Disclosure of Invention
In view of the above, it is necessary to provide a data security transmission method and system based on a vehicle-mounted special equipment system, which can improve data transmission security.
A data encryption transmission method based on a vehicle-mounted special equipment system is applied to a vehicle, and comprises the following steps:
receiving ciphertext data, wherein the ciphertext data is sent to a vehicle after a terminal encrypts a character string comprising a random number, an operation instruction and user information through a public key;
decrypting the ciphertext data through a private key to obtain the random number, the operation instruction and plaintext data of user information;
verifying whether the user information is legal and generating a verification result;
when the verification result is yes, executing the operation instruction to obtain an execution result;
and encrypting the execution result by taking the random number as an encryption key of a preset symmetric encryption algorithm, and sending the encrypted execution result to the terminal through a wireless network, so that the terminal decrypts the encrypted execution result by taking the random number as a decryption key of the symmetric encryption algorithm to obtain an execution result of a plaintext.
In one embodiment, when the check result is no, the method further includes:
generating feedback information of failure of executing the operation instruction;
and encrypting the feedback information by taking the random number as an encryption key of a preset symmetric encryption algorithm, and sending the encrypted feedback information to the terminal through a wireless network.
In one embodiment, the method further comprises:
generating a key pair, the key pair comprising a private key and a public key;
and storing the private key to a safe area, uploading the public key and a preset vehicle identifier to a server, and providing a downloading service of the public key and the vehicle identifier for the terminal by the server.
In one embodiment, the step of generating the key pair includes:
generating a plurality of prime numbers, and randomly selecting two unequal prime numbers from the plurality of prime numbers;
and generating a key pair comprising a public key and a private key by using the two prime numbers as key factors through a preset asymmetric encryption algorithm.
A data encryption transmission method based on a vehicle-mounted special equipment system is applied to a terminal, and the method comprises the following steps:
acquiring a public key and a vehicle identifier;
receiving an operation instruction triggered by a user on a vehicle corresponding to the vehicle identifier;
generating a random number, and encrypting a character string containing the random number, the operation instruction and preset user information through the public key to obtain ciphertext data;
sending the ciphertext data to a vehicle through a wireless network, enabling the vehicle to decrypt the ciphertext data through a private key to obtain plaintext data, checking whether user information is legal or not, and executing the operation instruction to obtain an execution result when the check result is yes;
receiving an execution result sent by the vehicle, wherein the execution result is obtained by encrypting the execution result by using the random number as an encryption key;
and decrypting the encrypted execution result by taking the random number as a decryption key of the symmetric encryption algorithm to obtain the plaintext execution result.
In one embodiment, the method further comprises:
receiving feedback information which is sent by a vehicle and fails to generate an execution operation instruction, wherein the vehicle uses a random number as an encryption key of a preset symmetric encryption algorithm to encrypt the feedback information;
and the random number is used as a decryption key of a symmetric encryption algorithm to decrypt the feedback information, so that the feedback information of the plaintext is obtained.
A data encryption transmission system based on a vehicle-mounted special equipment system comprises a vehicle and a terminal; the terminal is used for downloading the public key and the vehicle identifier from the server; receiving an operation instruction triggered by a user on a vehicle corresponding to the vehicle identifier; generating a random number; encrypting a character string containing the random number, the operation instruction and preset user information through the public key to obtain ciphertext data; transmitting the ciphertext data to a vehicle through a wireless network; receiving an execution result sent by the vehicle; the random number is used as a decryption key to decrypt the encrypted execution result to obtain the plaintext execution result; and receiving encrypted feedback information sent by the vehicle, and decrypting the feedback information by using the random number as a decryption key of a preset symmetric encryption algorithm to obtain plaintext feedback information.
The vehicle is used for receiving ciphertext data sent by the terminal; decrypting the ciphertext data through a private key to obtain the random number, the operation instruction and plaintext data of user information; verifying whether the user information is legal and generating a verification result; when the verification result is yes, executing the operation instruction to obtain an execution result; encrypting the execution result by taking the random number as a key of a symmetric encryption algorithm, and sending the encrypted execution result to the terminal through a wireless network; when the checking result is negative, generating feedback information of failure of executing the operation instruction; and encrypting the feedback information by taking the random number as an encryption key of a preset symmetric encryption algorithm, and sending the encrypted feedback information to the terminal through a wireless network.
A vehicle-mounted special equipment system comprises a vehicle-mounted computer, a wireless transceiver, an encryption and decryption device and a checker; the wireless transceiver is connected with the encryptor and the decryptor, the encryptor and the calibrator, and the vehicle-mounted computer is respectively connected with the encryptor and the decryptor and the calibrator;
the encryption and decryption device is used for storing the vehicle identification, generating a key pair comprising a public key and a private key, storing the private key, and decrypting ciphertext data sent by the terminal through the private key to obtain a random number of a plaintext, an operation instruction and user information; taking the random number as a key of a symmetric encryption algorithm to encrypt an execution result and feedback information;
the wireless transceiver is used for receiving ciphertext data which is sent by the terminal and obtained by encrypting the random number, the operation instruction and the user information through a public key, and sending an execution result obtained by encrypting the execution result by the encryptor and the decryptor to the terminal;
the checker is used for acquiring the user information transmitted by the encryptor and the decryptor; verifying whether the user information is legal or not, generating a verification result and transmitting the verification result to the vehicle-mounted special equipment system;
and the vehicle-mounted computer is used for executing the operation instruction when the verification result is yes, sending the execution result to the encryption and decryption device for encryption, and generating feedback information of failure of the execution instruction and sending the feedback information to the encryption and decryption device when the verification result is not.
In one embodiment, the encryption and decryption device is further configured to send the public key and the vehicle identification to the wireless transceiver; the wireless transceiver is further used for uploading the public key and the vehicle identifier to a server, and the server provides downloading service of the public key and the vehicle identifier for the terminal.
A vehicle is equipped with a special equipment on-board system.
According to the data encryption transmission method and system based on the vehicle-mounted special equipment system, the data transmitted to the vehicle by the terminal are encrypted and decrypted by adopting the secret key pair of the private key and the public key, the data transmitted to the terminal by the vehicle are encrypted and decrypted by taking the random number as the encryption and decryption secret key factor of the symmetric encryption algorithm, the encryption and decryption adopt different secret keys, so that the decryption difficulty of the password is increased, and the safety of data transmission between the terminal and the vehicle is improved.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In one embodiment, referring to fig. 1, a data encryption transmission method based on an on-vehicle special equipment system is applied to a vehicle, and the method comprises the following steps:
step 101, receiving ciphertext data.
In this embodiment, the ciphertext data is sent to the vehicle after the terminal encrypts the character string including the random number, the operation instruction, and the user information through the public key. The terminal includes, but is not limited to, a remote controller, a smart phone, a tablet computer, a notebook computer, a desktop computer, and the like.
And 103, decrypting the ciphertext data through the private key to obtain the random number, the operation instruction and plaintext data of the user information.
In this embodiment, after the wireless transceiver of the vehicle receives the ciphertext data, the ciphertext data is further transmitted to the encryption/decryption device, and the ciphertext data is decrypted by the private key stored in the encryption/decryption device. The private key is stored in a secure storage area of the encryptor or decryptor. For example, the secure storage area is an soc (systemonacachip) on-chip otp (onetimeprogramable) area. And decrypting the ciphertext data by using the private key to obtain plaintext data. Specifically, the private key is an RSA private key. The RSA private key decryption formula is as follows: where c is ciphertext data, (N, d) is an RSA private key, N is calculated, and N is decrypted plaintext data. The encryption and decryption device comprises an RSA encryption and decryption arithmetic device.
And 105, verifying whether the user information is legal and generating a verification result.
In this embodiment, the user information is used as an identification of the vehicle user. Specifically, the user information includes, but is not limited to, a user identity ID or a terminal ID. For example, when the terminal is a mobile phone, the user information may be a mobile phone number or an identification number. In order to prevent a malicious user from manipulating the vehicle, it is necessary to verify whether the user is a legitimate user before executing the operation instruction. In one embodiment, the user information is pre-consolidated to a secure storage area in the vehicle's validator to await subsequent validation use. And checking whether the user information is legal or not, namely comparing the user information stored in the checker with the user information sent by the terminal, and indicating that the user information is legal when the user information and the user information are completely the same, otherwise, the user information is illegal.
And step 107, when the verification result is yes, executing the operation instruction to obtain an execution result.
In this embodiment, when the verification result is yes, it indicates that the user giving the operation instruction to the vehicle is legal, and further, the operation instruction is executed through a vehicle-mounted special equipment system in the vehicle, and an execution result is obtained. For example, if the operation command is a turn-off command of the air conditioner of the vehicle, the execution result is information on whether the air conditioner is successfully turned off. And transmitting the execution result to the encryption and decryption device in the form of character strings, and carrying out encryption processing on the execution result by the encryption and decryption device.
And step 109, encrypting the execution result by taking the random number as an encryption key of a preset symmetric encryption algorithm, and sending the encrypted execution result to the terminal through the wireless network.
In this embodiment, the terminal decrypts the encrypted execution result by using the random number as the decryption key of the symmetric encryption algorithm, so as to obtain the execution result of the plaintext. Generally, data fed back to the terminal by the vehicle cannot affect the security of the terminal, so a symmetric encryption algorithm is adopted for encryption and decryption, as the encryption key and the decryption key are the same, the encryption and decryption speed is high, the random number generated by the terminal is used as the encryption and decryption key, the keys of the data transmitted each time are different, and the data transmission efficiency is improved while the security of the data is not affected. Preferably, the symmetric encryption algorithm is an AES algorithm, and the encryption and decryption device includes an AES encryption and decryption arithmetic device.
According to the data encryption transmission method based on the vehicle-mounted special equipment system, the data transmitted to the vehicle by the terminal are encrypted and decrypted by adopting the secret key pair of the private key and the public key, and the data transmitted to the terminal by the vehicle are encrypted and decrypted by taking the random number as the encryption and decryption secret key factor of the symmetric encryption algorithm.
In one embodiment, referring to fig. 2, the data encryption transmission method based on the vehicle-mounted special equipment system further includes:
and 106, when the checking result is negative, generating feedback information of failure in executing the operation instruction.
And step 108, encrypting the feedback information by taking the random number as an encryption key of a preset symmetric encryption algorithm, and sending the encrypted feedback information to the terminal through the wireless network.
In this embodiment, the result of the check is no, which indicates that the vehicle will not execute the operation command. The situation may be that an illegal user wants to operate the vehicle, a hacker falsifies data sent by the terminal to the vehicle, or data is lost during encryption or transmission. At the moment, the vehicle-mounted special equipment system of the vehicle can not execute the operation instruction, and directly discards the data sent by the terminal.
In one embodiment, the vehicle-mounted special equipment system of the vehicle can further analyze the reason causing the verification failure, obtain an error code corresponding to the reason causing the verification failure, and feed back a character string of the error code to the terminal, so that a user of the terminal can clearly know the reason causing the failure in executing the operation instruction.
In one embodiment, the data encryption transmission method based on the vehicle-mounted special equipment system further comprises the following steps: generating a key pair, wherein the key pair comprises a private key and a public key; and storing the private key to a safe area, and uploading the public key and a preset vehicle identifier to a server. The server provides download service of the public key and the vehicle identification for the terminal. The public key is required to be provided for the terminal, the vehicle can directly send the public key to the terminal through a wireless network, the public key can also be uploaded to a server, and the server provides downloading service for the terminal.
In this embodiment, the private key of the key pair is stored in a secure area of the vehicle for decrypting data, and the public key is stored in the terminal for encrypting transmitted data. Because the encryption and decryption of the data adopt different keys, the encrypted data is not easy to crack. Specifically, the format of the public key stored on the server is x.509 format.
In one embodiment, the step of generating the key pair comprises: generating a plurality of prime numbers, and randomly selecting two unequal prime numbers from the plurality of prime numbers; and taking the two prime numbers as key factors, and generating a key pair comprising a public key and a private key through a preset asymmetric encryption algorithm.
Specifically, random numbers are generated through a module encryption operation controller and a random number generator in an encryption and decryption device of the vehicle, two random numbers p and q are selected from the random numbers, whether p and q are prime numbers or not and are mutually prime is judged, and if yes, p and q are used as key factors of a key pair. If not, continuing to generate the random number p and the random number q until the condition is met. The vehicle encryptor and decryptor generally adopt a hardware control accelerator based on an SoC chip, such as a modular encryption arithmetic unit, an AES encryption arithmetic unit, an RSA encryption arithmetic unit, and the like.
In one embodiment, the asymmetric cryptographic algorithm is an RSA algorithm, and generating the key pair by the RSA algorithm comprises the steps of: a vehicle encryption and decryption device randomly generates prime numbers, two large prime numbers p and q are selected from the prime numbers, p is not equal to q, the p and the q serve as key factors, and N is equal to pq. Further, according to the Euler function, r is obtained as (p-1) (q-1); and selecting an integer e smaller than r, and solving a modulo inverse element of e relative to the modulo r, namely d. (the modulo element is present if and only if e is coprime to r); destroying the records of p and q; (N, e) is a public key and (N, d) is a private key. In order to make the speed of the cipher key ciphertext data not too slow and make the encrypted data not easy to crack, a proper byte length needs to be selected for the cipher key. Preferably, the byte length of the key pair is 2048 bits or more, and e is 3 or 65537.
As shown in fig. 3, in an embodiment, a data encryption transmission method based on a vehicle-mounted special equipment system is provided, and is applied to a terminal, and the method includes the following steps:
step 301, a public key and a vehicle identifier are obtained.
In this embodiment, the vehicle identifier is used as a unique identity label for the vehicle. Specifically, the vehicle identification includes but is not limited to: the number of the engine of the vehicle, the number plate number of the vehicle, the MAC address of the WIFI of the vehicle and the like. The vehicle identification is stored in the vehicle's encryptor in advance, and the public key of the asymmetric key pair generated by the vehicle encryptor is stored in the terminal. And after the vehicle is connected to the Internet, uploading the public key and the vehicle identifier to a server. The user accesses the internet through the terminal, and downloads the public key and the vehicle identification to the local after obtaining the authorization of the server. Since it is important that the private key for decryption is secured, the private key is stored in a secure storage area in the encryptor.
Step 302, receiving an operation instruction triggered by a user to a vehicle corresponding to the vehicle identifier.
In this embodiment, an application for performing data interaction with a vehicle is run in the terminal, a user inputs login information (a user name and a login password) on a login interface of the application, and an operation instruction for the vehicle can be triggered on an operation interface of the software after the login information is verified. The operation instruction may be specifically triggered by a button or touch. The operation command herein does not particularly refer to a command for operating the vehicle, and includes a command for acquiring vehicle state data. For example, mileage data or fuel consumption data of the vehicle.
Step 303, generating a random number, and encrypting a character string including the random number, an operation instruction and preset user information through a public key to obtain ciphertext data.
In this embodiment, before the terminal sends the operation command to the vehicle, the operation command needs to be encrypted to ensure the security of data transmission. And encrypting the character string consisting of the random number, the operation instruction and the user information by using the public key. Specifically, the encryption is carried out through the RSA public key, as the RSA belongs to an asymmetric key algorithm, namely, the encryption and the decryption are different keys, after the RSA public key is encrypted, only the unique private key can be used for decryption, and the private key is stored in the vehicle safety storage area, so that the safety of the private key can be ensured, and the encrypted data is not easy to crack by an illegal user.
And step 304, transmitting the ciphertext data to the vehicle through the wireless network.
In this embodiment, the terminal sends the ciphertext data to the vehicle through the wireless transmission module. Specifically, the wireless transmission module includes but is not limited to: and wireless transmission modules such as GSM, GPRS, 3G, 4G and WIFI. And the vehicle decrypts the ciphertext data through the private key to obtain plaintext data, verifies whether the user information is legal or not, and executes the operation instruction to obtain an execution result when the verification result is yes.
And 305, receiving an execution result sent by the vehicle, wherein the execution result is obtained by the vehicle encrypting the execution result by using the random number as an encryption key through a preset symmetric encryption algorithm.
And step 306, decrypting the encrypted execution result by taking the random number as a decryption key of the symmetric encryption algorithm to obtain an execution result of a plaintext.
In this embodiment, since the encryption key used by the vehicle to encrypt the execution result is the random number sent by the terminal, the terminal only needs to decrypt the encrypted execution result by using the random number as the decryption key of the symmetric encryption algorithm, and the execution result in the clear text can be obtained. Specifically, the symmetric encryption algorithm is an AES algorithm, and since AES is an advanced symmetric encryption and decryption algorithm and the same key is used for encryption and decryption, the encryption and decryption speed is high. And random numbers are used as encryption and decryption keys, so that the encryption and decryption keys in each time are different, and the cracking difficulty is increased, so that the data transmission is safer. And the terminal obtains the execution result of the plaintext and then displays the execution result through the terminal.
The command sent by the terminal to the automobile influences the driving safety, so that the public key is used for encrypting at the terminal before data is sent, the encrypted ciphertext data is decrypted by the private key in the automobile, and the data returned by the automobile to the terminal has little influence on the safety of the terminal, so that the symmetric encryption key is used for encrypting and decrypting. The asymmetric key pair has long time for encryption and decryption operation but good safety, vehicles return to the terminal with more data, the time for encryption and decryption operation by adopting the symmetric key is short, and the one-time key safety can be ensured. The data interaction safety between the terminal and the vehicle is improved, and the data transmission efficiency is also ensured.
In one embodiment, the data encryption transmission method based on the vehicle-mounted special equipment system is applied to a terminal and further comprises the following steps: and receiving feedback information which is sent by the vehicle and fails to generate the operation instruction. The vehicle encrypts the feedback information by taking the random number as an encryption key of a preset symmetric encryption algorithm; and the random number is used as a decryption key of the symmetric encryption algorithm to decrypt the feedback information to obtain the feedback information of the plaintext.
Specifically, the feedback information is a character string used for prompting that the terminal vehicle can receive the data but the operation instruction cannot be normally executed. In one embodiment, the feedback information further includes information of a reason for the execution failure, so that the user of the terminal can make adjustments in time. The terminal displays the feedback information obtained from the plaintext in a window form.
In one embodiment, as shown in fig. 4, a data encryption transmission system based on an on-board special equipment system is provided, which includes a vehicle 10 and a terminal 20. Wherein,
the terminal 20 is used for downloading the public key and the vehicle identification from the server 30; receiving an operation instruction triggered by a user to a vehicle corresponding to the vehicle identifier; generating a random number; encrypting a character string containing a random number, an operation instruction and preset user information through a public key to obtain ciphertext data; transmitting the ciphertext data to the vehicle 10 over the wireless network; receiving an execution result transmitted by the vehicle 10; the random number is used as a decryption key to decrypt the encrypted execution result to obtain the plaintext execution result; and receiving the encrypted feedback information sent by the vehicle 10, and decrypting the feedback information by using the random number as a decryption key of a preset symmetric encryption algorithm to obtain the plaintext feedback information.
The vehicle 10 is used for receiving the ciphertext data sent by the terminal 20; decrypting the ciphertext data through a private key to obtain a random number, an operation instruction and plaintext data of user information; verifying whether the user information is legal and generating a verification result; when the verification result is yes, executing the operation instruction to obtain an execution result; encrypting the execution result by using the random number as a key of a symmetric encryption algorithm, and transmitting the encrypted execution result to the terminal 20 through a wireless network; when the checking result is negative, generating feedback information of failure of executing the operation instruction; the random number is used as an encryption key of a preset symmetric encryption algorithm to encrypt the feedback information, and the encrypted feedback information is sent to the terminal 20 through the wireless network.
In this embodiment, the terminal, the vehicle, and the server establish connection via the internet. The terminal can download the vehicle identification and the public key after obtaining the authorization of the server. The terminal downloading the public key and the vehicle can encrypt and decrypt safe transmission data through data. The operation instruction sent by the terminal to the vehicle includes but is not limited to: the user manipulates a command of the vehicle, for example, a command to close a door of the vehicle. It may also be an instruction to acquire vehicle state data, for example, an instruction to acquire vehicle fuel consumption data. The data for the vehicle to execute the operation command and return to the terminal includes but is not limited to: the vehicle monitoring system comprises oil consumption data, mileage data, door or window opening state data, video monitoring data, photographing data and the like of the vehicle. As shown in fig. 5, in one embodiment, an on-board special equipment system is provided, the on-board special equipment system 50 comprising: an on-board computer 501, a wireless transceiver 502, an encryption and decryption device 503 and a checker 504; the wireless transceiver 502 is connected with the encryptor/decryptor 503, the encryptor/decryptor 503 is connected with the verifier 504, and the on-board computer 501 is respectively connected with the encryptor/decryptor 503 and the verifier 504.
The encryptor/decryptor 503 is configured to store the vehicle identifier, generate a key pair including a public key and a private key, store the private key, decrypt ciphertext data sent by the terminal through the private key, and obtain a random number of a plaintext, an operation instruction, and user information; and encrypting the execution result and the feedback information by taking the random number as a key of a symmetric encryption algorithm.
The wireless transceiver 502 is configured to receive ciphertext data sent by the terminal and obtained by encrypting the random number, the operation instruction, and the user information with the public key, and send an execution result obtained by encrypting the execution result with the encryptor and the decryptor to the terminal. Specifically, the wireless transceiver includes at least one wireless transceiver in GSM, GPRS, 3G, 4G, LTE, WIFI and bluetooth.
A checker 504 for acquiring the user information transmitted by the encryptor and the decryptor; and checking whether the user information is legal or not, generating a checking result and transmitting the checking result to the vehicle-mounted special equipment system.
The verifier acquires the user information (terminal ID and/or user ID) stored in advance from the secure storage area of the encryptor and compares it with the user information in the plaintext data. And if the operation instruction is consistent with the operation instruction, the verification is passed, and an execution result obtained after the vehicle-mounted special equipment system executes the operation instruction is output. For example, the execution result includes information that the execution operation is successful or acquisition of state data of the vehicle. If the operation instruction is inconsistent with the operation instruction, the verification fails, and feedback information of failure in executing the operation instruction is output.
And the vehicle-mounted computer 501 is used for executing the operation instruction and sending the execution result to the encryption and decryption device for encryption processing when the verification result is yes, and generating feedback information of failure of the execution instruction and sending the feedback information to the encryption and decryption device when the verification result is no.
In this embodiment, the vehicle-mounted special equipment system includes functional components such as an ECU (electronic control unit), a CAN bus (controller area network), and an OBD (On-board diagnostic). Wherein the vehicle-mounted computer is used for executing the operation instruction.
In one embodiment, a vehicle is provided with the on-board special equipment system. The vehicle is a normal household automobile and other types of vehicles. Such as military vehicles, police vehicles, special vehicles, and the like. The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above examples only show some embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.