[go: up one dir, main page]

WO2024120039A1 - Data processing method and device, vehicle, and storage medium - Google Patents

Data processing method and device, vehicle, and storage medium Download PDF

Info

Publication number
WO2024120039A1
WO2024120039A1 PCT/CN2023/126811 CN2023126811W WO2024120039A1 WO 2024120039 A1 WO2024120039 A1 WO 2024120039A1 CN 2023126811 W CN2023126811 W CN 2023126811W WO 2024120039 A1 WO2024120039 A1 WO 2024120039A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
vehicle
user
data
encrypted
Prior art date
Application number
PCT/CN2023/126811
Other languages
French (fr)
Chinese (zh)
Inventor
张振国
林华坤
Original Assignee
蔚来移动科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 蔚来移动科技有限公司 filed Critical 蔚来移动科技有限公司
Publication of WO2024120039A1 publication Critical patent/WO2024120039A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Definitions

  • the present disclosure relates to the technical field of data processing, and in particular to a data processing method, device, vehicle and storage medium.
  • the same vehicle can be driven by multiple users, and each user will generate corresponding behavior data when using the vehicle equipment. Since the generated vehicle data belongs to the user's personal usage data, users usually do not want to be accessed by other car users.
  • data access permissions can be set for different users in the vehicle's data storage area, and each user can only access data within his or her own permissions.
  • permission control can be easily bypassed, and the data in the storage area is vulnerable to near-field attacks, and the security and reliability of the data cannot be guaranteed.
  • an embodiment of the present disclosure provides a method for processing data.
  • the method comprises:
  • first operation data corresponding to the first operation instruction is encrypted according to the first key to obtain encrypted first operation data.
  • the method further includes:
  • the encrypting the first operation data corresponding to the first operation instruction according to the first key includes:
  • the first operation data corresponding to the first operation instruction is encrypted using the second key.
  • the responding to the first operation instruction of the user includes:
  • determining a first key corresponding to the vehicle key includes:
  • a first key corresponding to the vehicle key is obtained.
  • the method further comprises:
  • the configuration information is encrypted using the first key to obtain encrypted configuration information.
  • the method further comprises:
  • the second operation data corresponding to the second operation instruction is encrypted using the first subkey to obtain encrypted second operation data.
  • the method further comprises:
  • the encrypted second operation data is decrypted using the first subkey corresponding to the configuration information to obtain the second operation data.
  • the method further includes:
  • the encrypted first operation data is stored in the target storage area.
  • the present disclosure also provides a data processing device.
  • the device includes:
  • a determination module configured to determine a first key corresponding to the vehicle key in response to a triggering instruction of the vehicle key to the vehicle;
  • the encryption module is used to respond to a first operation instruction of a user and encrypt first operation data corresponding to the first operation instruction according to the first key to obtain the encrypted first operation data.
  • the following further comprises:
  • the first decryption module is used to decrypt the key information of the vehicle using the first key to obtain the key information of the vehicle.
  • the encryption module comprises:
  • the first encryption submodule is used to encrypt the first operation data corresponding to the first operation instruction by using the second key.
  • the encryption module includes:
  • a receiving module used to receive a first operation instruction from a user and obtain user authentication information corresponding to the vehicle key
  • a response module is used to respond to the first operation instruction when the user authentication information matches the vehicle authentication information corresponding to the vehicle.
  • the determining module includes:
  • a first acquisition module configured to acquire user authentication information corresponding to the vehicle key in response to a trigger instruction of the vehicle key to the vehicle;
  • the second acquisition module is used to acquire a first key corresponding to the vehicle key when the user authentication information matches the vehicle authentication information corresponding to the vehicle.
  • the device further comprises:
  • a generation module configured to generate configuration information of a subordinate key in response to a generation trigger instruction of a subordinate key from a user, wherein the configuration information includes a first subkey corresponding to the subordinate key;
  • the second encryption submodule is used to encrypt the configuration information using the first key to obtain encrypted configuration information.
  • the device further comprises:
  • a first determination submodule configured to determine a first subkey corresponding to the slave key in response to a trigger instruction of the slave key to the vehicle;
  • the third encryption submodule is used to respond to the user's second operation instruction and use the first subkey to encrypt the second operation data corresponding to the second operation instruction to obtain the encrypted second operation data.
  • the device further comprises:
  • a third acquisition module configured to respond to a data acquisition operation instruction of a user and acquire an operation key corresponding to the data acquisition operation instruction
  • a second decryption module configured to decrypt the encrypted configuration information using the first key to obtain the configuration information when the operation key matches the first key
  • the third decryption module is used to decrypt the encrypted second operation data using the first subkey corresponding to the configuration information to obtain the second operation data.
  • the encryption module further includes:
  • a second determination submodule used to determine a target storage area corresponding to the first key
  • the storage module is used to store the encrypted first operation data in the target storage area.
  • the embodiments of the present disclosure further provide a vehicle, wherein the vehicle includes a memory and a processor, wherein the memory stores a computer program, and when the processor executes the computer program, the steps of any one of the methods in the embodiments of the present disclosure are implemented.
  • the embodiments of the present disclosure further provide a computer-readable storage medium, wherein a computer program is stored thereon, and when the computer program is executed by a processor, the steps of any one of the methods in the embodiments of the present disclosure are implemented.
  • the embodiments of the present disclosure further provide a computer program product, wherein the computer program product includes a computer program, and when the computer program is executed by a processor, the steps of any one of the methods in the embodiments of the present disclosure are implemented.
  • the vehicle when a user uses a vehicle, the vehicle is triggered by a vehicle key, and a first key corresponding to the vehicle key is obtained in response to a triggering instruction of the vehicle by the vehicle key.
  • the vehicle When the user operates the vehicle, the vehicle generates operation data in response to the user's operation instruction, and the generated operation data is encrypted by using the first key to obtain the encrypted operation data, thereby realizing encryption of the user's operation data.
  • the operation data is encrypted by the first key corresponding to the user's car key, and other users cannot directly access or access the user's operation data through other keys, thereby ensuring the security of the user's personal data; and the encrypted data is not easily decrypted by data attacks by encrypting with the key, thereby improving the security and reliability of the data; by setting the key corresponding to the key, when the user uses the vehicle, the operation data is directly encrypted by using the corresponding key, without the need for other additional configurations, the processing process is simple, and the implementation difficulty is low. While ensuring data security and reliability, the data encryption process is simplified, and it can be applied to more application scenarios.
  • FIG1 is an application environment diagram of a method for processing data in one embodiment
  • FIG2 is a schematic flow chart of a method for processing data in one embodiment
  • FIG3 is a schematic flow chart of a method for processing data in one embodiment
  • FIG4 is a schematic diagram of the structure of a data processing system in one embodiment
  • FIG5 is a schematic flow chart of a method for processing data in one embodiment
  • FIG6 is a schematic diagram of a control method between a vehicle key and a vehicle in one embodiment
  • FIG7 is a schematic diagram of a flow chart of a data acquisition method in one embodiment
  • FIG8 is a schematic flow chart of a data access method of a slave key in one embodiment
  • FIG9 is a block diagram of a data processing device according to an embodiment
  • FIG. 10 is a diagram showing the internal structure of a vehicle in one embodiment.
  • the data processing method provided in the embodiment of the present disclosure can be applied in the application environment as shown in Figure 1.
  • the terminal 102 communicates with the server 104 through the network.
  • the data storage system can store the data that the server 104 needs to process.
  • the data storage system can be integrated on the server 104, or it can be placed on the cloud or other network servers.
  • the terminal 102 can be but is not limited to various personal computers, laptops, smart phones, tablets, Internet of Things devices and portable wearable devices.
  • the Internet of Things devices can be smart speakers, smart TVs, smart air conditioners, smart car-mounted devices, etc.
  • Portable wearable devices can be smart watches, smart bracelets, head-mounted devices, etc.
  • the server 104 can be implemented with an independent server or a server cluster consisting of multiple servers.
  • a data processing method is provided, which is described by taking the method applied to the terminal in FIG1 as an example, including the following steps:
  • Step S210 in response to a triggering instruction of the vehicle by the vehicle key, determining a first key corresponding to the vehicle key;
  • the car key may include but is not limited to a physical key, a smart digital key, etc.
  • the first key corresponding to the car key is determined.
  • the first key can be stored in the car key in a preset manner, and the corresponding relationship between the car key and the first key can be obtained according to the actual application scenario setting.
  • one car key corresponds to one first key
  • one first key can correspond to one or more car keys.
  • Step S220 In response to a first operation instruction from the user, encrypt first operation data corresponding to the first operation instruction according to the first key to obtain encrypted first operation data.
  • the user when the user operates the vehicle, the user sends a first operation instruction.
  • the vehicle After receiving the first operation instruction, the vehicle performs a corresponding operation and generates first operation data.
  • the first operation instruction may include but is not limited to an operation control instruction sent by the user through a vehicle device or other device.
  • the first operation data is encrypted using the acquired first key to obtain the encrypted first operation data.
  • the first operation data is encrypted using a preset encryption system.
  • the first operation data can be directly encrypted using the first key.
  • the first operation data may be encrypted, or other encryption methods may be determined according to the first key to encrypt the first operation data.
  • the first operation data may include but is not limited to vehicle status data generated by the user during the use of the vehicle, data generated by the device on the vehicle, etc.
  • the data generated by the device on the vehicle may include but is not limited to positioning information data, video data, voice data, application access record data, etc.
  • the first operation data may include the user's video data and voice data, wherein when the user uses the vehicle, in response to the first operation instruction of the user entering the vehicle, the corresponding operation data is obtained by using the preset image acquisition device and voice acquisition device, that is, the video data and voice data generated when the user uses the vehicle.
  • the vehicle when a user uses a vehicle, the vehicle is triggered by the vehicle key, and the first key corresponding to the vehicle key is obtained in response to the triggering instruction of the vehicle by the vehicle key.
  • the vehicle When the user operates the vehicle, the vehicle responds to the user's operation instruction and generates operation data.
  • the generated operation data is encrypted by the first key to obtain the encrypted operation data, thereby realizing the encryption of the user's operation data.
  • the operation data is encrypted by the first key corresponding to the user's car key, and other users cannot directly access or access the user's operation data through other keys, thereby ensuring the security of the user's personal data; and the encrypted data is not easily decrypted by data attacks by encrypting with the key, thereby improving the security and reliability of the data; by setting the key corresponding to the key, when the user uses the vehicle, the operation data is directly encrypted with the corresponding key, without the need for other additional configurations, the processing process is simple, the implementation difficulty is small, and while ensuring the security and reliability of the data, the data encryption process is simplified, and it can be applied to more application scenarios.
  • the personal data isolation protection when sharing a car can be realized, and each car user can only view his own car data, thereby improving the security of the vehicle data.
  • the method further includes:
  • Step S212 using the first key to decrypt the key information of the vehicle to obtain a second key matching the first key
  • the encrypting the first operation data corresponding to the first operation instruction according to the first key includes:
  • Step S221 Use the second key to encrypt the first operation data corresponding to the first operation instruction.
  • the key information of the vehicle is decrypted using the first key, and the second key matching the first key is obtained after decryption, wherein the key information of the vehicle can be stored in a storage area of the vehicle in a preset manner, or can be stored in a preset encryption system, and the encryption system is used to encrypt the user's operation data.
  • the correspondence between the first key and the second key can be obtained according to the actual application scenario setting, and one second key can correspond to one or more first keys.
  • the second key is used to encrypt it to obtain the encrypted first operation data.
  • the first key is stored in the car key in a preset manner, and in response to the car key's triggering instruction to the vehicle, the vehicle and the car key are connected.
  • the first key is used to communicate with the vehicle key to obtain the first key of the vehicle key, and the key information stored in the vehicle is decrypted using the first key to obtain the second key.
  • FIG4 is a schematic diagram of a data processing system according to an exemplary embodiment.
  • the user when a user uses a vehicle, the user triggers the vehicle with a car key.
  • the vehicle responds to the trigger instruction of the car key and uses the first key in the car key to decrypt the key information to obtain the second key corresponding to the car key, that is, the master key in FIG4.
  • Different keys may correspond to different master keys, and the user's car key and the first key may correspond to each other one by one.
  • the corresponding relationship between the car key and the master key may be obtained according to the actual application scenario. In some application scenarios, if the same user holds multiple car keys, multiple car keys may correspond to the same master key.
  • the operation data generated by the user when using the vehicle is encrypted using the corresponding master key using the encryption system, and the encrypted data is stored in the storage system.
  • different storage areas are set for multiple master keys in the storage system, and the encrypted data is stored in the corresponding area, so as to achieve the separation of different user data.
  • the key in the car key and the key used to encrypt data are separated.
  • the corresponding second key is determined according to the first key of the car key, and the data is encrypted using the second key, thereby achieving a many-to-one relationship between the first key and the second key.
  • This is suitable for various application scenarios such as the same user holding multiple car keys and multiple users holding multiple keys sharing data permissions.
  • the user can replace or add or reduce the car key by only setting the corresponding relationship between the car key key and the vehicle key, without changing the encryption system of the vehicle, thereby improving the flexibility of using the vehicle key and enhancing the user experience.
  • the responding to the first operation instruction of the user includes:
  • the user authentication information corresponding to the car key is obtained, and the obtained user authentication information is used to match the vehicle authentication information of the vehicle. If the match is successful, it can be considered that the car key at this time has passed the authentication, and the first operation instruction sent by the user can be executed and responded to the first operation instruction.
  • the user authentication information may include a digital key certificate, and the car key is authenticated according to the digital key certificate.
  • the first operation instruction sent by the user is responded to.
  • the matching relationship between the car key and the vehicle is also Matching can be performed by means of digital signatures.
  • the user's operation instructions can also be classified to obtain a plurality of different categories of operation instructions. According to the specific matching content between the user authentication information corresponding to the car key and the vehicle authentication information, the authority of the different categories of operation instructions can be controlled.
  • the user sends a first operation instruction, obtains the user authentication information corresponding to the car key, matches the user authentication information and the vehicle authentication information, determines whether the car key corresponding to the user authentication information has the authority for the first operation instruction, and responds to the first operation instruction if the authority for the first operation instruction exists.
  • the user authentication information corresponding to the car key may have different matching results.
  • the encryption process can be executed in the vehicle's onboard system.
  • the user authentication information of the car key that is, the certificate information.
  • the second key is used for encryption.
  • the first key in the car key is used to decrypt and obtain the second key.
  • the encrypted ciphertext is decrypted using the second key to obtain the decrypted operation data.
  • the ciphertext is further protected by the user authentication information in the key. Encryption and decryption are performed only when the authentication is passed, thereby improving the security of user data.
  • the user authentication information corresponding to the car key is matched with the vehicle authentication information, so that the user's identity authentication can be realized.
  • the operation instruction is responded to, thereby ensuring the safety of the vehicle and improving the reliability of the user data.
  • the control operation of the vehicle is realized through the user authentication information
  • the encryption operation of the vehicle data is realized through the key, thereby realizing the sharing of vehicle control and the private ownership of vehicle data, ensuring data privacy while improving the user experience.
  • determining a first key corresponding to the vehicle key includes:
  • a first key corresponding to the vehicle key is obtained.
  • the user authentication information corresponding to the car key is obtained, and the obtained user authentication information is used to match the vehicle authentication information of the vehicle. If the match is successful, it can be considered that the car key at this time has passed the authentication, and the first key corresponding to the car key is obtained.
  • the matching relationship between the user authentication information of the car key and the vehicle authentication information of the vehicle can be set according to the corresponding relationship between the car key and the vehicle, and a corresponding relationship can exist between a vehicle and one or more car keys.
  • the user authentication information may include a digital key certificate, and the car key is authenticated according to the digital key certificate.
  • the first key corresponding to the car key is obtained.
  • the matching relationship between the car key and the vehicle can also be matched by a digital signature.
  • no operation is performed.
  • the vehicle control data and the vehicle operation data are managed separately.
  • the user authentication information of the car key matches the vehicle authentication information of the vehicle
  • the user can use the control right to control the vehicle.
  • the key information is stored in the car key and can match the vehicle authentication information
  • the user can use the control right to control the vehicle, and can also use the corresponding key to decrypt the encrypted data in the vehicle to obtain the vehicle data and access the vehicle data.
  • the car key only has a control function, for example, when the car key only stores the user authentication information and does not store the key information, the user can use the car key to control the vehicle control system and control the vehicle, but cannot obtain the vehicle data stored in the vehicle.
  • the car key has a control function and a data access function
  • the car key stores the user authentication information and the key information
  • the user can use the car key to control the vehicle, and can also view and access the vehicle data corresponding to the key information.
  • the vehicle data may include but is not limited to the user's historical operation data.
  • the user authentication information and the vehicle authentication information corresponding to the car key are matched.
  • the match is successful, the first key of the car key is obtained, thereby ensuring the security of the first key and the privacy of the vehicle data. Only when the car key and the vehicle match can the corresponding key be obtained, thereby avoiding the waste of computing resources in the case of mismatch, saving the data processing process, improving processing efficiency, and enhancing the user experience.
  • the method further comprises:
  • the configuration information is encrypted using the first key to obtain encrypted configuration information.
  • users can also generate subordinate keys based on the car keys they hold to suit more application scenarios. For example, in a scenario where the car owner temporarily lends out the vehicle, the car owner can generate subordinate keys for the lender to use based on the car keys they hold.
  • a generation trigger instruction for the subordinate key is issued.
  • configuration information for the subordinate key is generated to obtain the subordinate key.
  • the subordinate key may include but is not limited to a physical key, an intelligent digital key, etc.
  • the generation of the subordinate key may be implemented through hardware, for example, a new key is made as a subordinate key according to the configuration information.
  • the generation of the subordinate key may also be implemented through software, for example, the configuration information of an existing key is changed according to the configuration information, a new key is generated according to the configuration information, and the subordinate key is obtained.
  • the configuration information includes the first subkey corresponding to the slave key, and may also include but is not limited to the user authentication information of the slave key.
  • the first subkey is used to encrypt the user operation data corresponding to the slave key.
  • the configuration information of the slave key is encrypted using the first key to obtain the encrypted configuration information.
  • the encrypted configuration information can be stored in the car key held by the user, and can also be stored in a preset storage area of the vehicle.
  • a user can generate a subordinate key based on the car key he/she holds, and the subordinate key corresponds to a first subkey, and the configuration information of the subordinate key is encrypted using the first key corresponding to the car key.
  • the subordinate key is used, and the lender cannot view the user's historical operation data, thereby ensuring the security of the user's historical operation data.
  • the temporary operation data is encrypted using the first subkey, thereby implementing encryption protection of the temporary operation data, further improving the encryption protection strength of the user data, and being applicable to more application scenarios.
  • the method further comprises:
  • the second operation data corresponding to the second operation instruction is encrypted using the first subkey to obtain encrypted second operation data.
  • the slave key after obtaining the slave key, when the user uses the slave key to trigger the vehicle, the slave key is used to send a trigger instruction to the vehicle, and in response to the trigger instruction, the first subkey corresponding to the slave key is obtained.
  • a second operation instruction is sent, and in response to the second operation instruction of the user, second operation data is obtained.
  • the second operation data is encrypted using the first subkey to obtain the encrypted second operation data.
  • the process of encrypting the operation data using the first subkey of the slave key is similar to the process of encrypting the operation data using the first key of the key held by the user.
  • the user authentication information corresponding to the slave key is obtained, and when the user authentication information matches the vehicle authentication information of the vehicle, the corresponding operation is performed.
  • the user operation data is encrypted using the first subkey corresponding to the slave key, thereby realizing encryption protection of the user data during the use of the slave key, and being independent of the operation data of other users, thereby ensuring the security of the operation data of the slave key user. While improving the security and reliability of vehicle operation data, it is suitable for more application scenarios and enhances the user experience.
  • the method further includes:
  • Step S710 in response to a data acquisition operation instruction from a user, acquiring an operation key corresponding to the data acquisition operation instruction;
  • Step S720 when the operation key matches the first key, decrypt the encrypted configuration information using the first key to obtain the configuration information
  • Step S730 Decrypt the encrypted second operation data using the first subkey corresponding to the configuration information to obtain the second operation data.
  • the operation data generated during the use of the slave key can be viewed by the user of the slave key and can also be accessed by the user of the car key to which the slave key belongs.
  • the car key is used to send a data acquisition operation instruction.
  • the operation key corresponding to the data acquisition operation instruction is obtained, that is, the key corresponding to the car key that issued the data acquisition operation instruction. It is determined whether the operation key matches the first key of the car key to which the slave key belongs. If the operation key matches the first key, it can be considered that the car key that sends the data acquisition operation instruction at this time is the car key to which the slave key belongs.
  • the configuration information of the slave key is encrypted using the first key.
  • the decrypted configuration information is decrypted using the first key to obtain the configuration information of the slave key.
  • the first subkey corresponding to the slave key can be determined.
  • the encrypted second operation data can be decrypted using the obtained first subkey to obtain the second operation data, and the user can view and access the second operation data.
  • the operation data generated during the use of the slave key can be accessed by the user of the car key to which the slave key belongs. Since the configuration information is encrypted using the first key of the car key during the generation of the slave key, the configuration information can be decrypted using the first key, thereby obtaining the first subkey, and decrypting and accessing the encrypted second operation data.
  • the privacy and security of the operation data during the use of the slave key can be guaranteed, and the user of the car key to which the slave key belongs can also obtain the operation data of the vehicle during the use of the slave key in a timely manner.
  • the data access scope of the slave key and the car key is restricted, thereby ensuring the control of the vehicle data by the user of the car key, improving the security and reliability of temporary borrowing of the vehicle, etc., and being applicable to more application scenarios, thereby enhancing the user experience.
  • the method further includes:
  • the encrypted first operation data is stored in the target storage area.
  • the target storage area corresponding to the first key is determined, and the encrypted first operation data is stored in the target storage area, wherein the target storage area is usually set in the vehicle.
  • each first key corresponds to a storage area for storing the corresponding encrypted operation data.
  • the generated encrypted data can be stored in the storage area corresponding to the first key of the vehicle key to which the slave key belongs.
  • one second key may correspond to one storage area, and one second key may correspond to multiple first keys. In this case, one storage area may also correspond to multiple first keys.
  • the storage area for storing encrypted data is divided, and different first keys may correspond to different storage areas, thereby realizing the separation of operation data of different users in a multi-user situation, further improving the security and reliability of user operation data, avoiding problems such as data loss caused by chaotic data storage in a multi-user scenario, and improving the user experience.
  • FIG8 is a flow chart of a data access method of a slave key according to an exemplary embodiment.
  • a master user can generate a slave key for a temporary user.
  • the slave key corresponds to a subkey
  • the encrypted subkey ciphertext is stored in the key of the master user.
  • the temporary operation data generated is encrypted by the encryption system and stored in the storage system, wherein the encryption is performed using the subkey corresponding to the slave key.
  • the operation data generated by the temporary user can be stored in different locations in the same storage area as the historical operation data of the master user.
  • the operation data of the master user is encrypted using the first key or the second key corresponding to the key.
  • the temporary user cannot access the historical operation data of the master user using the slave key, thereby ensuring the security of the operation data of the master user.
  • the master user can access the operation data of the temporary user.
  • the master user accesses the operation data of the temporary user, in response to the operation instruction of data acquisition, the subkey ciphertext is decrypted using the key to obtain the subkey.
  • the master user can decrypt the encrypted temporary operation data using the subkey to obtain the temporary operation data, thereby realizing the access and viewing of the temporary operation data.
  • the temporary user in scenarios such as temporary vehicle lending, the temporary user cannot access the data of the primary user, and the data generated by the temporary user can only be accessed by the temporary user and the corresponding primary user, and cannot be viewed by others, which ensures both the privacy of the primary user's data and the security of the temporary user's data.
  • the primary user can view the vehicle usage data of the temporary user, which improves the safety and reliability of the vehicle and the primary user's experience.
  • the embodiment of the present disclosure also provides a data processing device for implementing the data processing method involved above.
  • the implementation scheme for solving the problem provided by the device is similar to the implementation scheme recorded in the above method, so the specific limitations of one or more data processing device embodiments provided below can be referred to above. The limitations on the data processing method in the description will not be repeated here.
  • a data processing device 900 including:
  • a determination module 910 configured to determine a first key corresponding to the vehicle key in response to a triggering instruction of the vehicle key to the vehicle;
  • the encryption module 920 is used to respond to a first operation instruction of the user and encrypt first operation data corresponding to the first operation instruction according to the first key to obtain the encrypted first operation data.
  • the determining module further comprises:
  • a first decryption module used to decrypt the key information of the vehicle using the first key to obtain a second key matching the first key
  • the encryption module comprises:
  • the first encryption submodule is used to encrypt the first operation data corresponding to the first operation instruction by using the second key.
  • the encryption module includes:
  • a receiving module used to receive a first operation instruction from a user and obtain user authentication information corresponding to the vehicle key
  • a response module is used to respond to the first operation instruction when the user authentication information matches the vehicle authentication information corresponding to the vehicle.
  • the determining module includes:
  • a first acquisition module configured to acquire user authentication information corresponding to the vehicle key in response to a trigger instruction of the vehicle key to the vehicle;
  • the second acquisition module is used to acquire a first key corresponding to the vehicle key when the user authentication information matches the vehicle authentication information corresponding to the vehicle.
  • the apparatus further comprises:
  • a generation module configured to generate configuration information of a subordinate key in response to a generation trigger instruction of a subordinate key from a user, wherein the configuration information includes a first subkey corresponding to the subordinate key;
  • the second encryption submodule is used to encrypt the configuration information using the first key to obtain encrypted configuration information.
  • the apparatus further comprises:
  • a first determination submodule configured to determine a first subkey corresponding to the slave key in response to a trigger instruction of the slave key to the vehicle;
  • the third encryption submodule is used to respond to the second operation instruction of the user by using the first subkey to encrypt the second
  • the second operation data corresponding to the operation instruction is encrypted to obtain encrypted second operation data.
  • the apparatus further comprises:
  • a third acquisition module configured to respond to a data acquisition operation instruction of a user and acquire an operation key corresponding to the data acquisition operation instruction
  • a second decryption module configured to decrypt the encrypted configuration information using the first key to obtain the configuration information when the operation key matches the first key
  • the third decryption module is used to decrypt the encrypted second operation data using the first subkey corresponding to the configuration information to obtain the second operation data.
  • the encryption module further comprises:
  • a second determination submodule used to determine a target storage area corresponding to the first key
  • the storage module is used to store the encrypted first operation data in the target storage area.
  • Each module in the above data processing device can be implemented in whole or in part by software, hardware, or a combination thereof.
  • Each module can be embedded in or independent of a processor in a computer device in the form of hardware, or can be stored in a memory in a computer device in the form of software, so that the processor can call and execute operations corresponding to each module.
  • a vehicle is provided, and the computer device may include a server, and its internal structure diagram may be shown in Figure 10.
  • the vehicle includes a processor, a memory, and a network interface connected via a system bus.
  • the processor of the vehicle is used to provide computing and control capabilities.
  • the memory of the vehicle includes a non-volatile storage medium and an internal memory.
  • the non-volatile storage medium stores an operating system, a computer program, and a database.
  • the internal memory provides an environment for the operation of the operating system and the computer program in the non-volatile storage medium.
  • the database of the vehicle is used to store data such as user operation data.
  • the network interface of the vehicle is used to communicate with an external terminal via a network connection. When the computer program is executed by the processor, a data processing method is implemented.
  • FIG. 10 is merely a block diagram of a partial structure related to the embodiment of the present disclosure, and does not constitute a limitation on the vehicle to which the embodiment of the present disclosure is applied.
  • a specific vehicle may include more or fewer components than shown in the figure, or combine certain components, or have a different arrangement of components.
  • a vehicle including a memory and a processor, wherein a computer program is stored in the memory, and the processor implements the steps in the above-mentioned method embodiments when executing the computer program.
  • a computer-readable storage medium on which a computer program is stored.
  • the computer program is executed by a processor, the steps in the above-mentioned method embodiments are implemented.
  • a computer program product including a computer program, which implements the steps in the above method embodiments when executed by a processor.
  • the user information including but not limited to user device information, user personal information, etc.
  • data including but not limited to data used for analysis, stored data, displayed data, etc.
  • any reference to the memory, database or other medium used in the embodiments provided in the embodiments of the present disclosure can include at least one of non-volatile and volatile memory.
  • Non-volatile memory can include read-only memory (ROM), magnetic tape, floppy disk, flash memory, optical memory, high-density embedded non-volatile memory, resistive random access memory (ReRAM), magnetoresistive random access memory (MRAM), ferroelectric random access memory (FRAM), phase change memory (PCM), graphene memory, etc.
  • Volatile memory can include random access memory (RAM) or external cache memory, etc.
  • RAM can be in various forms, such as static random access memory (SRAM) or dynamic random access memory (DRAM).
  • the database involved in each embodiment provided in the present disclosure may include at least one of a relational database and a non-relational database.
  • Non-relational databases may include distributed databases based on blockchain, etc., but are not limited to this.
  • the processor involved in each embodiment provided in the present disclosure may be a general-purpose processor, a central processing unit, a graphics processor, a digital signal processor, a programmable logic unit, a data processing logic unit based on quantum computing, etc., but are not limited to this.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Automation & Control Theory (AREA)
  • Lock And Its Accessories (AREA)

Abstract

The present invention relates to a data processing method and device, a vehicle, a storage medium, and a computer program product. The method comprises: in response to a trigger instruction of a vehicle key to a vehicle, determining a first key corresponding to the vehicle key; and in response to a first operation instruction of a user, according to the first key, encrypting first operation data corresponding to the first operation instruction, to obtain encrypted first operation data. By using the method, the security and reliability of user data can be improved.

Description

数据的处理方法、装置、车辆和存储介质Data processing method, device, vehicle and storage medium 技术领域Technical Field
本公开涉及数据处理技术领域,特别是涉及一种数据的处理方法、装置、车辆和存储介质。The present disclosure relates to the technical field of data processing, and in particular to a data processing method, device, vehicle and storage medium.
背景技术Background technique
在车辆的使用过程中,同一车辆可以供多个用户驾驶,每个用户在使用车辆车机设备时,会产生对应的行为数据。由于产生的车辆数据属于用户个人使用数据,通常情况下,用户不希望被其他用车人访问。During the use of the vehicle, the same vehicle can be driven by multiple users, and each user will generate corresponding behavior data when using the vehicle equipment. Since the generated vehicle data belongs to the user's personal usage data, users usually do not want to be accessed by other car users.
传统技术中,可以在车辆的数据存储区域中为不同用户设置数据访问权限,每个用户只能够访问自己权限内的数据,然而,通过这种方法,权限控制很容易被绕过,存储区域内的数据容易被近场攻击,无法保证数据的安全性和可靠性。In traditional technology, data access permissions can be set for different users in the vehicle's data storage area, and each user can only access data within his or her own permissions. However, through this method, permission control can be easily bypassed, and the data in the storage area is vulnerable to near-field attacks, and the security and reliability of the data cannot be guaranteed.
发明内容Summary of the invention
基于此,有必要针对上述技术问题,提供一种可靠性高的保证个人数据隐私性的数据的处理方法、装置、车辆、存储介质和计算机程序产品。Based on this, it is necessary to provide a data processing method, device, vehicle, storage medium and computer program product with high reliability to ensure the privacy of personal data in response to the above technical problems.
第一方面,本公开实施例提供了一种数据的处理方法。所述方法包括:In a first aspect, an embodiment of the present disclosure provides a method for processing data. The method comprises:
响应于车钥匙对车辆的触发指令,确定所述车钥匙对应的第一密钥;In response to a triggering instruction of a vehicle key to a vehicle, determining a first key corresponding to the vehicle key;
响应于用户的第一操作指令,根据所述第一密钥对所述第一操作指令对应的第一操作数据进行加密,得到加密后的第一操作数据。In response to a first operation instruction of the user, first operation data corresponding to the first operation instruction is encrypted according to the first key to obtain encrypted first operation data.
在其中一个实施例中,在所述确定所述车钥匙对应的第一密钥,之后还包括:In one embodiment, after determining the first key corresponding to the vehicle key, the method further includes:
利用所述第一密钥对所述车辆的密钥信息进行解密,得到与所述第一密钥相匹配的第二密钥;Decrypting the key information of the vehicle using the first key to obtain a second key matching the first key;
所述根据所述第一密钥对所述第一操作指令对应的第一操作数据进行加密,包括:The encrypting the first operation data corresponding to the first operation instruction according to the first key includes:
利用所述第二密钥对所述第一操作指令对应的第一操作数据进行加密。The first operation data corresponding to the first operation instruction is encrypted using the second key.
在其中一个实施例中,所述响应于用户的第一操作指令,包括:In one embodiment, the responding to the first operation instruction of the user includes:
接收用户的第一操作指令,获取所述车钥匙对应的用户认证信息; Receiving a first operation instruction from a user, and obtaining user authentication information corresponding to the vehicle key;
在所述用户认证信息与所述车辆对应的车辆认证信息相匹配的情况下,响应所述第一操作指令。In a case where the user authentication information matches the vehicle authentication information corresponding to the vehicle, respond to the first operation instruction.
在其中一个实施例中,所述响应于车钥匙对车辆的触发指令,确定所述车钥匙对应的第一密钥,包括:In one embodiment, in response to a trigger instruction of a vehicle key to a vehicle, determining a first key corresponding to the vehicle key includes:
响应于车钥匙对车辆的触发指令,获取所述车钥匙对应的用户认证信息;In response to a trigger instruction of the vehicle key to the vehicle, obtaining user authentication information corresponding to the vehicle key;
在所述用户认证信息与所述车辆对应的车辆认证信息相匹配的情况下,获取所述车钥匙对应的第一密钥。In a case where the user authentication information matches the vehicle authentication information corresponding to the vehicle, a first key corresponding to the vehicle key is obtained.
在其中一个实施例中,所述方法还包括:In one embodiment, the method further comprises:
响应于用户的从属钥匙的生成触发指令,生成从属钥匙的配置信息,其中,所述配置信息包括所述从属钥匙对应的第一子密钥;In response to a user's trigger instruction for generating a subordinate key, generating configuration information of the subordinate key, wherein the configuration information includes a first subkey corresponding to the subordinate key;
利用所述第一密钥对所述配置信息进行加密,得到加密后的配置信息。The configuration information is encrypted using the first key to obtain encrypted configuration information.
在其中一个实施例中,所述方法还包括:In one embodiment, the method further comprises:
响应于所述从属钥匙对车辆的触发指令,确定所述从属钥匙对应的第一子密钥;In response to a triggering instruction of the slave key to the vehicle, determining a first subkey corresponding to the slave key;
响应于用户的第二操作指令,利用所述第一子密钥对所述第二操作指令对应的第二操作数据进行加密,得到加密后的第二操作数据。In response to a second operation instruction of the user, the second operation data corresponding to the second operation instruction is encrypted using the first subkey to obtain encrypted second operation data.
在其中一个实施例中,所述方法还包括:In one embodiment, the method further comprises:
响应于用户的数据获取操作指令,获取所述数据获取操作指令对应的操作密钥;In response to a data acquisition operation instruction of a user, acquiring an operation key corresponding to the data acquisition operation instruction;
在所述操作密钥与所述第一密钥相匹配的情况下,利用所述第一密钥对所述加密后的配置信息进行解密,得到所述配置信息;In a case where the operation key matches the first key, decrypting the encrypted configuration information using the first key to obtain the configuration information;
利用所述配置信息对应的所述第一子密钥对所述加密后的第二操作数据进行解密,得到所述第二操作数据。The encrypted second operation data is decrypted using the first subkey corresponding to the configuration information to obtain the second operation data.
在其中一个实施例中,在所述得到加密后的第一操作数据,之后还包括:In one embodiment, after obtaining the encrypted first operation data, the method further includes:
确定与所述第一密钥相对应的目标存储区域;determining a target storage area corresponding to the first key;
将所述加密后的第一操作数据存储至所述目标存储区域。The encrypted first operation data is stored in the target storage area.
第二方面,本公开实施例还提供了一种数据的处理装置。所述装置包括:In a second aspect, the present disclosure also provides a data processing device. The device includes:
确定模块,用于响应于车钥匙对车辆的触发指令,确定所述车钥匙对应的第一密钥;A determination module, configured to determine a first key corresponding to the vehicle key in response to a triggering instruction of the vehicle key to the vehicle;
加密模块,用于响应于用户的第一操作指令,根据所述第一密钥对所述第一操作指令对应的第一操作数据进行加密,得到加密后的第一操作数据。The encryption module is used to respond to a first operation instruction of a user and encrypt first operation data corresponding to the first operation instruction according to the first key to obtain the encrypted first operation data.
在其中一个实施例中,在所述确定模块,之后还包括:In one embodiment, in the determining module, the following further comprises:
第一解密模块,用于利用所述第一密钥对所述车辆的密钥信息进行解密,得到与所述 第一密钥相匹配的第二密钥;The first decryption module is used to decrypt the key information of the vehicle using the first key to obtain the key information of the vehicle. A second key that matches the first key;
所述加密模块,包括:The encryption module comprises:
第一加密子模块,用于利用所述第二密钥对所述第一操作指令对应的第一操作数据进行加密。The first encryption submodule is used to encrypt the first operation data corresponding to the first operation instruction by using the second key.
在其中一个实施例中,所述加密模块,包括:In one embodiment, the encryption module includes:
接收模块,用于接收用户的第一操作指令,获取所述车钥匙对应的用户认证信息;A receiving module, used to receive a first operation instruction from a user and obtain user authentication information corresponding to the vehicle key;
响应模块,用于在所述用户认证信息与所述车辆对应的车辆认证信息相匹配的情况下,响应所述第一操作指令。A response module is used to respond to the first operation instruction when the user authentication information matches the vehicle authentication information corresponding to the vehicle.
在其中一个实施例中,所述确定模块,包括:In one embodiment, the determining module includes:
第一获取模块,用于响应于车钥匙对车辆的触发指令,获取所述车钥匙对应的用户认证信息;A first acquisition module, configured to acquire user authentication information corresponding to the vehicle key in response to a trigger instruction of the vehicle key to the vehicle;
第二获取模块,用于在所述用户认证信息与所述车辆对应的车辆认证信息相匹配的情况下,获取所述车钥匙对应的第一密钥。The second acquisition module is used to acquire a first key corresponding to the vehicle key when the user authentication information matches the vehicle authentication information corresponding to the vehicle.
在其中一个实施例中,所述装置还包括:In one embodiment, the device further comprises:
生成模块,用于响应于用户的从属钥匙的生成触发指令,生成从属钥匙的配置信息,其中,所述配置信息包括所述从属钥匙对应的第一子密钥;A generation module, configured to generate configuration information of a subordinate key in response to a generation trigger instruction of a subordinate key from a user, wherein the configuration information includes a first subkey corresponding to the subordinate key;
第二加密子模块,用于利用所述第一密钥对所述配置信息进行加密,得到加密后的配置信息。The second encryption submodule is used to encrypt the configuration information using the first key to obtain encrypted configuration information.
在其中一个实施例中,所述装置还包括:In one embodiment, the device further comprises:
第一确定子模块,用于响应于所述从属钥匙对车辆的触发指令,确定所述从属钥匙对应的第一子密钥;A first determination submodule, configured to determine a first subkey corresponding to the slave key in response to a trigger instruction of the slave key to the vehicle;
第三加密子模块,用于响应于用户的第二操作指令,利用所述第一子密钥对所述第二操作指令对应的第二操作数据进行加密,得到加密后的第二操作数据。The third encryption submodule is used to respond to the user's second operation instruction and use the first subkey to encrypt the second operation data corresponding to the second operation instruction to obtain the encrypted second operation data.
在其中一个实施例中,所述装置还包括:In one embodiment, the device further comprises:
第三获取模块,用于响应于用户的数据获取操作指令,获取所述数据获取操作指令对应的操作密钥;A third acquisition module, configured to respond to a data acquisition operation instruction of a user and acquire an operation key corresponding to the data acquisition operation instruction;
第二解密模块,用于在所述操作密钥与所述第一密钥相匹配的情况下,利用所述第一密钥对所述加密后的配置信息进行解密,得到所述配置信息;a second decryption module, configured to decrypt the encrypted configuration information using the first key to obtain the configuration information when the operation key matches the first key;
第三解密模块,用于利用所述配置信息对应的所述第一子密钥对所述加密后的第二操作数据进行解密,得到所述第二操作数据。 The third decryption module is used to decrypt the encrypted second operation data using the first subkey corresponding to the configuration information to obtain the second operation data.
在其中一个实施例中,在所述加密模块,之后还包括:In one embodiment, the encryption module further includes:
第二确定子模块,用于确定与所述第一密钥相对应的目标存储区域;A second determination submodule, used to determine a target storage area corresponding to the first key;
存储模块,用于将所述加密后的第一操作数据存储至所述目标存储区域。The storage module is used to store the encrypted first operation data in the target storage area.
第三方面,本公开实施例还提供了一种车辆。所述车辆包括存储器和处理器,所述存储器存储有计算机程序,所述处理器执行所述计算机程序时实现本公开实施例中任一项所述的方法的步骤。In a third aspect, the embodiments of the present disclosure further provide a vehicle, wherein the vehicle includes a memory and a processor, wherein the memory stores a computer program, and when the processor executes the computer program, the steps of any one of the methods in the embodiments of the present disclosure are implemented.
第四方面,本公开实施例还提供了一种计算机可读存储介质。所述计算机可读存储介质,其上存储有计算机程序,所述计算机程序被处理器执行时实现本公开实施例中任一项所述的方法的步骤。In a fourth aspect, the embodiments of the present disclosure further provide a computer-readable storage medium, wherein a computer program is stored thereon, and when the computer program is executed by a processor, the steps of any one of the methods in the embodiments of the present disclosure are implemented.
第五方面,本公开实施例还提供了一种计算机程序产品。所述计算机程序产品,包括计算机程序,该计算机程序被处理器执行时实现本公开实施例中任一项所述的方法的步骤。In a fifth aspect, the embodiments of the present disclosure further provide a computer program product, wherein the computer program product includes a computer program, and when the computer program is executed by a processor, the steps of any one of the methods in the embodiments of the present disclosure are implemented.
本公开实施例,用户使用车辆时,利用车钥匙触发车辆,响应于车钥匙对车辆的触发指令,获取车钥匙对应的第一密钥,用户在对车辆进行操作时,车辆响应于用户的操作指令,产生操作数据,利用第一密钥对产生的操作数据进行加密,得到加密后的操作数据,从而实现了对用户的操作数据的加密,通过用户的车钥匙对应的第一密钥对操作数据进行加密,其他用户无法直接访问或通过其他密钥访问该用户的操作数据,保证了用户个人数据的安全性;且通过密钥进行加密,加密后的数据不容易被数据攻击解密,提升了数据的安全性和可靠性;通过设置钥匙对应的密钥,在用户使用车辆时,直接利用对应的密钥对操作数据进行加密,无需进行其他额外的配置,处理过程简单,实现难度小,在保证数据安全性和可靠性的同时,简化了数据加密的流程,能够适用于更多应用场景。In the disclosed embodiment, when a user uses a vehicle, the vehicle is triggered by a vehicle key, and a first key corresponding to the vehicle key is obtained in response to a triggering instruction of the vehicle by the vehicle key. When the user operates the vehicle, the vehicle generates operation data in response to the user's operation instruction, and the generated operation data is encrypted by using the first key to obtain the encrypted operation data, thereby realizing encryption of the user's operation data. The operation data is encrypted by the first key corresponding to the user's car key, and other users cannot directly access or access the user's operation data through other keys, thereby ensuring the security of the user's personal data; and the encrypted data is not easily decrypted by data attacks by encrypting with the key, thereby improving the security and reliability of the data; by setting the key corresponding to the key, when the user uses the vehicle, the operation data is directly encrypted by using the corresponding key, without the need for other additional configurations, the processing process is simple, and the implementation difficulty is low. While ensuring data security and reliability, the data encryption process is simplified, and it can be applied to more application scenarios.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
图1为一个实施例中数据的处理方法的应用环境图;FIG1 is an application environment diagram of a method for processing data in one embodiment;
图2为一个实施例中数据的处理方法的流程示意图;FIG2 is a schematic flow chart of a method for processing data in one embodiment;
图3为一个实施例中数据的处理方法的流程示意图;FIG3 is a schematic flow chart of a method for processing data in one embodiment;
图4为一个实施例中数据的处理系统的结构示意图;FIG4 is a schematic diagram of the structure of a data processing system in one embodiment;
图5为一个实施例中数据的处理方法的流程示意图;FIG5 is a schematic flow chart of a method for processing data in one embodiment;
图6为一个实施例中车钥匙与车辆之间的控制方法的示意图;FIG6 is a schematic diagram of a control method between a vehicle key and a vehicle in one embodiment;
图7为一个实施例中数据获取方法的流程示意图;FIG7 is a schematic diagram of a flow chart of a data acquisition method in one embodiment;
图8为一个实施例中从属钥匙的数据访问方法的流程示意图; FIG8 is a schematic flow chart of a data access method of a slave key in one embodiment;
图9为一个实施例中数据的处理装置的结构框图;FIG9 is a block diagram of a data processing device according to an embodiment;
图10为一个实施例中车辆的内部结构图。FIG. 10 is a diagram showing the internal structure of a vehicle in one embodiment.
具体实施方式Detailed ways
为了使本公开实施例的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本公开实施例进行进一步详细说明。应当理解,此处描述的具体实施例仅仅用以解释本公开实施例,并不用于限定本公开实施例。In order to make the purpose, technical solution and advantages of the embodiments of the present disclosure more clear, the embodiments of the present disclosure are further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are only used to explain the embodiments of the present disclosure and are not used to limit the embodiments of the present disclosure.
本公开实施例提供的数据的处理方法,可以应用于如图1所示的应用环境中。其中,终端102通过网络与服务器104进行通信。数据存储系统可以存储服务器104需要处理的数据。数据存储系统可以集成在服务器104上,也可以放在云上或其他网络服务器上。其中,终端102可以但不限于是各种个人计算机、笔记本电脑、智能手机、平板电脑、物联网设备和便携式可穿戴设备,物联网设备可为智能音箱、智能电视、智能空调、智能车载设备等。便携式可穿戴设备可为智能手表、智能手环、头戴设备等。服务器104可以用独立的服务器或者是多个服务器组成的服务器集群来实现。The data processing method provided in the embodiment of the present disclosure can be applied in the application environment as shown in Figure 1. Among them, the terminal 102 communicates with the server 104 through the network. The data storage system can store the data that the server 104 needs to process. The data storage system can be integrated on the server 104, or it can be placed on the cloud or other network servers. Among them, the terminal 102 can be but is not limited to various personal computers, laptops, smart phones, tablets, Internet of Things devices and portable wearable devices. The Internet of Things devices can be smart speakers, smart TVs, smart air conditioners, smart car-mounted devices, etc. Portable wearable devices can be smart watches, smart bracelets, head-mounted devices, etc. The server 104 can be implemented with an independent server or a server cluster consisting of multiple servers.
在一个实施例中,如图2所示,提供了一种数据的处理方法,以该方法应用于图1中的终端为例进行说明,包括以下步骤:In one embodiment, as shown in FIG2 , a data processing method is provided, which is described by taking the method applied to the terminal in FIG1 as an example, including the following steps:
步骤S210,响应于车钥匙对车辆的触发指令,确定所述车钥匙对应的第一密钥;Step S210, in response to a triggering instruction of the vehicle by the vehicle key, determining a first key corresponding to the vehicle key;
本公开实施例中,用户在使用车辆时,需要通过车钥匙触发车辆,使车辆状态从锁定状态切换为解锁状态。其中,车钥匙可以包括但不限于实体钥匙、智能数字钥匙等,本实施例中,车钥匙与车辆之间存在通讯连接,可以进行数据的传输。响应于车钥匙对车辆的触发指令,确定车钥匙对应的第一密钥。其中,第一密钥可以以预设的方式存储于车钥匙中,车钥匙与第一密钥的对应关系可以根据实际应用场景设置得到,通常情况下,一个车钥匙对应有一个第一密钥,一个第一密钥可以对应有一个或多个车钥匙。In the disclosed embodiment, when the user uses the vehicle, the user needs to trigger the vehicle through the car key to switch the vehicle state from a locked state to an unlocked state. Among them, the car key may include but is not limited to a physical key, a smart digital key, etc. In this embodiment, there is a communication connection between the car key and the vehicle, and data can be transmitted. In response to the triggering instruction of the car key to the vehicle, the first key corresponding to the car key is determined. Among them, the first key can be stored in the car key in a preset manner, and the corresponding relationship between the car key and the first key can be obtained according to the actual application scenario setting. Usually, one car key corresponds to one first key, and one first key can correspond to one or more car keys.
步骤S220,响应于用户的第一操作指令,根据所述第一密钥对所述第一操作指令对应的第一操作数据进行加密,得到加密后的第一操作数据。Step S220: In response to a first operation instruction from the user, encrypt first operation data corresponding to the first operation instruction according to the first key to obtain encrypted first operation data.
本公开实施例中,用户在操作车辆时,发送第一操作指令,车辆接收到第一操作指令后,执行相应的操作,产生第一操作数据。其中,第一操作指令可以包括但不限于用户通过车机装置或其他设备发送的操作控制指令。产生第一操作数据后,利用获取到的第一密钥对第一操作数据进行加密,得到加密后的第一操作数据。在一个示例中,通过预设的加密系统对第一操作数据进行加密。在一个示例中,可以直接利用第一密钥对第一操作数据 进行加密,也可以根据第一密钥确定其他的加密方式,对第一操作数据进行加密。其中,第一操作数据可以包括但不限于用户在使用车辆过程中产生的车辆状态数据、车辆上设备产生的数据等,车辆上设备产生的数据可以包括但不限于定位信息数据、视频数据、语音数据、应用访问记录数据等。在一个示例中,第一操作数据可以包括用户的视频数据、语音数据,其中,用户使用车辆时,响应于用户进入车辆的第一操作指令,利用预设的图像采集装置和语音采集装置获取对应的操作数据,即用户使用车辆时产生的视频数据和语音数据。In the embodiment of the present disclosure, when the user operates the vehicle, the user sends a first operation instruction. After receiving the first operation instruction, the vehicle performs a corresponding operation and generates first operation data. The first operation instruction may include but is not limited to an operation control instruction sent by the user through a vehicle device or other device. After the first operation data is generated, the first operation data is encrypted using the acquired first key to obtain the encrypted first operation data. In one example, the first operation data is encrypted using a preset encryption system. In one example, the first operation data can be directly encrypted using the first key. The first operation data may be encrypted, or other encryption methods may be determined according to the first key to encrypt the first operation data. The first operation data may include but is not limited to vehicle status data generated by the user during the use of the vehicle, data generated by the device on the vehicle, etc. The data generated by the device on the vehicle may include but is not limited to positioning information data, video data, voice data, application access record data, etc. In one example, the first operation data may include the user's video data and voice data, wherein when the user uses the vehicle, in response to the first operation instruction of the user entering the vehicle, the corresponding operation data is obtained by using the preset image acquisition device and voice acquisition device, that is, the video data and voice data generated when the user uses the vehicle.
本公开实施例,用户使用车辆时,利用车钥匙触发车辆,响应于车钥匙对车辆的触发指令,获取车钥匙对应的第一密钥,用户在对车辆进行操作时,车辆响应于用户的操作指令,产生操作数据,利用第一密钥对产生的操作数据进行加密,得到加密后的操作数据,从而实现了对用户的操作数据的加密,通过用户的车钥匙对应的第一密钥对操作数据进行加密,其他用户无法直接访问或通过其他密钥访问该用户的操作数据,保证了用户个人数据的安全性;且通过密钥进行加密,加密后的数据不容易被数据攻击解密,提升了数据的安全性和可靠性;通过设置钥匙对应的密钥,在用户使用车辆时,直接利用对应的密钥对操作数据进行加密,无需进行其他额外的配置,处理过程简单,实现难度小,在保证数据安全性和可靠性的同时,简化了数据加密的流程,能够适用于更多应用场景。通过本公开实施例,能够实现共享用车时的个人数据隔离保护,每个用车人只能查看自己的用车数据,提升了车辆数据的安全性。In the disclosed embodiment, when a user uses a vehicle, the vehicle is triggered by the vehicle key, and the first key corresponding to the vehicle key is obtained in response to the triggering instruction of the vehicle by the vehicle key. When the user operates the vehicle, the vehicle responds to the user's operation instruction and generates operation data. The generated operation data is encrypted by the first key to obtain the encrypted operation data, thereby realizing the encryption of the user's operation data. The operation data is encrypted by the first key corresponding to the user's car key, and other users cannot directly access or access the user's operation data through other keys, thereby ensuring the security of the user's personal data; and the encrypted data is not easily decrypted by data attacks by encrypting with the key, thereby improving the security and reliability of the data; by setting the key corresponding to the key, when the user uses the vehicle, the operation data is directly encrypted with the corresponding key, without the need for other additional configurations, the processing process is simple, the implementation difficulty is small, and while ensuring the security and reliability of the data, the data encryption process is simplified, and it can be applied to more application scenarios. Through the disclosed embodiment, the personal data isolation protection when sharing a car can be realized, and each car user can only view his own car data, thereby improving the security of the vehicle data.
在一个实施例中,如图3所示,在所述确定所述车钥匙对应的第一密钥,之后还包括:In one embodiment, as shown in FIG3 , after determining the first key corresponding to the vehicle key, the method further includes:
步骤S212,利用所述第一密钥对所述车辆的密钥信息进行解密,得到与所述第一密钥相匹配的第二密钥;Step S212, using the first key to decrypt the key information of the vehicle to obtain a second key matching the first key;
所述根据所述第一密钥对所述第一操作指令对应的第一操作数据进行加密,包括:The encrypting the first operation data corresponding to the first operation instruction according to the first key includes:
步骤S221,利用所述第二密钥对所述第一操作指令对应的第一操作数据进行加密。Step S221: Use the second key to encrypt the first operation data corresponding to the first operation instruction.
本公开实施例中,确定得到车钥匙对应的第一密钥之后,利用第一密钥对车辆的密钥信息进行解密,解密后得到与第一密钥相匹配的第二密钥,其中,车辆的密钥信息可以以预设的方式存储于车辆的存储区域中,也可以存储于预设的加密系统中,加密系统用于对用户的操作数据进行加密。其中,第一密钥与第二密钥之间的对应关系可以根据实际应用场景设置得到,一个第二密钥可以对应有一个或多个第一密钥。在对操作数据进行加密时,利用第二密钥进行加密,得到加密后的第一操作数据。在一种可能的实现方式中,第一密钥以预设的方式存储于车钥匙中,响应于车钥匙对车辆的触发指令,车辆与车钥匙之间进 行通信,获取车钥匙的第一密钥,利用第一密钥对车辆内存储的密钥信息进行解密,得到第二密钥。In the embodiment of the present disclosure, after determining to obtain the first key corresponding to the car key, the key information of the vehicle is decrypted using the first key, and the second key matching the first key is obtained after decryption, wherein the key information of the vehicle can be stored in a storage area of the vehicle in a preset manner, or can be stored in a preset encryption system, and the encryption system is used to encrypt the user's operation data. Among them, the correspondence between the first key and the second key can be obtained according to the actual application scenario setting, and one second key can correspond to one or more first keys. When encrypting the operation data, the second key is used to encrypt it to obtain the encrypted first operation data. In one possible implementation method, the first key is stored in the car key in a preset manner, and in response to the car key's triggering instruction to the vehicle, the vehicle and the car key are connected. The first key is used to communicate with the vehicle key to obtain the first key of the vehicle key, and the key information stored in the vehicle is decrypted using the first key to obtain the second key.
图4为根据一示例性实施例示出的一种数据的处理系统的结构示意图,参考图4所示,用户在使用车辆时,利用车钥匙触发车辆,车辆响应于车钥匙的触发指令,利用获取到的车钥匙中的第一密钥对密钥信息进行解密得到车钥匙对应的第二密钥,即图4中的主密钥。其中,不同的钥匙可以对应有不同的主密钥,用户车钥匙与第一密钥可以为一一对应,车钥匙与主密钥之间的对应关系可以根据实际应用场景设置得到,在一些应用场景下,如同一用户持有多个车钥匙的情况下,多个车钥匙也可以对应有同一个主密钥。用户在使用车辆时产生的操作数据,例如定位数据、视频数据、语音数据、应用访问数据等,利用加密系统使用对应的主密钥进行加密,加密后的数据存储于存储系统中。在一个示例中,存储系统中为多个主密钥设置不同的存储区域,加密后的数据存储于对应的区域,实现了不同用户数据的分离。FIG4 is a schematic diagram of a data processing system according to an exemplary embodiment. Referring to FIG4, when a user uses a vehicle, the user triggers the vehicle with a car key. The vehicle responds to the trigger instruction of the car key and uses the first key in the car key to decrypt the key information to obtain the second key corresponding to the car key, that is, the master key in FIG4. Different keys may correspond to different master keys, and the user's car key and the first key may correspond to each other one by one. The corresponding relationship between the car key and the master key may be obtained according to the actual application scenario. In some application scenarios, if the same user holds multiple car keys, multiple car keys may correspond to the same master key. The operation data generated by the user when using the vehicle, such as positioning data, video data, voice data, application access data, etc., is encrypted using the corresponding master key using the encryption system, and the encrypted data is stored in the storage system. In an example, different storage areas are set for multiple master keys in the storage system, and the encrypted data is stored in the corresponding area, so as to achieve the separation of different user data.
本公开实施例,通过设置车辆中与第一密钥对应的第二密钥,实现了车钥匙中的密钥与用于加密数据的密钥的分离,在进行数据加密时,根据车钥匙的第一密钥确定对应的第二密钥,利用第二密钥对数据进行加密,从而能够实现第一密钥与第二密钥之间多对一的关系,适用于同一用户持有多个车钥匙、多用户持有多个钥匙共享数据权限等多种应用场景;且用户能够对车钥匙进行更换或增减,只需要设置车钥匙的密钥与车辆密钥之间的对应关系即可,无需对车辆的加密系统进行变动,提高了车辆的车钥匙使用的灵活性,提升了用户的体验感。In the disclosed embodiment, by setting a second key corresponding to the first key in the vehicle, the key in the car key and the key used to encrypt data are separated. When encrypting data, the corresponding second key is determined according to the first key of the car key, and the data is encrypted using the second key, thereby achieving a many-to-one relationship between the first key and the second key. This is suitable for various application scenarios such as the same user holding multiple car keys and multiple users holding multiple keys sharing data permissions. Moreover, the user can replace or add or reduce the car key by only setting the corresponding relationship between the car key key and the vehicle key, without changing the encryption system of the vehicle, thereby improving the flexibility of using the vehicle key and enhancing the user experience.
在一个实施例中,所述响应于用户的第一操作指令,包括:In one embodiment, the responding to the first operation instruction of the user includes:
接收用户的第一操作指令,获取所述车钥匙对应的用户认证信息;Receiving a first operation instruction from a user, and obtaining user authentication information corresponding to the vehicle key;
在所述用户认证信息与所述车辆对应的车辆认证信息相匹配的情况下,响应所述第一操作指令。In a case where the user authentication information matches the vehicle authentication information corresponding to the vehicle, respond to the first operation instruction.
本公开实施例中,用户发送第一操作指令后,获取车钥匙对应的用户认证信息,利用获取到的用户认证信息与车辆的车辆认证信息进行匹配,在匹配成功的情况下,可以认为此时的车钥匙通过认证,可以执行用户发送的第一操作指令,响应第一操作指令。通常情况下,可以实现根据车钥匙与车辆之间的对应关系设置车钥匙的用户认证信息与车辆的车辆认证信息的匹配关系,一个车辆可以和一个或多个车钥匙之间存在对应关系。在一个示例中,用户认证信息可以包括数字密钥证书,根据数字密钥证书对车钥匙进行认证,认证通过,则响应用户发送的第一操作指令。在一个示例中,车钥匙和车辆之间的匹配关系还 可以通过数字签名的方式进行匹配。在一个示例中,当用户认证信息与车辆认证信息不匹配的情况下,可以不响应第一操作指令。在一种可能的实现方式中,还可以对用户的操作指令进行分类,划分得到多个不同类别的操作指令,根据车钥匙对应的用户认证信息与车辆认证信息的具体的匹配内容,实现对不同类别的操作指令的权限的控制,例如,用户发送第一操作指令,获取车钥匙对应的用户认证信息,对用户认证信息和车辆认证信息进行匹配,确定用户认证信息对应的车钥匙是否存在第一操作指令的权限,在存在第一操作指令的权限的情况下,响应第一操作指令,针对不同的操作指令,车钥匙对应的用户认证信息可能存在不同的匹配结果。In the disclosed embodiment, after the user sends the first operation instruction, the user authentication information corresponding to the car key is obtained, and the obtained user authentication information is used to match the vehicle authentication information of the vehicle. If the match is successful, it can be considered that the car key at this time has passed the authentication, and the first operation instruction sent by the user can be executed and responded to the first operation instruction. Generally, it is possible to set the matching relationship between the user authentication information of the car key and the vehicle authentication information of the vehicle according to the corresponding relationship between the car key and the vehicle, and a corresponding relationship can exist between a vehicle and one or more car keys. In one example, the user authentication information may include a digital key certificate, and the car key is authenticated according to the digital key certificate. If the authentication is passed, the first operation instruction sent by the user is responded to. In one example, the matching relationship between the car key and the vehicle is also Matching can be performed by means of digital signatures. In one example, when the user authentication information does not match the vehicle authentication information, the first operation instruction may not be responded to. In a possible implementation, the user's operation instructions can also be classified to obtain a plurality of different categories of operation instructions. According to the specific matching content between the user authentication information corresponding to the car key and the vehicle authentication information, the authority of the different categories of operation instructions can be controlled. For example, the user sends a first operation instruction, obtains the user authentication information corresponding to the car key, matches the user authentication information and the vehicle authentication information, determines whether the car key corresponding to the user authentication information has the authority for the first operation instruction, and responds to the first operation instruction if the authority for the first operation instruction exists. For different operation instructions, the user authentication information corresponding to the car key may have different matching results.
在一个示例中,如图5所示,加密流程可以在车辆的车机系统中执行,在对用户的操作数据进行加密时,首先需要获取车钥匙的用户认证信息,即证书信息,在证书信息匹配的情况下,利用第二密钥进行加密。在解密过程中,利用车钥匙中的第一密钥解密得到第二密钥,在用户认证信息匹配的情况下,利用第二密钥对加密后的密文进行解密,得到解密后的操作数据。本实施例中,通过钥匙中的用户认证信息对密文进行了进一步的保护,只有在认证通过的情况下才会进行加密解密,提高了用户数据的安全性。In one example, as shown in FIG5 , the encryption process can be executed in the vehicle's onboard system. When encrypting the user's operation data, it is first necessary to obtain the user authentication information of the car key, that is, the certificate information. When the certificate information matches, the second key is used for encryption. During the decryption process, the first key in the car key is used to decrypt and obtain the second key. When the user authentication information matches, the encrypted ciphertext is decrypted using the second key to obtain the decrypted operation data. In this embodiment, the ciphertext is further protected by the user authentication information in the key. Encryption and decryption are performed only when the authentication is passed, thereby improving the security of user data.
本公开实施例,在用户操作车辆时,对车钥匙对应的用户认证信息与车辆认证信息进行匹配,能够实现对用户的身份认证,在认证通过的情况下,响应操作指令,保证了车辆的安全性,提升了用户数据的可靠性,通过认证信息的匹配,能够实现不同钥匙用户的操作权限的设置,进一步提升了车辆的智能化,适用于更多应用场景。本实施例,通过用户认证信息实现对车辆的控制操作,通过密钥实现对车辆数据的加密操作,从而实现了车辆控制共享,车辆数据私有,保证数据隐私的同时提升了用户的体验感。In the disclosed embodiment, when a user operates a vehicle, the user authentication information corresponding to the car key is matched with the vehicle authentication information, so that the user's identity authentication can be realized. When the authentication is passed, the operation instruction is responded to, thereby ensuring the safety of the vehicle and improving the reliability of the user data. By matching the authentication information, the operation permissions of different key users can be set, further improving the intelligence of the vehicle and being applicable to more application scenarios. In this embodiment, the control operation of the vehicle is realized through the user authentication information, and the encryption operation of the vehicle data is realized through the key, thereby realizing the sharing of vehicle control and the private ownership of vehicle data, ensuring data privacy while improving the user experience.
在一个实施例中,所述响应于车钥匙对车辆的触发指令,确定所述车钥匙对应的第一密钥,包括:In one embodiment, in response to a trigger instruction of a vehicle key to a vehicle, determining a first key corresponding to the vehicle key includes:
响应于车钥匙对车辆的触发指令,获取所述车钥匙对应的用户认证信息;In response to a trigger instruction of the vehicle key to the vehicle, obtaining user authentication information corresponding to the vehicle key;
在所述用户认证信息与所述车辆对应的车辆认证信息相匹配的情况下,获取所述车钥匙对应的第一密钥。In a case where the user authentication information matches the vehicle authentication information corresponding to the vehicle, a first key corresponding to the vehicle key is obtained.
本公开实施例中,用户利用车钥匙发送对车辆的触发指令时,响应于所述触发指令,获取车钥匙对应的用户认证信息,利用获取到的用户认证信息与车辆的车辆认证信息进行匹配,在匹配成功的情况下,可以认为此时的车钥匙通过认证,获取车钥匙对应的第一密钥。通常情况下,可以实现根据车钥匙与车辆之间的对应关系设置车钥匙的用户认证信息与车辆的车辆认证信息的匹配关系,一个车辆可以和一个或多个车钥匙之间存在对应关系。 在一个示例中,用户认证信息可以包括数字密钥证书,根据数字密钥证书对车钥匙进行认证,认证通过,则获取车钥匙对应的第一密钥。在一个示例中,车钥匙和车辆之间的匹配关系还可以通过数字签名的方式进行匹配。在一个示例中,当用户认证信息与车辆认证信息不匹配的情况下,不执行操作。In the disclosed embodiment, when a user uses a car key to send a trigger instruction to a vehicle, in response to the trigger instruction, the user authentication information corresponding to the car key is obtained, and the obtained user authentication information is used to match the vehicle authentication information of the vehicle. If the match is successful, it can be considered that the car key at this time has passed the authentication, and the first key corresponding to the car key is obtained. Generally, the matching relationship between the user authentication information of the car key and the vehicle authentication information of the vehicle can be set according to the corresponding relationship between the car key and the vehicle, and a corresponding relationship can exist between a vehicle and one or more car keys. In one example, the user authentication information may include a digital key certificate, and the car key is authenticated according to the digital key certificate. If the authentication is successful, the first key corresponding to the car key is obtained. In one example, the matching relationship between the car key and the vehicle can also be matched by a digital signature. In one example, when the user authentication information does not match the vehicle authentication information, no operation is performed.
在一个示例中,如图6所示,对车辆控制数据和车辆操作数据进行分离管理,在车钥匙的用户认证信息与车辆的车辆认证信息相匹配的情况下,用户即可以使用控制权,可以实现对车辆的控制。在车钥匙中存储有密钥信息,且能够与车辆认证信息相匹配的情况下,用户可以使用控制权,实现对车辆的控制,也可以利用对应密钥对车辆内的加密数据进行解密,获取车辆数据,实现对车辆数据的访问。在一个示例中,当车钥匙仅具有控制功能,例如,车钥匙中仅存储有用户认证信息,未存储密钥信息的情况下,用户可以利用车钥匙控制车控系统,对车辆进行控制,但无法获取车辆内存储的车辆数据。在一个示例中,当车钥匙具有控制功能和数据访问功能时,例如,车钥匙中存储有用户认证信息和密钥信息的情况下,用户可以利用车钥匙对车辆进行控制,也可以对密钥信息对应的车辆数据进行查看访问。在一个示例中,车辆数据可以包括但不限于用户的历史操作数据等。In one example, as shown in FIG6 , the vehicle control data and the vehicle operation data are managed separately. When the user authentication information of the car key matches the vehicle authentication information of the vehicle, the user can use the control right to control the vehicle. When the key information is stored in the car key and can match the vehicle authentication information, the user can use the control right to control the vehicle, and can also use the corresponding key to decrypt the encrypted data in the vehicle to obtain the vehicle data and access the vehicle data. In one example, when the car key only has a control function, for example, when the car key only stores the user authentication information and does not store the key information, the user can use the car key to control the vehicle control system and control the vehicle, but cannot obtain the vehicle data stored in the vehicle. In one example, when the car key has a control function and a data access function, for example, when the car key stores the user authentication information and the key information, the user can use the car key to control the vehicle, and can also view and access the vehicle data corresponding to the key information. In one example, the vehicle data may include but is not limited to the user's historical operation data.
本公开实施例,在获取车钥匙对应的第一密钥时,对车钥匙对应的用户认证信息和车辆认证信息进行匹配,在匹配成功的情况下,获取车钥匙的第一密钥,保证了第一密钥的安全性和车辆数据的隐私性,只有车钥匙和车辆相匹配,才会获取对应的密钥,避免了不匹配的情况下的计算资源的浪费,节约了数据处理的流程,提高了处理效率,提升了用户的体验感。In the disclosed embodiment, when obtaining the first key corresponding to the car key, the user authentication information and the vehicle authentication information corresponding to the car key are matched. When the match is successful, the first key of the car key is obtained, thereby ensuring the security of the first key and the privacy of the vehicle data. Only when the car key and the vehicle match can the corresponding key be obtained, thereby avoiding the waste of computing resources in the case of mismatch, saving the data processing process, improving processing efficiency, and enhancing the user experience.
在一个实施例中,所述方法还包括:In one embodiment, the method further comprises:
响应于用户的从属钥匙的生成触发指令,生成从属钥匙的配置信息,其中,所述配置信息包括所述从属钥匙对应的第一子密钥;In response to a user's trigger instruction for generating a subordinate key, generating configuration information of the subordinate key, wherein the configuration information includes a first subkey corresponding to the subordinate key;
利用所述第一密钥对所述配置信息进行加密,得到加密后的配置信息。The configuration information is encrypted using the first key to obtain encrypted configuration information.
本公开实施例中,用户还可以在所持有的车钥匙的基础上生成从属钥匙以适用于更多应用场景,例如,车主将车辆临时出借的场景下,车主可以在自己所持有的车钥匙的基础上,生成从属钥匙供被出借者使用。在用户有生成从属钥匙的需求时,发出从属钥匙的生成触发指令,响应于生成触发指令,生成从属钥匙的配置信息,得到从属钥匙。在一个示例中,从属钥匙可以包括但不限于实体钥匙、智能数字钥匙等,从属钥匙的生成可以通过硬件实现,例如,根据配置信息制作新的钥匙作为从属钥匙;从属钥匙的生成也可以通过软件实现,例如,根据配置信息对已有的钥匙的配置信息进行更改、根据配置信息生成新 的智能数字钥匙等。具体的,配置信息包括从属钥匙对应的第一子密钥,还可以包括但不限于从属钥匙的用户认证信息等。其中,第一子密钥用于对从属钥匙对应的用户操作数据进行加密。得到从属钥匙的配置信息后,利用第一密钥对从属钥匙的配置信息进行加密,得到加密后的配置信息。在一个示例中,可以将加密后的配置信息存储于用户持有的车钥匙中,还可以存储于车辆的预设存储区域中。In the disclosed embodiments, users can also generate subordinate keys based on the car keys they hold to suit more application scenarios. For example, in a scenario where the car owner temporarily lends out the vehicle, the car owner can generate subordinate keys for the lender to use based on the car keys they hold. When a user needs to generate a subordinate key, a generation trigger instruction for the subordinate key is issued. In response to the generation trigger instruction, configuration information for the subordinate key is generated to obtain the subordinate key. In one example, the subordinate key may include but is not limited to a physical key, an intelligent digital key, etc. The generation of the subordinate key may be implemented through hardware, for example, a new key is made as a subordinate key according to the configuration information. The generation of the subordinate key may also be implemented through software, for example, the configuration information of an existing key is changed according to the configuration information, a new key is generated according to the configuration information, and the subordinate key is obtained. Specifically, the configuration information includes the first subkey corresponding to the slave key, and may also include but is not limited to the user authentication information of the slave key. The first subkey is used to encrypt the user operation data corresponding to the slave key. After obtaining the configuration information of the slave key, the configuration information of the slave key is encrypted using the first key to obtain the encrypted configuration information. In one example, the encrypted configuration information can be stored in the car key held by the user, and can also be stored in a preset storage area of the vehicle.
本公开实施例,用户可以在自己持有的车钥匙的基础上,生成从属钥匙,且从属钥匙对应有第一子密钥,并对利用车钥匙对应的第一密钥对从属钥匙的配置信息进行加密,在车辆临时出借等场景下,使用从属钥匙,被出借者无法查看用户的历史操作数据,保证了用户本身的历史操作数据的安全性;且利用第一子密钥对临时操作数据进行加密,实现了临时操作数据的加密保护,进一步提升了用户数据的加密保护强度,能够适用于更多应用场景。In the disclosed embodiment, a user can generate a subordinate key based on the car key he/she holds, and the subordinate key corresponds to a first subkey, and the configuration information of the subordinate key is encrypted using the first key corresponding to the car key. In scenarios such as temporary lending of the vehicle, the subordinate key is used, and the lender cannot view the user's historical operation data, thereby ensuring the security of the user's historical operation data. The temporary operation data is encrypted using the first subkey, thereby implementing encryption protection of the temporary operation data, further improving the encryption protection strength of the user data, and being applicable to more application scenarios.
在一个实施例中,所述方法还包括:In one embodiment, the method further comprises:
响应于所述从属钥匙对车辆的触发指令,确定所述从属钥匙对应的第一子密钥;In response to a triggering instruction of the slave key to the vehicle, determining a first subkey corresponding to the slave key;
响应于用户的第二操作指令,利用所述第一子密钥对所述第二操作指令对应的第二操作数据进行加密,得到加密后的第二操作数据。In response to a second operation instruction of the user, the second operation data corresponding to the second operation instruction is encrypted using the first subkey to obtain encrypted second operation data.
本公开实施例中,得到从属钥匙后,用户使用从属钥匙触发车辆时,利用从属钥匙发送对车辆的触发指令,响应于所述触发指令,获取从属钥匙对应的第一子密钥。在用户使用车辆时,发送第二操作指令,响应用户的第二操作指令,得到第二操作数据。利用第一子密钥对第二操作数据进行加密,得到加密后的第二操作数据。本实施例中,利用从属钥匙的第一子密钥对操作数据进行加密的流程与用户所持用的钥匙的第一密钥对操作数据进行加密的流程相似。在一个示例中,在确定从属钥匙对应的第一子密钥和响应用户的第二操作指令时,获取从属钥匙对应的用户认证信息,在所述用户认证信息与车辆的车辆认证信息相匹配的情况下,执行相应的操作。In the disclosed embodiment, after obtaining the slave key, when the user uses the slave key to trigger the vehicle, the slave key is used to send a trigger instruction to the vehicle, and in response to the trigger instruction, the first subkey corresponding to the slave key is obtained. When the user uses the vehicle, a second operation instruction is sent, and in response to the second operation instruction of the user, second operation data is obtained. The second operation data is encrypted using the first subkey to obtain the encrypted second operation data. In this embodiment, the process of encrypting the operation data using the first subkey of the slave key is similar to the process of encrypting the operation data using the first key of the key held by the user. In one example, when determining the first subkey corresponding to the slave key and responding to the second operation instruction of the user, the user authentication information corresponding to the slave key is obtained, and when the user authentication information matches the vehicle authentication information of the vehicle, the corresponding operation is performed.
本公开实施例,在从属钥匙的使用过程中,利用从属钥匙对应的第一子密钥对用户操作数据进行加密,实现了从属钥匙使用过程中对用户数据的加密保护,且与其他用户的操作数据相互独立,保证了从属钥匙使用者的操作数据的安全性,在提高车辆操作数据的安全性和可靠性的同时,适用于更多应用场景,提升了用户的体验感。In the embodiment of the present disclosure, during the use of the slave key, the user operation data is encrypted using the first subkey corresponding to the slave key, thereby realizing encryption protection of the user data during the use of the slave key, and being independent of the operation data of other users, thereby ensuring the security of the operation data of the slave key user. While improving the security and reliability of vehicle operation data, it is suitable for more application scenarios and enhances the user experience.
在一个实施例中,如图7所示,所述方法还包括:In one embodiment, as shown in FIG7 , the method further includes:
步骤S710,响应于用户的数据获取操作指令,获取所述数据获取操作指令对应的操作密钥; Step S710, in response to a data acquisition operation instruction from a user, acquiring an operation key corresponding to the data acquisition operation instruction;
步骤S720,在所述操作密钥与所述第一密钥相匹配的情况下,利用所述第一密钥对所述加密后的配置信息进行解密,得到所述配置信息;Step S720, when the operation key matches the first key, decrypt the encrypted configuration information using the first key to obtain the configuration information;
步骤S730,利用所述配置信息对应的所述第一子密钥对所述加密后的第二操作数据进行解密,得到所述第二操作数据。Step S730: Decrypt the encrypted second operation data using the first subkey corresponding to the configuration information to obtain the second operation data.
本公开实施例中,从属钥匙使用过程中产生的操作数据除了可以被从属钥匙使用者查看之外,还可以被从属钥匙所属的车钥匙的使用者访问。具体的,用户想要访问从属钥匙的操作数据时,使用车钥匙发送数据获取操作指令,响应于数据获取操作指令,获取数据获取操作指令对应的操作密钥,即发出数据获取操作指令的车钥匙对应的密钥。判断操作密钥与从属钥匙所属的车钥匙的第一密钥是否匹配,在操作密钥与所述第一密钥匹配的情况下,可以认为此时发送数据获取操作指令的车钥匙为从属钥匙所属的车钥匙。在从属钥匙的生成过程中,利用第一密钥对从属钥匙的配置信息进行了加密,此时,利用第一密钥对解密后的配置信息进行解密,得到从属钥匙的配置信息。根据所述配置信息可以确定从属钥匙对应的第一子密钥,利用获取到的第一子密钥对加密后的第二操作数据进行解密,可以得到第二操作数据,用户可对第二操作数据进行查看访问。In the disclosed embodiment, the operation data generated during the use of the slave key can be viewed by the user of the slave key and can also be accessed by the user of the car key to which the slave key belongs. Specifically, when the user wants to access the operation data of the slave key, the car key is used to send a data acquisition operation instruction. In response to the data acquisition operation instruction, the operation key corresponding to the data acquisition operation instruction is obtained, that is, the key corresponding to the car key that issued the data acquisition operation instruction. It is determined whether the operation key matches the first key of the car key to which the slave key belongs. If the operation key matches the first key, it can be considered that the car key that sends the data acquisition operation instruction at this time is the car key to which the slave key belongs. In the generation process of the slave key, the configuration information of the slave key is encrypted using the first key. At this time, the decrypted configuration information is decrypted using the first key to obtain the configuration information of the slave key. According to the configuration information, the first subkey corresponding to the slave key can be determined. The encrypted second operation data can be decrypted using the obtained first subkey to obtain the second operation data, and the user can view and access the second operation data.
本公开实施例,从属钥匙的使用过程中产生的操作数据可以被从属钥匙所属的车钥匙的使用者访问,由于在从属钥匙的生成过程中,利用车钥匙的第一密钥对配置信息进行了加密,因此,可以利用第一密钥解密得到配置信息,从而得到第一子密钥,对加密后的第二操作数据进行解密访问,通过本公开实施例,既能够保证从属钥匙使用过程中操作数据的隐私性和安全性,也能够保证从属钥匙所属的车钥匙的使用者及时获取车辆在从属钥匙使用过程中的操作数据,基于从属钥匙和车钥匙之间的关系,对从属钥匙和车钥匙的数据访问范围进行限制,保证了车钥匙的使用者对车辆数据的掌控,提高了车辆临时借用等情况的安全性和可靠性,能够适用于更多应用场景,提升了用户的体验感。In the disclosed embodiment, the operation data generated during the use of the slave key can be accessed by the user of the car key to which the slave key belongs. Since the configuration information is encrypted using the first key of the car key during the generation of the slave key, the configuration information can be decrypted using the first key, thereby obtaining the first subkey, and decrypting and accessing the encrypted second operation data. Through the disclosed embodiment, the privacy and security of the operation data during the use of the slave key can be guaranteed, and the user of the car key to which the slave key belongs can also obtain the operation data of the vehicle during the use of the slave key in a timely manner. Based on the relationship between the slave key and the car key, the data access scope of the slave key and the car key is restricted, thereby ensuring the control of the vehicle data by the user of the car key, improving the security and reliability of temporary borrowing of the vehicle, etc., and being applicable to more application scenarios, thereby enhancing the user experience.
在一个实施例中,在所述得到加密后的第一操作数据,之后还包括:In one embodiment, after obtaining the encrypted first operation data, the method further includes:
确定与所述第一密钥相对应的目标存储区域;determining a target storage area corresponding to the first key;
将所述加密后的第一操作数据存储至所述目标存储区域。The encrypted first operation data is stored in the target storage area.
本公开实施例中,加密得到第一操作数据后,确定与第一密钥相对应的目标存储区域,将加密后的第一操作数据存储到目标存储区域,其中,目标存储区域通常设置于车辆中。当存在多个第一密钥时,每个第一密钥对应有一个存储区域,用于存储对应的加密后的操作数据。在一个示例中,在从属钥匙的使用过程中,产生的加密后的数据可以存储于从属钥匙所属的车钥匙的第一密钥对应的存储区域中。在一个示例中,当第一密钥存在对应的 第二密钥时,可以设置一个第二密钥对应一个存储区域,一个第二密钥可以对应有多个第一密钥,此时,一个存储区域也可以对应有多个第一密钥。In the disclosed embodiment, after the first operation data is encrypted, the target storage area corresponding to the first key is determined, and the encrypted first operation data is stored in the target storage area, wherein the target storage area is usually set in the vehicle. When there are multiple first keys, each first key corresponds to a storage area for storing the corresponding encrypted operation data. In one example, during the use of the slave key, the generated encrypted data can be stored in the storage area corresponding to the first key of the vehicle key to which the slave key belongs. In one example, when the first key has a corresponding When a second key is used, one second key may correspond to one storage area, and one second key may correspond to multiple first keys. In this case, one storage area may also correspond to multiple first keys.
本公开实施例,对存储加密数据的存储区域进行划分,不同第一密钥可以对应有不同的存储区域,实现了多用户情况下不同用户的操作数据的分离,进一步提升了用户操作数据的安全性和可靠性,避免了多用户场景下数据存储混乱造成的数据丢失等问题,提升了用户的体验感。In the disclosed embodiment, the storage area for storing encrypted data is divided, and different first keys may correspond to different storage areas, thereby realizing the separation of operation data of different users in a multi-user situation, further improving the security and reliability of user operation data, avoiding problems such as data loss caused by chaotic data storage in a multi-user scenario, and improving the user experience.
图8为根据一示例性实施例示出的一种从属钥匙的数据访问方法的流程示意图,参考图8所示,主用户可以为临时用户生成从属钥匙,从属钥匙对应有子密钥,且主用户的钥匙中存储有加密后的子密钥密文。临时用户在利用从属钥匙使用车辆过程中,产生的临时操作数据经过加密系统进行加密后存储于存储系统中,其中,加密时,利用从属钥匙对应的子密钥进行加密。在一个示例中,临时用户产生的操作数据可以与主用户的历史操作数据存储于同一存储区域中的不同位置。主用户的操作数据为利用钥匙对应的第一密钥或第二密钥进行加密得到,临时用户使用从属钥匙无法访问主用户的历史操作数据,保证了主用户的操作数据的安全性。主用户可以访问临时用户的操作数据,在主用户访问临时用户的操作数据时,响应于数据获取的操作指令,利用钥匙对子密钥密文进行解密,可以得到子密钥,主用户可以通过子密钥对加密后的临时操作数据进行解密,得到临时操作数据,从而实现了对临时操作数据的访问查看。FIG8 is a flow chart of a data access method of a slave key according to an exemplary embodiment. Referring to FIG8 , a master user can generate a slave key for a temporary user. The slave key corresponds to a subkey, and the encrypted subkey ciphertext is stored in the key of the master user. When the temporary user uses the slave key to use the vehicle, the temporary operation data generated is encrypted by the encryption system and stored in the storage system, wherein the encryption is performed using the subkey corresponding to the slave key. In one example, the operation data generated by the temporary user can be stored in different locations in the same storage area as the historical operation data of the master user. The operation data of the master user is encrypted using the first key or the second key corresponding to the key. The temporary user cannot access the historical operation data of the master user using the slave key, thereby ensuring the security of the operation data of the master user. The master user can access the operation data of the temporary user. When the master user accesses the operation data of the temporary user, in response to the operation instruction of data acquisition, the subkey ciphertext is decrypted using the key to obtain the subkey. The master user can decrypt the encrypted temporary operation data using the subkey to obtain the temporary operation data, thereby realizing the access and viewing of the temporary operation data.
通过本公开实施例,在车辆临时借出等场景下,临时用户无法使用访问主用户的数据,且临时用户产生的数据仅能够被临时用户和对应的主用户访问,无法被其他人查看,既保证了主用户的数据的隐私性,也保证了临时用户的数据的安全性。且主用户可以查看临时用户的车辆使用数据,提升了车辆的安全性和可靠性,提升了主用户的体验感。Through the disclosed embodiments, in scenarios such as temporary vehicle lending, the temporary user cannot access the data of the primary user, and the data generated by the temporary user can only be accessed by the temporary user and the corresponding primary user, and cannot be viewed by others, which ensures both the privacy of the primary user's data and the security of the temporary user's data. The primary user can view the vehicle usage data of the temporary user, which improves the safety and reliability of the vehicle and the primary user's experience.
应该理解的是,虽然附图的流程图中的各个步骤按照箭头的指示依次显示,但是这些步骤并不是必然按照箭头指示的顺序依次执行。除非本文中有明确的说明,这些步骤的执行并没有严格的顺序限制,这些步骤可以以其它的顺序执行。而且,附图中的至少一部分步骤可以包括多个步骤或者多个阶段,这些步骤或者阶段并不必然是在同一时刻执行完成,而是可以在不同的时刻执行,这些步骤或者阶段的执行顺序也不必然是依次进行,而是可以与其它步骤或者其它步骤中的步骤或者阶段的至少一部分轮流或者交替地执行。It should be understood that, although the steps in the flowchart of the accompanying drawings are displayed in sequence as indicated by the arrows, these steps are not necessarily executed in sequence in the order indicated by the arrows. Unless otherwise specified herein, there is no strict order restriction on the execution of these steps, and these steps can be executed in other orders. Moreover, at least a portion of the steps in the accompanying drawings may include multiple steps or multiple stages, and these steps or stages are not necessarily executed at the same time, but can be executed at different times, and the execution order of these steps or stages is not necessarily sequential, but can be executed in turn or alternately with other steps or at least a portion of the steps or stages in other steps.
基于同样的发明构思,本公开实施例还提供了一种用于实现上述所涉及的数据的处理方法的数据的处理装置。该装置所提供的解决问题的实现方案与上述方法中所记载的实现方案相似,故下面所提供的一个或多个数据的处理装置实施例中的具体限定可以参见上文 中对于数据的处理方法的限定,在此不再赘述。Based on the same inventive concept, the embodiment of the present disclosure also provides a data processing device for implementing the data processing method involved above. The implementation scheme for solving the problem provided by the device is similar to the implementation scheme recorded in the above method, so the specific limitations of one or more data processing device embodiments provided below can be referred to above. The limitations on the data processing method in the description will not be repeated here.
在一个实施例中,如图9所示,提供了一种数据的处理装置900,包括:In one embodiment, as shown in FIG9 , a data processing device 900 is provided, including:
确定模块910,用于响应于车钥匙对车辆的触发指令,确定所述车钥匙对应的第一密钥;A determination module 910, configured to determine a first key corresponding to the vehicle key in response to a triggering instruction of the vehicle key to the vehicle;
加密模块920,用于响应于用户的第一操作指令,根据所述第一密钥对所述第一操作指令对应的第一操作数据进行加密,得到加密后的第一操作数据。The encryption module 920 is used to respond to a first operation instruction of the user and encrypt first operation data corresponding to the first operation instruction according to the first key to obtain the encrypted first operation data.
在一个实施例中,在所述确定模块,之后还包括:In one embodiment, the determining module further comprises:
第一解密模块,用于利用所述第一密钥对所述车辆的密钥信息进行解密,得到与所述第一密钥相匹配的第二密钥;a first decryption module, used to decrypt the key information of the vehicle using the first key to obtain a second key matching the first key;
所述加密模块,包括:The encryption module comprises:
第一加密子模块,用于利用所述第二密钥对所述第一操作指令对应的第一操作数据进行加密。The first encryption submodule is used to encrypt the first operation data corresponding to the first operation instruction by using the second key.
在一个实施例中,所述加密模块,包括:In one embodiment, the encryption module includes:
接收模块,用于接收用户的第一操作指令,获取所述车钥匙对应的用户认证信息;A receiving module, used to receive a first operation instruction from a user and obtain user authentication information corresponding to the vehicle key;
响应模块,用于在所述用户认证信息与所述车辆对应的车辆认证信息相匹配的情况下,响应所述第一操作指令。A response module is used to respond to the first operation instruction when the user authentication information matches the vehicle authentication information corresponding to the vehicle.
在一个实施例中,所述确定模块,包括:In one embodiment, the determining module includes:
第一获取模块,用于响应于车钥匙对车辆的触发指令,获取所述车钥匙对应的用户认证信息;A first acquisition module, configured to acquire user authentication information corresponding to the vehicle key in response to a trigger instruction of the vehicle key to the vehicle;
第二获取模块,用于在所述用户认证信息与所述车辆对应的车辆认证信息相匹配的情况下,获取所述车钥匙对应的第一密钥。The second acquisition module is used to acquire a first key corresponding to the vehicle key when the user authentication information matches the vehicle authentication information corresponding to the vehicle.
在一个实施例中,所述装置还包括:In one embodiment, the apparatus further comprises:
生成模块,用于响应于用户的从属钥匙的生成触发指令,生成从属钥匙的配置信息,其中,所述配置信息包括所述从属钥匙对应的第一子密钥;A generation module, configured to generate configuration information of a subordinate key in response to a generation trigger instruction of a subordinate key from a user, wherein the configuration information includes a first subkey corresponding to the subordinate key;
第二加密子模块,用于利用所述第一密钥对所述配置信息进行加密,得到加密后的配置信息。The second encryption submodule is used to encrypt the configuration information using the first key to obtain encrypted configuration information.
在一个实施例中,所述装置还包括:In one embodiment, the apparatus further comprises:
第一确定子模块,用于响应于所述从属钥匙对车辆的触发指令,确定所述从属钥匙对应的第一子密钥;A first determination submodule, configured to determine a first subkey corresponding to the slave key in response to a trigger instruction of the slave key to the vehicle;
第三加密子模块,用于响应于用户的第二操作指令,利用所述第一子密钥对所述第二 操作指令对应的第二操作数据进行加密,得到加密后的第二操作数据。The third encryption submodule is used to respond to the second operation instruction of the user by using the first subkey to encrypt the second The second operation data corresponding to the operation instruction is encrypted to obtain encrypted second operation data.
在一个实施例中,所述装置还包括:In one embodiment, the apparatus further comprises:
第三获取模块,用于响应于用户的数据获取操作指令,获取所述数据获取操作指令对应的操作密钥;A third acquisition module, configured to respond to a data acquisition operation instruction of a user and acquire an operation key corresponding to the data acquisition operation instruction;
第二解密模块,用于在所述操作密钥与所述第一密钥相匹配的情况下,利用所述第一密钥对所述加密后的配置信息进行解密,得到所述配置信息;a second decryption module, configured to decrypt the encrypted configuration information using the first key to obtain the configuration information when the operation key matches the first key;
第三解密模块,用于利用所述配置信息对应的所述第一子密钥对所述加密后的第二操作数据进行解密,得到所述第二操作数据。The third decryption module is used to decrypt the encrypted second operation data using the first subkey corresponding to the configuration information to obtain the second operation data.
在一个实施例中,在所述加密模块,之后还包括:In one embodiment, the encryption module further comprises:
第二确定子模块,用于确定与所述第一密钥相对应的目标存储区域;A second determination submodule, used to determine a target storage area corresponding to the first key;
存储模块,用于将所述加密后的第一操作数据存储至所述目标存储区域。The storage module is used to store the encrypted first operation data in the target storage area.
上述数据的处理装置中的各个模块可全部或部分通过软件、硬件及其组合来实现。上述各模块可以硬件形式内嵌于或独立于计算机设备中的处理器中,也可以以软件形式存储于计算机设备中的存储器中,以便于处理器调用执行以上各个模块对应的操作。Each module in the above data processing device can be implemented in whole or in part by software, hardware, or a combination thereof. Each module can be embedded in or independent of a processor in a computer device in the form of hardware, or can be stored in a memory in a computer device in the form of software, so that the processor can call and execute operations corresponding to each module.
在一个实施例中,提供了一种车辆,该计算机设备可以包括服务器,其内部结构图可以如图10所示。该车辆包括通过系统总线连接的处理器、存储器和网络接口。其中,该车辆的处理器用于提供计算和控制能力。该车辆的存储器包括非易失性存储介质、内存储器。该非易失性存储介质存储有操作系统、计算机程序和数据库。该内存储器为非易失性存储介质中的操作系统和计算机程序的运行提供环境。该车辆的数据库用于存储用户的操作数据等数据。该车辆的网络接口用于与外部的终端通过网络连接通信。该计算机程序被处理器执行时以实现一种数据的处理方法。In one embodiment, a vehicle is provided, and the computer device may include a server, and its internal structure diagram may be shown in Figure 10. The vehicle includes a processor, a memory, and a network interface connected via a system bus. Among them, the processor of the vehicle is used to provide computing and control capabilities. The memory of the vehicle includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of the operating system and the computer program in the non-volatile storage medium. The database of the vehicle is used to store data such as user operation data. The network interface of the vehicle is used to communicate with an external terminal via a network connection. When the computer program is executed by the processor, a data processing method is implemented.
本领域技术人员可以理解,图10中示出的结构,仅仅是与本公开实施例方案相关的部分结构的框图,并不构成对本公开实施例方案所应用于其上的车辆的限定,具体的车辆可以包括比图中所示更多或更少的部件,或者组合某些部件,或者具有不同的部件布置。Those skilled in the art will understand that the structure shown in FIG. 10 is merely a block diagram of a partial structure related to the embodiment of the present disclosure, and does not constitute a limitation on the vehicle to which the embodiment of the present disclosure is applied. A specific vehicle may include more or fewer components than shown in the figure, or combine certain components, or have a different arrangement of components.
在一个实施例中,还提供了一种车辆,包括存储器和处理器,存储器中存储有计算机程序,该处理器执行计算机程序时实现上述各方法实施例中的步骤。In one embodiment, a vehicle is further provided, including a memory and a processor, wherein a computer program is stored in the memory, and the processor implements the steps in the above-mentioned method embodiments when executing the computer program.
在一个实施例中,提供了一种计算机可读存储介质,其上存储有计算机程序,该计算机程序被处理器执行时实现上述各方法实施例中的步骤。In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored. When the computer program is executed by a processor, the steps in the above-mentioned method embodiments are implemented.
在一个实施例中,提供了一种计算机程序产品,包括计算机程序,该计算机程序被处理器执行时实现上述各方法实施例中的步骤。 In one embodiment, a computer program product is provided, including a computer program, which implements the steps in the above method embodiments when executed by a processor.
需要说明的是,本公开实施例所涉及的用户信息(包括但不限于用户设备信息、用户个人信息等)和数据(包括但不限于用于分析的数据、存储的数据、展示的数据等),均为经用户授权或者经过各方充分授权的信息和数据。It should be noted that the user information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data used for analysis, stored data, displayed data, etc.) involved in the embodiments of the present disclosure are all information and data authorized by the user or fully authorized by all parties.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,是可以通过计算机程序来指令相关的硬件来完成,所述的计算机程序可存储于一非易失性计算机可读取存储介质中,该计算机程序在执行时,可包括如上述各方法的实施例的流程。其中,本公开实施例所提供的各实施例中所使用的对存储器、数据库或其它介质的任何引用,均可包括非易失性和易失性存储器中的至少一种。非易失性存储器可包括只读存储器(Read-Only Memory,ROM)、磁带、软盘、闪存、光存储器、高密度嵌入式非易失性存储器、阻变存储器(ReRAM)、磁变存储器(Magnetoresistive Random Access Memory,MRAM)、铁电存储器(Ferroelectric Random Access Memory,FRAM)、相变存储器(Phase Change Memory,PCM)、石墨烯存储器等。易失性存储器可包括随机存取存储器(Random Access Memory,RAM)或外部高速缓冲存储器等。作为说明而非局限,RAM可以是多种形式,比如静态随机存取存储器(Static Random Access Memory,SRAM)或动态随机存取存储器(Dynamic Random Access Memory,DRAM)等。本公开实施例所提供的各实施例中所涉及的数据库可包括关系型数据库和非关系型数据库中至少一种。非关系型数据库可包括基于区块链的分布式数据库等,不限于此。本公开实施例所提供的各实施例中所涉及的处理器可为通用处理器、中央处理器、图形处理器、数字信号处理器、可编程逻辑器、基于量子计算的数据处理逻辑器等,不限于此。A person of ordinary skill in the art can understand that all or part of the processes in the above-mentioned embodiments can be implemented by instructing the relevant hardware through a computer program. The computer program can be stored in a non-volatile computer-readable storage medium. When the computer program is executed, it can include the processes of the embodiments of the above-mentioned methods. Among them, any reference to the memory, database or other medium used in the embodiments provided in the embodiments of the present disclosure can include at least one of non-volatile and volatile memory. Non-volatile memory can include read-only memory (ROM), magnetic tape, floppy disk, flash memory, optical memory, high-density embedded non-volatile memory, resistive random access memory (ReRAM), magnetoresistive random access memory (MRAM), ferroelectric random access memory (FRAM), phase change memory (PCM), graphene memory, etc. Volatile memory can include random access memory (RAM) or external cache memory, etc. As an illustration and not limitation, RAM can be in various forms, such as static random access memory (SRAM) or dynamic random access memory (DRAM). The database involved in each embodiment provided in the present disclosure may include at least one of a relational database and a non-relational database. Non-relational databases may include distributed databases based on blockchain, etc., but are not limited to this. The processor involved in each embodiment provided in the present disclosure may be a general-purpose processor, a central processing unit, a graphics processor, a digital signal processor, a programmable logic unit, a data processing logic unit based on quantum computing, etc., but are not limited to this.
以上实施例的各技术特征可以进行任意的组合,为使描述简洁,未对上述实施例中的各个技术特征所有可能的组合都进行描述,然而,只要这些技术特征的组合不存在矛盾,都应当认为是本说明书记载的范围。The technical features of the above embodiments may be arbitrarily combined. To make the description concise, not all possible combinations of the technical features in the above embodiments are described. However, as long as there is no contradiction in the combination of these technical features, they should be considered to be within the scope of this specification.
以上所述实施例仅表达了本公开实施例的几种实施方式,其描述较为具体和详细,但并不能因此而理解为对本公开实施例专利范围的限制。应当指出的是,对于本领域的普通技术人员来说,在不脱离本公开实施例构思的前提下,还可以做出若干变形和改进,这些都属于本公开实施例的保护范围。因此,本公开实施例的保护范围应以所附权利要求为准。 The above-described embodiments only express several implementation methods of the embodiments of the present disclosure, and the descriptions thereof are relatively specific and detailed, but they cannot be understood as limiting the scope of the patent of the embodiments of the present disclosure. It should be pointed out that, for those of ordinary skill in the art, several variations and improvements can be made without departing from the concept of the embodiments of the present disclosure, and these all belong to the protection scope of the embodiments of the present disclosure. Therefore, the protection scope of the embodiments of the present disclosure shall be subject to the attached claims.

Claims (10)

  1. 一种数据的处理方法,其特征在于,所述方法包括:A data processing method, characterized in that the method comprises:
    响应于车钥匙对车辆的触发指令,确定所述车钥匙对应的第一密钥;In response to a triggering instruction of a vehicle key to a vehicle, determining a first key corresponding to the vehicle key;
    响应于用户的第一操作指令,根据所述第一密钥对所述第一操作指令对应的第一操作数据进行加密,得到加密后的第一操作数据。In response to a first operation instruction of the user, first operation data corresponding to the first operation instruction is encrypted according to the first key to obtain encrypted first operation data.
  2. 根据权利要求1所述的方法,其特征在于,在所述确定所述车钥匙对应的第一密钥,之后还包括:The method according to claim 1, characterized in that, after determining the first key corresponding to the vehicle key, it also includes:
    利用所述第一密钥对所述车辆的密钥信息进行解密,得到与所述第一密钥相匹配的第二密钥;Decrypting the key information of the vehicle using the first key to obtain a second key matching the first key;
    所述根据所述第一密钥对所述第一操作指令对应的第一操作数据进行加密,包括:The encrypting the first operation data corresponding to the first operation instruction according to the first key includes:
    利用所述第二密钥对所述第一操作指令对应的第一操作数据进行加密。The first operation data corresponding to the first operation instruction is encrypted using the second key.
  3. 根据权利要求1或2所述的方法,其特征在于,所述响应于用户的第一操作指令,包括:The method according to claim 1 or 2, characterized in that the responding to the first operation instruction of the user comprises:
    接收用户的第一操作指令,获取所述车钥匙对应的用户认证信息;Receiving a first operation instruction from a user, and obtaining user authentication information corresponding to the vehicle key;
    在所述用户认证信息与所述车辆对应的车辆认证信息相匹配的情况下,响应所述第一操作指令。In a case where the user authentication information matches the vehicle authentication information corresponding to the vehicle, respond to the first operation instruction.
  4. 根据权利要求1至3任一项所述的方法,其特征在于,所述响应于车钥匙对车辆的触发指令,确定所述车钥匙对应的第一密钥,包括:The method according to any one of claims 1 to 3, characterized in that the step of determining the first key corresponding to the vehicle key in response to a triggering instruction of the vehicle by the vehicle key comprises:
    响应于车钥匙对车辆的触发指令,获取所述车钥匙对应的用户认证信息;In response to a triggering instruction of a vehicle key to a vehicle, obtaining user authentication information corresponding to the vehicle key;
    在所述用户认证信息与所述车辆对应的车辆认证信息相匹配的情况下,获取所述车钥匙对应的第一密钥。In a case where the user authentication information matches the vehicle authentication information corresponding to the vehicle, a first key corresponding to the vehicle key is obtained.
  5. 根据权利要求1至4任一项所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1 to 4, characterized in that the method further comprises:
    响应于用户的从属钥匙的生成触发指令,生成从属钥匙的配置信息,其中,所述配置信息包括所述从属钥匙对应的第一子密钥;In response to a user's trigger instruction for generating a subordinate key, generating configuration information of the subordinate key, wherein the configuration information includes a first subkey corresponding to the subordinate key;
    利用所述第一密钥对所述配置信息进行加密,得到加密后的配置信息。The configuration information is encrypted using the first key to obtain encrypted configuration information.
  6. 根据权利要求5所述的方法,其特征在于,所述方法还包括:The method according to claim 5, characterized in that the method further comprises:
    响应于所述从属钥匙对车辆的触发指令,确定所述从属钥匙对应的第一子密钥;In response to a triggering instruction of the slave key to the vehicle, determining a first subkey corresponding to the slave key;
    响应于用户的第二操作指令,利用所述第一子密钥对所述第二操作指令对应的第二操作数据进行加密,得到加密后的第二操作数据。In response to a second operation instruction of the user, the second operation data corresponding to the second operation instruction is encrypted using the first subkey to obtain encrypted second operation data.
  7. 一种数据的处理装置,其特征在于,所述装置包括: A data processing device, characterized in that the device comprises:
    确定模块,用于响应于车钥匙对车辆的触发指令,确定所述车钥匙对应的第一密钥;A determination module, configured to determine a first key corresponding to the vehicle key in response to a triggering instruction of the vehicle key to the vehicle;
    加密模块,用于响应于用户的第一操作指令,根据所述第一密钥对所述第一操作指令对应的第一操作数据进行加密,得到加密后的第一操作数据。The encryption module is used to respond to a first operation instruction of a user and encrypt first operation data corresponding to the first operation instruction according to the first key to obtain the encrypted first operation data.
  8. 一种车辆,包括存储器和处理器,所述存储器存储有计算机程序,其特征在于,所述处理器执行所述计算机程序时实现权利要求1至6中任一项所述的数据的处理方法的步骤。A vehicle comprises a memory and a processor, wherein the memory stores a computer program, and wherein the processor implements the steps of the data processing method according to any one of claims 1 to 6 when executing the computer program.
  9. 一种计算机可读存储介质,其上存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现权利要求1至6中任一项所述的数据的处理方法的步骤。A computer-readable storage medium having a computer program stored thereon, characterized in that when the computer program is executed by a processor, the steps of the data processing method described in any one of claims 1 to 6 are implemented.
  10. 一种计算机程序产品,包括计算机程序,其特征在于,该计算机程序被处理器执行时实现权利要求1至6中任一项所述的数据的处理方法的步骤。 A computer program product, comprising a computer program, characterized in that when the computer program is executed by a processor, the steps of the data processing method described in any one of claims 1 to 6 are implemented.
PCT/CN2023/126811 2022-12-06 2023-10-26 Data processing method and device, vehicle, and storage medium WO2024120039A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202211556372.3A CN118153068A (en) 2022-12-06 2022-12-06 Data processing method, device, vehicle and storage medium
CN202211556372.3 2022-12-06

Publications (1)

Publication Number Publication Date
WO2024120039A1 true WO2024120039A1 (en) 2024-06-13

Family

ID=91290788

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2023/126811 WO2024120039A1 (en) 2022-12-06 2023-10-26 Data processing method and device, vehicle, and storage medium

Country Status (2)

Country Link
CN (1) CN118153068A (en)
WO (1) WO2024120039A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109684866A (en) * 2018-11-19 2019-04-26 北京计算机技术及应用研究所 A kind of safe USB disk system for supporting multi-user data to protect
CN110148239A (en) * 2019-05-16 2019-08-20 东风小康汽车有限公司重庆分公司 A kind of authorization method and system of Intelligent key
CN111414628A (en) * 2019-01-08 2020-07-14 阿里巴巴集团控股有限公司 Data storage method and device and computing equipment
KR20220146978A (en) * 2021-04-26 2022-11-02 주식회사 아이카 Method of secured sharing of vehicle key

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109684866A (en) * 2018-11-19 2019-04-26 北京计算机技术及应用研究所 A kind of safe USB disk system for supporting multi-user data to protect
CN111414628A (en) * 2019-01-08 2020-07-14 阿里巴巴集团控股有限公司 Data storage method and device and computing equipment
CN110148239A (en) * 2019-05-16 2019-08-20 东风小康汽车有限公司重庆分公司 A kind of authorization method and system of Intelligent key
KR20220146978A (en) * 2021-04-26 2022-11-02 주식회사 아이카 Method of secured sharing of vehicle key

Also Published As

Publication number Publication date
CN118153068A (en) 2024-06-07

Similar Documents

Publication Publication Date Title
CN109144961B (en) Authorization file sharing method and device
CN111488598B (en) Access control method, device, computer equipment and storage medium
WO2021103794A1 (en) Method for realizing highly efficient privacy-preserving transaction in blockchain, and device
WO2021179743A1 (en) Method and apparatus for querying account privacy information in blockchain
CN110881063B (en) Storage method, device, equipment and medium of private data
WO2018076761A1 (en) Block chain-based transaction permission control method and system, electronic device, and storage medium
EP3073669B1 (en) Methods and systems for key generation
US9954826B2 (en) Scalable and secure key management for cryptographic data processing
CN101908106B (en) Memory system with versatile content control
EP3984161B1 (en) Cryptographic key generation using external entropy generation
US8245031B2 (en) Content control method using certificate revocation lists
US9721071B2 (en) Binding of cryptographic content using unique device characteristics with server heuristics
CN110580412B (en) Permission query configuration method and device based on chain codes
US7877604B2 (en) Proof of execution using random function
CN110572258B (en) A cloud cryptographic computing platform and computing service method
CN112954000A (en) Privacy information management method and system based on block chain and IPFS technology
CN114239046A (en) data sharing method
WO2022206453A1 (en) Method and apparatus for providing cross-chain private data
US8572372B2 (en) Method for selectively enabling access to file systems of mobile terminals
KR20090052321A (en) Content Control System and Method Using Multifunctional Control Structure
CN114091058A (en) Method and system for secure sharing of data between a first area and a second area
WO2021114885A1 (en) Sensitive information protection method and apparatus, computer device, and storage medium
CN114239062B (en) A fine-grained cloud data access control method integrating time and location attributes
WO2024120039A1 (en) Data processing method and device, vehicle, and storage medium
CN116366289B (en) Safety supervision method and device for remote sensing data of unmanned aerial vehicle

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23899620

Country of ref document: EP

Kind code of ref document: A1