CN114679724A

CN114679724A - Key updating system and method

Info

Publication number: CN114679724A
Application number: CN202210516089.1A
Authority: CN
Inventors: 韩喆
Original assignee: Alipay Labs Singapore Pte Ltd
Current assignee: Advanced Nova Technology Singapore Holdings Ltd
Priority date: 2022-05-12
Filing date: 2022-05-12
Publication date: 2022-06-28

Abstract

The embodiment of the specification provides a key updating system and a method, wherein the key updating system comprises: a key management unit, at least two applications; the key management unit is configured to generate an update key associating at least two applications in response to a key update request; respectively sending the updated key to each application program, and updating a key record table into an intermediate key record table according to a key sending result; each application configured to receive the update key; updating the local key based on the updated key, and feeding back updated information to the key management unit according to an updated result; the key management unit is configured to receive the update information and update the intermediate key record table to a target key record table based on the update information, wherein the target key record table is used for recording key information of each application program. Thereby enabling the simultaneous updating of the keys of at least two applications associated with the same updating key. And the key updating is carried out on at least two application programs by using the same key, so that the security of the key updating is improved.

Description

Key updating system and method

Technical Field

The embodiment of the specification relates to the technical field of computers, in particular to a key updating system.

Background

In practical network applications, a validity period is usually set for the key used by the mobile terminal due to security policy considerations. When the key approaches the validity period, the key is updated to replace the old key with the new key. In the prior art, when updating the key of the mobile terminal, each mobile terminal usually updates and maintains its own key, however, when there are many mobile terminals, the key cannot be updated effectively, and therefore, a key updating method is needed to solve this problem.

Disclosure of Invention

In view of this, the present specification provides a key update system. One or more embodiments of the present disclosure also relate to a key updating method, a key updating apparatus, an information interaction system, an information interaction method, an information interaction apparatus, a computing device, a computer-readable storage medium, and a computer program, so as to solve technical deficiencies in the prior art.

According to a first aspect of embodiments herein, there is provided a key update system including:

a key management unit, at least two applications;

the key management unit is configured to generate an update key associating at least two applications in response to a key update request; respectively sending the updated key to each application program, and updating a key record table into an intermediate key record table according to a key sending result;

each application configured to receive the update key; updating the local key based on the updated key, and feeding back updated information to the key management unit according to an updated result;

the key management unit is configured to receive the update information and update the intermediate key record table to a target key record table based on the update information, wherein the target key record table is used for recording key information of each application program.

Optionally, the key management unit is further configured to store the updated key, where the updated key includes key data and a key tag; sending the key label to each application program, and updating a key record table into an initial key record table according to a label sending result; and under the condition that the key updating time reaches a preset updating threshold value, sending the key data to each application program, and updating the initial key record table into an intermediate key record table according to a key sending result.

Optionally, the key management unit is further configured to send the update key to an application program corresponding to the update failure information; and updating the target key record table under the condition that the updating information fed back by the application program corresponding to the updating failure information is the updating success information.

Optionally, the key management unit is further configured to, in a case that it is determined in the current key update cycle that the key corresponding to each application program is successfully updated, delete the historical key in the previous key update cycle, and record historical key information corresponding to the historical key in a historical key record table.

According to a second aspect of embodiments of the present specification, there is provided a key update method including:

the key management unit generates an update key associating at least two applications in response to the key update request; respectively sending the updated key to each application program, and updating a key record table into an intermediate key record table according to a key sending result;

each application program receives the updated key; updating the local key based on the updated key, and feeding back updated information to the key management unit according to an updated result;

and the key management unit receives the updating information and updates the intermediate key record table into a target key record table based on the updating information, wherein the target key record table is used for recording the key information of each application program.

According to a third aspect of embodiments herein, there is provided a key updating apparatus including:

a processing module configured to generate an update key associating at least two applications by the key management unit in response to the key update request; respectively sending the updated key to each application program, and updating a key record table into an intermediate key record table according to a key sending result;

a sending module configured to receive the update key per application; updating the local key based on the updated key, and feeding back updated information to the key management unit according to an updated result;

and the updating module is configured to receive the updating information by the key management unit and update the intermediate key record table into a target key record table based on the updating information, wherein the target key record table is used for recording the key information of each application program.

According to a fourth aspect of embodiments of the present specification, there is provided an information interaction system including:

the service server side is used for bearing the client side of the application program;

the client is configured to receive a service request corresponding to the application program; encrypting the service data carried in the service request according to the updated key to obtain encrypted data and sending the encrypted data to the service server;

and the service server is configured to receive the encrypted data, create a service processing task according to the encrypted data, and execute the service processing task as a response to the service request.

Optionally, the information interaction system further includes a key management unit;

the client is further configured to respond to the service request to generate a key acquisition request and send the key acquisition request to a key management unit;

the key management unit is configured to determine an update key corresponding to the key acquisition request and send the update key to the client;

the client is further configured to receive the updated key sent by the key management unit.

the key management unit is further configured to send the updated key to a client;

the client is configured to receive the updated key and store the updated key; and reading the updating key under the condition of receiving a service request corresponding to the application program.

Optionally, the client is further configured to encrypt service data carried in the service request according to a private key included in the update key, obtain encrypted data carrying a digital signature, and send the encrypted data to the service server;

and the business server is configured to receive the encrypted data, decrypt the encrypted data according to a public key contained in a local certificate, and execute the business processing task created according to the encrypted data under the condition of successful decryption.

Optionally, the key management unit is further configured to receive a key obtaining request carrying a key tag, and send the local key to the client when determining that the key tag corresponds to the local key.

the key management unit is further configured to select a test application program from the at least two application programs and send the updated key to the test application program;

the test application further configured to receive the updated key; receiving a test service request corresponding to the test application program, encrypting test service data carried by the test service request based on the updated key, obtaining test encrypted data and sending the test encrypted data to the service server;

the service server is configured to receive the test encrypted data, create a test service processing task according to the test encrypted data, and execute the test service processing task as a response to the test service request.

According to a fifth aspect of embodiments of the present specification, there is provided an information interaction method, including:

the client receives a service request corresponding to the application program; encrypting the service data carried in the service request according to the updated key to obtain encrypted data and sending the encrypted data to the service server;

and the service server receives the encrypted data, creates a service processing task according to the encrypted data, and executes the service processing task as a response of the service request.

According to a sixth aspect of embodiments herein, there is provided an information interaction apparatus, comprising:

the encryption module is configured to receive a service request corresponding to the application program by a client; encrypting the service data carried in the service request according to the updated key to obtain encrypted data and sending the encrypted data to a service server;

and the execution module is configured to receive the encrypted data by the service server, create a service processing task according to the encrypted data, and execute the service processing task as a response to the service request.

According to a seventh aspect of embodiments herein, there is provided a computing device comprising:

a memory and a processor;

the memory is for storing computer-executable instructions and the processor is for executing the computer-executable instructions, which when executed by the processor, implement the steps of the above-described method.

According to an eighth aspect of embodiments herein, there is provided a computer-readable storage medium storing computer-executable instructions that, when executed by a processor, implement the steps of the above-described method.

According to a ninth aspect of embodiments herein, there is provided a computer program, wherein the computer program, when executed in a computer, causes the computer to perform the steps of the above method.

In a key update system provided in an embodiment of the present specification, when performing key update, a key management unit generates an update key associated with at least two application programs in response to a key update request; respectively sending the updated key to each application program, and updating the key record table into an intermediate key record table according to the key sending result; each application program receives an update key; updating the local key based on the updated key, and feeding back updated information to the key management unit according to an updated result; the key management unit receives the update information and updates the intermediate key record table to a target key record table based on the update information, wherein the target key record table is used for recording the key information of each application program. Thereby enabling the simultaneous updating of the keys of at least two applications associated with the same updating key. And the key updating is carried out on at least two application programs by using the same key, so that the security of the key updating is improved.

Drawings

Fig. 1 is a schematic structural diagram of a key update system according to an embodiment of the present specification;

FIG. 2 is a schematic structural diagram of an information interaction system provided in an embodiment of the present specification;

FIG. 3 is an interaction diagram of a system provided by one embodiment of the present description;

FIG. 4 is a schematic processing diagram of a system provided by one embodiment of the present description;

FIG. 5 is a flow chart of a method for updating keys provided by an embodiment of the present specification;

fig. 6 is a schematic structural diagram of a key update apparatus according to an embodiment of the present specification;

FIG. 7 is a flow chart of a method of information interaction provided by an embodiment of the present specification;

FIG. 8 is a schematic structural diagram of an information interaction apparatus according to an embodiment of the present disclosure;

fig. 9 is a block diagram of a computing device according to an embodiment of the present disclosure.

Detailed Description

In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present description. This description may be implemented in many ways other than those specifically set forth herein, and those skilled in the art will appreciate that the present description is susceptible to similar generalizations without departing from the scope of the description, and thus is not limited to the specific implementations disclosed below.

The terminology used in the description of the one or more embodiments is for the purpose of describing the particular embodiments only and is not intended to be limiting of the description of the one or more embodiments. As used in one or more embodiments of the present specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used in one or more embodiments of the present specification refers to and encompasses any and all possible combinations of one or more of the associated listed items.

It will be understood that, although the terms first, second, etc. may be used herein in one or more embodiments to describe various information, these information should not be limited by these terms. These terms are only used to distinguish one type of information from another. For example, a first can be termed a second and, similarly, a second can be termed a first without departing from the scope of one or more embodiments of the present description. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.

First, the noun terms to which one or more embodiments of the present specification relate are explained.

Certificate: here, a digital certificate is an electronic file that uniquely identifies people and resources on the Internet. Certificates enable secure, confidential communication between two entities.

Private key: private key held by the certificate holder himself

HTTPS client identity: this refers to the need to verify the identity of the requestor when the HTTPS handshake is performed when the client has accessed a certain website/service. Generally, a requester whites a client certificate of the requester in advance at a server, and then verifies the client certificate every time the requester accesses the server to perform HTTPS handshake.

KMI (Key Management Infrastructure): it is a key unified centralized management mechanism, applicable to various private networks.

When interfacing external mechanisms, there are scenarios where multiple internal systems need to interact with the same external system. Some of these third party institutions' external systems can only accept one client identity. Requiring that the internal system must use the same key (private key + certificate) when accessing the external system. Meanwhile, because the client identity has a validity period (generally one year), a set of key updating and key invalidation methods needs to be designed to ensure that the normal execution of the service is not affected when the key updating is performed by the same application program of the plurality of affiliated service parties.

In the present specification, a key renewal system is provided, and the present specification relates to a key renewal method, a key renewal apparatus, an information exchange system, an information exchange method, an information exchange apparatus, a computing device, a computer-readable storage medium, and a computer program, which are described in detail one by one in the following embodiments.

Referring to fig. 1, fig. 1 is a schematic diagram illustrating a structure of a key renewal system 100 according to an embodiment of the present specification, the key renewal system 100 including a key management unit 110 and at least two application programs 120, wherein,

the key management unit 110 configured to generate an update key associated with at least two applications 120 in response to a key update request; the updated key is sent to each application program 120, and the key record table is updated to an intermediate key record table according to the key sending result;

each application 120 configured to receive the update key; updating the local key based on the updated key, and feeding back updated information to the key management unit 110 according to an update result;

the key management unit 110 is configured to receive the update information, and update the intermediate key record table to a target key record table based on the update information, wherein the target key record table is used for recording the key information of each application program 120.

Specifically, the key management unit 110 is configured to manage related data of a key, where the related data of the key includes a certificate, a private key, and a key label corresponding to the key, where the certificate is a digital certificate, the key label is also referred to as an alias of the key, and each key has a unique corresponding key label; application 120 refers to a computer program or computer software, which operates in a user mode, can interact with a user, and has a visual user interface; the key update request refers to a computer instruction received by the key management unit 110 for requesting the key management unit 110 to update the key; the updating key is a new key generated relative to the original key; the key transmission result refers to a transmission case where the key management unit 110 transmits the update key to the application programs 120, that is, to which application programs 120 the update key is transmitted; the key record table is a table for recording key information of each application program 120, and the intermediate record table is an updated key record table obtained after recording a key transmission result in the key record table; the local key is a key corresponding to the updated key and used before the updated key is received; the update information refers to information generated by the application program 120 for updating the key, and includes update success information and update failure information; the target key record table is a record table obtained by updating the intermediate key record table by the key management unit 110 according to the received update information.

Based on this, after the key management unit 110 receives the key update request, an update key is generated in response to the key update request, the update key is associated with at least two applications 120, that is, at least two applications 120 associated with the update key share the same update key, and in this embodiment, the service parties to which the at least two applications belong are the same. The key management unit 110 sends the updated key to each application program 120, updates the key record table according to the generated key sending result, and updates the key record table to an intermediate key record table for recording the sending condition of the updated key, that is, recording which application programs 120 the updated key is sent to. Each application program 120 receives the update key sent by the key management unit 110, updates the local key stored by the application program 120 according to the received update key, and feeds back update information to the key management unit 110 according to the update result. After receiving the update information fed back by the at least two applications 120, the key management unit 110 updates the intermediate key record table based on the update information, and updates the intermediate key record table to a target key record table, where the target key record table is used to record the key information of each application 120.

In summary, when the local key of the application is updated, the key management unit 110 sends the same updated key to multiple applications, so that the keys of multiple applications are updated simultaneously, resource consumption caused by maintaining the keys of multiple applications is reduced, and the key updating method is simplified.

Further, in this embodiment, the key management unit 110 is further configured to store the updated key, where the updated key includes key data and a key tag; sending the key tag to each application program 120, and updating a key record table to an initial key record table according to a tag sending result; and under the condition that the key updating time reaches a preset updating threshold, sending the key data to each application program 120, and updating the initial key record table into an intermediate key record table according to a key sending result.

Specifically, the key data includes a certificate and a private key; the key labels are also called aliases of the keys, and each key has a unique corresponding key label; the tag transmission result refers to a transmission condition in which the key management unit 110 transmits the key tag to the application programs 120, that is, to which application programs 120 the key tag is transmitted; the initial key record table is a record table obtained after updating the key record table according to the label sending result; the preset update threshold refers to a preset key update time threshold and also refers to a key update period, and the preset update threshold may be set to any length of time such as one year, six months, and the like, which is not limited in this embodiment.

Based on this, the key management unit 110 generates the update keys associated with the at least two applications 120 in response to the key update request, and then the key management unit 110 stores the update keys. The update key includes key data and a key tag, and after the update key is generated, the key tag is first sent to each application program 120, and the key record table is updated according to a tag sending result generated by sending the key tag to each application program 120, and the key record table is updated to an initial key record table. And when the key updating time reaches a preset updating threshold, respectively sending the key data to each application program 120, updating the initial key record table according to a key sending result generated by sending the key data to each application program 120, and updating the initial key record table into an intermediate key record table.

For example, when payment is performed through a shopping application, a deduction request needs to be initiated to a bank associated with the application, the bank deducts a certain amount of money, and in order to ensure security of transaction, deduction data carried in the deduction request needs to be encrypted by using a key and then sent to a bank system. In order to further ensure the security of the key, the key also needs to be updated regularly. When the application program interacts with an external system, in order to reduce the complexity of interaction, a plurality of application programs corresponding to the same service party can interact with the same external system by using the same secret key (private key + certificate), the secret key usually has a validity period, and only in the validity period, the application programs can use the secret key to interact with the external system or an organization. Therefore, in the case that the key needs to be updated, the key can be updated through the KMI system, so that the normal execution of the service is not affected when the key is updated, and the keys corresponding to a plurality of applications can be updated simultaneously. And generating a new key by the KMI system before reaching the key update time, wherein the new key comprises a certificate, a private key and an alias corresponding to the new key, the KMI system is the key management unit, the new key is the update key, the key data comprises the certificate and the private key, and the alias of the new key is the key label corresponding to the update key. KMI after the system generates a new key, the system first sends the alias corresponding to the new key to multiple applications sharing the same key, such as a quick payment application, a shopping application, a video application, etc. having an association relationship with the new key, and records the sending result in the key record table, that is, which applications the new key is sent to. And when the preset key updating time threshold is reached, pushing the certificate and the private key of the new key to each application program which has an association relation with the new key, and recording the pushing result in a key record table. After receiving the new key, the application updates the old key according to the new key, and feeds back a key updating result to the KMI system, namely, informs the MKI system whether the updating is successful or not. And recording the information of successful update in the key record table under the condition that the update result fed back by the quick payment application program and the video application program is successful, and recording the information of failed update in the key record table at the corresponding position of the quick payment application program and the video application program under the condition that the update result fed back by the shopping application program is failed.

In summary, the key data and the key label are respectively sent at different times, so that the subsequent application program can obtain the key data from the key management unit based on the key label, thereby improving the flexibility of updating the key.

Further, considering that the application 120 may fail to receive the update key due to various factors such as a network, even if the reception fails, the update information of the reception failure needs to be sent to the key management unit 110, so as to update the intermediate key record table. When the update information received by the key management unit 110 is update failure information, in order to update the key of the application program 120 associated with the update key, the key management unit 110 needs to send the update key to the application program 120 corresponding to the update failure information again; and updating the target key record table when the update information fed back by the application program 120 corresponding to the update failure information is update success information.

Specifically, the update failure information refers to update information generated when the application program 120 fails to receive the update key sent by the key management unit 110; the update success information is update information generated when the application program 120 successfully receives the update key transmitted by the key management unit 110.

Based on this, when the application program 120 receives the update key, if the reception is unsuccessful, the update failure information is transmitted to the key management unit 110 as the update information. When the key management unit 110 receives that the update information is update failure information, it determines the application program 120 corresponding to the update failure information through the update failure information, and sends the update key to the application program 120 again until receiving update success information fed back by the application program 120, and updates the key record table according to the update success information.

In the above example, when the KMI system receives that the key update result fed back by the shopping application program is update failure, it indicates that the shopping application program may not receive the new key pushed by the KMI system due to various reasons such as network, so that the KMI system needs to push the new key to the shopping application program corresponding to the update failure information again when receiving the update failure information, receive the shopping application program feedback update result, if the key update result fed back by the shopping application program is still update failure, push the new key again until the KMI system receives that the key update result fed back by the shopping application program is update success information, stop pushing, and record the update success information fed back by the shopping application program in the key record table at the position corresponding to the shopping application program.

In summary, when the received update information is update failure information, the update information is sent to the application program corresponding to the update failure information again, so that the key update of the application program is realized, and it is ensured that each application program associated with the update key completes the key update.

Further, in the present embodiment, after the key update is completed for each application program 120 corresponding to the updated key in the current key update cycle, the key management unit 110 is further configured to delete the historical key in the previous key update cycle and record the historical key information corresponding to the historical key in the historical key record table when the current key update cycle determines that the key corresponding to each application program 120 is successfully updated, considering that the historical key corresponding to the previous key update cycle has failed.

Specifically, the key update cycle refers to preset key update time, and may be a key update cycle of one year, where a key is valid only in the current key update cycle, and a new key is generated in one key update cycle, that is, each key update cycle corresponds to one key; the historical key refers to a key corresponding to the previous key updating period adjacent to the current key updating period; the historical key information refers to the related information of the historical key, and comprises information such as a private key and a key label.

Based on this, in the current key update period, the key update condition corresponding to each application program 120 can be known through traversing the target key record table. When it is determined that the key corresponding to each application program 120 is successfully updated, the historical key of the previous key update cycle adjacent to the current key update cycle may be deleted in the application program 120 and the key management unit 110, and the historical key information corresponding to the historical key is recorded in the historical key recording table maintained by the key management unit 110.

Along the above example, when the update results corresponding to the fast payment application, the shopping application, and the video application recorded in the key record table are all successful, it indicates that the fast payment application, the shopping application, and the video application all complete key update, at this time, the old key stored in the KMI system is deleted, and information of the old key, including information of the expiration time of the old key, is recorded in the history table of the KMI system.

In summary, in the current key update period, when the key corresponding to each application program is successfully updated, the historical key of the previous key update period adjacent to the current key update period is deleted, so that the storage space of the application program and the key management unit is saved.

Referring to fig. 2, fig. 2 is a schematic structural diagram illustrating an information interaction system 200 according to an embodiment of the present disclosure, where the information interaction system 200 includes a service end 210 and an application-bearing client 220, where,

the client 220 is configured to receive a service request corresponding to the application program; encrypting the service data carried in the service request according to the updated key to obtain encrypted data and sending the encrypted data to the service server 210;

the service server 210 is configured to receive the encrypted data, create a service processing task according to the encrypted data, and execute the service processing task as a response to the service request.

Specifically, the client 220 carries a plurality of application programs, the service request refers to a computer instruction submitted for a specific service, and in this embodiment, the service request may be an operation instruction generated by a user through operating an application program, and is used for implementing a specific function; the service data refers to data carried in the service request and required to be sent to the service server 210; the encrypted data refers to a processing result obtained after the service data is encrypted by using the updated key; the service processing task is a task to be executed corresponding to the service request.

Based on this, after the client 220 receives the service request corresponding to the borne application program, the service data carried in the service request is read, the service data carried in the service request is encrypted according to the update key corresponding to the application program, encrypted data is obtained, and the encrypted data is sent to the service server 210. After receiving the encrypted data, the service server 210 creates a service processing task according to the encrypted data and executes the service processing task, thereby implementing a response to the service request.

In summary, the service data is encrypted according to the updated key, so that the execution of the service processing task is realized, and the security of data transmission is improved.

Further, when encrypting the service data based on the updated key, the service data may be encrypted based on a private key included in the updated key first, so as to obtain encrypted data carrying a digital signature, in this embodiment, the client 220 is further configured to encrypt the service data carried in the service request according to the private key included in the updated key, obtain encrypted data carrying a digital signature, and send the encrypted data carrying a digital signature to the service end 210; the service server 210 is configured to receive the encrypted data, decrypt the encrypted data according to a public key included in the local certificate, and execute the service processing task created according to the encrypted data when decryption is successful.

Specifically, the local certificate refers to a certificate stored by the service server 210 and included in the updated key, where the certificate includes a public key; the encrypted data refers to service data carrying a digital signature, that is, data obtained by adding a digital signature to the service data.

Based on the above, when the service data is encrypted based on the updated key, the service data is encrypted based on the private key included in the updated key, that is, the intermediate encrypted data is combined with the digital signature to obtain the encrypted data carrying the digital signature. The encrypted data is sent to the service end 210. After receiving the encrypted data with the digital signature sent by the client 220, the service server 210 reads the digital signature carried by the encrypted data, decrypts the encrypted data sent by the client 220 according to the digital signature, and creates a service processing task according to the encrypted data if the decryption is successful.

For example, after the key update is completed for the fast payment application, the shopping application, and the video application, the multiple applications such as the fast payment application, the shopping application, and the video application, which are loaded by the client, can use the new key to perform information interaction with the service server, that is, the banking system. The shopping application program submits a transaction request carrying transaction data to a bank, and before the request is initiated, the transaction data carried in the transaction request is encrypted by using a new secret key, wherein the transaction data comprises a transaction account A, a transaction amount B and a transfer-out transaction type. And encrypting the transaction data by using a private key contained in the new key to obtain encrypted data, namely, attaching the digital signature to the transaction data to obtain the transaction data carrying the digital signature. And sending the encrypted data to a bank system. After receiving the encrypted data, the bank system decrypts the encrypted data carrying the digital signature according to a local certificate stored in the bank system, acquires transaction data (a transaction account A, a transaction amount B and a transfer-out transaction type) under the condition of successful decryption, and creates a data updating task according to the transaction data, namely, the transaction account A is deducted according to the transfer-out amount B of the account A.

In summary, the service data is encrypted based on the private key to obtain the intermediate encrypted data, and then the digital signature is added to the intermediate encrypted data, so that the security and accuracy of data transmission are ensured.

Further, when the client 220 needs to interact with the service end 210, it may request the key management unit to update the key each time the interaction needs to be performed, so as to obtain an updated key, and use the updated key to interact with the service end 210, in this embodiment, the information interaction system further includes a key management unit; the client 220 is further configured to generate a key obtaining request in response to the service request and send the key obtaining request to the key management unit; the key management unit is configured to determine an update key corresponding to the key acquisition request, and send the update key to the client 220; the client 220 is further configured to receive the updated key sent by the key management unit.

Specifically, the key obtaining request refers to a computer instruction for requesting the key management unit to update the key, so as to obtain the updated key sent by the key management unit, so as to facilitate subsequent interaction with the service server 210 based on the updated key.

Based on this, after the client 220 receives the service request corresponding to the loaded application program, a key acquisition request is created based on the service request, and the key acquisition request is sent to the key management unit. After receiving the key acquisition request, the key management unit determines an update key corresponding to the key acquisition request based on the key acquisition request, and sends the update key to the client 220. After receiving the updated key, the client 220 stores the updated key, so that the subsequent client 220 can interact with the service server 210 based on the updated key.

In summary, after the client receives the service request, a key acquisition request is created based on the service request and sent to the key management unit, so as to acquire the updated key stored by the key management unit, thereby ensuring the accuracy of the updated key corresponding to the client and improving the success rate of information interaction between the client and the service server.

Further, when the key update is not completed, and the client 220 needs to interact with the service server 210, the local key may be continuously used, in this embodiment, the key management unit is further configured to receive a key acquisition request carrying a key tag, and send the local key to the client 220 when it is determined that the key tag corresponds to the local key.

Specifically, during the key updating process of the client 220, the client 220 may further use the key before updating to interact with the service server 210, and the local key is the key being used corresponding to the current updated key.

Based on this, in the process of updating the key, when the client 220 does not complete the key updating, and the client needs to interact with the service server 210, a key obtaining request carrying a key tag is sent to the key management unit. After receiving a key acquisition request carrying a key tag by a client, the key management unit determines a local key corresponding to the key tag under the condition that the key tag is determined to be the local key tag, and sends the local key to the client.

Following the above example, after the shopping application completes the key update, information interaction can be performed with the bank system based on the new key. And the shopping application program actively sends a key acquisition request to the MKI system for acquiring a new key. When the MKI system receives the key acquisition request, it sends the new key (new certificate and private key) to the shopping application. The shopping application implements, based on the received new key, the transaction data: and encrypting the transaction account A, the transaction amount B and the transfer-out transaction type, and sending the encrypted data to a bank system.

In summary, in the process of updating the key, when the client needs to interact with the service end, the local key is obtained through the key obtaining request carrying the key tag, so that the interaction with the service end is completed, and the condition that the interaction with the service end cannot be performed due to the key update is avoided.

Further, considering that resource waste is caused when the client 220 needs to send a key acquisition request to the key management unit each time the client 220 interacts with the service server 210, after the key is updated, the client 220 may store the updated key sent by the key management unit, so as to read the updated key when interacting with the service server 210 next time, in this embodiment, the information interaction system further includes a key management unit; the key management unit is further configured to send the updated key to the client 220; the client 220 is configured to receive the updated key and store the updated key; and reading the updating key under the condition of receiving a service request corresponding to the application program.

Based on this, after the key management unit sends the update key to the client 220, the client 220 receives the update key and stores the update key. When the client 220 has a requirement for interaction with the service server 210, the stored update key is read, so as to encrypt data according to the update key.

In the above example, considering that sending a key acquisition request to the KMI system each time the shopping application needs to interact with the banking system consumes a lot of resources, and waits for a long time, therefore, when the shopping application completes the key update and needs to use the new key to interact with the banking system, a key acquisition request may be sent to the KMI system once, when the KMI system receives a key acquisition request for a shopping application, sending a new key corresponding to the key acquisition request to the shopping application, the shopping application receiving and storing the new key, and interaction with the banking system is realized according to the received new secret key, when the shopping application program needs to interact with the banking system again, the new key stored previously can be read, and the interaction with the bank system is realized, so that the resource waste is avoided, and the time is saved.

In summary, after receiving the updated key, the client stores the updated key, so that the client directly reads the updated key when the client has an interaction requirement with the service server, thereby avoiding the client requesting the key management unit for updating the key again, reducing resource consumption and shortening data encryption time.

Further, before pushing the updated key to the plurality of application programs, a test needs to be performed first, and in this embodiment, the information interaction system further includes a key management unit;

the key management unit is further configured to select a test application program from the at least two application programs and send the updated key to the test application program; the test application further configured to receive the updated key; receiving a test service request corresponding to the test application program, encrypting test service data carried in the test service request based on the updated key, obtaining test encrypted data, and sending the test encrypted data to the service server 210; the service server 210 is configured to receive the test encrypted data, create a test service processing task according to the test encrypted data, and execute the test service processing task as a response to the test service request.

Specifically, the test application refers to an application selected from applications carried by the client 220, and is used for testing whether the updated key can be normally used and testing whether the application can successfully implement key update; the test service request refers to a computer instruction sent by a test application program; the test service data refers to test data carried in the test service request and required to be sent to the service server 210; the test encrypted data is encrypted data obtained by encrypting the test service data; the test service processing task refers to a task to be executed corresponding to the test service request.

Based on this, before pushing the updated key to all the application programs associated with the updated key, the updated key is tested, a test application program is selected from at least two application programs loaded by the client 220, and the updated key is sent to the test application program. The test application program receives the update key, reads the test service data carried in the test service request after receiving the test service request, encrypts the test service data carried in the test service request according to the update key corresponding to the test application program to obtain test encrypted data, and sends the test encrypted data to the service server 210. After receiving the test encrypted data, the service server 210 creates a test service processing task according to the test encrypted data and executes the test service processing task, thereby implementing a response to the test service request.

Along with the above example, before sending the new key to the application programs such as the quick payment application program, the shopping application program, and the video application program corresponding to the new key, the new key needs to be subjected to a gray level test, that is, whether the new key is available is tested. A video application is first selected from the plurality of applications as a test application and the new key is sent KMI from the system to the video application. After the video application program receives the new secret key, when a test service request for testing the new secret key is received, the test data carried by the test service request is encrypted based on the new secret key and then sent to the service server, and the service server creates and executes the test service based on the encrypted test data, so that the gray level test is realized.

In summary, before pushing the updated key to all the application programs associated with the updated key, the updated key is tested, and if the test is passed, the updated key is pushed to all the application programs associated with the updated key, so that resource waste caused by pushing the updated key which cannot be used is avoided.

Fig. 3 shows an interaction diagram of key update and information interaction provided in an embodiment of the present application, where the interaction diagram includes a client 310 carrying at least two application programs, a key management unit 320 and a service server 330, and specifically includes the following steps:

step S302: and entering a new certificate, a private key and a key label in the key management unit.

As shown in the processing diagram of fig. 4, the key management unit manages a plurality of certificates and private keys, each certificate and private key has its corresponding application, and the application 1 corresponding to the new certificate and private key 1 and the service side to which the application 2 belongs are the same, so that the new certificate and private key 1 are shared. Because the certificate and the private key have the valid period which is generally 1 year, when the valid period is reached, the key management unit can generate a new certificate and a new private key or receive and store the new certificate and the new private key for pushing to an application program associated with the new certificate and the new private key to realize gray level replacement, and the new certificate and the new private key are used for replacing the original certificate and the private key which are used currently. When the application program needs to perform information interaction with the service server, if gray level replacement is completed, information interaction is performed by using the new certificate and the private key, and if the gray level replacement is not completed, information interaction is performed by using the original certificate and the private key. When the certificate and the private key need to be updated, the key management unit generates a new certificate and a private key 1, or the new certificate and the private key 1 are manually input into the key management unit, and the new certificate and the private key 1 are stored in the key management unit.

Step S304: and selecting a verification application program from the at least two application programs, and pushing the new certificate, the private key and the key label to the verification application program of the client.

And selecting the application program 1 as a verification application program, namely a gray scale verification machine, and sending the new certificate and the private key 1 to the service 1 in the application program 1 to realize gray scale pushing.

Step S306: and pushing the new certificate to the service end.

When the new certificate and the private key 1 are sent to the application program 1, the new certificate is sent to the business server for verifying the identity of the application program 1 when the application program 1 and the business server perform information interaction.

Step S308: and the key management unit receives the updated information fed back by the client.

After receiving the new certificate and the private key 1 and completing the replacement, the application 1 feeds back the information of successful update to the key management unit. If the application program 1 does not finish the replacement of the new certificate and the private key 1, the information of failed update is fed back to the key management unit, and the key management unit pushes the new certificate and the private key 1 to the application program 1 again.

Step S310: and the key management unit receives the update information fed back by the service server.

Correspondingly, after the service end receives the new certificate, the information of successful reception is fed back to the key management unit, and if the service end fails to receive, the information of failed update is fed back to the key management unit.

Step S312: and completing the verification of the new certificate and the private key in the verification application program of the client.

The verification of the new certificate and private key 1 is done by the application 1. The application program 1 acquires transfer data such as a transfer-in account number, a transfer-out account number and a transfer amount carried by the transfer task after receiving the transfer task, encrypts the transfer data by adopting a received private key, generates encrypted data and then sends the encrypted data to a service server, and the service server verifies the encrypted data based on a new certificate after receiving the encrypted data.

Step S314: and after the verification is passed, the key management unit pushes the new certificate and the private key to all application programs borne by the client.

In case the verification passes, the key management unit may send the new certificate and private key 1 to all applications associated with the new certificate and private key 1, i.e. application 2.

Step S316: and the client sends a key acquisition request carrying the key label to the key management unit according to the key label.

When the service 1 in the application program 1 needs to perform information interaction with a service server, the service 1 in the application program submits a key acquisition request carrying a key label to a key management unit, and the key acquisition request is used for acquiring a new certificate and a private key 1 corresponding to the key label from the key management unit.

Step S318: and sending the certificate and the private key to the client according to the key label.

And when the key label received by the key management unit corresponds to the new certificate and the private key, the new certificate and the private key are sent to the client.

Step S320: and adding a digital signature to the service data according to the private key.

When the received certificate and the received private key are a new certificate and a new private key, adding a digital signature to the business data by using the new private key to obtain encrypted data, and when the received certificate and the received private key are an old certificate and a old private key, adding the digital signature to the business data by using the old private key to obtain the encrypted data, wherein the encrypted data is the business data carrying the digital signature.

Step S322: and sending the encrypted data to a service server for verification.

In summary, the key management unit generates a new certificate and a private key, and actively pushes the new certificate and the private key to at least two application programs associated with the new certificate and the private key, thereby implementing key update of the application programs. It is achieved that key updates of multiple applications are managed simultaneously.

Corresponding to the above system embodiment, the present specification further provides a key updating method, and fig. 5 shows a flowchart of the key updating method provided in an embodiment of the present specification, which specifically includes the following steps:

step S502: the key management unit generates an update key associating at least two applications in response to the key update request; and respectively sending the updated key to each application program, and updating the key record table into an intermediate key record table according to the key sending result.

Step S504: each application program receives the updated key; and updating the local key based on the updated key, and feeding back updated information to the key management unit according to an updated result.

Step S506: and the key management unit receives the updating information and updates the intermediate key record table into a target key record table based on the updating information, wherein the target key record table is used for recording the key information of each application program.

Optionally, the key management unit stores the updated key, where the updated key includes key data and a key tag; sending the key label to each application program, and updating a key record table into an initial key record table according to a label sending result; and under the condition that the key updating time reaches a preset updating threshold value, sending the key data to each application program, and updating the initial key record table into an intermediate key record table according to a key sending result.

Optionally, the key management unit sends the update key to an application program corresponding to the update failure information; and updating the target key record table under the condition that the updating information fed back by the application program corresponding to the updating failure information is updating success information.

Optionally, the key management unit, when determining that the key corresponding to each application program is successfully updated in the current key update cycle, deletes the historical key in the previous key update cycle, and records the historical key information corresponding to the historical key in a historical key record table.

To sum up, in the key updating method provided in one embodiment of the present specification, when performing key updating, the key management unit generates an update key associated with at least two application programs in response to a key updating request; respectively sending the updated key to each application program, and updating the key record table into an intermediate key record table according to the key sending result; each application program receives an updated key; updating the local key based on the updated key, and feeding back updated information to the key management unit according to an updated result; the key management unit receives the update information and updates the intermediate key record table to a target key record table based on the update information, wherein the target key record table is used for recording the key information of each application program. Thereby enabling the simultaneous updating of the keys of at least two applications associated with the same updating key. And the key updating is carried out on at least two application programs by using the same key, so that the security of the key updating is improved.

The above is an exemplary scheme of the key updating method of the present embodiment. It should be noted that the technical solution of the key update method and the technical solution of the key update system described above belong to the same concept, and details that are not described in detail in the technical solution of the key update method can be referred to the description of the technical solution of the key update system described above.

Corresponding to the above method embodiment, this specification further provides 6 device embodiments, and fig. 6 shows a schematic structural diagram of a key update device provided in an embodiment of this specification. As shown in fig. 6, the apparatus includes:

a processing module 602 configured to the key management unit to generate an update key associating at least two applications in response to the key update request; and respectively sending the updated key to each application program, and updating the key record table into an intermediate key record table according to the key sending result.

A sending module 604 configured to receive the update key per application; and updating the local key based on the updated key, and feeding back updated information to the key management unit according to an updated result.

An updating module 606 configured to receive the update information by the key management unit, and update the intermediate key record table to a target key record table based on the update information, where the target key record table is used to record key information of each application program.

In an optional embodiment, the processing module 602 is further configured to:

storing the updated key, wherein the updated key comprises key data and a key label; sending the key label to each application program, and updating a key record table into an initial key record table according to a label sending result; and under the condition that the key updating time reaches a preset updating threshold value, sending the key data to each application program, and updating the initial key record table into an intermediate key record table according to a key sending result.

In an optional embodiment, the processing module 602 is further configured to:

sending the updating key to an application program corresponding to the updating failure information; and updating the target key record table under the condition that the updating information fed back by the application program corresponding to the updating failure information is updating success information.

In an optional embodiment, the updating module 606 is further configured to:

and under the condition that the key corresponding to each application program is determined to be updated successfully in the current key updating period, deleting the historical key in the previous key updating period, and recording the historical key information corresponding to the historical key in a historical key recording table.

To sum up, in the key updating apparatus provided in one embodiment of the present specification, when performing key updating, the key management unit generates an update key associated with at least two applications in response to a key updating request; respectively sending the updated key to each application program, and updating the key record table into an intermediate key record table according to the key sending result; each application program receives an updated key; updating the local key based on the updated key, and feeding back updated information to the key management unit according to an updated result; the key management unit receives the update information and updates the intermediate key record table to a target key record table based on the update information, wherein the target key record table is used for recording the key information of each application program. Thereby enabling the simultaneous updating of the keys of at least two applications associated with the same updating key. And the key updating is carried out on at least two application programs by using the same key, so that the security of the key updating is improved.

The above is an exemplary scheme of a key updating apparatus of the present embodiment. It should be noted that the technical solution of the key updating apparatus belongs to the same concept as the technical solution of the key updating method described above, and for details that are not described in detail in the technical solution of the key updating apparatus, reference may be made to the description of the technical solution of the key updating method described above.

Corresponding to the above system embodiment, the present specification further provides an information interaction method, and fig. 7 shows a flowchart of the information interaction method provided in an embodiment of the present specification, which specifically includes the following steps:

step S702: a client bearing an application program receives a service request corresponding to the application program; and encrypting the service data carried in the service request according to the updated key to obtain encrypted data and sending the encrypted data to the service server.

Step S704: and the service server receives the encrypted data, creates a service processing task according to the encrypted data, and executes the service processing task as a response of the service request.

Optionally, the information interaction system further includes a key management unit; the client responds to the service request to generate a key acquisition request and sends the key acquisition request to the key management unit; the key management unit determines an updated key corresponding to the key acquisition request and sends the updated key to the client; and the client receives the updated key sent by the key management unit.

Optionally, the information interaction system further includes a key management unit; the key management unit sends the updated key to a client; the client receives the updated key and stores the updated key; and reading the updating key under the condition of receiving a service request corresponding to the application program.

Optionally, the client encrypts the service data carried in the service request according to a private key included in the update key, obtains encrypted data carrying a digital signature, and sends the encrypted data to the service server; and the service server receives the encrypted data, decrypts the encrypted data according to a public key contained in a local certificate, and executes the service processing task established according to the encrypted data under the condition of successful decryption.

Optionally, the key management unit receives a key obtaining request carrying a key label, and sends the local key to the client under the condition that the local key corresponding to the key label is determined.

Optionally, the information interaction system further includes a key management unit; the key management unit selects a test application program from the at least two application programs and sends the updated key to the test application program; the test application receives the updated key; receiving a test service request corresponding to the test application program, encrypting test service data carried by the test service request based on the updated key, obtaining test encrypted data and sending the test encrypted data to the service server; and the service server receives the test encrypted data, creates a test service processing task according to the test encrypted data, and executes the test service processing task as a response of the test service request.

To sum up, in the information interaction method provided in an embodiment of the present specification, a service request corresponding to an application program is received through a client; encrypting the service data carried in the service request according to the updated key to obtain encrypted data and sending the encrypted data to a service server; and the service server receives the encrypted data, creates a service processing task according to the encrypted data, and executes the service processing task as a response of the service request. And the service data is encrypted according to the updated key so as to realize the execution of the service processing task and improve the safety of data transmission.

The above is a schematic scheme of the information interaction method of this embodiment. It should be noted that the technical solution of the information interaction method and the technical solution of the information interaction system belong to the same concept, and details that are not described in detail in the technical solution of the information interaction method can be referred to the description of the technical solution of the information interaction system.

Corresponding to the above method embodiment, the present specification further provides an 8-device embodiment, and fig. 8 shows a schematic structural diagram of an information interaction device provided in an embodiment of the present specification. As shown in fig. 8, the apparatus includes:

the encryption module 802 is configured to receive a service request corresponding to the application program by a client; and encrypting the service data carried in the service request according to the updated key to obtain encrypted data and sending the encrypted data to the service server.

An executing module 804, configured to receive the encrypted data by the service server, create a service processing task according to the encrypted data, and execute the service processing task as a response to the service request.

In an optional embodiment, the encryption module 802 is further configured to:

the information interaction system also comprises a key management unit; the client responds to the service request to generate a key acquisition request and sends the key acquisition request to the key management unit; the key management unit determines an updated key corresponding to the key acquisition request and sends the updated key to the client; and the client receives the updated key sent by the key management unit.

In an optional embodiment, the encryption module 802 is further configured to:

the information interaction system also comprises a key management unit; the key management unit sends the updated key to a client; the client receives the updated key and stores the updated key; and reading the updating key under the condition of receiving a service request corresponding to the application program.

In an optional embodiment, the executing module 804 is further configured to:

the client encrypts the service data carried in the service request according to a private key contained in the updated key to obtain encrypted data carrying a digital signature and sends the encrypted data to the service server; and the service server receives the encrypted data, decrypts the encrypted data according to a public key contained in a local certificate, and executes the service processing task established according to the encrypted data under the condition of successful decryption.

In an optional embodiment, the executing module 804 is further configured to:

and the key management unit receives a key acquisition request carrying a key label, and sends the local key to the client under the condition of determining that the key label corresponds to the local key.

In an optional embodiment, the executing module 804 is further configured to:

the information interaction system also comprises a key management unit; the key management unit selects a test application program from the at least two application programs and sends the updated key to the test application program; the test application receives the updated key; receiving a test service request corresponding to the test application program, encrypting test service data carried by the test service request based on the updated key, obtaining test encrypted data and sending the test encrypted data to the service server; and the service server receives the test encrypted data, creates a test service processing task according to the test encrypted data, and executes the test service processing task as a response of the test service request.

The foregoing is a schematic diagram of an information interaction apparatus in this embodiment. It should be noted that the technical solution of the information interaction apparatus and the technical solution of the information interaction method belong to the same concept, and details that are not described in detail in the technical solution of the information interaction apparatus can be referred to the description of the technical solution of the information interaction method.

FIG. 9 illustrates a block diagram of a computing device 900 provided in accordance with one embodiment of the present specification. Components of the computing device 900 include, but are not limited to, a memory 910 and a processor 920. The processor 920 is coupled to the memory 910 via a bus 930, and a database 950 is used to store data.

Computing device 900 also includes access device 940, access device 940 enabling computing device 900 to communicate via one or more networks 960. Examples of such networks include the Public Switched Telephone Network (PSTN), a Local Area Network (LAN), a Wide Area Network (WAN), a Personal Area Network (PAN), or a combination of communication networks such as the internet. Access device 940 may include one or more of any type of network interface (e.g., a Network Interface Card (NIC)) whether wired or wireless, such as an IEEE802.11 Wireless Local Area Network (WLAN) wireless interface, a worldwide interoperability for microwave access (Wi-MAX) interface, an ethernet interface, a Universal Serial Bus (USB) interface, a cellular network interface, a bluetooth interface, a Near Field Communication (NFC) interface, and so forth.

In one embodiment of the present description, the above-described components of computing device 900, as well as other components not shown in FIG. 9, may also be connected to each other, such as by a bus. It should be understood that the block diagram of the computing device structure shown in FIG. 9 is for purposes of example only and is not limiting as to the scope of the description. Those skilled in the art may add or replace other components as desired.

Computing device 900 may be any type of stationary or mobile computing device, including a mobile computer or mobile computing device (e.g., tablet, personal digital assistant, laptop, notebook, netbook, etc.), a mobile phone (e.g., smartphone), a wearable computing device (e.g., smartwatch, smartglasses, etc.), or other type of mobile device, or a stationary computing device such as a desktop computer or PC. Computing device 900 may also be a mobile or stationary server.

Wherein the processor 920 is configured to execute computer-executable instructions that, when executed by the processor, implement the steps of the above-described method.

The above is an illustrative scheme of a computing device of the present embodiment. It should be noted that the technical solution of the computing device and the technical solution of the method belong to the same concept, and details that are not described in detail in the technical solution of the computing device can be referred to the description of the technical solution of the method.

An embodiment of the present specification also provides a computer-readable storage medium storing computer-executable instructions that, when executed by a processor, implement the steps of the above-described method.

The above is an illustrative scheme of a computer-readable storage medium of the present embodiment. It should be noted that the technical solution of the storage medium and the technical solution of the above method belong to the same concept, and details that are not described in detail in the technical solution of the storage medium can be referred to the description of the technical solution of the above method.

An embodiment of the present specification further provides a computer program, wherein when the computer program is executed in a computer, the computer is caused to execute the steps of the above method.

The above is an illustrative scheme of a computer program of the present embodiment. It should be noted that the technical solution of the computer program and the technical solution of the method belong to the same concept, and details that are not described in detail in the technical solution of the computer program can be referred to the description of the technical solution of the method.

The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.

The computer instructions comprise computer program code which may be in the form of source code, object code, an executable file or some intermediate form, or the like. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice.

It should be noted that, for the sake of simplicity, the foregoing method embodiments are described as a series of acts, but those skilled in the art should understand that the present embodiment is not limited by the described acts, because some steps may be performed in other sequences or simultaneously according to the present embodiment. Further, those skilled in the art should also appreciate that the embodiments described in this specification are preferred embodiments and that acts and modules referred to are not necessarily required for an embodiment of the specification.

In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.

The preferred embodiments of the present specification disclosed above are intended only to aid in the description of the specification. Alternative embodiments are not exhaustive and do not limit the invention to the precise embodiments described. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the embodiments and the practical application, to thereby enable others skilled in the art to best understand and utilize the embodiments. The specification is limited only by the claims and their full scope and equivalents.

Claims

1. A key renewal system comprising:

a key management unit, at least two applications;

2. The rekeying system of claim 1, the key management unit further configured to store the rekeying, wherein the rekeying comprises key data and a key tag; sending the key label to each application program, and updating a key record table into an initial key record table according to a label sending result; and under the condition that the key updating time reaches a preset updating threshold value, sending the key data to each application program, and updating the initial key record table into an intermediate key record table according to a key sending result.

3. The key update system according to claim 1, wherein the key management unit is further configured to send the update key to an application program corresponding to the update failure information; and updating the target key record table under the condition that the updating information fed back by the application program corresponding to the updating failure information is updating success information.

4. The key update system according to any one of claims 1 to 3, wherein the key management unit is further configured to delete the historical key of the previous key update cycle and record the historical key information corresponding to the historical key in the historical key record table, in a case that the current key update cycle determines that the key corresponding to each application program is updated successfully.

5. An information interaction system, comprising:

the client is configured to receive a service request corresponding to the application program; encrypting the service data carried in the service request according to the updated key in the system of any one of claims 1 to 4 to obtain encrypted data and sending the encrypted data to the service server;

6. The information interaction system according to claim 5, further comprising a key management unit;

7. The information interaction system according to claim 5, further comprising a key management unit;

8. The information interaction system of claim 5, wherein the client is further configured to encrypt the service data carried in the service request according to a private key included in the updated key, obtain encrypted data carrying a digital signature, and send the encrypted data to the service end;

9. The information interaction system of claim 6, wherein the key management unit is further configured to receive a key acquisition request carrying a key tag, and send the local key to the client when determining that the key tag corresponds to the local key.

10. The information interaction system according to claim 5, further comprising a key management unit;

11. A method of key renewal, comprising:

a key management unit, at least two applications;

the key management unit generates an update key associating at least two applications in response to a key update request; respectively sending the updated key to each application program, and updating a key record table into an intermediate key record table according to a key sending result;

12. An information interaction method comprises the following steps:

the client receives a service request corresponding to the application program; encrypting the service data carried in the service request according to the updated key in the system of any one of claims 1 to 4 to obtain encrypted data and sending the encrypted data to the service server;

13. A computing device, comprising:

a memory and a processor;

the memory is for storing computer-executable instructions, and the processor is for executing the computer-executable instructions, which when executed by the processor, implement the steps of the method of claim 11 or 12.

14. A computer-readable storage medium storing computer-executable instructions that, when executed by a processor, perform the steps of the method of claim 11 or 12.