CN109587164A - A kind of information encrypting transmission method, device, equipment and storage medium - Google Patents
A kind of information encrypting transmission method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN109587164A CN109587164A CN201811614209.1A CN201811614209A CN109587164A CN 109587164 A CN109587164 A CN 109587164A CN 201811614209 A CN201811614209 A CN 201811614209A CN 109587164 A CN109587164 A CN 109587164A
- Authority
- CN
- China
- Prior art keywords
- service order
- public key
- sent
- car
- mounted terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 45
- 230000005540 biological transmission Effects 0.000 title claims abstract description 25
- 230000004044 response Effects 0.000 claims abstract description 48
- 230000004913 activation Effects 0.000 claims description 85
- 238000012795 verification Methods 0.000 claims description 36
- 238000004590 computer program Methods 0.000 claims description 11
- 230000002452 interceptive effect Effects 0.000 abstract description 6
- 230000008569 process Effects 0.000 abstract description 6
- 230000000694 effects Effects 0.000 abstract 1
- 238000004891 communication Methods 0.000 description 6
- 238000004422 calculation algorithm Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 230000003993 interaction Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 235000013399 edible fruits Nutrition 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000009738 saturating Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Selective Calling Equipment (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
This application discloses a kind of information encrypting transmission methods, applied to the safety equipment in vehicle, this method comprises: receiving the first control information that client is sent by background server;The first ciphertext is decrypted using device private, obtains service order;Service order is sent to car-mounted terminal;When receiving the first answer code of car-mounted terminal return, generate the first response message, first response message includes the second signature signed using device private to the first answer code, the second ciphertext encrypted using the server public key being obtained ahead of time to the first answer code;First response message is sent to background server, so that background server is decrypted to obtain the first answer code, the second signature is verified.Using technical solution provided by the embodiment of the present application, the safety in information interactive process can be improved, reduce vehicle safety risk.Disclosed herein as well is a kind of information encryption transmission device, equipment and storage mediums, have relevant art effect.
Description
Technical field
This application involves security technology areas, more particularly to a kind of information encrypting transmission method, device, equipment and storage
Medium.
Background technique
In the car networking epoch, vehicle can by various communication modes, such as mobile network, WiFi, bluetooth and outside into
Row information interaction.Currently, common car-mounted terminal GTBox realizes the control to vehicle.After user can be connected to by client
Platform server is sent to car-mounted terminal by background server and is instructed, and car-mounted terminal carries out vehicle according to the instruction received
Corresponding control, such as unlock, turn on the aircondition.
After vehicle networked, risk of the vehicle by outside world is increased.Because in the prior art, background server is all
It is to send to instruct to car-mounted terminal with clear-text way, safety is lower, will if instruction is intercepted or is tampered in a network
Security risk can be brought to vehicle and its user.
It is that current those skilled in the art are anxious in conclusion how to effectively improve the safety in information interactive process
Technical problem to be solved.
Summary of the invention
The purpose of the application is to provide a kind of information encrypting transmission method, device, equipment and storage medium, to improve information
Safety in interactive process reduces vehicle safety risk.
In order to solve the above technical problems, the application provides the following technical solutions:
A kind of information encrypting transmission method is previously stored in the safety equipment applied to the safety equipment in vehicle
Equipment public key and device private, which comprises
The first control information that client is sent by background server is received, the first control information includes using clothes
The first signature that business device private key signs to service order, using the equipment public key being obtained ahead of time to the business
The first ciphertext that instruction and first signature are encrypted;
First ciphertext is decrypted using the device private, obtains the service order;
The service order is sent to car-mounted terminal, so that the car-mounted terminal is based on the service order to the vehicle
It is controlled, and returns to the first answer code;
When receiving first answer code that the car-mounted terminal returns, the first response message of generation, described first
Response message includes the second signature signed using the device private to first answer code, using obtaining in advance
The second ciphertext that the server public key obtained encrypts first answer code;
First response message is sent to the background server, so that the background server uses the service
Device private key is decrypted second ciphertext to obtain first answer code, using the equipment public key to second signature
It is verified, and after being verified, first answer code is returned into the client.
In a kind of specific embodiment of the application, first ciphertext is carried out using the device private described
The service order after obtaining the service order, described is sent to before car-mounted terminal by decryption, further includes:
The service order is searched in the command information table being obtained ahead of time;
If found, the described the step of service order is sent to car-mounted terminal is executed.
In a kind of specific embodiment of the application, refer to if finding the business in described instruction information table
It enables, further includes:
Determine the execution permission of the service order;
According to the execution permission of the service order, it is determined whether carry out safety verification to the service order;
If it is not, then executing the described the step of service order is sent to car-mounted terminal.
In a kind of specific embodiment of the application, when determining to service order progress safety verification, also wrap
It includes:
Safety is carried out to the service order using the corresponding verification mode of execution permission with the service order to test
Card;
If the verification passes, then the described the step of service order is sent to car-mounted terminal is executed.
In a kind of specific embodiment of the application, equipment public key certificate is sent to the backstage by following steps
Server, so that the background server obtains the equipment public key:
The second control information that the client is sent by the background server is received, the second control information is extremely
It less include activation instruction;
The activation instruction is sent to the car-mounted terminal, so that the car-mounted terminal is executed based on the activation instruction
Activation operation, and return to the second answer code;
When receiving the second answer code that the car-mounted terminal returns, the second response message, second response are generated
Information includes being signed to obtain to the equipment public key certificate and second answer code that are obtained ahead of time using the device private
Third signature, the equipment public key certificate and second answer code are encrypted using the server public key
Third ciphertext;
Second response message is sent to the background server, so that the background server uses the service
Device private key is decrypted the third ciphertext to obtain the equipment public key certificate and second answer code, public to the equipment
Key certificate is verified, and after being verified, obtains the equipment public key according to the equipment public key certificate, and use the equipment
Public key certificate verifies third signature, and after being verified, second answer code is returned to the client
End, meanwhile, in the case where second answer code is successfully code, save the equipment public key certificate and the equipment public key.
In a kind of specific embodiment of the application, sent out in the reception client by the background server
After the second control information sent, described the activation instruction is sent to before the car-mounted terminal, further includes:
The activation instruction is searched in the command information table being obtained ahead of time;
If found, the described the step of activation instruction is sent to the car-mounted terminal is executed.
In a kind of specific embodiment of the application, refer to if finding the activation in described instruction information table
It enables, the method also includes:
Determine the execution permission of the activation instruction;
According to the execution permission of the activation instruction, it is determined whether carry out safety verification to the activation instruction;
If it is, using the corresponding verification mode of execution permission with the activation instruction to the activation instruction into
Row safety verification;
If the verification passes, then the described the step of activation instruction is sent to the car-mounted terminal is executed.
A kind of information encryption transmission device is previously stored in the safety equipment applied to the safety equipment in vehicle
Equipment public key and device private, described device include:
Information receiving module is controlled, the first control information sent for receiving client by background server is described
First control information includes the first signature signed using privacy key to service order, uses what is be obtained ahead of time
The first ciphertext that the equipment public key encrypts the service order and first signature;
Service order obtains module, for first ciphertext to be decrypted using the device private, described in acquisition
Service order;
Service order sending module, for the service order to be sent to car-mounted terminal, so that the car-mounted terminal base
The vehicle is controlled in the service order, and returns to the first answer code;
Response message generation module, for generating when receiving first answer code that the car-mounted terminal returns
First response message, first response message include being signed to obtain to first answer code using the device private
Second signature, the second ciphertext that first answer code is encrypted using the server public key being obtained ahead of time;
Response message sending module, for first response message to be sent to the background server, so that described
Background server is decrypted second ciphertext using the privacy key to obtain first answer code, using described
Equipment public key verifies second signature, and after being verified, first answer code is returned to the client
End.
A kind of safety equipment is previously stored with equipment public key and device private in the safety equipment, comprising:
Memory, for storing computer program;
Processor realizes the step of information encrypting transmission method described in any of the above-described when for executing the computer program
Suddenly.
A kind of computer readable storage medium is stored with computer program on the computer readable storage medium, described
The step of information encrypting transmission method described in any of the above-described is realized when computer program is executed by processor.
Using technical solution provided by the embodiment of the present application, safety equipment passes through background server receiving client
When the first control information sent, device private can be used, the first ciphertext in the first control information is decrypted, obtain
Service order is sent to car-mounted terminal by service order, is based on service order in car-mounted terminal and is controlled vehicle, and returns
After first answer code, the first answer code is encrypted, is signed, generated the first response message, the first response message is sent to
Background server.Using safety equipment, so that the information interacted between background server and car-mounted terminal is all by encryption
The information of reason, it is more difficult to be tampered, the safety in information interactive process can be improved, reduce vehicle safety risk.
Detailed description of the invention
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of application for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 is the integrated stand composition of information interaction system in the embodiment of the present application;
Fig. 2 is a kind of implementation flow chart of information encrypting transmission method in the embodiment of the present application;
Fig. 3 is a kind of structural schematic diagram of information encryption transmission device in the embodiment of the present application;
Fig. 4 is a kind of structural schematic diagram of safety equipment in the embodiment of the present application.
Specific embodiment
The core of the application is to provide a kind of information encrypting transmission method, and the safety that this method can be applied in vehicle is set
It is standby, equipment public key and device private are previously stored in the safety equipment.
In practical applications, safety equipment can be embedded in car-mounted terminal, can be with deployable communication list in car-mounted terminal
Member, the safety equipment in car-mounted terminal carry out information exchange by communication unit and background server.Certainly, safety equipment may be used also
It to be deployed in vehicle independently of car-mounted terminal, is connect respectively with car-mounted terminal and background server, carries out information exchange.Such as
Shown in Fig. 1, the information exchange of car-mounted terminal GTBox and background server are carried out by safety equipment, specifically, safety equipment can
To be communicated by communication unit with background server.
Safety equipment specifically can be safety chip, and safety chip has a hardware safety rank, safety with higher,
It is difficult to be cracked.
Safety equipment produces the public private key pair based on SM2 algorithm, i.e. equipment public key and device private in production,
And it is stored in advance in the file system of safety equipment.Safety equipment is connect with CA server, can complete equipment public key certificate
Sign and issue, meanwhile, by CA server can in advance by root certificate, the server public key of background server, server public key demonstrate,prove
Book is all written in file system.
In order to make those skilled in the art more fully understand application scheme, with reference to the accompanying drawings and detailed description
The application is described in further detail.Obviously, described embodiments are only a part of embodiments of the present application, rather than
Whole embodiments.Based on the embodiment in the application, those of ordinary skill in the art are not making creative work premise
Under every other embodiment obtained, shall fall in the protection scope of this application.
It is shown in Figure 2, it is a kind of implementation flow chart of information encrypting transmission method provided by the embodiment of the present application, it should
Method the following steps are included:
S210: the first control information that client is sent by background server is received.
First control information includes the first signature signed using privacy key to service order, using pre-
The first ciphertext that the equipment public key first obtained encrypts service order and the first signature.
In practical applications, user can install client in an intelligent terminal, which can be with background server
Communication connection.User can be used the modes such as password, fingerprint, recognition of face by client and log on to background server, pass through
Car-mounted terminal of the background server into vehicle sends instruction, controls vehicle, and background server is sent to car-mounted terminal
Instruction and car-mounted terminal return to the information of background server and require by safety equipment.
Equipment public key can be obtained ahead of time by the interaction with safety equipment in vehicle in background server.Background server
When receiving the service order that user is sent by client, privacy key can be used, service order sign
To the first signature, service order and the first signature are encrypted to obtain the first ciphertext using equipment public key.It then will include the
First control information of one signature and the first ciphertext is sent to car-mounted terminal.
Safety equipment receive client by background server send first control information after, step can be continued to execute
The operation of rapid S220.
S220: being decrypted the first ciphertext using device private, obtains service order.
Equipment public key and device private are previously stored in safety equipment.First ciphertext is that background server is public using equipment
Key encrypts service order and the first signature, after safety equipment receives the first control information, can be used and sets
The first ciphertext is decrypted in standby private key, obtains service order.
S230: being sent to car-mounted terminal for service order, so that car-mounted terminal is based on service order and controls vehicle,
And return to the first answer code.
Service order can be turn on light, turn on the aircondition, the instruction such as door opening, engine start.Safety equipment obtains business and refers to
After order, service order can be sent to car-mounted terminal.Car-mounted terminal, which is based on the service order, can accordingly control vehicle
System.The service order such as received is door opening instruction, then the service order can be sent to Car's door controlling list by car-mounted terminal
Member executes driving door operation.Car-mounted terminal carries out after accordingly controlling vehicle, can return to the first answer code.
S240: when receiving the first answer code of car-mounted terminal return, the first response message is generated.
First response message includes the second signature signed using device private to the first answer code, using pre-
The second ciphertext that the server public key first obtained encrypts the first answer code.
Safety equipment can be used device private and respond to first when receiving the first answer code of car-mounted terminal return
Code is signed to obtain the second signature, is encrypted to obtain the second ciphertext to the first answer code using server public key, thus raw
At the first response message for including the second signature and the second ciphertext.
S250: being sent to background server for the first response message, so that background server is using privacy key to the
Two ciphertexts are decrypted to obtain the first answer code, are verified using equipment public key to the second signature, and after being verified, will
First answer code returns to client.
After safety equipment generates the first response message, the first response message is sent to background server, i.e., is set use
Standby private key is signed to the first answer code is signed second and is encrypted using server public key to the first answer code
The second obtained ciphertext is sent to background server.
Background server can be decrypted the second ciphertext to obtain the first answer code using privacy key, then use
Equipment public key verifies the second signature, to determine the reliability in the first answer code source.Specifically, equipment public affairs can be used
The second signature is decrypted in key, obtains the first answer code in the second signature, by the first answer code and the in the second signature
The first answer code in two ciphertexts is compared, and determines whether the two is consistent, if unanimously, be verified, otherwise, verifying is not
Pass through.
Background server is verifying the second signature using equipment public key, can be by the first response after being verified
Code returns to client, to inform whether client runs succeeded for service order.And then client can export for user
Show corresponding prompt information.
Using method provided by the embodiment of the present application, safety equipment receive client pass through background server send
First control information when, can be used device private to first control information in the first ciphertext be decrypted, obtain business
Instruction, is sent to car-mounted terminal for service order, is based on service order in car-mounted terminal and controls vehicle, and returns to first
After answer code, the first answer code is encrypted, is signed, generate the first response message, the first response message is sent to backstage
Server.Using safety equipment, so that the information interacted between background server and car-mounted terminal is all by encryption
Information, it is more difficult to be tampered, the safety in information interactive process can be improved, reduce vehicle safety risk.
In one embodiment of the application, after step S220, before step S230, this method can also include with
Lower step:
Service order is searched in the command information table being obtained ahead of time;If found, S230 is thened follow the steps by business
Instruction is sent to the operation of car-mounted terminal.
In the embodiment of the present application, command information table can be stored in advance in safety equipment, include in the command information table
The acceptable various instructions of car-mounted terminal.
Safety equipment can first search the service order after obtaining service order in command information table.If searched
It arrives, then shows that the service order is the acceptable instruction of car-mounted terminal, can continue to execute and the service order is sent to vehicle-mounted end
End and its following operation.If do not found, show that the service order may be wrong, it is vehicle-mounted even if being sent to car-mounted terminal
Terminal will not execute corresponding control operation based on the service order, so, in this case, safety equipment can directly be lost
Abandon the service order, perhaps to its it is without any processing or to background server return error message.
In one embodiment of the application, if finding service order in command information table, this method can be with
The following steps are included:
Step 1: the execution permission of service order is determined;
Step 2: according to the execution permission of service order, it is determined whether safety verification is carried out to service order;If not,
Then follow the steps the operation that service order is sent to car-mounted terminal by S230.
It is illustrated for ease of description, above-mentioned two step is combined.
It in the embodiment of the present application, can also include the execution permission of each service order, different business in command information table
The execution permission of instruction may be different.For example, the right of execution of some service orders is limited to " no limitation ", which can be saturating
Car-mounted terminal is passed to, the right of execution of some service orders is limited to " authentication server ", after needing to verify the transmission service order
The reliability of platform server, the right of execution of some service orders are limited to " authentication server, manufacturer ", need to verify background server
With the reliability of manufacturer, the right of execution of some service orders is limited to " verifying CA ", needs to verify the reliability of CA.
Safety equipment searches service order in command information table, if found, may further determine the business
The execution permission of instruction.According to the execution permission of the service order, may determine whether to carry out safety verification to the service order.
If it is not, then the operation that service order is sent to car-mounted terminal and its following steps can be executed directly, i.e., the business is referred to
Order passes through car-mounted terminal.
In a kind of specific embodiment of the application, when determining to service order progress safety verification, it can be used
Verification mode corresponding with the execution permission of service order carries out safety verification to service order.Such as the right of execution of service order
It is limited to " authentication server ", then server public key can be used, the first signature is verified, specifically, server can be used
Public key is decrypted to obtain the service order in the first signature to the first signature, by the service order in the first signature and to first
The service order in the first ciphertext that ciphertext is decrypted compares, if the two is consistent, is verified, otherwise,
Verifying does not pass through.The first signature is verified using server public key, to determine the reliability in service order source.
If the verification passes, then the operation that service order is sent to car-mounted terminal and its following steps can be executed.Such as
Fruit verifying does not pass through, then safety equipment can directly abandon the service order, perhaps to its it is without any processing or to backstage
Server returns to error message.
The service order for being sent to car-mounted terminal is filtered by safety equipment, vehicle general safety grade can be promoted
Not.
In one embodiment of the application, equipment public key certificate can be sent to background service by following steps
Device, so that background server obtains equipment public key:
First step: the second control information that client is sent by background server is received, the second control information is extremely
It less include activation instruction;
Second step: being sent to car-mounted terminal for activation instruction, so that car-mounted terminal is based on activation instruction and executes activation
Operation, and return to the second answer code;
Third step: when receiving the second answer code of car-mounted terminal return, the second response message, the second sound are generated
Answering information includes the third signed using device private to the equipment public key certificate and the second answer code that are obtained ahead of time
Signature, the third ciphertext that equipment public key certificate and the second answer code are encrypted using server public key;
4th step: being sent to background server for the second response message, so that background server is private using server
Key is decrypted third ciphertext to obtain equipment public key certificate and the second answer code, verifies to equipment public key certificate, verifying
By rear, equipment public key is obtained according to equipment public key certificate, and verify using equipment public key to third signature, and verifying
By rear, the second answer code is returned into client, meanwhile, in the case where the second answer code is successfully code, it is public to save equipment
Key certificate and equipment public key.
It is illustrated for ease of description, aforementioned four step is combined.
When using car-mounted terminal for the first time, user can be stepped on by client using modes such as password, fingerprint, recognitions of face
Background server is recorded, activation instruction is sent by car-mounted terminal of the background server into vehicle, activates car-mounted terminal.
Background server can will include at least activation and refer to when receiving the activation instruction that user is sent by client
The the second control information enabled is sent to car-mounted terminal.
Safety equipment receive client by background server send second control information after, can be by activation instruction
It is sent to car-mounted terminal.Car-mounted terminal, which is based on the activation instruction, can execute corresponding activation operation, and return to the second answer code.
Device private can be used to being obtained ahead of time when receiving the second answer code of car-mounted terminal return in safety equipment
Equipment public key certificate and the second answer code signed to obtain third signature, using server public key to equipment public key certificate and
Second answer code is encrypted to obtain third ciphertext, then will include the second response message transmission of third signature and third ciphertext
To background server.
Background server can be decrypted third ciphertext to obtain equipment public key certificate and second using privacy key
Answer code verifies equipment public key certificate.Equipment public key certificate is that CA server is signed and issued, and CA public private key pair is storable in
In the equipment such as encryption equipment or Ukey, background server can complete the verifying of equipment public key certificate by the interface of these equipment, from
And guarantee the reliability of equipment public key certificate.
After background server is verified equipment public key certificate, equipment public key can be obtained according to equipment public key certificate,
Specifically, equipment public key card can be parsed by certain algorithm or by the equipment respective function interface such as encryption equipment or Ukey
Book, the equipment public key in extraction device public key certificate.
Then third signature is verified using equipment public key, to determine the reliability in the second answer code source, is guaranteed
The authenticity of data.Third signature is decrypted specifically, equipment public key can be used, obtains the second sound in third signature
Answer code, by third sign in the second answer code be compared with the second answer code in third ciphertext, determine both whether one
It causes, if unanimously, be verified, otherwise, verifying does not pass through.
Background server is verifying third signature using equipment public key certificate, can be by second after being verified
Answer code returns to client, to inform whether client runs succeeded for activation instruction.And then client can be user
Output shows corresponding prompt information.Meanwhile being verified to third signature, it is verified, and the second answer code is successfully
In the case where code, background server can save equipment public key certificate and equipment public key, so as in subsequent progress service order
Use when issuing.
In one embodiment of the application, after the first step, before second step, this method can also be wrapped
Include following steps:
Activation instruction is searched in the command information table being obtained ahead of time;If found, execution sends activation instruction
To the operation of car-mounted terminal.
Safety equipment can first search the activation instruction after obtaining activation instruction in command information table.If searched
It arrives, then shows that the activation instruction is the acceptable instruction of car-mounted terminal, can continue to execute and the activation instruction is sent to vehicle-mounted end
End and its following operation.If do not found, show that the activation instruction may be wrong, it is vehicle-mounted even if being sent to car-mounted terminal
Terminal will not execute corresponding operating based on the activation instruction, so, in this case, safety equipment can directly abandon this
Activation instruction, perhaps to its it is without any processing or to background server return error message.
It can also include being referred to using privacy key to activation in the second control information in one embodiment of the application
Enable the 4th signature signed;If finding activation instruction in command information table, this method can also include with
Lower step:
Step 1: the execution permission of activation instruction is determined;
Step 2: according to the execution permission of activation instruction, it is determined whether safety verification is carried out to activation instruction;If so,
Then follow the steps three;
Step 3: safety is carried out to activation instruction using execution permission with activation instruction corresponding verification mode and is tested
Card;If the verification passes, then the operation that activation instruction is sent to car-mounted terminal is executed.
