Secure data collection method based on entity key authentication and session key encryption

By employing a secure authentication method that combines entity key authentication with session key encryption, this approach addresses the information security risks and significant manpower requirements associated with data collection from autonomous vehicles. It enables secure and efficient data collection and is applicable to both offline and online data collection for intelligent connected vehicles and high-precision maps.

CN115884171BActive Publication Date: 2026-06-26SHANGHAI YOUKA NETWORK TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
SHANGHAI YOUKA NETWORK TECH CO LTD
Filing Date
2022-10-24
Publication Date
2026-06-26

AI Technical Summary

Technical Problem

Existing methods for collecting data from autonomous vehicles suffer from high information security risks, poor flexibility, and require significant manpower when loading data offline to data centers.

Method used

A secure authentication method based on entity key authentication and session key encryption is adopted. A session key is generated through two-way digital authentication, and the session key is used for data encryption and verification to achieve both security and flexibility in data collection.

Benefits of technology

It improves the security and flexibility of data collection, reduces reliance on physical security mechanisms, lowers manpower requirements, and enables safe data collection for intelligent connected vehicles.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN115884171B_ABST
    Figure CN115884171B_ABST
Patent Text Reader

Abstract

The application relates to a secure data collection method based on entity key authentication and session key encryption. Based on the embodiment of the application, the application carries out bidirectional key authentication between two application ends through an entity-based bidirectional key authentication and session key encryption technology, and proposes a data collection method for data encryption based on the secure authentication method of entity key authentication and session key encryption. The data collection method can be used for the secure data collection of automatic driving and high-precision maps of intelligent networked vehicles, and can be used for offline data collection and online data collection. Compared with the existing offline data collection method, the offline data collection method of the application has high security and does not need to rely on the physical security mechanism of data collection personnel. Compared with the existing offline data collection method, the online data collection method of the application does not need to use a special person to transfer a storage device, has small investment, good real-time performance and high security.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This disclosure relates to the field of blockchain technology, and in particular to a secure authentication method, data acquisition method, and data acquisition system based on entity key authentication and session key encryption. Background Technology

[0002] With the continuous updates and iterations of autonomous driving functions, autonomous vehicles utilize various sensors, such as GPS, cameras, millimeter-wave radar, and lidar, to collect massive amounts of data, serving as the raw data source for autonomous driving training and high-precision maps. This data can be used for algorithm training, driving simulation, and the production of high-precision maps in laboratories.

[0003] Because this data contains un-anonymized images and location data of roads, vehicles, pedestrians, and buildings, it is classified as confidential data according to laws and regulations and cannot be transmitted in plaintext. Considering data security compliance requirements, this data is currently primarily loaded into the data center offline, relying heavily on physical security mechanisms. This requires significant personnel investment, lacks flexibility, and poses a high risk to information security. Summary of the Invention

[0004] To address the aforementioned issues, this application proposes a security authentication method, a data acquisition method, and a data acquisition system based on entity key authentication and session key encryption.

[0005] This application proposes a security authentication method based on entity key authentication and session key encryption, comprising the following steps:

[0006] The first user terminal initiates an authentication request to the second user terminal;

[0007] The second user terminal receives and creates a task based on the authentication request, and returns authentication information to the first user terminal;

[0008] The first user terminal receives the authentication information and performs two-way digital authentication with the second user terminal based on the entity key issued by the third user terminal.

[0009] After two-way digital authentication is completed, session keys are generated for the first user terminal and the second user terminal respectively, and task association is performed based on the session keys.

[0010] As an optional implementation of this application, optionally, the second user terminal receives and creates a task according to the authentication request, and returns authentication information to the first user terminal, including:

[0011] The second user terminal receives the authentication request and creates a task based on the authentication request, wherein the task is in an unauthenticated state;

[0012] Once the task is created, the second authentication information is returned to the first client: task ID, task validity period, first data signature SIGNATURE, and server certificate S_CERT.

[0013] As an optional implementation of this application, optionally, the first user terminal receives the authentication information and performs two-way digital authentication with the second user terminal based on the entity key issued by the third user terminal, including:

[0014] After receiving the second authentication information returned by the second user terminal, the first user terminal uses a pre-configured first certificate to authenticate the server certificate S_CERT returned by the second user terminal. After the server certificate S_CERT is verified, the server certificate S_CERT is then used to verify the first data signature SIGNATURE. After the first data signature SIGNATURE is verified, the first user terminal sends the first authentication information to the second user terminal, including the task ID, the first user identifier, the second data signature SIGNATURE, and the first certificate V_CERT.

[0015] After receiving the first authentication information returned by the first user terminal, the second user terminal uses the pre-configured second certificate to authenticate the first certificate V_CERT returned by the first user terminal; after the first certificate V_CERT is verified, the first certificate V_CERT is then used to verify the second data signature SIGNATURE, thus completing the data signature verification between the second user terminal and the first user terminal.

[0016] As an optional implementation of this application, optionally, when the second user terminal authenticates the server certificate V_CERT returned by the first user terminal, it further includes:

[0017] The second user terminal receives the first user identifier;

[0018] Verify whether the first user identifier is in the whitelist of the second user terminal; if so, the authentication of the first user terminal is passed.

[0019] As an optional implementation of this application, after the second user terminal completes the data signature verification with the first user terminal, the method further includes:

[0020] After the second user terminal completes the verification of the second data signature SIGNATURE, if the verification is successful, it generates the public-private key pair (S_SK, S_PK) of the second user terminal and returns S_PK and the third data signature SIGNATURE to the first user terminal.

[0021] The first user terminal receives S_PK and the third data signature SIGNATURE, and verifies the third data signature SIGNATURE using the server certificate S_CERT returned by the second user terminal. After successful verification, the first user terminal saves S_PK, generates a public-private key pair (V_SK, V_PK) for the first user terminal, and sends V_PK and the fourth data signature SIGNATURE to the second user terminal.

[0022] The second user terminal uses the server certificate V_CERT to verify the fourth data signature SIGNATURE, thus completing the public-private key pair verification with the first user terminal.

[0023] As an optional implementation of this application, optionally, after the two-way digital authentication is completed, session keys are generated for the first user terminal and the second user terminal respectively, and task association is performed based on the session keys, including:

[0024] After the second user terminal completes the fourth data signature SIGNATURE verification, if the verification is successful, it will negotiate the key between V_PK and S_SK to generate the first session key, use the first session key to generate the first data verification key and the first data encryption key and associate them with the task ID, set the task to the available state, and return the task creation result to the first user terminal.

[0025] The first user terminal uses V_SK and S_PK to negotiate a key, generate a second session key, and uses the second session key to generate a second data verification key and a second data encryption key, which are then associated with the task ID to prepare for data collection.

[0026] This application also proposes a data acquisition method based on the aforementioned security authentication method using entity key authentication and session key encryption, comprising the following steps:

[0027] The first user terminal executes data collection according to the task ID and obtains the collected data;

[0028] The first user terminal uses the second session key to encrypt and verify the collected data, generating encrypted data and its verification value;

[0029] The first user terminal sends the encrypted data and its verification value to the second user terminal either offline or online.

[0030] As an optional implementation of this application, the first user terminal may optionally encrypt and verify the collected data using a second session key, and store the encrypted data and verification value, including:

[0031] The first user terminal uses the second data encryption key in the second session key associated with the task ID to encrypt the collected data, generate encrypted data, and store the encrypted data.

[0032] The first user terminal uses the second data verification key in the second session key associated with the task ID to verify the collected data, generate the verification value, and store the verification value.

[0033] As an optional implementation of this application, it may also include:

[0034] The second user terminal receives encrypted data and verification values ​​sent by the first user terminal;

[0035] The second user terminal uses the first data verification key associated with the task ID to verify the verification value of the encrypted data;

[0036] After successful verification, the second user terminal uses the first data encryption key associated with the task ID to decrypt or re-encrypt the encrypted data.

[0037] In another aspect, this application also proposes a data acquisition system, comprising:

[0038] processor;

[0039] Memory used to store processor-executable instructions;

[0040] The processor is configured to implement the data acquisition method described above when executing the executable instructions.

[0041] Technical effects of the present invention:

[0042] Based on the implementation scheme of this application, this application proposes a data acquisition method based on entity-based two-way key authentication and session key encryption technology to perform two-way key authentication between two application terminals. This secure authentication method, based on entity key authentication and session key encryption, can be used for secure data acquisition in autonomous driving and high-precision maps of intelligent connected vehicles. It can be used for both offline and online data acquisition. Compared with existing offline data acquisition methods, the offline data acquisition method of this invention offers higher security and does not rely on physical security mechanisms for data acquisition personnel. Compared with existing offline data acquisition methods, the online data acquisition method of this invention does not require dedicated personnel to transfer storage devices, resulting in lower investment, better real-time performance, and higher security.

[0043] Other features and aspects of this disclosure will become clear from the following detailed description of exemplary embodiments with reference to the accompanying drawings. Attached Figure Description

[0044] The accompanying drawings, which are included in and form part of this specification, illustrate exemplary embodiments, features, and aspects of this disclosure together with the specification and serve to explain the principles of this disclosure.

[0045] Figure 1 The diagram illustrates the main relationships within the digital certificate system of this invention.

[0046] Figure 2 The diagram shows a dynamic key negotiation mechanism for the security authentication method of the present invention.

[0047] Figure 3 The diagram shown is a schematic representation of the overall data acquisition process of this invention.

[0048] Figure 4 The diagram shows a flowchart of the data acquisition method of the present invention.

[0049] Figure 5 The diagram shows a flowchart illustrating the data acquisition task performed by the vehicle of the present invention.

[0050] Figure 6 The diagram illustrates the process of vehicle data transmission according to the present invention. Detailed Implementation

[0051] Various exemplary embodiments, features, and aspects of this disclosure will now be described in detail with reference to the accompanying drawings. The same reference numerals in the drawings denote elements that have the same or similar functions. Although various aspects of the embodiments are shown in the drawings, they are not necessarily drawn to scale unless specifically indicated otherwise.

[0052] The term “exemplary” as used herein means “serving as an example, embodiment, or illustration.” Any embodiment illustrated herein as “exemplary” is not necessarily to be construed as superior to or better than other embodiments.

[0053] Furthermore, to better illustrate this disclosure, numerous specific details are set forth in the following detailed description. Those skilled in the art will understand that this disclosure can be practiced without certain specific details. In some instances, methods, means, components, and circuits well known to those skilled in the art have not been described in detail in order to highlight the main points of this disclosure.

[0054] In this embodiment, the first user terminal, the second user terminal, and the third user terminal can be any application entity, and the authentication process among the three is not limited to the order in which they are initiated in this embodiment.

[0055] This invention designs a secure data acquisition method based on entity key authentication and session key encryption. This secure data acquisition method can be used for secure data acquisition of autonomous driving and high-precision maps in intelligent connected vehicles. It can be used for both offline and online data acquisition.

[0056] Example 1

[0057] This application proposes a data acquisition method based on entity-based two-way key authentication and session key encryption technology to perform two-way key authentication between two application terminals. It also proposes a data encryption method that can be used for secure data acquisition of autonomous driving and high-precision maps in intelligent connected vehicles. It can be used for both offline and online data acquisition.

[0058] This application proposes a security authentication method based on entity key authentication and session key encryption, comprising the following steps:

[0059] The first user terminal initiates an authentication request to the second user terminal;

[0060] The second user terminal receives and creates a task based on the authentication request, and returns authentication information to the first user terminal;

[0061] The first user terminal receives the authentication information and performs two-way digital authentication with the second user terminal based on the entity key issued by the third user terminal.

[0062] After two-way digital authentication is completed, session keys are generated for the first user terminal and the second user terminal respectively, and task association is performed based on the session keys.

[0063] like Figure 1 As shown in this embodiment, the first user terminal is an autonomous vehicle, the second user terminal is an autonomous driving cloud server, and the third user terminal is an authoritative institution that can issue certificates based on national or international cryptographic algorithms to both autonomous vehicles and autonomous driving cloud servers. The security mechanism of this invention includes two parts: entity-based two-way key authentication and session key encryption. The entity-based two-way key authentication uses digital certificates based on national or international cryptographic algorithms, which are issued by authoritative institutions within the autonomous driving industry or enterprises to both autonomous vehicles and autonomous driving cloud servers. Simultaneously, the autonomous vehicles and autonomous driving cloud servers also have built-in certificates from the authoritative institution. When an autonomous vehicle and an autonomous driving cloud server establish a session, the validity of the digital certificates needs to be verified through two-way authentication.

[0064] like Figure 2As shown, the session key encryption employs a dynamic key negotiation mechanism. The autonomous vehicle and the autonomous driving cloud server each generate a public-private key pair based on either Chinese or international cryptographic algorithms, and then use the key negotiation algorithm to generate the session key. Data from the autonomous driving system and the high-precision map are encrypted and decrypted using this session key.

[0065] like Figure 3 The diagram shown illustrates the overall data acquisition process. Data acquisition comprises three stages: the data acquisition task creation stage, the data acquisition task execution stage, and the data acquisition task transmission stage. The data acquisition task transmission stage is further divided into real-time transmission and offline transmission.

[0066] First, it is necessary to establish two-way authentication and create a data collection task.

[0067] like Figure 4 As shown, before the vehicle is ready to perform a data collection task, it first requests activation authentication from the autonomous driving cloud server. Upon receiving the authentication request, the autonomous driving cloud server begins creating the task.

[0068] like Figure 4 As shown, specifically:

[0069] The autonomous driving cloud server creates a task, which is in an uncertified state, and returns the task ID, task validity period, data signature SIGNATURE1, and server certificate S_CERT.

[0070] The vehicle uses a certificate from an authoritative organization to verify S_CERT. After the verification is successful, S_CERT is used to verify SIGNATURE1. After the verification is successful, the vehicle sends vehicle authentication information to the autonomous driving cloud server, including the task ID, vehicle VIN number, data signature SIGNATURE2, and vehicle certificate V_CERT.

[0071] The autonomous driving cloud server uses a certificate from an authoritative organization to verify V_CERT and determine whether the vehicle's VIN number is in the whitelist. After successful verification, V_CERT is used to verify SIGNATURE2. After successful verification, the autonomous driving cloud server generates a session public-private key pair (S_SK, S_PK) on the server side and returns S_PK and the data signature SIGNATURE3 to the vehicle.

[0072] The vehicle uses S_CERT to verify SIGNATURE3. After successful verification, the vehicle saves S_PK and generates a session public-private key pair (V_SK, V_PK) on the vehicle side. It then sends V_PK and the data signature SIGNATURE4 to the autonomous driving cloud server.

[0073] The autonomous driving cloud server uses V_CERT to verify SIGNATURE4. After successful verification, it negotiates the key between V_PK and S_SK to generate a session key. It then uses the session key to generate a data verification key and a data encryption key, associates them with the task ID, sets the task to an available state, and returns the data acquisition task establishment result to the vehicle.

[0074] The vehicle uses V_SK and S_PK to negotiate a key, generate a session key, and then uses the session key to generate a data verification key and a data encryption key, which are associated with the task ID to prepare for data collection.

[0075] Therefore, in establishing communication between the vehicle and the server, two-way digital certificate authentication, two-way public-private key pair signature authentication, and session key association with task ID are adopted. This facilitates the encryption and decryption of data through the session key when executing tasks, achieving multi-party authentication and secure data transmission.

[0076] It should be noted that although the above two-way authentication method is illustrated using the example of a vehicle initiating authentication with a cloud server, those skilled in the art will understand that this disclosure is not limited to this. In fact, users can flexibly set the order of initiating authentication according to actual application scenarios, as long as the technical functions of this application can be implemented according to the above-described multi-authentication task association technology method.

[0077] Example 2

[0078] Based on the implementation principle of Embodiment 1, this application also proposes a data acquisition method based on the above-described security authentication method based on entity key authentication and session key encryption, comprising the following steps:

[0079] The first user terminal executes data collection according to the task ID and obtains the collected data;

[0080] The first user terminal uses the second session key to encrypt and verify the collected data, generating encrypted data and its verification value;

[0081] The first user terminal sends the encrypted data and its verification value to the second user terminal either offline or online.

[0082] like Figure 5 As shown, after establishing an encrypted channel between the vehicle and the cloud server, the vehicle can perform information collection tasks. The vehicle performs data collection tasks; it encrypts the collected data using the data encryption key in the session key associated with the task ID, and verifies the data using the data verification key.

[0083] As an optional implementation of this application, the first user terminal may optionally encrypt and verify the collected data using a second session key, and store the encrypted data and verification value, including:

[0084] The first user terminal uses the second data encryption key in the second session key associated with the task ID to encrypt the collected data, generate encrypted data, and store the encrypted data.

[0085] The first user terminal uses the second data verification key in the second session key associated with the task ID to verify the collected data, generate the verification value, and store the verification value.

[0086] As an optional implementation of this application, it may also include:

[0087] The second user terminal receives encrypted data and verification values ​​sent by the first user terminal;

[0088] The second user terminal uses the first data verification key associated with the task ID to verify the verification value of the encrypted data;

[0089] After successful verification, the second user terminal uses the first data encryption key associated with the task ID to decrypt or re-encrypt the encrypted data.

[0090] After data acquisition, the task transmission phase begins:

[0091] 1. The vehicle uploads the mission ID and encrypted data to the autonomous driving cloud server either offline or online;

[0092] 2. The autonomous driving cloud server determines whether the task ID is valid and uses the data verification key in the associated session key to verify it. After verification, it uses the data encryption key to decrypt or re-encrypt it.

[0093] Combined with appendix Figure 6 As shown, the vehicle will collect data, encrypt it, and then send it to the autonomous driving cloud server. At this time, the cloud server uses the Share Key of the associated ID to verify and decrypt the data.

[0094] In addition to decryption, it can also be converted to encryption. Conversion to encryption can be done by using the encryption methods described above to encrypt the received encrypted data a second time before sending it to a third party or other entity.

[0095] Therefore, the safe data acquisition method used for autonomous driving and high-precision maps in intelligent connected vehicles can be used for both offline and online data acquisition. Compared with existing offline data acquisition methods, the offline data acquisition method of this invention offers higher security and does not rely on physical security mechanisms for data acquisition personnel. Compared with existing offline data acquisition methods, the online data acquisition method of this invention does not require dedicated personnel to transfer storage devices, resulting in lower investment, better real-time performance, and higher security.

[0096] Obviously, those skilled in the art should understand that all or part of the processes in the methods of the above embodiments can be implemented by a computer program instructing related hardware. The program can be stored in a computer-readable storage medium, and when executed, it can include the processes of the embodiments of the control methods described above. The modules or steps of the present invention described above can be implemented using general-purpose computing devices. They can be centralized on a single computing device or distributed across a network of multiple computing devices. Optionally, they can be implemented using computer-executable program code, thereby storing them in a storage device for execution by a computing device, or fabricating them separately as individual integrated circuit modules, or fabricating multiple modules or steps into a single integrated circuit module. Thus, the present invention is not limited to any specific hardware and software combination.

[0097] Those skilled in the art will understand that all or part of the processes in the methods of the above embodiments can be implemented by a computer program instructing related hardware. The program can be stored in a computer-readable storage medium, and when executed, it can include the processes of the embodiments of the control methods described above. The storage medium can be a magnetic disk, optical disk, read-only memory (ROM), random access memory (RAM), flash memory, hard disk drive (HDD), or solid-state drive (SSD), etc.; the storage medium can also include combinations of the above types of memory.

[0098] Example 3

[0099] Furthermore, this application also proposes a data acquisition system, comprising:

[0100] processor;

[0101] Memory used to store processor-executable instructions;

[0102] The processor is configured to implement the data acquisition method described above when executing the executable instructions.

[0103] The data acquisition system disclosed herein includes a processor and a memory for storing processor-executable instructions. The processor is configured to implement, when executing the executable instructions, any of the previously described secure data acquisition methods based on entity key authentication and session key encryption.

[0104] It should be noted here that the number of processors can be one or more. Furthermore, the data acquisition system of this embodiment may also include input devices and output devices. The processors, memory, input devices, and output devices can be connected via a bus or other means, without specific limitations herein.

[0105] As a computer-readable storage medium, the memory can be used to store software programs, computer-executable programs, and various modules, such as the program or module corresponding to the secure data acquisition method based on entity key authentication and session key encryption according to embodiments of this disclosure. The processor executes various functional applications and data processing of the data acquisition system by running the software program or module stored in the memory.

[0106] Input devices can be used to receive input digital numbers or signals. These signals can be key signals related to user settings and function control of the device / terminal / server. Output devices can include display devices such as screens.

[0107] The various embodiments of this disclosure have been described above. These descriptions are exemplary and not exhaustive, and are not limited to the disclosed embodiments. Many modifications and variations will be apparent to those skilled in the art without departing from the scope and spirit of the described embodiments. The terminology used herein is chosen to best explain the principles, practical applications, or technical improvements to the technology in the market, or to enable others skilled in the art to understand the embodiments disclosed herein.

Claims

1. A data acquisition method for offline or online acquisition of safety data for autonomous driving and high-precision maps of intelligent connected vehicles, characterized in that, The data acquisition method is implemented based on a security authentication method that combines entity key authentication and session key encryption, wherein: (1) The security authentication method includes the following steps: The first user terminal initiates an authentication request to the second user terminal; The second user terminal receives and creates a task according to the authentication request, and returns authentication information to the first user terminal, including: the second user terminal receives the authentication request, creates a task according to the authentication request, wherein the task is in an unauthenticated state; after the task is created, it returns second authentication information to the first user terminal: task ID, task validity period, first data signature, and server certificate. The first user terminal receives the authentication information and performs bidirectional digital authentication with the second user terminal based on the entity key issued by the third user terminal. This includes: after receiving the second authentication information returned by the second user terminal, the first user terminal authenticates the server certificate returned by the second user terminal using a pre-configured first certificate; after the server certificate verification is successful, the server certificate is then used to verify the first data signature; after the first data signature verification is successful, the first user terminal sends the first authentication information to the second user terminal, including the task ID, the first user identifier, the second data signature, and the first certificate; after receiving the first authentication information returned by the first user terminal, the second user terminal authenticates the first certificate returned by the first user terminal using a pre-configured second certificate; the second user terminal receives the first user identifier and verifies whether the first user identifier is in the whitelist of the second user terminal. The first user terminal is authenticated. After the second user terminal completes the verification of the second data signature, if successful, it generates a public-private key pair (S_SK, S_PK) and returns S_PK and the third data signature to the first user terminal. The first user terminal receives S_PK and the third data signature and verifies the third data signature using the server certificate returned by the second user terminal. After successful verification, the first user terminal saves S_PK, generates a public-private key pair (V_SK, V_PK), and sends V_PK and the fourth data signature to the second user terminal. The second user terminal uses the server certificate to verify the fourth data signature, completing the public-private key pair verification with the first user terminal. After the first certificate verification is successful, the first certificate is used to verify the second data signature, completing the data signature verification with the first user terminal. After two-way digital authentication is completed, session keys are generated for the first and second user terminals respectively, and task association is performed based on the session keys. This includes: after the second user terminal completes the fourth data signature verification, if the verification is successful, it negotiates the key between V_PK and S_SK to generate a first session key, uses the first session key to generate a first data verification key and a first data encryption key and associates them with the task ID, sets the task to an available state, and returns the task establishment result to the first user terminal; the first user terminal negotiates the key between V_SK and S_PK to generate a second session key, uses the second session key to generate a second data verification key and a second data encryption key and associates them with the task ID, and prepares for data collection. (2) The data acquisition method includes the following steps: The first user terminal executes data collection according to the task ID and obtains the collected data; The first user terminal uses the second session key to encrypt and verify the collected data, generating encrypted data and its verification value; The first user terminal sends the encrypted data and its verification value to the second user terminal via offline or online methods; The second user terminal uses a certificate from an authoritative authority to verify the first user terminal's VIN number and determine whether it is in the whitelist. After the verification is successful, the second user terminal uses the certificate to verify the second data signature. After the verification is successful, the second user terminal generates a session public-private key pair (S_SK, S_PK) for the server and returns S_PK and the third data signature to the first user terminal. The first client uses the server certificate to verify the third data signature. After successful verification, the first client saves the S_PK and generates a session public-private key pair (V_SK, V_PK) for the first client. The first client then sends the V_PK and the fourth data signature to the second client.

2. The data acquisition method according to claim 1, characterized in that, The first user terminal uses a second session key to encrypt and verify the collected data, and stores the encrypted data and verification value, including: The first user terminal uses the second data encryption key in the second session key associated with the task ID to encrypt the collected data, generate encrypted data, and store the encrypted data. The first user terminal uses the second data verification key in the second session key associated with the task ID to verify the collected data, generate the verification value, and store the verification value.

3. The data acquisition method according to claim 2, characterized in that, Also includes: The second user terminal receives encrypted data and verification values ​​sent by the first user terminal; The second user terminal uses the first data verification key associated with the task ID to verify the verification value of the encrypted data; After successful verification, the second user terminal uses the first data encryption key associated with the task ID to decrypt or re-encrypt the encrypted data.

4. A data acquisition system, characterized in that, include: processor; Memory used to store processor-executable instructions; The processor is configured to implement the data acquisition method according to any one of claims 1 to 3 when executing the executable instructions.