CN116011042A - Data storage method, device, system, computer equipment and storage medium - Google Patents
Data storage method, device, system, computer equipment and storage medium Download PDFInfo
- Publication number
- CN116011042A CN116011042A CN202211614508.1A CN202211614508A CN116011042A CN 116011042 A CN116011042 A CN 116011042A CN 202211614508 A CN202211614508 A CN 202211614508A CN 116011042 A CN116011042 A CN 116011042A
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- data
- encryption key
- key
- certificate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The present application relates to a data storage method, apparatus, computer device, storage medium and computer program product. The method comprises the following steps: acquiring driving data; encrypting the driving data according to a second encryption key to obtain a first ciphertext; encrypting the second encryption key according to the first encryption key to obtain a second ciphertext; signing the first ciphertext according to a device private key to obtain a first signature value; and storing the first ciphertext, the second ciphertext and the first signature value locally. After the encryption authentication in various modes is adopted, the first ciphertext, the second ciphertext and the first signature value after the encryption authentication are stored, so that the safety of data storage is ensured.
Description
Technical Field
The present application relates to the field of data storage technology, and in particular, to a data storage method, apparatus, computer device, storage medium, and computer program product.
Background
With the development of the automobile industry, automobile driving safety is receiving more and more attention. The automobile driving data recording system records and stores the driving speed, time and mileage of the automobile and other state information related to the driving of the automobile, and can realize data output through an interface. For example, the method can be used for recording the running state, the motion parameters, the driver state and the operating condition of the vehicle and the service condition of the vehicle before and after the accident, sensing, decision making, control related data and driver or safety state data of the automatic driving vehicle, and supporting the recording and storage of image or video data.
In the prior art, an automobile driving data recording system acquires driving data of an automobile, and the original driving data is directly stored in a preset storage space in a plaintext form.
However, in the current recording method of driving data of an automobile, privacy information contained in driving data stored in a preset storage space cannot be protected, and the driving data is also easily tampered and falsified, resulting in lower driving data security.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a data storage method, apparatus, computer device, computer readable storage medium, and computer program product that address the above-described issues.
In a first aspect, the present application provides a data storage method. The method comprises the following steps:
acquiring driving data;
encrypting the driving data according to a second encryption key to obtain a first ciphertext;
encrypting the second encryption key according to the first encryption key to obtain a second ciphertext;
signing the first ciphertext according to a device private key to obtain a first signature value;
and storing the first ciphertext, the second ciphertext and the first signature value locally.
In one embodiment, the method further comprises:
Acquiring fixed head information, splicing the fixed head information with the driving data to obtain first spliced data, and taking the first spliced data as the processed driving data;
the driving data is encrypted according to the second encryption key to obtain a first ciphertext, which comprises:
and encrypting the first spliced data according to the second encryption key to obtain the first ciphertext.
In one embodiment, the encrypting the driving data according to the second encryption key to obtain a first ciphertext includes:
acquiring a random number, and splicing the random number with the first splicing data to obtain target first splicing data;
and encrypting the target first spliced data according to the second encryption key to obtain the first ciphertext.
In one embodiment, after said storing the first ciphertext, the second ciphertext, and the first signature value locally, further comprises:
verifying the first signature value through a device public key to obtain a first verification result;
under the condition that the first verification result is that verification is successful, decrypting the second ciphertext according to the first encryption key to obtain the second encryption key;
And decrypting the first ciphertext according to the second encryption key to obtain the decrypted driving data.
In one embodiment, the encrypting the driving data according to the second encryption key further includes, before obtaining the first ciphertext:
receiving a device public key and a device private key sent by a verification terminal;
acquiring vehicle information, splicing the vehicle information and the equipment public key to obtain second spliced data, and signing the second spliced data through the equipment private key to obtain a second signature value;
splicing the second splicing data and the second signature value, generating a certificate signature request according to a splicing result, and sending the certificate signature request to a verification end;
and receiving a device certificate and a first encryption key which are sent by the verification end in response to the certificate signing request, and storing the device certificate and the first encryption key to a local place, wherein the device certificate is the device certificate issued by the verification end.
In a second aspect, the present application also provides a data storage device. The device comprises:
the acquisition module is used for acquiring driving data;
the first encryption module is used for encrypting the driving data according to the second encryption key to obtain a first ciphertext;
The second encryption module is used for encrypting the second encryption key according to the first encryption key to obtain a second ciphertext;
the signature module is used for signing the first ciphertext according to the equipment private key to obtain a first signature value;
and the storage module is used for storing the first ciphertext, the second ciphertext and the first signature value to the local.
In one embodiment, the acquisition module further comprises:
the first acquisition module is used for acquiring fixed head information, splicing the fixed head information with the driving data to obtain first spliced data, and taking the first spliced data as the processed driving data;
the first encryption module is specifically configured to encrypt the first spliced data according to the second encryption key to obtain the first ciphertext.
In one embodiment, the first encryption module is specifically configured to:
acquiring a random number, and splicing the random number with the first splicing data to obtain target first splicing data;
and encrypting the target first spliced data according to the second encryption key to obtain the first ciphertext.
In one embodiment, after the storage module, the method further includes:
The verification module is used for verifying the first signature value through the equipment public key to obtain a first verification result;
the first decryption module is used for decrypting the second ciphertext according to the first encryption key to obtain the second encryption key under the condition that the first verification result is that the verification is successful;
and the second decryption module is used for decrypting the first ciphertext according to the second encryption key to obtain the decrypted driving data.
In one embodiment, before the module is acquired, the method further includes:
the receiving module is used for receiving the equipment public key and the equipment private key which are sent by the verification terminal;
the second signature module is used for acquiring vehicle information, splicing the vehicle information with the equipment public key to obtain second spliced data, and signing the second spliced data through the equipment private key to obtain a second signature value;
the sending module is used for splicing the second splicing data and the second signature value, generating a certificate signature request according to a splicing result, and sending the certificate signature request to the verification end;
the second receiving module is used for receiving the equipment certificate and the first encryption key which are sent by the verification end in response to the certificate signing request, and storing the equipment certificate and the first encryption key to the local, wherein the equipment certificate is the equipment certificate issued by the verification end.
In a third aspect, the present application also provides a data storage system, the system comprising:
the verification terminal is used for verifying the driving data, generating a first encryption key, a device public key and a device private key, and transmitting the first encryption key, the device public key and the device private key to the data storage terminal;
the data storage end is used for acquiring driving data; encrypting the driving data according to a second encryption key to obtain a first ciphertext; encrypting the second encryption key according to the first encryption key to obtain a second ciphertext; signing the first ciphertext according to a device private key to obtain a first signature value; and storing the first ciphertext, the second ciphertext and the first signature value locally.
In one embodiment, the verification terminal is specifically configured to generate a first encryption key, a device public key, and a device private key, and send the first encryption key, the device public key, and the device private key to the data storage terminal;
receiving a certificate signing request sent by a data storage end, wherein the certificate signing request comprises second splicing data and a second signing value, and verifying the second signing value by using a device public key in the certificate signing request to obtain a second verification result;
checking the vehicle information in the certificate signing request under the condition that the second verification result is successful in verification, and signing the second spliced data by using a root private key under the condition that the vehicle information is correct to obtain a third signature value; the second spliced data are spliced by the vehicle information and the equipment public key;
Splicing the vehicle information, the equipment public key and the third signature value to serve as an equipment certificate;
and generating a first encryption key and sending the first encryption key and the equipment certificate to a data storage end.
In a fourth aspect, the present application also provides a computer device. The computer device comprises a memory storing a computer program and a processor implementing the steps of the method of the first aspect when the processor executes the computer program.
In a fifth aspect, the present application also provides a computer-readable storage medium. The computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the method of the first aspect.
The data storage method, the device, the computer equipment, the storage medium and the computer program product encrypt driving data through the second encryption key to obtain the first ciphertext, encrypt the second encryption key through the first encryption key to obtain the second ciphertext, and further provide an authentication mechanism for signature authentication of the equipment private key to the first ciphertext, and store the encrypted and authenticated first ciphertext, the encrypted and authenticated second ciphertext and the first signature value after encryption authentication based on various modes, so that the safety of data storage is ensured.
Drawings
FIG. 1 is a diagram of an application environment for a data storage method in one embodiment;
FIG. 2 is a flow diagram of a method of data storage in one embodiment;
FIG. 3 is a flow chart illustrating the encryption of driving data in one embodiment;
FIG. 4 is a flowchart illustrating an encryption step of driving data according to another embodiment;
FIG. 5 is a schematic flow chart of decrypting driving data by a verification terminal according to an embodiment;
FIG. 6 is a schematic flow chart of presetting a device certificate and a first encryption key at a data storage end in one embodiment;
FIG. 7 is a block diagram of a data storage device in one embodiment;
fig. 8 is an internal structural diagram of a computer device in one embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present application.
The data storage method provided by the embodiment of the application can be applied to an application environment shown in fig. 1. Wherein the verification side 102 communicates with the data storage side 104 via a network. The data storage terminal may be integrated on the in-vehicle terminal. The data storage 104 may be, but not limited to, various devices of the internet of things, which may be an intelligent vehicle-mounted device, etc.
In one embodiment, as shown in FIG. 2, a data storage method is provided, comprising the steps of:
The driving data may include vehicle running state, motion parameters, driver state and operation conditions, vehicle use conditions, and perception, decision-making, control related data, driver or safety state data of the vehicle carrying the auxiliary driving system or the automatic driving system.
In this embodiment, the data storage end acquires driving data from the vehicle sensor in real time.
And step 204, encrypting the driving data according to the second encryption key to obtain a first ciphertext.
The second encryption key is a random number generated by the data storage end for encrypting the driving data, so that when the second encryption key is leaked, only the driving data can be leaked, and other driving data in the data storage system can not be leaked, namely, when one of the second encryption keys is leaked, the safety of the other driving data is not influenced.
In this embodiment, the data storage end generates a random number, encrypts the driving data to be recorded by using the random number as the second encryption key to obtain the first ciphertext, where the encryption algorithm may be symmetric encryption algorithms such as AES, 3DES, SM4, etc., and the embodiment of the present application does not limit the symmetric encryption algorithm specifically applied.
And step 206, encrypting the second encryption key according to the first encryption key to obtain a second ciphertext.
The first encryption key is a device encryption key and is stored in the data storage end.
In this embodiment, the data storage end encrypts the second encryption key by using the first encryption key to obtain the second encrypted ciphertext. The encryption algorithm is the same as that used in step 204, and the description of this embodiment is omitted here.
And step 208, signing the first ciphertext according to the device private key to obtain a first signature value.
The device private key is put in the data storage end by the verification end when the data storage end leaves the factory and is stored in the data storage end. For example, the validation site may be a hosting facility or a regulatory agency's end device or system.
In this embodiment, the data storage terminal signs the first ciphertext according to the device private key to obtain a first signature value, where the signature value can be verified by the device public key, and if the device public key fails to verify, it indicates that the driving data is tampered or destroyed, and the driving data does not have authenticity.
Optionally, under the condition of data sensitivity, the data storage end encrypts driving data into ciphertext data according to the methods from step 204 to step 206, and then signs the ciphertext data to ensure that the driving data is not tampered; under the condition that the data is insensitive, the data storage end can directly sign the clear text driving data, so that the driving data is ensured not to be tampered.
In this embodiment, the data storage end correspondingly stores the first ciphertext, the second ciphertext, and the first signature value to the local. Optionally, when the driving data needs to be called out, decryption can be performed in the device, and the first ciphertext, the second ciphertext and the first signature value can be extracted by a compliant data extraction mechanism to be analyzed by other devices.
In the data storage method, the driving data are encrypted through the symmetric encryption algorithm and signed by the equipment private key, so that the safety of the driving data can be ensured, even if the driving data are tampered by an attacker, the data can be found to be tampered through the signature verification of the equipment public key, and the safety of the driving data is improved.
In one embodiment, as shown in fig. 3, step 204 encrypts the driving data according to the second encryption key to obtain a first ciphertext, and further includes:
The fixed header information may include a data storage end identification number, or may include an encryption algorithm identification. The encryption algorithm identification contained in the fixed head information is used for calibrating an encryption method adopted by driving data, and the data storage end identification number is used for calibrating the data storage end identification of the driving data.
In this embodiment, the data storage end obtains preset fixed header information, splices the fixed header information with driving data to obtain first spliced data, and uses the first spliced data as processed driving data for encryption.
And step 304, encrypting the first spliced data according to the second encryption key to obtain a first ciphertext.
In this embodiment, the data storage end splices the fixed header information and the driving data to obtain first spliced data, and encrypts the first spliced data according to the second encryption key to obtain a first ciphertext. The encryption algorithm is the same as the symmetric encryption algorithm used in step 204, and will not be described here.
In this embodiment, the encryption algorithm identifier or the data storage end identifier number is used as the fixed header information to be spliced with the driving data, so that the driving data can be calibrated by the identity calibration method or the encryption method used for the driving data.
In one embodiment, as shown in fig. 4, step 304 encrypts the first spliced data according to the second encryption key to obtain a first ciphertext, including:
Wherein the random number is used for preventing tampering with the driving data.
In this embodiment, optionally, the data storage end may have a random number generator, and the data storage end obtains a random number through the random number generator, and splices the random number with the first spliced data to obtain the target first spliced data.
And step 404, encrypting the target first spliced data according to the second encryption key to obtain the first ciphertext.
In this embodiment, the data storage end encrypts the second spliced data according to the second encryption key to obtain the first ciphertext. The encryption algorithm is the same as that used in step 204, and the description of this embodiment is omitted here.
In this embodiment, the driving data of the data storage terminal may be verified by concatenating the random numbers.
In one embodiment, as shown in fig. 5, after storing the first ciphertext, the second ciphertext, and the first signature value locally, at step 210, further comprises:
In this embodiment, the verification end may be a verification device or system of a host factory, regulatory agency, or other compliance organization. When an accident occurs to the vehicle, the verification terminal can extract the driving data recorded in the automobile driving data storage terminal for analyzing the accident cause, and verify and decrypt the extracted driving data. After the first ciphertext, the second ciphertext and the corresponding first signature value are extracted, the verification terminal verifies the first signature value through the equipment public key to obtain a first verification result.
And step 504, under the condition that the first verification result is that the verification is successful, decrypting the second ciphertext according to the first encryption key to obtain a second encryption key.