It is illustrated for ease of description, above three step is combined.
It in the embodiment of the present application, can also include being carried out using privacy key to activation instruction in the second control information
The 4th obtained that sign signs.
Safety equipment searches activation instruction in command information table, if found, may further determine the activation
The execution permission of instruction.According to the execution permission of the activation instruction, it is determined whether carry out safety verification to activation instruction.If
It is no, then the activation instruction directly can be passed through into car-mounted terminal.If it is, the execution permission with activation instruction can be used
Corresponding verification mode carries out safety verification to the activation instruction.Server public key such as can be used to test the 4th signature
Card is decrypted the 4th signature to obtain the activation instruction in the 4th signature, by the 4th specifically, server public key can be used
Activation instruction in signature is compared with the activation instruction in the second control information, if the two is consistent, is verified, no
Then, verifying does not pass through.The 4th signature is verified using server public key, to determine the reliability in activation instruction source.
If the verification passes, then the operation that activation instruction is sent to car-mounted terminal and its following steps is executed.
If verifying does not pass through, safety equipment can directly abandon the activation instruction, or without any processing to its,
Or error message is returned to background server.
The activation instruction for being sent to car-mounted terminal is filtered by safety equipment, vehicle general safety grade can be promoted
Not.
The embodiment of the present application using the encryption and decryption of SM2 algorithm, signature mechanism, ensure that background server and car-mounted terminal it
Between the safety of communication channel and the absolute confidence of both sides' identity, the attack of the outer bound pair car-mounted terminal of the defence of maximum possible, drop
Low vehicle safety risk.
Corresponding to above method embodiment, the embodiment of the present application also provides a kind of information encryption transmission device, applications
Safety equipment in vehicle is previously stored with equipment public key and device private, a kind of information described below in safety equipment
Encrypted transmission device can correspond to each other reference with a kind of above-described information encrypting transmission method.
Shown in Figure 3, which comprises the following modules:
Information receiving module 310 is controlled, the first control information sent for receiving client by background server, the
One control information includes the first signature signed using privacy key to service order, is set using what is be obtained ahead of time
The first ciphertext that standby public key encrypts service order and the first signature;
Service order obtains module 320, for the first ciphertext to be decrypted using device private, obtains service order;
Service order sending module 330, for service order to be sent to car-mounted terminal, so that car-mounted terminal is based on business
Instruction controls vehicle, and returns to the first answer code;
Response message generation module 340, for generating the first sound when receiving the first answer code of car-mounted terminal return
Information is answered, the first response message includes the second signature signed using device private to the first answer code, using pre-
The second ciphertext that the server public key first obtained encrypts the first answer code;
Response message sending module 350, for the first response message to be sent to background server, so that background server
The second ciphertext is decrypted using privacy key to obtain the first answer code, the second signature is tested using equipment public key
Card, and after being verified, the first answer code is returned into client.
Using device provided by the embodiment of the present application, safety equipment receive client pass through background server send
First control information when, can be used device private to first control information in the first ciphertext be decrypted, obtain business
Instruction, is sent to car-mounted terminal for service order, is based on service order in car-mounted terminal and controls vehicle, and returns to first
After answer code, the first answer code is encrypted, is signed, generate the first response message, the first response message is sent to backstage
Server.Using safety equipment, so that the information interacted between background server and car-mounted terminal is all by encryption
Information, it is more difficult to be tampered, the safety in information interactive process can be improved, reduce vehicle safety risk.
In a kind of specific embodiment of the application, further includes service order searching module, is used for:
The first ciphertext is being decrypted using device private, is being sent to vehicle after acquisition service order, by service order
Before mounted terminal, service order is searched in the command information table being obtained ahead of time;
If found, triggers service order sending module 330 and execute the step that service order is sent to car-mounted terminal
Suddenly.
In a kind of specific embodiment of the application, further includes executing permission determining module, is used for:
If finding service order in command information table, it is determined that the execution permission of service order;
According to the execution permission of service order, it is determined whether carry out safety verification to service order;
If it is not, then the step of service order is sent to car-mounted terminal by the triggering execution of service order sending module 330.
In a kind of specific embodiment of the application, permission determining module is executed, is also used to:
Determine safety verification is carried out to service order when, use the corresponding authentication of execution permission with service order
Formula carries out safety verification to service order;
If the verification passes, then it triggers the execution of service order sending module 330 and service order is sent to car-mounted terminal
Step.
It further include that equipment public key obtains module, for passing through following steps in a kind of specific embodiment of the application
Equipment public key certificate is sent to background server, so that background server obtains equipment public key:
The second control information that client is sent by background server is received, the second control information includes at least activation and refers to
It enables;
Activation instruction is sent to car-mounted terminal, so that car-mounted terminal is based on activation instruction and executes activation operation, and is returned
Second answer code;
When receiving the second answer code of car-mounted terminal return, the second response message is generated, the second response message includes
It is signed using the third that device private signs to the equipment public key certificate and the second answer code that are obtained ahead of time, uses clothes
The third ciphertext that business device public key encrypts equipment public key certificate and the second answer code;
Second response message is sent to background server, so that background server is using privacy key to third ciphertext
It is decrypted to obtain equipment public key certificate and the second answer code, equipment public key certificate is verified, after being verified, according to setting
Standby public key certificate obtains equipment public key, and is verified using equipment public key certificate to third signature, and after being verified, will
Second answer code returns to client, meanwhile, in the case where the second answer code is successfully code, saves equipment public key certificate and set
Standby public key.
In a kind of specific embodiment of the application, equipment public key obtains module, is also used to:
It is sent to after receiving the second control information that client is sent by background server, by activation instruction vehicle-mounted
Before terminal, activation instruction is searched in the command information table being obtained ahead of time;
If found, the step of activation instruction is sent to car-mounted terminal is executed.
In a kind of specific embodiment of the application, equipment public key obtains module, is also used to:
If finding activation instruction in command information table, it is determined that the execution permission of activation instruction;
According to the execution permission of activation instruction, it is determined whether carry out safety verification to activation instruction;
It is tested if it is, carrying out safety to activation instruction using the corresponding verification mode of execution permission with activation instruction
Card;
If the verification passes, then the step of activation instruction is sent to car-mounted terminal is executed.
It is pre- in safety equipment the embodiment of the present application also provides a kind of safety equipment corresponding to above method embodiment
It is first stored with equipment public key and device private, as shown in figure 4, the equipment includes:
Memory 410, for storing computer program;
Processor 420, when for executing computer program the step of realization above- mentioned information encrypted transmission method.
Corresponding to above method embodiment, the embodiment of the present application also provides a kind of computer readable storage medium, meters
It is stored with computer program on calculation machine readable storage medium storing program for executing, realizes that above- mentioned information encryption passes when computer program is executed by processor
The step of transmission method.
Each embodiment in this specification is described in a progressive manner, the highlights of each of the examples are with it is other
The difference of embodiment, same or similar part may refer to each other between each embodiment.
Professional further appreciates that, unit described in conjunction with the examples disclosed in the embodiments of the present disclosure
And algorithm steps, can be realized with electronic hardware, computer software, or a combination of the two, in order to clearly demonstrate hardware and
The interchangeability of software generally describes each exemplary composition and step according to function in the above description.These
Function is implemented in hardware or software actually, the specific application and design constraint depending on technical solution.Profession
Technical staff can use different methods to achieve the described function each specific application, but this realization is not answered
Think beyond scope of the present application.
The step of method described in conjunction with the examples disclosed in this document or algorithm, can directly be held with hardware, processor
The combination of capable software module or the two is implemented.Software module can be placed in random access memory (RAM), memory, read-only deposit
Reservoir (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technology
In any other form of storage medium well known in field.
Specific examples are used herein to illustrate the principle and implementation manner of the present application, and above embodiments are said
The bright technical solution and its core concept for being merely used to help understand the application.It should be pointed out that for the common of the art
For technical staff, under the premise of not departing from the application principle, can also to the application, some improvement and modification can also be carried out, these
Improvement and modification are also fallen into the protection scope of the claim of this application.
Claims (10)
1. a kind of information encrypting transmission method, which is characterized in that pre- in the safety equipment applied to the safety equipment in vehicle
First it is stored with equipment public key and device private, which comprises
The first control information that client is sent by background server is received, the first control information includes using server
The first signature that private key signs to service order, using the equipment public key being obtained ahead of time to the service order
The first ciphertext encrypted with first signature;
First ciphertext is decrypted using the device private, obtains the service order;
The service order is sent to car-mounted terminal so that the car-mounted terminal be based on the service order to the vehicle into
Row control, and return to the first answer code;
When receiving first answer code that the car-mounted terminal returns, the first response message, first response are generated
Information includes the second signature signed using the device private to first answer code, uses what is be obtained ahead of time
The second ciphertext that server public key encrypts first answer code;
First response message is sent to the background server, so that the background server is private using the server
Key is decrypted second ciphertext to obtain first answer code, is carried out using the equipment public key to second signature
Verifying, and after being verified, first answer code is returned into the client.
2. the method according to claim 1, wherein using the device private to first ciphertext described
It is decrypted, after obtaining the service order, described the service order is sent to before car-mounted terminal, further includes:
The service order is searched in the command information table being obtained ahead of time;
If found, the described the step of service order is sent to car-mounted terminal is executed.
3. according to the method described in claim 2, it is characterized in that, if finding the business in described instruction information table
Instruction, further includes:
Determine the execution permission of the service order;
According to the execution permission of the service order, it is determined whether carry out safety verification to the service order;
If it is not, then executing the described the step of service order is sent to car-mounted terminal.
4. according to the method described in claim 3, it is characterized in that, determine to the service order carry out safety verification when,
Further include:
Safety verification is carried out to the service order using execution permission with the service order corresponding verification mode;
If the verification passes, then the described the step of service order is sent to car-mounted terminal is executed.
5. according to claim 1 to described in any item methods among 4, which is characterized in that by following steps by equipment public key
Certificate is sent to the background server, so that the background server obtains the equipment public key:
The second control information that the client is sent by the background server is received, the second control information is at least wrapped
Include activation instruction;
The activation instruction is sent to the car-mounted terminal, so that the car-mounted terminal is based on the activation instruction and executes activation
Operation, and return to the second answer code;
When receiving the second answer code that the car-mounted terminal returns, the second response message, second response message are generated
Including use that the device private signs to the equipment public key certificate and second answer code that are obtained ahead of time
Three signatures, the third that the equipment public key certificate and second answer code are encrypted using the server public key
Ciphertext;
Second response message is sent to the background server, so that the background server is private using the server
Key is decrypted the third ciphertext to obtain the equipment public key certificate and second answer code, demonstrate,proves the equipment public key
Book is verified, and after being verified, obtains the equipment public key according to the equipment public key certificate, and use the equipment public key
Third signature is verified, and after being verified, second answer code is returned into the client, meanwhile,
In the case where second answer code is successfully code, the equipment public key certificate and the equipment public key are saved.
6. according to the method described in claim 5, it is characterized in that, passing through the background service in the reception client
After the second control information that device is sent, described the activation instruction is sent to before the car-mounted terminal, further includes:
The activation instruction is searched in the command information table being obtained ahead of time;
If found, the described the step of activation instruction is sent to the car-mounted terminal is executed.
7. according to the method described in claim 6, it is characterized in that, if finding the activation in described instruction information table
Instruction, the method also includes:
Determine the execution permission of the activation instruction;
According to the execution permission of the activation instruction, it is determined whether carry out safety verification to the activation instruction;
If it is, being pacified using the corresponding verification mode of execution permission with the activation instruction to the activation instruction
Full verifying;
If the verification passes, then the described the step of activation instruction is sent to the car-mounted terminal is executed.
8. a kind of information encryption transmission device, which is characterized in that pre- in the safety equipment applied to the safety equipment in vehicle
It is first stored with equipment public key and device private, described device includes:
Information receiving module is controlled, the first control information sent for receiving client by background server, described first
Control information includes the first signature signed using privacy key to service order, described in being obtained ahead of time
The first ciphertext that equipment public key encrypts the service order and first signature;
Service order is obtained module and obtains the business for first ciphertext to be decrypted using the device private
Instruction;
Service order sending module, for the service order to be sent to car-mounted terminal, so that the car-mounted terminal is based on institute
It states service order to control the vehicle, and returns to the first answer code;
Response message generation module, for generating first when receiving first answer code that the car-mounted terminal returns
Response message, first response message include to be signed using the device private to first answer code
Two signatures, the second ciphertext that first answer code is encrypted using the server public key being obtained ahead of time;
Response message sending module, for first response message to be sent to the background server, so that the backstage
Server is decrypted second ciphertext using the privacy key to obtain first answer code, uses the equipment
Public key verifies second signature, and after being verified, first answer code is returned to the client.
9. a kind of safety equipment, which is characterized in that be previously stored with equipment public key and device private in the safety equipment, wrap
It includes:
Memory, for storing computer program;
Processor realizes the information encryption transmission side as described in any one of claim 1 to 7 when for executing the computer program
The step of method.
10. a kind of computer readable storage medium, which is characterized in that be stored with computer on the computer readable storage medium
Program realizes the information encrypting transmission method as described in any one of claim 1 to 7 when the computer program is executed by processor
The step of.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811614209.1A CN109587164A (en) | 2018-12-27 | 2018-12-27 | A kind of information encrypting transmission method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811614209.1A CN109587164A (en) | 2018-12-27 | 2018-12-27 | A kind of information encrypting transmission method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109587164A true CN109587164A (en) | 2019-04-05 |
Family
ID=65933094
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811614209.1A Pending CN109587164A (en) | 2018-12-27 | 2018-12-27 | A kind of information encrypting transmission method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109587164A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110191415A (en) * | 2019-05-29 | 2019-08-30 | 深圳市元征科技股份有限公司 | A kind of encryption method of information of vehicles, mobile unit and server |
| CN110239483A (en) * | 2019-05-07 | 2019-09-17 | 山东工商学院 | Vehicle control method, system and computer readable storage medium |
| CN110580757A (en) * | 2019-08-01 | 2019-12-17 | 深圳左邻永佳科技有限公司 | Method, device and storage medium for opening access control equipment based on graphic code |
| CN110621014A (en) * | 2019-09-18 | 2019-12-27 | 深圳市元征科技股份有限公司 | Vehicle-mounted equipment, program upgrading method thereof and server |
| CN111787020A (en) * | 2020-07-02 | 2020-10-16 | 深圳市亲邻科技有限公司 | Communication method and device based on block chain |
| CN113821809A (en) * | 2021-08-26 | 2021-12-21 | 岚图汽车科技有限公司 | OTA remote connection method, device, storage medium and vehicle |
| CN114386075A (en) * | 2022-01-14 | 2022-04-22 | 建信金融科技有限责任公司 | Data transmission channel establishing method, data transmission device, data transmission equipment and medium |
| CN114629724A (en) * | 2022-04-24 | 2022-06-14 | 芜湖雄狮汽车科技有限公司 | Internet of vehicles data transmission method, device, server and storage medium |
| CN114879980A (en) * | 2022-05-18 | 2022-08-09 | 一汽解放汽车有限公司 | Vehicle-mounted application installation method and device, computer equipment and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110271064A1 (en) * | 2010-04-29 | 2011-11-03 | Netac Technology Co., Ltd. | Storage device and method for accessing the same |
| TW201142597A (en) * | 2010-05-26 | 2011-12-01 | Netac Technology Co Ltd | Storage device and method for polling the storage device |
| CN103944726A (en) * | 2014-04-25 | 2014-07-23 | 天地融科技股份有限公司 | Operation request processing system |
| CN105246071A (en) * | 2014-07-11 | 2016-01-13 | 电信科学技术研究院 | A message generation and verification method and device in a vehicle networking system |
| CN107026874A (en) * | 2017-06-02 | 2017-08-08 | 李维刚 | One kind instruction signature and verification method and system |
| US9948614B1 (en) * | 2013-05-23 | 2018-04-17 | Rockwell Collins, Inc. | Remote device initialization using asymmetric cryptography |
| CN108206739A (en) * | 2016-12-16 | 2018-06-26 | 乐视汽车(北京)有限公司 | Key generation method and device |
-
2018
- 2018-12-27 CN CN201811614209.1A patent/CN109587164A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110271064A1 (en) * | 2010-04-29 | 2011-11-03 | Netac Technology Co., Ltd. | Storage device and method for accessing the same |
| CN102236609A (en) * | 2010-04-29 | 2011-11-09 | 深圳市朗科科技股份有限公司 | Storage equipment and access method thereof |
| TW201142597A (en) * | 2010-05-26 | 2011-12-01 | Netac Technology Co Ltd | Storage device and method for polling the storage device |
| US9948614B1 (en) * | 2013-05-23 | 2018-04-17 | Rockwell Collins, Inc. | Remote device initialization using asymmetric cryptography |
| CN103944726A (en) * | 2014-04-25 | 2014-07-23 | 天地融科技股份有限公司 | Operation request processing system |
| CN105246071A (en) * | 2014-07-11 | 2016-01-13 | 电信科学技术研究院 | A message generation and verification method and device in a vehicle networking system |
| CN108206739A (en) * | 2016-12-16 | 2018-06-26 | 乐视汽车(北京)有限公司 | Key generation method and device |
| CN107026874A (en) * | 2017-06-02 | 2017-08-08 | 李维刚 | One kind instruction signature and verification method and system |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110239483A (en) * | 2019-05-07 | 2019-09-17 | 山东工商学院 | Vehicle control method, system and computer readable storage medium |
| CN110239483B (en) * | 2019-05-07 | 2021-10-08 | 山东工商学院 | Vehicle control method, system, and computer-readable storage medium |
| CN110191415A (en) * | 2019-05-29 | 2019-08-30 | 深圳市元征科技股份有限公司 | A kind of encryption method of information of vehicles, mobile unit and server |
| CN110191415B (en) * | 2019-05-29 | 2022-01-25 | 深圳市元征科技股份有限公司 | Vehicle information encryption method, vehicle-mounted equipment and server |
| CN110580757A (en) * | 2019-08-01 | 2019-12-17 | 深圳左邻永佳科技有限公司 | Method, device and storage medium for opening access control equipment based on graphic code |
| CN110621014B (en) * | 2019-09-18 | 2022-06-17 | 深圳市元征科技股份有限公司 | Vehicle-mounted equipment, program upgrading method thereof and server |
| CN110621014A (en) * | 2019-09-18 | 2019-12-27 | 深圳市元征科技股份有限公司 | Vehicle-mounted equipment, program upgrading method thereof and server |
| CN111787020A (en) * | 2020-07-02 | 2020-10-16 | 深圳市亲邻科技有限公司 | Communication method and device based on block chain |
| CN113821809A (en) * | 2021-08-26 | 2021-12-21 | 岚图汽车科技有限公司 | OTA remote connection method, device, storage medium and vehicle |
| CN114386075A (en) * | 2022-01-14 | 2022-04-22 | 建信金融科技有限责任公司 | Data transmission channel establishing method, data transmission device, data transmission equipment and medium |
| CN114386075B (en) * | 2022-01-14 | 2024-08-20 | 建信金融科技有限责任公司 | Data transmission channel establishment, data transmission method, device, equipment and medium |
| CN114629724A (en) * | 2022-04-24 | 2022-06-14 | 芜湖雄狮汽车科技有限公司 | Internet of vehicles data transmission method, device, server and storage medium |
| CN114629724B (en) * | 2022-04-24 | 2024-05-10 | 芜湖雄狮汽车科技有限公司 | Internet of vehicles data transmission method and device, server and storage medium |
| CN114879980A (en) * | 2022-05-18 | 2022-08-09 | 一汽解放汽车有限公司 | Vehicle-mounted application installation method and device, computer equipment and storage medium |
| CN114879980B (en) * | 2022-05-18 | 2024-07-09 | 一汽解放汽车有限公司 | Vehicle-mounted application installation method and device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109587164A (en) | A kind of information encrypting transmission method, device, equipment and storage medium | |
| CN106330850B (en) | Security verification method based on biological characteristics, client and server | |
| CN113781678B (en) | Vehicle Bluetooth key generation and authentication method and system in networking-free environment | |
| CN104065653B (en) | A kind of interactive auth method, device, system and relevant device | |
| CN102404328B (en) | Electronic identity card verification system | |
| CN101527630B (en) | Method, server and system for manufacturing certificate remotely | |
| US10237072B2 (en) | Signatures for near field communications | |
| CN110621014B (en) | Vehicle-mounted equipment, program upgrading method thereof and server | |
| CN103036681B (en) | A kind of password safety keyboard device and system | |
| CN104579649A (en) | Identity recognition method and system | |
| CN107864124B (en) | Terminal information security protection method, terminal and Bluetooth lock | |
| CN115396121B (en) | Security authentication method for security chip OTA data packet and security chip device | |
| JP7617318B2 (en) | Card linking method, user terminal, server, system and storage medium | |
| CN104660412A (en) | Password-less security authentication method and system for mobile equipment | |
| CN111062059B (en) | Method and device for service processing | |
| CN113591057B (en) | Biological characteristic off-line identity recognition method and system | |
| CN108462700A (en) | Background server, terminal device, safe early warning method and storage medium suitable for recognition of face | |
| CN104579659A (en) | Device for safety information interaction | |
| CN114040394B (en) | Communication method and electronic equipment based on derived key | |
| CN111600701B (en) | Private key storage method, device and storage medium based on blockchain | |
| EP2985712B1 (en) | Application encryption processing method, apparatus, and terminal | |
| CN112073967B (en) | Method and device for downloading identity certificate of mobile phone shield equipment and electronic equipment | |
| CN109474431A (en) | Client certificate method and computer readable storage medium | |
| CN111865602A (en) | A multi-party authentication method and system for heterogeneous terminals in a smart energy service system | |
| CN202978979U (en) | Password security keypad device and password security pad system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190405 |
|
| RJ01 | Rejection of invention patent application after publication |