CN115276972A - Data transmission method, storage medium and vehicle - Google Patents
Data transmission method, storage medium and vehicleDownload PDFInfo
- Publication number
- CN115276972A CN115276972ACN202210863646.7ACN202210863646ACN115276972ACN 115276972 ACN115276972 ACN 115276972ACN 202210863646 ACN202210863646 ACN 202210863646ACN 115276972 ACN115276972 ACN 115276972A
- Authority
- CN
- China
- Prior art keywords
- key
- vehicle
- mobile terminal
- data transmission
- digital certificate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Lock And Its Accessories (AREA)
Abstract
Translated fromChinese
Description
Translated fromChinese技术领域technical field
本发明涉及数据传输技术领域,具体提供一种数据传输方法、存储介质及车辆。The invention relates to the technical field of data transmission, and specifically provides a data transmission method, a storage medium and a vehicle.
背景技术Background technique
随着智能网联汽车的发展,相关安全性也越来越得到用户的重视。在智能电动汽车行业,数据安全是非常重要的一个领域,其背后是用户隐私、财产甚至生命安全。With the development of intelligent networked vehicles, related safety is getting more and more attention from users. In the smart electric vehicle industry, data security is a very important field, behind which is user privacy, property and even life safety.
随着车辆的智能化和网联化,智能车辆产生的数据越来越多,而且很多数据跟用户隐私相关,如果这些数据发生泄露,对用户的隐私、财产甚至生命安全都会产生重点影响。With the intelligentization and networking of vehicles, smart vehicles generate more and more data, and a lot of data is related to user privacy. If these data are leaked, it will have a major impact on user privacy, property and even life safety.
但是,现有技术中车机端与移动端加密的数据传输方法安全性较低、无法保证车机端与移动端的端到端的安全传输。However, the encrypted data transmission method between the car-machine terminal and the mobile terminal in the prior art has low security and cannot guarantee end-to-end secure transmission between the vehicle-machine terminal and the mobile terminal.
相应地,本领域需要一种新的数据传输方案来解决上述问题。Correspondingly, a new data transmission scheme is needed in the art to solve the above problems.
发明内容Contents of the invention
为了克服上述缺陷,提出了本发明,以提供解决或至少部分地解决上述技术问题。本发明提供了一种数据传输方法、存储介质及车辆。In order to overcome the above-mentioned drawbacks, the present invention is proposed to solve or at least partly solve the above-mentioned technical problems. The invention provides a data transmission method, a storage medium and a vehicle.
在第一方面,本发明提供一种数据传输方法,应用于移动端,所述方法包括:生成第一临时公钥和第一临时私钥;基于所述第一临时公钥和第一临时私钥确定第一共享秘钥;接收车机端发送的第二共享秘钥;判断所述第一共享秘钥和第二共享秘钥是否相同;在所述第一共享秘钥和第二共享秘钥相同的情况下,控制所述移动端与所述车机端进行数据传输。In a first aspect, the present invention provides a data transmission method applied to a mobile terminal, the method comprising: generating a first temporary public key and a first temporary private key; key to determine the first shared secret key; receive the second shared secret key sent by the car terminal; judge whether the first shared secret key and the second shared secret key are the same; In the case of the same key, control the mobile terminal to perform data transmission with the vehicle-machine terminal.
在一个实施方式中,基于所述第一临时公钥和第一临时私钥确定第一共享秘钥,包括:基于所述第一临时公钥和第一预设信息生成第一合并唯一标识值;利用移动端数字证书对应的私钥对所述第一合并唯一标识值进行签名,得到第一签名值;接收车机端基于所述第一签名值发送的第二签名值和第二合并唯一标识值;利用车机数字证书对应的公钥对所述第二签名值进行验证,在验证通过的情况下,基于从所述第二合并唯一标识值中获取的第二临时公钥和所述第一临时私钥生成第一共享秘钥。In one embodiment, determining the first shared secret key based on the first temporary public key and the first temporary private key includes: generating a first merged unique identification value based on the first temporary public key and first preset information ;Use the private key corresponding to the digital certificate of the mobile terminal to sign the first merged unique identification value to obtain the first signature value; receive the second signature value and the second merged unique value sent by the car-machine terminal based on the first signature value An identification value; use the public key corresponding to the vehicle-machine digital certificate to verify the second signature value, and if the verification is passed, based on the second temporary public key obtained from the second merged unique identification value and the The first temporary private key generates a first shared secret key.
在一个实施方式中,判断所述第一共享秘钥和第二共享秘钥是否相同,包括:判断所述第一共享秘钥的摘要值和第二共享秘钥的摘要值是否相同。In one embodiment, judging whether the first shared key and the second shared key are the same includes: judging whether a digest value of the first shared key is the same as a digest value of the second shared secret.
在一个实施方式中,基于下述步骤获取所述车机数字证书:In one embodiment, the vehicle-machine digital certificate is obtained based on the following steps:
发送获取车机数字证书的请求;Send a request to obtain the digital certificate of the car;
接收车联网发送的车机数字证书。Receive the car-machine digital certificate sent by the Internet of Vehicles.
在一个实施方式中,在离线状态下,所述方法还包括:In one embodiment, in an offline state, the method further includes:
获取加密的对称秘钥、所述对称密钥的摘要值和加密的传输数据;obtaining an encrypted symmetric key, a digest value of said symmetric key, and encrypted transmission data;
基于移动端数字证书对应的私钥对加密的所述对称秘钥进行解密;Decrypting the encrypted symmetric key based on the private key corresponding to the mobile terminal digital certificate;
验证解密后的所述对称秘钥的摘要值是否正确,若是,利用所述对称秘钥对加密的传输数据进行解密,得到解密后的传输数据。Verifying whether the digest value of the decrypted symmetric key is correct, and if so, using the symmetric key to decrypt the encrypted transmission data to obtain decrypted transmission data.
在第二方面,本发明提供一种数据传输方法,应用于车机端,所述方法包括:获取移动端数字证书以及移动端发送的第一签名值和第一合并唯一标识值;基于所述移动端数字证书对应的公钥对所述第一签名值进行验证;在验证通过的情况下,生成第二临时公钥和第二临时私钥;基于所述第二临时公钥和第二预设信息生成第二合并唯一标识值;基于车机数字证书对应的私钥对所述第二合并唯一标识值进行签名,得到第二签名值;基于从所述第一合并唯一标识值中获取的第一临时公钥和所述第二临时私钥生成第二共享秘钥;将所述第二签名值、第二合并唯一标识值和第二共享秘钥发送至移动端。In the second aspect, the present invention provides a data transmission method, which is applied to the vehicle-machine terminal. The method includes: obtaining the digital certificate of the mobile terminal and the first signature value and the first combined unique identification value sent by the mobile terminal; based on the The public key corresponding to the mobile terminal digital certificate verifies the first signature value; if the verification is passed, a second temporary public key and a second temporary private key are generated; based on the second temporary public key and the second predetermined It is assumed that the information generates a second combined unique identification value; the second combined unique identification value is signed based on the private key corresponding to the vehicle-machine digital certificate to obtain a second signature value; based on the first combined unique identification value obtained from the The first temporary public key and the second temporary private key generate a second shared secret key; and send the second signature value, the second combined unique identification value and the second shared secret key to the mobile terminal.
在一个实施方式中,在离线状态下,所述方法还包括:获取对称秘钥;利用所述对称秘钥对传输数据进行加密,以及利用移动端数字证书对应的公钥对所述对称秘钥进行加密;将加密的对称秘钥、所述对称密钥的摘要值和加密的传输数据输出。In one embodiment, in the offline state, the method further includes: obtaining a symmetric key; using the symmetric key to encrypt the transmission data, and using the public key corresponding to the digital certificate of the mobile terminal to encrypt the symmetric key performing encryption; outputting the encrypted symmetric key, the digest value of the symmetric key and the encrypted transmission data.
在第三方面,提供一种数据传输方法,所述方法包括:In a third aspect, a data transmission method is provided, the method comprising:
移动端生成第一临时公钥和第一临时私钥,基于所述第一临时公钥和第一预设信息生成第一合并唯一标识值,并利用移动端数字证书对应的私钥对所述第一合并唯一标识值进行签名,并将第一签名值和第一合并唯一标识值发送至车机端;The mobile terminal generates a first temporary public key and a first temporary private key, generates a first merged unique identification value based on the first temporary public key and first preset information, and uses the private key corresponding to the mobile terminal digital certificate to pair the The first combined unique identification value is signed, and the first signature value and the first combined unique identification value are sent to the car terminal;
车机端获取移动端数字证书,基于所述移动端数字证书对应的公钥验证所述第一签名值合法后,生成第二临时公钥和第二临时私钥,基于所述第二临时公钥和第二预设信息生成第二合并唯一标识值,并基于车机数字证书对应的私钥对第二合并唯一标识值进行签名,并将第二签名值和第二合并唯一标识值发送至所述移动端;以及所述车机端基于从所述第一合并唯一标识值中获取的第一临时公钥和所述第二临时私钥生成第二共享秘钥;The car terminal obtains the digital certificate of the mobile terminal, and after verifying that the first signature value is legal based on the public key corresponding to the digital certificate of the mobile terminal, generates a second temporary public key and a second temporary private key, and generates a second temporary public key based on the second temporary public key. key and the second preset information to generate a second combined unique identification value, and based on the private key corresponding to the vehicle-machine digital certificate, sign the second combined unique identification value, and send the second signature value and the second combined unique identification value to the mobile terminal; and the vehicle-machine terminal generates a second shared secret key based on the first temporary public key and the second temporary private key obtained from the first combined unique identification value;
移动端获取车机数字证书,并基于所述车机数字证书对应的公钥验证所述第二签名值合法后,基于从所述第二合并唯一标识值中获取的第二临时公钥和所述第一临时私钥生成第一共享秘钥;The mobile terminal obtains the vehicle-machine digital certificate, and after verifying that the second signature value is legal based on the public key corresponding to the vehicle-machine digital certificate, based on the second temporary public key obtained from the second merged unique identification value and the The first temporary private key is used to generate the first shared secret key;
判断所述第一共享秘钥和第二共享秘钥是否相同;judging whether the first shared secret key and the second shared secret key are the same;
在所述第一共享秘钥和第二共享秘钥相同的情况下,控制所述移动端和车机端进行数据传输。In the case that the first shared secret key and the second shared secret key are the same, the mobile terminal and the vehicle-machine terminal are controlled to perform data transmission.
在第四方面,提供一种车辆,该车辆包括车辆本体、处理器和存储装置,所述存储装置适于存储多条程序代码,所述程序代码适于由所述处理器加载并运行以执行前述任一项所述的数据传输方法。In a fourth aspect, a vehicle is provided, the vehicle includes a vehicle body, a processor, and a storage device, the storage device is adapted to store a plurality of program codes, and the program codes are adapted to be loaded and run by the processor to execute The data transmission method described in any one of the foregoing.
在第五方面,提供一种计算机可读存储介质,该计算机可读存储介质其中存储有多条程序代码,所述程序代码适于由处理器加载并运行以执行前述任一项所述的数据传输方法。In a fifth aspect, a computer-readable storage medium is provided, wherein the computer-readable storage medium stores a plurality of program codes, and the program codes are adapted to be loaded and run by a processor to execute the data described in any one of the preceding items. transfer method.
本发明上述一个或多个技术方案,至少具有如下一种或多种有益效果:The above-mentioned one or more technical solutions of the present invention have at least one or more of the following beneficial effects:
本发明提供的数据传输方法,首先获取第一临时公钥和第一临时私钥,接着基于第一临时公钥和第一临时私钥确定第一共享秘钥,其次接收车机端发送的第二共享秘钥,最后判断第一共享秘钥和第二共享秘钥是否相同,并在第一共享秘钥和第二共享秘钥相同的情况下,控制移动端与车机端进行数据传输。如此,实现了车机端到移动端的实时会话秘钥,除了车机端和移动端,任何第三方都无法通过中间人攻击等方式获取车机端和移动端的私钥,保证了车机端和移动端数据传输的安全性。The data transmission method provided by the present invention first obtains the first temporary public key and the first temporary private key, then determines the first shared secret key based on the first temporary public key and the first temporary private key, and secondly receives the first temporary public key sent by the car terminal. Two shared secret keys, and finally determine whether the first shared secret key and the second shared secret key are the same, and control the mobile terminal and the vehicle terminal to perform data transmission when the first shared secret key and the second shared secret key are the same. In this way, the real-time session key from the car-machine terminal to the mobile terminal is realized. Except for the car-machine terminal and the mobile terminal, no third party can obtain the private key of the car-machine terminal and the mobile terminal through man-in-the-middle attacks, which ensures that the car-machine terminal and the mobile terminal The security of terminal data transmission.
附图说明Description of drawings
参照附图,本发明的公开内容将变得更易理解。本领域技术人员容易理解的是:这些附图仅仅用于说明的目的,而并非意在对本发明的保护范围组成限制。此外,图中类似的数字用以表示类似的部件,其中:The disclosure of the present invention will become more comprehensible with reference to the accompanying drawings. Those skilled in the art can easily understand that: these drawings are only for the purpose of illustration, and are not intended to limit the protection scope of the present invention. In addition, like numerals are used to designate like parts in the drawings, wherein:
图1是根据本发明的一个实施例的应用于移动端的数据传输方法的主要步骤流程示意图;Fig. 1 is a schematic flow chart of main steps of a data transmission method applied to a mobile terminal according to an embodiment of the present invention;
图2是根据本发明的一个实施例的应用于车机端的数据传输方法的主要步骤流程示意图;FIG. 2 is a schematic flow chart of main steps of a data transmission method applied to a vehicle-machine terminal according to an embodiment of the present invention;
图3是根据本发明的一个实施例的数据传输方法的主要步骤流程示意图;FIG. 3 is a schematic flowchart of main steps of a data transmission method according to an embodiment of the present invention;
图4是根据本发明的一个实施例的实时场景下数据传输方法的完整流程示意图;FIG. 4 is a schematic diagram of a complete flow of a data transmission method in a real-time scenario according to an embodiment of the present invention;
图5是根据本发明的一个实施例的离线状态下的数据传输方法的流程示意图;FIG. 5 is a schematic flowchart of a data transmission method in an offline state according to an embodiment of the present invention;
图6是根据本发明的一个实施例的一种车辆的结构示意图。Fig. 6 is a schematic structural diagram of a vehicle according to an embodiment of the present invention.
具体实施方式Detailed ways
下面参照附图来描述本发明的一些实施方式。本领域技术人员应当理解的是,这些实施方式仅仅用于解释本发明的技术原理,并非旨在限制本发明的保护范围。Some embodiments of the present invention are described below with reference to the accompanying drawings. Those skilled in the art should understand that these embodiments are only used to explain the technical principles of the present invention, and are not intended to limit the protection scope of the present invention.
在本发明的描述中,“模块”、“处理器”可以包括硬件、软件或者两者的组合。一个模块可以包括硬件电路,各种合适的感应器,通信端口,存储器,也可以包括软件部分,比如程序代码,也可以是软件和硬件的组合。处理器可以是中央处理器、微处理器、图像处理器、数字信号处理器或者其他任何合适的处理器。处理器具有数据和/或信号处理功能。处理器可以以软件方式实现、硬件方式实现或者二者结合方式实现。非暂时性的计算机可读存储介质包括任何合适的可存储程序代码的介质,比如磁碟、硬盘、光碟、闪存、只读存储器、随机存取存储器等等。术语“A和/或B”表示所有可能的A与B的组合,比如只是A、只是B或者A和B。术语“至少一个A或B”或者“A和B中的至少一个”含义与“A和/或B”类似,可以包括只是A、只是B或者A和B。单数形式的术语“一个”、“这个”也可以包含复数形式。In the description of the present invention, "module" and "processor" may include hardware, software or a combination of both. A module may include hardware circuits, various suitable sensors, communication ports, memory, and may also include software parts, such as program codes, or a combination of software and hardware. The processor may be a central processing unit, a microprocessor, an image processor, a digital signal processor or any other suitable processor. The processor has data and/or signal processing functions. The processor can be implemented in software, hardware or a combination of both. The non-transitory computer readable storage medium includes any suitable medium that can store program code, such as magnetic disks, hard disks, optical disks, flash memory, read only memory, random access memory, and the like. The term "A and/or B" means all possible combinations of A and B, such as only A, only B or A and B. The term "at least one of A or B" or "at least one of A and B" has a similar meaning to "A and/or B" and may include only A, only B or both A and B. The terms "a" and "the" in the singular may also include plural forms.
目前,现有技术中车机端端与移动端加密的数据传输方法安全性较低、无法保证车机端与移动端的端到端的安全传输。At present, the encrypted data transmission method between the car-machine terminal and the mobile terminal in the prior art has low security, and cannot guarantee the end-to-end secure transmission between the vehicle-machine terminal and the mobile terminal.
为此,本申请提出了一种数据传输方法、存储介质及车辆,首先获取第一临时公钥和第一临时私钥,接着基于第一临时公钥和第一临时私钥确定第一共享秘钥,其次接收车机端发送的第二共享秘钥,具体可以是第二共享秘钥的摘要值,最后判断第一共享秘钥和第二共享秘钥是否相同,并在第一共享秘钥和第二共享秘钥相同的情况下,控制移动端与车机端进行数据传输。如此,实现了车机端到移动端的实时会话秘钥,除了车机端和移动端,任何第三方都无法通过中间人攻击等方式获取车机端和移动端的私钥,保证了车机端和移动端数据传输的安全性。To this end, the application proposes a data transmission method, storage medium, and vehicle. First, the first temporary public key and the first temporary private key are obtained, and then the first shared secret key is determined based on the first temporary public key and the first temporary private key. key, and secondly receive the second shared secret key sent by the car terminal, specifically the digest value of the second shared secret key, and finally determine whether the first shared secret key and the second shared secret key are the same, and In the case of the same as the second shared secret key, control the data transmission between the mobile terminal and the vehicle terminal. In this way, the real-time session key from the car-machine terminal to the mobile terminal is realized. Except for the car-machine terminal and the mobile terminal, no third party can obtain the private key of the car-machine terminal and the mobile terminal through man-in-the-middle attacks, which ensures that the car-machine terminal and the mobile terminal The security of terminal data transmission.
参阅附图1,图1是根据本发明的一个实施例的应用于移动端数据传输方法的主要步骤流程示意图。Referring to accompanying drawing 1, Fig. 1 is a schematic flowchart of main steps applied to a mobile terminal data transmission method according to an embodiment of the present invention.
为了使本发明的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,以手机APP作为移动端的示例,对本申请的数据传输方法进行详细说明。本领域技术人员应当理解的是,此处所描述的具体实施例仅用于解释本发明,并不用于限定本发明所描述的数据传输方法使用手机APP作为移动端。In order to make the purpose, technical solution and advantages of the present invention clearer, the data transmission method of the present application will be described in detail below in conjunction with the accompanying drawings and embodiments, taking the mobile phone APP as an example of the mobile terminal. Those skilled in the art should understand that the specific embodiments described here are only used to explain the present invention, and are not intended to limit the data transmission method described in the present invention using a mobile phone APP as a mobile terminal.
另外,在执行下述步骤S101-步骤S105之前,手机APP可以先获取车机数字证书。In addition, before performing the following steps S101 to S105, the mobile phone APP can first obtain the digital certificate of the vehicle.
在一个具体实施方式中,基于下述步骤获取车机数字证书:首先发送获取车机数字证书的请求,接着接收车联网发送的车机数字证书。In a specific embodiment, the vehicle-machine digital certificate is obtained based on the following steps: first, a request for obtaining the vehicle-machine digital certificate is sent, and then the vehicle-machine digital certificate sent by the Internet of Vehicles is received.
具体来说,首先可以由手机APP向车机端发送端到端的通信检查信号,以使得车机端基于通信检查信号检查车机状态、锁车以及网络等信息。在接收到车机端反馈的信号后,发送获取车机数字证书的请求至车联网,进而由车联网将送获取车机数字证书的请求转发至CA可信域,以通过车架信息来获取车机数字证书。其中,车架信息指的是车辆VIN信息,这是车辆的唯一标识,车机数字证书和车辆VIN信息之间是一一映射关系。最后,CA可信域将车机数字证书返回至车联网,由车联网发送至移动端。Specifically, first, the mobile phone APP can send an end-to-end communication inspection signal to the vehicle-machine terminal, so that the vehicle-machine terminal can check information such as vehicle-machine status, car lock, and network based on the communication inspection signal. After receiving the feedback signal from the car-machine terminal, send a request to obtain the car-machine digital certificate to the Internet of Vehicles, and then the Internet of Vehicles will forward the request to obtain the car-machine digital certificate to the CA trusted domain to obtain it through the frame information Vehicle digital certificate. Among them, the frame information refers to the vehicle VIN information, which is the unique identifier of the vehicle, and there is a one-to-one mapping relationship between the vehicle digital certificate and the vehicle VIN information. Finally, the CA trusted domain returns the digital certificate of the car to the Internet of Vehicles, and the Internet of Vehicles sends it to the mobile terminal.
CA可信域一个独立的可信第三方,为证书持有者签发数字证书,数字证书中声明了证书持有者的身份和公钥。CA可信域在签发证书前应对证书持有者的身份信息进行核实验证,并根据其核验结果为其签发证书。The CA trusted domain is an independent and trusted third party that issues digital certificates to the certificate holders, and the digital certificates declare the identity and public key of the certificate holders. The CA trusted domain should verify the identity information of the certificate holder before issuing the certificate, and issue the certificate according to the verification result.
数字证书是一个经证书授权中心生成的文件,数字证书里一般会包含公钥、公钥拥有者名称、CA的数字签名、有效期、授权中心名称、证书序列号等信息。其中CA的数字签名是验证证书是否被篡改的关键,它其实就是对证书里面除了CA的数字签名以外的内容进行摘要算法得到一个摘要值,然后CA可信域用他自己的私钥对这个摘要进行加密就生成了CA的数字签名,CA可信域会公开它的公钥,验证证书时就是用这个公钥解密CA的数字签名,然后用来验证证书是否被篡改。A digital certificate is a file generated by a certificate authority. The digital certificate generally contains information such as the public key, the name of the owner of the public key, the digital signature of the CA, the validity period, the name of the authority, and the serial number of the certificate. The digital signature of the CA is the key to verify whether the certificate has been tampered with. In fact, it is to perform a digest algorithm on the contents of the certificate except the digital signature of the CA to obtain a digest value, and then the CA trusted domain uses its own private key to verify the digest. Encryption generates the digital signature of the CA, and the CA trusted domain will disclose its public key. When verifying the certificate, this public key is used to decrypt the digital signature of the CA, and then used to verify whether the certificate has been tampered with.
本申请中的数字证书包括移动端数字证书和车机数字证书。当移动端为手机时,则移动端数字证书就是手机对应的数字证书。The digital certificates in this application include mobile terminal digital certificates and vehicle digital certificates. When the mobile terminal is a mobile phone, the digital certificate of the mobile terminal is the corresponding digital certificate of the mobile phone.
如图1所示,在实时场景中,本发明实施例中的数据传输方法主要包括下列步骤S101-步骤S105。As shown in FIG. 1 , in a real-time scenario, the data transmission method in the embodiment of the present invention mainly includes the following steps S101 to S105.
步骤S101:生成第一临时公钥和第一临时私钥。Step S101: Generate a first temporary public key and a first temporary private key.
具体来说,可以利用手机端或移动端来生成第一临时公钥和第一临时私钥。Specifically, the first temporary public key and the first temporary private key can be generated by using the mobile phone terminal or the mobile terminal.
步骤S102:基于第一临时公钥和第一临时私钥确定第一共享秘钥。Step S102: Determine a first shared secret key based on the first temporary public key and the first temporary private key.
在一个具体实施方式中,基于所述第一临时公钥和第一临时私钥确定第一共享秘钥包括下述步骤S1021至步骤S1024。In a specific implementation manner, determining the first shared secret key based on the first temporary public key and the first temporary private key includes the following steps S1021 to S1024.
步骤S1021:基于所述第一临时公钥和第一预设信息生成第一合并唯一标识值。Step S1021: Generate a first combined unique identification value based on the first temporary public key and first preset information.
第一预设信息指的是密钥协商过程中的随机信息,如随机字符串。第一合并唯一标识值则由第一临时公钥和随机字符串组合或者拼接得到。The first preset information refers to random information in the key negotiation process, such as random character strings. The first combined unique identification value is obtained by combining or concatenating the first temporary public key and a random character string.
步骤S1022:利用移动端数字证书对应的私钥对所述第一合并唯一标识值进行签名,得到第一签名值。Step S1022: Using the private key corresponding to the digital certificate of the mobile terminal to sign the first merged unique identification value to obtain a first signature value.
具体的签名算法取决于移动端数字证书的类型。The specific signature algorithm depends on the type of mobile digital certificate.
步骤S1023:接收车机端基于所述第一签名值发送的第二签名值和第二合并唯一标识值。Step S1023: Receive the second signature value and the second combined unique identification value sent by the vehicle-machine terminal based on the first signature value.
步骤S1024:利用车机数字证书对应的公钥对所述第二签名值进行验证,在验证通过的情况下,基于从所述第二合并唯一标识值中获取的第二临时公钥和所述第一临时私钥生成第一共享秘钥。Step S1024: Use the public key corresponding to the vehicle-machine digital certificate to verify the second signature value, and if the verification is passed, based on the second temporary public key obtained from the second merged unique identification value and the The first temporary private key generates a first shared secret key.
示例性地,具体是从第二合并唯一标识值中获取的第二临时公钥和第一临时私钥协商出第一共享秘钥。Exemplarily, specifically, the first shared secret key is negotiated from the second temporary public key obtained from the second combined unique identification value and the first temporary private key.
步骤S103:接收车机端发送的第二共享秘钥。Step S103: Receive the second shared secret key sent by the car-machine terminal.
在一个具体实施方式中,移动端接收车机端发送的第二共享秘钥的摘要值。In a specific implementation manner, the mobile terminal receives the digest value of the second shared secret key sent by the vehicle-machine terminal.
步骤S104:判断所述第一共享秘钥和第二共享秘钥是否相同。Step S104: Determine whether the first shared key and the second shared key are the same.
在一个具体实施方式中,判断所述第一共享秘钥和第二共享秘钥是否相同,包括:判断所述第一共享秘钥的摘要值和第二共享秘钥的摘要值是否相同。In a specific implementation manner, judging whether the first shared secret key is the same as the second shared secret key includes: judging whether the digest value of the first shared secret key is the same as the digest value of the second shared secret key.
摘要值通常是对秘钥通过哈希函数计算得到,哈希函数可以是常见的sha1、sha256、或者MD5等。The digest value is usually obtained by calculating the secret key through a hash function, and the hash function can be common sha1, sha256, or MD5, etc.
步骤S105:在所述第一共享秘钥和第二共享秘钥相同的情况下,控制所述移动端与所述车机端进行数据传输。Step S105: When the first shared secret key and the second shared secret key are the same, control the mobile terminal to perform data transmission with the vehicle-machine terminal.
基于上述步骤S101-步骤S105,首先获取第一临时公钥和第一临时私钥,接着基于第一临时公钥和第一临时私钥确定第一共享秘钥,其次接收车机端发送的第二共享秘钥,最后判断第一共享秘钥和第二共享秘钥是否相同,并在第一共享秘钥和第二共享秘钥相同的情况下,控制移动端与车机端进行数据传输。如此,实现了车机端到移动端的实时会话秘钥,除了车机端和移动端,任何第三方都无法通过中间人攻击等方式获取车机端和移动端的私钥,保证了车机端和移动端数据传输的安全性。Based on the above step S101-step S105, first obtain the first temporary public key and the first temporary private key, then determine the first shared secret key based on the first temporary public key and the first temporary private key, and then receive the first temporary public key sent by the car terminal Two shared secret keys, and finally determine whether the first shared secret key and the second shared secret key are the same, and control the mobile terminal and the vehicle terminal to perform data transmission when the first shared secret key and the second shared secret key are the same. In this way, the real-time session key from the car-machine terminal to the mobile terminal is realized. Except for the car-machine terminal and the mobile terminal, no third party can obtain the private key of the car-machine terminal and the mobile terminal through man-in-the-middle attacks, which ensures that the car-machine terminal and the mobile terminal The security of terminal data transmission.
在一个具体实施方式中,在离线状态下,所述方法还包括:首先获取加密的对称秘钥、对称密钥的摘要值和加密的传输数据,接着基于移动端数字证书对应的私钥对加密的对称秘钥进行解密,最后验证解密后的对称秘钥的摘要值是否正确,若是,利用对称秘钥对加密的传输数据进行解密,得到解密后的传输数据。In a specific embodiment, in the offline state, the method further includes: first obtaining the encrypted symmetric key, the digest value of the symmetric key and the encrypted transmission data, and then encrypting the encrypted data based on the private key corresponding to the mobile terminal digital certificate Decrypt the encrypted symmetric key, and finally verify whether the digest value of the decrypted symmetric key is correct. If so, use the symmetric key to decrypt the encrypted transmission data to obtain the decrypted transmission data.
具体来说,在离线状态下,此时车辆网无法使用,车机端预先将加密的对称秘钥、对称密钥的摘要值和加密的传输数据存储至车联网中。Specifically, in the offline state, the vehicle network cannot be used at this time, and the vehicle terminal stores the encrypted symmetric key, the digest value of the symmetric key and the encrypted transmission data in the vehicle network in advance.
当车机端和移动端需要进行数据传输时,手机APP从车联网中获取到加密的对称秘钥、对称密钥的摘要值和加密的传输数据,接着利用移动端数字证书对应的私钥对加密的对称秘钥进行解密,得到解密后的对称秘钥。When the vehicle terminal and the mobile terminal need to transmit data, the mobile APP obtains the encrypted symmetric key, the digest value of the symmetric key and the encrypted transmission data from the Internet of Vehicles, and then uses the private key corresponding to the digital certificate of the mobile terminal to pair The encrypted symmetric key is decrypted to obtain the decrypted symmetric key.
同时,验证解密后的对称秘钥的摘要值是否正确,具体是将车联网获取的对称密钥的摘要值与解密后的对称秘钥的摘要值进行对比,若两者一致,则利用对称秘钥对加密的传输数据进行解密,得到解密后的传输数据。At the same time, verify whether the digest value of the decrypted symmetric key is correct. Specifically, compare the digest value of the symmetric key obtained by the Internet of Vehicles with the digest value of the decrypted symmetric key. The encryption key is used to decrypt the encrypted transmission data to obtain the decrypted transmission data.
在离线状态下,控制移动端从车辆网获取加密的对称秘钥、对称密钥的摘要值和加密的传输数据,并对加密的对称秘钥进行解密从而得到对称秘钥,进而利用对称秘钥对传输数据进行解密,从而得到传输数据,如此,保证了车辆在离线状态下也能够与移动端保持数据传输,提高了数据传输的安全性和稳定性。In the offline state, control the mobile terminal to obtain the encrypted symmetric key, the digest value of the symmetric key and the encrypted transmission data from the vehicle network, and decrypt the encrypted symmetric key to obtain the symmetric key, and then use the symmetric key The transmission data is decrypted to obtain the transmission data, which ensures that the vehicle can maintain data transmission with the mobile terminal even when it is offline, and improves the security and stability of data transmission.
需要指出的是,尽管上述实施例中将各个步骤按照特定的先后顺序进行了描述,但是本领域技术人员可以理解,为了实现本发明的效果,不同的步骤之间并非必须按照这样的顺序执行,其可以同时(并行)执行或以其他顺序执行,这些变化都在本发明的保护范围之内。It should be pointed out that, although the steps are described in a specific order in the above embodiments, those skilled in the art can understand that in order to achieve the effect of the present invention, different steps do not have to be executed in this order. They can be performed simultaneously (parallel) or in other sequences, and these variations are within the protection scope of the present invention.
进一步,如图2所示,本发明还提供了一种数据传输方法,应用于车机端,所述方法通过下述步骤S201至S207实现。Further, as shown in FIG. 2 , the present invention also provides a data transmission method applied to the vehicle-machine terminal, and the method is implemented through the following steps S201 to S207.
步骤S201:获取移动端数字证书以及移动端发送的第一签名值和第一合并唯一标识值。Step S201: Obtain the digital certificate of the mobile terminal and the first signature value and the first combined unique identification value sent by the mobile terminal.
步骤S202:基于所述移动端数字证书对应的公钥对所述第一签名值进行验证。Step S202: Verifying the first signature value based on the public key corresponding to the mobile terminal digital certificate.
步骤S203:在验证通过的情况下,生成第二临时公钥和第二临时私钥。Step S203: If the verification is passed, generate a second temporary public key and a second temporary private key.
具体可以通过车机端存储的相应数据库来生成第二临时公钥和第二临时私钥。Specifically, the second temporary public key and the second temporary private key may be generated through a corresponding database stored in the vehicle-machine terminal.
步骤S204:基于所述第二临时公钥和第二预设信息生成第二合并唯一标识值。Step S204: Generate a second combined unique identification value based on the second temporary public key and second preset information.
第二预设信息指的是密钥协商过程中在车机端存储的随机信息,可以是随机字符串。这里的随机信息不同于移动端组成第一合并唯一标识值的特殊信息。这些随机字符串跟第二临时公钥合并或拼接后即可得到第二合并唯一标识值。The second preset information refers to random information stored on the vehicle-end during the key negotiation process, which may be a random character string. The random information here is different from the special information that constitutes the first merged unique identification value at the mobile terminal. These random character strings are combined or concatenated with the second temporary public key to obtain a second combined unique identification value.
步骤S205:基于车机数字证书对应的私钥对所述第二合并唯一标识值进行签名,得到第二签名值。Step S205: Sign the second combined unique identification value based on the private key corresponding to the vehicle-machine digital certificate to obtain a second signature value.
步骤S206:基于从所述第一合并唯一标识值中获取的第一临时公钥和所述第二临时私钥生成第二共享秘钥。Step S206: Generate a second shared secret key based on the first temporary public key obtained from the first combined unique identifier value and the second temporary private key.
具体是利用从第一合并唯一标识值中获取的第一临时公钥和第二临时私钥协商出第二共享秘钥。Specifically, the second shared secret key is negotiated by using the first temporary public key and the second temporary private key obtained from the first combined unique identification value.
步骤S207:将所述第二签名值、第二合并唯一标识值和第二共享秘钥发送至移动端。Step S207: Send the second signature value, the second combined unique identification value and the second shared secret key to the mobile terminal.
另外,在离线状态下,此时车辆网无法使用,车机端预先将加密的对称秘钥、对称密钥的摘要值和加密的传输数据存储至车联网中。In addition, in the offline state, the vehicle network cannot be used at this time, and the vehicle terminal stores the encrypted symmetric key, the digest value of the symmetric key and the encrypted transmission data in the vehicle network in advance.
对称秘钥指的是消息发送方和消息接收方必须使用相同的密钥,该密钥必须保密。发送方用该密钥对待发消息进行加密,然后将消息传输至接收方,接收方再用相同的密钥对收到的消息进行解密。Symmetric key means that the message sender and the message receiver must use the same key, which must be kept secret. The sender uses this key to encrypt the message to be sent, and then transmits the message to the receiver, who then uses the same key to decrypt the received message.
具体来说,在触发场景的情况下,车机端首先根据keyID(车联网标识)获取手机数字证书,获取到手机证书后,基于下述步骤获得加密的对称秘钥、对称密钥的摘要值和加密的传输数据。Specifically, in the case of a triggering scenario, the car terminal first obtains the digital certificate of the mobile phone according to the keyID (Identifier of the Internet of Vehicles), and after obtaining the mobile phone certificate, obtains the encrypted symmetric key and the digest value of the symmetric key based on the following steps and encrypted transmission data.
在一个具体实施方式中,在离线状态下,所述方法还包括:In a specific implementation manner, in an offline state, the method further includes:
获取对称秘钥。具体可以利用DES、AES等算法来生成对称秘钥。Get the symmetric key. Specifically, algorithms such as DES and AES can be used to generate a symmetric key.
利用对称秘钥对传输数据进行加密,以及利用移动端数字证书对应的公钥对对称秘钥进行加密;Use the symmetric secret key to encrypt the transmitted data, and use the public key corresponding to the mobile terminal digital certificate to encrypt the symmetric secret key;
将加密的对称秘钥、对称密钥的摘要值和加密的传输数据输出至车联网进行保存。Output the encrypted symmetric key, the digest value of the symmetric key, and the encrypted transmission data to the Internet of Vehicles for storage.
在离线状态下,车机端预先将加密的对称秘钥、对称密钥的摘要值和加密的传输数据存储至车辆网中,如此,为后续移动端与车机端进行端到端的通信提供了基础支撑。In the offline state, the car-machine terminal stores the encrypted symmetric key, the digest value of the symmetric key, and the encrypted transmission data in the vehicle network in advance. base support.
进一步,如图3所示,本发明还提供了一种数据传输方法,所述方法通过下述步骤S301至S305实现。Further, as shown in FIG. 3 , the present invention also provides a data transmission method, which is implemented through the following steps S301 to S305.
步骤S301:移动端生成第一临时公钥和第一临时私钥,基于所述第一临时公钥和第一预设信息生成第一合并唯一标识值,并利用移动端数字证书对应的私钥对所述第一合并唯一标识值进行签名,并将第一签名值和第一合并唯一标识值发送至车机端。Step S301: The mobile terminal generates a first temporary public key and a first temporary private key, generates a first merged unique identification value based on the first temporary public key and first preset information, and uses the private key corresponding to the digital certificate of the mobile terminal Sign the first combined unique identification value, and send the first signature value and the first combined unique identification value to the vehicle-machine terminal.
步骤S302:车机端获取移动端数字证书,基于所述移动端数字证书对应的公钥验证所述第一签名值合法后,生成第二临时公钥和第二临时私钥,基于所述第二临时公钥和第二预设信息生成第二合并唯一标识值,并基于车机数字证书对应的私钥对第二合并唯一标识值进行签名,并将第二签名值和第二合并唯一标识值发送至所述移动端;以及所述车机端基于从所述第一合并唯一标识值中获取的第一临时公钥和所述第二临时私钥生成第二共享秘钥。Step S302: The car terminal obtains the digital certificate of the mobile terminal, and after verifying that the first signature value is legal based on the public key corresponding to the digital certificate of the mobile terminal, generates a second temporary public key and a second temporary private key. The second temporary public key and the second preset information generate the second combined unique identification value, and sign the second combined unique identification value based on the private key corresponding to the vehicle-machine digital certificate, and combine the second signature value and the second combined unique identification value The value is sent to the mobile terminal; and the vehicle-machine terminal generates a second shared secret key based on the first temporary public key and the second temporary private key obtained from the first combined unique identification value.
步骤S303:移动端获取车机数字证书,并基于所述车机数字证书对应的公钥验证所述第二签名值合法后,基于从所述第二合并唯一标识值中获取的第二临时公钥和所述第一临时私钥生成第一共享秘钥。Step S303: The mobile terminal obtains the digital certificate of the vehicle and the machine, and after verifying that the second signature value is legal based on the public key corresponding to the digital certificate of the vehicle, based on the second temporary public value obtained from the second merged unique identification value, key and the first temporary private key to generate a first shared secret key.
步骤S304:判断所述第一共享秘钥和第二共享秘钥是否相同。Step S304: Determine whether the first shared key and the second shared key are the same.
具体是判断第一共享秘钥的摘要值和第二共享秘钥的摘要值是否相同,若是,则确定第一共享秘钥和第二共享秘钥相同。Specifically, it is judged whether the digest value of the first shared secret key is the same as the digest value of the second shared secret key, and if so, it is determined that the first shared secret key is the same as the second shared secret key.
步骤S305:在所述第一共享秘钥和第二共享秘钥相同的情况下,控制所述移动端和车机端进行数据传输。Step S305: In the case that the first shared secret key and the second shared secret key are the same, control the mobile terminal and the vehicle-machine terminal to perform data transmission.
在一个具体实施方式中,在实时场景下,如图4所示的数据传输方法的完整流程示意图所示,对本申请中的数据传输方法进行详细说明。In a specific implementation manner, in a real-time scenario, as shown in a schematic flowchart of a complete data transmission method shown in FIG. 4 , the data transmission method in this application is described in detail.
1.手机APP发起端到端通信的请求,经过车联网到达车机,车机与手机端确认符合开启端到端加密通信的条件后,开启密钥协商的过程。1. The mobile APP initiates an end-to-end communication request, and reaches the vehicle through the Internet of Vehicles. After the vehicle and the mobile phone confirm that they meet the conditions for enabling end-to-end encrypted communication, the key negotiation process is started.
2.手机APP向车联网请求车机的设备证书,车联网转发请求到CA可信域,通过车架信息来获取车机证书证书并校验证书链。2. The mobile APP requests the device certificate of the car from the Internet of Vehicles, and the Internet of Vehicles forwards the request to the CA trusted domain, obtains the certificate of the car and verifies the certificate chain through the frame information.
3.手机APP生成第一临时公私钥,组合第一临时公钥与一些特殊信息得到组合消息后,使用手机数字证书对应的私钥对组合消息签名,其中签名算法取决于手机数字证书的类型,签名后得到第一签名值和组合消息并发送给车机端。3. The mobile APP generates the first temporary public and private key, and after combining the first temporary public key and some special information to obtain the combined message, use the private key corresponding to the mobile digital certificate to sign the combined message, where the signature algorithm depends on the type of the mobile digital certificate. After signing, the first signature value and combined message are obtained and sent to the vehicle terminal.
4.车机端根据keyID(车联网标识)获取手机数字证书,此处无需加密。4. The car terminal obtains the digital certificate of the mobile phone according to the keyID (Identification of the Internet of Vehicles), and there is no need for encryption here.
5.车机端利用手机数字证书对应的公钥对手机APP发送的第一签名值进行验签,如果验签通过,则生成第二临时公钥和第二临时私钥后,将组合第二临时公钥与一些特殊信息后,使用车机数字证书对应的私钥对组合消息进行签名,得到第二签名值并发送给手机APP。同时车机端根据第一临时公钥和第二临时私钥协商出第二共享密钥{share_key2}。5. The vehicle terminal uses the public key corresponding to the digital certificate of the mobile phone to verify the first signature value sent by the mobile APP. If the verification is passed, the second temporary public key and the second temporary private key will be generated, and the second temporary public key will be combined. After the temporary public key and some special information, use the private key corresponding to the car digital certificate to sign the combined message, get the second signature value and send it to the mobile phone APP. At the same time, the vehicle terminal negotiates a second shared key {share_key2} according to the first temporary public key and the second temporary private key.
6.手机APP收到车机发送的第二签名值后,使用车机数字证书对应的公钥对第二签名值进行验签,如果验签通过,则根据第一临时私钥和第二临时公钥协商出第一共享秘钥{share_key1}。6. After the mobile APP receives the second signature value sent by the car, it uses the public key corresponding to the digital certificate of the car to verify the second signature value. The first shared secret key {share_key1} is obtained through public key negotiation.
7.校验第一共享秘钥{share_key1}和第二共享密钥{share_key2}是否相同,具体是验证两个共享秘钥的摘要值是否相同,并在相同时,控制移动端和车机端进行数据传输。7. Verify whether the first shared key {share_key1} and the second shared key {share_key2} are the same, specifically verify whether the digest values of the two shared keys are the same, and if they are the same, control the mobile terminal and the vehicle terminal for data transfer.
另外,如图5所示,对离线状态下的数据传输方法进行详细说明。In addition, as shown in FIG. 5 , the data transmission method in the offline state will be described in detail.
1.触发离线场景。1. Trigger offline scene.
2.根据KeyID(车联网持有的绑定关系)获取手机数字证书。2. Obtain the mobile phone digital certificate according to the KeyID (the binding relationship held by the Internet of Vehicles).
3.生成对称密钥,以及利用对称秘钥对传输数据进行加密,得到加密后的传输数据。3. Generate a symmetric key, and use the symmetric key to encrypt the transmission data to obtain encrypted transmission data.
4.使用手机数字证书对应的公钥对对称密钥加密,得到加密后的对称密钥。4. Use the public key corresponding to the mobile phone digital certificate to encrypt the symmetric key to obtain the encrypted symmetric key.
5.上传加密后的对称密钥、加密后的传输数据以及对称密钥的摘要值至车联网。5. Upload the encrypted symmetric key, the encrypted transmission data, and the digest value of the symmetric key to the Internet of Vehicles.
6.移动端从车联网下载加密后的对称密钥、加密后的传输数据以及对称密钥的摘要值,并使用手机数字证书对应的私钥对加密后的密钥解密。接着对对称秘钥的摘要值进行校验,并在校验通过的情况下,使用解密得到的对称密钥对加密后的传输数据进行解密,得到解密后的传输数据。6. The mobile terminal downloads the encrypted symmetric key, the encrypted transmission data, and the digest value of the symmetric key from the Internet of Vehicles, and uses the private key corresponding to the mobile phone digital certificate to decrypt the encrypted key. Then, the digest value of the symmetric key is verified, and if the verification is passed, the encrypted transmission data is decrypted using the decrypted symmetric key to obtain the decrypted transmission data.
本领域技术人员能够理解的是,本发明实现上述一实施例的方法中的全部或部分流程,也可以通过计算机程序来指令相关的硬件来完成,所述的计算机程序可存储于一计算机可读存储介质中,该计算机程序在被处理器执行时,可实现上述各个方法实施例的步骤。其中,所述计算机程序包括计算机程序代码,所述计算机程序代码可以为源代码形式、对象代码形式、可执行文件或某些中间形式等。所述计算机可读存储介质可以包括:能够携带所述计算机程序代码的任何实体或装置、介质、U盘、移动硬盘、磁碟、光盘、计算机存储器、只读存储器、随机存取存储器、电载波信号、电信信号以及软件分发介质等。需要说明的是,所述计算机可读存储介质包含的内容可以根据司法管辖区内立法和专利实践的要求进行适当的增减,例如在某些司法管辖区,根据立法和专利实践,计算机可读存储介质不包括电载波信号和电信信号。Those skilled in the art can understand that all or part of the process in the method of the above-mentioned embodiment of the present invention can also be completed by instructing related hardware through a computer program, and the computer program can be stored in a computer-readable In the storage medium, when the computer program is executed by the processor, the steps of the above-mentioned various method embodiments can be realized. Wherein, the computer program includes computer program code, and the computer program code may be in the form of source code, object code, executable file or some intermediate form. The computer-readable storage medium may include: any entity or device capable of carrying the computer program code, medium, U disk, removable hard disk, magnetic disk, optical disk, computer memory, read-only memory, random access memory, electric carrier signals, telecommunication signals, and software distribution media, etc. It should be noted that the content contained in the computer-readable storage medium can be appropriately increased or decreased according to the requirements of legislation and patent practice in the jurisdiction. For example, in some jurisdictions, according to legislation and patent practice, computer-readable Storage media excludes electrical carrier signals and telecommunication signals.
进一步,本发明还提供了一种车辆。在根据本发明的一个车辆实施例中,如图6所示,车辆包括车辆本体11、处理器12和存储装置13。存储装置可以被配置成存储执行上述方法实施例的数据传输方法的程序,处理器可以被配置成用于执行存储装置中的程序,该程序包括但不限于执行上述方法实施例的数据传输方法的程序。为了便于说明,仅示出了与本发明实施例相关的部分,具体技术细节未揭示的,请参照本发明实施例方法部分。Further, the present invention also provides a vehicle. In a vehicle embodiment according to the present invention, as shown in FIG. 6 , the vehicle includes a
进一步,本发明还提供了一种计算机可读存储介质。在根据本发明的一个计算机可读存储介质实施例中,计算机可读存储介质可以被配置成存储执行上述方法实施例的数据传输方法的程序,该程序可以由处理器加载并运行以实现上述数据传输方法。为了便于说明,仅示出了与本发明实施例相关的部分,具体技术细节未揭示的,请参照本发明实施例方法部分。该计算机可读存储介质可以是包括各种电子设备形成的存储装置设备,可选的,本发明实施例中计算机可读存储介质是非暂时性的计算机可读存储介质。Further, the present invention also provides a computer-readable storage medium. In an embodiment of a computer-readable storage medium according to the present invention, the computer-readable storage medium may be configured to store a program for executing the data transmission method of the above-mentioned method embodiment, and the program may be loaded and run by a processor to realize the above-mentioned data transfer method. transfer method. For ease of description, only parts related to the embodiments of the present invention are shown, and for specific technical details that are not disclosed, please refer to the method part of the embodiments of the present invention. The computer-readable storage medium may be a storage device formed by various electronic devices. Optionally, the computer-readable storage medium in this embodiment of the present invention is a non-transitory computer-readable storage medium.
至此,已经结合附图所示的优选实施方式描述了本发明的技术方案,但是,本领域技术人员容易理解的是,本发明的保护范围显然不局限于这些具体实施方式。在不偏离本发明的原理的前提下,本领域技术人员可以对相关技术特征作出等同的更改或替换,这些更改或替换之后的技术方案都将落入本发明的保护范围之内。So far, the technical solutions of the present invention have been described in conjunction with the preferred embodiments shown in the accompanying drawings, but those skilled in the art will easily understand that the protection scope of the present invention is obviously not limited to these specific embodiments. Without departing from the principles of the present invention, those skilled in the art can make equivalent changes or substitutions to relevant technical features, and the technical solutions after these changes or substitutions will all fall within the protection scope of the present invention.
Claims (10)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210863646.7ACN115276972B (en) | 2022-07-20 | 2022-07-20 | Data transmission method, storage medium and vehicle |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210863646.7ACN115276972B (en) | 2022-07-20 | 2022-07-20 | Data transmission method, storage medium and vehicle |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115276972Atrue CN115276972A (en) | 2022-11-01 |
| CN115276972B CN115276972B (en) | 2025-04-08 |
Family
ID=83767416
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210863646.7AActiveCN115276972B (en) | 2022-07-20 | 2022-07-20 | Data transmission method, storage medium and vehicle |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115276972B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2025010539A1 (en)* | 2023-07-07 | 2025-01-16 | Oppo广东移动通信有限公司 | Communication method, apparatus and device, and chip, storage medium, product and program |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170208062A1 (en)* | 2016-01-15 | 2017-07-20 | Fujitsu Limited | Mutual authentication method and authentication apparatus |
| CN109818747A (en)* | 2018-12-28 | 2019-05-28 | 苏州科达科技股份有限公司 | Digital signature method and device |
| CN111541699A (en)* | 2020-04-24 | 2020-08-14 | 国网河北省电力有限公司电力科学研究院 | A method for safe data transmission based on IEC102 communication protocol |
| CN112995990A (en)* | 2019-11-30 | 2021-06-18 | 华为技术有限公司 | Method, system and equipment for synchronizing key information |
- 2022
- 2022-07-20CNCN202210863646.7Apatent/CN115276972B/enactiveActive
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20170208062A1 (en)* | 2016-01-15 | 2017-07-20 | Fujitsu Limited | Mutual authentication method and authentication apparatus |
| CN109818747A (en)* | 2018-12-28 | 2019-05-28 | 苏州科达科技股份有限公司 | Digital signature method and device |
| CN112995990A (en)* | 2019-11-30 | 2021-06-18 | 华为技术有限公司 | Method, system and equipment for synchronizing key information |
| CN111541699A (en)* | 2020-04-24 | 2020-08-14 | 国网河北省电力有限公司电力科学研究院 | A method for safe data transmission based on IEC102 communication protocol |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2025010539A1 (en)* | 2023-07-07 | 2025-01-16 | Oppo广东移动通信有限公司 | Communication method, apparatus and device, and chip, storage medium, product and program |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115276972B (en) | 2025-04-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US12375304B2 (en) | Mutual authentication of confidential communication | |
| EP3642997B1 (en) | Secure communications providing forward secrecy | |
| US11128477B2 (en) | Electronic certification system | |
| CN110380852B (en) | Two-way authentication method and communication system | |
| US10419220B2 (en) | Management device, key generating device, vehicle, maintenance tool, management system, management method, and computer program | |
| US10708062B2 (en) | In-vehicle information communication system and authentication method | |
| KR101237632B1 (en) | Network helper for authentication between a token and verifiers | |
| CN108235806A (en) | Method, device and system for safely accessing block chain, storage medium and electronic equipment | |
| CN110650478B (en) | OTA method, system, device, SE module, program server and medium | |
| US20150172064A1 (en) | Method and relay device for cryptographic communication | |
| JP2020530726A (en) | NFC tag authentication to remote servers with applications that protect supply chain asset management | |
| US20080130879A1 (en) | Method and system for a secure PKI (Public Key Infrastructure) key registration process on mobile environment | |
| KR101706117B1 (en) | Apparatus and method for other portable terminal authentication in portable terminal | |
| CN104836784B (en) | A kind of information processing method, client and server | |
| KR102591826B1 (en) | Apparatus and method for authenticating device based on certificate using physical unclonable function | |
| CN114218548B (en) | Identity verification certificate generation method, authentication method, device, equipment and medium | |
| CN101296083A (en) | An encrypted data transmission method and system | |
| CN111080299B (en) | Anti-repudiation method for transaction information, client and server | |
| JP2024516126A (en) | Encrypted and authenticated firmware provisioning with root of trust security | |
| CN110020869B (en) | Method, device and system for generating block chain authorization information | |
| CN113438205B (en) | Block chain data access control method, node and system | |
| CN114143198A (en) | Firmware upgrading method | |
| CN115119208A (en) | An upgrade package encryption and decryption method and device | |
| CN105554008A (en) | User terminal, authentication server, middle server, system and transmission method | |
| CN111656729B (en) | System and method for computing escrow and private session keys for encoding digital communications between two devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |