CN119449470A

CN119449470A - Data security verification method, terminal device and computer-readable storage medium

Info

Publication number: CN119449470A
Application number: CN202411792944.7A
Authority: CN
Inventors: 孙瀛; 韩春龙; 黄自豪; 钱皓雪; 陆松林; 张金贵
Original assignee: Weilai Automobile Technology Anhui Co Ltd
Current assignee: Weilai Automobile Technology Anhui Co Ltd
Priority date: 2024-12-04
Filing date: 2024-12-04
Publication date: 2025-02-14

Abstract

The application is applicable to the technical field of vehicle-mounted data security verification, and provides a data security verification method, terminal equipment and a computer readable storage medium, wherein the method comprises the steps of receiving first text information from a second service end, wherein the first text information comprises information of a first vehicle-mounted function subscribed by a user request; the method comprises the steps of obtaining first identification data by identifying first text information according to a first digital certificate, wherein the first digital certificate is a digital certificate associated with a first vehicle-mounted function in a plurality of digital certificates, and sending first information to a second server, the first information comprises the first identification data and the first digital certificate, and the first information is used for verifying whether a user has permission to subscribe the first vehicle-mounted function. The method can improve the safety of the vehicle-mounted subscription data of the user.

Description

Data security verification method, terminal equipment and computer readable storage medium

Technical Field

The application belongs to the technical field of vehicle-mounted data security verification, and particularly relates to a data security verification method, terminal equipment and a computer readable storage medium.

Background

With the advancement of the internet and mobile communication technologies, the vehicle-mounted information system becomes more and more intelligent, and can provide more diversified and personalized services, which promotes the continuous development and perfection of vehicle-mounted subscription functions. Moreover, as interoperability of vehicles with other devices (e.g., smartphones) increases, on-board subscription services need to be able to span different platforms and devices, requiring more sophisticated technology and more stringent data protection measures. In addition, the on-board subscription service may collect a large amount of user data that may be used to improve the service, provide a personalized experience, forecast maintenance, etc. Therefore, in order to provide a safe and reliable service experience for users, a verification method for ensuring the data security of the users is needed to protect the data security of the users.

Disclosure of Invention

The embodiment of the application provides a data security verification method, terminal equipment and a computer readable storage medium, which can improve the security of user vehicle-mounted subscription data.

In a first aspect, an embodiment of the present application provides a data security verification method, including:

receiving first text information from a second server, wherein the first text information comprises information of a first vehicle-mounted function subscribed by a user request;

The first text information is identified according to the first digital certificate to obtain first identification data, wherein the first digital certificate is a digital certificate associated with a first vehicle function in a plurality of digital certificates;

And sending first information to the second service end, wherein the first information comprises first identification data and a first digital certificate, and the first information is used for verifying whether a user has the authority of subscribing the first vehicle-mounted function.

The method comprises the steps that a first service end receives first text information which is sent by a second service end and contains first vehicle-mounted subscription information of a user, a first digital certificate corresponding to the first vehicle-mounted function subscribed by the user is retrieved from a preset digital certificate library, the subscription information of the user is identified by the first digital certificate, and identification data and the digital certificate are sent to the second service end so as to be used for verifying whether the user has permission to subscribe to the first vehicle-mounted function. The method is equivalent to multiple verification of the data of the user by utilizing multiple verification modes, and can improve the data security of the user.

In a possible implementation manner of the first aspect, the digital certificate includes a first field, where the first field is used to verify identity information of the second server, and before the first text information is identified according to the first digital certificate to obtain first identification data, the method further includes:

Determining the type of the first vehicle-mounted function according to the first text information;

And determining the matched certificate of the identity information of the second server indicated by the first field included in the digital certificates and the type of the first vehicle-mounted function as a first digital certificate.

In the embodiment of the application, the server can select the corresponding digital certificate according to the type of the vehicle-mounted function subscribed by the user, so that the certificate can be flexibly configured according to different function requirements, when a new vehicle-mounted function is required to be added or the existing function is required to be updated, only the corresponding digital certificate and configuration information are required to be updated, and the whole system is not required to be modified in a large scale, thereby improving the operation efficiency and the expandability of the system.

In a possible implementation manner of the first aspect, the identifying the first text information according to the first digital certificate to obtain the first identification data includes:

calculating a first hash value corresponding to the first text information;

Acquiring a first key pair corresponding to the first digital certificate, wherein the first key pair at least comprises a first encryption key;

and encrypting the first hash value according to a first encryption key corresponding to the first digital certificate to obtain first identification data.

In the embodiment of the application, the server side ensures the privacy of the original data by encrypting the hash value, and the original data cannot be restored even if the hash value is leaked, which is helpful for protecting the privacy and safety of the user data. The process of encrypting the hash value with the key corresponds to creating a digital signature for the data, which helps to verify the integrity and origin of the data.

In one embodiment, the method further comprises:

And updating the password pair in the first digital certificate into a second key pair, wherein the second key pair comprises a second encryption key and a second decryption password corresponding to the second encryption key.

In the embodiment of the application, the security of the data can be improved by periodically replacing the secret key.

In one embodiment, the method is applied to a first device, wherein the first device is provided with a certificate chain, and the certificate chain comprises at least two digital certificates, and the method comprises the following steps:

Receiving first text information, a first digital certificate and first identification data, wherein the first text information comprises information of a first vehicle-mounted function to which a user requests subscription;

performing security verification on the first digital certificate and the first identification data according to the certificate chain to obtain a verification result;

And determining whether the user has the authority to subscribe to the first vehicle-mounted function or not according to the verification result and the first text information.

In the embodiment of the application, the first device firstly verifies whether the first digital certificate is trusted, ensures that the certificate is not expired, revoked or forged, is helpful for preventing a malicious entity from using the forged or tampered certificate to impersonate the identity, and on the basis of the trusted certificate, the vehicle-mounted terminal further verifies the first field corresponding to the certificate, ensures that the information in the certificate is consistent with the current access target, and can determine whether to allow access to a specific function or service according to specific data content by verifying the identification data. By verifying the identification data, the in-vehicle terminal can decide whether to allow access to a specific function or service according to the specific data content.

In a possible implementation manner of the first aspect, performing security verification on the first digital certificate and the first identification data according to the certificate chain to obtain a verification result includes:

Performing trusted verification on the first digital certificate according to the certificate chain;

under the condition that the verification result of the first digital certificate indicates that the first digital certificate is credible, verifying a first field corresponding to the first digital certificate to obtain a first verification result;

And if the first verification result indicates that the first field passes verification, verifying the first identification data to obtain a verification result.

In the embodiment of the application, the certificate chain is a mechanism for verifying the validity of the digital certificate, and the certificate is connected with the root certificate, so that the certificate is ensured to be issued by a trusted certificate issuing organization, and the vehicle-mounted terminal ensures the validity and the trust degree of the certificate by verifying whether the authorization information of the first digital certificate is matched with the authorization information of the certificate in the preset certificate chain.

In a possible implementation manner of the first aspect, the first digital certificate includes authorization information of the first digital certificate, and the trusted verification of the first digital certificate according to the certificate chain includes:

verifying whether the authorization information of the first digital certificate is matched with the authorization information recorded in a second digital certificate, wherein the second digital certificate is a digital certificate connected with the first digital certificate in a certificate chain;

If the authorization information of the first digital certificate is matched with the authorization information recorded by the second digital certificate, the first digital certificate is determined to be credible.

In a possible implementation manner of the first aspect, verifying a first field corresponding to the first digital certificate, to obtain a first verification result includes:

Judging whether the identity information corresponding to the first field in the first digital certificate is the same as the identity information corresponding to the second server side;

And if the identity information corresponding to the first field in the first digital certificate is the same as the identity information corresponding to the second server, obtaining a first verification result that the first field passes the verification.

In the embodiment of the application, by judging whether the first field in the certificate is matched with the type of the vehicle-mounted function subscribed by the user, the vehicle-mounted terminal can finely control the access authority to the specific function, which is helpful for ensuring that only the user with the corresponding authority can use the subscribed function.

In a possible implementation manner of the first aspect, verifying the first identification data to obtain a verification result includes:

Calculating a second hash value corresponding to the first text information;

and verifying the first identification data according to the second hash value to obtain a verification result.

In the embodiment of the application, the hash value is calculated and verified, so that the data received by the vehicle-mounted terminal is ensured to be kept complete and not tampered in the transmission process and matched with the expected identification data, thereby improving the safety, the reliability and the user trust of the system.

In a possible implementation manner of the first aspect, verifying the first identification data according to the second hash value to obtain a verification result includes:

Acquiring a first decryption password of the first digital certificate from the first digital certificate, wherein the first decryption password corresponds to the first encryption key, and the first identification data is encrypted by adopting the first encryption password;

Decrypting the first identification data according to the first decryption password to obtain a decrypted first hash value;

If the second hash value is the same as the first hash value, the verification result indicates that the first identification data and the first digital certificate pass the security verification.

In the embodiment of the application, the public key in the digital certificate is used for decrypting the identification data, and the vehicle-mounted terminal can verify that the encryption process of the data is completed by a trusted entity, so that the data is not tampered in the transmission process, and the confidentiality and the security of the data are maintained.

In a second aspect, an embodiment of the present application provides a terminal device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the data security verification method according to any one of the first aspects when executing the computer program.

In a third aspect, an embodiment of the present application provides a computer-readable storage medium storing a computer program which, when executed by a processor, implements a data security verification method as in any one of the first aspects above.

It will be appreciated that the advantages of the second to third aspects may be found in the relevant description of the first aspect, and are not described in detail herein.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments or the description of the prior art will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

Fig. 1 is a schematic flow chart of a data security verification method according to an embodiment of the present application;

Fig. 2 is a schematic flow chart of acquiring first identification data according to an embodiment of the present application;

FIG. 3 is a second flow chart of a data security verification method according to an embodiment of the present application;

fig. 4 is a flowchart of a data security verification method according to an embodiment of the present application;

FIG. 5 is a flow chart of a verification result provided by an embodiment of the present application;

FIG. 6 is a schematic diagram of a data security verification method according to an embodiment of the present application;

fig. 7 is a schematic structural diagram of a terminal device according to an embodiment of the present application.

Detailed Description

In the following description, for purposes of explanation and not limitation, specific details are set forth such as the particular system architecture, techniques, etc., in order to provide a thorough understanding of the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.

It should be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.

It should also be understood that the term "and/or" as used in the present specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.

As used in the present description and the appended claims, the term "if" may be interpreted as "when..once" or "in response to a determination" or "in response to detection" depending on the context. Similarly, the phrase "if a determination" or "if a [ described condition or event ] is detected" may be interpreted in the context of meaning "upon determination" or "in response to determination" or "upon detection of a [ described condition or event ]" or "in response to detection of a [ described condition or event ]".

Furthermore, the terms "first," "second," "third," and the like in the description of the present specification and in the appended claims, are used for distinguishing between descriptions and not necessarily for indicating or implying a relative importance.

Reference in the specification to "one embodiment" or "some embodiments" or the like means that a particular feature, structure, or characteristic described in connection with the embodiment is included in one or more embodiments of the application. Thus, appearances of the phrases "in one embodiment," "in some embodiments," "in other embodiments," and the like in the specification are not necessarily all referring to the same embodiment, but mean "one or more but not all embodiments" unless expressly specified otherwise.

With the advancement of the internet and mobile communication technologies, the vehicle-mounted information system becomes more and more intelligent, and can provide more diversified and personalized services, which promotes the continuous development and perfection of vehicle-mounted subscription functions. Moreover, as interoperability of vehicles with other devices (e.g., smartphones) increases, on-board subscription services need to be able to span different platforms and devices, requiring more sophisticated technology and more stringent data protection measures. In addition, the on-board subscription service may collect a large amount of user data that may be used to improve the service, provide a personalized experience, forecast maintenance, etc. Therefore, in order to provide a safe and reliable service experience for users, an authentication method for ensuring the data security of the users is urgently needed to protect the data security of the users.

The data security verification system comprises a server side and a vehicle-mounted terminal, wherein the server side is provided with one or more digital certificates, a certificate chain is preset in the vehicle-mounted terminal and used for verifying the credibility of the digital certificates, the data security verification system is used for carrying out security verification on vehicle-mounted subscription information of a user, and in the verification process, the security of data is verified by utilizing a key rotation mechanism and a multiple verification mode.

Referring to fig. 1, a flowchart of a data security verification method provided by an embodiment of the present application is first applied to a first service end, where the first service end has one or more digital certificates, each digital certificate is associated with a vehicle-mounted function, and the method may include, by way of example and not limitation, the following steps:

s101, receiving first text information sent by a second server side, wherein the first text information comprises information of a vehicle-mounted function subscribed by a user.

In the embodiment of the application, the first server corresponds to a first server or platform for providing security management, the platform is a core part of the whole system and is responsible for protecting the security of user data and vehicle-mounted functions, and a series of security measures including data encryption, access control and identity verification are implemented to ensure that only authorized users can access sensitive information. The in-vehicle terminal is, needless to say, a data processing system inside the vehicle. The second service end is a service end providing a vehicle-mounted subscription function and is equivalent to a platform responsible for providing or managing the vehicle-mounted function, the platform comprises a plurality of service types, different service types correspond to non-service ends, such as AO service and FOTA service are two key services in the vehicle-mounted system, each of the two key services is provided with different service ends, the AO service end generally provides services for remote access, management and service operation for users, and the FOTA service end is responsible for remotely sending and installing firmware update of the vehicle system so as to repair vulnerabilities, add new functions or improve performance.

Specifically, the user inputs the vehicle-mounted function information to which the user wants to subscribe through the vehicle-mounted system or other devices (such as a smart phone or a tablet computer). Such functions may include, but are not limited to, navigation, music streaming services, real-time traffic information, vehicle remote monitoring, etc., and the second server converts the vehicle-mounted function information subscribed by the user into a license file. This license file is typically a text file containing authorization information that proves the user's subscription rights to a particular function. This license file is the key that the server side uses to identify and verify the user subscription information. The generated license file is sent to the first service end as first text information. The "first text information" refers to a first piece of information sent by the second server to the first server, and the first piece of information contains vehicle-mounted function details subscribed by a user. The first service end receives a license file sent by the second service end, and the license file contains vehicle-mounted function information subscribed by a user. The first server needs to parse the file to learn about the specific subscription content of the user.

S102, the first text information is identified according to the first digital certificate, so that first identification data is obtained, and the first digital certificate is a digital certificate associated with a first vehicle function in the plurality of digital certificates.

In the embodiment of the application, a plurality of digital certificates are preset at the server side, and the digital certificates are used for verifying and authorizing the user to access the vehicle-mounted functions. A digital certificate is an electronic document that contains a public key and identity information of the certificate holder, typically used to encrypt and decrypt communications, as well as to verify the identity of a party.

Specifically, since the first server includes a plurality of first certificates corresponding to the vehicle-mounted functions, the first certificates corresponding to the first vehicle-mounted functions can be matched according to the first vehicle-mounted functions subscribed by the user provided by the second server, the first digital certificates are used for identifying the first text information, which is equivalent to a digital signature process, and the first identification data is equivalent to signed data.

S103, first information is sent to the second service end, the first information comprises first identification data and a first digital certificate, and the first information is used for verifying whether a user has permission to subscribe to the first vehicle-mounted function.

In the embodiment of the application, the first server sends the signature data (first identification data) and the first digital certificate to the second server for verifying whether the user has permission to subscribe to the vehicle-mounted function.

In one embodiment, the digital certificate includes a first field for verifying the identity information of the second server, and the method further includes, before implementing step S102:

s201, determining a first type of the first vehicle-mounted function according to the first text information.

In the embodiment of the application, the first field is a custom field in the digital certificate, and is used to contain additional information, which can help the server identify the service type corresponding to the certificate. This field is usually set by the server according to the needs of different services, and may be any character string, but there will usually be a certain naming specification to facilitate identification and management. Through the first field, the server can distinguish different services in the digital certificate. For example, if the server needs to manage digital certificates for the AO service and the FOTA service, respectively, it may set a specific extension field, such as "AOLIC", for the digital certificate of the AO service, and set another extension field, such as "FOTA", for the digital certificate of the FOTA service.

When the first service end receives the first text information (i.e. license file containing the vehicle-mounted function information subscribed by the user) sent by the second service end, the first service end obtains the first type of the vehicle-mounted function subscribed by the user according to the information in the license file. The first type refers to a service end type corresponding to a specific function subscribed by a user, such as navigation, music playing and other corresponding vehicle-mounted functions for managing the AO service end, and the first type is the AO service end.

S202, the identity information of the second server indicated by the first field included in the digital certificates is determined to be a first digital certificate with the matched certificate of the first type of the first vehicle-mounted function.

In the embodiment of the application, in a plurality of digital certificates preset by a first service end, each digital certificate comprises a first field, and the field is used by the service end for distinguishing different services or functions.

When the first service end receives the first text information (namely, license file containing vehicle-mounted function information subscribed by the user) sent by the second service end, the first text information is compared with a preset digital certificate according to the information. When the server retrieves the digital certificate according to the type of function (first type) to which the user subscribes, it will find a certificate whose first field matches the first type. For example, if the function type subscribed to by the user is AO service, the server may find that the first field contains a digital certificate of "AOLIC". Once the server finds a digital certificate with a first field that matches the first type, this certificate is considered a "first digital certificate". The server uses this certificate to verify the subscription rights of the user.

In the method, the server can effectively manage different service types and functions by using the first field, and ensure the accuracy of the authorization process. The method improves the security and reliability of the system and simultaneously makes the authorization management more flexible and efficient.

In one embodiment, referring to fig. 2, a flowchart of acquiring first identification data provided in an embodiment of the present application is shown, where the step S102 includes:

s301, calculating a first hash value corresponding to the first text information.

In the embodiment of the application, the text (first text information) needing to be signed (marked) is subjected to hash operation, and a hash value (first hash value) with fixed length is generated. This hash value is a fingerprint of the text reflecting the original content of the text.

Specifically, a suitable hash function needs to be selected. Common hash functions are MD5, SHA-1, SHA-256, etc. Different hash functions have different security and performance characteristics. For example, MD5 and SHA-1 have proven to be security vulnerabilities and are no longer recommended for security-sensitive applications. The first text information is converted into a data format supported by a hash function. Typically, this involves converting text into byte strings, as the hash function is operated on byte data. The byte string of the text information is calculated using the selected hash function. The hash function processes the input data (byte string) and outputs a hash value (typically a digest) of a fixed length. After the hash function calculation is completed, a digest, which is typically a number, is output, and this digest is the hash value (first hash value) of the text. This value is typically a string of fixed length, such as 32 hexadecimal digits.

S302, a first key pair corresponding to a first digital certificate is obtained, wherein the first key pair at least comprises a first encryption key and a first decryption key;

In the embodiment of the application, after the first hash value corresponding to the first text information is obtained, the first server needs to digitally sign the first text information, that is, encrypt the first text information by using the key corresponding to the first digital certificate to generate the signature. The first server stores a plurality of digital certificates, and the first server also stores a key corresponding to each certificate, and the keys of the plurality of certificates are physically stored in the first server HSM.

The first server needs to obtain a first encryption key paired with a first digital certificate in the HSM, where the digital certificate typically includes a first decryption key, i.e., a public key, which is publicly distributed for verifying the signature, and the first encryption key must be kept secret for generating the signature.

S303, encrypting the first hash value according to a first encryption key corresponding to the first digital certificate to obtain first identification data.

In the embodiment of the present application, once the first server has the first encryption key corresponding to the first digital certificate, it encrypts the first hash value calculated previously using the first encryption key. This process is typically an asymmetric encryption algorithm, such as RSA, ECC, etc., on the hash value with the first encryption key. The result after encryption is an encrypted hash, also known as a digital signature.

The encrypted first hash value (digital signature) is said first identification data. This data demonstrates the sender's ownership of the original text and a statement that the text has not been tampered with. Since only the sender possessing the corresponding key can generate this signature, it is unique and can be used to verify the sender's identity. The first server sends the encrypted hash (first identification data) and the first digital certificate to the second server (AO-end).

In the method, the server side ensures the privacy of the original data by encrypting the hash value, and even if the hash value is leaked, the original data cannot be restored, so that the privacy and the safety of the user data can be protected. The process of encrypting the hash value with the key corresponds to creating a digital signature for the data, which helps to verify the integrity and origin of the data.

In one embodiment, to secure the data, the method further comprises:

In the embodiment of the application, the key of the digital certificate needs to be updated periodically for data security. The "second key pair" herein refers to a new key combination comprising two parts, namely a second encryption key and a second decryption key corresponding to the second encryption key, and the original key in the first digital certificate is replaced with a new key pair, so that the user can continue to securely use the digital certificate for encryption and decryption operations even if the original key is no longer secure.

In one embodiment, referring to fig. 3, a second flowchart of a data security verification method provided by the embodiment of the present application is shown in fig. 3, and is applied to a first device, where the first device has a certificate chain, and the certificate chain includes at least two digital certificates, where the method includes:

S401, receiving first identification data, a first digital certificate and first text information, wherein the first text information comprises information of a first vehicle-mounted function to which a user requests subscription;

In the embodiment of the application, the first device is equivalent to a vehicle-mounted terminal, and the vehicle-mounted terminal performs security verification on the first identification data, the first digital certificate and the first text information after receiving the data. "certificate chain" as used herein refers to a series of digital certificates that are used to verify the validity of a digital certificate. A certificate chain is a sequence of multiple digital certificates, each certificate containing a trust anchor to its issuer (CERTIFICATE AUTHORITY, CA). The trust anchor is typically a certificate of the top-level CA, which is widely accepted and trusted. The certificate chain is used to verify the path of the certificates until a trusted root certificate is reached. In the present application, a certificate chain containing two trusted digital certificates is preset in advance in the ECU of the vehicle.

S402, carrying out security verification on the first digital certificate and the first identification data according to the certificate chain to obtain a verification result.

In the embodiment of the application, the certificate chain is a series of digital certificates which are arranged in a certain sequence and used for proving the validity of one certificate and verifying the security of the first identification data to obtain a verification result.

S403, determining whether the user has the authority to subscribe to the first vehicle-mounted function according to the verification result and the first text information.

In the embodiment of the application, after the security verification is performed on the first digital certificate and the first identification data, the security of the first text information is verified.

In the embodiment of the present application, referring to fig. 4, a third flowchart of a data security verification method provided in the embodiment of the present application is shown in fig. 4, and step S402 includes:

s501, performing trusted verification on the first digital certificate according to the certificate chain.

In the embodiment of the application, the vehicle-mounted terminal firstly verifies the validity of the received first digital certificate. It checks whether the issuer of the certificate is a trusted CA. The in-vehicle terminal verifies the first digital certificate using a preset certificate chain. It starts with the issuer CA in the first digital certificate and verifies one by one until a root CA is reached, which is a CA trusted by the vehicle terminal.

S502, under the condition that the verification result of the first digital certificate indicates that the first digital certificate is credible, verifying a first field corresponding to the first digital certificate to obtain a first verification result.

In the embodiment of the application, in the verification process of the digital certificate, after obtaining the first result (namely, whether the first digital certificate is reliable or not and whether the first digital certificate is valid or not), the vehicle-mounted terminal needs to further verify the first field corresponding to the first digital certificate. If the first result indicates that the first digital certificate is invalid, verification of the first field is not required.

S503, if the first verification result indicates that the first field verification is passed, verifying the first identification data to obtain a verification result.

In the embodiment of the application, after the first digital certificate and the first field pass the verification, the first identification data is finally verified.

In one embodiment, step S502 includes:

S601, verifying whether the authorization information of the first digital certificate is matched with the authorization information recorded in a second digital certificate, wherein the second digital certificate is a digital certificate connected with the first digital certificate in a certificate chain;

In the embodiment of the application, the first digital certificate generally contains some authorization information, such as the authority of the certificate holder, the validity period of the certificate, and the like. The in-vehicle terminal needs to extract this information for further verification. The vehicle-mounted terminal compares the authorization information with the authorization information of the upstream certificate in the certificate chain. This is to ensure that every link of the certificate chain is legal and that the certificate is not issued with override. If the authorization information does not match, it may indicate that the certificate chain is problematic or that the certificate itself is not legitimate.

S602, if the authorization information of the first digital certificate is matched with the authorization information recorded by the second digital certificate, determining that the first digital certificate is trusted.

In the embodiment of the application, if the authorization information in the certificate chain is not matched with the authorization information in the first digital certificate, the certificate chain may be indicated to have a problem or the certificate itself is illegal.

In one embodiment, the first digital certificate is determined to be authentic if the authorization information of the first digital certificate matches the authorization information of the second digital certificate record and the deadline of the first digital certificate is valid.

In the embodiment of the application, the vehicle-mounted terminal checks the validity period of the first digital certificate. If the certificate has expired, it is invalid and the vehicle terminal should not trust the certificate. The expiration date of the certificate is set by the CA at the time of certificate issuance, and typically has a start date and an end date.

If the authorization information matches, the certificate deadline is valid, then the first digital certificate is deemed trusted. If any problem is found in the verification, such as that the authorization information does not match or that the certificate expires, the first digital certificate is considered to be untrusted.

Through the verification step, the vehicle-mounted terminal obtains a first result, and the result indicates whether the first digital certificate is credible and valid.

In the embodiment of the present application, step S502 includes:

S701, judging whether the first type information corresponding to the first field in the first digital certificate and the identity information corresponding to the second server are the same.

In the embodiment of the application, whether the first type information corresponding to the first field in the first digital certificate is the same as the second service end is compared, if the first type information represents the AO end and the identity information of the second service end represents the FOTA end, the authorization information of the first type information and the authorization information of the second service end are not matched.

The vehicle-mounted terminal extracts a first field in the first digital certificate, analyzes the first text information, acquires a service end type (first type) of a first service end corresponding to the first text information, compares the service type corresponding to the first field in the first digital certificate with the service type corresponding to the first text information, and judges whether the service type and the service type are matched to obtain a matching result (second result).

In the embodiment of the application, if the second type of the vehicle-mounted function corresponding to the first field in the first digital certificate is equal to the first type of the vehicle-mounted function corresponding to the user in the first text message,

Illustratively, the first field is:

id-{organization}-ext-SignerPurpose=id-{organization}-ext{number}(1.3.6.1.4.59199.0.number.number)

The content of the extension of the field is SignerPurpose (signature certificate), which is defined as SignerPurpose, namely = PRINTABLE STRING (character string) = (1.3.6.1.4.59199.0.number), wherein the character string (1.3.6.1.4.59199.0.number) is a corresponding character language of a digital function type, the first field is analyzed and extracted, the character string is verified to correspond to the second type of information, then the second type of information is compared with the first type corresponding to the extracted first text information, if the first type of information is identical to the first type of information, the first field in the first digital certificate is successfully verified, and if the first type of information is not identical to the first field in the first digital certificate, the first field in the first digital certificate is failed to be verified.

In the method, by judging whether the first field in the certificate is matched with the type of the vehicle-mounted function subscribed by the user, the vehicle-mounted terminal can finely control the access authority to the specific function, and the method is helpful for ensuring that only the user with the corresponding authority can use the subscribed function.

S702, if the first type information corresponding to the first field in the first digital certificate is the same as the identity information corresponding to the second server, a first verification result that the first field passes the verification is obtained.

In the embodiment of the application, the core of the verification process is to compare whether the information contained in the first field in the first digital certificate is consistent with the corresponding identity information stored in the second server, and if the comparison result shows that the two pieces of information are the same, the verification is successful, and a verification passing result is obtained.

In one embodiment, step S503 includes:

And calculating a second hash value corresponding to the first text information.

In the embodiment of the application, after checking that the first field in the first digital certificate is in accordance with the predetermined standard or rule, the vehicle-mounted terminal means that the extension field in the first digital certificate is legal. This extension field in the certificate is legal and is associated with a particular service or authority. Once the first field is verified, the vehicle terminal calculates a hash value using the first text message (which may include information of the vehicle function to which the user subscribes). The hash value is a fixed-length string, which is a fingerprint of the original information that can be used to quickly verify the integrity of the information.

The purpose of calculating the hash value is to ensure that the first text information is not tampered with during transmission and that only certificates having the correct hash value can be accepted. This hash value may be regarded as a security check code of the first text information.

In an embodiment of the present application, the calculated second hash value may be used to compare with a stored or preset hash value. If the calculated hash value is consistent with the preset hash value, the first text message is considered to be authentic, and the user can be authorized to access the relevant vehicle-mounted service.

According to the method, the hash value is calculated and verified, so that the data received by the vehicle-mounted terminal are kept complete and untampered in the transmission process and are matched with the expected identification data, and the safety, reliability and user trust of the system are improved.

In one embodiment, referring to fig. 5, a flowchart of obtaining a verification result provided by the embodiment of the present application, as shown in fig. 5, verifies first identification data according to a second hash value to obtain the verification result, including:

S801, a first decryption password of the first digital certificate is obtained from the first digital certificate, the first decryption password corresponds to the first encryption key, and the first identification data is encrypted by the first encryption password.

In the embodiment of the application, the vehicle-mounted terminal firstly needs to analyze the first digital certificate. Digital certificates typically contain the public key of the certificate holder (first decryption password), the validity period of the certificate, information of the issuer of the certificate, and possibly other extended information. In the process of resolving the certificate, the vehicle-mounted terminal can find the part containing the public key. The public key is a key for encrypting communication, and corresponds to a key which is kept by a certificate holder (server side) for decrypting data encrypted by the public key. The extracted public key needs to be verified to ensure that it does belong to the purported holder in the certificate. This typically involves verifying the signature of the certificate, which is made by the issuer of the certificate using its key to the certificate content.

S802, decrypting the first identification data according to the first decryption password to obtain a decrypted first hash value.

In the embodiment of the application, the vehicle-mounted terminal decrypts the first identification data by using the public key extracted from the first digital certificate. This process converts the encrypted data back to the original data, which is the first hash value calculated for the first text information, by the public key. And the vehicle-mounted terminal compares the first hash value obtained through decryption with a second hash value calculated according to the first text information. If the two hash values agree, it is indicated that the first identification data has not been tampered with during transmission and indeed has been sent by the certificate holder.

S803, if the second hash value is the same as the first hash value, the verification result indicates that the first identification data and the first digital certificate are securely verified.

In the embodiment of the application, if the second hash value is the same as the first hash value, the verification result of the vehicle-mounted terminal indicates that the security verification of the first identification data and the first digital certificate is passed. This means that the data remains intact during transmission, is not tampered with, and the identity of the certificate holder is verified. At this point, the subscription function of the user may be authorized.

In the method, the identification data is decrypted by using the public key in the digital certificate, and the vehicle-mounted terminal can verify that the encryption process of the data is completed by a trusted entity, so that the data is not tampered in the transmission process, and the confidentiality and the security of the data are maintained.

Referring to fig. 6, which is a schematic structural diagram of a data security verification method provided by the embodiment of the present application, a plurality of digital certificates corresponding to each of vehicle-mounted functions are preset in a server, and a certificate chain is preset in a vehicle-mounted terminal, as shown in fig. 6, and the steps of performing data security verification using the present application are as follows:

① The user subscribes the vehicle-mounted function;

② The second server (AO) generates license file (first text information) according to the vehicle-mounted subscription information of the user;

③ The second server sends license file to the server to request digital signature and digital certificate (first digital certificate);

④ The server returns the signature data (first identification data) and the digital certificate to the second server;

The server signs (marks) the license file and generates first identification data, and obtains a corresponding first digital certificate according to the license file.

⑤ The second server side sends license files, signature data and digital certificates to the vehicle-mounted terminal;

⑥ And the vehicle-mounted terminal verifies the certificate chain, the custom extension and the signature data according to the preset certificate chain pair.

The method comprises the steps that a first digital certificate and a preset certificate chain of a vehicle-mounted terminal reconstruct an information certificate chain, the vehicle-mounted terminal firstly verifies whether the newly constructed certificate chain is credible, if the newly constructed certificate chain is credible, a custom extension field (first field) contained in the first digital certificate is verified to be correct, and if the first field is verified to be correct, the authenticity of signature data is verified.

⑦ And if the verification is successful, authorizing the subscription information of the user.

In the method, as the digital certificate has invalidation, the timeliness of the digital certificate can be utilized to verify the time of the user function in the verification process of the digital certificate, and the service can be isolated by adding the custom extension field in the first certificate, so that each service type is independently verified, and finally, the data verification of the signature data is carried out. Through the multiple verification modes, the safety of the vehicle-mounted subscription data of the user can be improved.

It should be understood that the sequence number of each step in the foregoing embodiment does not mean that the execution sequence of each process should be determined by the function and the internal logic, and should not limit the implementation process of the embodiment of the present application.

It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional units and modules is illustrated, and in practical application, the above-described functional distribution may be performed by different functional units and modules according to needs, i.e. the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-described functions. The functional units and modules in the embodiment may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit, where the integrated units may be implemented in a form of hardware or a form of a software functional unit. In addition, the specific names of the functional units and modules are only for distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working process of the units and modules in the above system may refer to the corresponding process in the foregoing method embodiment, which is not described herein again.

Fig. 7 is a schematic structural diagram of a terminal device according to an embodiment of the present application. As shown in fig. 7, the terminal device 7 of this embodiment comprises at least one processor 70 (only one is shown in fig. 7), a memory 71 and a computer program 72 stored in the memory 71 and executable on the at least one processor 70, the steps of any of the respective data security verification method embodiments described above being implemented when the computer program 72 is executed by the processor 70.

The terminal device may be a computing device such as a desktop computer, a notebook computer, a palm computer, a first server, and the like. The terminal device may include, but is not limited to, a processor, a memory. It will be appreciated by those skilled in the art that fig. 7 is merely an example of the terminal device 7 and is not limiting of the terminal device 7, and may include more or fewer components than shown, or may combine certain components, or different components, such as may also include input-output devices, network access devices, etc.

The Processor 70 may be a central processing unit (Central Processing Unit, CPU), and the Processor 70 may be any other general purpose Processor, digital signal Processor (DIGITAL SIGNAL Processor, DSP), application SPECIFIC INTEGRATED Circuit (ASIC), off-the-shelf Programmable gate array (Field-Programmable GATE ARRAY, FPGA) or other Programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.

The memory 71 may in some embodiments be an internal storage unit of the terminal device 7, such as a hard disk or a memory of the terminal device 7. The memory 71 may in other embodiments also be an external storage device of the terminal device 7, such as a plug-in hard disk provided on the terminal device 7, a smart memory card (SMART MEDIA CARD, SMC), a Secure Digital (SD) card, a flash memory card (FLASH CARD) or the like. Further, the memory 71 may also include both an internal storage unit of the terminal device 7 and an external storage device. The memory 71 is used to store an operating system, application programs, boot Loader (Boot Loader), data, and other programs and the like, such as program codes of computer programs and the like. The memory 71 may also be used to temporarily store data that has been output or is to be output.

The embodiments of the present application also provide a computer readable storage medium storing a computer program, which when executed by a processor, implements the steps of the above-described method embodiments.

Embodiments of the present application provide a computer program product enabling a terminal device to carry out the steps of the method embodiments described above when the computer program product is run on the terminal device.

The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the present application may implement all or part of the flow of the method of the above-described embodiments, and may be implemented by a computer program to instruct related hardware, and the computer program may be stored in a computer readable storage medium, where the computer program, when executed by a processor, may implement the steps of each of the method embodiments described above. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, executable files or in some intermediate form, etc. The computer readable medium can include at least any entity or device capable of carrying computer program code to an apparatus/terminal device, a recording medium, a computer Memory, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), an electrical carrier signal, a telecommunications signal, and a software distribution medium. Such as a U-disk, removable hard disk, magnetic or optical disk, etc. In some jurisdictions, computer readable media may not be electrical carrier signals and telecommunications signals in accordance with legislation and patent practice.

In the foregoing embodiments, the descriptions of the embodiments are emphasized, and in part, not described or illustrated in any particular embodiment, reference is made to the related descriptions of other embodiments.

Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.

In the embodiments provided in the present application, it should be understood that the disclosed apparatus/terminal device and method may be implemented in other manners. For example, the apparatus/terminal device embodiments described above are merely illustrative, e.g., the division of modules or units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection via interfaces, devices or units, which may be in electrical, mechanical or other forms.

The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

The foregoing embodiments are merely for illustrating the technical solution of the present application, but not for limiting the same, and although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those skilled in the art that the technical solution described in the foregoing embodiments may be modified or substituted for some of the technical features thereof, and that these modifications or substitutions should not depart from the spirit and scope of the technical solution of the embodiments of the present application and should be included in the protection scope of the present application.

Claims

1. A data security verification method is characterized by being applied to a first service end, wherein the first service end is provided with one or more digital certificates, each digital certificate is associated with a vehicle-mounted function, and the method comprises the following steps:

Receiving first text information from a second server, wherein the first text information comprises information of a first vehicle-mounted function to which a user requests to subscribe;

the first text information is identified according to a first digital certificate to obtain first identification data, wherein the first digital certificate is a digital certificate associated with the first vehicle function in a plurality of digital certificates;

and sending first information to the second server, wherein the first information comprises the first identification data and the first digital certificate, and the first information is used for verifying whether a user has permission to subscribe to the first vehicle-mounted function.

2. The method for verifying data security as defined in claim 1, wherein the digital certificate includes a first field, the first field being used for verifying identity information of the second server, and before the first text information is identified according to the first digital certificate to obtain the first identification data, the method further includes:

determining a first type of the first vehicle-mounted function according to the first text information;

and determining that the identity information of the second server indicated by the first field included in the digital certificates is matched with the type of the first vehicle-mounted function as the first digital certificate.

3. The data security verification method according to claim 1 or 2, wherein the identifying the first text information according to the first digital certificate to obtain first identification data includes:

calculating a first hash value corresponding to the first text information;

acquiring a first key pair corresponding to the first digital certificate, wherein the first key pair comprises a first encryption key and a first decryption key;

And encrypting the first hash value according to the first encryption key corresponding to the first digital certificate to obtain the first identification data.

4. A data security verification method as claimed in claim 3, wherein the method further comprises:

Updating the password pair in the first digital certificate to a second key pair, wherein the second key pair comprises a second encryption key and a second decryption password corresponding to the second encryption key.

5. A data security verification method, which is applied to a first device, wherein the first device is provided with a certificate chain, the certificate chain comprises at least two digital certificates, and the method comprises the following steps:

and determining whether the user has permission to subscribe to the first vehicle-mounted function according to the verification result and the first text information.

6. The security verification method according to claim 5, wherein the security verifying the first digital certificate and the first identification data according to the certificate chain, to obtain a verification result, includes:

And if the first verification result indicates that the first field passes verification, verifying the first identification data to acquire the verification result.

7. The security verification method of claim 6, wherein the first digital certificate includes authorization information for the first digital certificate, the trusted verification of the first digital certificate based on the certificate chain comprising;

verifying whether the authorization information of the first digital certificate is matched with the authorization information recorded in a second digital certificate, wherein the second digital certificate is a digital certificate connected with the first digital certificate in the certificate chain;

If the authorization information of the first digital certificate is matched with the authorization information recorded by the second digital certificate, determining that the first digital certificate is trusted;

And if the authorization information of the first digital certificate is matched with the authorization information recorded by the second digital certificate and the term of the first digital certificate is valid, determining that the first digital certificate is trusted.

8. The security verification method of claim 6, wherein verifying the first field corresponding to the first digital certificate results in a first verification result, comprising:

And if the first type information corresponding to the first field in the first digital certificate is the same as the identity information corresponding to the second server, obtaining a first verification result of passing the first field verification.

9. The security verification method of claim 6, wherein said verifying the first identification data to obtain the verification result comprises:

calculating a second hash value corresponding to the first text information;

Acquiring a first decryption password of the first digital certificate from the first digital certificate, wherein the first decryption password corresponds to a first encryption key, and the first identification data is encrypted by adopting the first encryption password;

and if the second hash value is the same as the first hash value, the verification result indicates that the first identification data and the first digital certificate pass the security verification.

10. A computer readable storage medium storing a computer program, characterized in that the computer program when executed by a processor implements the method according to any one of claims 1to 9.