authentication result of the application program.
  • the smart client APP in the remote anti-theft module is the application program of this embodiment, and the server of the cloud server is the server of this embodiment.
  • the user sends request data to the server of the cloud server through the smart client APP, and the cloud server
  • the server on the server side verifies the identity of the smart client APP, for example, verifies the account ID of the smart client APP, and obtains the identity verification result or failed identity verification result.
  • the smart client APP in the remote anti-theft module needs to be strongly bound to a physical carrier, such as a mobile phone, and must meet identity authentication and anti-replay attacks during communication.
  • the anti-replay attack uses a random number ratio. It is compared with the timestamp and needs to be programmed with changing rolling codes to make the anti-theft system more secure and reliable.
  • FIG. 9 is a flow chart of another data transmission method proposed based on the embodiment shown in FIG. 5 .
  • the authenticator includes the receiver
  • the requester includes the initiator
  • the method S510 includes S910
  • S520 includes S920.
  • the following is a detailed introduction:
  • S910 Receive request data sent by the initiator through the network.
  • S920 Perform authentication on the initiator and obtain the authentication result of the initiator.
  • the electronic key in the local anti-theft module is the starter of this embodiment
  • the key signal receiver is the receiver of this embodiment.
  • the user sends request data to the key signal receiver by touching the electronic key, and the key signal
  • the receiver verifies the identity of the electronic key, for example, by verifying whether the identity of the key signal receiver matches a preset identity, thereby obtaining the identity verification result or failed identity verification result of the electronic key.
  • the electronic key in this embodiment can transmit request data to the key signal receiver through a wireless radio frequency network, Bluetooth, cellular network, etc. It also needs to meet identity authentication and anti-replay attacks during communication.
  • the anti-replay attacks use a random number ratio. It is compared with the timestamp and needs to be programmed with changing rolling codes to make the anti-theft system more secure and reliable.
  • FIG. 10 is a flow chart of another data transmission method proposed based on the embodiment shown in FIG. 5 .
  • the requesting party is the signal transmitter
  • the authenticating party is the anti-theft controller of the vehicle.
  • the request data includes the random number used by the signal transmitter; the method S520 includes S1010 to S1030, which are introduced in detail below:
  • S1010 Obtain a random number, and record the time corresponding to the signal transmitter and the time corresponding to the anti-theft controller when the random number is obtained.
  • the random number in this embodiment is a number generated during the data interaction process between the signal transmitter and the vehicle's anti-theft controller.
  • the random number is not stored, it means that the random number has not been used by the signal transmitter and the vehicle's anti-theft controller. If the time corresponding to the signal transmitter matches the time corresponding to the anti-theft controller, it is determined that the anti-theft controller is correct. Authentication of the signal sender was successful.
  • the random number is 10
  • the stored random numbers include 6, 9 and 10
  • the random number 10 has been used; or the time corresponding to the signal transmitter is 10:10, and the time corresponding to the anti-theft controller is 10 :00, then the two times are not phased; or it is detected that a random number is stored, and the time corresponding to the signal transmitter and the time corresponding to the anti-theft controller do not match, both indicate that the identity of the authenticator has not been verified by the anti-theft controller, and the signal The sender's authentication result indicates an authentication failure.
  • the data transmission method is applied in the field of vehicles.
  • the identity of the signal transmitter is verified through the anti-theft controller of the vehicle. According to the parameters of random number and time stamp, replay attacks are effectively prevented.
  • FIG. 11 is a flow chart of another data transmission method proposed based on the embodiment shown in FIG. 5 .
  • the requester is the signal transmitter
  • the authenticator is the anti-theft controller of the vehicle.
  • the anti-theft controller includes a remote anti-theft device and/or a local anti-theft device; the signal transmitter corresponding to the remote anti-theft device is a mobile terminal, and the signal corresponding to the local anti-theft device
  • the transmitter is a key with signal sending function; if the anti-theft controller includes a remote anti-theft device or a local anti-theft device; the method S520 includes S1110 or S1120, which will be introduced in detail below:
  • the remote anti-theft device performs identity verification on the mobile terminal and obtains the identity verification result of the signal transmitter.
  • the remote anti-theft device can be a server on the cloud server, which performs identity verification on the mobile terminal in the cloud. Due to sufficient cloud computing resources, identity verification is faster.
  • the mobile terminal can be a mobile phone, a tablet computer, a laptop, etc., and can specifically be a smart client APP in a physical carrier.
  • the user can send request data carrying user information to the remote anti-theft controller through the smart client APP, so that the The remote anti-theft device authenticates the smart client APP in the cloud based on the user information carried in the request data.
  • S1120 The local anti-theft device authenticates the key and obtains the identity authentication result of the signal transmitter.
  • the key in this embodiment has the function of sending signals, but the reachable range of the signals it sends is limited.
  • the local anti-theft device needs to be within a certain physical distance to receive the signals sent by the key.
  • the anti-theft controller of the vehicle only needs to perform remote verification or local verification of the signal transmitter, and then the identity verification of the signal transmitter by the anti-theft controller can be completed.
  • the identity verification of the mobile terminal by the remote anti-theft device is successful, or the identity verification of the key by the local anti-theft device is successful, then the identity authentication of the signal transmitter by the vehicle's anti-theft controller is successful, that is, only local identity verification or remote identity verification is required. , the subsequent data transmission process can be carried out.
  • FIG. 12 is a flow chart of another data transmission method proposed based on the embodiment shown in FIG. 11 .
  • the anti-theft controller includes a remote anti-theft device and a local anti-theft device; the method S520 includes S1210 to S1230, which are introduced in detail below:
  • the remote anti-theft device performs identity verification on the mobile terminal and obtains the identity verification result of the mobile terminal.
  • the identity verification result of the mobile terminal by the remote anti-theft device is the identity verification result of the mobile terminal, which is part of the identity verification result that constitutes the signal transmitter.
  • S1220 The local anti-theft device authenticates the key and obtains the key's identity verification result.
  • the authentication result of the key by the local immobilizer is the authentication result of the key, which forms part of the authentication result of the signal transmitter.
  • S1230 Obtain the identity verification result of the signal transmitter based on the identity verification result of the mobile terminal and the identity verification result of the key.
  • the identity verification result of the signal transmitter includes a successful verification result and a failed verification result; a successful verification result indicates that the identity of the mobile terminal and the identity of the key have passed the verification; a failed verification result indicates that the identity of the mobile terminal or the identity of at least one of the key's identities has not been verified.
  • the identity verification result of the mobile terminal represents the identity verification failure of the mobile terminal, or the identity verification result of the key represents the identity verification failure of the key, then an identity verification result indicating the identity verification failure of the signal transmitter is obtained.
  • an identity verification result indicating that the identity verification of the signal transmitter is successful is obtained.
  • the anti-theft controller of the vehicle needs to perform remote verification and local verification of the signal transmitter, and only after the double verification is passed, the anti-theft controller can successfully authenticate the signal transmitter.
  • the double verification mechanism makes the vehicle The anti-theft system is more secure and reliable.
  • FIG. 13 is a schematic structural diagram of an information processing device according to an exemplary embodiment of the present application.
  • the information processing device is applied to the main controller, including:
  • the encrypted request receiving module 1310 is configured to receive encrypted request data sent by the authenticator; wherein the encrypted request data is encrypted after the authenticator passes the identity verification of the requester.
  • the authenticator identity verification module 1330 is configured to perform identity verification on the authenticator and obtain the identity verification result of the authenticator.
  • the control instruction encryption module 1350 is configured to generate a control instruction based on the encrypted request data and encrypt the control instruction to obtain an encrypted control instruction if the authenticator's identity verification result indicates that the verification is successful.
  • the encrypted control instruction sending module 1370 is configured to send the encrypted control instruction to the sub-controller, so that the sub-controller decrypts the encrypted control instruction and performs control processing according to the decrypted control instruction.
  • the encrypted request data includes a random number used by the authenticator;
  • the authenticator identity verification module 1330 includes:
  • the random number obtaining unit is configured to obtain the random number, and record the time corresponding to the authenticator and the time corresponding to the total controller when obtaining the random number.
  • the authenticator verification success unit is configured so that if it is detected that the random number is not stored and the time corresponding to the authenticator matches the time corresponding to the total controller, it is determined that the identity verification of the authenticator is successful and a value used to characterize the authenticator is obtained. Authentication result for successful authentication.
  • the authenticator verification failure unit is configured to determine that the identity verification of the authenticator failed if it detects that a random number is stored, or that the time corresponding to the authenticator does not match the time corresponding to the total controller, and is used to characterize the authenticator. Authentication result for authentication failure.
  • FIG. 14 is a schematic structural diagram of another information processing device according to an exemplary embodiment of the present application.
  • the information processing device is applied to the sub-controlling party, including:
  • the encrypted control instruction receiving module 1410 is configured to receive the encrypted control instruction sent by the general controller; wherein the encrypted control instruction is based on the encrypted control instruction sent by the authenticator after the general controller successfully authenticates the authenticator.
  • the request data generates control instructions and encrypts the control instructions.
  • the control instruction decryption module 1430 is configured to decrypt the encrypted control instruction, obtain the decrypted control instruction, and perform control processing according to the decrypted control instruction.
  • control instruction decryption module 1430 includes:
  • the requesting party's identity verification result receiving unit is configured to receive the requesting party's identity verification result sent by the authenticating party.
  • the control instruction decryption unit is configured to decrypt the encrypted control instruction to obtain the decrypted control instruction if the identity verification result of the requesting party indicates that the verification is successful.
  • FIG. 15 is a schematic structural diagram of another information processing device according to an exemplary embodiment of the present application.
  • the information processing device is used in the authenticating party, including:
  • the request data receiving module 1510 is configured to receive the request data sent by the requesting party;
  • the requester identity verification module 1530 is configured to authenticate the requester and obtain the identity verification result of the requester;
  • the request data encryption module 1550 is configured to encrypt the request data to obtain encrypted request data if the requester's identity verification result indicates that the verification is successful;
  • the encrypted request data sending module 1570 is configured to send the encrypted request data to the general controller, so that after the general controller successfully authenticates the authenticator, it can generate a control instruction based on the encrypted request data and control the control.
  • the instructions are encrypted and the encrypted control instructions are obtained.
  • the information processing device further includes:
  • the control sending module is configured to send the identity verification result of the requesting party to the sub-controller, so that when the identity verification result of the requesting party indicates that the verification is successful, the sub-controlling party decrypts the encrypted control instruction and obtains the decrypted control instruction. Control instruction.
  • the authenticator includes a server, and the requester includes an application; the request data receiving module 1510 includes:
  • a request data receiving unit configured to receive request data sent by the application through the network
  • Requestor authentication module 1530 includes:
  • the authentication unit of the application is configured to authenticate the application and obtain the authentication result of the application.
  • the authenticator includes a receiver, and the requester includes an initiator; the request data receiving module 1510 includes:
  • Requestor authentication module 1530 includes:
  • the requesting party is the signal transmitter
  • the authenticating party is the anti-theft controller of the vehicle
  • the request data includes the random number used by the signal transmitter
  • the requesting party identity verification module includes:
  • the vehicle random number acquisition unit is configured to acquire the random number, and record the time corresponding to the signal transmitter and the time corresponding to the anti-theft controller when acquiring the random number.
  • the signal transmitter identity verification success unit is configured to determine that the identity verification of the signal transmitter is successful if it detects that no random number is stored and the time corresponding to the signal transmitter matches the time corresponding to the anti-theft controller. Authentication result that characterizes successful authentication of the signal sender.
  • the signal transmitter identity verification failure unit is configured to determine that the identity verification of the signal transmitter fails if it detects that a random number is stored or that the time corresponding to the signal transmitter does not match the time corresponding to the anti-theft controller. An authentication result that characterizes a signal sender's authentication failure.
  • the requesting party is the signal transmitter, and the authenticating party is the anti-theft controller of the vehicle.
  • the anti-theft controller includes a remote anti-theft device and/or a local anti-theft device;
  • the requesting party identity verification module includes:
  • the first vehicle signal transmitter verification unit is configured as a remote anti-theft device to perform identity verification on the mobile terminal and obtain the identity verification result of the signal transmitter;
  • the second vehicle signal transmitter verification unit is configured as a local anti-theft device to perform identity verification on the key and obtain the identity verification result of the signal transmitter.
  • the requester identity verification module includes:
  • the first vehicle verification unit is configured as a remote anti-theft device to perform identity verification on the mobile terminal and obtain the identity verification result of the mobile terminal.
  • the second vehicle verification unit is configured as a local anti-theft device to perform identity verification on the key and obtain the identity verification result of the key.
  • the vehicle signal transmitter identity verification unit is configured to obtain the identity verification result of the signal transmitter based on the identity verification result of the mobile terminal and the identity verification result of the key.
  • the identity verification result of the signal transmitter includes a successful verification result and a failed verification result; a successful verification result represents that the identity of the mobile terminal and the identity of the key have passed the verification; a failed verification result represents that the identity of the mobile terminal The identity of at least one of the identity or the key's identity has not been verified.
  • Another aspect of the application also provides an electronic device, including: a controller; and a memory for storing one or more programs, to perform the above method when the one or more programs are executed by the controller.
  • FIG. 16 is a schematic structural diagram of a computer system of an electronic device according to an exemplary embodiment of the present application. It shows a schematic structural diagram of a computer system of an electronic device suitable for implementing the embodiment of the present application.
  • the computer system 1600 includes a central processing unit (Central Processing Unit, CPU) 1601, which can be loaded into a random computer according to a program stored in a read-only memory (Read-Only Memory, ROM) 1602 or from a storage portion 1608. Access the program in the memory (Random Access Memory, RAM) 1603 to perform various appropriate actions and processing, such as performing the method in the above embodiment. In RAM 1603, various programs and data required for system operation are also stored.
  • CPU 1601, ROM 1602 and RAM 1603 are connected to each other through bus 1604.
  • An input/output (I/O) interface 1605 is also connected to bus 1604.
  • the following components are connected to the I/O interface 1605: an input part 1606 including a keyboard, a mouse, etc.; an output part 1607 including a cathode ray tube (Cathode Ray Tube, CRT), a liquid crystal display (Liquid Crystal Display, LCD), etc., and a speaker, etc. ; a storage part 1608 including a hard disk, etc.; and a communication part 1609 including a network interface card such as a LAN (Local Area Network) card, a modem, etc.
  • the communication section 1609 performs communication processing via a network such as the Internet.
  • Driver 1610 is also connected to I/O interface 1605 as needed.
  • Removable media 1611 such as magnetic disks, optical disks, magneto-optical disks, semiconductor memories, etc., are installed on the drive 1610 as needed, so that a computer program read therefrom is installed into the storage portion 1608 as needed.
  • the process described above with reference to the flowchart may be implemented as a computer software program.
  • embodiments of the present application include a computer program product including a computer program carried on a computer-readable medium, the computer program including a computer program for performing the method shown in the flowchart.
  • the computer program may be downloaded and installed from the network via communications portion 1609, and/or installed from removable media 1611.
  • CPU central processing unit
  • the computer-readable medium shown in the embodiments of the present application may be a computer-readable signal medium or a computer-readable storage medium, or any combination of the above two.
  • the computer-readable storage medium may be, for example, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, device or device, or any combination thereof.
  • Computer readable storage media may include, but are not limited to: an electrical connection having one or more wires, a portable computer disk, a hard drive, random access memory (RAM), read only memory (ROM), removable Programmable Read-Only Memory (Erasable Programmable Read Only Memory, EPROM), flash memory, optical fiber, portable compact disk read-only memory (Compact Disc Read-Only Memory, CD-ROM), optical storage device, magnetic storage device, or any of the above suitable The combination.
  • a computer-readable storage medium may be any tangible medium that contains or stores a program for use by or in connection with an instruction execution system, apparatus, or device.
  • a computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, in which a computer-readable computer program is carried. Such propagated data signals may take many forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination of the above.
  • a computer-readable signal medium may also be any computer-readable medium other than a computer-readable storage medium that can send, propagate, or transmit a program for use by or in connection with an instruction execution system, apparatus, or device .
  • Computer programs embodied on computer-readable media may be transmitted using any suitable medium, including but not limited to: wireless, wired, etc., or any suitable combination of the above.
  • each block in the flow chart or block diagram may represent a module, program segment, or part of the code.
  • the above-mentioned module, program segment, or part of the code includes one or more executable components for implementing the specified logical function. instruction.
  • the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown one after another may actually execute substantially in parallel, or they may sometimes execute in the reverse order, depending on the functionality involved.
  • each block in the block diagram or flowchart illustration, and combinations of blocks in the block diagram or flowchart illustration can be implemented by special purpose hardware-based systems that perform the specified functions or operations, or may be implemented by special purpose hardware-based systems that perform the specified functions or operations. Achieved by a combination of specialized hardware and computer instructions.
  • the units involved in the embodiments of this application can be implemented in software or hardware, and the described units can also be provided in a processor. Among them, the names of these units do not constitute a limitation on the unit itself under certain circumstances.
  • Another aspect of the present application also provides a computer-readable storage medium on which a computer program is stored.
  • the computer program is executed by a processor, the above data transmission method is implemented.
  • the computer-readable storage medium may be included in the electronic device described in the above embodiments, or may exist separately without being assembled into the electronic device.
  • Another aspect of the present application also provides a computer program product or computer program, which includes computer instructions stored in a computer-readable storage medium.
  • the processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device performs the data transmission method provided in the above embodiments.
  • a computer system including a central processing unit (Central Processing Unit, CPU), which can process data according to a program stored in a read-only memory (Read-Only Memory, ROM) or from The storage part loads the program into the random access memory (Random Access Memory, RAM) to perform various appropriate actions and processing, such as performing the method in the above embodiment.
  • CPU Central Processing Unit
  • RAM Random Access Memory
  • various programs and data required for system operation are also stored.
  • CPU, ROM and RAM are connected to each other through buses.
  • I/O Input/Output
  • the following components are connected to the I/O interface: input parts including keyboard, mouse, etc.; including output parts such as cathode ray tubes (Cathode Ray Tube, CRT), liquid crystal displays (Liquid Crystal Display, LCD), etc., and speakers; including hard disks
  • the storage part, etc. and the communication part including network interface cards such as LAN (Local Area Network) cards, modems, etc.
  • the communication section performs communication processing via a network such as the Internet.
  • Drives are also connected to I/O interfaces as needed.
  • Removable media such as magnetic disks, optical disks, magneto-optical disks, semiconductor memories, etc., are installed on the drive as needed, so that the computer program read therefrom is installed into the storage section as needed.

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mechanical Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Selective Calling Equipment (AREA)

Abstract

A data transmission method and apparatus, a device, and a computer readable storage medium. The method comprises: receiving encrypted request data sent by an authentication party, the encrypted request data being encrypted and obtained after the authentication party verifies the identity of a requester (S110); performing identity verification on the authentication party, and obtaining an identity verification result of the authentication party (S120); and if the identity verification result of the authentication party indicates that verification is successful, generating a control instruction according to the encrypted request data, and encrypting the control instruction to obtain an encrypted control instruction (S130). The identity of the authentication party is verified, thus a disguised authentication party is prevented from passing verification. The encrypted control instruction is sent to a sub-control party, so that the sub-control party decrypts the encrypted control instruction, and performs control processing according to the decrypted control instruction (S140). The encrypted control instruction can be decrypted merely by using a related decryption key, thereby avoiding leakage of the control instruction.

Description

数据传输方法及装置、设备、计算机可读存储介质Data transmission method and device, equipment, computer-readable storage medium
本申请要求于2022年07月21日提交中国专利局,申请号为202210861016.6,发明名称为“数据传输方法及装置、设备、计算机可读存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application requests the priority of the Chinese patent application submitted to the China Patent Office on July 21, 2022, with the application number 202210861016.6, and the invention name is "data transmission method and device, equipment, computer-readable storage medium", and its entire content is approved by This reference is incorporated into this application.
技术领域Technical field
本申请实施例属于交通领域,尤其涉及一种数据传输方法及装置、设备、计算机可读存储介质。Embodiments of the present application belong to the field of transportation, and in particular relate to a data transmission method, device, equipment, and computer-readable storage medium.
背景技术Background technique
传统分布式电子电器架构,包含单独的发动机防盗系统设计、VCU(Vehicle control unit,整车控制器)防盗系统设计、BMS(Battery Management System,电池管理系统)防盗系统设计、电子钥匙及数字钥匙防盗系统设计等,随着现代汽车智能化、电气化高速发展,汽车电子化、软件化比重越来越高,原来传统分布式电子电器架构已不能满足现有的功能需求。基于传统分布式电子电器架构,一般通过电子钥匙或数字钥匙发送信号就能进行解锁,安全性并不高。The traditional distributed electronic and electrical architecture includes independent engine anti-theft system design, VCU (Vehicle control unit, vehicle controller) anti-theft system design, BMS (Battery Management System, battery management system) anti-theft system design, electronic key and digital key anti-theft system design System design, etc., with the rapid development of modern automobile intelligence and electrification, the proportion of automobile electronics and software is getting higher and higher. The original traditional distributed electronic and electrical architecture can no longer meet the existing functional needs. Based on the traditional distributed electronic and electrical architecture, it is generally possible to unlock by sending a signal through an electronic key or digital key, and the security is not high.
发明内容Contents of the invention
为解决上述技术问题,本申请的实施例分别提供了一种数据传输方法及装置、设备、计算机可读存储介质,以对认证方进行身份验证,并在请求数据传输过程中进行二次加密。In order to solve the above technical problems, embodiments of the present application respectively provide a data transmission method, device, equipment, and computer-readable storage medium to authenticate the identity of the authenticating party and perform secondary encryption during the request data transmission process.
本申请的其他特性和优点将通过下面的详细描述变得显然,或部分地通过本申请的实践而习得。Additional features and advantages of the invention will be apparent from the detailed description which follows, or, in part, may be learned by practice of the invention.
根据本申请实施例的一个方面,提供了一种数据传输方法,应用于总控制方,包括:接收认证方发送的加密后的请求数据;其中,所述加密后的请求数据是所述认证方对请求方的身份验证通过后加密得到的;对所述认证方进行身份验证,得到所述认证方的身份验证结果;若所述认证方的身份验证结果表征验证成功,则根据所述加密后的请求数据生成控制指令,并对所述控制指令进行加密,得到加密后的控制指令;将所述加密后的控制指令发送至子控制方,以使所述子控制方对所述加密后的控制指令进行解密,并根据解密后的控制指令进行控制处理。According to one aspect of the embodiment of the present application, a data transmission method is provided, which is applied to the general controller and includes: receiving encrypted request data sent by the authenticator; wherein the encrypted request data is the authenticator's request data. Obtained by encrypting the requesting party after passing the identity verification; performing identity verification on the authenticating party to obtain the identity verification result of the authenticating party; if the identity verification result of the authenticating party indicates that the verification is successful, the encrypted Generate control instructions based on the request data, and encrypt the control instructions to obtain encrypted control instructions; send the encrypted control instructions to the sub-controller, so that the sub-controller can process the encrypted control instructions. The control instructions are decrypted, and control processing is performed according to the decrypted control instructions.
根据本申请实施例的一个方面,提供了另一种数据传输方法,应用于子控制方,包括:接收总控制方发送的加密后的控制指令;其中,所述加密后的控制指令是所述总控制方对所述认证方进行身份验证成功后,根据所述认证方发送的加密后的请求数据生成控制指令,并对所述控制指令进行加密得到的;对所述加密后的控制指令进行解密,得到解密后的控制指令,并根据所述解密后的控制指令进行控制处理。According to one aspect of the embodiment of the present application, another data transmission method is provided, which is applied to the sub-controller, including: receiving an encrypted control instruction sent by the general controller; wherein the encrypted control instruction is the After the total controller successfully authenticates the authenticator, it generates a control instruction based on the encrypted request data sent by the authenticator, and encrypts the control instruction; the encrypted control instruction is Decrypt to obtain the decrypted control instructions, and perform control processing according to the decrypted control instructions.
根据本申请实施例的一个方面,提供了另一种数据传输方法,应用于认证方,包括:接收请求方发送的请求数据;对所述请求方进行身份验证,得到所述请求方的身份验证结果;若所述请求方的身份验证结果表征验证成功,则对所述请求数据进行加密,得到加密后的请求数据;将所述加密后的请求数据发送至总控制方,以使所述总控制方对所述认证方的进行身份验证成功后,根据加密后的请求数据生成控制指令,并对所述控制指令进行加密,得到加密后的控制指令。According to one aspect of the embodiment of the present application, another data transmission method is provided, which is applied to the authenticating party, including: receiving the request data sent by the requesting party; performing identity verification on the requesting party to obtain the identity verification of the requesting party Result; If the identity verification result of the requester indicates that the verification is successful, the request data is encrypted to obtain the encrypted request data; the encrypted request data is sent to the total controller so that the total controller After the controller successfully authenticates the authenticator, it generates a control instruction based on the encrypted request data, and encrypts the control instruction to obtain an encrypted control instruction.
根据本申请实施例的一个方面,提供了一种信息处理装置,应用于总控制方,包括:加密请求接收模块,被配置为接收认证方发送的加密后的请求数据;其中,所述加密后的请求数据是所述认证方对请求方的身份验证通过后加密得到的;认证方身份验证模块,被配置为对所述认证方进行身份验证,得到所述认证方的身份验证结果;控制指令加密模块,被配置为若所述认证方的身份验证结果表征验证成功,则根据所述加密后的请求数据生成控制指令,并对所述控制指令进行加密,得到加密后的控制指令;加密控制指令发送模块,被配置为将所述加密后的控制指令发送至子控制方,以使所述子控制方对所述加密后的控制指令进行解密,并根据解密后的控制指令进行控制处理。According to one aspect of the embodiment of the present application, an information processing device is provided, which is applied to the general controller and includes: an encrypted request receiving module configured to receive encrypted request data sent by the authenticating party; wherein the encrypted The request data is encrypted after the authenticator passes the identity verification of the requester; the authenticator identity verification module is configured to perform identity verification on the authenticator and obtain the identity verification result of the authenticator; control instructions An encryption module configured to generate a control instruction based on the encrypted request data if the identity verification result of the authenticator indicates that the verification is successful, and encrypt the control instruction to obtain an encrypted control instruction; encryption control The instruction sending module is configured to send the encrypted control instruction to the sub-controller, so that the sub-controller decrypts the encrypted control instruction and performs control processing according to the decrypted control instruction.
在另一实施例中,所述加密后的请求数据包括所述认证方使用过的随机数;所述认证方身份验证模块包括:随机数获取单元,被配置为获取所述随机数,以及记录针对获取所述随机数时所述认证方对应的时刻和所述总控制方对应的时刻;认证方验证成功单元,被配置为若检测到未存储所述随机数,且所述认证方对应的时刻和所述总控制方对应的时刻相匹配,则确定对所述认证方的身份验证成功,得到用于表征所述认证方的身份验证成功的身份验证结果;认证方验证失败单元,被配置为若检测到存储有所述随机数,或者,所述认证方对应的时刻和所述总控制方对应的时刻不匹配,则确定对所述认证方的身份验证失败,得到用于表征所述认证方的身份验证失败的身份验证结果。In another embodiment, the encrypted request data includes a random number used by the authenticator; the authenticator identity verification module includes: a random number acquisition unit configured to acquire the random number, and record Regarding the time corresponding to the authenticator and the time corresponding to the total controller when obtaining the random number; the authenticator verification success unit is configured to detect that the random number is not stored, and the authenticator corresponding If the time matches the time corresponding to the total controller, it is determined that the identity verification of the authenticator is successful, and an identity verification result used to represent the success of the identity verification of the authenticator is obtained; the authenticator verification failure unit is configured If it is detected that the random number is stored, or the time corresponding to the authenticator does not match the time corresponding to the total controller, then it is determined that the identity verification of the authenticator failed, and the method used to characterize the The authentication result of the authenticator's failed authentication.
根据本申请实施例的一个方面,提供了另一种信息处理装置,应用于子控制方,包括:加密控制指令接收模块,被配置为接收总控制方发送的加密后的控制指令;其中,所述加密后的控制指令是所述总控制方对所述认证方进行身份验证成功后,根据所述认证方发送的加密后的请求数据生成控制指令,并对所述控制指令进行加密得到的;控制指令解密模块,被配置为对所述加密后的控制指令进行解密,得到解密后的控制指令,并根据所述解密后的控制指令进行控制处理。According to one aspect of the embodiment of the present application, another information processing device is provided, which is applied to a sub-controller and includes: an encrypted control instruction receiving module configured to receive an encrypted control instruction sent by the general controller; wherein, The encrypted control instruction is obtained by the general controller generating a control instruction based on the encrypted request data sent by the authenticator after successfully authenticating the authenticator, and encrypting the control instruction; The control instruction decryption module is configured to decrypt the encrypted control instruction, obtain the decrypted control instruction, and perform control processing according to the decrypted control instruction.
在另一实施例中,所述控制指令解密模块包括:请求方的身份验证结果接收单元,被配置为接收所述认证方发送的请求方的身份验证结果;控制指令解密单元,被配置为若所述请求方的身份验证结果表征验证成功,则对所述加密后的控制指令进行解密,得到所述解密后的控制指令。In another embodiment, the control instruction decryption module includes: a requesting party's identity verification result receiving unit configured to receive the requesting party's identity verification result sent by the authenticating party; a control instruction decryption unit configured to: If the identity verification result of the requesting party indicates that the verification is successful, the encrypted control instruction is decrypted to obtain the decrypted control instruction.
根据本申请实施例的一个方面,提供了另一种信息处理装置,应用于认证方,包括:请求数据接收模块,被配置为接收请求方发送的请求数据;请求方身份验证模块,被配置为对所述请求方进行身份验证,得到所述请求方的身份验证结果;请求数据加密模块,被配置为若所述请求方的身份验证结果表征验证成功,则对所述请求数据进行加密,得到加密后的请求数据; 加密请求数据发送模块,被配置为将所述加密后的请求数据发送至总控制方,以使所述总控制方对所述认证方的进行身份验证成功后,根据加密后的请求数据生成控制指令,并对所述控制指令进行加密,得到加密后的控制指令。According to one aspect of the embodiment of the present application, another information processing device is provided, applied to the authenticator, including: a request data receiving module configured to receive the request data sent by the requesting party; a requesting party identity verification module configured to Perform identity verification on the requester to obtain the identity verification result of the requester; a request data encryption module configured to encrypt the request data if the identity verification result of the requester indicates that the verification is successful, and obtain Encrypted request data; The encrypted request data sending module is configured to send the encrypted request data to the general controller, so that after the general controller successfully authenticates the authentication party, it can send the encrypted request data to the authenticator according to the encrypted request data. The subsequent request data is used to generate a control instruction, and the control instruction is encrypted to obtain an encrypted control instruction.
在另一实施例中,所述信息处理装置还包括:控制发送模块,被配置为将所述请求方的身份验证结果发送至子控制方,以使所述子控制方在所述请求方的身份验证结果表征验证成功时,对所述加密后的控制指令进行解密,得到所述解密后的控制指令。In another embodiment, the information processing device further includes: a control sending module configured to send the identity verification result of the requesting party to a sub-controlling party, so that the sub-controlling party When the identity verification result indicates that the verification is successful, the encrypted control instruction is decrypted to obtain the decrypted control instruction.
在另一实施例中,所述认证方包括服务器,所述请求方包括应用程序;所述请求数据接收模块包括:请求数据接收单元,被配置为接收应用程序通过网络发送的请求数据;所述请求方身份验证模块包括:应用程序的身份验证单元,被配置为对所述应用程序进行身份验证,得到所述应用程序的身份验证结果。In another embodiment, the authenticator includes a server, and the requester includes an application program; the request data receiving module includes: a request data receiving unit configured to receive request data sent by the application program through the network; The requester identity verification module includes: an identity verification unit of the application program, configured to authenticate the application program and obtain the identity verification result of the application program.
在另一实施例中,所述认证方包括接收器,所述请求方包括启动器;所述请求数据接收模块包括:接收启动器通过网络发送的请求数据;所述请求方身份验证模块包括:对所述启动器进行身份验证,得到所述启动器的身份验证结果。In another embodiment, the authenticator includes a receiver, the requester includes an initiator; the request data receiving module includes: receiving request data sent by the initiator through the network; the requester identity verification module includes: Perform identity verification on the initiator to obtain an identity verification result of the initiator.
在另一实施例中,所述请求方为信号发送器,所述认证方为车辆的防盗控制器,所述请求数据包括所述信号发送器使用过的随机数;所述请求方身份验证模块包括:车辆随机数获取单元,被配置为获取所述随机数,以及记录针对获取所述随机数时所述信号发送器对应的时刻和所述防盗控制器对应的时刻;信号发送器身份验证成功单元,被配置为若检测到未存储所述随机数,且所述信号发送器对应的时刻和所述防盗控制器对应的时刻相匹配,则确定对所述信号发送器的身份验证成功,得到用于表征所述信号发送器的身份验证成功的身份验证结果;信号发送器身份验证失败单元,被配置为若检测到存储有所述随机数,或者,所述信号发送器对应的时刻和所述防盗控制器对应的时刻不匹配,则确定对所述信号发送器的身份验证失败,得到用于表征所述信号发送器的身份验证失败的身份验证结果。In another embodiment, the requester is a signal transmitter, the authenticator is an anti-theft controller of a vehicle, and the request data includes a random number used by the signal transmitter; the requester identity verification module It includes: a vehicle random number obtaining unit configured to obtain the random number, and record the time corresponding to the signal transmitter and the time corresponding to the anti-theft controller when obtaining the random number; the signal transmitter identity verification is successful. The unit is configured to determine that the identity verification of the signal transmitter is successful if it detects that the random number is not stored and the time corresponding to the signal transmitter matches the time corresponding to the anti-theft controller, and obtain An identity verification result used to represent the successful identity verification of the signal transmitter; the signal transmitter identity verification failure unit is configured to detect that the random number is stored, or the time corresponding to the signal transmitter and the If the time corresponding to the anti-theft controller does not match, it is determined that the identity verification of the signal transmitter has failed, and an identity verification result used to represent the identity verification failure of the signal transmitter is obtained.
在另一实施例中,所述请求方为信号发送器,所述认证方为车辆的防盗控制器,所述防盗控制器包括远程防盗器和/或本地防盗器;所述请求方身份验证模块包括:第一车辆信号发送器验证单元,被配置为所述远程防盗器对所述移动终端进行身份验证,得到所述信号发送器的身份验证结果;或者第二车辆信号发送器验证单元,被配置为所述本地防盗器对所述钥匙进行身份验证,得到所述信号发送器的身份验证结果。In another embodiment, the requester is a signal transmitter, the authenticator is an anti-theft controller of the vehicle, the anti-theft controller includes a remote anti-theft device and/or a local anti-theft device; the requester identity verification module It includes: a first vehicle signal transmitter verification unit configured for the remote anti-theft device to perform identity verification on the mobile terminal to obtain an identity verification result of the signal transmitter; or a second vehicle signal transmitter verification unit configured to perform identity verification on the mobile terminal. The local anti-theft device is configured to perform identity verification on the key and obtain the identity verification result of the signal transmitter.
在另一实施例中,若所述防盗控制器包括远程防盗器和本地防盗器;所述请求方身份验证模块包括:第一车辆验证单元,被配置为所述远程防盗器对所述移动终端进行身份验证,得到所述移动终端的身份验证结果;第二车辆验证单元,被配置为所述本地防盗器对所述钥匙进行身份验证,得到所述钥匙的身份验证结果;车辆信号发送器身份验证单元,被配置为根据所述移动终端的身份验证结果和所述钥匙的身份验证结果,得到所述信号发送器的身份验证结果。In another embodiment, if the anti-theft controller includes a remote anti-theft device and a local anti-theft device; the requester identity verification module includes: a first vehicle verification unit configured as the remote anti-theft device to the mobile terminal Perform identity verification to obtain the identity verification result of the mobile terminal; a second vehicle verification unit configured as the local anti-theft device to perform identity verification on the key to obtain the identity verification result of the key; vehicle signal transmitter identity The verification unit is configured to obtain the identity verification result of the signal transmitter based on the identity verification result of the mobile terminal and the identity verification result of the key.
在另一实施例中,所述信号发送器的身份验证结果包括成功的验证结果和失败的验证结果;所述成功的验证结果表征所述移动终端的身份和所述钥匙的身份通过了验证;所述失败的验证结果表征所述移动终端的身份或所述钥匙的身份中至少一方的身份未通过验证。In another embodiment, the identity verification result of the signal transmitter includes a successful verification result and a failed verification result; the successful verification result indicates that the identity of the mobile terminal and the identity of the key have passed the verification; The failed verification result indicates that at least one of the identity of the mobile terminal or the identity of the key has failed to pass verification.
