Methods for encrypted communication between computer systems and vehicles
The method uses RSA key pairs and AES temporary keys for secure encrypted communication in machine learning systems, addressing cybersecurity and data protection challenges by ensuring secure data transmission and processing with minimal hardware effort.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Patents
- Current Assignee / Owner
- MERCEDES BENZ GROUP AG
- Filing Date
- 2024-04-11
- Publication Date
- 2026-06-17
AI Technical Summary
Existing methods for encrypted communication in machine learning systems face challenges in ensuring advanced cybersecurity and data protection, particularly in multi-party computing scenarios, where the risk of information leakage and model accuracy reduction are significant.
A method involving RSA key pairs and AES temporary keys is used for encrypted communication between computing units, where training data is encrypted with a first AES temporary key, and the key is further encrypted with a private key, allowing decryption only by a matching public key, thus ensuring secure data transmission and processing without the need for complex key exchange.
This approach provides secure and efficient data processing with reduced risk of data leakage, requiring minimal hardware configuration and lower effort, while maintaining data protection and enabling secure transmission of training and result data.
Smart Images

Figure 0007875393000001 
Figure 0007875393000002
Abstract
Description
Technical Field
[0001] The present invention relates to a method for encrypted communication between computer systems and to vehicles.
Background Art
[0002] Machine learning is often used in practice to generate prediction models for applications such as image processing, speech recognition, and character recognition. At this time, a large amount of data is collected and processed over a long period of time. However, this large-scale data collection can raise concerns about data protection. Therefore, appropriate measures need to be taken to protect the privacy of users in relation to the generation of training data for machine learning. This applies particularly to so-called multi-party computing in which a machine learning model is trained based on data generated by a large number of different users.
[0003] The following Patent Document 1 discloses a method for machine learning under privacy protection. At this time, personal information secretly shared by a plurality of data clients is stored in K training computers. The values of a set of d weights W for machine learning are initialized, and at this time, the weights are secretly shared among the K training computers. The weights and feature amounts are small numerical values, and these are shifted and stored as integers. The drawback in this case is that differential data protection may significantly reduce model accuracy by eliminating and quantifying the probability of information leakage.
[0004] Furthermore, Patent Document 2 below discloses a privacy-preserving system for training data for machine learning. This system discloses the anonymization of sensor data, thereby simplifying machine learning without revealing the IDs of the users involved. During operation, the system receives encrypted sensor data via a gateway server, where the encrypted sensor data includes a client identifier, which corresponds to the user or client device involved and is replaced by a device masker (Geraete-Maskierer) with an anonymized identifier for machine learning. The drawback here is that the key generator, gateway server, and device masker contain all security-related information, including the keys generated for encryption and decryption, personally identifiable data, and the aforementioned client identifier. Therefore, the key generator, gateway server, and device masker must be authenticated as trusted third parties and participate as third parties within the system that must be specially protected. This increases the effort required and makes them targets for attacks, and should be considered a weakness in data security.
[0005] Furthermore, Patent Document 3 discloses a system and method for collecting, analyzing, and sharing biosignal data and non-biosignal data. In this system, the user's brainwaves are measured using EEG. By analyzing the brainwaves, patterns can be identified, and these patterns are used to generate encryption keys. These encryption keys can be used, for example, to encrypt and / or decrypt data in an asymmetric encryption scheme. The processed data is protected from unauthorized access by a username and password.
[0006] Furthermore, hybrid encryption techniques are also known, where symmetric and asymmetric encryption techniques are combined. In this case, asymmetric encryption requires the exchange of two different asymmetric key pairs between the group sending the encrypted data and the group receiving the encrypted data.
[0007] The application of such hybrid encryption technologies is well known, for example, from Patent Document 4 below. [Prior art documents] [Patent Documents]
[0008] [Patent Document 1] U.S. Patent Application Publication No. 2020 / 0242466, Specification A1 [Patent Document 2] US Patent No. 10,601,786 B2 [Patent Document 3] U.S. Patent Application Publication 2019 / 0113973, Specification A1 [Patent Document 4] German Patent No. 10, 2016, 109-125, Specification B3 [Overview of the project] [Problems that the invention aims to solve]
[0009] This invention is based on the problem of providing an improved method for encrypted communication between computer systems, characterized by advanced cybersecurity and advanced data protection. [Means for solving the problem]
[0010] According to the present invention, this problem is solved by a method for encrypted communication between computer systems having the features of claim 1. Advantageous embodiments and variations, as well as vehicles involved in the execution of the method, will become apparent from the claims dependent on claim 1.
[0011] In the method of encrypted communication between computer systems, based on the present invention, - The computing unit provides the training data, - The computing unit provides an RSA key pair containing a private key and a public key. - The computing unit stores the public key in the keystore of the external training unit. - The computing unit generates the first AES temporary key, - The computing unit encrypts the training data with the first AES temporary key, - The computing unit encrypts the first AES temporary key with the private key, - The computing unit transmits encrypted training data and the encrypted first AES temporary key to the training unit. - The training unit tries all public keys stored in the keystore to decrypt the first AES temporary key it receives, until the training unit successfully decrypts the first AES temporary key. - The training unit decrypts the training data using the decrypted first AES ephemeral key. - The training unit processes the training data, - The training unit generates a second AES temporary key, - The training unit calculates result data during the processing of training data, and encrypts the result data with a second AES temporary key. - The training unit encrypts the second AES temporary key with the matching public key found in the keystore. - The training unit returns the encrypted result data and the encrypted second AES temporary key to the computing unit. - The computing unit decrypts the second AES temporary key using the private key, and then decrypts the result data using the decrypted second temporary key. It is designed that way.
[0012] This provides a communication method that is particularly secure in terms of cybersecurity and data protection, while also requiring less effort. Key exchange requires only a computing unit and a training unit, which makes it possible to implement the method according to the present invention using a relatively simple hardware configuration. Therefore, the method according to the present invention can be implemented simply and at low cost.
[0013] The training unit is a separate computer system from the computing unit. For example, it may be a desktop computer, server, or laptop computer. The training unit is used for loading and processing training data.
[0014] In a particularly advantageous embodiment of this method, the processing of training data by the training unit includes training a machine learning model. For this purpose, well-established learning methods such as reinforcement learning can be used. Thus, the training data may include measurement data and target result data, in which case the machine learning model is trained to supply the corresponding target result data according to the measurement data. After the training process, only new measurement data can be supplied to the machine learning model, and the machine learning model can derive result data from it through training. With this application in mind, the data processed by the computing unit and the training unit are called training data and result data. However, generally speaking, they simply refer to computer-readable data. The names training data and result data are used solely to distinguish between the two datasets.
[0015] In the following, the processing of training data and the generation of result data are always described within the context of training a machine learning model. However, it should be noted that data processing may generally occur in other contexts for other reasons.
[0016] Preferably, the training unit includes high-performance hardware components, particularly a high-performance single-core or multi-core CPU, as well as a high-performance graphics processor, also known as a Graphics-Processing-Unit (GPU). In particular, the training unit is a backend component, which will be discussed later. By using high-performance hardware, artificial intelligence can accelerate data processing time.
[0017] The training unit can receive training data from a number of different computing units. Accordingly, the public keys of these computing units are stored in the key store of the training unit. The training data is processed so that it cannot be traced back to a specific individual or to the respective computing units themselves. Similarly, when storing the public keys of the computing units in the key store, no information is stored that would allow a specific user to reverse-infer which public key originated from which computing unit using the RSA method. Accordingly, it is ensured that the training data is transmitted anonymously between the computing unit and the training unit.
[0018] That is, the training unit has no information on which public key to use in order to decrypt the encrypted first AES temporary key received by the computing unit. This is essential for ensuring data protection. Accordingly, the training unit has to try all the public keys stored in the key store for decryption. This increases the waiting time, but since the provision of the computing units otherwise included in the encryption process can be omitted, the number of computer systems that have to be protected against attacks can be reduced. This reduces the risk of data leakage.
[0019] By encrypting the training data with the first AES temporary key, the training data becomes confidential data protected from unauthorized access.
[0020] The method according to the present invention not only enables the training (or data transmission) of a machine learning model in accordance with data protection, but also allows the results (or general result data) generated in the training process to be returned to the corresponding computing unit that supplied the training data, also in accordance with data protection. The result data may be the trained machine learning model itself, or the final result calculated by the machine learning model. Thus, the training data can be used as input values for the machine learning model, in which case the machine learning model calculates the final result. For example, camera images can be used as input data, in which the machine learning model recognizes and classifies objects as the final result.
[0021] A novel aspect of the method according to the present invention is that, instead of exchanging two different RSA key pairs for encrypted communication between the training unit and the computing unit, the RSA key pair generated by the computing unit is used for both decrypting and encrypting messages sent from the computing unit and messages sent from the training unit. This results in particularly efficient data processing.
[0022] The present invention for encrypted communication can be used in the following secure data storage method, which is: - At least two different users logged into the group device at different times using usernames and user-specific passwords. - While a user is logged into a group device, user-specific training data is collected by the group device and stored as confidential data. Access to this confidential data is protected by the username and password. It is designed that way.
[0023] This group device allows use by various users. By using individual usernames and user-specific passwords, each user can access only the training data they have generated. This ensures data protection, as users cannot view other users' personal data. Therefore, the group device does not give any user the possibility of reading or manipulating other users' personal data.
[0024] In the sense of the present invention, a group device is a computing unit such as a mobile terminal, an embedded system implemented as a so-called system on a chip (SoC), a desktop computer, or a server.
[0025] Training data is data generated, in particular, when using a group device or a higher-level system of a group device. For example, a group device may be integrated into a vehicle. Training data represents data generated in relation to vehicle use, such as how vehicle components are used, the user's driving style, the routes taken, and data generated by the vehicle using sensors. For example, a vehicle can use sensors to detect its surroundings. As sensors, a vehicle may use, for example, cameras, laser scanners, radar sensors, ultrasonic sensors, and microphones. Data collected by the vehicle and shared with or stored in the group unit is also relevant to vehicle subsystems, such as the system behavior of the control unit, air / water / oil temperatures, wheel rotation speeds, and pump rotation speeds.
[0026] In particular, training data or confidential data is encrypted and stored within the group device. Usernames and passwords are required for decryption within the group device. For transmission to the backend (training unit) and / or frontend (personal device - see the paragraph below), the exchanged data is protected using the encrypted communication method according to the present invention.
[0027] Methods for securely storing data include, - Each user logs in to their own personal device using their username and password, and while the user is logged into their personal device, user-specific training data can be collected by the personal device and stored on the personal device as confidential data. - Each individual device establishes a connection (pairing) with the group device, - Each individual device performs data synchronization with the group device, and in this process, only sensitive data generated by the user themselves is synchronized between the user's individual device and the group device. It can be done that way.
[0028] Connecting personal devices to group devices increases the flexibility of data exchange. This connection can be made directly or indirectly by the backend. Each user has their own personal device, which may preferably be a mobile device such as a smartwatch, smartphone, tablet computer, or laptop computer. Connection between group devices and personal devices is possible in various proven ways, particularly within a vehicle. For example, wired connection technologies via Ethernet or USB cables, as well as wireless connection technologies such as Wi-Fi, Bluetooth, ZigBee, and NFC, can be used. In remote locations, only data synchronization via mobile radio, such as 3G, 4G, or 5G, is possible.
[0029] Training data or confidential data can be generated and stored on both personal and group devices. When synchronized, data generated on each device is exchanged with the other devices and replicated, so the corresponding training data or confidential data exists on both personal and group devices. Data protection is further enhanced because only each user's training data or confidential data is transmitted, meaning it is used and accessible only to that user. This prevents the transmission of a first user's training data to a second user's personal device.
[0030] Since training data can also be generated by personal devices, the first user can generate training data using their personal device while a second user is logged into the group device. This is true, for example, when the second user is driving a vehicle equipped with the group device. This makes it possible to generate a wider range of personal training data, and training data and events unrelated to the individual can be used collectively to improve vehicle-specific safety-related behavior and response models that apply to all driving and parking situations.
[0031] In particularly advantageous embodiments, the group device is a computing unit embedded in the vehicle, such as a control unit for a vehicle subsystem (e.g., an infotainment system) or a central onboard computer, while the user-specific personal device is each vehicle occupant's smartphone. The group device may also be referred to as an onboard system, and the personal devices as an offboard system.
[0032] Training and event data that are irrelevant to individuals and used to improve vehicle-specific safety-related behavioral and response models applicable to all people can be shared here, as the exchange does not violate data protection.
[0033] The onboard system, advantageously, can connect via each individual device as a front-end for manipulating and displaying personal data offboard by linking to the user account in the backend. This allows the individual device to be trusted to the vehicle and backend when transmitting personal training data and predicted results, even when the onboard system is not operational, and is available via the backend where machine learning models are stored and performed.
[0034] According to an advantageous embodiment of the method based on the present invention for encrypted communication between computer systems, the training unit, after training a machine learning model, stores it in an external machine learning model storage unit, and then deletes all training data, the first AES temporary key, and the trained machine learning model. The machine learning model is then stored in an unpersonalized state. This further improves data security and data protection. Thus, during machine learning model training, relevant information is retained in the training unit only during the actual training process. After that, the corresponding relevant data is deleted. At this point, the machine learning model storage unit functions as data storage for the trained and unpersonalized machine learning model. The machine learning model storage unit may be formed by an independent computer system such as a desktop computer, server, or server cluster. The training unit and the machine learning model storage unit can be integrated into a common network, such as a common local area network (LAN). Communication between the training unit and the machine learning model storage unit can also be performed over the internet.
[0035] Advantageously, the training unit loads existing machine learning models from the machine learning model storage unit and further trains them using training data. Generally, it would be possible to store machine learning models within the training unit. In this case, the training unit can easily further train various machine learning models. However, particularly high data security is possible by using the machine learning model storage unit. In this case, the training unit can initially train new machine learning models with training data or load already trained machine learning models and further train them without accessing the machine learning model storage unit. This makes it possible to train one identical machine learning model or different machine learning models for individual groups. For this purpose, user-specific or individual-specific training data is collected and used for training. This makes it possible to continue building the aforementioned machine learning models in accordance with data protection and anonymity.
[0036] According to a further advantageous embodiment of the method based on the present invention for encrypted communication, a terminal in the form of a group device, which is incorporated into a vehicle, or a mobile terminal in the form of a personal device, which is operated outside the vehicle, is used as a computing unit. This further improves data protection for training machine learning models. Thus, using one same computing unit, training data for various users can be generated and considered, and for vehicle-specific safety-related behavior and reaction models that apply to everyone, non-personalized machine learning models can be jointly used in the onboard system and the backend system, while personalized machine learning models and final results are displayed in a decrypted state in the onboard system only via the personal device or only using a private key protected by a username and a user-specific password. In particular, the user-specific RSA key pair is generated by the group device (for each logged-in user), preferably by each personal device. For example, a smartphone can generate the RSA key pair mentioned, and the corresponding private and public keys are distributed to the group device for storage during synchronization. This allows the group device to transmit training data to the training unit on behalf of the personal device and decrypt and process the results when they are returned.
[0037] Furthermore, in an advantageous development of this method, the computing unit stores the RSA key pair in an external RSA key storage unit after generation. The RSA key storage unit is preferably cryptographically protected against breaches by unauthorized users (unauthenticated users). The RSA key storage unit can also be used to recover lost keys. The RSA key storage unit can also update the stored RSA key pair if the original key is changed.
[0038] Therefore, computing units, particularly personal or group devices, can access the RSA key holding unit and, after transmitting the username and user-specific password, recover the user's RSA key pair.
[0039] Furthermore, according to a further advantageous development of the method based on the present invention, - The individual device transmits a wake-up command to the group device in sleep mode, and upon receiving it, the group device wakes up (recovers) from standby mode. - The encrypted result data and the encrypted second AES temporary key are transferred from the personal device to the group device. - The group device decrypts the second AES temporary key using the private key, and decrypts the resulting data using the decrypted second AES temporary key. It is designed that way.
[0040] Generally, as already mentioned, since individual or group devices can function as computing units, decoding of the resulting data is possible by either the individual or group device. However, it is also possible that the resulting data is relevant to the group device in particular but not to the individual device. Furthermore, the group device may have a sleep mode or standby mode. In this case, the group device can be woken up by output of a wake-up command from the individual device and is available to perform the relevant process steps. In particular, in such cases, the training data may be transmitted from the individual device to the training unit.
[0041] According to the present invention, the vehicle is equipped with the aforementioned group device. The group device is designed to perform a method according to the present invention for secure data storage and for encrypted communication between computer systems. The vehicle may be any vehicle, such as a passenger car, freight car, transporter, bus, or construction machinery. Generally, it may also be a railway vehicle, ship, or aircraft.
[0042] Further advantageous embodiments of the method and vehicle according to the present invention will also be apparent from embodiments described in detail below with reference to the figures. [Brief explanation of the drawing]
[0043] [Figure 1] This is a schematic diagram of a system for training machine learning models in accordance with data protection standards. [Figure 2] This is a flowchart of the method according to the present invention. [Modes for carrying out the invention]
[0044] Training machine learning models (also known as machine learning) requires a relatively large amount of data. Typically, users A and B, as illustrated in Figure 2, generate the training data used for this purpose. Since it becomes possible to inversely infer user behavior from this training data, the data protection of users A and B is compromised. Therefore, in the context of training machine learning models, the method of encrypted communication between computer systems according to the present invention aims to maintain data protection and cybersecurity. A system conforming to this is shown in Figure 1.
[0045] This system, according to possible embodiments, includes a group device 1 (also called an onboard system, e.g., a central onboard computer) integrated into the vehicle 6. Each user A and B has a user-specific personal device 2 connected to the group device 1, thereby ensuring reliable communication between the shared onboard system and the individual personal devices in further process steps. Training data can be generated using the group device 1 and / or personal devices 2, and this training data is stored as confidential data on the corresponding group device 1 and personal devices 2, protected from unauthorized access by usernames and user-specific passwords. The group device 1 and personal devices 2 can perform synchronization, so that the training data can be duplicated and stored on the two corresponding devices. In this case, only the training data generated by each user themselves is transmitted to that user's personal device 2.
[0046] As indicated by arrow 101, personal data can be encrypted and transmitted to the training unit 3. The system according to the present invention may have multiple training units 3, thereby enabling large-scale data processing. As indicated by arrow 102, data that cannot be inversely inferred from a specific individual or specific device can be transmitted to the aforementioned training unit 3.
[0047] In this case, the training unit 3 is generally used for data processing, or, for example in the context discussed here, for training one or more machine learning models. The training data used for training is preferably retained in the training unit 3 only while the machine learning model itself is being trained. After that, the training data is deleted. Furthermore, the system includes a machine learning model retention unit 4. As indicated by arrow 103, each training unit 3 can exchange a machine learning model with the machine learning model retention unit 4. Thus, a newly trained initial machine learning model can be stored in the machine learning model retention unit 4, or an already trained machine learning model can be retrieved and continued to be trained in the training unit 3. Correspondingly, further trained machine learning models can be returned to the machine learning model retention unit 4. Results generated during training, for example, a machine learning model after training is complete, or the final results calculated by the machine learning model during training, can be encrypted and returned to the corresponding group device 1 and / or personal device 2, as indicated by arrow 104.
[0048] Figure 2 shows the procedure in detail.
[0049] The flowchart shown in Figure 2 illustrates User A, User B, Group Device 1, User A's personal device 2A, User B's personal device 2B, Training Unit 3, Machine Learning Model Holding Unit 4, and RSA Key Holding Unit 5.
[0050] In step 201, user A starts and either registers with group device 1 for the first time or logs in with a username and password. In step 202, user A starts and registers with or logs in to their personal device 2A.
[0051] In step 203, personal device 2A generates an RSA key pair belonging to user A, namely a private key and a public key. In optional step 204, these public and private keys are stored as a backup in RSA key holding unit 5. In step 205, the public key, which does not contain any information that could potentially identify the user ID or device ID, is stored in training unit 3 and then saved in the keystore. The keystore may already contain many other public keys from further computing units.
[0052] In step 206, the group device 1 and user A's personal device 2A are connected. At this time, personal data, including the RSA key pair generated by personal device 2A, is synchronized.
[0053] In step 207, user B starts and registers or logs into group device 1. In step 208, user B starts and registers or logs into their personal device 2B.
[0054] This process is the same as for user A. Thus, in step 209, an RSA key pair for user B is generated, and this key pair is also optionally transmitted to the RSA key holding unit 5 in step 210 to recover the key mentioned in case of emergency. In step 211, user B's public key is also stored in the keystore of the training unit 3, without any information that would enable the reverse inference of user B's identity.
[0055] Next, in step 212, the personal device 2B is synchronized with the group device 1.
[0056] The following process presents two options for exchanging training data for training a machine learning model with training unit 3. According to steps 213-223, the training data is transmitted from group device 1. In contrast, according to steps 224-232, the training data is transmitted from the user's personal device 2A.
[0057] In step 213, group device 1 generates a first AES temporary key. In step 214, the training data is encrypted with the first AES temporary key, and then the first AES temporary key is encrypted with user A's private key. In this case, since user A is logged into group device 1, user A's private key is used. Generally, the keys of the logged-in users are used here.
[0058] In step 215, the encrypted training data and the encrypted first AES temporary key are transmitted to the training unit 3.
[0059] In step 216, the training unit 3 applies all public keys stored in the keystore, i.e., public keys obtained from any number of computing units, to the received data and decrypts the data. When a matching key is found, this enables the decryption of the first AES temporary key. In step 217, the training data is decrypted using the decrypted first AES temporary key. Next, the machine learning model is trained. In step 218, the machine learning model thus trained can be stored in the machine learning model storage unit 4. If a new machine learning model is not to be initially trained, an existing machine learning model can be loaded from the machine learning model storage unit 4 before training and that machine learning model can be continued (not shown). The resulting data computed by the application or training of the machine learning model is encrypted in step 219. For this purpose, the training unit 3 generates a second AES temporary key and uses it to encrypt the resulting data. The second AES temporary key is then encrypted using the previously found public key. In step 220, the encrypted result data and the encrypted second AES temporary key are returned to group device 1.
[0060] Next, in step 221, training unit 3 deletes all relevant data, including the trained machine learning model, the training data used, and the first AES temporary key. Thus, the corresponding information cannot be tampered with or stolen during an attack, and cybersecurity and data security are appropriately improved.
[0061] In step 222, group device 1 decrypts the second AES temporary key with the private key. Next, using the decrypted second AES temporary key, group device 1 decrypts the result data obtained from training unit 3. In step 223, the results contained in the result data are output to user A in a processed format, for example.
[0062] The same procedure is followed when using personal device 2A. In step 224, personal device 2A generates a first AES temporary key. In step 225, personal device 2A encrypts the training data using the first AES temporary key and encrypts this first AES temporary key with a private key. In step 226, the encrypted training data and the encrypted first AES temporary key are transmitted to training unit 3.
[0063] In step 227, the training unit 3 decrypts the first AES temporary key using a matching public key read from the keystore. Next, in step 228, the training unit 3 decrypts the encrypted training data using the first AES temporary key thus decrypted. Then, the machine learning model is trained. In an optional step 229, the machine learning model thus trained can be stored in the machine learning model holding unit 4. Similarly, a previously trained machine learning model can also be loaded and trained again (not shown).
[0064] In step 230, training unit 3 generates a second AES ephemeral key and uses it to encrypt the result data generated during the training of the machine learning model. The second AES ephemeral key is then encrypted using a previously found public key. Next, in step 231, the encrypted result data and the encrypted second AES ephemeral key are returned to user A's personal device 2A. In step 232, training unit 3 deletes the aforementioned related data, namely the trained machine learning model, training data, and the first AES ephemeral key.
[0065] Subsequently, the decrypted result data or output of the result can be provided to the user. This can be done via personal device 2A or group device 1. Below, we show an optional special case where output is performed via group device 1. This group device 1 is currently in standby mode. The sleeping group device 1 is woken up by personal device 2A, making it possible to output the result. To this end, in step 233, personal device 2A sends a wake-up command to the sleeping group device 1. Subsequently, personal device 2A transfers the encrypted result and the encrypted second AES temporary key to group device 1. In step 234, group device 1 decrypts the aforementioned data. To this end, group device 1 decrypts the second AES temporary key with the private key, and then decrypts the encrypted result with the decrypted second AES temporary key obtained in this way. In step 235, output is then provided to user A.
Claims
1. In a method of encrypted communication between computer systems, - The computing unit, Provide training data, Provide an RSA key pair containing the private and public keys. The public key is stored in the key store of the external training unit (3). Generate the first AES temporary key, The aforementioned training data is encrypted with the first AES temporary key, The first AES temporary key is encrypted with the private key, The encrypted training data and the encrypted first AES temporary key are transmitted to the training unit (3). - The aforementioned training unit (3) In order to decrypt the transmitted first AES temporary key, all public keys stored in the keystore are tried until the first AES temporary key is decrypted. The training data is decrypted using the decrypted first AES temporary key. Processing the aforementioned training data, Generate a second AES temporary key, During the processing of the aforementioned training data, result data is calculated, and the result data is encrypted using the second AES temporary key. The second AES temporary key is encrypted using the matching public key found in the keystore. The encrypted result data and the encrypted second AES temporary key are returned to the calculation unit. - The calculation unit decrypts the second AES temporary key using the secret key, and decrypts the result data using the decrypted second AES temporary key. A method characterized by the following:
2. The processing of the training data by the training unit (3) includes training a machine learning model. The method according to claim 1, characterized in that
3. After the training unit (3) has trained the machine learning model, it stores it in an external machine learning model storage unit (4), and then deletes all the training data, the first AES temporary key, and the trained machine learning model. The method according to claim 2, characterized in that...
4. The training unit (3) reads an existing machine learning model from the machine learning model holding unit (4) and further trains it using the training data. The method according to claim 3, characterized in that
5. A terminal incorporated into the vehicle (6) in the form of a group device (1), or a mobile terminal running outside the vehicle (6) in the form of a personal device (2), is used as the computing unit. The method according to claim 1, characterized in that
6. After the calculation unit generates the RSA key pair, it stores it in the external RSA key holding unit (5). The method according to claim 1, characterized in that
7. - The personal device (2) transmits a wake-up command to the group device (1) which is in sleep mode, and in response, the group device (1) wakes up from standby mode. - The encrypted result data and the encrypted second AES temporary key are transmitted from the personal device (2) to the group device (1). - The group device (1) decrypts the second AES temporary key using the secret key, and decrypts the result data using the decrypted second AES temporary key. The method according to claim 5, characterized in that
8. A vehicle (6) comprising a group device (1) used in the method described in any one of claims 5 to 7.