CN102111765B - Method and device for processing service key - Google Patents
Method and device for processing service key Download PDFInfo
- Publication number
- CN102111765B CN102111765B CN200910243595.2A CN200910243595A CN102111765B CN 102111765 B CN102111765 B CN 102111765B CN 200910243595 A CN200910243595 A CN 200910243595A CN 102111765 B CN102111765 B CN 102111765B
- Authority
- CN
- China
- Prior art keywords
- cipher key
- business cipher
- memory module
- probability
- key memory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention discloses a method for processing a service key. By deleting the service key after power on reset of a device, service security breaches caused by separation between a service key memory chip and a user authentication module are made up, and attack behaviors of invalid users are prevented, so that user experiences of valid users are ensured as much as possible. In addition, according to the method in the present invention, only a few changes are needed to perform on the service key memory chip, and service flow and service logic of a terminal and a platform are not influenced, thereby ensuring safety requirements of the service key with a small cost.
Description
Technical field
The present invention relates to communication technical field, particularly relate to a kind of processing method and equipment of business cipher key.
Background technology
Along with the fast development of mobile communication technology, mobile TV service has also obtained increasing application, and people can be by terminal TV receptions such as mobile phones; In existing mobile TV service, need to order first mobile TV service, could be on mobile phone TV reception.
Concrete, based on the mobile TV service of broadcast mode (for example, the multimedia broadcast-multicast service MBMS of third generation partner program 3GPP, BCAST of open mobile alliance OMA etc.) in, order and the associative operation of management all is that method by encryption and decryption realizes.Namely at first need broadcast program is encrypted, and business cipher key sent to the terminal of order business by variety of way, and the user wants to watch TV programme by terminal, at first need to carry out service order, obtain business cipher key, and be decrypted having added close broadcast program according to this business cipher key, thereby so that the user can watch TV programme by terminal.
In summary it can be seen, obtain business cipher key become in the present mobile TV service the operation that must carry out, be the precondition of TV reception.
In the prior art, only designed business cipher key how safety send to the mode how terminal and terminal use this business cipher key deciphering broadcast program, and do not consider and work as SIM (the Subscriber Identity Module that identifies user identity in the terminal, user identification module) module of card and storage service key (for example, when change occurs the binding relationship business cipher key storage chip), how to guarantee the problem of business cipher key safety.
In realizing process of the present invention, the inventor finds to exist at least in the prior art following problem:
When SIM card and the unification of business cipher key storage chip (for example, the user's IC-card in the SIM card in the mobile communications network or the CA system), then this business cipher key is safe.But when SIM card is separated with the business cipher key storage chip (for example, the mode that has adopted the business cipher key storage chip to separate with the SIM/USIM card in the mobile TV service), user identity in the time of will causing obtaining business cipher key may be when using business cipher key user identity different, thereby cause possible attack.
Concrete, malicious user may utilize single SIM card to finish and repeatedly obtain business cipher key, and the business cipher key that obtains is kept at operation in a plurality of terminals, thereby so that a plurality of terminal can be utilized the illegal TV reception of this business cipher key.Be that the assailant can people's order business, and in terminal, insert successively a plurality of business cipher key storage chips, and the downloading service key, thereby make other user's fee evasions, thereby even malicious attacker can also utilize this chance at a low price selling operation key make a profit.
Summary of the invention
The embodiment of the invention provides a kind of processing method and equipment of business cipher key, to guarantee the fail safe of business cipher key.
In order to achieve the above object, the embodiment of the invention has proposed a kind of processing method of business cipher key, may further comprise the steps:
After the business cipher key memory module of terminal powered on, perhaps, described business cipher key memory module powered on when resetting the rear first time, deletes the business cipher key of storing in the described business cipher key memory module;
Described terminal sends business cipher key to network side and obtains request;
Described network side carries out authentication receiving after described business cipher key obtains request to described terminal; And when authentication is passed through, send described business cipher key to described terminal.
Deleting the business cipher key of storing in the described business cipher key memory module comprises:
According to the business cipher key of storing in the predetermined probabilities deletion business cipher key memory module.
Described predetermined probabilities is a probability, all business cipher keys of storing in the corresponding described business cipher key memory module; Perhaps
Described predetermined probabilities is a plurality of probability, each business cipher key of storing in the corresponding described business cipher key memory module respectively.
When described predetermined probabilities is a probability, comprise according to the business cipher key of storing in the predetermined probabilities deletion business cipher key memory module:
When each business cipher key memory module powers on, generate random parameter R, and calculate N=R mod C; Wherein, described C is configurable business cipher key probability of erasure parameter, and the implication of described mod is the remainder of result behind two integral divides;
When N=k, delete all business cipher keys of storing in the described business cipher key memory module, wherein, k<C.
When described predetermined probabilities is a plurality of probability, comprise according to the business cipher key of storing in the predetermined probabilities deletion business cipher key memory module:
When each business cipher key memory module powers on, each business cipher key is all generated random parameter Ri, and calculate Ni=Ri mod Ci; Wherein, described Ci is configurable business cipher key probability of erasure parameter corresponding to business cipher key Ki, and the implication of described mod is the remainder of result behind two integral divides;
When Ni=k, delete the business cipher key Ki that stores in the described business cipher key memory module, wherein, k<Ci.
Described business cipher key probability of erasure parameter is for being preset in the described business cipher key memory module; Perhaps, determine described business cipher key probability of erasure parameter by network side, and be written in the described business cipher key memory module.
When described predetermined probabilities is a probability, also comprise according to the business cipher key of storing in the predetermined probabilities deletion business cipher key memory module:
When each business cipher key memory module powers on, generate random parameter R1, and calculate Id=R1 mod C1; Wherein, described C1 is the business cipher key quantity of storing in the described business cipher key memory module, and the implication of this mod is the remainder of result behind two integral divides;
Delete that sequence number is the business cipher key of Id in the described business cipher key memory module.
A kind for the treatment of facility of business cipher key comprises:
The business cipher key removing module is used for after the business cipher key memory module of terminal powers on, and perhaps, described business cipher key memory module powers on when resetting the rear first time, deletes the business cipher key of storing in the described business cipher key memory module;
Sending module is used for sending business cipher key to network side and obtains request, receiving after described business cipher key obtains request, described terminal is carried out authentication by network side;
Processing module is used for receiving the described business cipher key from network side when described terminal authentication passes through.
Described business cipher key removing module specifically is used for, according to the business cipher key of storing in the predetermined probabilities deletion business cipher key memory module.
Described business cipher key removing module comprises:
The first deletion submodule is used for generating random parameter R when each business cipher key memory module powers on, and calculates N=R mod C; Wherein, described C is configurable business cipher key probability of erasure parameter, and the implication of described mod is the remainder of result behind two integral divides; When N=k, delete all business cipher keys of storing in the described business cipher key memory module, wherein, k<C;
The second deletion submodule is used for when each business cipher key memory module powers on each business cipher key all being generated random parameter Ri, and calculates Ni=Ri mod Ci; Wherein, described Ci is configurable business cipher key probability of erasure parameter corresponding to business cipher key Ki, and the implication of described mod is the remainder of result behind two integral divides; When Ni=k, delete the business cipher key Ki that stores in the described business cipher key memory module, wherein, k<Ci;
Described business cipher key probability of erasure parameter is for being preset in the described business cipher key memory module; Perhaps, determine described business cipher key probability of erasure parameter by network side, and be written in the described business cipher key memory module;
The 3rd deletion submodule is used for generating random parameter R1 when each business cipher key memory module powers on, and calculates Id=R1 mod C1; Wherein, described C1 is the business cipher key quantity of storing in the described business cipher key memory module, and the implication of this mod is the remainder of result behind two integral divides; And delete that sequence number is the business cipher key of Id in the described business cipher key memory module.
Compared with prior art, the present invention has the following advantages: by after resetting in device power business cipher key is deleted, thereby remedied the service security leak that causes when the business cipher key storage chip separates with user authentication module, and taken precautions against disabled user's attack, guaranteed that as much as possible the user of validated user experiences.And only need among the present invention the business cipher key storage chip is done a small amount of change, do not affect operation flow and the service logic of terminal, platform, thereby guaranteed the business cipher key safety requirements with less cost.
Description of drawings
In order to be illustrated more clearly in the present invention or technical scheme of the prior art, the below will do to introduce simply to the accompanying drawing of required use in the present invention or the description of the Prior Art, apparently, accompanying drawing in the following describes only is accompanying drawings more of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is the process flow figure of a kind of business cipher key of embodiment of the invention proposition;
Fig. 2 is the process flow figure of the another kind of business cipher key of embodiment of the invention proposition;
Fig. 3 is the process flow figure of the another kind of business cipher key of embodiment of the invention proposition;
Fig. 4 is the process flow figure of the another kind of business cipher key of embodiment of the invention proposition;
Fig. 5 is the process flow figure of the another kind of business cipher key of embodiment of the invention proposition;
Fig. 6 is the process flow figure of the another kind of business cipher key of embodiment of the invention proposition;
Fig. 7 is the structure chart of the treatment facility of a kind of business cipher key of proposing of the embodiment of the invention.
Embodiment
In the embodiment of the invention, when terminal powers on, the business cipher key of storing in the deletion business cipher key memory module, thereby remedied the service security leak that causes when the business cipher key storage chip separates with user authentication module, and taken precautions against disabled user's attack, guaranteed that as much as possible the user of validated user experiences.And only need among the present invention the business cipher key storage chip is done a small amount of change, do not affect operation flow and the service logic of terminal, platform, thereby guaranteed the business cipher key safety requirements with less cost.
Below in conjunction with the accompanying drawing among the present invention, the technical scheme among the present invention is clearly and completely described, obviously, described only is the present invention's part, rather than whole.Based on the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other invention that obtains under the creative work prerequisite.
The processing method of a kind of business cipher key that the embodiment of the invention proposes as shown in Figure 1, may further comprise the steps:
Concrete, after the business cipher key memory module powers on, enter business cipher key removing module (can pass through the business cipher key delete program) by the bootstrap module in the described business cipher key memory module (can realize by boot) guiding, deleted the business cipher key of storing in the described business cipher key memory module by this business cipher key removing module; Perhaps,
In the reseting module (can realize by reset routine) of described business cipher key memory module, determine whether to power on and enter described reseting module the rear first time, if, then enter described business cipher key removing module, deleted the business cipher key of storing in the described business cipher key memory module by this business cipher key removing module.
Can find out, in embodiments of the present invention, when the business cipher key memory module powers on, then need to enter into the business cipher key that business cipher key removing module deletion business cipher key memory module is stored; Perhaps, when enter into the reset routine of business cipher key memory module the rear first time that powers on, also need to enter into the business cipher key that business cipher key removing module deletion business cipher key memory module is stored.
Need to prove, be not limited to aforesaid way in the embodiment of the invention and enter into the business cipher key that business cipher key removing module deletion business cipher key memory module is stored, for example, when the power down of business cipher key memory module, directly remove the business cipher key of storing in the business cipher key memory module, processing mode for other repeats no more in the embodiment of the invention.
In the embodiment of the invention, the business cipher key of storing in the deletion business cipher key memory module comprises: according to the business cipher key of storing in the predetermined probabilities deletion business cipher key memory module.Wherein, described predetermined probabilities is a probability, all business cipher keys of storing in the corresponding described business cipher key memory module; Perhaps, described predetermined probabilities is a plurality of probability, each business cipher key of storing in the corresponding described business cipher key memory module respectively.
In the embodiment of the invention, when described predetermined probabilities is a probability, comprise according to the business cipher key of storing in the predetermined probabilities deletion business cipher key memory module: when each business cipher key memory module powers on, generate random parameter R, and calculate N=R mod C; Wherein, described C is configurable business cipher key probability of erasure parameter, and the implication of described mod is the remainder of result behind two integral divides; When N=k, delete all business cipher keys of storing in the described business cipher key memory module, wherein, k<C.
When described predetermined probabilities is a plurality of probability, comprise according to the business cipher key of storing in the predetermined probabilities deletion business cipher key memory module: when each business cipher key memory module powers on, each business cipher key is all generated random parameter Ri, and calculate Ni=Ri mod Ci; Wherein, described Ci is configurable business cipher key probability of erasure parameter corresponding to business cipher key Ki, and the implication of described mod is the remainder of result behind two integral divides; When Ni=k, delete the business cipher key Ki that stores in the described business cipher key memory module, wherein, k<Ci.
In the said process, described business cipher key probability of erasure parameter is for being preset in the described business cipher key memory module; Perhaps, determine described business cipher key probability of erasure parameter by network side, and be written in the described business cipher key memory module.
When described predetermined probabilities is a probability, also comprise according to the business cipher key of storing in the predetermined probabilities deletion business cipher key memory module: when each business cipher key memory module powers on, generate random parameter R1, and calculate Id=R1mod C1; Wherein, described C1 is the business cipher key quantity of storing in the described business cipher key memory module, and the implication of this mod is the remainder of result behind two integral divides; Delete that sequence number is the business cipher key of Id in the described business cipher key memory module.
In the embodiment of the invention, when if terminal need to be obtained described business cipher key again, need to obtain at business cipher key and carry authentication information in the request, wherein, this authentication information includes but not limited to the information such as user totem information, service identification and subscriber authentication key.When network side receives after described business cipher key obtains request, can be according to the authentication information in this request, namely according to receiving user totem information, service identification and subscriber authentication key terminal is carried out authentication, and when authentication is passed through, send described business cipher key to described terminal.
But, for illegal terminal, if need to again obtain described business cipher key, also need to send business cipher key to network side and obtain request, and can't carry the authentication information of this terminal in this request, perhaps having carried can't be by the information of authentication, after network side receives described request, owing to do not obtain correct authentication information, can't carry out authentication or authentication can't be passed through to this terminal, at this moment, network side can not send described business cipher key to this terminal.
Certainly, in the practical application, when network side does not obtain authentication information, can also again ask authentication information to terminal, for legal terminal, can self authentication information be sent to network side according to this request, and carry out authentication by network side.And for illegal terminal, still the authentication information of self can't be sent to network side, and namely can't pass through authentication, also just can't obtain business cipher key.
As seen, in the method provided by the present invention, by after resetting in device power business cipher key is deleted, thereby remedied the service security leak that causes when the business cipher key storage chip separates with user authentication module, and taken precautions against disabled user's attack, guaranteed that as much as possible the user of validated user experiences.And only need among the present invention the business cipher key storage chip is done a small amount of change, do not affect operation flow and the service logic of terminal, platform, thereby guaranteed the business cipher key safety requirements with less cost.
As shown in Figure 2, in the embodiment of the invention in conjunction with a kind of concrete application scenarios, to elaborating that the processing method of business cipher key is carried out.Wherein, the processing method of this business cipher key can be applied in the mobile TV service; Certainly, according to the actual needs, can also be applied in other and watch in the application scenarios of pay imformation (for example, interactive program) by terminal, repeat no more in the embodiment of the invention, describe to be applied in the mobile TV service as example.
Concrete, the processing method of above-mentioned business cipher key may further comprise the steps:
Concrete, terminal is when receiving program guide, need to choose a program in one of them channel or a certain channel, so that the user can watch this channel or program from this terminal, at this moment, at first will obtain the business cipher key of this channel or program, this process of obtaining business cipher key comprises: (1) terminal sends user totem information, service identification and subscriber authentication key to network side; (2) after network side receives user totem information, service identification and subscriber authentication key, terminal is carried out authentication; (3) if authentication is passed through, the business cipher key that network side will have been encrypted sends to terminal.
Concrete, after the business cipher key memory module powers on, enter the business cipher key delete program by the guiding of the boot in the business cipher key memory module; Perhaps, in the reset routine of business cipher key memory module, enter reset routine the rear first time that determines whether to power on, if then enter the business cipher key delete program.And the business cipher key delete program can be deleted the business cipher key of storing in the business cipher key memory module.
In this step, the module of storage service key (for example, business cipher key storage chip, IC-card etc., describe as an example of the business cipher key storage chip example in the embodiment of the invention) power on after or the business cipher key memory module power on when resetting the rear first time, the business cipher key storage chip need to be deleted business cipher key.
In actual applications, for every station terminal, because a variety of causes (for example, dead battery, equipment plug, system closedown, dormancy etc.) cause when TV reception, phenomenon all may appear restarting etc., after terminal powered on, then corresponding business cipher key storage chip powered on, need to be by business cipher key storage chip deletion business cipher key.And because business cipher key is stored in this business cipher key storage chip, namely this business cipher key storage chip can directly be deleted business cipher key from self.
Concrete, owing to stored different business cipher keys in this business cipher key storage chip, this business cipher key storage chip needs all the business cipher key deletions that will wherein store at every turn after powering on.
This process of obtaining business cipher key comprises: (1) terminal sends user totem information, service identification and subscriber authentication key to network side; (2) after network side receives user totem information, service identification and subscriber authentication key, terminal is carried out authentication; (3) if authentication is passed through, the business cipher key that network side will have been encrypted sends to terminal.
Need to prove, for validated user, after terminal (being the business cipher key storage chip in the terminal) powers on, if when needing by the terminal TV reception, then need again to obtain business cipher key, and can obtain business cipher key.And for the disabled user, because this disabled user does not have order business, this disabled user can't get access to business cipher key, take precautions against the purpose that the disabled user illegally obtains business cipher key thereby reached, and guarantee the fail safe of business cipher key.
As seen, in the method provided by the present invention, by after resetting in device power business cipher key is deleted, thereby remedied the service security leak that causes when the business cipher key storage chip separates with user authentication module, and taken precautions against disabled user's attack, guaranteed that as much as possible the user of validated user experiences.And only need among the present invention the business cipher key storage chip is done a small amount of change, do not affect operation flow and the service logic of terminal, platform, thereby guaranteed the business cipher key safety requirements with less cost.
Based on processing procedure shown in Figure 2, a kind of processing method of business cipher key has also been proposed in the embodiment of the invention, as shown in Figure 3, may further comprise the steps:
Can find out, from terminal in the above-mentioned steps 203 power at every turn after by the business cipher key storage chip delete all business cipher keys different be, in actual applications, can also delete business cipher key according to predetermined probabilities, thereby so that for the terminal of frequent switching on and shutting down, do not need to delete frequently business cipher key, thereby the use that has improved the user is experienced.
Concrete, in embodiments of the present invention, can be according to the actual needs, the value of this predetermined probabilities is set arbitrarily, for example, the value of this predetermined probabilities (be terminal every during through the process that powers on for four times by business cipher key of business cipher key storage chip deletion), 1/5 (terminal every through the process that powers on for five times time by business cipher key of business cipher key storage chip deletion), 1/6 that be set to 1/4 (terminal every through the process that powers on for six times time by business cipher key of business cipher key storage chip deletion) etc.Wherein, the value of this predetermined probabilities can be set directly in this business cipher key storage chip.
Preferably, in embodiments of the present invention, the business cipher key storage chip is specially according to the process of predetermined probabilities deletion business cipher key:
(1) in the business cipher key storage chip, preset constant C, wherein, C is the configurable parameter value of operator.
When (2) the business cipher key storage chip powers on, generate random parameter R at every turn, and calculate N=R modC; Wherein, the implication of this mod is the remainder of result behind two integral divides, and for example: 7 mod 3=1, remainder 1 is namely carried out the result after the MOD computing.
(3) when N=k, the business cipher key storage chip is deleted all business cipher keys, wherein, and k<C.
Can find out, pass through said process, because R is the parameter that generates at random, then the value of N will be 0 in (C-1) any one, and be 0 in (C-1) probability of each value identical, the value that is N is 1/C for the probability of default k value, and namely to delete the probability of all business cipher keys be 1/C to the business cipher key storage chip.
In this step, this business cipher key storage chip need to obtain deleted business cipher key again, and for example, when business cipher key A was deleted, then this business cipher key storage chip need to obtain business cipher key A again in this step.
In sum, when terminal powers at every turn all with the probabilistic delete business cipher key of 1/C, can be so that validated user only needs the acquisition process of latency services key under a few cases; And for the disabled user, each switching on and shutting down (being that the business cipher key storage chip powers on) all can be with the deleted business cipher key of the probability of 1/C, thereby cause behind the multiple switching machine, the deleted possibility of business cipher key can be larger, use professional difficulty thereby increase the disabled user, and reduce the feasibility that malicious user utilizes the duplication service key to make a profit.
Based on processing procedure shown in Figure 2, a kind of processing method of business cipher key has also been proposed in the embodiment of the invention, as shown in Figure 4, may further comprise the steps:
After step 402, business cipher key storage chip power on or the business cipher key storage chip power on when resetting the rear first time, the business cipher key storage chip is according to predetermined probabilities random erasure business cipher key arbitrarily in all business cipher keys.Wherein, this predetermined probabilities can be selected arbitrarily according to actual needs, for example, can determine according to the quantity of business cipher key the value of this predetermined probabilities.
Can find out, from terminal in the above-mentioned steps 203 power at every turn after by the business cipher key storage chip delete all business cipher keys different be in actual applications, can also delete arbitrarily business cipher key according to predetermined probabilities.
Preferably, in embodiments of the present invention, according to predetermined probabilities in all business cipher keys random erasure arbitrarily the process of business cipher key be specially:
(1) obtains the business cipher key quantity C1 that stores in the business cipher key storage chip.
When (2) the business cipher key storage chip powers on, generate random parameter R1 at every turn, and calculate Id=R1modC1; Wherein, the implication of this mod is the remainder of result behind two integral divides.
(3) business cipher key storage chip deletion sequence number is the business cipher key of Id.Wherein, in the business cipher key storage chip, for each business cipher key is numbered, for example, when 5 business cipher keys were arranged, corresponding sequence number Id was respectively 0,1,2,3,4.
Can find out, by said process, be the business cipher key of Id for sequence number, will be with this business cipher key of probabilistic delete of 1/C, and namely each business cipher key in C1 the business cipher key (all business cipher keys) all will be deleted with the probability of 1/C.
In sum, each business cipher key when terminal powers at every turn in all business cipher keys, all will delete with the probability of 1/C, validated user only can need to obtain business cipher key again when playing a certain channel (namely corresponding to the business cipher key of deleting), and all can play immediately when validated user is play other channels; And for the disabled user, each switching on and shutting down all can cause losing of one of them business cipher key, and can't obtain this business cipher key, and behind the multiple switching machine, the disabled user will not have operable business cipher key, thereby increase disabled user's use difficulty.
Based on processing procedure shown in Figure 2, a kind of processing method of business cipher key has also been proposed in the embodiment of the invention, as shown in Figure 5, may further comprise the steps:
Step 501, terminal to acquire service cipher key, and according to this business cipher key TV reception.
Step 502, the business cipher key storage chip powers on rear or the business cipher key storage chip powers on when resetting the rear first time, the business cipher key storage chip is deleted one of them business cipher key in all business cipher keys according to predetermined probabilities, wherein, different business cipher keys, can delete with identical predetermined probabilities value, also can delete with different predetermined probabilities values.
Concrete, in embodiments of the present invention, the process that the business cipher key storage chip is deleted one of them business cipher key in all business cipher keys according to predetermined probabilities is specially:
(1) in the business cipher key storage chip, each business cipher key Ki is safeguarded a constant Ci, wherein, the numerical relation of Ki and Ci is configurable parameter value.
When (2) the business cipher key storage chip powers on, each business cipher key is all produced random number R i at every turn, and calculate Ni=Ri mod Ci.
(3) when Ni=k, business cipher key storage chip deletion business cipher key Ki, wherein, k<Ci.
Can find out, pass through said process, for business cipher key Ki, because Ri is the parameter that generates at random, then the value of Ni will be 0 in (Ci-1) any one, and be 0 in (Ci-1) probability of each value identical, namely the value of Ni is 1/Ci for the probability of default k value, namely to delete the probability of business cipher key Ki be 1/Ci to the business cipher key storage chip.
Step 503, the business cipher key storage chip obtains deleted business cipher key again.
In sum, when terminal powers at every turn all with the probabilistic delete business cipher key Ki of 1/Ci, thereby can independently control each business cipher key, when each business cipher key storage chip powers on, according to the random number that produces, can delete one or more business cipher keys in probability ground, concerning validated user, do not need all business cipher keys of disposable deletion, increased user's experience; And for the disabled user, increased the difficulty of disabled user's prediction, and once may delete a plurality of business cipher keys, use professional difficulty thereby increase the disabled user.
Based on the processing procedure in above-described embodiment, a kind of processing method of business cipher key has also been proposed in the embodiment of the invention, as shown in Figure 6, may further comprise the steps:
Can find out, from in above-described embodiment by the business cipher key storage chip preset business cipher key probability of erasure parameter different be, in the embodiment of the invention, write business cipher key probability of erasure parameter by network side to the business cipher key storage chip, thereby increased the control dynamics of network side.
Concrete, network side can obtain message or other authorization messages write business cipher key probability of erasure parameter to the business cipher key storage chip by business cipher key, certainly, in actual applications, can also write business cipher key probability of erasure parameter to the business cipher key storage chip by other message, repeat no more in the embodiment of the invention.
After step 603, business cipher key storage chip power on or the business cipher key storage chip power on when resetting the rear first time, the business cipher key storage chip is deleted one of them business cipher key in all business cipher keys or all business cipher keys according to predetermined probabilities.
Write business cipher key probability of erasure parameters C for network side to the business cipher key storage chip, the corresponding business cipher key storage chip that is operating as is deleted all business cipher keys according to predetermined probabilities; Write business cipher key probability of erasure parameters C i for network side to the business cipher key storage chip, the corresponding business cipher key storage chip that is operating as is deleted one of them business cipher key in all business cipher keys according to predetermined probabilities, different operating process describe in detail in the above-described embodiments, repeat no more in the present embodiment.
In summary it can be seen, by adopting the processing mode in the present embodiment, can make things convenient for network side platform according to professional operating position or attack serious situation adjustment business cipher key probability of erasure parameter, then adjust the business cipher key probability of erasure, guaranteeing that validated user experience and disabled user use the balance between the difficulty thereby reach.
Wherein, the order of each step can also be adjusted according to actual needs in the embodiment of the invention.
The treatment facility of a kind of business cipher key that the embodiment of the invention also proposes as shown in Figure 7, comprising:
Business cipher key removing module 71 is used for after the business cipher key memory module of terminal powers on, and perhaps, described business cipher key memory module powers on when resetting the rear first time, deletes the business cipher key of storing in the described business cipher key memory module.
Sending module 72 is used for sending business cipher key to network side and obtains request, receiving after described business cipher key obtains request, described terminal is carried out authentication by network side.
Described business cipher key removing module 71 specifically is used for, according to the business cipher key of storing in the predetermined probabilities deletion business cipher key memory module.
Described business cipher key removing module 71 further comprises:
The first deletion submodule 711 is used for generating random parameter R when each business cipher key memory module powers on, and calculates N=R mod C; Wherein, described C is configurable business cipher key probability of erasure parameter, and the implication of described mod is the remainder of result behind two integral divides; When N=k, delete all business cipher keys of storing in the described business cipher key memory module, wherein, k<C;
The second deletion submodule 712 is used for when each business cipher key memory module powers on each business cipher key all being generated random parameter Ri, and calculates Ni=Ri mod Ci; Wherein, described Ci is configurable business cipher key probability of erasure parameter corresponding to business cipher key Ki, and the implication of described mod is the remainder of result behind two integral divides; When Ni=k, delete the business cipher key Ki that stores in the described business cipher key memory module, wherein, k<Ci.
In the said process, described business cipher key probability of erasure parameter is for being preset in the described business cipher key memory module; Perhaps, determine described business cipher key probability of erasure parameter by network side, and be written in the described business cipher key memory module.
The 3rd deletion submodule 713 is used for generating random parameter R1 when each business cipher key memory module powers on, and calculates Id=R1mod C1; Wherein, described C1 is the business cipher key quantity of storing in the described business cipher key memory module, and the implication of this mod is the remainder of result behind two integral divides; And delete that sequence number is the business cipher key of Id in the described business cipher key memory module.
Wherein, the modules of apparatus of the present invention can be integrated in one, and also can separate deployment.Above-mentioned module can be merged into a module, also can further split into a plurality of submodules.
As seen, the equipment that the application of the invention provides, by after device reset, business cipher key being deleted, thereby remedied the service security leak that causes when the business cipher key storage chip separates with user authentication module, and taken precautions against disabled user's attack, guaranteed that as much as possible the user of validated user experiences.And only need among the present invention the business cipher key storage chip is done a small amount of change, do not affect operation flow and the service logic of terminal, platform, thereby guaranteed the business cipher key safety requirements with less cost.
Through the above description of the embodiments, those skilled in the art can be well understood to the present invention and can realize by hardware, also can realize by the mode that software adds necessary general hardware platform.Based on such understanding, technical scheme of the present invention can embody with the form of software product, it (can be CD-ROM that this software product can be stored in a non-volatile memory medium, USB flash disk, portable hard drive etc.) in, comprise that some instructions are with so that a computer equipment (can be personal computer, server, perhaps network equipment etc.) is carried out method of the present invention.
The above only is preferred implementation of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the principle of the invention; can also make some improvements and modifications, these improvements and modifications also should be looked protection scope of the present invention.
It will be appreciated by those skilled in the art that the module in the device among the embodiment can be distributed in the device of embodiment according to the embodiment description, also can carry out respective change and be arranged in the one or more devices that are different from present embodiment.The module of above-described embodiment can be merged into a module, also can further split into a plurality of submodules.
The invention described above sequence number does not represent the quality of embodiment just to description.
More than disclosed only be several specific embodiment of the present invention, still, the present invention is not limited thereto, the changes that any person skilled in the art can think of all should fall into protection scope of the present invention.
Claims (7)
1. the processing method of a business cipher key is characterized in that, may further comprise the steps:
After the business cipher key memory module of terminal powered on, perhaps, described business cipher key memory module powered on when resetting the rear first time, according to the business cipher key of storing in the predetermined probabilities deletion business cipher key memory module;
Described terminal sends business cipher key to network side and obtains request;
Described network side carries out authentication receiving after described business cipher key obtains request to described terminal; And when authentication is passed through, send described business cipher key to described terminal;
Wherein, when described predetermined probabilities comprises a plurality of probability, each business cipher key that described a plurality of probability is stored in the corresponding described business cipher key memory module respectively, described business cipher key according to storing in the predetermined probabilities deletion business cipher key memory module comprises: when each business cipher key memory module powers on, each business cipher key is all generated random parameter Ri, and calculating Ni=Ri mod Ci, described Ci is configurable business cipher key probability of erasure parameter corresponding to business cipher key Ki, the implication of described mod is the remainder of result behind two integral divides, when Ni=k, delete the business cipher key Ki that stores in the described business cipher key memory module, k<Ci.
2. the method for claim 1 is characterized in that, also comprises:
When described predetermined probabilities is a probability, all business cipher keys of storing in the corresponding described business cipher key memory module.
3. method as claimed in claim 2 is characterized in that, when described predetermined probabilities is a probability, comprises according to the business cipher key of storing in the predetermined probabilities deletion business cipher key memory module:
When each business cipher key memory module powers on, generate random parameter R, and calculate N=R mod C; Wherein, described C is configurable business cipher key probability of erasure parameter, and the implication of described mod is the remainder of result behind two integral divides;
When N=k, delete all business cipher keys of storing in the described business cipher key memory module, wherein, k<C.
4. such as claim 1 or 3 described methods, it is characterized in that described business cipher key probability of erasure parameter is for being preset in the described business cipher key memory module; Perhaps, determine described business cipher key probability of erasure parameter by network side, and be written in the described business cipher key memory module.
5. method as claimed in claim 2 is characterized in that, when described predetermined probabilities is a probability, also comprises according to the business cipher key of storing in the predetermined probabilities deletion business cipher key memory module:
When each business cipher key memory module powers on, generate random parameter R1, and calculate Id=R1mod C1; Wherein, described C1 is the business cipher key quantity of storing in the described business cipher key memory module, and the implication of this mod is the remainder of result behind two integral divides;
Delete that sequence number is the business cipher key of Id in the described business cipher key memory module.
6. the treatment facility of a business cipher key is characterized in that, comprising:
The business cipher key removing module is used for after the business cipher key memory module of terminal powers on, and perhaps, described business cipher key memory module powers on when resetting the rear first time, deletes the business cipher key of storing in the described business cipher key memory module;
Sending module is used for sending business cipher key to network side and obtains request, receiving after described business cipher key obtains request, described terminal is carried out authentication by network side;
Processing module is used for receiving the described business cipher key from network side when described terminal authentication passes through;
Wherein, described business cipher key removing module specifically is used for, according to the business cipher key of storing in the predetermined probabilities deletion business cipher key memory module;
Described business cipher key removing module comprises: the second deletion submodule is used for when each business cipher key memory module powers on each business cipher key all being generated random parameter Ri, and calculates Ni=Ri mod Ci; Wherein, described Ci is configurable business cipher key probability of erasure parameter corresponding to business cipher key Ki, and the implication of described mod is the remainder of result behind two integral divides; When Ni=k, delete the business cipher key Ki that stores in the described business cipher key memory module, wherein, k<Ci.
7. equipment as claimed in claim 6 is characterized in that, described business cipher key removing module also comprises:
The first deletion submodule is used for generating random parameter R when each business cipher key memory module powers on, and calculates N=R mod C; Wherein, described C is configurable business cipher key probability of erasure parameter, and the implication of described mod is the remainder of result behind two integral divides; When N=k, delete all business cipher keys of storing in the described business cipher key memory module, wherein, k<C;
Described business cipher key probability of erasure parameter is for being preset in the described business cipher key memory module; Perhaps, determine described business cipher key probability of erasure parameter by network side, and be written in the described business cipher key memory module;
The 3rd deletion submodule is used for generating random parameter R1 when each business cipher key memory module powers on, and calculates Id=R1 mod C1; Wherein, described C1 is the business cipher key quantity of storing in the described business cipher key memory module, and the implication of this mod is the remainder of result behind two integral divides; And delete that sequence number is the business cipher key of Id in the described business cipher key memory module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910243595.2A CN102111765B (en) | 2009-12-28 | 2009-12-28 | Method and device for processing service key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910243595.2A CN102111765B (en) | 2009-12-28 | 2009-12-28 | Method and device for processing service key |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102111765A CN102111765A (en) | 2011-06-29 |
| CN102111765B true CN102111765B (en) | 2013-10-23 |
Family
ID=44175761
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910243595.2A Expired - Fee Related CN102111765B (en) | 2009-12-28 | 2009-12-28 | Method and device for processing service key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102111765B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112565281B (en) * | 2020-12-09 | 2021-09-17 | 北京深思数盾科技股份有限公司 | Information processing method, server and system of service key |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1635545A1 (en) * | 2004-09-14 | 2006-03-15 | Sony Ericsson Mobile Communications AB | Method and system for transferring of digital rights protected content using USB or memory cards |
| CN101610506A (en) * | 2008-06-16 | 2009-12-23 | 上海华为技术有限公司 | Prevent the method and apparatus of network security step-out |
-
2009
- 2009-12-28 CN CN200910243595.2A patent/CN102111765B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1635545A1 (en) * | 2004-09-14 | 2006-03-15 | Sony Ericsson Mobile Communications AB | Method and system for transferring of digital rights protected content using USB or memory cards |
| CN101610506A (en) * | 2008-06-16 | 2009-12-23 | 上海华为技术有限公司 | Prevent the method and apparatus of network security step-out |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102111765A (en) | 2011-06-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101350718B (en) | Method for protecting play content authority range base on user identification module | |
| CN101651714B (en) | Downloading method and related system and equipment | |
| CN101911087A (en) | Movable-component binding based on cloud | |
| CN104821937A (en) | Token acquisition method, device and system | |
| JP2003529963A (en) | Method and apparatus for preventing piracy of digital content | |
| EP2979392B1 (en) | A challenge-response method and associated client device | |
| CN105809046A (en) | Efficient encryption method and system of data | |
| CN113378119B (en) | Software authorization method, device, equipment and storage medium | |
| JP2007020189A (en) | Method for controlling digital rights of the "n-times reproducing" type for digital audio and/or video content, and apparatus for implementing the same | |
| CN112784302A (en) | File processing method and device, electronic equipment and readable storage medium | |
| KR20160065261A (en) | System for preventing forgery of application and method therefor | |
| CN101739532B (en) | Method and system for processing digital content according to a workflow | |
| CN101110671A (en) | Multimedia business protection and key management method based on mobile terminal | |
| CN102111765B (en) | Method and device for processing service key | |
| CN102045160B (en) | Method and equipment for updating service key | |
| CN102842002B (en) | The digital media copyright protection method of intelligent terminal | |
| CN112491907A (en) | Data transmission method, device, system, storage medium and electronic equipment | |
| CN109302442B (en) | Data storage proving method and related equipment | |
| CN113472722A (en) | Data transmission method, storage medium, electronic device and automatic ticket selling and checking system | |
| CN115567297A (en) | Cross-site request data processing method and device | |
| CN114401148A (en) | Communication data encryption and decryption optimization method | |
| KR100999653B1 (en) | Content playing system for having a smart card and the smart card | |
| EP1980966A1 (en) | A USB token for a mobile TV terminal | |
| CN100433161C (en) | Digital content intelligent playing device and its controllable playing method | |
| KR100827070B1 (en) | Apparatus for management license data and method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20131023 Termination date: 20211228 |