根据本申请实施例的一个方面,提供了一种电子设备,包括:控制器;存储器,用于存储 一个或多个程序,当所述一个或多个程序被所述控制器执行时,以执行上述的数据传输方法。According to an aspect of an embodiment of the present application, an electronic device is provided, including: a controller; and a memory for storing one or more programs, to execute when the one or more programs are executed by the controller. The above data transmission method.
根据本申请实施例的一个方面,还提供了一种计算机可读存储介质,其上存储有计算机可读指令,当所述计算机可读指令被计算机的处理器执行时,使计算机执行上述的数据传输方法。According to one aspect of the embodiment of the present application, a computer-readable storage medium is also provided, on which computer-readable instructions are stored. When the computer-readable instructions are executed by a processor of the computer, the computer is caused to execute the above-mentioned data. Transmission method.
根据本申请实施例的一个方面,还提供了一种计算机程序产品或计算机程序,该计算机程序产品或计算机程序包括计算机指令,该计算机指令存储在计算机可读存储介质中。计算机设备的处理器从计算机可读存储介质读取该计算机指令,处理器执行该计算机指令,使得该计算机设备执行上述的数据传输方法。According to an aspect of the embodiment of the present application, a computer program product or computer program is also provided. The computer program product or computer program includes computer instructions, and the computer instructions are stored in a computer-readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device performs the above-mentioned data transmission method.
在本申请的实施例所提供的技术方案中,通过接收认证方发送的认证方对请求方的身份验证通过后加密得到的请求数据;对认证方进行身份验证,得到认证方的身份验证结果;若认证方的身份验证结果表征验证成功,则根据加密后的请求数据生成控制指令,并对控制指令进行加密,得到加密后的控制指令;对认证方的身份进行了验证,避免伪装的认证方通过验证。将加密后的控制指令发送至子控制方,以使子控制方对加密后的控制指令进行解密,并根据解密后的控制指令进行控制处理。认证方对请求数据进行了第一次加密传输,总控方根据加密后的请求数据生成控制指令,并对控制指令进行加密,即在请求数据传输过程中进行二次加密,只有知晓相关密钥才能获取加密数据中的相关数据,确保了请求数据和控制指令传输过程中的安全性,避免数据泄露。In the technical solution provided by the embodiment of this application, the request data sent by the authenticator is encrypted after the authenticator passes the identity verification of the requester; the identity verification of the authenticator is performed to obtain the identity verification result of the authenticator; If the identity verification result of the authenticator indicates that the verification is successful, the control instructions are generated based on the encrypted request data, and the control instructions are encrypted to obtain the encrypted control instructions; the identity of the authenticator is verified to avoid disguised authenticators. approved. The encrypted control instruction is sent to the sub-controller, so that the sub-controller decrypts the encrypted control instruction and performs control processing according to the decrypted control instruction. The authenticator performs the first encrypted transmission of the request data. The controller generates control instructions based on the encrypted request data and encrypts the control instructions. That is, a second encryption is performed during the transmission of the request data. Only the relevant key is known Only in this way can the relevant data in the encrypted data be obtained, ensuring the security during the transmission of request data and control instructions and avoiding data leakage.
应理解的是,以上的一般描述和后文的细节描述仅是示例性和解释性的,并不能限制本申请。It should be understood that the above general description and the following detailed description are only exemplary and explanatory, and do not limit the present application.
附图说明Description of drawings
此处的附图被并入说明书中并构成本说明书的一部分,示出了符合本申请的实施例,并与说明书一起用于解释本申请的原理。显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术者来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。在附图中:The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application. Obviously, the drawings in the following description are only some embodiments of the present application. For those of ordinary skill in the art, other drawings can be obtained based on these drawings without exerting creative efforts. In the attached picture:
图1是本申请一示例性实施例示出的一种数据传输方法的流程图;Figure 1 is a flow chart of a data transmission method according to an exemplary embodiment of the present application;
图2是基于图1所示实施例示出的另一种数据传输方法的流程图;Figure 2 is a flow chart of another data transmission method based on the embodiment shown in Figure 1;
图3是本申请一示例性实施例示出的另一数据传输方法的流程图;Figure 3 is a flow chart of another data transmission method according to an exemplary embodiment of the present application;
图4是基于图3所示实施例提出的另一数据传输方法的流程图;Figure 4 is a flow chart of another data transmission method proposed based on the embodiment shown in Figure 3;
图5是本申请一示例性实施例示出的另一数据传输方法的流程图;Figure 5 is a flow chart of another data transmission method according to an exemplary embodiment of the present application;
图6是本申请一示例性实施例示出的数据传输方法的应用场景的示意图;Figure 6 is a schematic diagram of an application scenario of a data transmission method according to an exemplary embodiment of the present application;
图7是本申请一示例性实施例示出的车辆域控架构的示意图;Figure 7 is a schematic diagram of the vehicle domain control architecture shown in an exemplary embodiment of the present application;
图8是基于图5所示实施例提出的另一数据传输方法的流程图;Figure 8 is a flow chart of another data transmission method proposed based on the embodiment shown in Figure 5;
图9是基于图5所示实施例提出的另一数据传输方法的流程图;Figure 9 is a flow chart of another data transmission method proposed based on the embodiment shown in Figure 5;
图10是基于图5所示实施例提出的另一数据传输方法的流程图;Figure 10 is a flow chart of another data transmission method proposed based on the embodiment shown in Figure 5;
图11是基于图5所示实施例提出的另一数据传输方法的流程图;Figure 11 is a flow chart of another data transmission method proposed based on the embodiment shown in Figure 5;
图12是基于图11所示实施例提出的另一数据传输方法的流程图;Figure 12 is a flow chart of another data transmission method proposed based on the embodiment shown in Figure 11;
图13是本申请一示例性实施例示出的信息处理装置的结构示意图;Figure 13 is a schematic structural diagram of an information processing device according to an exemplary embodiment of the present application;
图14是本申请一示例性实施例示出的另一信息处理装置的结构示意图;Figure 14 is a schematic structural diagram of another information processing device according to an exemplary embodiment of the present application;
图15是本申请一示例性实施例示出的另一信息处理装置的结构示意图;Figure 15 is a schematic structural diagram of another information processing device according to an exemplary embodiment of the present application;
图16本申请的一示例性实施例示出的电子设备的计算机系统的结构示意图。Figure 16 is a schematic structural diagram of a computer system of an electronic device according to an exemplary embodiment of the present application.
本申请目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。The realization of the purpose, functional features and advantages of the present application will be further described with reference to the embodiments and the accompanying drawings.
具体实施方式Detailed ways
这里将详细地对示例性实施例执行说明,其示例表示在附图中。下面的描述涉及附图时,除非另有表示,不同附图中的相同数字表示相同或相似的要素。以下示例性实施例中所描述的实施方式并不代表与本申请相一致的所有实施方式。相反,它们仅是与如所附权利要求书中所详述的、本申请的一些方面相一致的装置和方法的例子。Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the drawings, the same numbers in different drawings refer to the same or similar elements unless otherwise indicated. The implementations described in the following exemplary embodiments do not represent all implementations consistent with this application. Rather, they are merely examples of apparatus and methods consistent with aspects of the application as detailed in the appended claims.
附图中所示的方框图仅仅是功能实体,不一定必须与物理上独立的实体相对应。即,可以采用软件形式来实现这些功能实体,或在一个或多个硬件模块或集成电路中实现这些功能实体,或在不同网络和/或处理器装置和/或微控制器装置中实现这些功能实体。The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. That is, these functional entities may be implemented in software form, or implemented in one or more hardware modules or integrated circuits, or implemented in different networks and/or processor devices and/or microcontroller devices. entity.
附图中所示的流程图仅是示例性说明,不是必须包括所有的内容和操作/步骤,也不是必须按所描述的顺序执行。例如,有的操作/步骤还可以分解,而有的操作/步骤可以合并或部分合并,因此实际执行的顺序有可能根据实际情况改变。The flowcharts shown in the drawings are only illustrative, and do not necessarily include all contents and operations/steps, nor must they be performed in the order described. For example, some operations/steps can be decomposed, and some operations/steps can be combined or partially combined, so the actual order of execution may change according to actual conditions.
在本申请中提及的“多个”是指两个或者两个以上。“和/或”描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。字符“/”一般表示前后关联对象是一种“或”的关系。The "plurality" mentioned in this application means two or more than two. "And/or" describes the association of related objects, indicating that there can be three relationships. For example, A and/or B can mean: A exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the related objects are in an "or" relationship.
首先请参阅图1,图1是本申请一示例性实施例示出的一种数据传输方法的流程图。该方法应用于总控制方,至少包括S110至S140,详细介绍如下:First, please refer to FIG. 1 , which is a flow chart of a data transmission method according to an exemplary embodiment of the present application. This method applies to the total controller, including at least S110 to S140. The details are as follows:
S110:接收认证方发送的加密后的请求数据;其中,加密后的请求数据是认证方对请求方的身份验证通过后加密得到的。S110: Receive the encrypted request data sent by the authenticator; the encrypted request data is encrypted after the authenticator passes the identity verification of the requester.
总控制方接收认证方发送的认证方对请求方的身份验证通过后加密得到的请求数据。The master controller receives the encrypted request data sent by the authenticator after passing the authentication of the requester.
请求方可以是发送请求数据的终端,如手机、电脑、或者手机中的应用程序等。认证方具有验证请求方身份的功能,认证方是独立的物理服务器,也可以是多个物理服务器构成的服务器集群或者分布式系统,其中多个服务器可组成一区块链,而服务器为区块链上的节点,本处不对其进行限制。The requester can be a terminal that sends the request data, such as a mobile phone, a computer, or an application in the mobile phone. The authenticator has the function of verifying the identity of the requester. The authenticator is an independent physical server, or it can be a server cluster or distributed system composed of multiple physical servers. Multiple servers can form a blockchain, and the server is a block chain. There are no restrictions on the nodes on the chain.
示例性地,请求方为手机中的请求APP,认证方云端的服务器,加密后的请求数据是认证方对请求方的身份验证通过后加密得到的。用户通过手机中的请求APP发送请求数据至服务器的接收端,服务器接收到请求数据时,对手机中的请求APP的账户身份进行验证,请求方的身份验证通过后,认证方对请求数据进行加密外发。For example, the requesting party is the requesting APP in the mobile phone and the server in the authenticating party's cloud. The encrypted request data is encrypted after the authenticating party passes the identity verification of the requesting party. The user sends the request data to the receiving end of the server through the requesting APP in the mobile phone. When the server receives the request data, it verifies the account identity of the requesting APP in the mobile phone. After the requesting party's identity verification passes, the authenticator encrypts the requesting data. Outgoing.
S120:对认证方进行身份验证,得到认证方的身份验证结果。S120: Perform identity verification on the authenticator and obtain the identity verification result of the authenticator.
总控制方可以是中央控制器/单元,即集成控制整个设备的控制器/单元,其控制着多个子控制器/单元,其具有验证认证方身份的功能,还具备加密控制指令和发送控制指令的功能。The overall controller can be a central controller/unit, that is, a controller/unit that integrates control of the entire device. It controls multiple sub-controllers/units. It has the function of verifying the identity of the authenticating party, and also has the ability to encrypt control instructions and send control instructions. function.
总控制方对认证方进行身份验证,示例性地,总控制方收到认证方加密后的请求数据,并对认证方进行身份验证,得到认证方的身份验证成功或失败的身份验证结果。The master controller performs identity verification on the authenticator. For example, the master controller receives the encrypted request data from the authenticator, authenticates the identity of the authenticator, and obtains the identity verification result indicating whether the authentication of the authenticator is successful or failed.
S130:若认证方的身份验证结果表征验证成功,则根据加密后的请求数据生成控制指令,并对控制指令进行加密,得到加密后的控制指令。S130: If the authenticator's identity verification result indicates that the verification is successful, a control instruction is generated based on the encrypted request data, and the control instruction is encrypted to obtain an encrypted control instruction.
若认证方的身份通过了总控制方的验证,总控制方对加密后的请求数据进行解密,得到解密后的请求数据。总控制方根据解密后的请求数据生成该请求数据对应的控制指令,并对其进行加密,得到加密后的控制指令,类似于对请求数据进行了第二次加密。If the identity of the authenticating party passes the verification of the general controller, the general controller decrypts the encrypted request data and obtains the decrypted request data. The total controller generates a control instruction corresponding to the request data based on the decrypted request data, and encrypts it to obtain the encrypted control instruction, which is similar to encrypting the request data for the second time.
值得注意的是,认证方根据指定加密密钥对请求数据进行加密处理后,发送至总控制方,总控制方可以根据与指定加密密钥相匹配的解密密钥对加密后的请求数据进行解密,得到解密后的请求数据。若总控制方对控制指令进行加密处理,可以使用认证方使用的指定加密密钥对控制指令进行加密,也可以用其他密钥进行加密,只需确保总控制方对控制指令进行加密的加密密钥与子控制方对控制指令进行解密的解密密钥相匹配。It is worth noting that the authenticator encrypts the request data according to the specified encryption key and sends it to the master controller. The master controller can decrypt the encrypted request data according to the decryption key that matches the specified encryption key. , get the decrypted request data. If the main controller encrypts the control instructions, the control instructions can be encrypted using the designated encryption key used by the authenticator, or other keys can be used to encrypt the control instructions. Just ensure that the main controller uses the encryption key to encrypt the control instructions. The key matches the decryption key used by the sub-controller to decrypt the control instructions.
S140:将加密后的控制指令发送至子控制方,以使子控制方对加密后的控制指令进行解密,并根据解密后的控制指令进行控制处理。S140: Send the encrypted control instruction to the sub-controller, so that the sub-controller can decrypt the encrypted control instruction and perform control processing according to the decrypted control instruction.
子控制方是总控制方的下行方,即子控制方受总控制方的控制,总控制方可以通过向子控制方发送相关控制指令,以控制子控制方进行控制处理。The sub-controller is the downstream party of the main controller, that is, the sub-controller is controlled by the main controller, and the main controller can control the sub-controller to perform control processing by sending relevant control instructions to the sub-controller.
子控制方接收到总控制方发送的加密后的控制指令,利用相匹配的解密密钥对加密后的控制指令进行解密,并根据解密后的控制指令进行控制处理。The sub-controller receives the encrypted control instruction sent by the main controller, uses the matching decryption key to decrypt the encrypted control instruction, and performs control processing according to the decrypted control instruction.
本实施例通过接收认证方发送的认证方对请求方的身份验证通过后加密得到的请求数据,对请求数据进行加密后再发送,因为只有利用相关密钥才能对其进行解密,确保了请求数据传输过程中的安全性,避免了请求数据泄露。This embodiment receives the encrypted request data sent by the authenticator after the authenticator passes the authentication of the requester, and then encrypts the request data before sending it, because it can only be decrypted by using the relevant key, ensuring that the request data is Security during transmission avoids request data leakage.
同时,对认证方进行身份验证,得到认证方的身份验证结果;若认证方的身份验证结果表征验证成功,则根据加密后的请求数据生成控制指令,并对控制指令进行加密,得到加密后的控制指令;对认证方的身份进行了验证,避免伪装的认证方通过验证。将加密后的控制指令发送至子控制方,以使子控制方对加密后的控制指令进行解密,并根据解密后的控制指令进行控制处理。认证方对请求数据进行了第一次加密传输,总控方根据加密后的请求数据生成控制指令,并对控制指令进行加密,即在请求数据传输过程中进行二次加密,只有利用相关密钥才能获取加密后的控制指令中的控制指令,确保了控制指令传输过程中的安全性,避免了控制指令泄露。At the same time, the identity of the authenticator is verified to obtain the identity verification result of the authenticator; if the identity verification result of the authenticator indicates that the verification is successful, the control instructions are generated based on the encrypted request data, and the control instructions are encrypted to obtain the encrypted Control instructions; the identity of the authenticator is verified to prevent the disguised authenticator from passing the verification. The encrypted control instruction is sent to the sub-controller, so that the sub-controller decrypts the encrypted control instruction and performs control processing according to the decrypted control instruction. The authenticator performs the first encrypted transmission of the request data. The controller generates control instructions based on the encrypted request data and encrypts the control instructions. That is, a second encryption is performed during the transmission of the request data. Only the relevant key is used. Only in this way can the control instructions in the encrypted control instructions be obtained, which ensures the security during the transmission of the control instructions and avoids the leakage of the control instructions.
请参阅图2,图2是基于图1所示实施例示出的另一种数据传输方法的流程图。其中,该方法至少包括S210至S230,加密后的请求数据包括认证方使用过的随机数,详细介绍如下:Please refer to Figure 2, which is a flow chart of another data transmission method based on the embodiment shown in Figure 1. Among them, the method at least includes S210 to S230. The encrypted request data includes the random number used by the authenticator. The details are as follows:
S210:获取随机数,以及记录针对获取随机数时认证方对应的时刻和总控制方对应的时刻。S210: Obtain a random number, and record the time corresponding to the authenticator and the time corresponding to the total controller when obtaining the random number.
随机数是认证方和总控制方使用过的数字。获取随机数时,记录此时认证方对应的时刻和总控制方对应的时刻,此步骤能有效防止重放攻击,即根据时间戳和随机数作为判断是否受到了重放攻击的依据,进而使得身份验证结果更加准确。The random number is the number used by the authenticator and the total controller. When obtaining a random number, record the time corresponding to the authenticator and the time corresponding to the total controller. This step can effectively prevent replay attacks, that is, the timestamp and random number are used as the basis for determining whether a replay attack has occurred, thus making Authentication results are more accurate.
S220:若检测到未存储随机数,且认证方对应的时刻和总控制方对应的时刻相匹配,则确 定对认证方的身份验证成功,得到用于表征认证方的身份验证成功的身份验证结果。S220: If it is detected that the random number is not stored, and the time corresponding to the authenticator matches the time corresponding to the total controller, it is determined that the identity verification of the authenticator is successful, and the identity verification result used to represent the success of the identity verification of the authenticator is obtained. .
示例性地,若随机数为4,存储的随机数包括1,2和3,则4这个随机数并未被使用过,同时,认证方对应的时刻为10:10,总控制方对应的时刻为10:10,则两者时刻相同,则认证方的身份通过了总控制方的验证。For example, if the random number is 4 and the stored random numbers include 1, 2 and 3, then the random number 4 has not been used. At the same time, the time corresponding to the authenticator is 10:10, and the time corresponding to the total controller is 10:10. is 10:10, then the two times are the same, and the identity of the authenticator has passed the verification of the master controller.
S230:若检测到存储有随机数,或者,认证方对应的时刻和总控制方对应的时刻不匹配,则确定对认证方的身份验证失败,得到用于表征认证方的身份验证失败的身份验证结果。S230: If it is detected that a random number is stored, or the time corresponding to the authenticator does not match the time corresponding to the total controller, it is determined that the identity verification of the authenticator failed, and the identity verification used to characterize the identity verification failure of the authenticator is obtained. result.
示例性地,若随机数为4,存储的随机数包括2,3和4,则4这个随机数被使用过;或者认证方对应的时刻为10:10,总控制方对应的时刻为10:00,则两者时刻不相;或者检测到存储有随机数,且认证方对应的时刻和总控制方对应的时刻不匹配,皆表明认证方的身份未通过总控制方的验证,认证方的身份验证结果表征验证失败。此外,本实施例还可以通过编入变化的滚动代码,防止重放攻击,以使请求数据的传输过程变得更加安全。For example, if the random number is 4, and the stored random numbers include 2, 3 and 4, then the random number 4 has been used; or the time corresponding to the authenticator is 10:10, and the time corresponding to the total controller is 10: 00, then the two times are inconsistent; or it is detected that a random number is stored, and the time corresponding to the authenticator does not match the time corresponding to the general controller, which indicates that the identity of the authenticator has not been verified by the general controller, and the authenticator's The authentication result indicates an authentication failure. In addition, this embodiment can also prevent replay attacks by programming changed rolling codes, so that the transmission process of request data becomes more secure.
本实施例通过检测加密后的请求数据中是否包括认证方使用过的随机数,以及认证方和总控制方的时间戳,来防止重放攻击,使得总控制方准确验证认证方的身份,从而使得认证方的身份验证结果更加准确。This embodiment prevents replay attacks by detecting whether the encrypted request data includes the random number used by the authenticator, as well as the timestamps of the authenticator and the general controller, so that the general controller can accurately verify the identity of the authenticator, thereby This makes the identity verification results of the authenticating party more accurate.
请参阅图3,图3是本申请一示例性实施例示出的另一数据传输方法的流程图。该方法应用于子控制方,至少包括S310至S320,详细介绍如下:Please refer to FIG. 3 , which is a flow chart of another data transmission method according to an exemplary embodiment of the present application. This method applies to sub-controllers, including at least S310 to S320. The details are as follows:
S310:接收总控制方发送的加密后的控制指令;其中,加密后的控制指令是总控制方对认证方进行身份验证成功后,根据认证方发送的加密后的请求数据生成控制指令,并对控制指令进行加密得到的。S310: Receive the encrypted control instruction sent by the general controller; wherein, the encrypted control instruction is generated by the general controller based on the encrypted request data sent by the authenticator after successful identity verification of the authenticator, and The control instructions are encrypted.
子控制方收到总控制方发送的加密后的控制指令,加密后的控制指令是总控制方利用指定加密密钥对控制指令进行加密得到的。The sub-controller receives the encrypted control instruction sent by the main controller. The encrypted control instruction is obtained by the main controller encrypting the control instruction using a designated encryption key.
S320:对加密后的控制指令进行解密,得到解密后的控制指令,并根据解密后的控制指令进行控制处理。S320: Decrypt the encrypted control instruction to obtain the decrypted control instruction, and perform control processing according to the decrypted control instruction.
子控制方利用指定解密密钥对接收到的加密后的控制指令进行解密,并根据解密后的控制指令进行控制处理。本实施例中的指定解密密钥和指定加密密钥是相匹配的密钥对。The sub-controller uses the designated decryption key to decrypt the received encrypted control instruction, and performs control processing according to the decrypted control instruction. In this embodiment, the designated decryption key and the designated encryption key are matching key pairs.
本实施例以子控制方为执行方进行了相关数据传输,通过对接收到的加密后的控制指令进行解密,并根据解密后的控制指令进行控制处理,以完成加密后的请求数据中所请求的控制操作。在请求数据传输过程中相当于对请求数据进行了分段式的二次加密,确保了请求数据传输过程中的安全性,避免了请求数据泄露。In this embodiment, the relevant data is transmitted with the sub-controller as the executor, and the received encrypted control instructions are decrypted and the control processing is performed according to the decrypted control instructions to complete the request in the encrypted request data. control operations. During the request data transmission process, the request data is equivalent to segmented secondary encryption, ensuring the security during the request data transmission process and avoiding request data leakage.
图4是基于图3所示实施例提出的另一数据传输方法的流程图。该方法在如图3所示的S320中还包括S410至S420,下面进行详细介绍:FIG. 4 is a flow chart of another data transmission method proposed based on the embodiment shown in FIG. 3 . The method also includes S410 to S420 in S320 as shown in Figure 3, which are introduced in detail below:
S410:接收认证方发送的请求方的身份验证结果。S410: Receive the identity verification result of the requester sent by the authenticator.
认证方对请求方的身份进行验证后向子控制方发送请求方的身份验证结果,其中包括请求方的身份验证成功或失败的验证结果。The authenticator verifies the identity of the requesting party and then sends the identity verification result of the requesting party to the sub-controller, including the verification result of success or failure of the requesting party's identity verification.
S420:若请求方的身份验证结果表征验证成功,则对加密后的控制指令进行解密,得到解密后的控制指令。S420: If the identity verification result of the requesting party indicates that the verification is successful, the encrypted control instruction is decrypted to obtain the decrypted control instruction.
子控制方只有接收到认证方发送的请求方的身份验证成功的验证结果,才会对接收到的加密后的控制指令进行解密,并根据解密后的控制指令进行控制处理。Only when the sub-controller receives the verification result of successful identity verification of the requester sent by the authenticator will it decrypt the received encrypted control instruction and perform control processing according to the decrypted control instruction.
本实施例进一步说明了子控制方解密加密后的控制指令的前置条件,即需要接收到认证方发送的请求方的身份验证成功的验证结果,从而使得整个数据传输过程更加安全,以防止传输各个环节出现数据泄露或被篡改的情况发生。This embodiment further illustrates the precondition for the sub-controller to decrypt the encrypted control instruction, that is, it needs to receive the verification result of the requester's identity verification from the authenticator, thereby making the entire data transmission process more secure to prevent transmission Data leakage or tampering occurs in various aspects.
图5是本申请一示例性实施例示出的另一数据传输方法的流程图。该方法应用于认证方,至少包括S510至S540,详细介绍如下:Figure 5 is a flow chart of another data transmission method according to an exemplary embodiment of the present application. This method applies to authenticators, including at least S510 to S540. The details are as follows:
S510:接收请求方发送的请求数据。S510: Receive the request data sent by the requester.
认证方接收请求方发送的请求数据,该请求数据携带有发送方的身份信息。The authenticator receives the request data sent by the requester, and the request data carries the identity information of the sender.
S520:对请求方进行身份验证,得到请求方的身份验证结果。S520: Perform identity verification on the requester and obtain the identity verification result of the requester.
认证方根据请求数据携带有发送方的身份信息与请求方的身份信息进行匹配,相匹配,则表明请求方通过了身份验证,其身份验证结果表征验证成功;不相匹配,则表明请求方未通过身份验证,其身份验证结果表征验证失败。The authenticator matches the identity information of the sender carried in the request data with the identity information of the requester. If they match, it means that the requester has passed the identity verification, and the identity verification result means that the verification is successful; if they do not match, it means that the requester has not. Authentication is passed and its authentication result represents an authentication failure.
S530:若请求方的身份验证结果表征验证成功,则对请求数据进行加密,得到加密后的请求数据;S530: If the requester's identity verification result indicates that the verification is successful, the request data is encrypted and the encrypted request data is obtained;
本实施例限定若请求方通过了身份验证,认证方则会对请求数据进行加密,得到加密后的请求数据,加密后的请求数据中携带有发送方的身份信息,即携带有认证方自身的身份信息。This embodiment limits that if the requesting party passes the identity verification, the authenticating party will encrypt the request data to obtain encrypted request data. The encrypted request data carries the sender's identity information, that is, it carries the authenticating party's own identity information. Identity Information.
S540:将加密后的请求数据发送至总控制方,以使总控制方对认证方的进行身份验证成功后,根据加密后的请求数据生成控制指令,并对控制指令进行加密,得到加密后的控制指令。S540: Send the encrypted request data to the master controller, so that after the master controller successfully authenticates the authenticator, it generates a control instruction based on the encrypted request data, encrypts the control instruction, and obtains the encrypted Control instruction.
总控制方接收到认证方发送的携带有发送方的身份信息加密后的请求数据,对认证方进行身份验证,根据加密后的请求数据中携带的发送方的身份信息与预设的认证方的身份信息进行匹配,匹配成功,则表明认证方的身份通过了总控制方的验证。The master controller receives the encrypted request data carrying the sender's identity information sent by the authenticator, and performs identity verification on the authenticator. Based on the identity information of the sender carried in the encrypted request data and the preset authentication party's The identity information is matched. If the match is successful, it means that the identity of the authenticator has passed the verification of the master controller.
本实施例以认证方为执行方进行了相关数据传输,通过对身份认证通过的请求方发送的请求数据进行加密,并将加密后的请求数据发送至总控制方,以使总控制方对认证方的进行身份验证成功后,根据加密后的请求数据生成控制指令,并对控制指令进行加密,得到加密后的控制指令。在请求数据传输过程中相当于对请求数据进行了分段式的二次加密,确保了请求数据传输过程中的安全性,避免了请求数据泄露。In this embodiment, relevant data is transmitted with the authenticator as the executor. The request data sent by the requester who has passed the identity authentication is encrypted, and the encrypted request data is sent to the master controller, so that the master controller can verify the authentication. After the party's identity authentication is successful, the control instruction is generated based on the encrypted request data, and the control instruction is encrypted to obtain the encrypted control instruction. During the request data transmission process, the request data is equivalent to segmented secondary encryption, ensuring the security during the request data transmission process and avoiding request data leakage.
在另一实施例中,基于图5所示的实施例,在S520之后还包括:将请求方的身份验证结果发送至子控制方,以使子控制方在请求方的身份验证结果表征验证成功时,对加密后的控制指令进行解密,得到解密后的控制指令。In another embodiment, based on the embodiment shown in Figure 5, after S520, it also includes: sending the identity verification result of the requesting party to the sub-controller, so that the identity verification result of the sub-controlling party on the requesting party indicates that the verification is successful. When, the encrypted control instructions are decrypted to obtain the decrypted control instructions.
具体说明参考上述S420。For specific instructions, refer to S420 above.
本实施例有别于传统的请求控制过程,现有通过请求方发送请求数据至子控制方,以使子控制方根据请求数据进行控制处理。其未将请求数据发送至总控制方,缺乏总控制方对请求数据的处理,降低了其集成控制性能,同时缺乏对请求方的身份认证,并且传输过程中未对请求数据进行加密,防重放攻击等处理。本实施例子控制方需要接收到请求方身份验证成功的验证结果,才会对加密后的控制指令进行解密,并且,加密后的控制指令是总控制方根据请求数据 加密生成的,即请求数据在传输过程中经历了二次加密防盗,以确保数据传输的安全性。This embodiment is different from the traditional request control process. Currently, the requester sends request data to the sub-controller, so that the sub-controller can perform control processing according to the request data. It did not send the request data to the general controller. It lacked the processing of the request data by the general controller, which reduced its integrated control performance. It also lacked the identity authentication of the requester, and the request data was not encrypted during the transmission process to prevent duplication. Put the attack and other processing. In this implementation example, the controller needs to receive the verification result that the requester's identity is successfully authenticated before decrypting the encrypted control instructions. Moreover, the encrypted control instructions are generated by the total controller based on the encryption of the request data, that is, the request data is in During the transmission process, it has undergone secondary encryption to prevent theft to ensure the security of data transmission.
请参阅图6,图6是本申请一示例性实施例示出的数据传输方法的应用场景的示意图。其中,智能客户端APP和电子钥匙为请求方,云服务端的服务器和钥匙信号接收器为认证方,中央域控制单元为总控制方,动力输出端控制单元为子控制方。本实施例还提供了一种的车辆域控架构,其中的中央域控制单元还可以连接控制其他单元,如图7所示,图7是本申请一示例性实施例示出的车辆域控架构的示意图。其中,中央域控制单元至于中央域中,动力输出端控制单元位于动力域中。该车辆域控架构不仅能兼容中央域与动力域分开的域控架构,还兼容其他域控架构,形成一个高度集成化的域控架构。如图7所示,中央域除了连接控制动力域以外还连接控制:前区域控制器、左区域控制器、右区域控制器、后区域控制器、座舱域,智驾域和底盘安全域。该车辆域控架构不仅能满足新国标,还能满足欧标等动力系统防盗要求,在未增加硬件成本的基础上,提高了车辆动力域系统防盗性,使得车辆防盗更加安全可靠。Please refer to FIG. 6 , which is a schematic diagram of an application scenario of a data transmission method according to an exemplary embodiment of the present application. Among them, the smart client APP and electronic key are the requesters, the server and key signal receiver of the cloud server are the authenticators, the central domain control unit is the master controller, and the power output control unit is the sub-controller. This embodiment also provides a vehicle domain control architecture, in which the central domain control unit can also be connected to control other units, as shown in Figure 7. Figure 7 is a vehicle domain control architecture illustrated in an exemplary embodiment of the present application. Schematic diagram. Among them, the central domain control unit is located in the central domain, and the power output end control unit is located in the power domain. The vehicle domain control architecture is not only compatible with the domain control architecture that separates the central domain and the power domain, but is also compatible with other domain control architectures, forming a highly integrated domain control architecture. As shown in Figure 7, in addition to connecting the control power domain, the central domain also connects the control: front area controller, left area controller, right area controller, rear area controller, cockpit domain, intelligent driving domain and chassis safety domain. This vehicle domain control architecture not only meets the new national standards, but also meets the anti-theft requirements of power systems such as European standards. Without increasing the hardware cost, it improves the anti-theft performance of the vehicle power domain system, making vehicle anti-theft safer and more reliable.
如图6所示,用户可以通过远程防盗模块或本地防盗模块触发对车辆进行域控的请求,例如,用户通过远程防盗模块中的智能客户端APP发送请求数据至云服务端的服务器,云服务端的服务器对智能客户端APP的身份进行验证,例如,验证智能客户端APP的账户ID(Identity document,身份标识号),得到身份验证成果或失败的身份验证结果。或者用户通过电子钥匙发送原始请求数据,信号接收器对电子钥匙进行身份验证。As shown in Figure 6, the user can trigger a request for domain control of the vehicle through the remote anti-theft module or the local anti-theft module. For example, the user sends request data to the server of the cloud server through the smart client APP in the remote anti-theft module. The server verifies the identity of the smart client APP, for example, verifies the account ID (Identity document, identification number) of the smart client APP, and obtains the identity verification result or failed identity verification result. Or the user sends the original request data through the electronic key, and the signal receiver authenticates the electronic key.
云服务端的服务器或者钥匙信号接收器对请求数据根据SecOc(Secure Onboard Communication,SecOc,加密通信)进行加密,并基于E2E(End to End,端到端)传输加密后的请求数据至中央域控制单元,即本申请中的总控制方。中央域控制单元对加密后的请求数据进行解密,并根据解密后的请求数据生成控制指令,对其加密后传输至动力输出端控制单元,即本申请的子控制方。The server or key signal receiver on the cloud server encrypts the request data based on SecOc (Secure Onboard Communication, SecOc, encrypted communication), and transmits the encrypted request data to the central domain control unit based on E2E (End to End, end-to-end) , the total controlling party in this application. The central domain control unit decrypts the encrypted request data, generates control instructions based on the decrypted request data, encrypts them and transmits them to the power output end control unit, which is the sub-controller of this application.
动力输出端控制单元接收到加密后的控制指令可以直接对其进行解密,然后根据解密后的控制指令进行控制处理。在某些实施例中,动力输出端控制单元需要接收到远程防盗模块或本地防盗模块发送的请求方的身份验证通过的验证结果,动力输出端控制单元才能对加密后的控制指令进行解密,然后根据解密后的控制指令进行控制处理,若未接收到相关的验证结果,或者验证结果表征请求方身份验证失败,则动力输出端控制单元不进行解密操作,并停止后续的控制处理操作。其中,远程防盗模块或本地防盗模块可以根据SecOc对请求方的身份验证结果进行加密,并基于E2E将加密后的请求方的身份验证结果发送至动力输出端控制单元。The power output end control unit receives the encrypted control instructions and can directly decrypt them, and then performs control processing according to the decrypted control instructions. In some embodiments, the power output control unit needs to receive the verification result that the requester's identity is passed from the remote anti-theft module or the local anti-theft module, so that the power output control unit can decrypt the encrypted control instructions, and then Control processing is performed based on the decrypted control instructions. If the relevant verification results are not received, or the verification results indicate that the requester's identity verification failed, the power output control unit will not perform the decryption operation and stop subsequent control processing operations. Among them, the remote anti-theft module or the local anti-theft module can encrypt the identity verification result of the requester based on SecOc, and send the encrypted identity verification result of the requester to the power output control unit based on E2E.
现有IMMO(Immobilizer,发动机防盗锁止系统)是在通用的VATS基础上发展起来的,在防盗原理上传承了VATS的思路,即利用钥匙中芯片的密码与起动电门中的密码进行匹配来控制发动机的起动,以达到防盗的目的。在本申请某些实施例中,需要同时进行远程防盗和本地防盗,即同时启动远程和本地防盗模块对智能客户端APP和电子钥匙的身份进行验证,确定出两个模块的功能都是目标用户触发的,以提高车辆的防盗性能。The existing IMMO (Immobilizer, engine anti-theft locking system) is developed on the basis of the universal VATS. It inherits the idea of VATS in terms of anti-theft principles, that is, it uses the password of the chip in the key to match the password in the starter switch. Control the starting of the engine to prevent theft. In some embodiments of this application, remote anti-theft and local anti-theft need to be carried out at the same time, that is, the remote and local anti-theft modules are started at the same time to verify the identities of the smart client APP and the electronic key, and it is determined that the functions of both modules are target users. Triggered to improve the vehicle's anti-theft performance.
本实施例中的远程防盗模块和本地防盗模块构成了请求方的身份信息验证系统,可分别单独对请求方的身份信息进行验证,也可以同时启动远程和本地防盗模块对智能客户端APP和电子钥匙的身份进行验证,确定出两个模块的功能都是目标用户触发的,以增强了车辆的防盗功 能。同时,在某些实施例中,动力输出控制单元需要接收到远程防盗模块和/或本地防盗模块发送的请求方的身份验证结果,并通过该身份验证结果判断请求方的身份是否通过验证,请求方的身份验证通过,动力输出控制单元才对加密后的控制指令进行解密,并根据解密后的控制指令进行控制处理,使得整个数据传输过程更加安全。The remote anti-theft module and the local anti-theft module in this embodiment constitute the identity information verification system of the requesting party. They can independently verify the identity information of the requesting party. The remote and local anti-theft modules can also be started at the same time to verify the smart client APP and electronic files. The identity of the key is verified and it is determined that the functions of the two modules are triggered by the target user, thereby enhancing the anti-theft function of the vehicle. At the same time, in some embodiments, the power output control unit needs to receive the identity verification result of the requester sent by the remote anti-theft module and/or the local anti-theft module, and use the identity verification result to determine whether the identity of the requester has passed the verification. Only after the party's identity verification passes, the power output control unit decrypts the encrypted control instructions and performs control processing based on the decrypted control instructions, making the entire data transmission process more secure.
图8是基于图5所示实施例提出的另一数据传输方法的流程图。其中,认证方包括服务器,请求方包括应用程序,该方法S510包括S810,S520包括S820,下面进行详细介绍:FIG. 8 is a flow chart of another data transmission method proposed based on the embodiment shown in FIG. 5 . Among them, the authenticator includes the server, the requester includes the application, the method S510 includes S810, and the S520 includes S820. The following is a detailed introduction:
S810:接收应用程序通过网络发送的请求数据。S810: Receive request data sent by the application through the network.
S820:对应用程序进行身份验证,得到应用程序的身份验证结果。S820: Perform authentication on the application program and obtain the authentication result of the application program.
如图6所示,远程防盗模块中的智能客户端APP为本实施例的应用程序,云服务端的服务器为本实施例的服务器,用户通过智能客户端APP发送请求数据至云服务端的服务器,云服务端的服务器对智能客户端APP的身份进行验证,例如,验证智能客户端APP的账户ID,得到身份验证成果或失败的身份验证结果。As shown in Figure 6, the smart client APP in the remote anti-theft module is the application program of this embodiment, and the server of the cloud server is the server of this embodiment. The user sends request data to the server of the cloud server through the smart client APP, and the cloud server The server on the server side verifies the identity of the smart client APP, for example, verifies the account ID of the smart client APP, and obtains the identity verification result or failed identity verification result.
本实例中的远程防盗模块中的智能客户端APP需与物理载体进行强绑定,例如与手机进行绑定,并在通讯时满足身份认证和防重放攻击,防重放攻击采用随机数比对和时间戳比对,并需编入变化的滚动代码,使得防盗系统更安全可靠。In this example, the smart client APP in the remote anti-theft module needs to be strongly bound to a physical carrier, such as a mobile phone, and must meet identity authentication and anti-replay attacks during communication. The anti-replay attack uses a random number ratio. It is compared with the timestamp and needs to be programmed with changing rolling codes to make the anti-theft system more secure and reliable.
图9是基于图5所示实施例提出的另一数据传输方法的流程图。其中,认证方包括接收器,请求方包括启动器,该方法S510包括S910,S520包括S920,下面进行详细介绍:FIG. 9 is a flow chart of another data transmission method proposed based on the embodiment shown in FIG. 5 . Among them, the authenticator includes the receiver, the requester includes the initiator, the method S510 includes S910, and S520 includes S920. The following is a detailed introduction:
S910:接收启动器通过网络发送的请求数据。S910: Receive request data sent by the initiator through the network.
S920:对启动器进行身份验证,得到启动器的身份验证结果。S920: Perform authentication on the initiator and obtain the authentication result of the initiator.
如图6所示,本地防盗模块中的电子钥匙为本实施例的启动器,钥匙信号接收器为本实施例的接收器,用户通过触控电子钥匙发送请求数据至钥匙信号接收器,钥匙信号接收器对电子钥匙的身份进行验证,例如,通过验证钥匙信号接收器的标识是否与预设标识相匹配,从而得到电子钥匙的身份验证成果或失败的身份验证结果。As shown in Figure 6, the electronic key in the local anti-theft module is the starter of this embodiment, and the key signal receiver is the receiver of this embodiment. The user sends request data to the key signal receiver by touching the electronic key, and the key signal The receiver verifies the identity of the electronic key, for example, by verifying whether the identity of the key signal receiver matches a preset identity, thereby obtaining the identity verification result or failed identity verification result of the electronic key.
本实施例中的电子钥匙可以通过无线射频网络、蓝牙、蜂窝网络等将请求数据传输至钥匙信号接收器,同样需要在通讯时满足身份认证和防重放攻击,防重放攻击采用随机数比对和时间戳比对,并需编入变化的滚动代码,使得防盗系统更安全可靠。The electronic key in this embodiment can transmit request data to the key signal receiver through a wireless radio frequency network, Bluetooth, cellular network, etc. It also needs to meet identity authentication and anti-replay attacks during communication. The anti-replay attacks use a random number ratio. It is compared with the timestamp and needs to be programmed with changing rolling codes to make the anti-theft system more secure and reliable.
图10是基于图5所示实施例提出的另一数据传输方法的流程图。其中,请求方为信号发送器,认证方为车辆的防盗控制器,请求数据包括信号发送器使用过的随机数;该方法S520包括S1010至S1030,下面进行详细介绍:FIG. 10 is a flow chart of another data transmission method proposed based on the embodiment shown in FIG. 5 . Among them, the requesting party is the signal transmitter, and the authenticating party is the anti-theft controller of the vehicle. The request data includes the random number used by the signal transmitter; the method S520 includes S1010 to S1030, which are introduced in detail below:
S1010:获取随机数,以及记录针对获取随机数时信号发送器对应的时刻和防盗控制器对应的时刻。S1010: Obtain a random number, and record the time corresponding to the signal transmitter and the time corresponding to the anti-theft controller when the random number is obtained.
本实施例的随机数是信号发送器和车辆的防盗控制器数据交互过程中产生的数字。获取随机数时,记录此时信号发送器对应的时刻和车辆的防盗控制器对应的时刻,此步骤能有效防止重放攻击,即根据时间戳和随机数作为判断是否受到了重放攻击的依据,进而使得信号发送器的身份验证结果更加准确。The random number in this embodiment is a number generated during the data interaction process between the signal transmitter and the vehicle's anti-theft controller. When obtaining a random number, record the time corresponding to the signal transmitter and the time corresponding to the vehicle's anti-theft controller. This step can effectively prevent replay attacks, that is, the timestamp and random number are used as the basis for determining whether a replay attack has occurred. , thus making the identity verification results of the signal transmitter more accurate.
S1020:若检测到未存储随机数,且信号发送器对应的时刻和防盗控制器对应的时刻相匹配, 则确定对信号发送器的身份验证成功,得到用于表征信号发送器的身份验证成功的身份验证结果。S1020: If it is detected that the random number is not stored and the time corresponding to the signal transmitter matches the time corresponding to the anti-theft controller, it is determined that the identity verification of the signal transmitter is successful, and the identity verification of the signal transmitter is obtained. Authentication results.
若检测到未存储随机数,则说明该随机数未被信号发送器和车辆的防盗控制器使用过,若信号发送器对应的时刻和防盗控制器对应的时刻相匹配,则确定防盗控制器对信号发送器的身份验证成功。If it is detected that the random number is not stored, it means that the random number has not been used by the signal transmitter and the vehicle's anti-theft controller. If the time corresponding to the signal transmitter matches the time corresponding to the anti-theft controller, it is determined that the anti-theft controller is correct. Authentication of the signal sender was successful.
S1030:若检测到存储有随机数,或者,信号发送器对应的时刻和防盗控制器对应的时刻不匹配,则确定对信号发送器的身份验证失败,得到用于表征信号发送器的身份验证失败的身份验证结果。S1030: If it is detected that a random number is stored, or the time corresponding to the signal transmitter does not match the time corresponding to the anti-theft controller, it is determined that the identity verification of the signal transmitter has failed, and the identity verification failure used to characterize the signal transmitter is obtained. the authentication result.
示例性地,若随机数为10,存储的随机数包括6,9和10,则10这个随机数被使用过;或者信号发送器对应的时刻为10:10,防盗控制器对应的时刻为10:00,则两者时刻不相;或者检测到存储有随机数,且信号发送器对应的时刻和防盗控制器对应的时刻不匹配,皆表明认证方的身份未通过防盗控制器的验证,信号发送器的身份验证结果表征验证失败。For example, if the random number is 10, and the stored random numbers include 6, 9 and 10, then the random number 10 has been used; or the time corresponding to the signal transmitter is 10:10, and the time corresponding to the anti-theft controller is 10 :00, then the two times are not phased; or it is detected that a random number is stored, and the time corresponding to the signal transmitter and the time corresponding to the anti-theft controller do not match, both indicate that the identity of the authenticator has not been verified by the anti-theft controller, and the signal The sender's authentication result indicates an authentication failure.
本实施例中数据传输方法应用于车辆领域,通过车辆的防盗控制器对信号发送器的身份进行了验证,根据随机数和时间戳的参数,有效防止重放攻击。In this embodiment, the data transmission method is applied in the field of vehicles. The identity of the signal transmitter is verified through the anti-theft controller of the vehicle. According to the parameters of random number and time stamp, replay attacks are effectively prevented.
图11是基于图5所示实施例提出的另一数据传输方法的流程图。其中,请求方为信号发送器,认证方为车辆的防盗控制器,防盗控制器包括远程防盗器和/或本地防盗器;远程防盗器对应的信号发送器为移动终端,本地防盗器对应的信号发送器为具有信号发送功能的钥匙;若防盗控制器包括远程防盗器或本地防盗器;该方法S520包括S1110或S1120,下面进行详细介绍:FIG. 11 is a flow chart of another data transmission method proposed based on the embodiment shown in FIG. 5 . Among them, the requester is the signal transmitter, and the authenticator is the anti-theft controller of the vehicle. The anti-theft controller includes a remote anti-theft device and/or a local anti-theft device; the signal transmitter corresponding to the remote anti-theft device is a mobile terminal, and the signal corresponding to the local anti-theft device The transmitter is a key with signal sending function; if the anti-theft controller includes a remote anti-theft device or a local anti-theft device; the method S520 includes S1110 or S1120, which will be introduced in detail below:
S1110:远程防盗器对移动终端进行身份验证,得到信号发送器的身份验证结果。S1110: The remote anti-theft device performs identity verification on the mobile terminal and obtains the identity verification result of the signal transmitter.
远程防盗器可以是云服务端的服务器,其在云端对移动终端进行身份验证,由于云端计算资源充足,使得身份验证更加快捷。The remote anti-theft device can be a server on the cloud server, which performs identity verification on the mobile terminal in the cloud. Due to sufficient cloud computing resources, identity verification is faster.
移动终端,可以是手机、平板电脑、笔记本电脑等,具体可为物理载体中的智能客户端APP,用户可以通过该智能客户端APP向远程防盗控制器发送携带有用户信息的请求数据,以使远程防盗器在云端根据请求数据中携带的用户信息对智能客户端APP进行身份验证。The mobile terminal can be a mobile phone, a tablet computer, a laptop, etc., and can specifically be a smart client APP in a physical carrier. The user can send request data carrying user information to the remote anti-theft controller through the smart client APP, so that the The remote anti-theft device authenticates the smart client APP in the cloud based on the user information carried in the request data.
S1120:本地防盗器对钥匙进行身份验证,得到信号发送器的身份验证结果。S1120: The local anti-theft device authenticates the key and obtains the identity authentication result of the signal transmitter.
本实施例中的钥匙具有发送信号的功能,但是其发送的信号可达范围有限,本地防盗器需要在一定物理距离内才能接收到钥匙发送的信号。The key in this embodiment has the function of sending signals, but the reachable range of the signals it sends is limited. The local anti-theft device needs to be within a certain physical distance to receive the signals sent by the key.
本实施例中车辆的防盗控制器对信号发送器只需进行远程验证或者本地验证,就能完成防盗控制器对信号发送器的身份验证。其中,远程防盗器对移动终端的身份验证成功,或本地防盗器对钥匙的身份验证成功,则车辆的防盗控制器对信号发送器的身份认证成功,即只需通过本地身份验证或远程身份验证,就能进行后续的数据传输过程。In this embodiment, the anti-theft controller of the vehicle only needs to perform remote verification or local verification of the signal transmitter, and then the identity verification of the signal transmitter by the anti-theft controller can be completed. Among them, if the identity verification of the mobile terminal by the remote anti-theft device is successful, or the identity verification of the key by the local anti-theft device is successful, then the identity authentication of the signal transmitter by the vehicle's anti-theft controller is successful, that is, only local identity verification or remote identity verification is required. , the subsequent data transmission process can be carried out.
图12是基于图11所示实施例提出的另一数据传输方法的流程图。其中,若防盗控制器包括远程防盗器和本地防盗器;该方法S520包括S1210至S1230,下面进行详细介绍:FIG. 12 is a flow chart of another data transmission method proposed based on the embodiment shown in FIG. 11 . Among them, if the anti-theft controller includes a remote anti-theft device and a local anti-theft device; the method S520 includes S1210 to S1230, which are introduced in detail below:
S1210:远程防盗器对移动终端进行身份验证,得到移动终端的身份验证结果。S1210: The remote anti-theft device performs identity verification on the mobile terminal and obtains the identity verification result of the mobile terminal.
远程防盗器对移动终端的身份验证结果为该移动终端的身份验证结果,其是组成信号发送器的身份验证结果的一部分。The identity verification result of the mobile terminal by the remote anti-theft device is the identity verification result of the mobile terminal, which is part of the identity verification result that constitutes the signal transmitter.
S1220:本地防盗器对钥匙进行身份验证,得到钥匙的身份验证结果。S1220: The local anti-theft device authenticates the key and obtains the key's identity verification result.
本地防盗器对钥匙的身份验证结果为该钥匙的身份验证结果,其是组成信号发送器的身份验证结果的一部分。The authentication result of the key by the local immobilizer is the authentication result of the key, which forms part of the authentication result of the signal transmitter.
S1230:根据移动终端的身份验证结果和钥匙的身份验证结果,得到信号发送器的身份验证结果。S1230: Obtain the identity verification result of the signal transmitter based on the identity verification result of the mobile terminal and the identity verification result of the key.
在具体实施例中,信号发送器的身份验证结果包括成功的验证结果和失败的验证结果;成功的验证结果表征移动终端的身份和钥匙的身份通过了验证;失败的验证结果表征移动终端的身份或钥匙的身份中至少一方的身份未通过验证。In a specific embodiment, the identity verification result of the signal transmitter includes a successful verification result and a failed verification result; a successful verification result indicates that the identity of the mobile terminal and the identity of the key have passed the verification; a failed verification result indicates that the identity of the mobile terminal or the identity of at least one of the key's identities has not been verified.
若移动终端的身份验证结果表征移动终端的身份验证失败,或者钥匙的身份验证结果表征钥匙的身份验证失败,则得到表征信号发送器的身份验证失败的身份验证结果。If the identity verification result of the mobile terminal represents the identity verification failure of the mobile terminal, or the identity verification result of the key represents the identity verification failure of the key, then an identity verification result indicating the identity verification failure of the signal transmitter is obtained.
若移动终端的身份验证结果表征移动终端的身份验证成功,且钥匙的身份验证结果表征钥匙的身份验证成功,则得到表征信号发送器的身份验证成功的身份验证结果。If the identity verification result of the mobile terminal indicates that the identity verification of the mobile terminal is successful, and the identity verification result of the key indicates that the identity verification of the key is successful, then an identity verification result indicating that the identity verification of the signal transmitter is successful is obtained.
本实施例中车辆的防盗控制器对信号发送器需要进行远程验证和本地验证,并且需要该双重验证都通过后,防盗控制器对信号发送器的身份验证才会成功,双重验证机制使得车辆的防盗系统更加安全可靠。In this embodiment, the anti-theft controller of the vehicle needs to perform remote verification and local verification of the signal transmitter, and only after the double verification is passed, the anti-theft controller can successfully authenticate the signal transmitter. The double verification mechanism makes the vehicle The anti-theft system is more secure and reliable.
本申请的另一方面还提供了一种信息处理装置,如图13所示,图13是本申请一示例性实施例示出的信息处理装置的结构示意图。其中,信息处理装置应用于总控制方,包括:Another aspect of the present application also provides an information processing device, as shown in Figure 13. Figure 13 is a schematic structural diagram of an information processing device according to an exemplary embodiment of the present application. Among them, the information processing device is applied to the main controller, including:
加密请求接收模块1310,被配置为接收认证方发送的加密后的请求数据;其中,加密后的请求数据是认证方对请求方的身份验证通过后加密得到的。The encrypted request receiving module 1310 is configured to receive encrypted request data sent by the authenticator; wherein the encrypted request data is encrypted after the authenticator passes the identity verification of the requester.
认证方身份验证模块1330,被配置为对认证方进行身份验证,得到认证方的身份验证结果。The authenticator identity verification module 1330 is configured to perform identity verification on the authenticator and obtain the identity verification result of the authenticator.
控制指令加密模块1350,被配置为若认证方的身份验证结果表征验证成功,则根据加密后的请求数据生成控制指令,并对控制指令进行加密,得到加密后的控制指令。The control instruction encryption module 1350 is configured to generate a control instruction based on the encrypted request data and encrypt the control instruction to obtain an encrypted control instruction if the authenticator's identity verification result indicates that the verification is successful.
加密控制指令发送模块1370,被配置为将加密后的控制指令发送至子控制方,以使子控制方对加密后的控制指令进行解密,并根据解密后的控制指令进行控制处理。The encrypted control instruction sending module 1370 is configured to send the encrypted control instruction to the sub-controller, so that the sub-controller decrypts the encrypted control instruction and performs control processing according to the decrypted control instruction.
在另一实施例中,加密后的请求数据包括认证方使用过的随机数;认证方身份验证模块1330包括:In another embodiment, the encrypted request data includes a random number used by the authenticator; the authenticator identity verification module 1330 includes:
随机数获取单元,被配置为获取随机数,以及记录针对获取随机数时认证方对应的时刻和总控制方对应的时刻。The random number obtaining unit is configured to obtain the random number, and record the time corresponding to the authenticator and the time corresponding to the total controller when obtaining the random number.
认证方验证成功单元,被配置为若检测到未存储随机数,且认证方对应的时刻和总控制方对应的时刻相匹配,则确定对认证方的身份验证成功,得到用于表征认证方的身份验证成功的身份验证结果。The authenticator verification success unit is configured so that if it is detected that the random number is not stored and the time corresponding to the authenticator matches the time corresponding to the total controller, it is determined that the identity verification of the authenticator is successful and a value used to characterize the authenticator is obtained. Authentication result for successful authentication.
认证方验证失败单元,被配置为若检测到存储有随机数,或者,认证方对应的时刻和总控制方对应的时刻不匹配,则确定对认证方的身份验证失败,得到用于表征认证方的身份验证失败的身份验证结果。The authenticator verification failure unit is configured to determine that the identity verification of the authenticator failed if it detects that a random number is stored, or that the time corresponding to the authenticator does not match the time corresponding to the total controller, and is used to characterize the authenticator. Authentication result for authentication failure.
如图14所示,图14是本申请一示例性实施例示出的另一信息处理装置的结构示意图。其中,信息处理装置应用于子控制方,包括:As shown in FIG. 14 , FIG. 14 is a schematic structural diagram of another information processing device according to an exemplary embodiment of the present application. Among them, the information processing device is applied to the sub-controlling party, including:
加密控制指令接收模块1410,被配置为接收总控制方发送的加密后的控制指令;其中,加密后的控制指令是总控制方对认证方进行身份验证成功后,根据认证方发送的加密后的请求数据生成控制指令,并对控制指令进行加密得到的。The encrypted control instruction receiving module 1410 is configured to receive the encrypted control instruction sent by the general controller; wherein the encrypted control instruction is based on the encrypted control instruction sent by the authenticator after the general controller successfully authenticates the authenticator. The request data generates control instructions and encrypts the control instructions.
控制指令解密模块1430,被配置为对加密后的控制指令进行解密,得到解密后的控制指令,并根据解密后的控制指令进行控制处理。The control instruction decryption module 1430 is configured to decrypt the encrypted control instruction, obtain the decrypted control instruction, and perform control processing according to the decrypted control instruction.
在另一实施例中,控制指令解密模块1430包括:In another embodiment, the control instruction decryption module 1430 includes:
请求方的身份验证结果接收单元,被配置为接收认证方发送的请求方的身份验证结果。The requesting party's identity verification result receiving unit is configured to receive the requesting party's identity verification result sent by the authenticating party.
控制指令解密单元,被配置为若请求方的身份验证结果表征验证成功,则对加密后的控制指令进行解密,得到解密后的控制指令。The control instruction decryption unit is configured to decrypt the encrypted control instruction to obtain the decrypted control instruction if the identity verification result of the requesting party indicates that the verification is successful.
如图15所示,图15是本申请一示例性实施例示出的另一信息处理装置的结构示意图。其中,信息处理装置应用于认证方,包括:As shown in FIG. 15 , FIG. 15 is a schematic structural diagram of another information processing device according to an exemplary embodiment of the present application. Among them, the information processing device is used in the authenticating party, including:
请求数据接收模块1510,被配置为接收请求方发送的请求数据;The request data receiving module 1510 is configured to receive the request data sent by the requesting party;
请求方身份验证模块1530,被配置为对请求方进行身份验证,得到请求方的身份验证结果;The requester identity verification module 1530 is configured to authenticate the requester and obtain the identity verification result of the requester;
请求数据加密模块1550,被配置为若请求方的身份验证结果表征验证成功,则对请求数据进行加密,得到加密后的请求数据;The request data encryption module 1550 is configured to encrypt the request data to obtain encrypted request data if the requester's identity verification result indicates that the verification is successful;
加密请求数据发送模块1570,被配置为将加密后的请求数据发送至总控制方,以使总控制方对认证方的进行身份验证成功后,根据加密后的请求数据生成控制指令,并对控制指令进行加密,得到加密后的控制指令。The encrypted request data sending module 1570 is configured to send the encrypted request data to the general controller, so that after the general controller successfully authenticates the authenticator, it can generate a control instruction based on the encrypted request data and control the control. The instructions are encrypted and the encrypted control instructions are obtained.
在另一实施例中,信息处理装置还包括:In another embodiment, the information processing device further includes:
控制发送模块,被配置为将请求方的身份验证结果发送至子控制方,以使子控制方在请求方的身份验证结果表征验证成功时,对加密后的控制指令进行解密,得到解密后的控制指令。The control sending module is configured to send the identity verification result of the requesting party to the sub-controller, so that when the identity verification result of the requesting party indicates that the verification is successful, the sub-controlling party decrypts the encrypted control instruction and obtains the decrypted control instruction. Control instruction.
在另一实施例中,认证方包括服务器,请求方包括应用程序;请求数据接收模块1510包括:In another embodiment, the authenticator includes a server, and the requester includes an application; the request data receiving module 1510 includes:
请求数据接收单元,被配置为接收应用程序通过网络发送的请求数据;a request data receiving unit configured to receive request data sent by the application through the network;
请求方身份验证模块1530包括: Requestor authentication module 1530 includes:
应用程序的身份验证单元,被配置为对应用程序进行身份验证,得到应用程序的身份验证结果。The authentication unit of the application is configured to authenticate the application and obtain the authentication result of the application.
在另一实施例中,认证方包括接收器,请求方包括启动器;请求数据接收模块1510包括:In another embodiment, the authenticator includes a receiver, and the requester includes an initiator; the request data receiving module 1510 includes:
接收启动器通过网络发送的请求数据。Receives request data sent over the network by the initiator.
请求方身份验证模块1530包括: Requestor authentication module 1530 includes:
对启动器进行身份验证,得到启动器的身份验证结果。Authenticate the initiator and get the authentication result of the initiator.
在另一实施例中,请求方为信号发送器,认证方为车辆的防盗控制器,请求数据包括信号发送器使用过的随机数;请求方身份验证模块包括:In another embodiment, the requesting party is the signal transmitter, the authenticating party is the anti-theft controller of the vehicle, and the request data includes the random number used by the signal transmitter; the requesting party identity verification module includes:
车辆随机数获取单元,被配置为获取随机数,以及记录针对获取随机数时信号发送器对应的时刻和防盗控制器对应的时刻。The vehicle random number acquisition unit is configured to acquire the random number, and record the time corresponding to the signal transmitter and the time corresponding to the anti-theft controller when acquiring the random number.
信号发送器身份验证成功单元,被配置为若检测到未存储随机数,且信号发送器对应的时刻和防盗控制器对应的时刻相匹配,则确定对信号发送器的身份验证成功,得到用于表征信号 发送器的身份验证成功的身份验证结果。The signal transmitter identity verification success unit is configured to determine that the identity verification of the signal transmitter is successful if it detects that no random number is stored and the time corresponding to the signal transmitter matches the time corresponding to the anti-theft controller. Authentication result that characterizes successful authentication of the signal sender.
信号发送器身份验证失败单元,被配置为若检测到存储有随机数,或者,信号发送器对应的时刻和防盗控制器对应的时刻不匹配,则确定对信号发送器的身份验证失败,得到用于表征信号发送器的身份验证失败的身份验证结果。The signal transmitter identity verification failure unit is configured to determine that the identity verification of the signal transmitter fails if it detects that a random number is stored or that the time corresponding to the signal transmitter does not match the time corresponding to the anti-theft controller. An authentication result that characterizes a signal sender's authentication failure.
在另一实施例中,请求方为信号发送器,认证方为车辆的防盗控制器,防盗控制器包括远程防盗器和/或本地防盗器;请求方身份验证模块包括:In another embodiment, the requesting party is the signal transmitter, and the authenticating party is the anti-theft controller of the vehicle. The anti-theft controller includes a remote anti-theft device and/or a local anti-theft device; the requesting party identity verification module includes:
第一车辆信号发送器验证单元,被配置为远程防盗器对移动终端进行身份验证,得到信号发送器的身份验证结果;或者The first vehicle signal transmitter verification unit is configured as a remote anti-theft device to perform identity verification on the mobile terminal and obtain the identity verification result of the signal transmitter; or
第二车辆信号发送器验证单元,被配置为本地防盗器对钥匙进行身份验证,得到信号发送器的身份验证结果。The second vehicle signal transmitter verification unit is configured as a local anti-theft device to perform identity verification on the key and obtain the identity verification result of the signal transmitter.
在另一实施例中,若防盗控制器包括远程防盗器和本地防盗器;请求方身份验证模块包括:In another embodiment, if the anti-theft controller includes a remote anti-theft device and a local anti-theft device; the requester identity verification module includes:
第一车辆验证单元,被配置为远程防盗器对移动终端进行身份验证,得到移动终端的身份验证结果。The first vehicle verification unit is configured as a remote anti-theft device to perform identity verification on the mobile terminal and obtain the identity verification result of the mobile terminal.
第二车辆验证单元,被配置为本地防盗器对钥匙进行身份验证,得到钥匙的身份验证结果。The second vehicle verification unit is configured as a local anti-theft device to perform identity verification on the key and obtain the identity verification result of the key.
车辆信号发送器身份验证单元,被配置为根据移动终端的身份验证结果和钥匙的身份验证结果,得到信号发送器的身份验证结果。The vehicle signal transmitter identity verification unit is configured to obtain the identity verification result of the signal transmitter based on the identity verification result of the mobile terminal and the identity verification result of the key.
在另一实施例中,信号发送器的身份验证结果包括成功的验证结果和失败的验证结果;成功的验证结果表征移动终端的身份和钥匙的身份通过了验证;失败的验证结果表征移动终端的身份或钥匙的身份中至少一方的身份未通过验证。In another embodiment, the identity verification result of the signal transmitter includes a successful verification result and a failed verification result; a successful verification result represents that the identity of the mobile terminal and the identity of the key have passed the verification; a failed verification result represents that the identity of the mobile terminal The identity of at least one of the identity or the key's identity has not been verified.
需要说明的是,上述实施例所提供的信息处理装置与前述实施例所提供的数据传输方法属于同一构思,其中各个模块和单元执行操作的具体方式已经在方法实施例中进行了详细描述,这里不再赘述。It should be noted that the information processing device provided by the above embodiments and the data transmission method provided by the previous embodiments belong to the same concept, and the specific manner in which each module and unit performs operations has been described in detail in the method embodiments. Here No longer.
本申请的另一方面还提供了一种电子设备,包括:控制器;存储器,用于存储一个或多个程序,当一个或多个程序被控制器执行时,以执行上述的方法。Another aspect of the application also provides an electronic device, including: a controller; and a memory for storing one or more programs, to perform the above method when the one or more programs are executed by the controller.
请参阅图16,图16是本申请的一示例性实施例示出的电子设备的计算机系统的结构示意图,其示出了适于用来实现本申请实施例的电子设备的计算机系统的结构示意图。Please refer to FIG. 16 . FIG. 16 is a schematic structural diagram of a computer system of an electronic device according to an exemplary embodiment of the present application. It shows a schematic structural diagram of a computer system of an electronic device suitable for implementing the embodiment of the present application.
需要说明的是,图16示出的电子设备的计算机系统1600仅是一个示例,不应对本申请实施例的功能和使用范围带来任何限制。It should be noted that the computer system 1600 of the electronic device shown in FIG. 16 is only an example, and should not impose any restrictions on the functions and scope of use of the embodiments of the present application.
如图16所示,计算机系统1600包括中央处理单元(Central Processing Unit,CPU)1601,其可以根据存储在只读存储器(Read-Only Memory,ROM)1602中的程序或者从存储部分1608加载到随机访问存储器(Random Access Memory,RAM)1603中的程序而执行各种适当的动作和处理,例如执行上述实施例中的方法。在RAM 1603中,还存储有系统操作所需的各种程序和数据。CPU 1601、ROM 1602以及RAM 1603通过总线1604彼此相连。输入/输出(Input/Output,I/O)接口1605也连接至总线1604。As shown in Figure 16, the computer system 1600 includes a central processing unit (Central Processing Unit, CPU) 1601, which can be loaded into a random computer according to a program stored in a read-only memory (Read-Only Memory, ROM) 1602 or from a storage portion 1608. Access the program in the memory (Random Access Memory, RAM) 1603 to perform various appropriate actions and processing, such as performing the method in the above embodiment. In RAM 1603, various programs and data required for system operation are also stored. CPU 1601, ROM 1602 and RAM 1603 are connected to each other through bus 1604. An input/output (I/O) interface 1605 is also connected to bus 1604.
以下部件连接至I/O接口1605:包括键盘、鼠标等的输入部分1606;包括诸如阴极射线管(Cathode Ray Tube,CRT)、液晶显示器(Liquid Crystal Display,LCD)等以及扬声器等的输出部分 1607;包括硬盘等的存储部分1608;以及包括诸如LAN(Local Area Network,局域网)卡、调制解调器等的网络接口卡的通信部分1609。通信部分1609经由诸如因特网的网络执行通信处理。驱动器1610也根据需要连接至I/O接口1605。可拆卸介质1611,诸如磁盘、光盘、磁光盘、半导体存储器等等,根据需要安装在驱动器1610上,以便于从其上读出的计算机程序根据需要被安装入存储部分1608。The following components are connected to the I/O interface 1605: an input part 1606 including a keyboard, a mouse, etc.; an output part 1607 including a cathode ray tube (Cathode Ray Tube, CRT), a liquid crystal display (Liquid Crystal Display, LCD), etc., and a speaker, etc. ; a storage part 1608 including a hard disk, etc.; and a communication part 1609 including a network interface card such as a LAN (Local Area Network) card, a modem, etc. The communication section 1609 performs communication processing via a network such as the Internet. Driver 1610 is also connected to I/O interface 1605 as needed. Removable media 1611, such as magnetic disks, optical disks, magneto-optical disks, semiconductor memories, etc., are installed on the drive 1610 as needed, so that a computer program read therefrom is installed into the storage portion 1608 as needed.
特别地,根据本申请的实施例,上文参考流程图描述的过程可以被实现为计算机软件程序。例如,本申请的实施例包括一种计算机程序产品,其包括承载在计算机可读介质上的计算机程序,该计算机程序包含用于执行流程图所示的方法的计算机程序。在这样的实施例中,该计算机程序可以通过通信部分1609从网络上被下载和安装,和/或从可拆卸介质1611被安装。在该计算机程序被中央处理单元(CPU)1601执行时,执行本申请的系统中限定的各种功能。In particular, according to embodiments of the present application, the process described above with reference to the flowchart may be implemented as a computer software program. For example, embodiments of the present application include a computer program product including a computer program carried on a computer-readable medium, the computer program including a computer program for performing the method shown in the flowchart. In such embodiments, the computer program may be downloaded and installed from the network via communications portion 1609, and/or installed from removable media 1611. When the computer program is executed by the central processing unit (CPU) 1601, various functions defined in the system of the present application are executed.
需要说明的是,本申请实施例所示的计算机可读介质可以是计算机可读信号介质或者计算机可读存储介质或者是上述两者的任意组合。计算机可读存储介质例如可以是电、磁、光、电磁、红外线、或半导体的系统、装置或器件,或者任意以上的组合。计算机可读存储介质的更具体的例子可以包括但不限于:具有一个或多个导线的电连接、便携式计算机磁盘、硬盘、随机访问存储器(RAM)、只读存储器(ROM)、可擦式可编程只读存储器(Erasable Programmable Read Only Memory,EPROM)、闪存、光纤、便携式紧凑磁盘只读存储器(Compact Disc Read-Only Memory,CD-ROM)、光存储器件、磁存储器件、或者上述的任意合适的组合。在本申请中,计算机可读存储介质可以是任何包含或存储程序的有形介质,该程序可以被指令执行系统、装置或者器件使用或者与其结合使用。而在本申请中,计算机可读的信号介质可以包括在基带中或者作为载波一部分传播的数据信号,其中承载了计算机可读的计算机程序。这种传播的数据信号可以采用多种形式,包括但不限于电磁信号、光信号或上述的任意合适的组合。计算机可读的信号介质还可以是计算机可读存储介质以外的任何计算机可读介质,该计算机可读介质可以发送、传播或者传输用于由指令执行系统、装置或者器件使用或者与其结合使用的程序。计算机可读介质上包含的计算机程序可以用任何适当的介质传输,包括但不限于:无线、有线等等,或者上述的任意合适的组合。It should be noted that the computer-readable medium shown in the embodiments of the present application may be a computer-readable signal medium or a computer-readable storage medium, or any combination of the above two. The computer-readable storage medium may be, for example, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, device or device, or any combination thereof. More specific examples of computer readable storage media may include, but are not limited to: an electrical connection having one or more wires, a portable computer disk, a hard drive, random access memory (RAM), read only memory (ROM), removable Programmable Read-Only Memory (Erasable Programmable Read Only Memory, EPROM), flash memory, optical fiber, portable compact disk read-only memory (Compact Disc Read-Only Memory, CD-ROM), optical storage device, magnetic storage device, or any of the above suitable The combination. As used herein, a computer-readable storage medium may be any tangible medium that contains or stores a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, a computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, in which a computer-readable computer program is carried. Such propagated data signals may take many forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination of the above. A computer-readable signal medium may also be any computer-readable medium other than a computer-readable storage medium that can send, propagate, or transmit a program for use by or in connection with an instruction execution system, apparatus, or device . Computer programs embodied on computer-readable media may be transmitted using any suitable medium, including but not limited to: wireless, wired, etc., or any suitable combination of the above.
附图中的流程图和框图,图示了按照本申请各种实施例的系统、方法和计算机程序产品的可能实现的体系架构、功能和操作。其中,流程图或框图中的每个方框可以代表一个模块、程序段、或代码的一部分,上述模块、程序段、或代码的一部分包含一个或多个用于实现规定的逻辑功能的可执行指令。也应当注意,在有些作为替换的实现中,方框中所标注的功能也可以以不相同于附图中所标注的顺序发生。例如,两个接连地表示的方框实际上可以基本并行地执行,它们有时也可以按相反的顺序执行,这依所涉及的功能而定。也要注意的是,框图或流程图中的每个方框、以及框图或流程图中的方框的组合,可以用执行规定的功能或操作的专用的基于硬件的系统来实现,或者可以用专用硬件与计算机指令的组合来实现。The flowcharts and block diagrams in the accompanying drawings illustrate the architecture, functionality, and operations of possible implementations of systems, methods, and computer program products according to various embodiments of the present application. Each block in the flow chart or block diagram may represent a module, program segment, or part of the code. The above-mentioned module, program segment, or part of the code includes one or more executable components for implementing the specified logical function. instruction. It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown one after another may actually execute substantially in parallel, or they may sometimes execute in the reverse order, depending on the functionality involved. It will also be noted that each block in the block diagram or flowchart illustration, and combinations of blocks in the block diagram or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or operations, or may be implemented by special purpose hardware-based systems that perform the specified functions or operations. Achieved by a combination of specialized hardware and computer instructions.
描述于本申请实施例中所涉及到的单元可以通过软件的方式实现,也可以通过硬件的方式来实现,所描述的单元也可以设置在处理器中。其中,这些单元的名称在某种情况下并不构成对该单元本身的限定。The units involved in the embodiments of this application can be implemented in software or hardware, and the described units can also be provided in a processor. Among them, the names of these units do not constitute a limitation on the unit itself under certain circumstances.
本申请的另一方面还提供了一种计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时实现如前的数据传输方法。该计算机可读存储介质可以是上述实施例中描述的电子设备中所包含的,也可以是单独存在,而未装配入该电子设备中。Another aspect of the present application also provides a computer-readable storage medium on which a computer program is stored. When the computer program is executed by a processor, the above data transmission method is implemented. The computer-readable storage medium may be included in the electronic device described in the above embodiments, or may exist separately without being assembled into the electronic device.
本申请的另一方面还提供了一种计算机程序产品或计算机程序,该计算机程序产品或计算机程序包括计算机指令,该计算机指令存储在计算机可读存储介质中。计算机设备的处理器从计算机可读存储介质读取该计算机指令,处理器执行该计算机指令,使得该计算机设备执行上述各个实施例中提供的数据传输方法。Another aspect of the present application also provides a computer program product or computer program, which includes computer instructions stored in a computer-readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device performs the data transmission method provided in the above embodiments.
根据本申请实施例的一个方面,还提供了一种计算机系统,包括中央处理单元(Central Processing Unit,CPU),其可以根据存储在只读存储器(Read-Only Memory,ROM)中的程序或者从存储部分加载到随机访问存储器(Random Access Memory,RAM)中的程序而执行各种适当的动作和处理,例如执行上述实施例中的方法。在RAM中,还存储有系统操作所需的各种程序和数据。CPU、ROM以及RAM通过总线彼此相连。输入/输出(Input/Output,I/O)接口也连接至总线。According to an aspect of the embodiment of the present application, a computer system is also provided, including a central processing unit (Central Processing Unit, CPU), which can process data according to a program stored in a read-only memory (Read-Only Memory, ROM) or from The storage part loads the program into the random access memory (Random Access Memory, RAM) to perform various appropriate actions and processing, such as performing the method in the above embodiment. In RAM, various programs and data required for system operation are also stored. CPU, ROM and RAM are connected to each other through buses. Input/Output (I/O) interfaces are also connected to the bus.
以下部件连接至I/O接口:包括键盘、鼠标等的输入部分;包括诸如阴极射线管(Cathode Ray Tube,CRT)、液晶显示器(Liquid Crystal Display,LCD)等以及扬声器等的输出部分;包括硬盘等的存储部分;以及包括诸如LAN(Local Area Network,局域网)卡、调制解调器等的网络接口卡的通信部分。通信部分经由诸如因特网的网络执行通信处理。驱动器也根据需要连接至I/O接口。可拆卸介质,诸如磁盘、光盘、磁光盘、半导体存储器等等,根据需要安装在驱动器上,以便于从其上读出的计算机程序根据需要被安装入存储部分。The following components are connected to the I/O interface: input parts including keyboard, mouse, etc.; including output parts such as cathode ray tubes (Cathode Ray Tube, CRT), liquid crystal displays (Liquid Crystal Display, LCD), etc., and speakers; including hard disks The storage part, etc.; and the communication part including network interface cards such as LAN (Local Area Network) cards, modems, etc. The communication section performs communication processing via a network such as the Internet. Drives are also connected to I/O interfaces as needed. Removable media, such as magnetic disks, optical disks, magneto-optical disks, semiconductor memories, etc., are installed on the drive as needed, so that the computer program read therefrom is installed into the storage section as needed.
上述内容,仅为本申请的较佳示例性实施例,并非用于限制本申请的实施方案,本领域普通技术人员根据本申请的主要构思和精神,可以十分方便地进行相应的变通或修改,故本申请的保护范围应以权利要求书所要求的保护范围为准。The above content is only a preferred exemplary embodiment of the present application and is not intended to limit the implementation of the present application. Those of ordinary skill in the art can easily make corresponding modifications or modifications based on the main concept and spirit of the present application. Therefore, the protection scope of this application should be subject to the protection scope required by the claims.

Claims (15)

  1. 一种数据传输方法,其特征在于,应用于总控制方,所述方法包括:A data transmission method, characterized in that it is applied to the general controller, and the method includes:
    接收认证方发送的加密后的请求数据;其中,所述加密后的请求数据是所述认证方对请求方的身份验证通过后加密得到的;Receive encrypted request data sent by the authenticating party; wherein the encrypted request data is encrypted after the authenticating party passes the identity verification of the requesting party;
    对所述认证方进行身份验证,得到所述认证方的身份验证结果;Perform identity verification on the authenticating party and obtain the identity verification result of the authenticating party;
    若所述认证方的身份验证结果表征验证成功,则根据所述加密后的请求数据生成控制指令,并对所述控制指令进行加密,得到加密后的控制指令;If the identity verification result of the authenticator indicates that the verification is successful, a control instruction is generated according to the encrypted request data, and the control instruction is encrypted to obtain an encrypted control instruction;
    将所述加密后的控制指令发送至子控制方,以使所述子控制方对所述加密后的控制指令进行解密,并根据解密后的控制指令进行控制处理。The encrypted control instruction is sent to the sub-controller, so that the sub-controller decrypts the encrypted control instruction and performs control processing according to the decrypted control instruction.
  2. 根据权利要求1所述的方法,其特征在于,所述加密后的请求数据包括所述认证方使用过的随机数;所述对所述认证方进行身份验证,得到所述认证方的身份验证结果,包括:The method according to claim 1, wherein the encrypted request data includes a random number used by the authenticator; and performing identity verification on the authenticator obtains the identity verification of the authenticator. Results include:
    获取所述随机数,以及记录针对获取所述随机数时所述认证方对应的时刻和所述总控制方对应的时刻;Obtain the random number, and record the time corresponding to the authenticator and the time corresponding to the total controller when obtaining the random number;
    若检测到未存储所述随机数,且所述认证方对应的时刻和所述总控制方对应的时刻相匹配,则确定对所述认证方的身份验证成功,得到用于表征所述认证方的身份验证成功的身份验证结果;If it is detected that the random number is not stored, and the time corresponding to the authenticator matches the time corresponding to the total controller, it is determined that the identity verification of the authenticator is successful, and a value used to characterize the authenticator is obtained. Authentication result of successful authentication;
    若检测到存储有所述随机数,或者,所述认证方对应的时刻和所述总控制方对应的时刻不匹配,则确定对所述认证方的身份验证失败,得到用于表征所述认证方的身份验证失败的身份验证结果。If it is detected that the random number is stored, or the time corresponding to the authenticator does not match the time corresponding to the total controller, it is determined that the identity verification of the authenticator failed, and a value used to represent the authentication is obtained. The authentication result of the party's authentication failure.
  3. 一种数据传输方法,其特征在于,应用于子控制方,所述方法包括:A data transmission method, characterized in that it is applied to a sub-controller, and the method includes:
    接收总控制方发送的加密后的控制指令;其中,所述加密后的控制指令是所述总控制方对认证方进行身份验证成功后,根据所述认证方发送的加密后的请求数据生成控制指令,并对所述控制指令进行加密得到的;Receive an encrypted control instruction sent by the general controller; wherein the encrypted control instruction is generated based on the encrypted request data sent by the authenticator after the general controller successfully authenticates the authenticator. instructions, obtained by encrypting the control instructions;
    对所述加密后的控制指令进行解密,得到解密后的控制指令,并根据所述解密后的控制指令进行控制处理。Decrypt the encrypted control instruction to obtain the decrypted control instruction, and perform control processing according to the decrypted control instruction.
  4. 根据权利要求3所述的方法,其特征在于,所述对所述加密后的控制指令进行解密,得到解密后的控制指令,包括:The method according to claim 3, characterized in that, decrypting the encrypted control instructions to obtain the decrypted control instructions includes:
    接收所述认证方发送的请求方的身份验证结果;Receive the identity verification result of the requesting party sent by the authenticating party;
    若所述请求方的身份验证结果表征验证成功,则对所述加密后的控制指令进行解密,得到所述解密后的控制指令。If the identity verification result of the requesting party indicates that the verification is successful, the encrypted control instruction is decrypted to obtain the decrypted control instruction.
  5. 一种数据传输方法,其特征在于,应用于认证方,所述方法包括:A data transmission method, characterized in that it is applied to the authenticating party, and the method includes:
    接收请求方发送的请求数据;Receive request data sent by the requester;
    对所述请求方进行身份验证,得到所述请求方的身份验证结果;Perform identity verification on the requesting party and obtain the identity verification result of the requesting party;
    若所述请求方的身份验证结果表征验证成功,则对所述请求数据进行加密,得到加密后的 请求数据;If the identity verification result of the requester indicates that the verification is successful, the request data is encrypted to obtain encrypted request data;
    将所述加密后的请求数据发送至总控制方,以使所述总控制方对所述认证方的进行身份验证成功后,根据加密后的请求数据生成控制指令,并对所述控制指令进行加密,得到加密后的控制指令。The encrypted request data is sent to the general controller, so that after the general controller successfully authenticates the authentication party, it generates a control instruction based on the encrypted request data and performs the control instruction on the Encrypt to obtain the encrypted control instructions.
  6. 根据权利要求5所述的方法,其特征在于,在所述对所述请求方进行身份验证,得到所述请求方的身份验证结果之后,所述方法还包括:The method according to claim 5, characterized in that, after the identity verification of the requester is performed and the identity verification result of the requester is obtained, the method further includes:
    将所述请求方的身份验证结果发送至子控制方,以使所述子控制方在所述请求方的身份验证结果表征验证成功时,对所述加密后的控制指令进行解密,得到所述解密后的控制指令。The identity verification result of the requester is sent to the sub-controller, so that when the identity verification result of the requester indicates that the verification is successful, the sub-controller decrypts the encrypted control instruction to obtain the Decrypted control instructions.
  7. 根据权利要求5或6所述的方法,其特征在于,所述认证方包括服务器,所述请求方包括应用程序;所述接收请求方发送的请求数据,包括:The method according to claim 5 or 6, characterized in that the authenticator includes a server, and the requester includes an application; and receiving the request data sent by the requester includes:
    接收应用程序通过网络发送的请求数据;Receive request data sent by the application over the network;
    所述对所述请求方进行身份验证,得到所述请求方的身份验证结果,包括:The identity verification of the requester and obtaining the identity verification result of the requester include:
    对所述应用程序进行身份验证,得到所述应用程序的身份验证结果。Perform identity verification on the application program to obtain the identity verification result of the application program.
  8. 根据权利要求5或6所述的方法,其特征在于,所述认证方包括接收器,所述请求方包括启动器;所述接收请求方发送的请求数据,包括:The method according to claim 5 or 6, characterized in that the authenticator includes a receiver, the requester includes an initiator; and receiving the request data sent by the requester includes:
    接收启动器通过网络发送的请求数据;Receive request data sent by the initiator over the network;
    所述对所述请求方进行身份验证,得到所述请求方的身份验证结果,包括:The identity verification of the requester and obtaining the identity verification result of the requester include:
    对所述启动器进行身份验证,得到所述启动器的身份验证结果。Perform identity verification on the initiator to obtain an identity verification result of the initiator.
  9. 根据权利要求5所述的方法,其特征在于,所述请求方为信号发送器,所述认证方为车辆的防盗控制器,所述请求数据包括所述信号发送器使用过的随机数;所述对所述请求方进行身份验证,得到所述请求方的身份验证结果,包括:The method according to claim 5, characterized in that the requester is a signal transmitter, the authenticator is an anti-theft controller of the vehicle, and the request data includes a random number used by the signal transmitter; The process of performing identity verification on the requesting party and obtaining the identity verification result of the requesting party includes:
    获取所述随机数,以及记录针对获取所述随机数时所述信号发送器对应的时刻和所述防盗控制器对应的时刻;Obtain the random number, and record the time corresponding to the signal transmitter and the time corresponding to the anti-theft controller when the random number is obtained;
    若检测到未存储所述随机数,且所述信号发送器对应的时刻和所述防盗控制器对应的时刻相匹配,则确定对所述信号发送器的身份验证成功,得到用于表征所述信号发送器的身份验证成功的身份验证结果;If it is detected that the random number is not stored, and the time corresponding to the signal transmitter matches the time corresponding to the anti-theft controller, it is determined that the identity verification of the signal transmitter is successful, and the identity verification for the signal transmitter is obtained. Authentication result of successful authentication of the signal sender;
    若检测到存储有所述随机数,或者,所述信号发送器对应的时刻和所述防盗控制器对应的时刻不匹配,则确定对所述信号发送器的身份验证失败,得到用于表征所述信号发送器的身份验证失败的身份验证结果。If it is detected that the random number is stored, or the time corresponding to the signal transmitter does not match the time corresponding to the anti-theft controller, it is determined that the identity verification of the signal transmitter has failed, and the information used to characterize the information is obtained. The authentication result of a failed authentication for the signal sender described above.
  10. 根据权利要求5所述的方法,其特征在于,所述请求方为信号发送器,所述认证方为车辆的防盗控制器,所述防盗控制器包括远程防盗器和/或本地防盗器;所述远程防盗器对应的信号发送器为移动终端,所述本地防盗器对应的信号发送器为具有信号发送功能的钥匙;若所述防盗控制器包括远程防盗器或本地防盗器;所述对所述请求方进行身份验证,得到所述请求方的身份验证结果,包括:The method according to claim 5, characterized in that the requester is a signal transmitter, the authenticator is an anti-theft controller of the vehicle, and the anti-theft controller includes a remote anti-theft device and/or a local anti-theft device; The signal transmitter corresponding to the remote anti-theft device is a mobile terminal, and the signal transmitter corresponding to the local anti-theft device is a key with a signal sending function; if the anti-theft controller includes a remote anti-theft device or a local anti-theft device; The requesting party conducts identity verification and obtains the identity verification result of the requesting party, including:
    所述远程防盗器对所述移动终端进行身份验证,得到所述信号发送器的身份验证结果;或者The remote anti-theft device performs identity verification on the mobile terminal to obtain the identity verification result of the signal transmitter; or
    所述本地防盗器对所述钥匙进行身份验证,得到所述信号发送器的身份验证结果。The local anti-theft device performs identity verification on the key and obtains the identity verification result of the signal transmitter.
  11. 根据权利要求10所述的方法,其特征在于,若所述防盗控制器包括远程防盗器和本地防盗器;所述对所述请求方进行身份验证,得到所述请求方的身份验证结果,包括:The method according to claim 10, characterized in that if the anti-theft controller includes a remote anti-theft device and a local anti-theft device; the identity verification of the requester is performed to obtain the identity verification result of the requester, including :
    所述远程防盗器对所述移动终端进行身份验证,得到所述移动终端的身份验证结果;The remote anti-theft device performs identity verification on the mobile terminal to obtain the identity verification result of the mobile terminal;
    所述本地防盗器对所述钥匙进行身份验证,得到所述钥匙的身份验证结果;The local anti-theft device performs identity verification on the key and obtains the identity verification result of the key;
    根据所述移动终端的身份验证结果和所述钥匙的身份验证结果,得到所述信号发送器的身份验证结果。According to the identity verification result of the mobile terminal and the identity verification result of the key, the identity verification result of the signal transmitter is obtained.
  12. 根据权利要求11所述的方法,其特征在于,所述信号发送器的身份验证结果包括成功的验证结果和失败的验证结果;所述成功的验证结果表征所述移动终端的身份和所述钥匙的身份通过了验证;所述失败的验证结果表征所述移动终端的身份或所述钥匙的身份中至少一方的身份未通过验证。The method according to claim 11, characterized in that the identity verification result of the signal transmitter includes a successful verification result and a failed verification result; the successful verification result represents the identity of the mobile terminal and the key The identity of the mobile terminal has passed the verification; the failed verification result indicates that at least one of the identity of the mobile terminal or the identity of the key has not passed the verification.
  13. 一种数据传输装置,其特征在于,应用于总控制方,包括:A data transmission device, characterized in that it is applied to the main controller and includes:
    加密请求接收模块,被配置为接收认证方发送的加密后的请求数据;其中,所述加密后的请求数据是所述认证方对请求方的身份验证通过后加密得到的;The encrypted request receiving module is configured to receive encrypted request data sent by the authenticating party; wherein the encrypted request data is encrypted after the authenticating party passes the identity verification of the requesting party;
    认证方身份验证模块,被配置为对所述认证方进行身份验证,得到所述认证方的身份验证结果;The authenticator identity verification module is configured to perform identity verification on the authenticator and obtain the identity verification result of the authenticator;
    控制指令加密模块,被配置为若所述认证方的身份验证结果表征验证成功,则根据所述加密后的请求数据生成控制指令,并对所述控制指令进行加密,得到加密后的控制指令;A control instruction encryption module configured to generate a control instruction based on the encrypted request data if the identity verification result of the authenticator indicates successful verification, and encrypt the control instruction to obtain an encrypted control instruction;
    加密控制指令发送模块,被配置为将所述加密后的控制指令发送至子控制方,以使所述子控制方对所述加密后的控制指令进行解密,并根据解密后的控制指令进行控制处理。The encrypted control instruction sending module is configured to send the encrypted control instruction to the sub-controller, so that the sub-controller decrypts the encrypted control instruction and performs control according to the decrypted control instruction. deal with.
  14. 一种电子设备,其特征在于,包括:An electronic device, characterized by including:
    控制器;controller;
    存储器,用于存储一个或多个程序,当所述一个或多个程序被所述控制器执行时,使得所述控制器实现如权利要求1至12中任一项所述的数据传输方法。A memory used to store one or more programs, which when the one or more programs are executed by the controller, enable the controller to implement the data transmission method according to any one of claims 1 to 12.
  15. 一种计算机可读存储介质,其特征在于,其上存储有计算机可读指令,当所述计算机可读指令被计算机的处理器执行时,使计算机执行权利要求1至12中任一项所述的数据传输方法。A computer-readable storage medium, characterized in that computer-readable instructions are stored thereon. When the computer-readable instructions are executed by a processor of a computer, the computer is caused to execute any one of claims 1 to 12. data transmission method.
PCT/CN2022/124319 2022-07-21 2022-10-10 Data transmission method and apparatus, device, and computer readable storage medium WO2024016486A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202210861016.6 2022-07-21
CN202210861016.6A CN117475533A (en) 2022-07-21 2022-07-21 Data transmission method and device, equipment and computer readable storage medium

Publications (1)

Publication Number Publication Date
WO2024016486A1 true WO2024016486A1 (en) 2024-01-25

Family

ID=89616890

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/124319 WO2024016486A1 (en) 2022-07-21 2022-10-10 Data transmission method and apparatus, device, and computer readable storage medium

Country Status (2)

Country Link
CN (1) CN117475533A (en)
WO (1) WO2024016486A1 (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104023013A (en) * 2014-05-30 2014-09-03 上海帝联信息科技股份有限公司 Data transmission method, server side and client
US9124571B1 (en) * 2014-02-24 2015-09-01 Keypasco Ab Network authentication method for secure user identity verification
CN106603234A (en) * 2015-10-14 2017-04-26 阿里巴巴集团控股有限公司 Method, device and system for device identity authentication
CN109618334A (en) * 2018-11-21 2019-04-12 北京华大智宝电子系统有限公司 Control method and relevant device
CN111432373A (en) * 2020-02-24 2020-07-17 吉利汽车研究院(宁波)有限公司 Security authentication method and device and electronic equipment
CN114697122A (en) * 2022-04-08 2022-07-01 中国电信股份有限公司 Data transmission method and device, electronic equipment and storage medium
CN114710282A (en) * 2022-05-10 2022-07-05 北京紫光展锐通信技术有限公司 Identity authentication method, device, equipment and storage medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9124571B1 (en) * 2014-02-24 2015-09-01 Keypasco Ab Network authentication method for secure user identity verification
CN104023013A (en) * 2014-05-30 2014-09-03 上海帝联信息科技股份有限公司 Data transmission method, server side and client
CN106603234A (en) * 2015-10-14 2017-04-26 阿里巴巴集团控股有限公司 Method, device and system for device identity authentication
CN109618334A (en) * 2018-11-21 2019-04-12 北京华大智宝电子系统有限公司 Control method and relevant device
CN111432373A (en) * 2020-02-24 2020-07-17 吉利汽车研究院(宁波)有限公司 Security authentication method and device and electronic equipment
CN114697122A (en) * 2022-04-08 2022-07-01 中国电信股份有限公司 Data transmission method and device, electronic equipment and storage medium
CN114710282A (en) * 2022-05-10 2022-07-05 北京紫光展锐通信技术有限公司 Identity authentication method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN117475533A (en) 2024-01-30

Similar Documents

Publication Publication Date Title
US11888594B2 (en) System access using a mobile device
US10382485B2 (en) Blockchain-assisted public key infrastructure for internet of things applications
CN111131313B (en) Safety guarantee method and system for replacing ECU (electronic control Unit) of intelligent networked automobile
CN111538784A (en) Block chain-based digital asset transaction method and device and storage medium
CN112396735B (en) Internet automobile digital key safety authentication method and device
CN112055019B (en) Method for establishing communication channel and user terminal
CN113472790A (en) Information transmission method based on HTTPS (hypertext transfer protocol secure protocol), client and server
CN113920616B (en) Method for safely connecting vehicle with Bluetooth key, bluetooth module and Bluetooth key
CN110838919B (en) Communication method, storage method, operation method and device
CN115484025A (en) Vehicle encrypted communication method and device
CN112926983A (en) Block chain-based deposit certificate transaction encryption system and method
CN107682380B (en) Cross authentication method and device
WO2024016486A1 (en) Data transmission method and apparatus, device, and computer readable storage medium
CN114785532B (en) Security chip communication method and device based on bidirectional signature authentication
CN115915131A (en) Vehicle key bidirectional encryption authentication method and system, vehicle binding device and NFC card
KR102288444B1 (en) Firmware updating method, apparatus and program of authentication module
CN112423298B (en) Identity authentication system and method for road traffic signal management and control facility
WO2014187209A1 (en) Method and system for backing up information in electronic signature token
CN114065170A (en) Method and device for acquiring platform identity certificate and server
CN112214753A (en) Authentication method and device, electronic equipment and storage medium
CN113766450A (en) Vehicle virtual key sharing method, mobile terminal, server and vehicle
CN113612744B (en) Remote authorization system and method
CN114844674B (en) Dynamic authorization method, system, electronic equipment and storage medium
CN107911223B (en) Cross signature method and device
CN111708991B (en) Service authorization method, device, computer equipment and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22951750

Country of ref document: EP

Kind code of ref document: A1