METHOD FOR CONFIDENTIALLY PROCESSING DATA OF A VEHICLE

Abstract

The present invention concerns a method for confidentially processing the kinematic data of a vehicle (210), in particular a method for classifying this data in order to determine the driving style of the vehicle while respecting the confidentiality of the data in question. The data is encrypted (254) by the vehicle by means of a symmetric encryption algorithm using a secret key generated (251) by the vehicle. This secret key is encrypted (252) by the vehicle by means of a homomorphic asymmetric encryption algorithm by using the public key of a vehicle service provider (240). The data encrypted by means of the secret key, and the homomorphically encrypted secret key, are transmitted (253, 255) by the vehicle to an access point that transcrypts (261) them and transmits (262) the homomorphically encrypted data to a calculation platform (230). The platform performs (271) the confidential processing operation in the homomorphic domain and transmits (272) the homomorphically encrypted results to the server of the vehicle service provider (240).

Claims

1. A method for confidentially processing data of a vehicle, the kinematic data being transmitted by an on-board gateway of the vehicle to an access point of a network external to the latter and the processing result being transmitted to a server of a service provider, the provider having generated a private key-public key pair of a homomorphic encryption asymmetric cryptosystem, wherein: the vehicle generates a secret key of a symmetric encryption cryptosystem and encrypts said secret key by means of the homomorphic encryption public key; the vehicle encrypts said data by means of the symmetric encryption secret key; the vehicle transmits the homomorphically encrypted secret key as well as the data thus encrypted to the access point, said access point performing a second encryption of the data thus encrypted, by means of the homomorphic encryption public key, to obtain doubly encrypted data and then, by means of the homomorphically encrypted secret key, a decryption of the doubly encrypted data in the homomorphic domain, to obtain homomorphically encrypted data, and transmitting them to a computing platform; the computing platform performs, in the homomorphic domain, processing of the data received from the access point and transmits the processing result, in homomorphically encrypted form, to the server of the service provider.

2. The method for confidentially processing data of a vehicle according to claim 1, wherein the confidential processing is a classification of said data, the processing result giving one of a plurality of predetermined classes to which said data belong, or the respective probabilities that said data belong to those predetermined classes.

3. The method for confidentially processing data of a vehicle according to claim 2, wherein the classification is a hyperplane classification, each hyperplane being defined by an affine function in the cleartext domain.

4. The method for confidentially processing data of a vehicle according to claim 2, wherein said data comprises kinematic data of the vehicle.

5. The method for confidentially processing data of a vehicle according to claim 4, wherein the predetermined classes are driving dangerousness classes of the vehicle.

6. The method for confidentially processing data of a vehicle according to claim 4, wherein the classification is obtained by a classification function comprising, as an argument, the kinematic data of a plurality of vehicles.

7. The method for confidentially processing data according to claim 1, wherein the symmetric encryption is a key stream encryption.

8. The method for confidentially processing data of a vehicle according to claim 1, wherein the symmetric encryption by the secret key of said data is performed by means of the on-board gateway.

9. The method for confidentially processing data of a vehicle according to claim 1, wherein the on-board gateway is configured to establish a Wi-Fi connection, or according to a 3G/4G/5G telephone standard, with the access point.

Description

BRIEF DESCRIPTION OF THE FIGURES

[0023] Further characteristics and advantages of the invention will become apparent upon reading a preferential embodiment of the invention, described with reference to the accompanying figures, among which:

[0024] FIG. 1 schematically represents the architecture of a network in which the method for confidentially processing data of a vehicle according to one embodiment of the invention can be implemented;

[0025] FIG. 2 schematically represents exchanges between entities of the network of FIG. 1 upon implementing a method for confidentially processing the data of a vehicle according to one embodiment of the invention;

[0026] FIG. 3 schematically represents an alternative of exchanges between network entities upon implementing a method for confidentially processing data of a vehicle according to one embodiment of the invention.

DESCRIPTION OF THE EMBODIMENTS

[0027] In the following, a vehicle equipped with on-board sensors and able to connect to a vehicular network via a gateway will be considered.

[0028] On-board sensors are typically sensors of vehicle position (GPS receiver, for example), speed and acceleration along different axes, vehicle wheel rotation speed, etc., capable of measuring kinematic parameters of the vehicle. Furthermore, other types of on-board sensors can also be provided, such as sensors for instantaneous vehicle consumption, gear shift, brake temperature etc. The measurements of these sensors are digitised and, if necessary, pre-processed (for example by means of data compression) within the vehicle.

[0029] The various sensors are connected to an inner network of the vehicle. This inner network can communicate with an external communication infrastructure by means of an on-board gateway. The gateway in question may, for example, use Wi-Fi technology (IEEE 80211) or versions adapted to vehicular communications, such as IEEE 802.11p (in the United States) and ETSI ITS-G5 (in Europe), provided for future Cooperative Intelligent Transport Systems or C-ITS. Alternatively, it may use a 3G/4G/5G mobile phone standard. If necessary, if the vehicle is not equipped with a Wi-Fi or mobile phone gateway, a dongle including a Wi-Fi transceiver or in accordance with one of the above standards can be plugged into an ODB2 (On Board Diagnostic) socket of the vehicle.

[0030] The data from various sensors of the vehicle can be transmitted to the external communication infrastructure as they are generated or stored in a temporary memory in the vehicle and then transferred massively or even in increments. These data are then processed confidentially by a remote server as will be seen later.

[0031] FIG. 1 schematically represents a network architecture in which a method for confidentially processing vehicle parameters can be implemented.

[0032] The gateway 110, on-board the vehicle 100, can establish a link with an access point AP, 120, whether it is a Wi-Fi terminal or a base station (BTS, node B, etc.) of a mobile phone network.

[0033] In current systems, data from a vehicle are transmitted directly to a Vehicle Service Provider (VSP) server, 130, as indicated by a dashed line in the figure. The service provider thus receives the cleartext data and can perform statistics, classify driving types, perform diagnostics, make predictions, determine a driver's responsibility in the event of an accident, etc. For example, the service provider may be an insurer using these data to determine the insurance premium depending on the driving type of the vehicle. However, these data are particularly sensitive and can be intercepted by a malicious third party.

[0034] A first solution is to encrypt data before transmitting them to the service provider. However, this measure is not entirely satisfactory as the driver may not wish to communicate confidential data to the service provider.

[0035] According to the present invention, it is suggested to introduce a computing platform (cloud computing), 150, which is responsible for performing the data processing confidentially on behalf of the server VSP and providing the VSP with only the result of this processing.

[0036] More specifically, the vehicle encrypts data by means of symmetric encryption, preferably stream encryption, using a secret key K.sub.sym.sup.car. It further encrypts this secret key by homomorphic encryption, by means of the public key HE.pk.sub.pub.sup.vsp, of a homomorphic encryption asymmetric cryptosystem whose private key—public key pair (HE.sk.sup.vsp, HE.pk.sup.vsp), is specific to the VSP. The access point then performs a trans-encryption of the data by decoding them in the homomorphic domain and transmits them to the computing platform. The computing platform then performs the corresponding processing of these data in the homomorphic domain before transmitting them to the server VSP.

[0037] FIG. 2 schematically represents exchanges between entities of the network of FIG. 1 when a method for confidentially processing data of a vehicle is implemented according to one embodiment of the invention.

[0038] It is first assumed that the vehicle service provider, 240, has previously generated a private key—public key pair (HE.sk.sup.vsp, HE.pk.sup.vsp) of an asymmetric homomorphic cryptosystem and has broadcast the public key to the vehicle 210, the access point 220 and the computing platform, 230.

[0039] The vehicle generates in 251 a secret key K.sub.car.sup.sym of a symmetric encryption cryptosystem. Advantageously, this symmetric encryption is a stream encryption, in other words a key stream generated by means of the symmetric key is added by means of an XOR operation to the cleartext binary data. The vehicle encrypts the secret key by means of the public key of the homomorphic cryptosystem in 252, and transmits the key thus encrypted Enc(HE.pk.sup.vsp, K.sub.sym.sup.car) to the access point in 253. Furthermore, the vehicle performs a first encryption of the data, D, in 254 by means of this same secret key, namely Enc(K.sub.sym.sup.car, D), and transmits them thus encrypted to the access point in 255.

[0040] In step 261, the access point performs a trans-encryption of the data in the homomorphic domain. In other words, the access point first encrypts the already encrypted data, Enc(K.sub.sym.sup.car, D) a second time by means of the public key of the homomorphic cryptosystem, to obtain doubly encrypted data Enc(HE.pk.sup.vsp, Enc(K.sub.sym.sup.car, D)). It then performs decryption of the doubly encrypted data in the homomorphic domain, by means of the homomorphically encrypted secret key Enc(K.sub.sym.sup.car, D)). A description of this trans-encryption operation can be found in the patent application published under number FR-A-3060165 in the name of the present Applicant. Following the trans-encryption operation, the access point has the data of a vehicle encrypted in the homomorphic domain, Enc(HE.pk.sup.vsp, D), and transmits them, in 262, to the computing platform. It is important to note that the trans-encryption operation is carried out by the access point and not by the computing platform itself. This delegation of trans-encryption makes it possible, among other things, not to overload the computing platform. The platform only needs to know the public keys of the homomorphic cryptosystems of the different vehicle service provider servers, which are far fewer in number than the number of (symmetric keys of) the vehicles.

[0041] In step 271, the computing platform performs data processing in the homomorphic domain. Specifically, the computing platform performs a classification operation on data in the homomorphic domain using a classification model, as described in detail below. The classification model may have been obtained in a supervised manner using a learning database or it may have been constructed in an unsupervised manner (especially by means of simple clustering).

[0042] For example, the classification model will be able to evaluate the driving style of the vehicle and its membership of different dangerousness classes C.sub.1, C.sub.2, . . . , C.sub.K. The result of the classification can be provided to the server VSP in the form of a vector, known as a membership vector, of K homomorphically encrypted components, each of which represents the membership of a class (binary value) or the probability of membership of that class (for example dyadic fraction).

[0043] The membership vector is transmitted to the server VSP in 272. The latter decrypts the components by means of its private key HE.sk.sup.vsp in 273.

[0044] The person skilled in the art will understand that the method for processing data of a vehicle can be readily updated. Since the processing is carried out by the computing platform, it is sufficient to modify the corresponding processing function in the homomorphic domain in this server. In particular, it is not necessary to update software in all vehicles that subscribe to the service. Further, the processing function (for example the classification function) can take account of the data of several vehicles, as long as they are encrypted with the same homomorphic public key HE.pk.sup.vsp. This is advantageous when comparing the behaviour of two vehicles at the same location (for example in the context of an accident) or when the classification model is trained in an unsupervised manner. Finally, it should be noted that the server VSP does not have direct access to the kinematic data of the vehicle, which are confidential in nature, but only to the processing result, for example the result of the classification of the vehicle driving, by means of a classification function ƒ.

[0045] The classification function ƒ is evaluated in the homomorphic domain as follows:

[00001]$\begin{array}{cc}\left[R\right]=f\left(\left[D\right],\left\{\left[p_i\right],i=1,.Math.,N\right\}\right)& \left(1\right)\end{array}$

where for the sake of brevity [x]=Enc=(He.pk, x) is the classification result (for example the membership vector) and P.sub.i, i=1, . . . , N are the parameters (in cleartext) of the classification function. It is assumed that the set of homomorphically encrypted parameters has been provided to the computing platform beforehand.

[0046] This evaluation is possible in the homomorphic domain as long as the function ƒ is a linear or polynomial function, of the data to be classified.

[0047] As an example of a polynomial (quadratic) classification, a Gaussian classifier can be mentioned.

[0048] As an example of a linear function, a hyperplane classifier can be mentioned.

[0049] The case of a hyperplane classifier is illustrated below for a 2-dimension space. The data D are then 2-dimension vectors (for example acceleration along two axes), D=(x, y).

[0050] For example, a class can be defined by the intersection of 2 half-spaces delimited by hyperplanes, expressed in the cleartext domain by:

[00002]$\begin{array}{cc}{a}_{1}x+b_{1}y\ge c_1{a}_{2}x+b_{2}y\ge c_2& \left(2\right)\end{array}$

where a.sub.1, b.sub.1, c.sub.1, a.sub.2, b.sub.2, c.sub.2 are the parameters of the classification function in the cleartext domain.

[0051] The classification function in the homomorphic domain is based on computing the result [R]=([r.sub.1], [r.sub.2]), defined by:

[00003]$\begin{array}{cc}\left[r_1\right]=\left[a_1\right]\left[x\right]+\left[b_1\right]\left[y\right]-\left[c_1\right]\left[r_2\right]=\left[a_2\right]\left[x\right]+\left[b_2\right]\left[y\right]-\left[c_2\right]& \left(3\right)\end{array}$

where all algebraic operations are defined here in the homomorphic domain.

[0052] The position of the piece of data D with respect to the two hyperplanes makes it possible to determine the class to which it belongs. Thus, for example, if [r.sub.1]≥0, and [r.sub.2]≥0, the piece of data D will belong to a first class C.sub.1 and, conversely, if [r.sub.1]≤0 or [r.sub.2]≤0, the piece of data will belong to a second class C.sub.2. The comparison of results in the homomorphic domain can be performed by means of Boolean circuits for the operator “>” (greater than) on binary representations of encrypted data, as described in the paper by J. Garay et al. entitled “Practical and secure solutions for integer comparison” published in T. Okamoto and X. Wang, editors, Public Key Cryptography—PKC 2007, volume 4450 of Lecture Notes in Computer Science, pages 330-342. Springer Berlin, Heidelberg, 2007.

[0053] Alternatively, it is possible to use a non-linear and non-polynomial classification function (for example neural network classification) especially when such a function can be approximated locally by a polynomial function (for example Taylor series). An example of secure neural network classification can be found in the paper by N. Dowlin et al. entitled “CryptoNets: applying neural networks to encrypted data with high throughput and accuracy”, available at research.microsoft.com/apps/pubs/default.aspx?id.

[0054] The method for confidentially processing data of a vehicle has been described in connection with a single vehicle, an access point, a computing platform and a vehicle service provider server. However, in practice the method involves a large number of vehicles and access points as well as several computing platforms and servers VSP. This situation is schematically illustrated in FIG. 3.

[0055] A plurality of vehicles V.sub.1, . . . , V.sub.M, a plurality of access points AP.sub.1, . . . , AP.sub.Q, a plurality of computing platforms CP.sub.1, . . . , CP.sub.U, as well as a plurality of vehicle service provider servers VSP.sub.1, . . . , VSP.sub.L, are represented in FIG. 3.

[0056] As a general rule, a computing platform can be shared by several service providers, in other words L<U. The homomorphic public keys of the service providers are broadcast to the computing platforms that can perform processing on behalf of these providers. In other words, a computing platform CP.sub.u stores all the homomorphic public keys HE.pk.sub.l of the servers VSP.sub.l likely to send it processing requests. Alternatively, this set of homomorphic public keys can be stored in a key base, whether distributed or not. In this case, the computing platform that does not have a key HE.pk.sub.l can download it from the key base in question by means of its reference.

[0057] An access point can store the different homomorphic public keys of the service providers, each vehicle then transmitting the reference of the homomorphic public key used, by means of a simple auxiliary indication if necessary. Alternatively the homomorphic public key can be provided to the access point by the vehicle itself. For example, if the access point does not have the homomorphic public key corresponding to this reference, it can be obtained from the vehicle.

[0058] A vehicle has, as a general rule, the homomorphic public keys of the service providers to which it subscribes, for example that of its insurance, the vehicle hire agency's insurance, the vehicle manufacturer, the vehicle maintenance company. As indicated previously, the vehicle can transmit, further to the data encrypted by the key, and the homomorphically encrypted symmetric key, the reference of the homomorphic public key it used to encrypt the symmetric key. This reference is then transmitted with the encrypted data to the computing platform, which can then find the homomorphic public key in question or even download it from the key base.