In this embodiment, when the verification terminal places the first encryption key into the data storage terminal, the verification terminal retains the first encryption key and stores the device encryption key. And under the condition that the first verification result is that the verification is successful, the verification end decrypts the second ciphertext according to the first encryption key to obtain a second encryption key. The decryption algorithm corresponds to the encryption algorithm in step 204, and will not be described in detail herein.
And returning verification failure under the condition that the first verification result is failure.
And step 506, decrypting the first ciphertext according to the second encryption key to obtain decrypted driving data.
In this embodiment, the data storage end decrypts the first ciphertext according to the second encryption key obtained in step 504, to obtain the decrypted driving data.
In this embodiment, in the data reading process, the signature is checked through the device private key, and the first encryption key and the second encryption key are decrypted, so that the driving data can be encrypted and protected, the safety of the driving data is improved, meanwhile, the driving data can be found to be tampered, and the driving data without authenticity is prevented from being analyzed.
In one embodiment, as shown in fig. 6, before encrypting the driving data according to the second encryption key to obtain the first ciphertext in step 204, the method further includes:
In this embodiment, the device public key and the device private key of the data storage end are preset by the verification end, the device private key and the device certificate (the device certificate includes the device public key) are generated by a regulatory agency or a key management system of a host factory for the driving data storage end of the automobile in each vehicle, the device certificate is issued by the regulatory agency or the host factory, and the device certificate can be verified by the root certificate of the verification end. The data storage end receives a device public key and a device private key preset by the verification end. Alternatively, the device public key and the device private key can be generated in the security chip of the data storage end, and meanwhile, the device private key is stored in the security chip.
The signature algorithm can be an asymmetric encryption algorithm such as RSA/ECC/SM 2.
The vehicle information may be a VIN (Vehicle Identification Number, vehicle identification code) of the vehicle, or other information that can uniquely indicate the characteristics of the vehicle, for example, a license plate number, a MAC (Media Access Control Address, medium access control address) address of a network device installed at the vehicle end, and the like.
In this embodiment, the data storage end concatenates the vehicle attribute information and the device public key to obtain second concatenated data, and signs the second concatenated data through the device private key to obtain a second signature value, where the second signature value is used as the concatenated data to generate the certificate signature request.
And step 606, splicing the vehicle information, the equipment public key and the second signature value, generating a certificate signature request according to the splicing result, and sending the certificate signature request to the verification end.
In this embodiment, the data storage terminal concatenates The vehicle information, the device Public key and The second signature value, and optionally, the certificate request may be generated using The PKCS #10 (The Public-Key Cryptography Standards) standard description standard, and The certificate signature request is sent to The verification terminal.
The device certificate is a device certificate which is issued by the verification end and contains a device public key.
In this embodiment, the verification terminal generates the device certificate and the first encryption key in response to the certificate signing request, stores the device certificate and the first encryption key in correspondence with the vehicle information, and transmits the device certificate and the first encryption key to the data storage terminal. The data store receives the device certificate (containing the device public key) and the first encryption key.
In this embodiment, signature verification is performed by using an asymmetric encryption algorithm, so that ciphertext data or plaintext data read by a verification terminal can be guaranteed to be stored by a data storage terminal, the ciphertext data or plaintext data is guaranteed to be not tampered, and the safety of driving data can be improved.
In one implementation, a data storage system, the system comprising:
the verification terminal 102 is configured to generate a device encryption key (first encryption key), a device public key, and a device private key, and send the generated device encryption key, the device public key, and the device private key to the data storage terminal;
a data storage 104, configured to obtain driving data; encrypting the driving data according to the second encryption key to obtain a first ciphertext; encrypting the second encryption key according to the first encryption key to obtain a second ciphertext; signing the first ciphertext according to the equipment private key to obtain a first signature value; the first ciphertext, the second ciphertext, and the first signature value are stored locally.
In this embodiment, the verification terminal generates a device encryption key (first encryption key), a device public key, and a device private key for the data storage terminal, and presets the device encryption key, the device public key, and the device private key to the data storage terminal. Specifically, after receiving the certificate signing request, the verification terminal can self-establish the electronic authentication center to issue the equipment certificate, the equipment certificate contains the equipment public key, and then the verification terminal installs the equipment certificate to the data storage terminal.
In one embodiment, the verification terminal is specifically configured to generate a device encryption key, a device public key, and a device private key, and send the device encryption key, the device public key, and the device private key to the data storage terminal; receiving a certificate signing request sent by a data storage end, wherein the certificate signing request comprises second spliced data and a second signing value, and verifying the second signing value by using a device public key in the certificate signing request to obtain a second verification result; checking the vehicle information in the certificate signing request under the condition that the second verification result is successful in verification, and signing the second spliced data by using a root private key under the condition that the vehicle information is correct to obtain a third signature value; the second spliced data are spliced by the vehicle information and the equipment public key; splicing the vehicle information, the equipment public key and the third signature value to serve as an equipment certificate; a first encryption key is generated and the first encryption key and the device certificate are sent to the data store.
In this embodiment, the verification terminal generates the data storage terminal, the device public key and the device private key, and sends the generated data storage terminal to the data storage terminal, and optionally, the verification terminal may generate a key pair in a security chip of the data storage system, where the device private key is stored in the security chip. The data storage end uses the equipment private key to digitally sign the data spliced by the vehicle information and the equipment public key to obtain a second signature value, splices the vehicle information, the equipment public key and the second signature value to obtain a certificate signature request and sends the certificate signature request to the verification end. After receiving the certificate signing request, the verification terminal verifies the second signature value by using the equipment public key in the certificate signing request to obtain a second verification result. Returning to the verification failure under the condition that the second verification result is the verification failure; and under the condition that the second verification result is that the verification is successful, the verification end checks the vehicle information in the certificate signing request. Returning a vehicle information error in the case of a vehicle information error; and under the condition that the vehicle information is correct, signing the second spliced data by using the root private key to obtain a third signature value, splicing the second spliced data with the vehicle information and the equipment public key to serve as an equipment certificate, and sending the equipment certificate and the first encryption key to a data storage end.
It should be understood that, although the steps in the flowcharts related to the embodiments described above are sequentially shown as indicated by arrows, these steps are not necessarily sequentially performed in the order indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in the flowcharts described in the above embodiments may include a plurality of steps or a plurality of stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily performed sequentially, but may be performed alternately or alternately with at least some of the other steps or stages.
Based on the same inventive concept, the embodiments of the present application also provide a data storage device for implementing the above-mentioned data storage method. The implementation of the solution provided by the device is similar to the implementation described in the above method, so the specific limitation of one or more embodiments of the data storage device provided below may be referred to above as limitation of the data storage method, and will not be repeated here.
In one embodiment, as shown in FIG. 7, there is provided a data storage device comprising: an acquisition module 701, a first encryption module 702, a second encryption module 703, a signature module 704 and a storage module 705, wherein:
an acquisition module 701, configured to acquire driving data;
the first encryption module 702 is configured to encrypt the driving data according to the second encryption key to obtain a first ciphertext;
a second encryption module 703, configured to encrypt the second encryption key according to the first encryption key to obtain a second ciphertext;
a signature module 704, configured to sign the first ciphertext according to the device private key, to obtain a first signature value;
the storage module 705 is configured to store the first ciphertext, the second ciphertext, and the first signature value to a local place.
In one embodiment, the acquisition module 701 further includes:
the first acquisition module is used for acquiring fixed head information, splicing the fixed head information with the driving data to obtain first spliced data, and taking the first spliced data as the processed driving data;
the first encryption module 702 is specifically configured to encrypt the first spliced data according to the second encryption key to obtain the first ciphertext.
In one embodiment, the first encryption module 703 is specifically configured to:
acquiring a random number, and splicing the random number with the first splicing data to obtain target first splicing data;
and encrypting the target first spliced data according to the second encryption key to obtain the first ciphertext.
In one embodiment, after storing the module, the apparatus further comprises:
the verification module is used for verifying the first signature value through the equipment public key to obtain a first verification result;
the first decryption module is used for decrypting the second ciphertext according to the first encryption key to obtain the second encryption key under the condition that the first verification result is that the verification is successful;
and the second decryption module is used for decrypting the first ciphertext according to the second encryption key to obtain the decrypted driving data.
In one embodiment, before the module is acquired, the method further includes:
the receiving module is used for receiving the equipment public key and the equipment private key which are sent by the verification terminal;
the second signature module is used for acquiring vehicle information, splicing the vehicle information with the equipment public key to obtain second spliced data, and signing the second spliced data through the equipment private key to obtain a second signature value;
The sending module is used for splicing the second splicing data and the second signature value, generating a certificate signature request according to a splicing result, and sending the certificate signature request to the verification end;
the second receiving module is used for receiving the equipment certificate and the first encryption key which are sent by the verification end in response to the certificate signing request, and storing the equipment certificate and the first encryption key to the local, wherein the equipment certificate is the equipment certificate issued by the verification end.
The various modules in the data storage device described above may be implemented in whole or in part in software, hardware, and combinations thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.
In one embodiment, a computer device is provided, which may be a terminal, and the internal structure thereof may be as shown in fig. 8. The computer device includes a processor, a memory, a communication interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless mode can be realized through WIFI, a mobile cellular network, NFC (near field communication) or other technologies. The computer program is executed by a processor to implement a data storage method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, can also be keys, a track ball or a touch pad arranged on the shell of the computer equipment, and can also be an external keyboard, a touch pad or a mouse and the like.
It will be appreciated by those skilled in the art that the structure shown in fig. 8 is merely a block diagram of some of the structures associated with the present application and is not limiting of the computer device to which the present application may be applied, and that a particular computer device may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided comprising a memory and a processor, the memory having stored therein a computer program, the processor when executing the computer program performing the steps of:
acquiring driving data;
encrypting the driving data according to a second encryption key to obtain a first ciphertext;
encrypting the second encryption key according to the first encryption key to obtain a second ciphertext;
signing the first ciphertext according to a device private key to obtain a first signature value;
and storing the first ciphertext, the second ciphertext and the first signature value locally.
In one embodiment, the processor when executing the computer program further performs the steps of:
acquiring fixed head information, splicing the fixed head information with the driving data to obtain first spliced data, and taking the first spliced data as the processed driving data;
The driving data is encrypted according to the second encryption key to obtain a first ciphertext, which comprises:
and encrypting the first spliced data according to the second encryption key to obtain the first ciphertext.
In one embodiment, the encrypting the driving data according to the second encryption key to obtain a first ciphertext includes:
obtaining a random number, and encrypting the random number and the first spliced data to obtain second spliced data;
and encrypting the second spliced data according to the second encryption key to obtain the first ciphertext.
In one embodiment, after said storing the first ciphertext, the second ciphertext, and the first signature value locally, the processor when executing the computer program further performs the steps of: :
verifying the first signature value through a device public key to obtain a first verification result;
under the condition that the first verification result is that verification is successful, decrypting the second ciphertext according to the first encryption key to obtain the second encryption key;
and decrypting the first ciphertext according to the second encryption key to obtain the decrypted driving data.
In one embodiment, the driving data is encrypted according to the second encryption key, and before the first ciphertext is obtained, the processor executes the computer program to further implement the following steps: :
receiving a device public key and a device private key sent by a verification terminal;
acquiring vehicle information, splicing the vehicle information and the equipment public key to obtain second spliced data, and signing the second spliced data through the equipment private key to obtain a second signature value;
splicing the second splicing data and the second signature value, generating a certificate signature request according to a splicing result, and sending the certificate signature request to a verification end;
and receiving the equipment certificate and the first encryption key which are sent by the verification end in response to the certificate signing request, and storing the equipment certificate and the first encryption key to the local, wherein the equipment certificate is the equipment certificate issued by the verification end.
In one embodiment, a computer readable storage medium is provided having a computer program stored thereon, which when executed by a processor, performs the steps of:
acquiring driving data;
encrypting the driving data according to a second encryption key to obtain a first ciphertext;
Encrypting the second encryption key according to the first encryption key to obtain a second ciphertext;
signing the first ciphertext according to a device private key to obtain a first signature value;
and storing the first ciphertext, the second ciphertext and the first signature value locally.
In one embodiment, the method further comprises:
acquiring fixed head information, splicing the fixed head information with the driving data to obtain first spliced data, and taking the first spliced data as the processed driving data;
the driving data is encrypted according to the second encryption key to obtain a first ciphertext, which comprises:
and encrypting the first spliced data according to the second encryption key to obtain the first ciphertext.
In one embodiment, the encrypting the driving data according to the second encryption key to obtain a first ciphertext includes:
obtaining a random number, and encrypting the random number and the first spliced data to obtain second spliced data;
and encrypting the second spliced data according to the second encryption key to obtain the first ciphertext.
In one embodiment, after said storing the first ciphertext, the second ciphertext, and the first signature value locally, the method further comprises:
Verifying the first signature value through a device public key to obtain a first verification result;
under the condition that the first verification result is that verification is successful, decrypting the second ciphertext according to the first encryption key to obtain the second encryption key;
and decrypting the first ciphertext according to the second encryption key to obtain the decrypted driving data.
In one embodiment, before encrypting the driving data according to the second encryption key to obtain the first ciphertext, the method further includes:
receiving a device public key and a device private key sent by a verification terminal;
acquiring vehicle information;
splicing the vehicle information and the equipment public key to obtain second spliced data, and signing the second spliced data through the equipment private key to obtain a second signature value;
splicing the second splicing data and the second signature value, generating a certificate signature request according to a splicing result, and sending the certificate signature request to a verification end;
and receiving the equipment certificate and the first encryption key which are sent by the verification end in response to the certificate signing request, and storing the equipment certificate and the first encryption key to the local, wherein the equipment certificate is the equipment certificate issued by the verification end.
In one embodiment, a computer program product is provided comprising a computer program which, when executed by a processor, performs the steps of:
acquiring driving data;
encrypting the driving data according to a second encryption key to obtain a first ciphertext;
encrypting the second encryption key according to the first encryption key to obtain a second ciphertext;
signing the first ciphertext according to a device private key to obtain a first signature value;
and storing the first ciphertext, the second ciphertext and the first signature value locally.
In one embodiment, the method further comprises:
acquiring fixed head information, splicing the fixed head information with the driving data to obtain first spliced data, and taking the first spliced data as the processed driving data;
the driving data is encrypted according to the second encryption key to obtain a first ciphertext, which comprises:
and encrypting the first spliced data according to the second encryption key to obtain the first ciphertext.
In one embodiment, the encrypting the driving data according to the second encryption key to obtain a first ciphertext includes:
Obtaining a random number, and encrypting the random number and the first spliced data to obtain second spliced data;
and encrypting the second spliced data according to the second encryption key to obtain the first ciphertext.
In one embodiment, after said storing the first ciphertext, the second ciphertext, and the first signature value locally, the method further comprises:
verifying the first signature value through a device public key to obtain a first verification result;
under the condition that the first verification result is that verification is successful, decrypting the second ciphertext according to the first encryption key to obtain the second encryption key;
and decrypting the first ciphertext according to the second encryption key to obtain the decrypted driving data.
In one embodiment, before encrypting the driving data according to the second encryption key to obtain the first ciphertext, the method further includes:
receiving a device public key and a device private key sent by a verification terminal;
acquiring vehicle information;
splicing the vehicle information and the equipment public key to obtain second spliced data, and signing the second spliced data through the equipment private key to obtain a second signature value;
Splicing the second splicing data and the second signature value, generating a certificate signature request according to a splicing result, and sending the certificate signature request to a verification end;
and receiving the equipment certificate and the first encryption key which are sent by the verification end in response to the certificate signing request, and storing the equipment certificate and the first encryption key to the local, wherein the equipment certificate is the equipment certificate issued by the verification end.
It should be noted that, user information (including but not limited to user equipment information, user personal information, etc.) and data (including but not limited to data for analysis, stored data, presented data, etc.) referred to in the present application are information and data authorized by the user or sufficiently authorized by each party.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, database, or other medium used in the various embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high density embedded nonvolatile Memory, resistive random access Memory (ReRAM), magnetic random access Memory (Magnetoresistive Random Access Memory, MRAM), ferroelectric Memory (Ferroelectric Random Access Memory, FRAM), phase change Memory (Phase Change Memory, PCM), graphene Memory, and the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory, and the like. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like. The databases referred to in the various embodiments provided herein may include at least one of relational databases and non-relational databases. The non-relational database may include, but is not limited to, a blockchain-based distributed database, and the like. The processors referred to in the embodiments provided herein may be general purpose processors, central processing units, graphics processors, digital signal processors, programmable logic units, quantum computing-based data processing logic units, etc., without being limited thereto.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples only represent a few embodiments of the present application, which are described in more detail and are not to be construed as limiting the scope of the present application. It should be noted that it would be apparent to those skilled in the art that various modifications and improvements could be made without departing from the spirit of the present application, which would be within the scope of the present application. Accordingly, the scope of protection of the present application shall be subject to the appended claims.
Claims (10)
1. A data storage method, wherein the method is applied to a data storage end, and the method comprises:
acquiring driving data;
encrypting the driving data according to a second encryption key to obtain a first ciphertext;
encrypting the second encryption key according to the first encryption key to obtain a second ciphertext;
signing the first ciphertext according to a device private key to obtain a first signature value;
And storing the first ciphertext, the second ciphertext and the first signature value locally.
2. The method according to claim 1, wherein the method further comprises:
acquiring fixed head information, splicing the fixed head information with the driving data to obtain first spliced data, and taking the first spliced data as the processed driving data;
the driving data is encrypted according to the second encryption key to obtain a first ciphertext, which comprises:
and encrypting the first spliced data according to the second encryption key to obtain the first ciphertext.
3. The method of claim 2, wherein encrypting the first concatenated data according to the second encryption key to obtain the first ciphertext comprises:
acquiring a random number, and splicing the random number with the first splicing data to obtain target first splicing data;
and encrypting the target first spliced data according to the second encryption key to obtain the first ciphertext.
4. The method of claim 1, wherein after the storing the first ciphertext, the second ciphertext, and the first signature value locally, the method further comprises:
Verifying the first signature value through a device public key to obtain a first verification result;
under the condition that the first verification result is that verification is successful, decrypting the second ciphertext according to the first encryption key to obtain the second encryption key;
and decrypting the first ciphertext according to the second encryption key to obtain the decrypted driving data.
5. The method of claim 1, wherein the encrypting the driving data according to the second encryption key is preceded by obtaining a first ciphertext, the method further comprising:
receiving a device public key and a device private key sent by a verification terminal;
acquiring vehicle information, splicing the vehicle information and the equipment public key to obtain second spliced data, and signing the second spliced data through the equipment private key to obtain a second signature value;
splicing the second splicing data and the second signature value, generating a certificate signature request according to a splicing result, and sending the certificate signature request to a verification end;
and receiving a device certificate and a first encryption key which are sent by the verification end in response to the certificate signing request, and storing the device certificate and the first encryption key to a local place, wherein the device certificate is the device certificate issued by the verification end.
6. A data storage device, the device being applied to a data storage terminal, the device comprising:
the acquisition module is used for acquiring driving data;
the first encryption module is used for encrypting the driving data according to the second encryption key to obtain a first ciphertext;
the second encryption module is used for encrypting the second encryption key according to the first encryption key to obtain a second ciphertext;
the signature module is used for signing the first ciphertext according to the equipment private key to obtain a first signature value;
and the storage module is used for storing the first ciphertext, the second ciphertext and the first signature value to the local.
7. A data storage system, the system comprising:
the verification terminal is used for verifying the certificate signing request, generating a first encryption key, a device public key and a device private key, and transmitting the first encryption key, the device public key and the device private key to the data storage terminal;
the data storage end is used for acquiring driving data; encrypting the driving data according to a second encryption key to obtain a first ciphertext; encrypting the second encryption key according to the first encryption key to obtain a second ciphertext; signing the first ciphertext according to a device private key to obtain a first signature value; and storing the first ciphertext, the second ciphertext and the first signature value locally.
8. The system of claim 7, wherein the verification terminal is specifically configured to generate a first encryption key, a device public key, and a device private key, and send the first encryption key, the device public key, and the device private key to the data storage terminal;
receiving a certificate signing request sent by a data storage end, wherein the certificate signing request comprises second splicing data and a second signing value, and verifying the second signing value by using a device public key in the certificate signing request to obtain a second verification result;
checking the vehicle information in the certificate signing request under the condition that the second verification result is successful in verification, and signing the second spliced data by using a root private key under the condition that the vehicle information is correct to obtain a third signature value; the second spliced data are spliced by the vehicle information and the equipment public key;
splicing the vehicle information, the equipment public key and the third signature value to serve as an equipment certificate;
and generating a first encryption key and sending the first encryption key and the equipment certificate to a data storage end.
9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any one of claims 1 to 5 when the computer program is executed.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211614508.1A CN116011042A (en) | 2022-12-15 | 2022-12-15 | Data storage method, device, system, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211614508.1A CN116011042A (en) | 2022-12-15 | 2022-12-15 | Data storage method, device, system, computer equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116011042A true CN116011042A (en) | 2023-04-25 |
Family
ID=86031161
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211614508.1A Pending CN116011042A (en) | 2022-12-15 | 2022-12-15 | Data storage method, device, system, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116011042A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117010000A (en) * | 2023-09-28 | 2023-11-07 | 之江实验室 | Data security service method, device, computer equipment and storage medium |
-
2022
- 2022-12-15 CN CN202211614508.1A patent/CN116011042A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117010000A (en) * | 2023-09-28 | 2023-11-07 | 之江实验室 | Data security service method, device, computer equipment and storage medium |
| CN117010000B (en) * | 2023-09-28 | 2024-03-01 | 之江实验室 | Data security service method, device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107770159B (en) | Vehicle accident data recording method and related device and readable storage medium | |
| CN109560934B (en) | Data tamper-proof method and device, computer equipment and storage medium | |
| CN112332975A (en) | Internet of things equipment secure communication method and system | |
| CN103684786A (en) | Method and system for storing digital certificate and binding digital certificate to hardware carrier | |
| KR102272928B1 (en) | Operating method for machine learning model using encrypted data and apparatus based on machine learning model | |
| CN111401901A (en) | Authentication method and device of biological payment device, computer device and storage medium | |
| CN111565182A (en) | Vehicle diagnosis method and device and storage medium | |
| CN109445705A (en) | Firmware authentication method and solid state hard disk | |
| CN116011042A (en) | Data storage method, device, system, computer equipment and storage medium | |
| CN113452526A (en) | Electronic document storage and verification method and corresponding device | |
| CN116366289B (en) | Safety supervision method and device for remote sensing data of unmanned aerial vehicle | |
| KR102551592B1 (en) | Method for preventing mileage tampering of car and mileage recording device using the same | |
| CN116049802B (en) | Application single sign-on method, system, computer equipment and storage medium | |
| CN110659522B (en) | Storage medium security authentication method and device, computer equipment and storage medium | |
| CN116015846A (en) | Identity authentication method, identity authentication device, computer equipment and storage medium | |
| CN115331336B (en) | NFC digital key mobile equipment adaptation method and device based on card simulation scheme | |
| CN115776396A (en) | Data processing method and device, electronic equipment and storage medium | |
| CN114244565B (en) | Key distribution method, device, equipment and storage medium | |
| CN114124440B (en) | Secure transmission method, apparatus, computer device and storage medium | |
| CN113328864B (en) | Data transmission method and system based on function encryption, block chain and machine learning | |
| CN116647413B (en) | Application login method, device, computer equipment and storage medium | |
| CN115174260B (en) | Data verification method, device, computer, storage medium and program product | |
| CN114760111B (en) | File confidentiality method and file confidentiality device based on block chain | |
| CN114039752A (en) | Data information transmission method, relay protection device and master station | |
| CN115913563A (en) | Electronic signature generation method, electronic signature verification method and electronic signature verification equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |