CN116761174A - Data processing method and device and electronic equipment - Google Patents
Data processing method and device and electronic equipment Download PDFInfo
- Publication number
- CN116761174A CN116761174A CN202310761004.0A CN202310761004A CN116761174A CN 116761174 A CN116761174 A CN 116761174A CN 202310761004 A CN202310761004 A CN 202310761004A CN 116761174 A CN116761174 A CN 116761174A
- Authority
- CN
- China
- Prior art keywords
- encryption information
- key
- data
- plaintext
- uwb
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 14
- 238000012545 processing Methods 0.000 claims abstract description 45
- 238000000034 method Methods 0.000 claims description 44
- 230000015654 memory Effects 0.000 claims description 35
- 238000012795 verification Methods 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 8
- 238000004806 packaging method and process Methods 0.000 claims description 2
- 238000004891 communication Methods 0.000 abstract description 19
- 238000010586 diagram Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 7
- 230000008569 process Effects 0.000 description 7
- 230000005540 biological transmission Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000013461 design Methods 0.000 description 3
- 238000006243 chemical reaction Methods 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000003213 activating effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000002427 irreversible effect Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000012856 packing Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
- H04W12/106—Packet or message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/40—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Lock And Its Accessories (AREA)
Abstract
The application provides a data processing method, a data processing device and electronic equipment. The data processing method comprises the following steps: obtaining a digital signature according to a plaintext and a private key of UWB equipment, wherein the plaintext comprises CAN FD information, positioning data of the UWB equipment, a vehicle identification code and a random number; encrypting the plaintext according to the symmetric key, and obtaining encryption information by the public key and the digital signature of the digital key; obtaining key encryption information according to the public key encryption symmetric key of the domain controller; and sending the data frame containing the encryption information and the key encryption information to the domain controller. By using CAN FD information for digital signature, the security of communication CAN be improved.
Description
Technical Field
The present application relates to the field of data processing technologies, and in particular, to a data processing method, a data processing device, and an electronic device.
Background
The domain controller corresponding to the Ultra Wide Band (UWB) equipment on the vehicle can control electric doors and windows, central control door locks, light systems and the like. In order to ensure the versatility of the encryption method of the multiple electronic control units (Electronic Control Unit, ECU), the vehicle identification code (Vehicle Identification Number, VIN) is often used to confirm the legitimacy of the UWB device. However, this implementation has the problem that the VIN code information is easy to falsify and falsify. Therefore, how to improve the security of communication is a problem to be solved.
Disclosure of Invention
The embodiment of the application provides a data processing method, a data processing device and electronic equipment, and CAN improve the safety of communication by using CAN FD information for digital signature.
In a first aspect, an embodiment of the present application provides a data processing method, applied to a UWB device of a vehicle, including:
obtaining a digital signature according to a plaintext and a private key of the UWB equipment, wherein the plaintext comprises CAN FD information, positioning data of the UWB equipment, a vehicle identification code and a random number;
encrypting the plaintext, the public key of the digital key and the digital signature according to the symmetric key to obtain encryption information;
encrypting the symmetric key according to the public key of the domain controller to obtain key encryption information;
and sending a data frame containing the encryption information and the key encryption information to the domain controller.
Optionally, the CAN FD information includes a CAN FD data length, a frame format, and a CAN FD identifier.
Optionally, the obtaining the digital signature according to the plaintext and the private key of the UWB device includes:
obtaining a first abstract according to the plaintext;
and encrypting the first digest according to the private key of the UWB equipment to obtain a digital signature.
Optionally, the sending the encryption information and the key encryption information to the domain controller includes:
Judging whether the sum of the data length of the encryption information and the key encryption information in the data frame exceeds a preset length;
transmitting the data frame to the domain controller under the condition that the sum of the data lengths does not exceed the preset length;
under the condition that the sum of the data lengths exceeds a preset length, the encryption information and the key encryption information are packetized to obtain N data frames smaller than the preset length;
and transmitting the N data frames smaller than the preset length to the domain controller.
In a second aspect, an embodiment of the present application provides a data processing method, which is characterized in that the method is applied to a domain controller of a vehicle, and includes:
receiving a data frame which is sent by UWB equipment and contains encryption information and key encryption information;
decrypting the key encryption information according to the private key of the domain controller to obtain a symmetric key;
decrypting the encrypted information according to the symmetric key to obtain a plaintext, a public key of UWB equipment and a digital signature, wherein the plaintext comprises CAN FD information, positioning data of the UWB equipment, a vehicle identification code and a random number;
decrypting the digital signature according to the public key of the UWB equipment to obtain a first abstract;
Obtaining a second abstract according to the plaintext;
and confirming that the UWB equipment passes verification under the condition that the first digest is consistent with the second digest.
Optionally, the CAN FD information includes a CAN FD data length, a frame format, and a CAN FD identifier.
Optionally, the method further comprises:
controlling the vehicle to perform a target operation if the UWB device is verified, the target operation including one or more of unlocking a door, locking a door, opening a door, closing a door, opening a window, or starting an engine;
and discarding the data frame in the case that the UWB device authentication is not passed.
Optionally, the receiving the data frame including the encryption information and the key encryption information sent by the UWB device includes:
judging whether the sum of the data length of the encryption information and the key encryption information exceeds a preset length;
receiving a data frame which is sent by UWB equipment and contains encryption information and secret key encryption information under the condition that the sum of the data lengths does not exceed the preset length;
receiving N data frames which are smaller than the preset length and are sent by the UWB equipment under the condition that the sum of the data lengths exceeds the preset length;
And packaging the N data frames smaller than the preset length to obtain the encryption information and the key encryption information.
In a third aspect, an embodiment of the present application provides a data processing apparatus, including:
the processing module is used for obtaining a digital signature according to a plaintext and a private key of the UWB equipment, wherein the plaintext comprises CAN FD information, positioning data of the UWB equipment, a vehicle identification code and a random number; the digital signature is used for obtaining encryption information by encrypting the plaintext, the public key of the digital key and the digital signature according to the symmetric key; the system comprises a domain controller, a symmetric key and a key encryption module, wherein the symmetric key is used for encrypting the symmetric key according to the public key of the domain controller to obtain key encryption information;
and the receiving and transmitting module is used for transmitting the data frame containing the encryption information and the key encryption information to the domain controller.
Optionally, the CAN FD information includes a CAN FD data length, a frame format, and a CAN FD identifier.
Optionally, the processing module is further configured to obtain a first digest according to the plaintext; and the first digest is encrypted according to the private key of the UWB device to obtain a digital signature.
Optionally, the processing module is further configured to determine whether a sum of data lengths of the encryption information and the key encryption information in the data frame exceeds a preset length;
The receiving and transmitting module is further configured to send the data frame to the domain controller when the sum of the data lengths does not exceed the preset length;
the processing module is further used for packetizing the encryption information and the key encryption information to obtain N data frames smaller than the preset length under the condition that the sum of the data lengths exceeds the preset length;
and the receiving and transmitting module is also used for transmitting the N data frames smaller than the preset length to the domain controller.
In a fourth aspect, an embodiment of the present application provides a data processing apparatus, including:
the receiving and transmitting module is used for receiving a data frame which is sent by the UWB equipment and contains encryption information and key encryption information;
the processing module is used for decrypting the secret key encryption information according to the private key of the domain controller to obtain a symmetric secret key; the encryption information is decrypted according to the symmetric key to obtain a plaintext, a public key of UWB equipment and a digital signature, wherein the plaintext comprises CAN FD information, positioning data of the UWB equipment, a vehicle identification code and a random number; the digital signature is decrypted according to the public key of the UWB equipment to obtain a first digest; the second abstract is obtained according to the plaintext; and means for confirming that the UWB device authentication passes if the first digest is consistent with the second digest.
Optionally, the CAN FD information includes a CAN FD data length, a frame format, and a CAN FD identifier.
Optionally, the data processing apparatus further comprises a control module for controlling the vehicle to perform a target operation if the UWB device is verified, the target operation including one or more of unlocking a door, locking a door, opening a door, closing a door, opening a window, or starting an engine;
and the processing module is also used for discarding the data frame in the case that the UWB equipment verification is not passed.
Optionally, the processing module is further configured to determine whether a sum of data lengths of the encryption information and the key encryption information exceeds a preset length;
the receiving and transmitting module is further used for receiving a data frame which is sent by the UWB equipment and contains encryption information and secret key encryption information under the condition that the sum of the data lengths does not exceed the preset length; and the device is further used for receiving N data frames which are smaller than the preset length and are sent by the UWB equipment under the condition that the sum of the data lengths exceeds the preset length;
and the processing module is also used for grouping the N data frames smaller than the preset length to obtain the encryption information and the key encryption information.
In a fifth aspect, an embodiment of the present application provides an electronic device, including:
a processor and a memory, the processor and the memory being interconnected, wherein the memory is adapted to store a computer program comprising program instructions, the processor being configured to invoke the program instructions to perform the method according to the first and/or second aspect.
In a sixth aspect, an embodiment of the present application provides a computer-readable storage medium, including:
the computer readable storage medium has instructions stored therein which, when run on a computer, implement the method according to the first and/or second aspect.
In a seventh aspect, embodiments of the present application provide a computer program product comprising a non-transitory computer readable storage medium storing a computer program, the computer being operable to cause a computer to perform the method of the first and/or second aspects.
By implementing the embodiment of the application, the CAN FD information is used in the digital signature, so that the problem that VIN code information is easy to forge and falsify is avoided, and the communication safety is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the description of the embodiments will be briefly described below. It will be apparent to those of ordinary skill in the art that the drawings in the following description are of some embodiments of the application and that other drawings may be derived from them without undue effort.
FIG. 1 is a schematic diagram of a system architecture for data processing according to an embodiment of the present application;
FIG. 2 is a schematic flow chart of a data processing method according to an embodiment of the present application;
FIG. 3 is a flowchart illustrating another data processing method according to an embodiment of the present application;
FIG. 4 is a schematic diagram illustrating a data processing apparatus according to an embodiment of the present application;
FIG. 5 is a schematic diagram illustrating another data processing apparatus according to an embodiment of the present application;
fig. 6 is a schematic diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
The terms "first," "second," "third," and "fourth" and the like in the description and in the claims and drawings are used for distinguishing between different objects and not necessarily for describing a particular sequential or chronological order. Furthermore, references to the terms "comprising" and "having" and any variations thereof in the description of the present application are intended to cover a non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those listed steps or elements but may include other steps or elements not listed or inherent to such process, method, article, or apparatus.
Reference herein to "an embodiment" means that a particular feature, result, or characteristic described in connection with the embodiment may be included in at least one embodiment of the application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments.
It should be noted that, in the embodiments of the present application, words such as "exemplary" or "such as" are used to mean serving as an example, instance, or illustration. Any embodiment or method of design described herein as "exemplary" or "for example" is not necessarily to be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion. In embodiments of the application, "A and/or B" means both A and B, A or B. "A, and/or B, and/or C" means any one of A, B, C, or any two of A, B, C, or A and B and C.
The controller area network bus (CAN, controller Area Network) is a serial communication protocol bus for real-time applications that CAN use twisted pair wires to transmit signals, one of the most widely used fieldbuses worldwide. The CAN protocol is used for communication between various components in an automobile to replace expensive and heavy wiring harnesses. The CAN protocol CAN provide real-time support and integrity serial data communication, but since the highest transmission rate of the CAN bus is 1Mbit/s (the actual use rate of an automobile CAN system is 500kbit/s generally), the electronic control unit (Electronic Control Unit, ECU) greatly increases the bus load rate so as to cause network congestion, and the reliability and real-time performance of information transmission are affected. Variable rate CAN (CAN with Flexible Data-rate, CAN FD) is an improvement over CAN. CAN FD inherits the main characteristics of the CAN bus and greatly improves the data transmission efficiency.
Currently, a domain controller corresponding to an Ultra Wideband (UWB) device on a vehicle can control an electric door and window, a central control door lock, a lighting system and the like. In order to ensure the versatility of the encryption method of the multiple electronic control units (Electronic Control Unit, ECU), the vehicle identification code (Vehicle Identification Number, VIN) is often used to confirm the legitimacy of the UWB device. However, this implementation has the problem that the VIN code information is easy to falsify and falsify. Therefore, how to improve the security of communication is a problem to be solved.
In order to better understand the technical solution of the embodiment of the present application, a system architecture of data processing possibly related to the embodiment of the present application is first described. Referring to fig. 1, a schematic system architecture of data processing according to an embodiment of the present application may include a UWB device 10 and a domain controller 20 of a vehicle.
After the vehicle comes off line, if the vehicle needs to be controlled, for example, the door is unlocked, the vehicle is started, or the window is opened, the UWB device needs to be in communication with the vehicle, so as to realize the control action. In order to ensure communication security, in an embodiment of the present application, the UWB device 10 may process various data first, and may specifically include: obtaining a digital signature from the plaintext and the private key of the UWB device 10; for encrypting plaintext from the symmetric key, public key of UWB device 10, and digital signature to obtain encrypted information; for encrypting the symmetric key according to the public key of the domain controller 20 to obtain key encryption information; the processed data (e.g., data containing encryption information and key encryption information) is then sent to domain controller 20. The plaintext comprises CAN FD information, positioning data of UWB equipment, vehicle identification code VIN and random number. After receiving the data frame including the encryption information and the key encryption information sent by the UWB device 10, the domain controller 20 may decrypt the received encryption data to obtain plaintext and determine validity of the UWB device 10, which may specifically include: decrypting the key encryption information based on the private key of domain controller 20 to obtain a symmetric key; decrypting the encrypted information according to the symmetric key to obtain a plaintext, a public key of the UWB equipment and a digital signature; decrypting the digital signature according to the public key of the UWB device to obtain a first abstract; obtaining a second abstract according to the plaintext; and confirming that the UWB device passes verification if the first digest is consistent with the second digest. The plaintext comprises CAN FD information, positioning data of the UWB equipment, a vehicle identification code and a random number. Further, after the data frame transmitted by the UWB device 10 is verified by the domain controller 20, the vehicle may be controlled by the UWB device 10 or directly (corresponding to unlocking the vehicle after the verification is passed, the user may directly operate the vehicle without passing through the UWB device), where the control operation includes unlocking the door, locking the door, opening the door, closing the door, opening the window, or starting the engine, etc.
The method according to the embodiment of the present application is described in detail below.
Referring to fig. 2, a flow chart of a data processing method according to an embodiment of the present application, which is applied to a UWB device of a vehicle, may include the following steps S201 to S204:
step S201: and obtaining the digital signature according to the plaintext and the private key of the UWB device.
The plaintext comprises CAN FD information, positioning data of UWB equipment, a vehicle identification code and a random number.
In one possible implementation, the CAN FD information includes CAN FD data length, frame format, and CAN FD identification.
In CAN, the data length in the data frame is at most 8 bytes, in CAN FD, the data length in the data frame is at most 64 bytes, i.e. CAN FD compatible CAN compatible data format, and CAN also support 12, 16, 20, 24, 32, 48 and 64 bytes. Like CAN frame format, CAN FD frame format consists of 7 different bit fields, namely a start of frame (SOF), arbitration field, control field, data field, CRC check field, ACK acknowledgement field, and end of frame (EOF). But CAN FD is increased by FDF, BRS, ESI bits. Wherein the FDF bit (Flexible Data Rate Format) is a reserved bit r in the original CAN data frame. The FDF bit is always recessive (1) to indicate CAN message or CAN-FD message. BRS Bit (Bit Rate Switch): representing bit rate conversion, the bit rate of the data segment coincides with the bit rate of the arbitrated segment (constant rate) when the BRS is dominant bits (0), and the rate is variable when the BRS is recessive bits (1) (i.e., BSR to CRC uses conversion rate transmission). ESI bit (Error State Indicator): and sending a node error state indication, sending a dominant bit (0) when the node is actively erroneous, and sending a recessive bit (1) when the node is passively erroneous. CAN FD identifies data in a bit field, which is an arbitration field in a frame format, that CAN be used to distinguish messages and to indicate the priority of a message. The above CAN be seen that the CAN FD information has flexibility and CAN be changed continuously. In the process of obtaining the digital signature, the CAN FD information is used, so that the digital signature CAN be effectively prevented from being falsified and tampered, and the communication safety is improved. The vehicle identification code is the identification number of the automobile, is determined according to the national vehicle management standard, and contains information such as the manufacturer, the year, the vehicle type, the vehicle body type and code, the engine code, the assembly site and the like of the vehicle.
In one possible implementation, deriving the digital signature from the plaintext and a private key of the UWB device includes: obtaining a first abstract according to the plaintext; and encrypting the first digest according to the private key of the UWB device to obtain a digital signature.
The hash algorithm is also called a digest algorithm, and can calculate any group of input data to obtain an output digest with a fixed length. And since the hash function is mainly used for checking the integrity of data, the operation result is irreversible. That is, the hash algorithm may calculate an output digest for a set of input data, but cannot calculate the input data by inverting the hash algorithm for the output digest. In the embodiment of the application, a hash algorithm can be utilized to calculate the plaintext, and a group of first digests with fixed lengths are obtained. The first digest may be used to subsequently verify the integrity of the plaintext.
The first digest is then encrypted using an asymmetric encryption algorithm (e.g., RSA algorithm, ESA algorithm, ECC algorithm, DH algorithm, etc.) to obtain a digital signature.
Step S202: and encrypting the plaintext according to the symmetric key, and obtaining the encrypted information by the public key and the digital signature of the UWB equipment.
The plaintext, the public key of the UWB device, and the digital signature may be encrypted using a symmetric encryption algorithm (e.g., AES algorithm, DES algorithm, RC4 algorithm, etc.) and a symmetric key. Alternatively, plaintext, the public key of the UWB device, and the digital signature may be used as one data, which is encrypted using a symmetric encryption algorithm and a symmetric key to obtain encrypted information. Alternatively, plaintext, a public key of UWB device, and a digital signature may be used as three data, which are encrypted by using a symmetric encryption algorithm and a symmetric key, respectively, to obtain encrypted information. The embodiment of the present application is not limited thereto.
In one possible implementation, the plaintext, the public key of the UWB device, and the digital signature may be encrypted using CAN FD information in a symmetric encryption algorithm. For example, the symmetric key is set to CAN FD information.
Step S203: and encrypting the symmetric key according to the public key of the domain controller to obtain key encryption information.
The symmetric key may be encrypted using an asymmetric encryption algorithm and the public key of the domain controller to obtain key encryption information. Because the key used in the asymmetric algorithm is the public key of the domain controller, that is, only the domain controller of the vehicle corresponding to the UWB device receives the key encryption information, the correct symmetric key can be obtained, and other devices cannot obtain the key encryption information when receiving the key encryption information.
Step S204: and sending a data frame containing the encryption information and the key encryption information to the domain controller.
In one possible implementation, the following steps A1-A4 may be included:
step A1: and judging whether the sum of the data length of the encryption information and the key encryption information in the data frame exceeds a preset length.
Because the length of the data field in the CAN FD data frame is 64 bytes at maximum, if the sum of the data lengths of the encryption information and the key encryption information exceeds 64 bytes, the encryption information and the key encryption information are all located in one data frame. Therefore, it is necessary to determine the sum of the data length of the encrypted information and the key encrypted information (data in the data field) in the data frame, and determine whether the sum exceeds the preset length. It is understood that the data length of the CAN FD is 64 bytes at maximum, but the preset length may be 64 bytes or less than 64 bytes, which is not limited in the embodiment of the present application.
Step A2: and sending the data frame to the domain controller under the condition that the sum of the data lengths does not exceed the preset length.
In the case where the sum of the data lengths of the encryption information and the key encryption information does not exceed the preset length, the encryption information and the key encryption information may be located in one data frame, and thus, the data frame may be directly transmitted to the domain controller.
Step A3: and under the condition that the sum of the data lengths exceeds the preset length, packetizing the encryption information and the key encryption information to obtain N data frames with the length smaller than the preset length.
In the case where the sum of the data lengths of the encryption information and the key encryption information does not exceed the preset length, the encryption information and the key encryption information may not all be located in one data frame, and therefore, it is necessary to split the encryption information and the key encryption information into a plurality of (e.g., N) data frames. It will be appreciated that instead of a fixed split into N data frames, the number of data frames after the split is denoted as N. Alternatively, the encryption information and the key encryption information may be split into a plurality of data frames, respectively. For example, if the data length of the encryption information is 2.5 times of the preset length and the data length of the key encryption information is 0.5 times of the preset length, the encryption information may be split into 3 data frames (assuming that the first data frame to the third data frame are respectively) and the key encryption information is placed in 1 data frame (assuming that the fourth data frame). Where n=4. That is, in the case where the sum of the data lengths of the encryption information and the key encryption information exceeds the preset length, when the encryption information and the key encryption information are split into a plurality of data frames, the encryption information and the key encryption information are placed in different data frames, respectively. Thus, the data can be better distinguished. Alternatively, the encryption information and the key encryption information may be split together into a plurality of data frames. For example, if the data length of the encryption information is 2.5 times of the preset length and the data length of the key encryption information is 0.5 times of the preset length, the encryption information may be split into 3 data frames (assuming that the data length of the encryption information is less than 3 times of the preset length, respectively), and the key encryption information may be placed in the third data frame. Where n=3. That is, in the case where the sum of the data lengths of the encryption information and the key encryption information exceeds the preset length, when the encryption information and the key encryption information are split into a plurality of data frames, the encryption information and the key encryption information may be placed in the same data frame. So that communication resources can be saved. The embodiment of the present application is not limited thereto.
Step A4: and transmitting the N data frames smaller than the preset length to the domain controller.
After splitting the encryption information and the key encryption information to obtain N data frames, the N data frames may be sent to the domain controller.
Referring to fig. 3, a flow chart of another data processing method provided in an embodiment of the present application, applied to a domain controller, may include the following steps:
step S301: and receiving a data frame which is sent by the UWB equipment and contains the encryption information and the key encryption information.
The domain controller includes, but is not limited to, a gateway or ECU of the vehicle, and the like, and the embodiment of the present application is not limited thereto.
In one possible implementation, receiving a data frame including encryption information and key encryption information sent by a UWB device may include the steps of: judging whether the sum of the data length of the encryption information and the key encryption information exceeds a preset length; receiving a data frame which is sent by UWB equipment and contains encryption information and key encryption information under the condition that the sum of the data lengths does not exceed a preset length; receiving N data frames smaller than the preset length sent by UWB equipment under the condition that the sum of the data lengths exceeds the preset length; and packing N data frames smaller than the preset length to obtain encryption information and key encryption information.
It should be noted that the data length in the received single data frame does not exceed the preset length. The implementation manner for judging whether the sum of the data lengths of the encryption information and the key encryption information exceeds the preset length shown in the embodiment of the application includes but is not limited to: the data sent by the UWB device and used for representing the sum of the data length is judged, or whether the data length in a single data frame reaches the preset length and whether the data in the single data frame is complete is judged. And receiving the data frame which contains the encryption information and the key encryption information and is sent by the UWB equipment under the condition that the sum of the data lengths of the data frames does not exceed the preset length. Under the condition that the sum of the data lengths of the data frames exceeds the preset length, N data frames smaller than the preset length transmitted by the UWB searching equipment are combined, and the N data frames are packed, so that complete encryption information and key encryption information are obtained.
Step S302: and decrypting the key encryption information according to the private key of the domain controller to obtain a symmetric key.
Since the key encryption information is obtained by using the asymmetric encryption algorithm and the public key of the domain controller, when the domain controller is the domain controller corresponding to the UWB device, the correct symmetric key can be obtained by decrypting the key encryption information by using the private key of the domain controller. Other devices or other domain controllers not corresponding to the UWB device cannot obtain the correct symmetric key when they receive the key encryption information.
Step S303: and decrypting the encrypted information according to the symmetric key to obtain a plaintext, a public key of the UWB device and a digital signature.
Since the encrypted information is obtained by means of a symmetric key and a symmetric encryption algorithm. Therefore, after the domain controller obtains the symmetric key, the domain controller can decrypt the encrypted information by using the symmetric key to obtain plaintext before encryption, the public key of the UWB device and the digital signature. Similarly, if the symmetric key is not the correct symmetric key, the correct plaintext, public key of UWB device, and digital signature cannot be obtained by decrypting the encrypted information with the symmetric key.
The plaintext comprises CAN FD information, positioning data of the UWB equipment, a vehicle identification code and a random number.
In one possible implementation, the CAN FD information includes CAN FD data length, frame format, and CAN FD identification.
Step S304: and decrypting the digital signature according to the public key of the UWB equipment to obtain a first digest.
Since the digital signature is obtained by encrypting the first digest using the private key of the UWB device, after obtaining the public key of the UWB device and the digital signature, the digital signature may be decrypted according to the public key of the UWB device to obtain the first digest. It will be appreciated that the first digest obtained is that the UWB device uses a hash algorithm to compute the plaintext into a set of fixed-length output digests.
Step S305: and obtaining a second abstract according to the plaintext.
To verify that the resulting plaintext is complete, the domain controller may calculate the plaintext into a set of fixed-length second digests using the same hash algorithm as used by the UWB device.
Step S306: and confirming that the UWB device passes verification if the first digest is consistent with the second digest.
The first digest is compared with the second digest. If the first abstract is consistent with the second abstract, the obtained plaintext is completely indicated, and the UWB equipment is confirmed to pass the verification. If the first abstract is inconsistent with the second abstract, the obtained plaintext is incomplete, and the UWB equipment is confirmed to be not verified.
In one possible implementation, after step S306, the method may further include: in the case where the UWB device passes the verification, the control vehicle performs the target operation.
The target operation includes one or more of unlocking a door, locking a door, opening a door, closing a door, opening a window, or activating an engine. The embodiment of the present application is not limited thereto.
In the event that the UWB device does not pass verification, the data frame is discarded.
The following describes an apparatus according to an embodiment of the present application with reference to the drawings.
Fig. 4 is a schematic diagram of a data processing apparatus according to an embodiment of the application. As applicable to UWB devices, the data processing apparatus 400 may include:
the processing module 401 is configured to obtain a digital signature according to a plaintext and a private key of the UWB device, where the plaintext includes CAN FD information, positioning data of the UWB device, a vehicle identification code, and a random number; the digital signature is used for obtaining encryption information by encrypting the plaintext, the public key of the digital key and the digital signature according to the symmetric key; the system comprises a domain controller, a symmetric key and a key encryption module, wherein the symmetric key is used for encrypting the symmetric key according to the public key of the domain controller to obtain key encryption information;
a transceiver module 402, configured to send a data frame including the encryption information and the key encryption information to the domain controller.
Optionally, the CAN FD information includes a CAN FD data length, a frame format, and a CAN FD identifier.
Optionally, the processing module 401 is further configured to obtain a first digest according to the plaintext; and the first digest is encrypted according to the private key of the UWB device to obtain a digital signature.
Optionally, the processing module 401 is further configured to determine whether a sum of data lengths of the encryption information and the key encryption information in the data frame exceeds a preset length;
A transceiver module 402, configured to send the data frame to the domain controller if the sum of the data lengths does not exceed the preset length;
the processing module 401 is further configured to packetize the encryption information and the key encryption information to obtain N data frames smaller than the preset length when the sum of the data lengths exceeds the preset length;
the transceiver module 402 is further configured to send the N data frames smaller than the preset length to the domain controller.
The specific functional implementation of the data processing apparatus 400 may refer to the corresponding method steps in fig. 2, and will not be described herein.
Fig. 5 is a schematic diagram of another data processing apparatus according to an embodiment of the application. The data processing apparatus 500 may include:
a transceiver module 501, configured to receive a data frame including encryption information and key encryption information sent by a UWB device;
a processing module 502, configured to decrypt the key encryption information according to the private key of the domain controller to obtain a symmetric key; the encryption information is decrypted according to the symmetric key to obtain a plaintext, a public key of UWB equipment and a digital signature, wherein the plaintext comprises CAN FD information, positioning data of the UWB equipment, a vehicle identification code and a random number; the digital signature is decrypted according to the public key of the UWB equipment to obtain a first digest; the second abstract is obtained according to the plaintext; and means for confirming that the UWB device authentication passes if the first digest is consistent with the second digest.
Optionally, the CAN FD information includes a CAN FD data length, a frame format, and a CAN FD identifier.
Optionally, the data processing apparatus further comprises a control module 503 for controlling the vehicle to perform a target operation if the UWB device is verified, the target operation including one or more of unlocking a door, locking a door, opening a door, closing a door, opening a window, or starting an engine;
the processing module 502 is further configured to discard the data frame if the UWB device authentication is not passed.
Optionally, the processing module 502 is further configured to determine whether a sum of data lengths of the encryption information and the key encryption information exceeds a preset length;
the transceiver module 501 is further configured to receive a data frame including encryption information and key encryption information sent by the UWB device, where the sum of the data lengths does not exceed the preset length; and the device is further used for receiving N data frames which are smaller than the preset length and are sent by the UWB equipment under the condition that the sum of the data lengths exceeds the preset length;
the processing module 502 is further configured to package the N data frames smaller than the preset length to obtain the encryption information and the key encryption information.
The specific functional implementation of the data processing apparatus 500 may refer to the corresponding method steps in fig. 3, and will not be described herein.
Fig. 6 is a schematic diagram of an electronic device according to an embodiment of the present application. May include: a processor 110, a memory 120; the processor 110, the memory 120 and the communication interface 130 are connected through the bus 140, where the memory 120 is used for storing instructions, and the processor 110 is used for executing the instructions stored in the memory 120 to implement the method steps corresponding to fig. 2-3 above.
The processor 110 is configured to execute the instructions stored in the memory 120 to control the communication interface 130 to receive and transmit signals, thereby completing the steps in the method. The memory 120 may be integrated into the processor 110 or may be provided separately from the processor 110.
As an implementation, the functions of the communication interface 130 may be considered to be implemented by a transceiver circuit or a dedicated chip for transceiving. The processor 110 may be considered to be implemented by a dedicated processing chip, a processing circuit, a processor, or a general-purpose chip.
As another implementation manner, a manner of using a general-purpose computer may be considered to implement the electronic device provided by the embodiment of the present application. I.e. program code implementing the functions of the processor 110, the communication interface 130 is stored in the memory 120, and the general purpose processor implements the functions of the processor 110, the communication interface 130 by executing the code in the memory 120.
The concepts related to the technical solutions provided by the embodiments of the present application, explanation, detailed description and other steps related to the electronic device refer to the foregoing methods or descriptions of the contents of the method steps executed by the apparatus in other embodiments, which are not repeated herein.
As another implementation of this embodiment, a computer-readable storage medium is provided, on which instructions are stored, which when executed perform the method in the method embodiment described above.
As another implementation of this embodiment, a computer program product is provided that contains instructions that, when executed, perform the method of the method embodiment described above.
Those skilled in the art will appreciate that only one memory and processor is shown in fig. 6 for ease of illustration. In an actual terminal or server, there may be multiple processors and memories. The memory may also be referred to as a storage medium or storage device, etc., and embodiments of the present application are not limited in this respect.
It should be appreciated that in embodiments of the present application, the processor may be a central processing unit (Central Processing Unit, CPU for short), other general purpose processor, digital signal processor (Digital Signal Processing, DSP for short), application specific integrated circuit (Application Specific Integrated Circuit, ASIC for short), off-the-shelf programmable gate array (Field-Programmable Gate Array, FPGA for short) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like.
It should also be understood that the memory referred to in embodiments of the present application may be volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The nonvolatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an electrically Erasable ROM (Electrically EPROM, EEPROM), or a flash Memory. The volatile memory may be a random access memory (Random Access Memory, RAM for short) which acts as an external cache. By way of example, and not limitation, many forms of RAM are available, such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (Double Data Rate SDRAM), enhanced SDRAM (ESDRAM), synchronous DRAM (SLDRAM), and direct memory bus RAM (Direct Rambus RAM, DR RAM).
Note that when the processor is a general-purpose processor, DSP, ASIC, FPGA or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, the memory (storage module) is integrated into the processor.
It should be noted that the memory described herein is intended to comprise, without being limited to, these and any other suitable types of memory.
The bus may include a power bus, a control bus, a status signal bus, and the like in addition to the data bus. But for clarity of illustration, the various buses are labeled as buses in the figures.
It should also be understood that the first, second, third, fourth and various numerical numbers referred to herein are merely descriptive convenience and are not intended to limit the scope of the application.
It should be understood that the term "and/or" is merely an association relationship describing the associated object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship.
In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or by instructions in the form of software. The steps of a method disclosed in connection with the embodiments of the present application may be embodied directly in a hardware processor for execution, or in a combination of hardware and software modules in the processor for execution. The software modules may be located in a random access memory, flash memory, read only memory, programmable read only memory, or electrically erasable programmable memory, registers, etc. as well known in the art. The storage medium is located in a memory, and the processor reads the information in the memory and, in combination with its hardware, performs the steps of the above method. To avoid repetition, a detailed description is not provided herein.
In various embodiments of the present application, the sequence number of each process does not mean the sequence of execution, and the execution sequence of each process should be determined by its functions and internal logic, and should not constitute any limitation on the implementation process of the embodiments of the present application.
Those of ordinary skill in the art will appreciate that the various illustrative logical blocks (illustrative logical block, abbreviated ILBs) and steps described in connection with the embodiments disclosed herein can be implemented in electronic hardware, or in combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the several embodiments provided by the present application, it should be understood that the disclosed systems, devices, and methods may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces a flow or function in accordance with embodiments of the present application, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by a wired (e.g., coaxial cable, fiber optic, digital subscriber line), or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid state disk), etc.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (12)
1. A data processing method, characterized by being applied to a UWB device of a vehicle, the method comprising:
obtaining a digital signature according to a plaintext and a private key of the UWB equipment, wherein the plaintext comprises CAN FD information, positioning data of the UWB equipment, a vehicle identification code and a random number;
encrypting the plaintext, the public key of the UWB equipment and the digital signature according to a symmetric key to obtain encryption information;
encrypting the symmetric key according to the public key of the domain controller to obtain key encryption information;
and sending a data frame containing the encryption information and the key encryption information to the domain controller.
2. The method of claim 1, wherein the CAN FD information comprises a CAN FD data length, a frame format, and a CAN FD identification.
3. The method of claim 1, wherein said obtaining a digital signature from plaintext and a private key of the UWB device comprises:
obtaining a first abstract according to the plaintext;
and encrypting the first digest according to the private key of the UWB equipment to obtain a digital signature.
4. The method of claim 1, wherein the sending encryption information and the key encryption information to the domain controller comprises:
judging whether the sum of the data length of the encryption information and the key encryption information in the data frame exceeds a preset length;
transmitting the data frame to the domain controller under the condition that the sum of the data lengths does not exceed the preset length;
under the condition that the sum of the data lengths exceeds a preset length, the encryption information and the key encryption information are packetized to obtain N data frames smaller than the preset length;
and transmitting the N data frames smaller than the preset length to the domain controller.
5. A data processing method, characterized by being applied to a domain controller of a vehicle, the method comprising:
receiving a data frame which is sent by UWB equipment and contains encryption information and key encryption information;
Decrypting the key encryption information according to the private key of the domain controller to obtain a symmetric key;
decrypting the encrypted information according to the symmetric key to obtain a plaintext, a public key of UWB equipment and a digital signature, wherein the plaintext comprises CAN FD information, positioning data of the UWB equipment, a vehicle identification code and a random number;
decrypting the digital signature according to the public key of the UWB equipment to obtain a first abstract;
obtaining a second abstract according to the plaintext;
and confirming that the UWB equipment passes verification under the condition that the first digest is consistent with the second digest.
6. The method of claim 5, wherein the CAN FD information comprises CAN FD data length, frame format, and CAN FD identification.
7. The method of claim 5, wherein the method further comprises:
controlling the vehicle to perform a target operation if the UWB device is verified, the target operation including one or more of unlocking a door, locking a door, opening a door, closing a door, opening a window, or starting an engine;
and discarding the data frame in the case that the UWB device authentication is not passed.
8. The method of claim 5, wherein receiving the data frame comprising the encryption information and the key encryption information transmitted by the UWB device comprises:
Judging whether the sum of the data length of the encryption information and the key encryption information exceeds a preset length;
receiving a data frame which is sent by UWB equipment and contains encryption information and secret key encryption information under the condition that the sum of the data lengths does not exceed the preset length;
receiving N data frames which are smaller than the preset length and are sent by the UWB equipment under the condition that the sum of the data lengths exceeds the preset length;
and packaging the N data frames smaller than the preset length to obtain the encryption information and the key encryption information.
9. A data processing apparatus, comprising:
the processing module is used for obtaining a digital signature according to a plaintext and a private key of the UWB equipment, wherein the plaintext comprises CAN FD information, positioning data of the UWB equipment, a vehicle identification code and a random number; the public key of the UWB equipment and the digital signature are used for encrypting the plaintext according to the symmetric key to obtain encryption information; and the public key is used for encrypting the symmetric key according to the domain controller to obtain key encryption information;
and the receiving and transmitting module is used for transmitting the data frame containing the encryption information and the key encryption information to the domain controller.
10. A data processing apparatus, comprising:
the receiving and transmitting module is used for receiving a data frame which is sent by the UWB equipment and contains encryption information and key encryption information;
the processing module is used for decrypting the secret key encryption information according to the private key of the domain controller to obtain a symmetric secret key; the encryption information is decrypted according to the symmetric key to obtain a plaintext, a public key of UWB equipment and a digital signature, wherein the plaintext comprises CAN FD information, positioning data of the UWB equipment, a vehicle identification code and a random number; the digital signature is decrypted according to the public key of the UWB equipment to obtain a first digest; the second abstract is obtained according to the plaintext; and means for confirming that the UWB device authentication passes if the first digest is consistent with the second digest.
11. An electronic device, comprising:
a processor and a memory, the processor and the memory being interconnected, wherein the memory is adapted to store a computer program, the computer program comprising program instructions, the processor being configured to invoke the program instructions to perform the method according to any of claims 1-8.
12. A computer-readable storage medium, comprising:
the computer readable storage medium having instructions stored therein which, when run on a computer, implement the method of any of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310761004.0A CN116761174A (en) | 2023-06-26 | 2023-06-26 | Data processing method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310761004.0A CN116761174A (en) | 2023-06-26 | 2023-06-26 | Data processing method and device and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116761174A true CN116761174A (en) | 2023-09-15 |
Family
ID=87951122
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310761004.0A Pending CN116761174A (en) | 2023-06-26 | 2023-06-26 | Data processing method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116761174A (en) |
-
2023
- 2023-06-26 CN CN202310761004.0A patent/CN116761174A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Ueda et al. | Security authentication system for in-vehicle network | |
| KR102243114B1 (en) | Real-time frame authentication using id anonymization in automotive networks | |
| CN106464499B (en) | Communication network system, transmission node, reception node, message checking method, transmission method, and reception method | |
| CN108353015B (en) | Relay device | |
| US9252945B2 (en) | Method for recognizing a manipulation of a sensor and/or sensor data of the sensor | |
| US11245535B2 (en) | Hash-chain based sender identification scheme | |
| WO2021168859A1 (en) | Secure communication method for controller area network bus, and device | |
| Groll et al. | Secure and authentic communication on existing in-vehicle networks | |
| CN114710351A (en) | Method and system for improving data security during communication | |
| EP3565212B1 (en) | Method for providing an authenticated update in a distributed network | |
| US20190347421A1 (en) | Data provision system, data security device, data provision method, and computer program | |
| CN113132082A (en) | Communication method and device based on vehicle intranet | |
| US10581609B2 (en) | Log message authentication with replay protection | |
| CN113169979A (en) | Method for detecting intrusion into distributed field bus of network and system thereof | |
| EP3713190A1 (en) | Secure bridging of controller area network buses | |
| CN111865557A (en) | Check code generation method and device | |
| Ansari et al. | IntelliCAN: Attack-resilient controller area network (CAN) for secure automobiles | |
| Carsten et al. | A system to recognize intruders in controller area network (can) | |
| CN116761174A (en) | Data processing method and device and electronic equipment | |
| US20190334998A1 (en) | Sensor For Detecting Measured Values; Method, Device And Computer-Readable Storage Medium With Instructions For Processing Measured Values From A Sensor | |
| CN111148275A (en) | Communication method, device and system based on equipment code | |
| JP6620696B2 (en) | Electronic control unit | |
| Rasheed et al. | Using authenticated encryption for securing controller area networks in autonomous mobile platforms | |
| CN113347168A (en) | Protection method and system based on zero trust model | |
| CN112740726B (en) | Data transmission method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |