CN114386008A - Information processing method and device, equipment and storage medium - Google Patents
Information processing method and device, equipment and storage medium Download PDFInfo
- Publication number
- CN114386008A CN114386008A CN202111616904.3A CN202111616904A CN114386008A CN 114386008 A CN114386008 A CN 114386008A CN 202111616904 A CN202111616904 A CN 202111616904A CN 114386008 A CN114386008 A CN 114386008A
- Authority
- CN
- China
- Prior art keywords
- resource
- application
- key
- vehicle end
- authorization token
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Traffic Control Systems (AREA)
Abstract
The present disclosure relates to an information processing method, apparatus, device, and storage medium, wherein if the method is applied to a vehicle end, the method comprises: sending a path request of an application to a system layer of the vehicle end through an application layer in the vehicle end; wherein the path request carries a token; determining, at the system layer, whether the token is a pre-stored authorization token; the authorization token is fed back after the server side passes the application authentication; if the token is the authorization token, sending the address of the resource in the vehicle terminal to the application layer through the system layer; and enabling the application to acquire the resource based on the address through the application layer. By the method, the safety of resource access can be improved.
Description
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to an information processing method and apparatus, a device, and a storage medium.
Background
Data security is a key point which is concerned by the current internet industry, and China and the international society make legislation on data security. Such as legislation on user privacy data security. Hardware data, software data, behavior data, personal information data and the like generated when a user uses a mobile device are personal privacy information assets of the user and are information protected by law. The application reads, transmits, stores and uses the personal privacy information of the user, and the information safety is ensured based on the relevant principle, wherein the relevant laws and regulations are required to be complied with.
In the field of car networking technology, data security is also concerned.
Disclosure of Invention
The disclosure provides an information processing method and apparatus, a device, and a storage medium.
According to a first aspect of the embodiments of the present disclosure, there is provided an information processing method applied to a vehicle end, including:
sending a path request of an application to a system layer of the vehicle end through an application layer in the vehicle end; wherein the path request carries a token;
determining, at the system layer, whether the token is a pre-stored authorization token; the authorization token is fed back after the server side passes the application authentication;
if the token is the authorization token, sending the address of the resource in the vehicle terminal to the application layer through the system layer;
and enabling the application to acquire the resource based on the address through the application layer.
In some embodiments, the resource pointed to by the address is a resource encrypted with a first key;
the causing, by the application layer, the application to acquire the resource based on the address includes:
acquiring the encrypted resource based on the address through the application layer;
and decrypting the encrypted resource by using a second key matched with the first key through the application layer to ensure that the application obtains the decrypted resource.
In some embodiments, the first key and the second key are the same, and the authorization token is obtained by encrypting the first key by the server according to a third key negotiated with the application;
the method further comprises the following steps:
and decrypting the authorization token by using a fourth key negotiated by the application and the server through the application layer to obtain the second key.
In some embodiments, the first key and the second key have a mapping relationship with the resource.
In some embodiments, the authorization token is accompanied by age information;
the determining, at the system layer, whether the token is a pre-stored authorization token includes:
determining, at the system layer, whether the content of the token is consistent with the content of the authorization token and whether the age of the token is consistent with age information of the authorization token.
In some embodiments, the method further comprises:
sending an access right request of the application to the resource to the server; the access permission request carries account information of the application;
receiving the authorization token fed back by the server after the account information authentication is passed;
storing the authorization token at the application layer and the system layer.
In some embodiments, the method further comprises:
and receiving the resources sent by the server side through the system layer, and storing the resources in the vehicle side according to a preset address.
In some embodiments, the resource sent by the server is accompanied by age information, and the method further includes:
determining whether the resource is in a time efficiency range or not according to a preset time interval through the system layer;
and if the resource is not in the time efficiency range, requesting the server side to update the resource through the system layer.
According to a second aspect of the embodiments of the present disclosure, there is provided an information processing method, applied to a server, including:
receiving an access authority request of an application to a resource, which is sent by a vehicle end; the access permission request carries account information of the application;
authenticating the application according to the account information of the application, and generating an authorization token after the authentication is passed;
sending the authorization token to the vehicle end; the authorization token is used for being stored in the vehicle end, and enables the application in the vehicle end to obtain the resources stored in the vehicle end from a system layer in the vehicle end.
In some embodiments, the resource stored in the vehicle end is a resource encrypted with a first key; a second key of the resource is the same as the first key, and the second key is a decryption key;
the sending of the authorization token to the vehicle terminal according to the access right request comprises:
acquiring the first key according to the access authority request;
encrypting the first key by using a third key negotiated with the application in the vehicle end to obtain the authorization token;
and sending the authorization token to the vehicle end.
In some embodiments, the access permission request carries an identifier of the resource;
the obtaining the first key according to the access right request includes:
and acquiring the first key corresponding to the identifier of the resource according to the access authority request.
In some embodiments, the first key is account information of the application.
In some embodiments, the method further comprises:
and before receiving the access authority request sent by the vehicle end, encrypting the resource by using the first secret key, attaching aging information, and sending the resource to the vehicle end.
In some embodiments, the method further comprises:
receiving a resource updating request sent by the vehicle end after the resource is determined to be over;
and sending the encrypted resources after updating the time effectiveness to the vehicle terminal according to the resource updating request.
According to a third aspect of the embodiments of the present disclosure, there is provided an information processing apparatus applied in a vehicle end, the apparatus including:
the first sending module is configured to send a path request of an application to a resource to a system layer of the vehicle end through an application layer in the vehicle end; wherein the path request carries a token;
a first determining module configured to determine, at the system layer, whether the token is a pre-stored authorization token; the authorization token is fed back after the server side passes the application authentication;
a second sending module, configured to send, to the application layer through the system layer, an address of the resource in the vehicle end if the token is the authorization token;
an obtaining module configured to cause the application to obtain the resource based on the address through the application layer.
In some embodiments, the resource pointed to by the address is a resource encrypted with a first key;
the obtaining module is further configured to obtain, by the application layer, the encrypted resource based on the address; and decrypting the encrypted resource by using a second key matched with the first key through the application layer to ensure that the application obtains the decrypted resource.
In some embodiments, the first key and the second key are the same, and the authorization token is obtained by encrypting the first key by the server according to a third key negotiated with the application;
the device further comprises:
and the decryption module is configured to decrypt the authorization token by using a fourth key negotiated by the application and the server through the application layer to obtain the second key.
In some embodiments, the first key and the second key have a mapping relationship with the resource.
In some embodiments, the authorization token is accompanied by age information;
the first determining module is further configured to determine, at the system layer, whether the content of the token is consistent with the content of the authorization token and whether the age of the token is consistent with age information of the authorization token.
In some embodiments, the apparatus further comprises:
a third sending module configured to send an access right request of the application to the resource to the server; the access permission request carries account information of the application;
the first receiving module is configured to receive the authorization token fed back by the server after the account information is authenticated;
a saving module configured to save the authorization token at the application layer and the system layer.
In some embodiments, the apparatus further comprises:
and the second receiving module receives the resources sent by the server through the system layer and stores the resources in the vehicle terminal according to a preset address.
In some embodiments, the resource sent by the server is accompanied by age information, and the apparatus further includes:
a second determining module configured to determine, by the system layer, whether the resource is within a time efficiency range at preset time intervals;
and the request module is configured to request the server side to update the resource through the system layer if the resource is not in the time efficiency range.
According to a fourth aspect of the embodiments of the present disclosure, there is provided an information processing apparatus, which is applied to a server, the apparatus including:
the third receiving module is configured to receive an access authority request of the application to the resource, which is sent by the vehicle end; the access permission request carries account information of the application;
the generation module is configured to authenticate the application according to the account information of the application and generate an authorization token after the authentication is passed;
a fourth transmitting module configured to transmit the authorization token to the vehicle end; the authorization token is used for being stored in the vehicle end and used for enabling the application in the vehicle end to obtain the resources stored in the vehicle end from the system layer in the vehicle end.
In some embodiments, the resource stored in the vehicle end is a resource encrypted with a first key; a second key of the resource is the same as the first key, and the second key is a decryption key;
the fourth sending module is further configured to obtain the first key according to the access permission request; encrypting the first key by using a third key negotiated with the application in the vehicle end to obtain the authorization token; and sending the authorization token to the vehicle end.
In some embodiments, the access permission request carries an identifier of the resource;
the fourth sending module is further configured to obtain the first key corresponding to the identifier of the resource according to the access permission request.
In some embodiments, the first key is account information of the application.
In some embodiments, the apparatus further comprises:
and a fifth sending module, configured to encrypt the resource with the first key before receiving the access right request sent by the vehicle end, attach aging information, and send the encrypted resource to the vehicle end.
In some embodiments, the apparatus further comprises:
a fourth receiving module, configured to receive a resource update request sent by the vehicle end after determining that the resource is over;
and the sixth sending module is configured to send the encrypted resources after the time-effect updating to the vehicle end according to the resource updating request.
According to a fifth aspect of embodiments of the present disclosure, there is provided an apparatus comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to perform the information processing method according to the first or second aspect.
According to a sixth aspect of embodiments of the present disclosure, there is provided a storage medium comprising:
instructions in the storage medium, when executed by a processor at a vehicle end, enable the vehicle end to perform the information processing method as described in the first aspect above; alternatively, the instructions in the storage medium, when executed by a processor of a server, enable the server to perform the information processing method as described in the second aspect above.
The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects:
in the embodiment of the disclosure, because the third-party application in the vehicle end is from the third-party developer, if the resource is directly exposed to the third-party application, privacy disclosure may be caused, so that the application layer of the vehicle end requests the resource from the system layer according to the token, and only when the system layer determines that the token is the authorization token fed back after the service end authenticates the application, the permission of obtaining the resource is given to the application layer, and the security of resource access can be improved. In addition, because the authorization token is stored in the vehicle end, when the application needs to use the resource, the path request can be sent to the system layer through the application layer without authentication with the server every time, and the resource is stored in the vehicle end and does not need to be requested to the server every time, so that the access authority of the application to the resource is controlled, the stability of resource acquisition is improved, and the instruction interaction is reduced.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
Fig. 1 is a flowchart of an information processing method according to an embodiment of the present disclosure.
Fig. 2 is an architecture diagram of the vehicle-mounted central control system.
Fig. 3 is a flowchart of an information processing method according to an embodiment of the present disclosure.
Fig. 4 is an interaction diagram of an information processing method in an embodiment of the present disclosure.
Fig. 5 is an interaction example diagram of an information processing method in an embodiment of the present disclosure.
Fig. 6 is a diagram of an information processing apparatus in the first embodiment of the present disclosure.
Fig. 7 is a diagram of a second information processing apparatus according to an embodiment of the present disclosure.
Fig. 8 is a block diagram of an end of a vehicle shown in an embodiment of the present disclosure.
Fig. 9 is a block diagram of a server shown in an embodiment of the present disclosure.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.
Fig. 1 is a flowchart of a first information processing method shown in an embodiment of the present disclosure, which is applied to a vehicle end, and as shown in fig. 1, the information processing method applied to the vehicle end includes the following steps:
s11, sending a path request of an application to a resource to a system layer of the vehicle end through an application layer in the vehicle end; wherein the path request carries a token;
s12, determining whether the token is a pre-stored authorization token or not at the system layer; the authorization token is fed back after the server side passes the application authentication;
s13, if the token is the authorization token, sending the address of the resource in the vehicle terminal to the application layer through the system layer;
and S14, enabling the application to acquire the resource based on the address through the application layer.
In the embodiment of the present disclosure, the vehicle end refers to a vehicle-mounted terminal installed in a vehicle, and an Application (APP) is installed on the vehicle end, for example, a phone Application, an intelligent connection Application, a navigation Application, a video playing Application, or a voice assistant Application. The application in the vehicle end is basically realized based on vehicle-mounted central control, with the advance of technology, particularly the development of the internet, the vehicle end application of the current vehicle networking system is closely connected with the internet, the vehicle end can carry out wireless communication with the service end, and the service end can support the operation of the application in the vehicle end. In embodiments of the present disclosure, the server is also referred to as an authorization server.
And the vehicle-mounted central control is a bridge for interaction between a driver and a vehicle. The driver can conveniently and quickly inquire, set and switch various information of the vehicle system based on the vehicle-mounted central control, and the driving safety is ensured while the driving pleasure is enhanced. Fig. 2 is a schematic diagram of an on-board central control system, which includes a hardware layer, a system layer, and an application layer, as shown in fig. 2. The hardware layer shows devices such as a display screen and a sensor, for example, a temperature sensor and the like, which are used for sensing the temperature in the vehicle; the display screen is used for displaying an application interface or information related to vehicle running so as to facilitate man-machine interaction. The system layer comprises a system program, the system program is an interface between a user and vehicle-mounted hardware and is also an interface between the vehicle-mounted hardware and upper application, and the functions of the system program comprise managing hardware, software and data resources of the vehicle-mounted machine system, controlling program operation, improving a human-computer interface, providing support for the upper application and the like. The data resources managed by the system layer, which may also be referred to as "resource servers" in the embodiments of the present disclosure, include resources sent by the server to the vehicle end, which may be dynamically updated by the server, and may also include resources directly stored in the vehicle end. The application layer comprises various applications such as navigation, intelligent voice and the like so as to provide intelligent services for the driver. In an embodiment of the present disclosure, the application layer and the system layer in the vehicle end are as shown in fig. 2 above.
In step S11, the vehicle end sends a path request of the application to the resource to the system layer of the vehicle end through the application layer, for example, the application is a third-party voice assistant application, and the requested resource is, for example, an algorithm model of voice processing, and when the voice assistant responds to the voice command of the user, the voice assistant needs to determine the content of the voice command by using the algorithm model to give a corresponding response. As another example, the application is a third party navigation application that requests a resource such as a location-related profile or the like. The normal operation of the application in the vehicle end needs to acquire the corresponding resource first.
It should be noted that, in the embodiment of the present disclosure, the resource may be a resource stored in the vehicle terminal itself, or a resource sent by the server, which is not limited to this embodiment of the present disclosure. If the resource is the resource sent by the server, the reason why the server sends the resource to the vehicle end for storage is that the connection signal between the vehicle end and the server is unstable due to the change of the geographic position (tunnel, garage, bridge, etc.) during the driving process of the vehicle, so that the stability of the application in the vehicle end for acquiring the resource can be improved by sending the resource to the vehicle end in advance.
As previously described, the system layer manages data resources and the path of the resources is stored in the system layer. In this regard, the present disclosure may request a path of resources required by an application from a system layer through an application layer.
In this embodiment, the path request received by the system layer includes a Token, for example, the Token is Token. The more popular interpretation of tokens may be referred to as a combination, which is checked prior to some data transmission to determine the right to use the data.
In step S12, the vehicle end determines whether the token is a pre-stored authorization token in the system layer, and after determining that the token is an authorization token in step S13, sends the address of the resource in the vehicle end to the application layer through the system layer. When determining whether the token is a pre-stored authorization token, the system layer at least needs to determine whether the content of the token is consistent with the content of the authorization token.
It should be noted that the authorization token is fed back to the vehicle end after the application authentication is passed by the server side, and both the application layer and the system layer of the vehicle end need to store the authorization token. Therefore, when the application needs to use the resource, the path request carrying the token can be sent to the system layer through the application layer, so that the system layer can authenticate the token.
The authentication of the application by the server may be based on a client credential mode in the OAuth 2.0 protocol, for example, in which the client (i.e., the application) sends an access right request to the server on its own name, rather than on the user's name, and the server may send an authorization token after receiving the access right request. It should be noted that, in the embodiment of the present disclosure, the client (application) may be backed up in the system layer in advance, and the system layer may issue account information for the client, including, for example, an identifier (client _ id) of the application and a password (client _ secret) of the application.
The application in the vehicle terminal can request an authorization token from the server terminal based on the account information issued by the system layer. For example, the vehicle end can send an access permission request of the application to the resource to the server end, the access permission request carries account information of the application, and the server end issues an authorization token for the application after confirming that the account information of the application is consistent with the account information stored in the server end.
In addition, in the embodiment of the present disclosure, the path request may also carry an identifier of the resource. The resource identifier is used to identify different resources, for example, a "0" is used to identify a speech algorithm model resource, a "1" is used to identify a navigation configuration file, and the like. After determining that the token is a pre-stored authorization token, the system layer may send, to the application layer, an address in the vehicle end where the resource is located, based on the identifier of the resource carried in the path request. It can be understood that, by carrying the identifier of the resource, when different resources are stored at different locations, it is also convenient for the system layer to determine the location of the resource according to the identifier of the resource.
In the embodiment of the present disclosure, the path request may also carry account information of the application, so that the system layer determines whether the application performs backup according to the account information. In this embodiment, the system layer may determine whether the token is valid after determining that the application has backed up.
In step S14, after obtaining the address of the vehicle end where the resource is located, the application layer may obtain the resource for the application requesting the resource to use.
It should be noted that, in the embodiment of the present disclosure, the operation performed by the application layer is also an operation performed by the application requesting the resource. In the following description, the present disclosure directly uses the application instead of the application layer.
It can be understood that, in the embodiment of the present disclosure, since the third-party application in the vehicle end is from the third-party developer, if the resource is directly exposed to the third-party application, privacy may be leaked, so that the application layer in the vehicle end of the present disclosure requests the resource from the system layer according to the token, and only when the system layer determines that the token is the authorization token fed back after the service end authenticates the application, the permission of obtaining the resource is given to the application layer, and the security of resource access can be improved. In addition, because the authorization token is stored in the vehicle end, when the application needs to use the resource, the path request can be sent to the system layer through the application layer without authentication with the server every time, and the resource is stored in the vehicle end and does not need to be requested to the server every time, so that the access authority of the application to the resource is controlled, and the stability of resource acquisition is improved.
In one embodiment, the resource pointed to by the address is a resource encrypted by a first key; step S14 includes:
acquiring the encrypted resource based on the address through the application layer;
decrypting the encrypted resource by the application layer by using a second key matched with the first key to enable the application to obtain the decrypted resource; the first key and the second key are obtained by negotiation between the server side and the vehicle side.
In this embodiment, the resource is a resource encrypted by using the first key, for example, the resource may be encrypted by the service end and then sent to the vehicle end, and of course, the vehicle end may also encrypt the unencrypted resource sent by the service end itself.
It should be noted that the first key for encryption and the second key for decryption may be negotiated between the service end and the system layer in the vehicle end. For example, if the server sends the encrypted resource, the server side and the vehicle side negotiate a first key and a second key, so that one end is encrypted and the other end is decrypted, and the security of the resource can be improved. In addition, the first key for encryption and the second key for decryption can also be determined for a system layer in the vehicle end, on one hand, the security of the first key and the security of the second key can be improved without passing through a server, and therefore the security of resources is improved; on the other hand, the resources are encrypted in the vehicle end, and the stored resources can not be used even if the vehicle end is stolen due to networking, so that the safety of the resources can be improved.
In the disclosure, no matter whether the first key and the second key are determined by the vehicle end or determined by negotiation between the vehicle end and the server end, the system layer can send the key for decryption to the application after determining that the token is the authorization token, so that the application can obtain the decrypted resource by using the second key.
In this embodiment, the first key and the second key may be keys obtained based on an asymmetric cryptographic algorithm, when the first key and the second key are different; of course, the first key and the second key may also be keys obtained based on a symmetric encryption algorithm, in which case the first key and the second key are the same. Wherein, the asymmetric encryption algorithm is, for example, RSA encryption algorithm, ElGamal encryption algorithm, etc.; the symmetric encryption algorithm is, for example, a DES, DESede, IDEA, or PBE encryption algorithm, and the like, and the embodiments of the present disclosure are not limited thereto.
It can be understood that in the embodiment of the present disclosure, by encrypting the resource, the security or privacy of the resource can be improved while controlling the access role of the resource (i.e. controlling the access authority of the application).
It should be noted that, in the embodiment of the present disclosure, all resources stored in the vehicle end may correspond to the same key (including the first key and the second key), and certainly, one resource may also correspond to one key, which is not limited to this embodiment of the present disclosure.
In some embodiments, the first key and the second key are the same, and the authorization token is obtained by encrypting the first key by the server according to a third key negotiated with the application;
the method further comprises the following steps:
and decrypting the authorization token by using a fourth key negotiated by the application and the server through the application layer to obtain the second key.
In this embodiment, since the first key and the second key are the same, and the authorization token is obtained by the server encrypting the first key of the resource according to the third key negotiated with the application, after determining that the token carried in the path request is the authorization token, the system layer at the vehicle end applies the first key, that is, the second key, obtained by decrypting the authorization token with the fourth key to the authorization token, so that the application can decrypt the resource with the decrypted second key to obtain the decrypted resource.
In this embodiment, the first key and the second key may be account information of the application, and for example, the first key and the second key are passwords of the application.
In this embodiment, the third key and the fourth key may also be keys obtained based on an asymmetric encryption algorithm or a symmetric encryption algorithm, which is not limited herein.
In the related art, the resources are encrypted, and the corresponding decryption keys are usually stored in the server and are frequently changed, so that the vehicle end needs to apply the decryption keys to the server every time the vehicle end is used, and then the resources are accessed by using the decryption keys. In this way, after the resources are encrypted, each access will be requested by the server, and due to the mobile characteristics of the car machine, the car machine is likely to be in a situation (such as a tunnel, a garage, a bridge, etc.) where the network is not good, and thus the access to the resources is likely to fail.
In the embodiment, the encryption of the resource and the generation of the authorization token are combined, and the authorization token is fed back to the vehicle end by the service end according to the access authority request of the application and is stored in the vehicle end, so that the application in the vehicle end decrypts the authorization token by using the fourth key to obtain the decryption key (the second key) of the resource and further obtain the decrypted resource, the decryption key of the resource does not need to be requested from the service end, the number of times of accessing the service end by the vehicle end is reduced, and the security can be further improved.
In one embodiment, the first key and the second key have a mapping relationship with the resource.
In this embodiment, the first key and the second key have a mapping relationship with the resource, that is, one resource corresponds to one key, and by this way, the confidentiality of the resource can be improved.
In addition, since the authorization token can be obtained based on the first key, the first key and the resource have a mapping relationship, which is also equal to the fact that the authorization token and the resource have a mapping relationship.
In one embodiment, the authorization token is accompanied by age information;
the determining, at the system layer, whether the token is a pre-stored authorization token includes:
determining, at the system layer, whether the content of the token is consistent with the content of the authorization token and whether the age of the token is consistent with age information of the authorization token.
In this embodiment, the authorization token is also accompanied by aging information, so the system layer needs to compare not only the token content but also the aging when determining whether the token is an authorization token. By setting the time efficiency, the access safety can be further improved.
In one embodiment, the method further comprises:
sending an access right request of the application to the resource to the server; the access permission request carries account information of the application;
receiving the authorization token fed back by the server after the account information authentication is passed;
storing the authorization token at the application layer and the system layer.
In the embodiment of the disclosure, when the application needs to use resources for the first time, the access permission request may be sent to the server side through the vehicle side, and the server side may directly send the authorization token to the vehicle side based on the client credential mode in the OAuth 2.0 protocol. In the mode, the vehicle terminal can send an access authority request carrying account information of the application to the server terminal, so that the server terminal can authenticate the application according to the account information and send an authorization token. After the vehicle end receives the authorization token, the authorization token can be stored in a system layer and an application layer, and subsequent applications can conveniently request a resource path from the system layer according to the stored token. As previously described, the authorization token of this feedback may be appended with age information. In this embodiment, for example, the access right request may be directly sent to the server side through the application in the vehicle side, and the application receives the fed-back authorization token. The application may send the authorization token to the system layer for storage after receiving the authorization token.
In an embodiment, the access permission request may further carry an identifier of a resource, and after obtaining the access permission request carrying the identifier of the resource, the server may obtain a first key corresponding to the identifier of the resource and encrypt the first key to obtain an authorization token, that is, the authorization token obtained by the vehicle end is obtained after the server encrypts the first key according to a third key negotiated with the application, and details are not repeated here.
It should be noted that, in the embodiment of the present disclosure, if the system layer determines that the token is not the authorization token after the application layer sends the path request to the system layer, the vehicle end may send the access right obtaining request to the server end again to obtain the authorization credential (i.e., the authorization token) from the server end. It should be noted that the system layer determining that the token is not the authorization token may be that the content of the token is inconsistent with the content of the authorization token and/or that the age of the token is inconsistent with the age of the authorization token.
In one embodiment, the method further comprises:
and receiving the resources sent by the server side through the system layer, and storing the resources in the vehicle side according to a preset address.
In the embodiment of the disclosure, the resource may be sent to the vehicle end by the service end, and the system layer of the vehicle end stores the resource according to a predetermined address.
In one embodiment, the resource sent by the server is accompanied by aging information, and the method further includes:
determining whether the resource is in a time efficiency range or not according to a preset time interval through the system layer;
and if the resource is not in the time efficiency range, requesting the server side to update the resource through the system layer.
In this embodiment, the resource sent by the server is also accompanied by aging information, in which the resource can be normally used, and if the resource is expired (i.e. not in the aging range), the resource cannot be normally used. Therefore, the system layer needs to periodically determine whether the resource is still in the time period, and if not, the system layer requests the server end to update the resource.
Illustratively, the aging of the resource sent by the server is 1/2021 to 12/31/2021, and the current time determined by the system layer at the vehicle end is 1/3/2022, the system layer determines that the resource is not in the aging range and requests the server to update the resource. For example, the server can reset the time efficiency of the resource according to the request and send the time efficiency to the vehicle end.
It can be understood that, in the embodiment of the present disclosure, the resource is accompanied by the aging, and the system layer in the vehicle end periodically checks whether the resource is in the valid period, so that the resource stored in the vehicle end is as latest as possible, and the accuracy of using the resource by the application can be improved.
Fig. 3 is a flowchart of an information processing method shown in the embodiment of the present disclosure, which is applied to a server, and as shown in fig. 3, the information processing method applied to the server includes the following steps:
s21, receiving an access authority request of the application to the resource, which is sent by the vehicle end; the access permission request carries account information of the application;
s22, authenticating the application according to the account information of the application, and generating an authorization token after the authentication is passed;
s23, sending an authorization token to the vehicle end; the authorization token is used for being stored in the vehicle end and used for enabling the application in the vehicle end to obtain the resources stored in the vehicle end from the system layer in the vehicle end.
In step S21, the server receives the request of the application on the access right to the resource sent by the vehicle end, where the request may be sent when the application in the vehicle end needs to use the resource for the first time, or the request may be sent again by the vehicle end after determining that the authorization token is invalid, for example, after exceeding the time limit, which is not limited in the embodiment of the present disclosure.
The access permission request carries account information of the application, and the account information is issued by the system layer to the client when the client (application) backs up in the system layer in advance.
In step S22, the server authenticates the application according to the account information of the application, for example, confirms whether the account information of the application matches the stored account information, generates an authorization token if the account information of the application matches the stored account information, and sends the authorization token to the vehicle end in step S23.
In this embodiment, the authorization token is used for the application in the vehicle end to acquire the resource from the system layer in the vehicle end, so that the third-party application in the vehicle end does not use any resource, and by this way, the security of resource access can be improved. In addition, the vehicle end can be stored after obtaining the authorization token, when the application needs to use the resource, the application can apply to a system layer in the vehicle end based on the authorization token without authentication with the server end every time, and the resource is stored in the vehicle end and does not need to be requested to the server end every time, so that the access authority of the application to the resource is controlled, the stability of resource obtaining is improved, and the instruction interaction is reduced.
In one embodiment, the resource stored in the vehicle end is a resource encrypted by using a first key, a second key of the resource is the same as the first key, and the second key is a decryption key;
the sending of the authorization token to the vehicle terminal according to the access right request comprises:
acquiring the first key according to the access authority request;
encrypting the first key by using a third key negotiated with the application in the vehicle end to obtain the authorization token;
and sending the authorization token to the vehicle end.
In this embodiment, the resource stored in the vehicle end is a resource encrypted by using the first key, and when the server end sends the authorization token according to the access right request, the generation of the authorization token is combined with the encryption of the resource, and because the authorization token is generated by encrypting the first key of the resource and the encryption key (the first key) of the resource is the same as the decryption key of the resource, the first key, that is, the second key, can be obtained after the application in the vehicle end decrypts the authorization token by using the fourth key negotiated with the server end, so that the application in the vehicle end can decrypt the resource by using the decrypted second key to obtain the decrypted resource.
It can be understood that the server combines the encryption of the resource with the generation of the authorization token, and the authorization token is fed back to the vehicle end by the server according to the access right request of the application and is stored in the vehicle end, so that the application in the vehicle end decrypts the authorization token by using the fourth key to obtain the decryption key (the second key) of the resource and further obtain the decrypted resource, and does not need to request the decryption key of the resource from the server, thereby reducing the number of times of accessing the server by the vehicle end, and further improving the security.
In one embodiment, the access permission request carries an identifier of the resource;
the obtaining the first key according to the access right request includes:
and acquiring the first key corresponding to the identifier of the resource according to the access authority request.
In this embodiment, the access permission request carries the identifier of the resource, and the server obtains the corresponding first key according to the identifier of the resource, that is, each resource is allocated with a different key, so that the confidentiality of the resource can be improved. In addition, since the authorization token is generated according to the first key, the authorization token also has a mapping relationship with the resource, that is, the server feeds back different authorization tokens according to the identifier of the resource, and the security of the application for accessing the resource can be improved by the method.
In one embodiment, the first key is account information of the application.
In this embodiment, the first key and the second key may be account information of the application, and for example, the first key and the second key are passwords of the application.
In the embodiment of the disclosure, the account information of the application carried in the access right request can be used for the application in the vehicle terminal to obtain the certificate of the authorization token, and can also be used as an encryption key and a decryption key.
In one embodiment, the method further comprises:
and before receiving the access authority request sent by the vehicle end, encrypting the resource by using the first secret key, attaching aging information, and sending the resource to the vehicle end.
In the embodiment of the disclosure, the resource can be encrypted by the server side by using the first key, and the time-effect information is attached to the resource and sent to the vehicle side, so that the confidentiality of the resource can be improved. In addition, due to the fact that the resources are added with time effect, the use of the applications in the automobile end can be limited, and the safety of the resources is improved.
After the encrypted resource with the aging information is transmitted to the vehicle end, the system layer of the vehicle end stores the resource in the vehicle end according to a predetermined address.
In one embodiment, the method further comprises:
receiving a resource updating request sent by the vehicle terminal after determining that the resource is not in the time efficiency range;
and sending the encrypted resources after updating the time effectiveness to the vehicle terminal according to the resource updating request.
In this embodiment, a system layer in the vehicle end periodically checks whether the resource is in the time efficiency range, and if the resource is not in the time efficiency range, the system layer sends a resource update request to the server end, and after receiving the resource update request, the server end can send the encrypted resource after updating the time efficiency to the vehicle end.
It can be understood that the service end updates the resources to the vehicle end according to the resource update request of the vehicle end, so that the resources stored in the vehicle end are as latest as possible, and the accuracy of the application of the resources can be improved.
Fig. 4 is an interactive diagram of an information processing method in an embodiment of the present disclosure, and as shown in fig. 4, the information processing method applied to a vehicle end and a server end includes the following steps:
s31, receiving an access authority request of the application to the resource, which is sent by the vehicle end; the access permission request carries account information of the application;
s32, authenticating the application according to the account information of the application, and generating an authorization token after the authentication is passed;
s33, sending the authorization token to the vehicle end;
s34, storing the authorization token by the vehicle end;
s35, sending a path request of an application to a resource to a system layer of the vehicle end through an application layer in the vehicle end; wherein the path request carries a token;
s36, the vehicle terminal determines whether the token is a pre-stored authorization token in the system layer;
s37, if the token is the authorization token, sending the address of the resource in the vehicle terminal to the application layer through the system layer;
and S38, enabling the application to acquire the resource through the application layer by the vehicle terminal based on the address.
It should be noted that, in this embodiment, steps S31 to S34 are not executed each time the application uses the resource. The steps of S31-S34 may be performed when the application on the vehicle end needs to use the resource for the first time, or after determining that the authorization token is invalid, for example, after exceeding a time limit.
It can be understood that, in the embodiment of the present disclosure, the vehicle end enables the application to obtain the authorization token and store the authorization token based on the access right request, so that when the subsequent application needs to use the resource, the application layer can request the system layer according to the authorization token, and the security of resource access can be improved. In addition, because the authorization token is stored in the vehicle end, when the application needs to use the resource, the path request can be sent to the system layer through the application layer without authentication with the server every time, and the resource is stored in the vehicle end and does not need to be requested to the server every time, so that the access authority of the application to the resource is controlled, the stability of resource acquisition is improved, and the instruction interaction is reduced.
Fig. 5 is an interaction example diagram of an information processing method in an embodiment of the present disclosure, and an authorization server, i.e., a server in fig. 5 is the same as the server in the present disclosure. The system program and the third-party side application belong to a vehicle end, and the system program, namely a system layer of the vehicle end, can manage resources and is also called as a resource server; the third party side application is an application located at the application layer in the present disclosure, i.e., the requesting client. The requesting client may obtain an authorization token for accessing the resource from the authorization server based on OAuth 2.0 protocol. The authorization server can be a role stated in an OAuth 2.0 protocol, and is responsible for controlling the authority requested by the client and issuing an authorization token. The requesting client can also be a role declared in the OAuth 2.0 protocol, an authority request initiator and a resource demand party. The resource server may be a declared role in the OAuth 2.0 protocol, and is responsible for managing the path of the resource, checking the validity of the token, and finding the path of the specific resource.
As can be seen from fig. 5, the information processing method includes two processes, wherein the process identified in steps 1.1-1.4 is a process of managing resources by the system layer in the server side and the vehicle side; the processes of the steps 2.1-2.7 are processes of requesting an authorization token from the server by the application positioned in the application layer, requesting resources from the system layer based on the authorization token and acquiring the decrypted resources, wherein in the steps, the processes of the steps 2.1-2.2 are not required to be applied to the server when the resources are used every time. The operations performed by the steps in the two processes are described in fig. 1 to 4, and will not be described in detail here.
Fig. 6 is a diagram of an information processing apparatus in the first embodiment of the present disclosure. With reference to fig. 6, applied in the end of a vehicle, said device comprises:
a first sending module 101, configured to send a path request of an application for a resource to a system layer of the vehicle end through an application layer of the vehicle end; wherein the path request carries a token;
a first determining module 102 configured to determine, at the system layer, whether the token is a pre-stored authorization token; the authorization token is fed back after the server side passes the application authentication;
a second sending module 103, configured to send, by the system layer to the application layer, an address of the resource in the vehicle end if the token is the authorization token;
an obtaining module 104 configured to cause, by the application layer, the application to obtain the resource based on the address.
In some embodiments, the resource pointed to by the address is a resource encrypted with a first key;
the obtaining module 104 is further configured to obtain, by the application layer, the encrypted resource based on the address; and decrypting the encrypted resource by using a second key matched with the first key through the application layer to ensure that the application obtains the decrypted resource.
In some embodiments, the first key and the second key are the same, and the authorization token is obtained by encrypting the first key by the server according to a third key negotiated with the application;
the device further comprises:
a decryption module 105, configured to decrypt, by the application layer, the authorization token with a fourth key negotiated between the application and the server, so as to obtain the second key.
In some embodiments, the first key and the second key have a mapping relationship with the resource.
In some embodiments, the authorization token is accompanied by age information;
the first determining module 102 is further configured to determine, at the system level, whether the content of the token is consistent with the content of the authorization token and whether the age of the token is consistent with the age information of the authorization token.
In some embodiments, the apparatus further comprises:
a third sending module 106, configured to send, to the server, an access right request of the application to the resource; the access permission request carries account information of the application;
a first receiving module 107, configured to receive the authorization token fed back by the server after the account information authentication is passed;
a saving module 108 configured to save the authorization token at the application layer and the system layer.
In some embodiments, the apparatus further comprises:
the second receiving module 109 receives the resource sent by the server through the system layer, and stores the resource in the vehicle end according to a predetermined address.
In some embodiments, the resource sent by the server is accompanied by age information, and the apparatus further includes:
a second determining module 110 configured to determine, by the system layer, whether the resource is within a time efficiency range at preset time intervals;
the request module 111 is configured to request the server to update the resource through the system layer if the resource is not in the aging range.
Fig. 7 is a diagram of a second information processing apparatus according to an embodiment of the present disclosure. Referring to fig. 7, the apparatus is applied to a server, and includes:
a third receiving module 201, configured to receive an access right request of an application to a resource, which is sent by a vehicle end; the access permission request carries account information of the application;
the generating module 202 is configured to authenticate the application according to the account information of the application, and generate an authorization token after the authentication is passed;
a fourth sending module 203 configured to send the authorization token to the vehicle end; the authorization token is used for being stored in the vehicle end and used for enabling the application in the vehicle end to obtain the resources stored in the vehicle end from the system layer in the vehicle end.
In some embodiments, the resource stored in the vehicle end is a resource encrypted with a first key; a second key of the resource is the same as the first key, and the second key is a decryption key;
the fourth sending module 203 is further configured to obtain the first key according to the access right request; encrypting the first key by using a third key negotiated with the application in the vehicle end to obtain the authorization token; and sending the authorization token to the vehicle end.
In some embodiments, the access permission request carries an identifier of the resource;
the fourth sending module 203 is further configured to obtain the first key corresponding to the identifier of the resource according to the access right request.
In some embodiments, the first key is account information of the application.
In some embodiments, the apparatus further comprises:
a fifth sending module 204, configured to encrypt the resource with the first key before receiving the access right request sent by the vehicle end, and send the resource with the time-based information to the vehicle end.
In some embodiments, the apparatus further comprises:
a fourth receiving module 205, configured to receive a resource updating request sent by the vehicle end after determining that the resource is over;
a sixth sending module 206, configured to send the updated encrypted resource to the vehicle end according to the resource update request.
With regard to the apparatus in the embodiments shown in fig. 6 and 7, the specific manner in which the respective modules perform operations has been described in detail in the embodiment related to the method, and will not be elaborated upon here.
Fig. 8 is a block diagram illustrating an end device 800 for a vehicle according to an exemplary embodiment. Referring to fig. 8, the apparatus 800 may include one or more of the following components: processing component 802, memory 804, power component 806, multimedia component 808, audio component 810, input/output (I/O) interface 812, sensor component 814, and communication component 816.
The processing component 802 generally controls overall operation of the device 800, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing components 802 may include one or more processors 820 to execute instructions to perform all or a portion of the steps of the methods described above. Further, the processing component 802 can include one or more modules that facilitate interaction between the processing component 802 and other components. For example, the processing component 802 can include a multimedia module to facilitate interaction between the multimedia component 808 and the processing component 802.
The memory 804 is configured to store various types of data to support operation at the device 800. Examples of such data include instructions for any application or method operating on device 800, contact data, phonebook data, messages, pictures, videos, and so forth. The memory 804 may be implemented by any type or combination of volatile or non-volatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.
The multimedia component 808 includes a screen that provides an output interface between the device 800 and a user. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 808 includes a front facing camera and/or a rear facing camera. The front-facing camera and/or the rear-facing camera may receive external multimedia data when the device 800 is in an operating mode, such as a shooting mode or a video mode. Each front camera and rear camera may be a fixed optical lens system or have a focal length and optical zoom capability.
The audio component 810 is configured to output and/or input audio signals. For example, the audio component 810 includes a Microphone (MIC) configured to receive external audio signals when the apparatus 800 is in an operational mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signals may further be stored in the memory 804 or transmitted via the communication component 816. In some embodiments, audio component 810 also includes a speaker for outputting audio signals.
The I/O interface 812 provides an interface between the processing component 802 and peripheral interface modules, which may be keyboards, click wheels, buttons, etc. These buttons may include, but are not limited to: a home button, a volume button, a start button, and a lock button.
The sensor assembly 814 includes one or more sensors for providing various aspects of state assessment for the device 800. For example, the sensor assembly 814 may detect the open/closed state of the device 800, the relative positioning of the components, such as a display and keypad of the apparatus 800, the sensor assembly 814 may also detect a change in position of the apparatus 800 or a component of the apparatus 800, the presence or absence of user contact with the apparatus 800, orientation or acceleration/deceleration of the apparatus 800, and a change in temperature of the apparatus 800. Sensor assembly 814 may include a proximity sensor configured to detect the presence of a nearby object without any physical contact. The sensor assembly 814 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 814 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.
The communication component 816 is configured to facilitate communications between the apparatus 800 and other devices in a wired or wireless manner. The device 800 may access a wireless network based on a communication standard, such as Wi-Fi, 4G, or 5G, or a combination thereof. In an exemplary embodiment, the communication component 816 receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 816 further includes a Near Field Communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.
In an exemplary embodiment, the apparatus 800 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, micro-controllers, microprocessors or other electronic components for performing the above-described methods.
In an exemplary embodiment, a non-transitory computer-readable storage medium comprising instructions, such as the memory 804 comprising instructions, executable by the processor 820 of the device 800 to perform the above-described method is also provided. For example, the non-transitory computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
A non-transitory computer readable storage medium having instructions therein which, when executed by a processor at a vehicle end, enable the vehicle end to perform a method of information processing, the method comprising:
sending a path request of an application to a system layer of the vehicle end through an application layer in the vehicle end; wherein the path request carries a token;
determining, at the system layer, whether the token is a pre-stored authorization token; the authorization token is fed back after the server side passes the application authentication;
if the token is the authorization token, sending the address of the resource in the vehicle terminal to the application layer through the system layer;
and enabling the application to acquire the resource based on the address through the application layer.
Fig. 9 is a block diagram illustrating a server device 900 according to an example embodiment. Referring to fig. 9, the apparatus 900 includes a processing component 922, which further includes one or more processors, and memory resources, represented by memory 932, for storing instructions, such as applications, that are executable by the processing component 922. The application programs stored in memory 932 may include one or more modules that each correspond to a set of instructions. Further, the processing component 922 is configured to execute instructions to perform the information processing method described above.
The device 900 may also include a power component 926 configured to perform power management of the device 900, a wired or wireless network interface 950 configured to connect the device 900 to a network, and an input output (I/O) interface 958. The apparatus 900 may operate based on an operating system stored in the memory 932, such as Windows Server, Mac OSXTM, UnixTM, LinuxTM, FreeBSDTM, or the like.
In an exemplary embodiment, a non-transitory computer readable storage medium is also provided that includes instructions, such as the memory 932 that includes instructions, that are executable by the processing component 922 of the apparatus 900 to perform the above-described method. For example, the non-transitory computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
A non-transitory computer readable storage medium, instructions in which, when executed by a processor of a server, enable the server to perform a method of information processing, the method comprising:
receiving an access authority request of an application to a resource, which is sent by a vehicle end; the access permission request carries account information of the application;
authenticating the application according to the account information of the application, and generating an authorization token after the authentication is passed;
sending the authorization token to the vehicle end; the authorization token is used for being stored in the vehicle end and used for enabling the application in the vehicle end to obtain the resources stored in the vehicle end from the system layer in the vehicle end.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This disclosure is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.
Claims (18)
1. An information processing method, which is applied to a vehicle end, the method comprising:
sending a path request of an application to a system layer of the vehicle end through an application layer in the vehicle end; wherein the path request carries a token;
determining, at the system layer, whether the token is a pre-stored authorization token; the authorization token is fed back after the server side passes the application authentication;
if the token is the authorization token, sending the address of the resource in the vehicle terminal to the application layer through the system layer;
and enabling the application to acquire the resource based on the address through the application layer.
2. The method of claim 1, wherein the resource pointed to by the address is a resource encrypted by a first key;
the causing, by the application layer, the application to acquire the resource based on the address includes:
acquiring the encrypted resource based on the address through the application layer;
and decrypting the encrypted resource by using a second key matched with the first key through the application layer to ensure that the application obtains the decrypted resource.
3. The method according to claim 2, wherein the first key and the second key are the same, and the authorization token is obtained by encrypting the first key by the server according to a third key negotiated with the application;
the method further comprises the following steps:
and decrypting the authorization token by using a fourth key negotiated by the application and the server through the application layer to obtain the second key.
4. The method of claim 2 or 3, wherein the first key and the second key have a mapping relationship with the resource.
5. The method of claim 1, wherein the authorization token is accompanied by age information;
the determining, at the system layer, whether the token is a pre-stored authorization token includes:
determining, at the system layer, whether the content of the token is consistent with the content of the authorization token and whether the age of the token is consistent with age information of the authorization token.
6. The method of claim 1, further comprising:
sending an access right request of the application to the resource to the server; the access permission request carries account information of the application;
receiving the authorization token fed back by the server after the account information authentication is passed;
storing the authorization token at the application layer and the system layer.
7. The method of claim 1, further comprising:
and receiving the resources sent by the server side through the system layer, and storing the resources in the vehicle side according to a preset address.
8. The method of claim 7, wherein the resource sent by the server is accompanied by aging information, and the method further comprises:
determining whether the resource is in a time efficiency range or not according to a preset time interval through the system layer;
and if the resource is not in the time efficiency range, requesting the server side to update the resource through the system layer.
9. An information processing method, applied to a server, the method comprising:
receiving an access authority request of an application to a resource, which is sent by a vehicle end; the access permission request carries account information of the application;
authenticating the application according to the account information of the application, and generating an authorization token after the authentication is passed;
sending the authorization token to the vehicle end; the authorization token is used for being stored in the vehicle end and used for enabling the application in the vehicle end to obtain the resources stored in the vehicle end from the system layer in the vehicle end.
10. The method of claim 9, wherein the resource stored in the vehicle end is a resource encrypted with a first key; a second key of the resource is the same as the first key, and the second key is a decryption key;
the sending of the authorization token to the vehicle terminal according to the access right request comprises:
acquiring the first key according to the access authority request;
encrypting the first key by using a third key negotiated with the application in the vehicle end to obtain the authorization token;
and sending the authorization token to the vehicle end.
11. The method of claim 10, wherein the access permission request carries an identifier of the resource;
the obtaining the first key according to the access right request includes:
and acquiring the first key corresponding to the identifier of the resource according to the access authority request.
12. The method of claim 10, wherein the first key is account information of the application.
13. The method of claim 10, further comprising:
and before receiving the access authority request sent by the vehicle end, encrypting the resource by using the first secret key, attaching aging information, and sending the resource to the vehicle end.
14. The method of claim 13, further comprising:
receiving a resource updating request sent by the vehicle end after the resource is determined to be over;
and sending the encrypted resources after updating the time effectiveness to the vehicle terminal according to the resource updating request.
15. An information processing apparatus, which is applied to a vehicle end, the apparatus comprising:
the first sending module is configured to send a path request of an application to a resource to a system layer of the vehicle end through an application layer in the vehicle end; wherein the path request carries a token;
a first determining module configured to determine, at the system layer, whether the token is a pre-stored authorization token; the authorization token is fed back after the server side passes the application authentication;
a second sending module, configured to send, to the application layer through the system layer, an address of the resource in the vehicle end if the token is the authorization token;
an obtaining module configured to cause the application to obtain the resource based on the address through the application layer.
16. An information processing apparatus, applied to a server, the apparatus comprising:
the third receiving module is configured to receive an access authority request of the application to the resource, which is sent by the vehicle end; the access permission request carries account information of the application;
the generation module is configured to authenticate the application according to the account information of the application and generate an authorization token after the authentication is passed;
a fourth transmitting module configured to transmit the authorization token to the vehicle end; the authorization token is used for being stored in the vehicle end and used for enabling the application in the vehicle end to obtain the resources stored in the vehicle end from the system layer in the vehicle end.
17. An apparatus, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor is configured to execute the information processing method according to any one of claims 1 to 8; or configured to perform the information processing method according to any one of claims 9 to 14.
18. A non-transitory computer-readable storage medium, wherein instructions, when executed by a processor at a vehicle end, enable the vehicle end to perform the information processing method according to any one of claims 1 to 8; or, when the instructions in the storage medium are executed by a processor of a server, the server is enabled to execute the information processing method according to any one of claims 9 to 14.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111616904.3A CN114386008A (en) | 2021-12-27 | 2021-12-27 | Information processing method and device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111616904.3A CN114386008A (en) | 2021-12-27 | 2021-12-27 | Information processing method and device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114386008A true CN114386008A (en) | 2022-04-22 |
Family
ID=81197499
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111616904.3A Pending CN114386008A (en) | 2021-12-27 | 2021-12-27 | Information processing method and device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114386008A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115242400A (en) * | 2022-06-29 | 2022-10-25 | 重庆长安汽车股份有限公司 | Vehicle Token uniqueness and cloud authentication system and method |
-
2021
- 2021-12-27 CN CN202111616904.3A patent/CN114386008A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115242400A (en) * | 2022-06-29 | 2022-10-25 | 重庆长安汽车股份有限公司 | Vehicle Token uniqueness and cloud authentication system and method |
| CN115242400B (en) * | 2022-06-29 | 2024-06-04 | 重庆长安汽车股份有限公司 | Vehicle-mounted Token uniqueness and cloud authentication system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3657370B1 (en) | Methods and devices for authenticating smart card | |
| CN109146470B (en) | Method and device for generating payment code | |
| US10498723B2 (en) | Method, and apparatus for authenticating access | |
| CN111277565B (en) | Information processing method and device, and storage medium | |
| CN104869612A (en) | Method and device for accessing network | |
| CN111611075A (en) | Virtual resource request processing method and device, electronic equipment and storage medium | |
| CN112115464B (en) | Unlocking processing method and device, electronic equipment and storage medium | |
| CN108696361B (en) | Configuration method, generation method and device of smart card | |
| CN113055169B (en) | Data encryption method and device, electronic equipment and storage medium | |
| CN114386008A (en) | Information processing method and device, equipment and storage medium | |
| CN114221764A (en) | Public key updating method, device and equipment based on block chain | |
| CN114218510A (en) | Service page display method, device and equipment | |
| CN106411580A (en) | Device management client and server, and device management methods | |
| CN112434339A (en) | Information processing method and device | |
| CN117879814A (en) | Vehicle key sharing method, device and storage medium | |
| CN114221788B (en) | Login method, login device, electronic equipment and storage medium | |
| CN113630405B (en) | Network access authentication method and device, electronic equipment and storage medium | |
| CN108924136B (en) | Authorization authentication method, device and storage medium | |
| CN108881242B (en) | Method and device for acquiring electronic identity card | |
| CN114139134A (en) | Program upgrading method, device and equipment for terminal equipment | |
| CN116488830A (en) | Device access authentication method, device, system, electronic device and storage medium | |
| CN110493186B (en) | Function state adjusting method and device | |
| CN111241522B (en) | Firmware signature method and device and storage medium | |
| EP4443290A1 (en) | Electronic controller flash method, electronic controller, and management server | |
| CN114780942A (en) | Identity authentication method, device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |