CN120567524A

CN120567524A - Battery data transmission method and device, transmission system, electronic device and storage medium

Info

Publication number: CN120567524A
Application number: CN202510804988.5A
Authority: CN
Inventors: 张腾; 张帅; 许力; 刘文博
Original assignee: Beijing Shufeng Technology Co ltd
Current assignee: Beijing Shufeng Technology Co ltd
Priority date: 2025-06-16
Filing date: 2025-06-16
Publication date: 2025-08-29

Abstract

The present invention discloses a method and device for transmitting battery data, a transmission system, an electronic device and a storage medium. The method for transmitting battery data is applied to a transmission system including a data sending end, a data receiving end and a data verification end, wherein, for the data verification end, the transmission method includes: obtaining identity authentication requests from the data sending end and the data receiving end, authenticating the identities of the data sending end and the data receiving end to allow the data sending end and the data receiving end to access the transmission system; obtaining a data compliance review request from the data sending end, performing compliance verification on the battery data and performing a security assessment on the data receiving end to determine whether to allow the transmission of the battery data; and, in the case of allowing the transmission of the battery data, obtaining the compliance-verified battery data provided by the data sending end, and sending the battery data to the data receiving end. The present invention can realize automated compliance verification of battery data and protect the security of battery data during transmission.

Description

Battery data transmission method and device, transmission system, electronic equipment and storage medium

Technical Field

The present invention relates to the field of computer technologies, and in particular, to a method and apparatus for transmitting battery data, a transmission system, an electronic device, and a storage medium.

Background

A digital battery passport, a digital management system for batteries, records the full life cycle data (including key information such as production, supply, carbon footprint, content of recovered substances, etc.) of the batteries in an electronic form, and is attached to the battery product in the form of a two-dimensional code for access inquiry. When a battery operator needs to provide a battery product across domains, then the battery data needs to be provided to a target providing area for compliance verification, so that a digital battery passport of the battery product is obtained after the battery data passes the verification. However, the conventional battery passport information transmission lacks a unified frame for cross-domain transmission standardization of the battery passport information, and on the other hand, it is difficult to simultaneously achieve data privacy protection and compliance verification, and lacks data flow transparency and traceability, so that the battery passport information has many challenges in cross-domain transmission, and therefore the security of the cross-domain transmission of the digital battery information cannot be ensured.

Disclosure of Invention

The object of the present invention is to propose a solution to at least one of the above technical problems to some extent.

In order to achieve the above object, a first aspect of the present invention provides a transmission method of battery data, which is characterized by being applied to a transmission system including a data transmitting end, a data receiving end and a data verifying end, wherein for the data verifying end, the transmission method includes obtaining identity authentication requests of the data transmitting end and the data receiving end, authenticating the identities of the data transmitting end and the data receiving end to grant the data transmitting end and the data receiving end access to the transmission system, obtaining a data compliance inspection request of the data transmitting end, performing compliance check on the battery data and performing security evaluation on the data receiving end to determine whether to grant transmission of the battery data, and in case of granting transmission of the battery data, obtaining a cross-domain transmission request for the battery data initiated by the data transmitting end and transmitting the battery data to the data receiving end.

According to one embodiment of the invention, the method for acquiring the identity authentication requests of the data sending end and the data receiving end, authenticating the identities of the data sending end and the data receiving end to permit the data sending end and the data receiving end to access the transmission system comprises the steps of respectively receiving and authenticating physical information related to self identities uploaded by the data sending end and the data receiving end, carrying out real-name authentication on the physical information, carrying out hash operation on public keys of the data sending end and the data receiving end and corresponding physical information thereof respectively after the authentication is passed, correspondingly generating unique identity identifiers of the data sending end and the data receiving end, and generating and issuing digital certificates representing legal identities of the data sending end and the data receiving end based on the unique identity identifiers of the data sending end and the receiving end so that the data sending end and the data receiving end access the transmission system based on the digital certificates.

According to one embodiment of the invention, the method for acquiring the data compliance inspection request of the data transmitting end, performing data compliance verification on the battery data and performing security assessment on the data receiving end to determine whether to permit transmission of the battery data comprises the steps of acquiring transmission information provided by the data transmitting end, wherein the transmission information comprises the battery data and geographic information of the data receiving end, the battery data is data anonymized through the data transmitting end, performing bidirectional identity verification on the basis of a digital certificate of the data transmitting end and the data transmitting end, performing data compliance verification comprising data grade, data sensitivity information, data magnitude and anonymization processing degree on the battery data after the bidirectional identity verification is passed, and performing security assessment comprising receiving qualification, receiving capability and security protection capability on the data receiving end based on the geographic information of the data receiving end, and permitting transmission of the battery data under the condition that the data compliance verification on the battery data and the security assessment on the data receiving end are passed.

According to one embodiment of the invention, the data compliance verification of the battery data, which comprises a data grade, data sensitive information, data magnitude and anonymization degree, comprises the steps of setting a rule base comprising data rules of a plurality of areas, and executing the following operations on the battery data based on the data rules associated with the area where the data transmitting end is located in the rule base, namely judging whether the battery data comprises personal information and the sensitivity grade of the personal information, judging the magnitude of the personal information and the magnitude of the personal information reaching the preset sensitivity grade, and judging whether anonymization processing of the personal information in the battery data accords with the preset rules.

According to one embodiment of the invention, the security assessment comprising receiving qualification, receiving capability and security protection capability is carried out on the data receiving end based on the geographic information of the data receiving end, and the security assessment comprises the steps of calling the qualification state of the data receiving end through an inter-area mutual authentication framework between the data sending end and the data receiving end, sending a test data packet to the data receiving end, checking the data interface compatibility and the storage encryption capability of the data receiving end to judge whether the data receiving end is provided with a receiving channel meeting preset data receiving requirements and a data storage system meeting preset encryption standards or not, and judging whether the area of the data receiving end has a data protection mechanism meeting the preset security standards or not based on data rules associated with the area of the data receiving end.

According to one embodiment of the invention, the method for transmitting the battery data to the data receiving end comprises the steps of obtaining a data packet transmitted by the data transmitting end, wherein the data packet comprises encrypted battery data, a data ID and a digital signature, transmitting the data packet to the data receiving end based on a deployed special data transmission channel, enabling the data receiving end to decrypt the data packet by using a session key between the data receiving end and the data transmitting end and verifying the validity of the data signature, and responding to a verification request of the data receiving end to verify the validity of the data ID.

In order to achieve the above object, a second aspect of the present invention provides a transmission device for battery data, which is applied to a transmission system including a data transmitting end, a data receiving end, and a data verifying end, wherein for the data verifying end, the transmission device includes an authentication unit for acquiring identity authentication requests of the data transmitting end and the data receiving end, authenticating identities of the data transmitting end and the data receiving end to grant the data transmitting end and the data receiving end access to the transmission system, a compliance unit for acquiring a data compliance check request of the data transmitting end, performing compliance check on the battery data, and performing security evaluation on the data receiving end to determine whether to grant transmission of the battery data, and a transmitting unit for acquiring the battery data subjected to compliance check provided by the data transmitting end and transmitting the battery data to the data receiving end under the condition that transmission of the battery data is granted.

In order to achieve the above object, a third aspect of the present invention provides a battery data transmission system, which is characterized in that the transmission system includes a data transmitting end, a data verifying end, and a data receiving end, where the data verifying end uses the battery data transmission method in the first aspect to transmit the battery data provided by the data transmitting end to the data receiving end.

To achieve the above object, a fourth aspect of the present invention provides an electronic device, including at least one processor, and a memory communicatively connected to the at least one processor, wherein the memory stores instructions executable by the at least one processor, the instructions being executable by the at least one processor to enable the at least one processor to perform the method for transmitting battery data according to the first aspect.

To achieve the above object, a fifth aspect of the present application provides a machine-readable storage medium having stored thereon instructions for causing a machine to execute the method for transmitting battery data according to the first aspect of the present application.

Compared with the prior art, the invention has the following advantages:

1) Automatic combination rule verification of battery data is realized, and safety and reliability of the battery data in transmission are ensured;

2) Identity authentication is carried out on a sending end and a receiving end in transmission, so that identity legitimacy of the two interaction parties is effectively ensured;

3) And the compliance verification is simple and efficient, and the battery data is ensured to comprehensively accord with the compliance criteria of the two interaction parties in the cross-domain transmission.

Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.

Drawings

The foregoing and/or additional aspects and advantages of the invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings, in which:

Fig. 1 is a flow chart illustrating a method of transmitting battery data according to an exemplary embodiment;

FIG. 2 is a schematic flow diagram illustrating a data verification end compliance verification in accordance with an example embodiment;

fig. 3 is a flow chart illustrating a process of transmitting and receiving battery data according to an exemplary embodiment;

FIG. 4 is a schematic block diagram of a battery data transmission device according to an exemplary embodiment, and

Fig. 5 is a schematic diagram of an electronic device, according to an example embodiment.

Detailed Description

Embodiments of the present invention are described in detail below, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar elements or elements having like or similar functions throughout. The embodiments described below by referring to the drawings are illustrative and intended to explain the present invention and should not be construed as limiting the invention.

Fig. 1 is a flowchart illustrating a method for transmitting battery data according to an exemplary embodiment, where the method for transmitting includes:

Step S110, acquiring identity authentication requests of the data sending end and the data receiving end, and authenticating the identities of the data sending end and the data receiving end so as to permit the data sending end and the data receiving end to access the transmission system;

step S120, a data compliance examination request of the data sending end is obtained, the battery data is subjected to compliance verification, and the data receiving end is subjected to safety evaluation so as to determine whether transmission of the battery data is permitted or not;

Step S130, under the condition that the transmission of the battery data is permitted, acquiring a cross-domain transmission request for the battery data initiated by the data transmitting end, and transmitting the battery data to the data receiving end.

For example, the battery data transmission architecture in the present invention mainly includes three aspects, namely a data transmitting end, a data receiving end and a data verifying end. The data transmission of the invention belongs to cross-domain transmission, the data transmitting end needs to provide battery data for the data receiving end in a cross-region mode, and the data verifying end is used for verifying the identity of the two data interaction sides and the battery data to be interacted. In addition, the data verification terminal is internally provided with compliance standards of different areas so as to judge whether battery data meet the compliance rules of the areas where the two data interaction parties are located in the verification process.

Firstly, in step S110, it is an initialization phase, in which when the data transmitting end and the data receiving end need to perform data interaction, the identity information of the data transmitting end and the data receiving end need to be uploaded to the data verifying end in advance, and after the data verifying end verifies the identities of the data transmitting end and the data receiving end, the data transmitting end and the data receiving end issue a digital certificate based on an encryption algorithm. In this way, in the subsequent operation, the data verification terminal can ensure that the identities of the data transmission terminal and the data receiving terminal are legal and effective in real time according to the digital certificates uploaded by the data transmission terminal and the data receiving terminal. In short, the purpose of this step is to require that the data transmitting end and the data receiving end are legally accessed into the transmission architecture.

Next, for step S120, it is a compliance interaction phase, in which the data verification end needs to perform compliance verification on the battery data to be transmitted by the data sending end, and perform security assessment on the data receiving end, so as to determine whether to permit transmission of the battery data according to the result of the verification and assessment. Therefore, the step is a verification process between the actual transmission of the battery data, and ensures the data security of the battery data in the subsequent transmission stage.

And step S130, which is a data transmission stage, wherein after the data verification is passed, the data transmitting end needs to provide the verified battery data to the data verification end, initiate the transmission of the battery data, and the data verification end transmits the verified battery data to the data receiving end, so that the data receiving end can safely and reliably receive the battery data.

Therefore, the embodiment of the invention provides a standardized framework for cross-domain transmission of battery data, which adopts a dual mechanism of identity authentication and data compliance authentication, can simultaneously give consideration to privacy protection and compliance in the cross-domain transmission of the battery data, and ensures the safety and reliability of the cross-domain transmission of the battery data.

The steps described above are further described and illustrated in the accompanying figures.

In a preferred embodiment, obtaining an identity authentication request of the data sending end and the data receiving end, and authenticating identities of the data sending end and the data receiving end to grant the data sending end and the data receiving end access to the transmission system, including:

The data verification terminal exchanges a key with the data sending terminal and the data receiving terminal, wherein the key is generated based on an SM2 algorithm;

respectively receiving and authenticating physical information related to the self identity uploaded by the data sending end and the data receiving end, carrying out real-name authentication on the physical information, respectively carrying out hash operation on public keys of the data sending end and the data receiving end and corresponding physical information after the authentication is passed, and correspondingly generating unique identity identifiers of the data sending end and the data receiving end;

And generating and issuing a digital certificate representing legal identities of the data sending end and the data receiving end based on the unique identity identifiers of the data sending end and the receiving end, so that the data sending end and the data receiving end access the transmission system based on the digital certificate.

For example, in the initialization stage, the data verification end, the data sending end and the data receiving end in the data transmission architecture need to execute key generation and exchange first, so as to facilitate encryption and decryption operations on the transmitted data based on the key in the subsequent interactive communication process and ensure the safety of interaction. For example, the data verification side, the data transmission side, and the data reception side respectively generate a key pair for digital signature, also referred to as a public-private key pair, including a public key and a private key, using the SM2 algorithm. In general, public keys can be distributed publicly, without confidentiality, and are used for encrypting data, ensuring that a party holding a corresponding private key can decrypt the data, and verifying the legitimacy and integrity of the source of the data by verifying a digital signature generated based on the corresponding private key. Accordingly, the private key needs to be strictly kept secret by the holder and cannot be revealed, and the private key is used for decrypting data encrypted by other parties by using the corresponding public key on one hand, and can be used for encrypting data hash on the other hand, so as to prove the identity and the integrity of the data. Therefore, the data verification terminal generates a public-private key pair based on the SM2 algorithm, locally stores the private key therein, and transmits the public key to the data transmission terminal and the data receiving terminal. And similarly, the data transmitting end and the data receiving end respectively upload the public keys of the public and private key pairs generated based on the SM2 algorithm to the data verification end. Thus, the data verification end and the data sending end and the data receiving end complete key exchange.

Further, the data transmitting end and the data receiving end submit the identity information thereof to the data verifying end, wherein the identity information can comprise physical information such as business license, legal identity certification and the like. The data verification terminal can be connected with an external public system or a database, and the authenticity of the identity information submitted by the data sending terminal and the data receiving terminal is verified. After the authentication is passed, the data verification terminal splices fields such as public keys, business license information, legal identity information and the like into character strings according to a fixed sequence, calls an SM3 algorithm to calculate the spliced character strings to generate corresponding hash values, and finally encodes the hash values to generate final identity marks. Thus, the uniqueness and tamper resistance of the identity mark are ensured through hash binding of the public key and the identity information.

Further, the data verification terminal generates a digital certificate based on the identity, wherein the digital certificate comprises the public key of the data sending terminal or the data receiving terminal, the identity, the validity period of the certificate, the purpose and other information. The digital certificate is signed by the private key of the data verification end in the service period, and the signed digital certificate is issued to the data sending end or the data receiving end.

Therefore, in the embodiment of the invention, on one hand, the public-private key pair can be generated through the SM2 algorithm to provide asymmetric encryption capability for data interaction, the confidentiality and the integrity of subsequent data transmission are ensured, and the attack of a man-in-the-middle is prevented, and on the other hand, the public key and the real-name authentication information are bound through the SM3 algorithm to generate a unique identity, so that the association of a physical identity and a digital identity is realized, the identity falsification or falsification is avoided, a trust chain between a data transmitting end and a data receiving end and a data verifying end is formed, and the trusted interaction of cross-regional battery data is realized.

In a preferred embodiment, the method for obtaining the data compliance review request of the data sending end, performing data compliance verification on the battery data and performing security evaluation on the data receiving end to determine whether to permit transmission of the battery data includes:

acquiring transmission information provided by the data transmitting end, wherein the transmission information comprises the battery data and geographic information of the data receiving end, and the battery data is data anonymized by the data transmitting end;

Performing bidirectional identity verification with the data transmitting end based on the digital certificate of the data transmitting end;

after the bidirectional identity verification is passed, carrying out data compliance verification comprising data grade, data sensitive information, data magnitude and anonymization processing degree on the battery data, and carrying out security assessment comprising receiving qualification, receiving capability and security protection capability on the data receiving terminal based on geographic information of the data receiving terminal;

In the event that a data compliance check for the battery data passes and a security assessment for the data receiving end passes, transmission of the battery data is permitted.

For example, after the data sending end and the data receiving end complete identity registration and binding, the data sending end needs to initiate a compliance inspection request to the data verification end, so as to inspect compliance of battery data in advance before data transmission, so that the battery data can be transmitted under the condition of meeting the regional rule requirement, and meanwhile, the data verification end also evaluates qualification and capability of the data receiving end, so as to determine whether the data receiving end has corresponding data security protection capability and the like, and finally determine whether the battery data can be subjected to subsequent transmission interaction.

For example, before sending the compliance review request, the data sending end needs to anonymize the locally stored battery data, and the data sending end may anonymize sensitive information in the battery data by calling an anonymizing interface provided by the data verifying end and using an SM4 encryption algorithm. When the interface is called, the data transmitting end encrypts the battery data to be anonymized by using a built-in SM4 algorithm, so that the battery data is ensured not to be leaked in the checksum processing process. Specifically, the battery data may include battery production data including a battery model number, a production date, a serial number, and the like, personal information including a name, a certificate number, a contact address, and the like. For example, sensitive fields (e.g., contact, certificate number) in the battery data may be encrypted using the SM4 algorithm to generate ciphertext. The method aims at ensuring that the data cannot be restored to the original sensitive information in the subsequent use, and simultaneously can also reserve the availability of the data, thereby being convenient for the subsequent use and the like. In addition, in order to ensure that the source of the battery data can be tracked, the data transmitting end generates a mapping relation table for recording the corresponding relation between the anonymized data and the original data. The mapping table needs to be stored in an encrypted manner to prevent unauthorized access.

After anonymizing the battery data, the data transmitting terminal transmits a compliance review request to the data verifying terminal, wherein the request comprises the digital certificate issued by the data verifying terminal. The request also includes request parameters, which may include a data type and a transmission destination. Wherein the data type is used to clarify the type of battery data to be checked, such as battery performance data, supply chain information, etc. The transmission destination is used for designating the region where the data receiving end is located, so that the data verification end can conveniently call the compliance rule of the region where the data receiving end is located to verify the battery data.

When the data verification terminal receives the compliance inspection request, the data verification terminal needs to perform bidirectional identity verification with the data transmission terminal. For example, the data verification terminal may query the status (valid/revoked/expired) of the digital certificate provided by the data transmission terminal, and the data verification terminal generates a digital signature for the response message using its private key, and the data transmission terminal verifies the validity of the digital signature by the public key of the data verification terminal. The public key of the data verification end can be adopted to decrypt and sign to obtain a hash value, and the hash value of the message original text is removed for comparison, so that the data integrity and the source authenticity are ensured. In addition, the signature and the verification result of the data verification end and the data receiving end can be stored and verified through a blockchain or a security log, so that the traceability of the data is ensured.

Furthermore, after the bidirectional identity authentication, the invention performs examination on the battery data in multiple dimensions, such as comprehensive examination on the battery data from multiple aspects of data grade, data sensitivity, data magnitude, anonymization processing degree and the like. Meanwhile, in order to meet the compliance requirement of cross-domain transmission, the invention also carries out safety evaluation on the data receiving end, confirms the receiving protection capability of the data receiving end on the battery data, and further verifies whether the battery data is safe or not from the receiving layer.

In the embodiment of the invention, a double mechanism of anonymization processing and compliance verification is adopted, on one hand, the anonymization processing of the battery data is realized by adopting a national secret SM4 algorithm, so that the original data can not be directly identified, effective privacy protection is provided for the battery data, on the other hand, the identity legitimacy of a data processor is confirmed by bidirectional identity authentication, and meanwhile, the checking mechanism of the data type and the transmission destination is clarified, so that the compliance checking requirement of cross-domain data transmission is effectively met.

More preferably, the data of the battery is subjected to data compliance verification including data grade, data sensitive information, data magnitude and anonymization degree, and the method comprises the following steps:

Based on the built-in region rule, the following operations are performed on the battery data:

Judging the data grade of the battery data;

judging whether the battery data contains personal information or not and judging the sensitivity level of the personal information;

Judging the magnitude of the personal information and the magnitude of the personal information reaching a preset sensitivity level;

Checking and verifying whether anonymization processing of personal information in the battery data accords with a preset rule;

And reforming the personal information in the battery data which does not accord with the preset rule.

For example, the region rules built into the data validation side may include data processing specifications based on geographic or administrative boundary partitioning. Therefore, the invention aims to ensure that the battery data can meet the management requirement of a data transmitting end and a data receiving end on the battery data in the battery data transmission process, and ensure that the battery data can be transmitted safely and reliably.

Regarding the data level, the data verification side may identify the data level of the battery data based on different data classification dimensions. For example, battery data may be classified by data type, and may be classified into performance parameter data (voltage/current), environmental data (temperature/humidity), user behavior data (charging time/frequency), and the like. The battery data can be classified according to the sensitivity degree, and the battery data is divided into common data, sensitive data and the like based on the data classification rule. Preferably, the embodiment of the invention can also adopt a dynamic grading mechanism, for example, the data grade can be automatically adjusted according to the relevance of the data, and the data grade can be automatically adjusted by combining a plurality of parameters or characteristics in the battery data.

Regarding personal information identification, for structured data, the embodiment of the invention can match standard formatted data such as identity information through regular expressions, and can also identify field tags such as user ID by adopting a keyword library extraction mode. For unstructured data, the embodiment of the invention can extract key features in the text by adopting a natural language technology to identify personal addresses, contact ways and the like. After the personal information is identified, the embodiment of the invention can carry out hash comparison on the identified personal information by adopting a preset sensitive field library, and determine whether the identified personal information is sensitive data.

Regarding information magnitude judgment, the embodiment of the invention can adopt an SQL query mode to count the number of personal information records or count the proportion of personal information in battery data. For the magnitude of the sensitive information therein, the frequency of occurrence of the sensitive information may be counted, for example, to evaluate whether the frequency of occurrence of the sensitive information within a single day exceeds a preset threshold.

With respect to examination of anonymization processing, the embodiment of the invention can check whether anonymization processing of battery data meets the specified anonymization technical requirements, including de-identification, pseudonymization and other specific requirements, and can also check the anonymization strength of the battery data through a re-identification attack test to judge whether the anonymized battery data meets the irrecoverable requirements.

Preferably, when it is determined that the anonymization processing of the battery data to be transmitted does not meet the anonymization requirement, the battery data needs to be reprocessed so as to meet the anonymization requirement. For example, the embodiment of the invention can ensure that the original battery data can not be directly restored by deleting or adopting an encryption algorithm to encrypt the identification fields such as name, identity information and the like, and can also implement dynamic desensitization on the equipment identification code and the like in the battery data, such as replacing the equipment identification code with a randomly generated pseudonym. In addition, for sensitive data such as geographic information, generalization processing can be implemented, noise processing can be adopted for user behavior data, and reverse identification of users by using the user behavior data is prevented.

According to the embodiment of the invention, the battery data is subjected to compliance verification from multiple dimensions, so that the deep fusion of the compliance requirement and the service transmission scene of the battery data is effectively realized, the risk of the compliance of cross-domain data transmission is reduced, and the battery data is ensured to meet the regional compliance requirement.

In a preferred embodiment, the performing, based on the geographic information of the data receiving end, a security assessment on the data receiving end including a receiving qualification, a receiving capability and a security protection capability includes:

the qualification state of the data receiving end is called through an inter-area mutual recognition examination framework between the data sending end and the data receiving end;

Transmitting a test data packet to the data receiving end, and checking the data interface compatibility and the storage encryption capability of the data receiving end to judge whether the data receiving end is provided with a receiving channel meeting the preset data receiving requirement and a data storage system meeting the preset encryption standard;

and judging whether the area of the data receiving end has a data protection mechanism meeting a preset safety standard or not based on a data rule associated with the area of the data receiving end.

For example, in battery data transmission, in addition to the above-mentioned identity authentication and data compliance verification, the embodiment of the present invention may also verify the data receiving end. Specifically, the embodiment of the invention can verify the receiving qualification, the data receiving capability and the data security protection capability of the data receiving terminal. For example, the qualification state of the data receiving end can be invoked by a checking mechanism of inter-area mutual recognition, such as obtaining the validity of the files of the industry admission qualification of the data receiving end, the data cross-domain permission and the like. The data verification terminal can also verify the interface compatibility and the storage encryption capability of the data receiving terminal by sending a test data packet to the data receiving terminal, so as to verify whether the data receiving terminal deploys an encryption channel of cross-domain transmission with preset requirements and a data storage system meeting preset security authentication, thereby judging whether the data receiving terminal has the data receiving capability and the data security protection capability. In addition, the data verification terminal can also verify the data protection capability of the area where the data receiving terminal is located, for example, verify whether the data protection specification or regulation of the area meets the preset requirement or verify whether the area is provided with mandatory data localization retention regulation.

The embodiment of the invention can effectively realize cross-region compliance verification cooperation through verifying the qualification and the capability of the data receiving end, reduce manual verification and improve the efficiency of cross-region data transmission.

The following describes the whole compliance verification process of the data verification end in detail with reference to fig. 2:

In step S201, the data verification terminal provides an anonymization interface to the data transmission terminal.

Step S202, the data transmitting end performs anonymization processing on the battery data by using an anonymization window, generates a mapping relation table of an anonymized data ID and original data, and further performs encryption storage.

Step S203, the data transmitting end transmits a compliance review request to the data verification end to obtain a verification of the battery data by the data verification end.

Step S204, after receiving the compliance inspection request, the data verification terminal verifies the identity of the data transmission terminal and confirms whether the identity of the data transmission terminal is legal.

Step S205, when the identity authentication of the data sending end is passed, the data verification end returns an authentication passing message to the data sending end so as to inform the data sending end that the compliance inspection request is legal.

Step S206, the data transmitting terminal verifies the legality of the identity of the data verification terminal based on the received authentication passing message so as to complete the bidirectional identity verification with the data verification terminal.

In step S207, the data transmitting terminal transmits the anonymized battery data to the data verifying terminal.

Step S208, the data verification terminal invokes the built-in region rule, performs compliance verification on the battery data, and simultaneously performs security assessment on the data receiving terminal.

In step S209, the data verification end returns a compliance review passing message to the data transmission end to inform the data transmission end that the battery data can be transmitted.

In a preferred embodiment, the sending the battery data to the data receiving end includes:

acquiring a data packet sent by the data sending end, wherein the data packet comprises encrypted battery data, a data ID and a digital signature;

Transmitting the data packet to the data receiving end based on a deployed dedicated data transmission channel so that the data receiving end decrypts the data packet by using a session key between the data receiving end and the data transmitting end and verifies the validity of the data signature, and

And responding to the verification request of the data receiving end, and verifying the validity of the data ID.

For example, the data ID is a unique identifier of the data packet, and is used for checking the validity of the data at the data receiving end. The session key is a temporary key for decrypting the battery data, and the data transmitting end generates the session key based on a session protocol with the data receiving end. The digital signature is a signature generated by the data transmitting end on the data packet by using a private key thereof, and is used for verifying the integrity of the data and the authenticity of the identity. Specifically, the data transmitting end firstly encapsulates the data ID, the encrypted battery data, the session key and the digital signature into a data packet, and transmits the data packet to the data verifying end. The data verification terminal sends the data packet to the data receiving terminal by using a special data transmission channel. The special data transmission channel is special for cross-domain data transmission and avoids mixing with other public data traffic. And the special data channel adopts a national private VPN technology to secondarily encrypt the battery data in the channel, so that the battery data is prevented from being attacked by a man-in-the-middle in the channel transmission. More preferably, the channel is further provided with a deep packet inspection system, which can analyze data transmission flow characteristics in real time and identify abnormal transmission conditions. After the data receiving end receives the battery data, the data packet is decrypted by using the session key to restore the original battery data. And verifying the digital signature in the data packet by using the public key of the data transmitting end to confirm whether the data source is legal and not tampered. Meanwhile, the data receiving end also calls the data verification end to verify whether the data ID is in the effective range, so that the data is prevented from being forged or reused.

In the embodiment of the invention, the safe and efficient transmission of the battery data is realized through operations such as encryption and verification, identity binding, special channel isolation and the like of the battery data.

The following describes the whole transmission process after passing the compliance verification in detail with reference to fig. 3:

step S301, after the data transmitting end knows that the battery data compliance check is passed, the data transmitting end carries out grouping encryption on the anonymized battery data by adopting an SM4 algorithm.

In step S302, the data transmitting end generates a one-time session key based on the SM2 key exchange protocol.

In step S303, the data transmitting end encapsulates the data ID, the encrypted battery data and the digital signature into a data packet.

Step S304, the data transmitting terminal transmits the encapsulated data packet to the data verification terminal.

In step S305, after receiving the data packet, the data verification terminal deploys a transmission configuration for the data packet, including deploying a dedicated data channel, adopting a national private VPN tunnel technology, and deploying DPI deep packet inspection and monitoring, so as to be able to safely transmit the data packet and monitor the state of the data packet in real time.

Step S306, after the transmission configuration is deployed, the data verification terminal sends the encrypted data packet to the data receiving terminal.

In step S307, after receiving the encrypted data packet, the data receiving end first decrypts the battery data using the session key generated before and verifies the validity of the carried digital signature.

In step S308, the data receiving end invokes the data verification end to verify the data ID in the data packet.

In step S309, the data verification terminal verifies the validity of the data ID.

In step S310, when the data ID passes the verification, the data verification terminal returns a verification passing message to the data receiving terminal.

Step S311, when the data receiving end obtains the verification passing message, the verification combined with the previous digital signature is valid, and the decryption of the battery data based on the session key is successful, the battery data is stored locally.

Based on the same inventive concept, the invention further provides a transmission device of battery data, which is applied to a transmission system comprising a data transmitting end, a data receiving end and a data verifying end, wherein, as shown in fig. 4, for the data verifying end, the transmission device 400 comprises an authentication unit 410 for acquiring identity authentication requests of the data transmitting end and the data receiving end, authenticating the identities of the data transmitting end and the data receiving end to permit the data transmitting end and the data receiving end to access the transmission system, a compliance unit 420 for acquiring a data compliance inspection request of the data transmitting end, performing compliance check on the battery data and performing security evaluation on the data receiving end to determine whether to permit transmission of the battery data, and a transmitting unit 430 for acquiring a cross-domain transmission request for the battery data initiated by the data transmitting end and transmitting the battery data to the data receiving end under the condition of permitting transmission of the battery data.

Further implementation details and advantages of the embodiments of the present invention may refer to the embodiments of the data management system described above, and are not described herein in detail.

Correspondingly, the invention also provides a transmission system of the battery data, which comprises a data sending end, a data verification end and a data receiving end, wherein the data verification end adopts the transmission method of the battery data, provided by the data sending end, to the data receiving end.

Correspondingly, the embodiment of the invention also provides an electronic device, as shown in fig. 5, which shows a schematic structural diagram of the electronic device suitable for implementing the embodiment of the invention. The electronic device in the embodiment of the present invention may include, but is not limited to, a mobile terminal such as a mobile phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet computer), a PMP (portable multimedia player), a car-mounted terminal (e.g., car navigation terminal), etc., and a stationary terminal such as a digital TV, a desktop computer, etc. The electronic device shown in fig. 5 is only an example and should not be construed as limiting the functionality and scope of use of the embodiments of the present invention.

As shown in fig. 5, the electronic device may include a processing means (e.g., a central processing unit, a graphics processor, etc.) 501, which may perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 502 or a program loaded from a storage means 508 into a Random Access Memory (RAM) 503. In the RAM503, various programs and data required for the operation of the electronic device are also stored. The processing device 501, the ROM 502, and the RAM503 are connected to each other via a bus 504. An input/output (I/O) interface 505 is also connected to bus 504.

In general, devices may be connected to I/O interface 505 including input devices 506, including for example, touch screens, touch pads, keyboards, mice, cameras, microphones, accelerometers, gyroscopes, etc., output devices 507, including for example, liquid Crystal Displays (LCDs), speakers, vibrators, etc., storage devices 508, including for example, magnetic tape, hard disk, etc., and communication devices 509. The communication means 509 may allow the electronic device to communicate with other devices wirelessly or by wire to exchange data. While fig. 5 shows an electronic device having various means, it is to be understood that not all of the illustrated means are required to be implemented or provided. More or fewer devices may be implemented or provided instead.

In particular, according to embodiments of the present invention, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present invention provide a computer program product comprising a computer program embodied on a non-transitory computer readable medium, the computer program comprising program code for performing the method shown in the flowchart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication means 509, or from the storage means 508, or from the ROM 502. The above-described functions defined in the method of the embodiment of the present invention are performed when the computer program is executed by the processing means 501.

The computer readable medium of the present invention may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of a computer-readable storage medium may include, but are not limited to, an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to electrical wiring, fiber optic cable, RF (radio frequency), and the like, or any suitable combination of the foregoing.

In some embodiments, the clients, servers may communicate using any currently known or future developed network protocol, such as HTTP (HyperText TransferProtocol ), and may be interconnected with any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), the internet (e.g., the internet), and peer-to-peer networks (e.g., ad hoc peer-to-peer networks), as well as any currently known or future developed networks.

The computer readable medium may be included in the electronic device or may exist alone without being incorporated into the electronic device.

The computer readable medium carries one or more programs that, when executed by the electronic device, cause the electronic device to obtain identity authentication requests for the data transmitting end and the data receiving end, authenticate identities of the data transmitting end and the data receiving end to grant the data transmitting end and the data receiving end access to the transmission system, obtain a data compliance review request for the data transmitting end, perform compliance verification on the battery data and perform security assessment on the data receiving end to determine whether transmission of the battery data is permitted, and obtain a cross-domain transmission request for the battery data initiated by the data transmitting end and transmit the battery data to the data receiving end if transmission of the battery data is permitted.

Computer program code for carrying out operations of the present invention may be written in one or more programming languages, including, but not limited to, an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of remote computers, the remote computer may be connected to the user computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (e.g., connected through the internet using an internet service provider).

The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

The units involved in the embodiments of the present invention may be implemented in software or in hardware. The name of the unit does not in any way constitute a limitation of the unit itself, for example the first acquisition unit may also be described as "unit acquiring at least two internet protocol addresses".

The functions described above herein may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic that may be used include Field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems-on-a-chip (SOCs), complex Programmable Logic Devices (CPLDs), and the like.

In the context of the present invention, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. The machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

The above description is only illustrative of the preferred embodiments of the present invention and of the principles of the technology employed. It will be appreciated by persons skilled in the art that the scope of the disclosure referred to in the present invention is not limited to the specific combinations of technical features described above, but also covers other technical features formed by any combination of the technical features described above or their equivalents without departing from the spirit of the disclosure. Such as the above-mentioned features and the technical features disclosed in the present invention (but not limited to) having similar functions are replaced with each other.

Moreover, although operations are depicted in a particular order, this should not be understood as requiring that such operations be performed in the particular order shown or in sequential order. In certain circumstances, multitasking and parallel processing may be advantageous. Likewise, while several specific implementation details are included in the above discussion, these should not be construed as limiting the scope of the invention. Certain features that are described in the context of separate embodiments can also be implemented in combination in a single embodiment. Conversely, various features that are described in the context of a single embodiment can also be implemented in multiple embodiments separately or in any suitable subcombination.

Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are example forms of implementing the claims.

Claims

1. A battery data transmission method, characterized in that it is applied to a transmission system including a data transmitter, a data receiver, and a data verification terminal, wherein, for the data verification terminal, the transmission method includes:

Obtaining identity authentication requests from the data sending end and the data receiving end, authenticating the identities of the data sending end and the data receiving end, and permitting the data sending end and the data receiving end to access the transmission system;

Obtaining a data compliance review request from the data sending end, performing compliance verification on the battery data, and performing a security assessment on the data receiving end to determine whether to permit transmission of the battery data; and

In a case where the transmission of the battery data is permitted, a cross-domain transmission request for the battery data initiated by the data sending end is obtained, and the battery data is sent to the data receiving end.

2. The transmission method according to claim 1, wherein obtaining identity authentication requests from the data transmitter and the data receiver, authenticating the identities of the data transmitter and the data receiver, and permitting the data transmitter and the data receiver to access the transmission system comprises:

Respectively receiving and authenticating the physical information related to the identities uploaded by the data sender and the data receiver, and performing real-name authentication on the physical information. After the authentication is passed, hashing the public keys of the data sender and the data receiver with the corresponding physical information to generate unique identity identifiers for the data sender and the data receiver respectively;

Based on the unique identity identifiers of the data sender and the data receiver, a digital certificate representing the legal identity of the data sender and the data receiver is generated and issued, so that the data sender and the data receiver can access the transmission system based on the digital certificate.

3. The transmission method according to claim 1, wherein obtaining a data compliance review request from the data sending end, performing data compliance verification on the battery data, and performing a security assessment on the data receiving end to determine whether to permit transmission of the battery data comprises:

Acquire transmission information provided by the data sending end, wherein the transmission information includes the battery data and geographic information of the data receiving end, wherein the battery data is anonymized by the data sending end;

Performing two-way identity authentication with the data sending end based on the digital certificate of the data sending end;

After the two-way identity authentication is passed, the battery data is subjected to data compliance verification including data level, data sensitive information, data volume and degree of anonymization, and the data receiving end is subjected to security assessment including receiving qualifications, receiving capabilities and security protection capabilities based on the geographic information of the data receiving end;

If the data compliance check of the battery data passes and the security assessment of the data receiving end passes, the transmission of the battery data is permitted.

4. The transmission method according to claim 3, wherein the data compliance verification of the battery data, including data level, data sensitivity information, data magnitude, and anonymization degree, comprises:

A rule base including data rules for multiple regions is set, and based on the data rules in the rule base associated with the region where the data sending end is located, the following operations are performed on the battery data:

determining a data level of the battery data;

Determining whether the battery data contains personal information and the sensitivity level of the personal information;

Determine the magnitude of the personal information and the magnitude of personal information that meets a preset sensitivity level;

Determine whether the anonymization processing of the personal information in the battery data complies with preset rules.

5. The transmission method according to claim 3, wherein the security assessment of the data receiving terminal including receiving qualifications, receiving capabilities and security protection capabilities based on the geographic information of the data receiving terminal comprises:

Retrieving the qualification status of the data receiving end through the inter-regional mutual recognition review framework between the data sending end and the data receiving end;

Sending a test data packet to the data receiving end to verify the data interface compatibility and storage encryption capability of the data receiving end, so as to determine whether the data receiving end is deployed with a receiving channel that meets the preset data receiving requirements and a data storage system that meets the preset encryption standards;

Based on a data rule associated with the area where the data receiving terminal is located, it is determined whether the area where the data receiving terminal is located has a data protection mechanism that meets a preset security standard.

6. The transmission method according to claim 1, wherein the step of sending the battery data to the data receiving end comprises:

Acquire a data packet sent by the data sending end, wherein the data packet includes encrypted battery data, a data ID, and a digital signature;

Based on the deployed dedicated data transmission channel, the data packet is sent to the data receiving end, so that the data receiving end decrypts the data packet using the session key between the data receiving end and the data sending end, and verifies the validity of the data signature; and

Respond to the verification request of the data receiving end and verify the legitimacy of the data ID.

7. A battery data transmission device, characterized in that it is applied to a transmission system including a data transmitter, a data receiver, and a data verification terminal, wherein, for the data verification terminal, the transmission device includes:

an authentication unit, configured to obtain identity authentication requests from the data sending end and the data receiving end, authenticate the identities of the data sending end and the data receiving end, and permit the data sending end and the data receiving end to access the transmission system;

a compliance unit, configured to obtain a data compliance review request from the data sending end, perform compliance verification on the battery data, and perform a security assessment on the data receiving end to determine whether to permit transmission of the battery data; and

The sending unit is configured to, when the transmission of the battery data is permitted, obtain a cross-domain transmission request for the battery data initiated by the data sending end, and send the battery data to the data receiving end.

8. A battery data transmission system, characterized in that the transmission system includes a data sending end, a data verification end and a data receiving end, wherein:

The data verification end transmits the battery data provided by the data sending end to the data receiving end using the battery data transmission method described in claims 1-6.

9. An electronic device, comprising:

at least one processor; and

a memory communicatively connected to the at least one processor; wherein,

The memory stores instructions that can be executed by the at least one processor, and the instructions are executed by the at least one processor to enable the at least one processor to execute the battery data transmission method according to any one of claims 1 to 6.

10. A machine-readable storage medium having instructions stored thereon, wherein the instructions are used to enable a machine to execute the battery data transmission method according to any one of claims 1 to 6 of the present application.