WO2017000237A1 - Algorithm update method, device to be updated, and server - Google Patents

Algorithm update method, device to be updated, and server Download PDF

Info

Publication number
WO2017000237A1
WO2017000237A1 PCT/CN2015/082860 CN2015082860W WO2017000237A1 WO 2017000237 A1 WO2017000237 A1 WO 2017000237A1 CN 2015082860 W CN2015082860 W CN 2015082860W WO 2017000237 A1 WO2017000237 A1 WO 2017000237A1
Authority
WO
WIPO (PCT)
Prior art keywords
cryptographic algorithm
updated
server
algorithm
update
Prior art date
Application number
PCT/CN2015/082860
Other languages
French (fr)
Chinese (zh)
Inventor
黄征
郝勇钢
龙宇
来学嘉
陈璟
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Priority to CN201580027214.0A priority Critical patent/CN107925565B/en
Priority to PCT/CN2015/082860 priority patent/WO2017000237A1/en
Publication of WO2017000237A1 publication Critical patent/WO2017000237A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols

Definitions

  • the present invention relates to the field of communications, and in particular, to an algorithm update method, a device to be updated, and a server.
  • the cryptographic algorithm is the basis for protecting the security of mobile terminals. Once the cryptographic algorithm implemented by the device is found to have security vulnerabilities or may be maliciously attacked, it is difficult for manufacturers to perform large-scale cryptographic algorithm update operations in a short time based on traditional methods. Therefore, research on remote trusted update technologies for mobile terminals is of great significance. And use value.
  • the server sends an update signal to notify the mobile terminal to update
  • the mobile terminal detects the update signal, and determines a secure link parameter by negotiating with the server, thereby establishing a secure link
  • the server sends the update package to the mobile terminal through the secure link, and moves.
  • the terminal updates according to the update package to complete the update process.
  • the cryptographic algorithm used in establishing the secure link is determined by the mobile terminal and the server, and it is possible that the negotiated cryptographic algorithm determined by the mobile terminal and the server is lacking in security.
  • These cryptographic algorithms may have proven to be insecure, and are cryptographic algorithms that are required to be disabled in the update package. The use of these cryptographic algorithms to establish secure links is likely to cause malicious attacks such as eavesdropping, man-in-the-middle attacks, and spoofing attacks. Security.
  • the embodiment of the invention provides an algorithm update method, a device to be updated, and a server, which are used to avoid malicious attacks and improve system security.
  • the first aspect of the present invention provides an algorithm updating method, including:
  • An update signal sent by the device detection server to be updated is used to indicate that the system has an update package, and the update package is used to indicate that the device to be updated disables the target cryptographic algorithm;
  • the device to be updated sends a secure link request to the server
  • the device to be updated establishes a secure link with the server by using a first cryptographic algorithm specified by the server, and the first cryptographic algorithm does not include the target cryptographic algorithm;
  • the device to be updated is updated according to the update package.
  • the update packet carries a second cryptographic algorithm, where the second cryptographic algorithm is used to indicate that the device to be updated verifies the use of the update package.
  • a cryptographic algorithm the second cryptographic algorithm not including the target cryptographic algorithm;
  • the updating of the device to be updated according to the update package includes:
  • the device to be updated uses the second cryptographic algorithm to verify the update package
  • the device to be updated disables the target cryptographic algorithm according to the update package.
  • the device to be updated detects the update signal sent by the server, and includes:
  • the device to be updated establishes an algorithm usage table, where the algorithm usage table is used to indicate a cryptographic algorithm that can be used by the device to be updated and a cipher algorithm that is prohibited from being used;
  • the device to be updated, according to the update package, disabling the target password algorithm includes:
  • the device to be updated identifies the target cryptographic algorithm as the cipher algorithm forbidden in the algorithm usage table.
  • the device to be updated passes the first cryptographic algorithm specified by the server Establishing a secure link with the server includes:
  • the device to be updated checks the public key, and if the test passes, generates a symmetric key
  • the device to be updated uses the public key to encrypt the symmetric key
  • the device to be updated sends an encrypted symmetric key to the server, the symmetric key is used by the server to encrypt data sent to the device to be updated, and the device to be updated decrypts the sent by the server. data.
  • the device to be updated includes a mobile terminal or a base station.
  • a second aspect of the present invention provides an algorithm update method, including:
  • the server sends an update signal, where the update signal is used to indicate that the device to be updated disables the target cryptographic algorithm
  • the server specifies a first cryptographic algorithm corresponding to the secure link request, and the first secret
  • the code algorithm notifies the device to be updated, and the first cryptographic algorithm does not include the target cryptographic algorithm
  • the server establishes a secure link with the device to be updated by using the first cryptographic algorithm
  • the server sends the update package to the device to be updated through the secure link.
  • the update packet carries a second cryptographic algorithm, where the second cryptographic algorithm is used to indicate that the device to be updated verifies the use of the update package.
  • a cryptographic algorithm the second cryptographic algorithm not including the target cryptographic algorithm.
  • the server specifies that the first cryptographic algorithm corresponding to the secure link request includes:
  • the server determines other cryptographic algorithms in the set of cryptographic algorithms other than the target cryptographic algorithm, and selects the first cryptographic algorithm from the other cryptographic algorithms.
  • a third aspect of the present invention provides a device to be updated, including:
  • a detection module configured to detect an update signal sent by the server, where the update signal is used to indicate that the system has an update package, where the update package is used to indicate that the device to be updated disables the target cryptographic algorithm;
  • a sending module configured to send a secure link request to the server
  • a first establishing module configured to establish a secure link with the server by using a first cryptographic algorithm specified by the server, where the first cryptographic algorithm does not include the target cryptographic algorithm;
  • a receiving module configured to receive, by using the secure link established by the first establishing module, the update package sent by the server;
  • an update module configured to update according to the update package received by the receiving module.
  • the update packet carries a second cryptographic algorithm, where the second cryptographic algorithm is used to indicate that the device to be updated verifies the use of the update package.
  • a cryptographic algorithm the second cryptographic algorithm not including the target cryptographic algorithm;
  • the update module includes:
  • a verification unit configured to verify the update package by using the second cryptographic algorithm
  • a disabling unit configured to, when the verification unit determines that the update package is verified, according to the The new package disables the target cryptographic algorithm.
  • the device to be updated further includes:
  • a second establishing module configured to establish an algorithm usage table, where the algorithm uses a table to indicate a cryptographic algorithm that can be used by the device to be updated and a cipher algorithm that is prohibited from being used;
  • the disabling unit includes:
  • An identifier subunit configured to identify the target cryptographic algorithm as the banned cryptographic algorithm in the algorithm usage table.
  • the first establishing module includes:
  • a receiving unit configured to receive a public key corresponding to the first cryptographic algorithm sent by the server
  • a verification unit configured to check the public key received by the receiving unit
  • a generating unit configured to generate a symmetric key when the checking unit determines that the public key passes the verification
  • An encryption unit configured to encrypt the symmetric key by using the public key
  • a sending unit configured to send, to the server, an encrypted symmetric key, where the symmetric key is used by the server to encrypt data sent to the to-be-updated device, and the to-be-updated device decrypts the sent by the server data.
  • the device to be updated includes a mobile terminal or a base station.
  • a fourth aspect of the present invention provides a server, including:
  • a first sending module configured to send an update signal, where the update signal is used to indicate that the device to be updated disables the target cryptographic algorithm
  • a receiving module configured to receive a secure link request sent by the device to be updated
  • a specifying module configured to specify a first cryptographic algorithm corresponding to the secure link request, and notify the first cryptographic algorithm of the device to be updated, where the first cryptographic algorithm does not include the target cryptographic algorithm
  • Establishing a module configured to establish a secure link with the device to be updated by using the first cryptographic algorithm specified by the specified module
  • a second sending module configured to send the update package to the device to be updated by using the secure link established by the establishing module.
  • the specifying module includes:
  • a determining unit configured to determine, according to the secure link request, a set of cryptographic algorithms in the device to be updated, where the cryptographic algorithm set includes at least two cryptographic algorithms;
  • a determining unit configured to determine whether the target cryptographic algorithm is included in the cryptographic algorithm set determined by the determining unit
  • a selecting unit configured to: when the determining unit determines that the target cryptographic algorithm is included in the cryptographic algorithm set, determine another cryptographic algorithm other than the target cryptographic algorithm in the cryptographic algorithm set, and from the other cryptographic algorithm The first cryptographic algorithm is selected in the algorithm.
  • a fifth aspect of the present invention provides a device to be updated, including: a processor and a memory;
  • the processor is configured to perform the following processes:
  • the update signal is used to indicate that the system has an update package, and the update package is used to indicate that the device to be updated disables the target cryptographic algorithm;
  • the update packet carries a second cryptographic algorithm, where the second cryptographic algorithm is used to indicate that the device to be updated verifies the use of the update package.
  • a cryptographic algorithm the second cryptographic algorithm not including the target cryptographic algorithm;
  • the processor specifically performs the following processes:
  • the update package is verified using the second cryptographic algorithm, and if the verification is passed, the target cryptographic algorithm is disabled according to the update package.
  • the processor further performs the following process:
  • the algorithm usage table is used to indicate a cryptographic algorithm that can be used by the device to be updated, and a cipher algorithm that is prohibited from being used;
  • the processor specifically performs the following process:
  • the symmetric key is used by the server to encrypt data sent to the device to be updated, and the device to be updated decrypts data sent by the server.
  • the device to be updated includes a mobile terminal or a base station.
  • a sixth aspect of the present invention provides a server, including: a central processing unit and a storage medium;
  • the central processor performs the following processes:
  • the update signal is used to indicate that the device to be updated disables the target cryptographic algorithm
  • the update package is sent to the device to be updated through the secure link.
  • the central processing unit specifically performs the following processes:
  • the first cryptographic algorithm specified by the server establishes a secure link with the server, and receives the update package sent by the server, and updates according to the update package, the first cryptographic algorithm does not Contains the target cryptographic algorithm that the update package requires to be disabled. That is, In this solution, the server can specify the cryptographic algorithm used by the secure link, and it is forbidden to use the lower version of the insecure algorithm to avoid malicious attacks, thereby improving the security of the system.
  • FIG. 1 is a schematic diagram of an embodiment of an algorithm update method in an embodiment of the present invention.
  • FIG. 2 is a schematic diagram of another embodiment of an algorithm updating method in an embodiment of the present invention.
  • FIG. 3 is a schematic diagram of another embodiment of an algorithm updating method in an embodiment of the present invention.
  • FIG. 4 is a schematic diagram of another embodiment of an algorithm updating method according to an embodiment of the present invention.
  • FIG. 5 is a schematic diagram of an embodiment of a device to be updated in an embodiment of the present invention.
  • FIG. 6 is a schematic diagram of another embodiment of an apparatus to be updated in an embodiment of the present invention.
  • FIG. 7 is a schematic diagram of an embodiment of a server in an embodiment of the present invention.
  • FIG. 8 is a schematic diagram of another embodiment of a server in an embodiment of the present invention.
  • FIG. 9 is a schematic diagram of another embodiment of an apparatus to be updated in an embodiment of the present invention.
  • FIG. 10 is a schematic diagram of another embodiment of a server in an embodiment of the present invention.
  • One embodiment of the algorithm updating method in the embodiment of the present invention includes:
  • the server determines that the target cryptographic algorithm in the system is unsecure, or if the target cryptographic algorithm needs to be disabled for other reasons, the server sends an update signal, and the device to be updated can detect the utterance sent by the server through the background update detection program. And an update signal, the update signal is used to indicate that the device to be updated has a new upgrade package available, and the update package is used to indicate that the device to be updated disables the target password algorithm.
  • the cryptographic algorithm is implemented by the software part of the physical chip of the device.
  • the device can also invoke the hardware module to accelerate the implementation of related operations.
  • the target cryptographic algorithm may be a cryptographic algorithm that is partially disabled by the software, or a cryptographic algorithm that is disabled by the hardware module.
  • the device to be updated sends a secure link request to the server.
  • the device to be updated After the device to be updated detects the update signal sent by the server, the device sends a secure link request to the server, where the secure link request includes device information of the device to be updated, and the device information includes a set of cryptographic algorithms supported by the device to be updated.
  • the cryptographic algorithm set contains at least two cryptographic algorithms.
  • the cryptographic algorithm set may be a cryptographic algorithm set supported by the hardware module in the device, or may be a cryptographic algorithm set supported by the software part of the physical chip of the device, or a combination of the two, which is not limited herein. .
  • the device to be updated establishes a secure link with the server by using a first cryptographic algorithm specified by the server;
  • the server After receiving the secure link request sent by the device to be updated, the server specifies a cryptographic algorithm used to establish a secure link, and the cryptographic algorithm is a first cryptographic algorithm, and the first cryptographic algorithm is notified to the device to be updated, and the device to be updated uses the server to specify The first cryptographic algorithm establishes a secure link with the server. It should be noted that the first cryptographic algorithm does not include a target cryptographic algorithm that needs to be disabled.
  • the device to be updated receives the update package sent by the server by using the secure link.
  • the server determines an update package corresponding to the device to be updated, and sends the update package to the server through the secure link, and the device to be updated passes the secure link. Receive the update package sent by the server.
  • the device to be updated is updated according to the update package.
  • the device to be updated After the device to be updated receives the update packet sent by the server, it updates according to the update package.
  • the first cryptographic algorithm specified by the server establishes a secure link with the server, and receives the update package sent by the server, and updates according to the update package, the first cryptographic algorithm does not Contains the target cryptographic algorithm that the update package requires to be disabled. That is to say, in this solution, the server can specify a cryptographic algorithm used by the secure link, prohibiting the use of a lower version of the insecure algorithm, thereby avoiding malicious attacks, thereby improving the security of the system.
  • FIG. 2 another embodiment of the algorithm update method in the embodiment of the present invention includes:
  • the device to be updated may be a mobile terminal, and may be a base station, or may be another device based on an ARM architecture, which is not limited herein.
  • the server determines that the target cryptographic algorithm in the system is unsecure, or if the target cryptographic algorithm needs to be disabled for other reasons, the server sends an update signal, and the device to be updated can detect the utterance sent by the server through the background update detection program. And an update signal, the update signal is used to indicate that the device to be updated has a new update package, and the update package is used to indicate that the device to be updated disables the target password algorithm.
  • the cryptographic algorithm is implemented by the software part of the physical chip of the device.
  • the device can also invoke the hardware module to accelerate the implementation of related operations.
  • the target cryptographic algorithm may be a cryptographic algorithm that is partially disabled by the software, or a cryptographic algorithm that is disabled by the hardware module.
  • the device to be updated sends a secure link request to the server.
  • the device to be updated After the device to be updated detects the update signal sent by the server, the device sends a secure link request to the server, where the secure link request includes device information of the device to be updated, and the device information includes a set of cryptographic algorithms supported by the device to be updated.
  • the cryptographic algorithm set contains at least two cryptographic algorithms.
  • the device information may further include information such as a communication protocol version supported by the device to be updated, a compressed version supported by the device to be updated, and the like. Other information may also be included, which is not limited herein.
  • the cryptographic algorithm set may be a cryptographic algorithm set supported by the hardware module in the device.
  • the combination of the cryptographic algorithms supported by the software part of the physical chip of the device may also be a combination of the two, which is not limited herein.
  • the device to be updated establishes a secure link with the server by using a first cryptographic algorithm specified by the server.
  • the server After receiving the secure link request sent by the device to be updated, the server specifies a cryptographic algorithm used to establish a secure link, and the cryptographic algorithm is a first cryptographic algorithm, and the first cryptographic algorithm is notified to the device to be updated, and the device to be updated uses the server to specify The first cryptographic algorithm establishes a secure link with the server. It should be noted that the first cryptographic algorithm does not include a target cryptographic algorithm that needs to be disabled.
  • the device to be updated may establish a secure link with the server according to the HTTPS protocol. Specifically, after receiving the secure link request sent by the device to be updated, the server determines the version of the encrypted communication protocol used for communication with the device to be updated according to the device information in the secure link. After determining the encryption algorithm used by the communication, the information is notified to the device to be updated, and the server certificate is sent to the update device.
  • the server certificate contains information such as a public key, and the device to be updated receives the public key, and checks whether the public key is valid.
  • the device to be updated determines that the public key is valid, generates a random value, and then uses the public key to encrypt the random value, and sends the random value to the server, and the server uses The private key corresponding to the public key is decrypted to obtain the random value, and the random value is a symmetric key, where the symmetric key is used by the server to encrypt data sent to the device to be updated, and is also used for the device to be updated to decrypt the data sent by the server. .
  • the device to be updated and the server complete the establishment of the secure link, and then the information transmitted between the two parties is encrypted by using the first cryptographic algorithm and the symmetric key.
  • the device to be updated may also establish a secure link by other means, which is not limited herein.
  • the device to be updated receives the update package sent by the server by using the secure link.
  • the server determines an update package corresponding to the device to be updated, and sends the update package to the server through the secure link, and the device to be updated receives the update package sent by the server through the secure link.
  • the update packet may carry a second cryptographic algorithm, where the second cryptographic algorithm is used to indicate that the device to be updated verifies the cryptographic algorithm used by the update packet, and the second cryptographic algorithm does not include the target cryptographic algorithm.
  • the device to be updated uses the second cryptographic algorithm to verify the update package, if the verification is passed, step 206 is performed, if the verification fails, step 207 is performed;
  • the device to be updated uses the second cryptographic algorithm according to the indication on the update package.
  • the verification package is verified to verify whether the update package has a legal signature from the operator or the device vendor. If the signature is legal, the verification is passed. If the device is to be updated, step 206 is performed. If the signature is invalid, the verification fails, and the verification is not completed. The device performs step 207.
  • the device to be updated disables the target password algorithm according to the update package.
  • the device to be updated determines that the update package passes the verification, the device to be updated disables the target cryptographic algorithm according to the update package.
  • the device to be updated performs other processes.
  • the update may be prompted to be reset, and may be reset to the factory state, and other processes may be performed, which are not limited herein.
  • the first cryptographic algorithm specified by the server establishes a secure link with the server, and receives the update package sent by the server, and updates according to the update package, the first cryptographic algorithm does not Contains the target cryptographic algorithm that the update package requires to be disabled. That is to say, in this solution, the server can specify a cryptographic algorithm used by the secure link, prohibiting the use of a lower version of the insecure algorithm, thereby avoiding malicious attacks, thereby improving the security of the system.
  • the update packet carries the second cryptographic algorithm, so that the device to be updated can use the second cryptographic algorithm to verify the update package, and then complete the update according to the verification result, and the second cryptographic algorithm does not include the update package requirement.
  • Disabled target cryptographic algorithm That is to say, the device to be updated in the solution prohibits the use of an insecure algorithm to verify the update package, thereby further improving the security of the system.
  • the device to be updated may further establish an algorithm usage table, and the algorithm uses the table.
  • a cryptographic algorithm used to indicate that the device to be updated can be used and a cryptographic algorithm that is prohibited from being used.
  • the algorithm usage table may be refreshed according to the update package.
  • the device to be updated receives the update packet sent by the server, and after the verification packet is verified, the target password algorithm is identified in the algorithm usage table as a password algorithm that is prohibited from being used.
  • the device to be updated may use a flag position "1" to indicate a cryptographic algorithm that can be used, and a "0" to indicate a cipher algorithm that is prohibited from being used.
  • the cryptographic algorithm indicated in the cryptographic algorithm using the table may be a cryptographic algorithm in the software part of the chip or a cryptographic algorithm in the hardware module of the device.
  • the table is used for the cryptographic algorithm of the hardware module, if the hardware module is Some units of cryptographic algorithms are now proven to have security problems, and the operating system can also identify these unit-specific cryptographic algorithms as banned cryptographic algorithms.
  • the cryptographic algorithm usage table of the software part if the update package includes a new cryptographic algorithm in the software part, the device to be updated may add the cryptographic algorithm to the algorithm usage table according to the update package, and identify the cryptographic algorithm as available. .
  • the device to be updated may establish and maintain an algorithm usage table, where the algorithm usage table may indicate a cryptographic algorithm that can be used by the device to be updated and a cipher algorithm that is prohibited from being used, thereby improving the flexibility of the solution.
  • the algorithm update method in the embodiment of the present invention is introduced from the perspective of the device to be updated.
  • the algorithm update method in the embodiment of the present invention is introduced from the perspective of the server.
  • Another embodiment of the algorithm update method in the embodiment of the present invention includes:
  • the server sends an update signal.
  • the server sends an update signal indicating that the device to be updated is available by the new update package, and the update package is used.
  • the target password algorithm is disabled for indicating that the device to be updated.
  • the cryptographic algorithm is implemented by the software part of the physical chip of the device.
  • the device can also invoke the hardware module to accelerate the implementation of related operations.
  • the target cryptographic algorithm may be a cryptographic algorithm that is disabled by the software part of the device, or a cryptographic algorithm that is disabled by the hardware module of the device.
  • the device to be updated may be a mobile terminal, and may be a base station or other device based on the ARM architecture, which is not limited herein.
  • the server receives a secure link request sent by the device to be updated.
  • the device to be updated After the server sends an update signal, the device to be updated detects the update signal and sends a secure link request to the server.
  • the server specifies a first cryptographic algorithm corresponding to the secure link request, and notifies the first cryptographic algorithm to the device to be updated.
  • the server After receiving the secure link request, the server determines the first cryptographic algorithm according to the secure link request, and notifies the first cryptographic algorithm to the device to be updated, the first cryptographic algorithm does not include the target cryptographic algorithm.
  • the server establishes a secure link with the device to be updated by using a first cryptographic algorithm.
  • the server After the server determines and informs the device to update the first cryptographic algorithm, the server establishes a secure link with the device to be updated by using the first cryptographic algorithm.
  • the server sends the update package to the device to be updated through the secure link.
  • the update package is sent to the device to be updated through the secure link.
  • the server when the server decides to disable the target cryptographic algorithm in the device to be updated, the server sends an update signal.
  • the server receives the secure link request of the device to be updated, the server specifies a first cryptographic algorithm, and uses the cryptographic algorithm to be updated.
  • the device establishes a secure link and sends an update package through the secure link, so that the device to be updated is updated according to the update package, and the first cryptographic algorithm does not include a target cryptographic algorithm that the update package requires to be disabled. That is to say, in this solution, the server can specify a cryptographic algorithm used by the secure link, prohibiting the use of a lower version of the insecure algorithm, thereby avoiding malicious attacks, thereby improving the security of the system.
  • Another embodiment of the algorithm update method in the embodiment of the present invention includes:
  • the server sends an update signal.
  • the server sends an update signal indicating that the device to be updated is available by the new update package, and the update package is used.
  • the target password algorithm is disabled for indicating that the device to be updated.
  • the cryptographic algorithm is implemented by the software part of the physical chip of the device.
  • the device can also invoke the hardware module to accelerate the implementation of related operations.
  • the target cryptographic algorithm may be a cryptographic algorithm that is disabled by the software part of the device, or a cryptographic algorithm that is disabled by the hardware module of the device.
  • the device to be updated may be a mobile terminal, and may be a base station or other device based on the ARM architecture, which is not limited herein.
  • the server receives a secure link request sent by the device to be updated.
  • the device to be updated After the server sends an update signal, the device to be updated detects the update signal and sends a secure link request to the server.
  • the server determines, according to the secure link request, a set of cryptographic algorithms in the device to be updated.
  • the server parses the secure link request to obtain device information of the device to be updated, and the device information includes the supported cryptographic algorithm set, and the cryptographic algorithm set includes at least two cryptographic algorithms.
  • the device information may further include information such as a communication protocol version supported by the device to be updated, a compressed version supported by the device to be updated, and the like. It can also include other information, which is not limited here. set.
  • the cryptographic algorithm set may be a cryptographic algorithm set supported by the hardware module in the device, or may be a cryptographic algorithm set supported by the software part of the physical chip of the device, which is not limited herein.
  • the server determines whether the cryptographic algorithm set contains the target cryptographic algorithm, and if so, step 405 is performed, and if not, step 409 is performed;
  • the server determines whether the cryptographic algorithm set includes a target cryptographic algorithm that needs to be disabled. If yes, step 405 is performed, and if no, step 409 is performed.
  • the server determines another cryptographic algorithm other than the target cryptographic algorithm in the cryptographic algorithm set, and selects the first cryptographic algorithm from other cryptographic algorithms;
  • the server determines other cryptographic algorithms other than the target cryptographic algorithm in the cryptographic algorithm set, and selects the first cryptographic algorithm from other cryptographic algorithms to establish as the device to be updated.
  • the cryptographic algorithm used by secure links are not limited to
  • the server notifies the first cryptographic algorithm to the device to be updated.
  • the server determines the first cryptographic algorithm
  • the first cryptographic algorithm is notified to the device to be updated.
  • the server establishes a secure link with the device to be updated by using a first cryptographic algorithm.
  • the server After the server notifies the device to be updated by the first cryptographic algorithm, the first cryptographic algorithm is used to establish a secure link with the device to be updated.
  • the server may establish a secure link with the device to be updated according to the HTTPS protocol.
  • the server needs to determine the encryption algorithm used in communication with the device to be updated, that is, the first cryptographic algorithm. Updating the version of the encrypted communication protocol used by the device communication, and surely, notifying the device to be updated, and sending a server certificate to the update device, the server certificate containing information such as a public key, and generating a message when the device to be updated determines that the public key is valid.
  • the server to the device to be updated is also used for decrypting the data sent by the server.
  • the device to be updated and the server complete the establishment of the secure link, and then the information transmitted between the two parties is encrypted by using the first cryptographic algorithm and the symmetric key.
  • the server and the device to be updated can also establish a secure link by other means, which is not limited here. set.
  • the server sends an update package to the to-be-updated device by using the secure link.
  • the update package is sent to the device to be updated through the secure link.
  • the update package may carry a second cryptographic algorithm, so that the device to be updated can check the update package according to the second cryptographic algorithm, and complete the update according to the check result.
  • the second cryptographic algorithm does not include the target cryptographic algorithm.
  • the server executes other processes.
  • the server determines that the target cryptographic algorithm does not exist in the cryptographic algorithm set, the server performs other processes.
  • the server when the server decides to disable the target cryptographic algorithm in the device to be updated, the server sends an update signal.
  • the server receives the secure link request of the device to be updated, the server specifies a first cryptographic algorithm, and uses the cryptographic algorithm to be updated.
  • the device establishes a secure link and sends an update package through the secure link, so that the device to be updated is updated according to the update package, and the first cryptographic algorithm does not include a target cryptographic algorithm that the update package requires to be disabled. That is to say, in this solution, the server can specify a cryptographic algorithm used by the secure link, prohibiting the use of a lower version of the insecure algorithm, thereby avoiding malicious attacks, thereby improving the security of the system.
  • the update package may carry the second cryptographic algorithm, so that the device to be updated can use the second cryptographic algorithm to verify the update package, and complete the update according to the verification result, where the second cryptographic algorithm does not include the target password. algorithm. That is to say, the device to be updated does not use an insecure cryptographic algorithm in the process of verifying the update package, which further improves the security of the system.
  • Mobile phone A can implement DES algorithm, AES algorithm and 3DES algorithm, and all three algorithms can call the acceleration implementation in the mobile phone.
  • Mobile phone A adds an algorithm usage table in the operating system, and the algorithm uses a table to indicate that the hardware module can
  • the cryptographic algorithm used and the banned cryptographic algorithm are shown in Table 1, where "0" means unavailable and "1" means available.
  • the operator of mobile phone A finds that the DES algorithm will be attacked by the attacker in the process of using the hardware module, and the operator server notifies the generated mobile phone to disable the DES algorithm on the hardware module, and the operator server sends an update signal.
  • the update signal is used to indicate that the handset of the operator's handset disables the target cryptographic algorithm on the hardware module, ie the DES algorithm.
  • the mobile phone A detects the update signal sent by the operator server through the background update detection program, and sends a secure link request to the server, where the secure link request includes information about the mobile phone, and the information is used to inform the server that the set of cryptographic algorithms supported by the mobile phone includes DES algorithm, AES algorithm and 3DES algorithm.
  • the server knows the information, it is determined that the cryptographic algorithm includes a DES algorithm that needs to be disabled, and other algorithms in the server cryptographic algorithm set select an encryption algorithm used by the secure link, that is, select from the AES algorithm and the 3DES algorithm, and the server selects AES.
  • the algorithm uses the encryption algorithm used as the secure link, that is, the first cryptographic algorithm, the server responds to the request of the mobile phone A, and informs the mobile phone A that the encryption algorithm used by the communication between the two parties is the AES algorithm, and sends the public key K of the operator server to the mobile phone A, the mobile phone.
  • A uses the SHA256 value of the storage operator's public key to verify the public key K sent by the operator's server.
  • the public key K passes the check, the mobile phone A generates a symmetric key S, and the mobile phone A encrypts the symmetric key S with the public key K.
  • the operator server decrypts the private key P corresponding to the public key K to obtain the symmetric key S, and the operator server and the mobile phone A complete The establishment of the HTTPS secure link, and then the carrier server finds the update package B corresponding to the mobile phone A.
  • the operator server encrypts the update package B by using the first cryptographic algorithm AES algorithm and the symmetric private key S, and sends the encrypted update package B to the mobile phone A, and the mobile phone A receives the update package, and uses the AES algorithm and the private key S.
  • the update packet B is decrypted, and the mobile phone A verifies the signature of the update packet B.
  • the signature of the update package is verified, and the mobile phone A disables the DES algorithm on the module according to the update package B, that is, the mobile phone A will no longer call the hardware module to accelerate the implementation of the DES algorithm, and the mobile phone A updates the algorithm usage table of the hardware module, and uses the algorithm.
  • the identifier of the DES algorithm in the table is an algorithm that is forbidden to use, that is, the status corresponding to the DES is identified as "0", as shown in Table 2.
  • an embodiment of the device to be updated in the embodiment of the present invention includes:
  • the detecting module 501 is configured to detect an update signal sent by the server, where the update signal is used to indicate that the system has an update package, where the update package is used to indicate that the device to be updated disables the target cryptographic algorithm;
  • a sending module 502 configured to send a secure link request to the server
  • a first establishing module 503 configured to establish a secure link with the server by using a first cryptographic algorithm specified by the server, where the first cryptographic algorithm does not include the target cryptographic algorithm;
  • the receiving module 504 is configured to receive, by using the secure link established by the first establishing module 503, an update package sent by the server;
  • the update module 505 is configured to update according to the update package received by the receiving module 504.
  • the sending module 502 sends a secure link request to the server
  • the first establishing module 503 establishes a secure link with the server by using the first cryptographic algorithm specified by the server
  • the receiving module 504 receives the server.
  • the update package 505 is updated according to the update package, and the first cryptographic algorithm does not include a target cryptographic algorithm that the update package requires to be disabled. That is to say, in this solution, the server can specify a cryptographic algorithm used by the secure link, prohibiting the use of a lower version of the insecure algorithm, thereby avoiding malicious attacks, thereby improving the security of the system.
  • FIG. 6 another embodiment of the device to be updated in the embodiment of the present invention includes:
  • the detecting module 601 is configured to detect an update signal sent by the server, where the update signal is used to indicate that the system has an update package, where the update package is used to indicate that the device to be updated disables the target cryptographic algorithm;
  • a sending module 602 configured to send a secure link request to the server
  • a first establishing module 603, configured to establish a secure link with the server by using a first cryptographic algorithm specified by the server, where the first cryptographic algorithm does not include the target cryptographic algorithm;
  • the receiving module 604 is configured to receive, by using the secure link established by the first establishing module 603, an update package sent by the server, where the update packet carries a second cryptographic algorithm, where the second cryptographic algorithm is used to indicate that the packet is to be updated.
  • the device verifies the cryptographic algorithm used by the update package, and the second cryptographic algorithm does not include the target cryptographic algorithm;
  • An update module 605, configured to update according to the update package received by the receiving module 604;
  • the update module 605 includes:
  • a verification unit 6051 configured to verify the update package by using a second cryptographic algorithm
  • the disabling unit 6052 is configured to disable the target cipher algorithm according to the update package when the verification unit 6051 determines that the update package is verified.
  • the first establishing module 603 may include:
  • the receiving unit 6031 is configured to receive a public key corresponding to the first cryptographic algorithm sent by the server;
  • the checking unit 6032 is configured to check the public key received by the receiving unit 6031;
  • a generating unit 6033 configured to generate a symmetric key when the verification unit determines that the public key passes the verification
  • An encryption unit 6034 configured to encrypt the symmetric key by using a public key
  • the sending unit 6035 is configured to send the encrypted symmetric key to the server, where the symmetric key is used by the server to encrypt data sent to the device to be updated, and the data sent by the device decryption server to be updated.
  • the device to be updated may further include:
  • a second establishing module 606 configured to establish an algorithm usage table, the algorithm uses a table to indicate a cryptographic algorithm that can be used by the device to be updated, and a cipher algorithm that is prohibited from being used;
  • the disabling unit 6052 includes:
  • the identifier sub-unit 60521 is configured to identify the target cryptographic algorithm as a cipher algorithm forbidden in the algorithm usage table.
  • the sending module 602 sends a secure link request to the server
  • the first establishing module 603 establishes a secure link with the server by using the first cryptographic algorithm specified by the server
  • the receiving module 604 receives the sending by the server.
  • the update package 605 is updated according to the update package, and the first cryptographic algorithm does not include a target cryptographic algorithm that the update package requires to be disabled. That is to say, in this solution, the server can specify a cryptographic algorithm used by the secure link, prohibiting the use of a lower version of the insecure algorithm, thereby avoiding malicious attacks, thereby improving the security of the system.
  • the update packet carries the second cipher algorithm
  • the verification unit 6051 in the update module 605 can verify the update package by using the second cipher algorithm, and then complete the update according to the verification result, and the second cipher algorithm does not Contains the target cryptographic algorithm that the update package requires to be disabled. That is to say, the device to be updated in this solution prohibits the use of an unsafe algorithm to verify the update package, further improving the system. Security.
  • the second establishing module 606 can establish an algorithm usage table, and the identifier sub-unit 60521 in the updating module 605 can update the algorithm usage table, and the algorithm usage table can indicate a password that can be used by the device to be updated.
  • Algorithms and banned cryptographic algorithms increase the flexibility of the solution.
  • the server determines that the target cryptographic algorithm in the system is unsecure, or if the target cryptographic algorithm needs to be disabled for other reasons, the server sends an update signal, and the detection module 601 can detect the utterance sent by the server through the background update detection program. And an update signal, the update signal is used to indicate that the device to be updated has a new update package, and the update package is used to indicate that the device to be updated disables the target password algorithm.
  • the cryptographic algorithm is implemented by the software part of the physical chip of the device.
  • the device can also invoke the hardware module to accelerate the implementation of related operations.
  • the target cryptographic algorithm may be a cryptographic algorithm that is partially disabled by the software, or a cryptographic algorithm that is disabled by the hardware module.
  • the sending module 602 sends a secure link request to the server, where the secure link request includes device information of the device to be updated, and the device information includes a cryptographic algorithm supported by the device to be updated.
  • the secure link request includes device information of the device to be updated, and the device information includes a cryptographic algorithm supported by the device to be updated.
  • the device information may further include information such as a communication protocol version supported by the device to be updated, a compressed version supported by the device to be updated, and the like. Other information may also be included, which is not limited herein.
  • the cryptographic algorithm set may be a cryptographic algorithm set supported by the hardware module in the device, or may be a cryptographic algorithm set supported by the software part of the physical chip of the device, or a combination of the two, which is not limited herein.
  • the server After receiving the secure link request sent by the device to be updated, the server specifies a cryptographic algorithm used by the secure link, and the cryptographic algorithm is the first cryptographic algorithm, and the first cryptographic algorithm is notified to the device to be updated, and the first establishing module 603 uses the cryptographic algorithm.
  • the first cryptographic algorithm specified by the server establishes a secure link with the server. It should be noted that the first cryptographic algorithm does not include a target cryptographic algorithm that needs to be disabled.
  • the device to be updated can establish a secure link with the server according to the HTTPS protocol, specifically, the service
  • the device determines the version of the encrypted communication protocol used for communication with the device to be updated according to the device information in the secure link, determines the encryption algorithm used by the communication, and then notifies the device to be updated.
  • the server certificate is sent to the update device, the server certificate contains information such as a public key, the receiving unit 6031 receives the public key, and the checking unit 6032 checks whether the public key is valid, and specifically, whether the issuing authority is legal, whether the certificate expires, etc.
  • the generating unit 6033 After the update device determines that the public key is valid, the generating unit 6033 generates a random value, and then the encryption unit 6034 encrypts the random value by using the public key, and the sending unit 6035 sends the random value to the server, and the server uses the private key corresponding to the public key.
  • the key decryption obtains the random value, which is a symmetric key, which is used by the server to encrypt data sent to the device to be updated, and is also used by the device to be updated to decrypt data sent by the server.
  • the device to be updated and the server complete the establishment of the secure link, and then the information transmitted between the two parties is encrypted by using the first cryptographic algorithm and the symmetric key.
  • the first establishing module 603 can also establish a secure link by other means, which is not limited herein.
  • the server determines an update package corresponding to the device to be updated, and sends the update package to the server through the secure link, and the receiving module 604 receives the update package sent by the server through the secure link.
  • the update packet may carry a second cryptographic algorithm, where the second cryptographic algorithm is used to indicate that the device to be updated verifies the cryptographic algorithm used by the update packet, and the second cryptographic algorithm does not include the target cryptographic algorithm.
  • the verification unit 6051 of the update module 605 uses the second cryptographic algorithm to verify the update package, and checks whether the update package has an operator or a device vendor. Legal signature, if the signature is legal, the verification passes, triggering the disable unit 6052.
  • the disabling unit 6052 disables the target cryptographic algorithm according to the update package.
  • the second establishing module 606 may further establish an algorithm usage table, where the algorithm usage table is used to indicate that the device to be updated may The cryptographic algorithm used and the cryptographic algorithm that is prohibited.
  • the algorithm usage table may be refreshed according to the update package.
  • the receiving module 604 receives the update packet sent by the server, and after the verification packet is verified, the identifier subunit 60521 identifies the target cryptographic algorithm as a cipher algorithm forbidden in the algorithm usage table.
  • the flag position "1" can be used to indicate a cryptographic algorithm that can be used, and "0" is used to indicate a cipher algorithm that is prohibited from being used.
  • the cryptographic algorithm indicated in the cryptographic algorithm using the table may be a cryptographic algorithm in the software part of the chip or a cryptographic algorithm in the hardware module of the device.
  • the identifier sub-unit 60521 can also identify the cryptographic algorithms of the units as prohibited. Password algorithm.
  • the identifier sub-unit 60521 may add the cryptographic algorithm to the algorithm usage table according to the update package, and identify the password as available. algorithm.
  • an embodiment of the server in the embodiment of the present invention includes:
  • the first sending module 701 is configured to send an update signal, where the update signal is used to indicate that the device to be updated disables the unsafe target cryptographic algorithm;
  • the receiving module 702 is configured to receive a secure link request sent by the device to be updated.
  • the specifying module 703 is configured to specify a first cryptographic algorithm corresponding to the secure link request, and notify the device to be updated by the first cryptographic algorithm, where the first cryptographic algorithm does not include the target cryptographic algorithm;
  • the establishing module 704 is configured to establish a secure link with the to-be-updated device by using a first cryptographic algorithm specified by the specifying module 703;
  • the second sending module 705 is configured to send an update package to the device to be updated by using the secure link established by the establishing module 704.
  • the server determines that the target cryptographic algorithm in the device to be updated is disabled, the first sending module 701 sends an update signal, and after the receiving module 702 receives the secure link request of the device to be updated, the specifying module 703 specifies the first The cryptographic algorithm, the establishing module 704 uses the cryptographic algorithm to establish a secure link with the device to be updated, and the second sending module 705 sends the update packet through the secure link, so that the device to be updated updates according to the update package, and the first cryptographic algorithm does not include an update.
  • FIG. 8 another embodiment of the server in the embodiment of the present invention includes:
  • the first sending module 801 is configured to send an update signal, where the update signal is used to indicate that the device to be updated disables the unsafe target cryptographic algorithm;
  • the receiving module 802 is configured to receive a secure link request sent by the device to be updated
  • the specifying module 803 is configured to specify a first cryptographic algorithm corresponding to the secure link request, and notify the device to be updated by the first cryptographic algorithm, where the first cryptographic algorithm does not include the target cryptographic algorithm;
  • the establishing module 804 is configured to establish a secure link with the device to be updated by using a first cryptographic algorithm specified by the specifying module 803;
  • a second sending module 805, configured to send, by using a secure link established by the establishing module 804, an update package to the device to be updated;
  • the specifying module 803 includes:
  • a determining unit 8031 configured to determine, according to the secure link request, a set of cryptographic algorithms in the device to be updated, where the cryptographic algorithm set includes at least two cryptographic algorithms;
  • the determining unit 8032 is configured to determine whether the target cryptographic algorithm is included in the cryptographic algorithm set determined by the determining unit 8031;
  • the selecting unit 8033 is configured to: when the determining unit 8032 determines that the target cryptographic algorithm is included in the cryptographic algorithm set, determine other cryptographic algorithms other than the target cryptographic algorithm in the cryptographic algorithm set, and select the first cryptographic algorithm from other cryptographic algorithms.
  • the server determines that the target cryptographic algorithm in the device to be updated is disabled, the first sending module 801 sends an update signal, and after the receiving module 802 receives the secure link request of the device to be updated, the specifying module 803 specifies the first The cryptographic algorithm, the establishing module 804 uses the cryptographic algorithm to establish a secure link with the device to be updated, and the second sending module 805 sends the update packet through the secure link, so that the device to be updated updates according to the update package, and the first cryptographic algorithm does not include an update.
  • the device to be updated and the server to be updated in the embodiment of the present invention are described in the above, and the device to be updated in the embodiment of the present invention is described in the following.
  • the ARM-based device such as a mobile phone, a tablet computer, a PDA (Personal Digital Assistant), a base station, a vehicle-mounted computer, and the like
  • the following is a mobile phone as an example.
  • the device to be updated in the embodiment of the present invention is used.
  • Another embodiment package include:
  • a radio frequency (RF) circuit 910 a radio frequency (RF) circuit 910, a memory 920, an input unit 930, a display unit 940, a sensor 950, an audio circuit 960, a wireless fidelity (WiFi) module 970, a processor 980, and a power supply 990.
  • RF radio frequency
  • the RF circuit 910 can be used for receiving and transmitting signals during and after receiving or transmitting information, in particular, after receiving the downlink information of the base station, and processing it to the processor 980; in addition, transmitting the designed uplink data to the base station.
  • RF circuit 910 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a Low Noise Amplifier (LNA), a duplexer, and the like.
  • LNA Low Noise Amplifier
  • RF circuitry 910 can also communicate with the network and other devices via wireless communication.
  • the above wireless communication may use any communication standard or protocol, including but not limited to Global System of Mobile communication (GSM), General Packet Radio Service (GPRS), Code Division Multiple Access (Code Division). Multiple Access (CDMA), Wideband Code Division Multiple Access (WCDMA), Long Term Evolution (LTE), E-mail, Short Messaging Service (SMS), and the like.
  • GSM Global System of Mobile communication
  • GPRS General Packe
  • the memory 920 can be used to store software programs and modules, and the processor 980 executes various functional applications and data processing of the mobile phone by running software programs and modules stored in the memory 920.
  • the memory 920 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may be stored according to Data created by the use of the mobile phone (such as audio data, phone book, etc.).
  • memory 920 can include high speed random access memory, and can also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
  • the input unit 930 can be configured to receive input numeric or character information and to generate key signal inputs related to user settings and function controls of the handset.
  • the input unit 930 may include a touch panel 931 and other input devices 932.
  • Touch panel 931 also known as a touch screen, can collect users in it Touch operation on or near (such as the user using a finger, a stylus, or the like, on any touch object 931 or in the vicinity of the touch panel 931), and driving the corresponding connection device according to a preset program .
  • the touch panel 931 can include two parts: a touch detection device and a touch controller.
  • the touch detection device detects the touch orientation of the user, and detects a signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts the touch information into contact coordinates, and sends the touch information.
  • the processor 980 is provided and can receive commands from the processor 980 and execute them.
  • the touch panel 931 can be implemented in various types such as resistive, capacitive, infrared, and surface acoustic waves.
  • the input unit 930 may also include other input devices 932.
  • other input devices 932 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control buttons, switch buttons, etc.), trackballs, mice, joysticks, and the like.
  • the display unit 940 can be used to display information input by the user or information provided to the user as well as various menus of the mobile phone.
  • the display unit 940 can include a display panel 941.
  • the display panel 941 can be configured in the form of a liquid crystal display (LCD), an organic light-emitting diode (OLED), or the like.
  • the touch panel 931 can cover the display panel 941. When the touch panel 931 detects a touch operation on or near the touch panel 931, the touch panel 931 transmits to the processor 980 to determine the type of the touch event, and then the processor 980 according to the touch event. The type provides a corresponding visual output on display panel 941.
  • touch panel 931 and the display panel 941 are used as two independent components to implement the input and input functions of the mobile phone in FIG. 9, in some embodiments, the touch panel 931 and the display panel 941 may be integrated. Realize the input and output functions of the phone.
  • the handset may also include at least one type of sensor 950, such as a light sensor, motion sensor, and other sensors.
  • the light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display panel 941 according to the brightness of the ambient light, and the proximity sensor may close the display panel 941 and/or when the mobile phone moves to the ear. Or backlight.
  • the accelerometer sensor can detect the magnitude of acceleration in all directions (usually three axes). When it is stationary, it can detect the magnitude and direction of gravity.
  • the mobile phone can be used to identify the gesture of the mobile phone (such as horizontal and vertical screen switching, related Game, magnetometer attitude calibration), vibration recognition related functions (such as pedometer, tapping), etc.; as for the mobile phone can also be configured with gyroscopes, barometers, hygrometers, thermometers, infrared sensors and other sensors, no longer Narration.
  • the gesture of the mobile phone such as horizontal and vertical screen switching, related Game, magnetometer attitude calibration
  • vibration recognition related functions such as pedometer, tapping
  • the mobile phone can also be configured with gyroscopes, barometers, hygrometers, thermometers, infrared sensors and other sensors, no longer Narration.
  • Audio circuit 960, speaker 961, microphone 962 can provide audio connection between the user and the mobile phone mouth.
  • the audio circuit 960 can transmit the converted electrical data of the received audio data to the speaker 961, and convert it into a sound signal output by the speaker 961.
  • the microphone 962 converts the collected sound signal into an electrical signal, and the audio circuit 960 After receiving, it is converted into audio data, and then processed by the audio data output processor 980, sent to the other mobile phone via the RF circuit 910, or outputted to the memory 920 for further processing.
  • WiFi is a short-range wireless transmission technology
  • the mobile phone can help users to send and receive emails, browse web pages, and access streaming media through the WiFi module 970, which provides users with wireless broadband Internet access.
  • FIG. 9 shows the WiFi module 970, it can be understood that it does not belong to the essential configuration of the mobile phone, and can be omitted as needed within the scope of not changing the essence of the invention.
  • the processor 980 is the control center of the handset, which connects various portions of the entire handset using various interfaces and lines, by executing or executing software programs and/or modules stored in the memory 920, and invoking data stored in the memory 920, executing The phone's various functions and processing data, so that the overall monitoring of the phone.
  • the processor 980 may include one or more processing units; preferably, the processor 980 may integrate an application processor and a modem processor, where the application processor mainly processes an operating system, a user interface, an application, and the like.
  • the modem processor primarily handles wireless communications. It will be appreciated that the above described modem processor may also not be integrated into the processor 980.
  • the handset also includes a power source 990 (such as a battery) that supplies power to the various components.
  • a power source 990 such as a battery
  • the power source can be logically coupled to the processor 980 through a power management system to manage functions such as charging, discharging, and power management through the power management system.
  • the mobile phone may further include a camera, a Bluetooth module, and the like, and details are not described herein again.
  • the processor 980 included in the terminal further has the following functions:
  • the update signal is used to indicate that the system has an update package, and the update package is used to indicate that the mobile phone disables the target password algorithm;
  • the update package carries the a second cryptographic algorithm
  • the second cryptographic algorithm is used to instruct the mobile phone to verify a cryptographic algorithm used by the update packet, and the second cryptographic algorithm does not include the target cryptographic algorithm
  • the processor also performs the following processes:
  • the update packet is verified using the second cryptographic algorithm, and if the verification passes, the target cryptographic algorithm is disabled according to the update package.
  • the processor further performs the following process:
  • Establishing an algorithm usage table which uses a table to indicate a cryptographic algorithm that can be used by the mobile phone and a cipher algorithm that is prohibited from being used;
  • the target cryptographic algorithm is identified in the algorithm usage table as a cryptographic algorithm that is prohibited from use.
  • the processor specifically performs the following process:
  • the symmetric key is used by the server to encrypt data sent to the mobile phone, and the mobile phone decrypts data sent by the server.
  • FIG. 10 is a schematic structural diagram of a server according to an embodiment of the present invention.
  • the server 1000 may be relatively large due to different configurations or performances. The difference may include one or more central processing units (CPU) 1022 (eg, one or more processors) and memory 1032, one or more storage media 1030 that store application 1042 or data 1044 ( For example, one or one storage device in Shanghai).
  • the memory 1032 and the storage medium 1030 may be short-term storage or persistent storage.
  • the program stored on storage medium 1030 may include one or more modules (not shown), each of which may include a series of instruction operations in the server.
  • the central processor 1022 can be configured to communicate with the storage medium 1030 on which a series of instruction operations in the storage medium 1030 are performed.
  • Server 1000 may also include one or more power sources 1026, one or more wired or wireless network interfaces 1050, one or more input and output interfaces 1058, and/or one or one More than one operating system 1041, such as Windows ServerTM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, and the like.
  • operating system 1041 such as Windows ServerTM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, and the like.
  • the central processing unit 1022 specifically performs the following steps:
  • the update signal is used to indicate that the device to be updated disables the unsafe target cryptographic algorithm
  • the update package is sent to the device to be updated through the secure link.
  • the central processing unit 1001 specifically performs the following processes:
  • the disclosed system, apparatus, and method may be implemented in other manners.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division.
  • there may be another division manner for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored or not executed.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
  • each functional unit in various embodiments of the present invention may be integrated in one processing unit. It is also possible that each unit physically exists alone, or two or more units may be integrated in one unit.
  • the above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
  • the integrated unit if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable storage medium.
  • the technical solution of the present invention which is essential or contributes to the prior art, or all or part of the technical solution, may be embodied in the form of a software product stored in a storage medium.
  • a number of instructions are included to cause a computer device (which may be a personal computer, server, or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present invention.
  • the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. .

Abstract

An algorithm update method, device to be updated, and server. The method comprises: detecting, by a device to be updated, an update signal transmitted by a server, wherein the update signal is configured to indicate that a system has an update package, the update package is configured to instruct the device to be updated to disable a target cryptographic algorithm; transmitting, by the device to be updated, a secure link request to the server; establishing, by the device to be updated, a secure link with the server by using a first cryptographic algorithm specified by the server, wherein the first cryptographic algorithm does not comprise the target cryptographic algorithm; receiving, by the device to be updated and via the secure link, the update package transmitted by the server; and updating the device to be updated according to the update package.

Description

算法更新方法、待更新设备及服务器Algorithm update method, device to be updated, and server 技术领域Technical field
本发明涉及通信领域,尤其涉及算法更新方法、待更新设备及服务器。The present invention relates to the field of communications, and in particular, to an algorithm update method, a device to be updated, and a server.
背景技术Background technique
随着移动终端的广泛应用,用户对于移动终端安全性的需求也越来越高,特别是像即时通信、移动支付等应用有着强安全性需求。密码算法是保护移动终端安全性的基础。一旦发现设备实现的密码算法有着安全漏洞或者可能被恶意攻击,基于传统方法制造商很难在短时间内进行大范围密码算法更新操作,因此对于移动终端的远程可信更新技术的研究有着重要意义和使用价值。With the wide application of mobile terminals, users have higher and higher requirements for the security of mobile terminals, especially applications such as instant messaging and mobile payment have strong security requirements. The cryptographic algorithm is the basis for protecting the security of mobile terminals. Once the cryptographic algorithm implemented by the device is found to have security vulnerabilities or may be maliciously attacked, it is difficult for manufacturers to perform large-scale cryptographic algorithm update operations in a short time based on traditional methods. Therefore, research on remote trusted update technologies for mobile terminals is of great significance. And use value.
现有技术中,服务器会发出更新信号通知移动终端进行更新,移动终端检测该更新信号,与服务器通过协商确定安全链接参数,从而建立安全链接,服务器通过该安全链接向移动终端发送更新包,移动终端根据更新包进行更新,从而完成更新过程。In the prior art, the server sends an update signal to notify the mobile terminal to update, the mobile terminal detects the update signal, and determines a secure link parameter by negotiating with the server, thereby establishing a secure link, and the server sends the update package to the mobile terminal through the secure link, and moves. The terminal updates according to the update package to complete the update process.
但是,建立安全链接时采用的密码算法是移动终端与服务器协商确定的,有可能协商出来的移动终端和服务器协商确定的密码算法是在安全性上有所欠缺的。这些密码算法中可能存在已经证明是不安全,是更新包中要求禁用的密码算法,而采用这些密码算法建立安全链接这很可能会造成系统被窃听、中间人攻击、欺骗攻击等恶意攻击,从而降低了安全性。However, the cryptographic algorithm used in establishing the secure link is determined by the mobile terminal and the server, and it is possible that the negotiated cryptographic algorithm determined by the mobile terminal and the server is lacking in security. These cryptographic algorithms may have proven to be insecure, and are cryptographic algorithms that are required to be disabled in the update package. The use of these cryptographic algorithms to establish secure links is likely to cause malicious attacks such as eavesdropping, man-in-the-middle attacks, and spoofing attacks. Security.
发明内容Summary of the invention
本发明实施例提供了算法更新方法、待更新设备及服务器,用于避免恶意攻击,提高系统的安全性。The embodiment of the invention provides an algorithm update method, a device to be updated, and a server, which are used to avoid malicious attacks and improve system security.
有鉴于此,本发明第一方面提供一种算法更新方法,包括:In view of this, the first aspect of the present invention provides an algorithm updating method, including:
待更新设备检测服务器发出的更新信号,所述更新信号用于指示系统存在更新包,所述更新包用于指示所述待更新设备将目标密码算法禁用;An update signal sent by the device detection server to be updated, the update signal is used to indicate that the system has an update package, and the update package is used to indicate that the device to be updated disables the target cryptographic algorithm;
所述待更新设备向所述服务器发送安全链接请求;The device to be updated sends a secure link request to the server;
所述待更新设备使用所述服务器指定的第一密码算法与所述服务器建立安全链接,所述第一密码算法不包括所述目标密码算法;The device to be updated establishes a secure link with the server by using a first cryptographic algorithm specified by the server, and the first cryptographic algorithm does not include the target cryptographic algorithm;
所述待更新设备通过所述安全链接接收所述服务器发送的所述更新包;Receiving, by the secure link, the update package sent by the server by the device to be updated;
所述待更新设备根据所述更新包进行更新。 The device to be updated is updated according to the update package.
结合本发明第一方面,本发明第一方面的第一实施方式中,所述更新包携带第二密码算法,所述第二密码算法用于指示所述待更新设备验证所述更新包使用的密码算法,所述第二密码算法不包括所述目标密码算法;With reference to the first aspect of the present invention, in the first embodiment of the first aspect of the present invention, the update packet carries a second cryptographic algorithm, where the second cryptographic algorithm is used to indicate that the device to be updated verifies the use of the update package. a cryptographic algorithm, the second cryptographic algorithm not including the target cryptographic algorithm;
所述待更新设备根据所述更新包进行更新包括:The updating of the device to be updated according to the update package includes:
所述待更新设备使用所述第二密码算法对所述更新包进行验证;The device to be updated uses the second cryptographic algorithm to verify the update package;
若验证通过,则所述待更新设备根据所述更新包将所述目标密码算法禁用。If the verification is passed, the device to be updated disables the target cryptographic algorithm according to the update package.
结合本发明第一方面的第一实施方式,本发明第一方面的第二实施方式中,所述待更新设备检测服务器发出的更新信号之前包括:With reference to the first embodiment of the first aspect of the present invention, in the second implementation manner of the first aspect of the present invention, the device to be updated detects the update signal sent by the server, and includes:
所述待更新设备建立算法使用表,所述算法使用表用于指示所述待更新设备可以使用的密码算法及禁止使用的密码算法;The device to be updated establishes an algorithm usage table, where the algorithm usage table is used to indicate a cryptographic algorithm that can be used by the device to be updated and a cipher algorithm that is prohibited from being used;
所述待更新设备根据所述更新包将所述目标密码算法禁用包括:The device to be updated, according to the update package, disabling the target password algorithm includes:
所述待更新设备在所述算法使用表中将所述目标密码算法标识为所述禁止使用的密码算法。The device to be updated identifies the target cryptographic algorithm as the cipher algorithm forbidden in the algorithm usage table.
结合本发明第一方面、本发明第一方面的第一实施方式或第二实施方式,本发明第一方面的第三实施方式中,所述待更新设备通过所述服务器指定的第一密码算法与所述服务器建立安全链接包括:With reference to the first aspect of the present invention, the first embodiment or the second embodiment of the first aspect of the present invention, in the third implementation manner of the first aspect of the present invention, the device to be updated passes the first cryptographic algorithm specified by the server Establishing a secure link with the server includes:
所述待更新设备接收所述服务器发送的所述第一密码算法对应的公钥;Receiving, by the device to be updated, a public key corresponding to the first cryptographic algorithm sent by the server;
所述待更新设备检验所述公钥,若检验通过则生成对称密钥;The device to be updated checks the public key, and if the test passes, generates a symmetric key;
所述待更新设备使用所述公钥加密所述对称密钥;The device to be updated uses the public key to encrypt the symmetric key;
所述待更新设备向所述服务器发送加密后的对称密钥,所述对称密钥用于所述服务器加密向所述待更新设备发送的数据,及所述待更新设备解密所述服务器发送的数据。The device to be updated sends an encrypted symmetric key to the server, the symmetric key is used by the server to encrypt data sent to the device to be updated, and the device to be updated decrypts the sent by the server. data.
结合本发明第一方面、本发明第一方面的第一实施方式或第二实施方式,本发明第一方面的第四实施方式中,所述待更新设备包括移动终端或基站。With reference to the first aspect of the present invention, the first embodiment or the second embodiment of the first aspect of the present invention, in the fourth implementation manner of the first aspect of the present invention, the device to be updated includes a mobile terminal or a base station.
本发明第二方面提供一种算法更新方法,包括:A second aspect of the present invention provides an algorithm update method, including:
服务器发出更新信号,所述更新信号用于指示待更新设备将目标密码算法禁用;The server sends an update signal, where the update signal is used to indicate that the device to be updated disables the target cryptographic algorithm;
所述服务器接收所述待更新设备发送的安全链接请求;Receiving, by the server, a secure link request sent by the device to be updated;
所述服务器指定所述安全链接请求对应的第一密码算法,并将所述第一密 码算法告知所述待更新设备,所述第一密码算法不包括所述目标密码算法;The server specifies a first cryptographic algorithm corresponding to the secure link request, and the first secret The code algorithm notifies the device to be updated, and the first cryptographic algorithm does not include the target cryptographic algorithm;
所述服务器使用所述第一密码算法与所述待更新设备建立安全链接;The server establishes a secure link with the device to be updated by using the first cryptographic algorithm;
所述服务器通过所述安全链接向待更新设备发送所述更新包。The server sends the update package to the device to be updated through the secure link.
结合本发明第二方面,本发明第二方面的第一实施方式中,所述更新包携带第二密码算法,所述第二密码算法用于指示所述待更新设备验证所述更新包使用的密码算法,所述第二密码算法不包括所述目标密码算法。With reference to the second aspect of the present invention, in the first embodiment of the second aspect of the present invention, the update packet carries a second cryptographic algorithm, where the second cryptographic algorithm is used to indicate that the device to be updated verifies the use of the update package. A cryptographic algorithm, the second cryptographic algorithm not including the target cryptographic algorithm.
结合本发明第二方面或本发明第二方面的第一实施方式,本发明第二方面的第二实施方式中,所述服务器指定所述安全链接请求对应的第一密码算法包括:With reference to the second aspect of the present invention or the first embodiment of the second aspect of the present invention, in the second implementation manner of the second aspect of the present invention, the server specifies that the first cryptographic algorithm corresponding to the secure link request includes:
所述服务器根据所述安全链接请求确定所述待更新设备中的密码算法集合,所述密码算法集合至少包含两种密码算法;Determining, by the server, a set of cryptographic algorithms in the device to be updated according to the secure link request, where the cryptographic algorithm set includes at least two cipher algorithms;
所述服务器判断所述密码算法集合中是否包含所述目标密码算法;Determining, by the server, whether the target cryptographic algorithm is included in the cryptographic algorithm set;
若是,则所述服务器确定所述密码算法集合中除了所述目标密码算法外的其他密码算法,并从所述其他密码算法中选择第一密码算法。If so, the server determines other cryptographic algorithms in the set of cryptographic algorithms other than the target cryptographic algorithm, and selects the first cryptographic algorithm from the other cryptographic algorithms.
本发明第三方面提供了一种待更新设备,包括:A third aspect of the present invention provides a device to be updated, including:
检测模块,用于检测服务器发出的更新信号,所述更新信号用于指示系统存在更新包,所述更新包用于指示所述待更新设备将目标密码算法禁用;a detection module, configured to detect an update signal sent by the server, where the update signal is used to indicate that the system has an update package, where the update package is used to indicate that the device to be updated disables the target cryptographic algorithm;
发送模块,用于向所述服务器发送安全链接请求;a sending module, configured to send a secure link request to the server;
第一建立模块,用于使用所述服务器指定的第一密码算法与所述服务器建立安全链接,所述第一密码算法不包括所述目标密码算法;a first establishing module, configured to establish a secure link with the server by using a first cryptographic algorithm specified by the server, where the first cryptographic algorithm does not include the target cryptographic algorithm;
接收模块,用于通过所述第一建立模块建立的所述安全链接接收所述服务器发送的所述更新包;a receiving module, configured to receive, by using the secure link established by the first establishing module, the update package sent by the server;
更新模块,用于根据所述接收模块接收的所述更新包进行更新。And an update module, configured to update according to the update package received by the receiving module.
结合本发明第三方面,本发明第三方面的第一实施方式中,所述更新包携带第二密码算法,所述第二密码算法用于指示所述待更新设备验证所述更新包使用的密码算法,所述第二密码算法不包括所述目标密码算法;With reference to the third aspect of the present invention, in the first embodiment of the third aspect of the present invention, the update packet carries a second cryptographic algorithm, where the second cryptographic algorithm is used to indicate that the device to be updated verifies the use of the update package. a cryptographic algorithm, the second cryptographic algorithm not including the target cryptographic algorithm;
所述更新模块包括:The update module includes:
验证单元,用于使用所述第二密码算法对所述更新包进行验证;a verification unit, configured to verify the update package by using the second cryptographic algorithm;
禁用单元,用于当所述验证单元确定所述更新包验证通过时,根据所述更 新包将所述目标密码算法禁用。a disabling unit, configured to, when the verification unit determines that the update package is verified, according to the The new package disables the target cryptographic algorithm.
结合本发明第三方面的第一实施方式,本发明第三方面的第二实施方式中,所述待更新设备还包括:With reference to the first embodiment of the third aspect of the present invention, in the second implementation manner of the third aspect, the device to be updated further includes:
第二建立模块,用于建立算法使用表,所述算法使用表用于指示所述待更新设备可以使用的密码算法及禁止使用的密码算法;a second establishing module, configured to establish an algorithm usage table, where the algorithm uses a table to indicate a cryptographic algorithm that can be used by the device to be updated and a cipher algorithm that is prohibited from being used;
所述禁用单元包括:The disabling unit includes:
标识子单元,用于在所述算法使用表中将所述目标密码算法标识为所述禁止使用的密码算法。An identifier subunit, configured to identify the target cryptographic algorithm as the banned cryptographic algorithm in the algorithm usage table.
结合本发明第三方面、本发明第三方面的第一实施方式或第二实施方式,本发明第三方面的第三实施方式中,所述第一建立模块包括:With reference to the third aspect of the present invention, the first embodiment or the second embodiment of the third aspect of the present invention, in the third implementation manner of the third aspect, the first establishing module includes:
接收单元,用于接收所述服务器发送的所述第一密码算法对应的公钥;a receiving unit, configured to receive a public key corresponding to the first cryptographic algorithm sent by the server;
检验单元,用于检验所述接收单元接收的所述公钥;a verification unit, configured to check the public key received by the receiving unit;
生成单元,用于当所述检验单元确定所述公钥通过检验时,生成对称密钥;a generating unit, configured to generate a symmetric key when the checking unit determines that the public key passes the verification;
加密单元,用于使用所述公钥加密所述对称密钥;An encryption unit, configured to encrypt the symmetric key by using the public key;
发送单元,用于向所述服务器发送加密后的对称密钥,所述对称密钥用于所述服务器加密向所述待更新设备发送的数据,及所述待更新设备解密所述服务器发送的数据。a sending unit, configured to send, to the server, an encrypted symmetric key, where the symmetric key is used by the server to encrypt data sent to the to-be-updated device, and the to-be-updated device decrypts the sent by the server data.
结合本发明第三方面、本发明第三方面的第一实施方式或第二实施方式,本发明第三方面的第四实施方式中,所述待更新设备包括移动终端或基站。With reference to the third aspect of the present invention, the first embodiment or the second embodiment of the third aspect of the present invention, in the fourth implementation manner of the third aspect of the present invention, the device to be updated includes a mobile terminal or a base station.
本发明第四方面提供了一种服务器,包括:A fourth aspect of the present invention provides a server, including:
第一发送模块,用于发出更新信号,所述更新信号用于指示待更新设备将目标密码算法禁用;a first sending module, configured to send an update signal, where the update signal is used to indicate that the device to be updated disables the target cryptographic algorithm;
接收模块,用于接收所述待更新设备发送的安全链接请求;a receiving module, configured to receive a secure link request sent by the device to be updated;
指定模块,用于指定所述安全链接请求对应的第一密码算法,并将所述第一密码算法告知所述待更新设备,所述第一密码算法不包括所述目标密码算法;a specifying module, configured to specify a first cryptographic algorithm corresponding to the secure link request, and notify the first cryptographic algorithm of the device to be updated, where the first cryptographic algorithm does not include the target cryptographic algorithm;
建立模块,用于使用所述指定模块指定的所述第一密码算法与所述待更新设备建立安全链接;Establishing a module, configured to establish a secure link with the device to be updated by using the first cryptographic algorithm specified by the specified module;
第二发送模块,用于通过所述建立模块建立的所述安全链接向待更新设备发送所述更新包。 And a second sending module, configured to send the update package to the device to be updated by using the secure link established by the establishing module.
结合本发明第四方面,本发明第四方面的第一实施方式中,所述指定模块包括:With reference to the fourth aspect of the present invention, in the first embodiment of the fourth aspect of the present invention, the specifying module includes:
确定单元,用于根据所述安全链接请求确定所述待更新设备中的密码算法集合,所述密码算法集合至少包含两种密码算法;a determining unit, configured to determine, according to the secure link request, a set of cryptographic algorithms in the device to be updated, where the cryptographic algorithm set includes at least two cryptographic algorithms;
判断单元,用于判断所述确定单元确定的密码算法集合中是否包含所述目标密码算法;a determining unit, configured to determine whether the target cryptographic algorithm is included in the cryptographic algorithm set determined by the determining unit;
选择单元,用于当所述判断单元确定所述密码算法集合中包含所述目标密码算法使,确定所述密码算法集合中除了所述目标密码算法外的其他密码算法,并从所述其他密码算法中选择第一密码算法。a selecting unit, configured to: when the determining unit determines that the target cryptographic algorithm is included in the cryptographic algorithm set, determine another cryptographic algorithm other than the target cryptographic algorithm in the cryptographic algorithm set, and from the other cryptographic algorithm The first cryptographic algorithm is selected in the algorithm.
本发明第五方面提供了一种待更新设备,包括:处理器及存储器;A fifth aspect of the present invention provides a device to be updated, including: a processor and a memory;
所述处理器用于执行以下流程:The processor is configured to perform the following processes:
检测服务器发出的更新信号,所述更新信号用于指示系统存在更新包,所述更新包用于指示所述待更新设备将目标密码算法禁用;Detecting an update signal sent by the server, the update signal is used to indicate that the system has an update package, and the update package is used to indicate that the device to be updated disables the target cryptographic algorithm;
向服务器发送安全链接请求;Send a secure link request to the server;
使用所述服务器指定的第一密码算法与所述服务器建立安全链接,所述第一密码算法不包括所述目标密码算法;Establishing a secure link with the server using a first cryptographic algorithm specified by the server, the first cryptographic algorithm not including the target cryptographic algorithm;
通过所述安全链接接收所述服务器发送的所述更新包;Receiving, by the secure link, the update package sent by the server;
根据所述更新包进行更新。Update according to the update package.
结合本发明第五方面,本发明第五方面的第一实施方式中,所述更新包携带第二密码算法,所述第二密码算法用于指示所述待更新设备验证所述更新包使用的密码算法,所述第二密码算法不包括所述目标密码算法;With reference to the fifth aspect of the present invention, in the first embodiment of the fifth aspect, the update packet carries a second cryptographic algorithm, where the second cryptographic algorithm is used to indicate that the device to be updated verifies the use of the update package. a cryptographic algorithm, the second cryptographic algorithm not including the target cryptographic algorithm;
所述处理器具体执行以下流程:The processor specifically performs the following processes:
使用所述第二密码算法对所述更新包进行验证,若验证通过,则根据所述更新包将所述目标密码算法禁用。The update package is verified using the second cryptographic algorithm, and if the verification is passed, the target cryptographic algorithm is disabled according to the update package.
结合本发明第五方面的第一实施方式,本发明第五方面的第二实施方式中,所述处理器还执行以下流程:With reference to the first embodiment of the fifth aspect of the present invention, in the second implementation manner of the fifth aspect of the present invention, the processor further performs the following process:
建立算法使用表,所述算法使用表用于指示所述待更新设备可以使用的密码算法及禁止使用的密码算法;Establishing an algorithm usage table, the algorithm usage table is used to indicate a cryptographic algorithm that can be used by the device to be updated, and a cipher algorithm that is prohibited from being used;
在所述算法使用表中将所述目标密码算法标识为所述禁止使用的密码算 法。Identifying the target cryptographic algorithm as the forbidden password calculation in the algorithm usage table law.
结合本发明第五方面、本发明第五方面的第一实施方式或第二实施方式,发明第五方面的第三实施方式中,所述处理器具体执行以下流程:With reference to the fifth aspect of the present invention, the first embodiment or the second embodiment of the fifth aspect of the present invention, in the third implementation manner of the fifth aspect of the present invention, the processor specifically performs the following process:
接收所述服务器发送的所述第一密码算法对应的公钥;Receiving a public key corresponding to the first cryptographic algorithm sent by the server;
检验所述公钥,若检验通过则生成对称密钥;Verifying the public key and generating a symmetric key if the test passes;
使用所述公钥加密所述对称密钥;Encrypting the symmetric key using the public key;
向所述服务器发送加密后的对称密钥,所述对称密钥用于所述服务器加密向所述待更新设备发送的数据,及所述待更新设备解密所述服务器发送的数据。Sending the encrypted symmetric key to the server, the symmetric key is used by the server to encrypt data sent to the device to be updated, and the device to be updated decrypts data sent by the server.
结合本发明第五方面、本发明第五方面的第一实施方式或第二实施方式,发明第五方面的第四实施方式中,所述待更新设备包括移动终端或基站。With reference to the fifth aspect of the present invention, the first embodiment or the second embodiment of the fifth aspect of the present invention, in the fourth implementation manner of the fifth aspect, the device to be updated includes a mobile terminal or a base station.
本发明第六方面提供了一种服务器,包括:中央处理器及存储介质;A sixth aspect of the present invention provides a server, including: a central processing unit and a storage medium;
所述中央处理器执行以下流程:The central processor performs the following processes:
发出更新信号,所述更新信号用于指示待更新设备将目标密码算法禁用;Sending an update signal, the update signal is used to indicate that the device to be updated disables the target cryptographic algorithm;
接收所述待更新设备发送的安全链接请求;Receiving a secure link request sent by the device to be updated;
指定所述安全链接请求对应的第一密码算法,并将所述第一密码算法告知所述待更新设备,所述第一密码算法不包括所述目标密码算法;Specifying a first cryptographic algorithm corresponding to the secure link request, and notifying the first cryptographic algorithm to the device to be updated, where the first cryptographic algorithm does not include the target cryptographic algorithm;
使用所述第一密码算法与所述待更新设备建立安全链接;Establishing a secure link with the device to be updated by using the first cryptographic algorithm;
通过所述安全链接向待更新设备发送所述更新包。The update package is sent to the device to be updated through the secure link.
结合本发明第六方面,本发明第六方面的第一实施方式中,所述中央处理器具体执行以下流程:With reference to the sixth aspect of the present invention, in the first implementation manner of the sixth aspect of the present invention, the central processing unit specifically performs the following processes:
根据所述安全链接请求确定所述待更新设备中的密码算法集合,所述密码算法集合至少包含两种密码算法;Determining, according to the secure link request, a set of cryptographic algorithms in the device to be updated, where the cryptographic algorithm set includes at least two cryptographic algorithms;
判断所述密码算法集合中是否包含所述目标密码算法;Determining whether the target cryptographic algorithm is included in the cryptographic algorithm set;
若是,则确定所述密码算法集合中除了所述目标密码算法外的其他密码算法,并从所述其他密码算法中选择第一密码算法。If yes, determine other cryptographic algorithms in the cryptographic algorithm set other than the target cryptographic algorithm, and select the first cryptographic algorithm from the other cryptographic algorithms.
从以上技术方案可以看出,本发明实施例具有以下优点:It can be seen from the above technical solutions that the embodiments of the present invention have the following advantages:
本发明实施例中,待更新设备检测到更新信号后,通过服务器指定的第一密码算法与服务器建立安全链接,并接收服务器发送的更新包,根据该更新包进行更新,该第一密码算法不包含更新包要求禁用的目标密码算法。也就是说, 本方案中服务器可以指定安全链接使用的密码算法,禁止使用低版本不安全的算法,从而避免恶意攻击,从而提高系统的安全性。In the embodiment of the present invention, after the device to be updated detects the update signal, the first cryptographic algorithm specified by the server establishes a secure link with the server, and receives the update package sent by the server, and updates according to the update package, the first cryptographic algorithm does not Contains the target cryptographic algorithm that the update package requires to be disabled. That is, In this solution, the server can specify the cryptographic algorithm used by the secure link, and it is forbidden to use the lower version of the insecure algorithm to avoid malicious attacks, thereby improving the security of the system.
附图说明DRAWINGS
为了更清楚地说明本发明实施例的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the present invention, Those skilled in the art can also obtain other drawings according to these drawings without paying any creative work.
图1是本发明实施例中算法更新方法的一个实施例示意图;1 is a schematic diagram of an embodiment of an algorithm update method in an embodiment of the present invention;
图2是本发明实施例中算法更新方法的另一实施例示意图;2 is a schematic diagram of another embodiment of an algorithm updating method in an embodiment of the present invention;
图3是本发明实施例中算法更新方法的另一实施例示意图;3 is a schematic diagram of another embodiment of an algorithm updating method in an embodiment of the present invention;
图4是本发明实施例中算法更新方法的另一实施例示意图;4 is a schematic diagram of another embodiment of an algorithm updating method according to an embodiment of the present invention;
图5是本发明实施例中待更新设备的一个实施例示意图;FIG. 5 is a schematic diagram of an embodiment of a device to be updated in an embodiment of the present invention; FIG.
图6是本发明实施例中待更新设备的另一实施例示意图;6 is a schematic diagram of another embodiment of an apparatus to be updated in an embodiment of the present invention;
图7是本发明实施例中服务器的一个实施例示意图;7 is a schematic diagram of an embodiment of a server in an embodiment of the present invention;
图8是本发明实施例中服务器的另一实施例示意图;8 is a schematic diagram of another embodiment of a server in an embodiment of the present invention;
图9是本发明实施例中待更新设备的另一实施例示意图;FIG. 9 is a schematic diagram of another embodiment of an apparatus to be updated in an embodiment of the present invention; FIG.
图10是本发明实施例中服务器的另一实施例示意图。FIG. 10 is a schematic diagram of another embodiment of a server in an embodiment of the present invention.
具体实施方式detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, but not all embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
本发明的说明书和权利要求书及上述附图中的术语“第一”、“第二”、“第三”“第四”等(如果存在)是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便这里描述的本发明的实施例能够以除了在这里图示或描述的那些以外的顺序实施。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、系统、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些 过程、方法、产品或设备固有的其它步骤或单元。The terms "first", "second", "third", "fourth", etc. (if present) in the specification and claims of the present invention and the above figures are used to distinguish similar objects without being used for Describe a specific order or order. It is to be understood that the data so used may be interchanged where appropriate, so that the embodiments of the invention described herein can be implemented in a sequence other than those illustrated or described herein. In addition, the terms "comprises" and "comprises" and "the" and "the" are intended to cover a non-exclusive inclusion, for example, a process, method, system, product, or device that comprises a series of steps or units is not necessarily limited to Those steps or units, but may include those that are not clearly listed or for these Other steps or units inherent to the process, method, product or device.
下面先以待更新设备的角度对本发明实施例中的算法更新方法进行描述,请参阅图1,本发明实施例中算法更新方法的一个实施例包括:The method for updating the algorithm in the embodiment of the present invention is described below with reference to FIG. 1. One embodiment of the algorithm updating method in the embodiment of the present invention includes:
101、待更新设备检测服务器发出的更新信号;101. The update signal sent by the device detection server to be updated;
当服务器确定系统中的目标密码算法是不安全的,或者由于其他原因需要将该目标密码算法禁用时,服务器会发出更新信号,待更新设备就可以通过后台的更新检测程序检测到该服务器发出的更新信号,该更新信号用于指示该待更新设备有新的升级包可用,该更新包用于指示待更新设备将目标密码算法禁用。When the server determines that the target cryptographic algorithm in the system is unsecure, or if the target cryptographic algorithm needs to be disabled for other reasons, the server sends an update signal, and the device to be updated can detect the utterance sent by the server through the background update detection program. And an update signal, the update signal is used to indicate that the device to be updated has a new upgrade package available, and the update package is used to indicate that the device to be updated disables the target password algorithm.
需要说明的是,密码算法均由设备的实体芯片中的软件部分实现的,对于某些密码算法,设备还可以调用硬件模块来加速实现相关的运算。本发明实施例中,目标密码算法可以是软件部分禁用的密码算法,也可以是硬件模块禁用的密码算法。It should be noted that the cryptographic algorithm is implemented by the software part of the physical chip of the device. For some cryptographic algorithms, the device can also invoke the hardware module to accelerate the implementation of related operations. In the embodiment of the present invention, the target cryptographic algorithm may be a cryptographic algorithm that is partially disabled by the software, or a cryptographic algorithm that is disabled by the hardware module.
102、待更新设备向该服务器发送安全链接请求;102. The device to be updated sends a secure link request to the server.
待更新设备检测到该服务器发出的更新信号后,向该服务器发送安全链接请求,该安全链接请求中包含该待更新设备的设备信息,该设备信息包括该待更新设备支持的密码算法集合,该密码算法集合中包含至少两种密码算法。After the device to be updated detects the update signal sent by the server, the device sends a secure link request to the server, where the secure link request includes device information of the device to be updated, and the device information includes a set of cryptographic algorithms supported by the device to be updated. The cryptographic algorithm set contains at least two cryptographic algorithms.
本发明实施例中,密码算法集合可以是设备中硬件模块支持的密码算法集合,也可以是设备的实体芯片中软件部分支持的密码算法集合,也可以是两者的组合,具体此处不作限定。In the embodiment of the present invention, the cryptographic algorithm set may be a cryptographic algorithm set supported by the hardware module in the device, or may be a cryptographic algorithm set supported by the software part of the physical chip of the device, or a combination of the two, which is not limited herein. .
103、待更新设备使用该服务器指定的第一密码算法与该服务器建立安全链接;103. The device to be updated establishes a secure link with the server by using a first cryptographic algorithm specified by the server;
服务器接收到待更新设备发送的安全链接请求后,指定建立安全链接使用的密码算法,该密码算法即第一密码算法,并将该第一密码算法告知待更新设备,待更新设备使用该服务器指定的第一密码算法与该服务器建立安全链接。需要说明的是,该第一密码算法不包括需要禁用的目标密码算法。After receiving the secure link request sent by the device to be updated, the server specifies a cryptographic algorithm used to establish a secure link, and the cryptographic algorithm is a first cryptographic algorithm, and the first cryptographic algorithm is notified to the device to be updated, and the device to be updated uses the server to specify The first cryptographic algorithm establishes a secure link with the server. It should be noted that the first cryptographic algorithm does not include a target cryptographic algorithm that needs to be disabled.
104、待更新设备通过该安全链接接收该服务器发送的更新包;104. The device to be updated receives the update package sent by the server by using the secure link.
待更新设备与服务器建立安全链接后,服务器确定与该待更新设备对应的更新包,通过该安全链接向服务器发送该更新包,待更新设备通过该安全链接 接收该服务器发送的更新包。After the device to be updated establishes a secure link with the server, the server determines an update package corresponding to the device to be updated, and sends the update package to the server through the secure link, and the device to be updated passes the secure link. Receive the update package sent by the server.
105、待更新设备根据该更新包进行更新。105. The device to be updated is updated according to the update package.
待更新设备接收到该服务器发送的更新包后,根据该更新包进行更新。After the device to be updated receives the update packet sent by the server, it updates according to the update package.
本发明实施例中,待更新设备检测到更新信号后,通过服务器指定的第一密码算法与服务器建立安全链接,并接收服务器发送的更新包,根据该更新包进行更新,该第一密码算法不包含更新包要求禁用的目标密码算法。也就是说,本方案中服务器可以指定安全链接使用的密码算法,禁止使用低版本不安全的算法,从而避免恶意攻击,从而提高系统的安全性。In the embodiment of the present invention, after the device to be updated detects the update signal, the first cryptographic algorithm specified by the server establishes a secure link with the server, and receives the update package sent by the server, and updates according to the update package, the first cryptographic algorithm does not Contains the target cryptographic algorithm that the update package requires to be disabled. That is to say, in this solution, the server can specify a cryptographic algorithm used by the secure link, prohibiting the use of a lower version of the insecure algorithm, thereby avoiding malicious attacks, thereby improving the security of the system.
为了便于理解,下面对本发明实施例中的算法更新方法进行详细描述,请参阅图2,本发明实施例中算法更新方法的另一实施例包括:For ease of understanding, the algorithm update method in the embodiment of the present invention is described in detail below. Referring to FIG. 2, another embodiment of the algorithm update method in the embodiment of the present invention includes:
201、待更新设备检测服务器发出的更新信号;201. An update signal sent by the device detection server to be updated;
本发明实施例中,待更新设备可以是移动终端,可以是基站,还可以是其他基于ARM架构的设备,具体此处不作限定。In the embodiment of the present invention, the device to be updated may be a mobile terminal, and may be a base station, or may be another device based on an ARM architecture, which is not limited herein.
当服务器确定系统中的目标密码算法是不安全的,或者由于其他原因需要将该目标密码算法禁用时,服务器会发出更新信号,待更新设备就可以通过后台的更新检测程序检测到该服务器发出的更新信号,该更新信号用于指示该待更新设备有新的更新包可用,该更新包用于指示待更新设备将目标密码算法禁用。When the server determines that the target cryptographic algorithm in the system is unsecure, or if the target cryptographic algorithm needs to be disabled for other reasons, the server sends an update signal, and the device to be updated can detect the utterance sent by the server through the background update detection program. And an update signal, the update signal is used to indicate that the device to be updated has a new update package, and the update package is used to indicate that the device to be updated disables the target password algorithm.
需要说明的是,密码算法均由设备的实体芯片中的软件部分实现的,对于某些密码算法,设备还可以调用硬件模块来加速实现相关的运算。本发明实施例中,目标密码算法可以是软件部分禁用的密码算法,也可以是硬件模块禁用的密码算法。It should be noted that the cryptographic algorithm is implemented by the software part of the physical chip of the device. For some cryptographic algorithms, the device can also invoke the hardware module to accelerate the implementation of related operations. In the embodiment of the present invention, the target cryptographic algorithm may be a cryptographic algorithm that is partially disabled by the software, or a cryptographic algorithm that is disabled by the hardware module.
202、待更新设备向该服务器发送安全链接请求;202. The device to be updated sends a secure link request to the server.
待更新设备检测到该服务器发出的更新信号后,向该服务器发送安全链接请求,该安全链接请求中包含该待更新设备的设备信息,该设备信息包括该待更新设备支持的密码算法集合,该密码算法集合中包含至少两种密码算法。该设备信息还可以包括该待更新设备支持的通信协议版本、该待更新设备支持的压缩版本等信息。还可以包括其他信息,具体此处不作限定。After the device to be updated detects the update signal sent by the server, the device sends a secure link request to the server, where the secure link request includes device information of the device to be updated, and the device information includes a set of cryptographic algorithms supported by the device to be updated. The cryptographic algorithm set contains at least two cryptographic algorithms. The device information may further include information such as a communication protocol version supported by the device to be updated, a compressed version supported by the device to be updated, and the like. Other information may also be included, which is not limited herein.
本发明实施例中,密码算法集合可以是设备中硬件模块支持的密码算法集 合,也可以是设备的实体芯片中软件部分支持的密码算法集合,也可以是两者的组合,具体此处不作限定。In the embodiment of the present invention, the cryptographic algorithm set may be a cryptographic algorithm set supported by the hardware module in the device. The combination of the cryptographic algorithms supported by the software part of the physical chip of the device may also be a combination of the two, which is not limited herein.
203、待更新设备使用该服务器指定的第一密码算法与该服务器建立安全链接;203. The device to be updated establishes a secure link with the server by using a first cryptographic algorithm specified by the server.
服务器接收到待更新设备发送的安全链接请求后,指定建立安全链接使用的密码算法,该密码算法即第一密码算法,并将该第一密码算法告知待更新设备,待更新设备使用该服务器指定的第一密码算法与该服务器建立安全链接。需要说明的是,该第一密码算法不包括需要禁用的目标密码算法。After receiving the secure link request sent by the device to be updated, the server specifies a cryptographic algorithm used to establish a secure link, and the cryptographic algorithm is a first cryptographic algorithm, and the first cryptographic algorithm is notified to the device to be updated, and the device to be updated uses the server to specify The first cryptographic algorithm establishes a secure link with the server. It should be noted that the first cryptographic algorithm does not include a target cryptographic algorithm that needs to be disabled.
待更新设备可以根据HTTPS协议与服务器建立安全链接,具体地,服务器接收到待更新设备发送的安全链接请求后,根据安全链接中的设备信息确定与该待更新设备通信使用的加密通信协议版本,确定通信使用的加密算法之后,将这些信息告知待更新设备,同时向更新设备发送服务器证书,该服务器证书包含公钥等信息,待更新设备接收该公钥,并检验该公钥是否有效,具体可以检验颁发机构是否合法,证书是否过期等,当待更新设备确定该公钥有效后,生成一个随机值,然后使用该公钥对该随机值进行加密,并向服务器发送该随机值,服务器用该公钥对应的私钥解密得到该随机值,该随机值即对称密钥,该对称密钥用于服务器加密向该待更新设备发送的数据,还用于待更新设备解密该服务器发送的数据。由此,待更新设备与服务器完成安全链接的建立,随后双方之间传送的信息都采用该第一密码算法及该对称密钥进行加密。The device to be updated may establish a secure link with the server according to the HTTPS protocol. Specifically, after receiving the secure link request sent by the device to be updated, the server determines the version of the encrypted communication protocol used for communication with the device to be updated according to the device information in the secure link. After determining the encryption algorithm used by the communication, the information is notified to the device to be updated, and the server certificate is sent to the update device. The server certificate contains information such as a public key, and the device to be updated receives the public key, and checks whether the public key is valid. It can check whether the issuing authority is legal, whether the certificate expires, etc., when the device to be updated determines that the public key is valid, generates a random value, and then uses the public key to encrypt the random value, and sends the random value to the server, and the server uses The private key corresponding to the public key is decrypted to obtain the random value, and the random value is a symmetric key, where the symmetric key is used by the server to encrypt data sent to the device to be updated, and is also used for the device to be updated to decrypt the data sent by the server. . Thereby, the device to be updated and the server complete the establishment of the secure link, and then the information transmitted between the two parties is encrypted by using the first cryptographic algorithm and the symmetric key.
待更新设备还可以通过其他方式建立安全链接,具体此处不作限定。The device to be updated may also establish a secure link by other means, which is not limited herein.
204、待更新设备通过该安全链接接收该服务器发送的更新包。204. The device to be updated receives the update package sent by the server by using the secure link.
待更新设备与服务器建立安全链接后,服务器确定与该待更新设备对应的更新包,通过该安全链接向服务器发送该更新包,待更新设备通过该安全链接接收该服务器发送的更新包。需要说明的是,该更新包可以携带第二密码算法,第二密码算法用于指示待更新设备验证该更新包使用的密码算法,第二密码算法不包括目标密码算法。After the device to be updated establishes a secure link with the server, the server determines an update package corresponding to the device to be updated, and sends the update package to the server through the secure link, and the device to be updated receives the update package sent by the server through the secure link. It should be noted that the update packet may carry a second cryptographic algorithm, where the second cryptographic algorithm is used to indicate that the device to be updated verifies the cryptographic algorithm used by the update packet, and the second cryptographic algorithm does not include the target cryptographic algorithm.
205、待更新设备使用第二密码算法对该更新包进行验证,若验证通过,则执行步骤206,若验证不通过,则执行步骤207;205, the device to be updated uses the second cryptographic algorithm to verify the update package, if the verification is passed, step 206 is performed, if the verification fails, step 207 is performed;
待更新设备接收到更新包后,根据该更新包上的指示,使用第二密码算法 对该更新包进行验证,检验该更新包是否有来自运营商或设备商的合法签名,如果签名合法,则验证通过,待更新设备执行步骤206,如果签名不合法,则验证不通过,待更新设备执行步骤207。After receiving the update package, the device to be updated uses the second cryptographic algorithm according to the indication on the update package. The verification package is verified to verify whether the update package has a legal signature from the operator or the device vendor. If the signature is legal, the verification is passed. If the device is to be updated, step 206 is performed. If the signature is invalid, the verification fails, and the verification is not completed. The device performs step 207.
206、待更新设备根据该更新包将目标密码算法禁用;206. The device to be updated disables the target password algorithm according to the update package.
当待更新设备确定该更新包通过验证时,待更新设备根据该更新包将目标密码算法禁用。When the device to be updated determines that the update package passes the verification, the device to be updated disables the target cryptographic algorithm according to the update package.
207、待更新设备执行其他流程。207. The device to be updated performs other processes.
当待更新设备确定该更新包不通过验证时,可以提示更新失败,可以复位至出厂状态,还可以执行其他流程,具体此处不作限定。When the device to be updated determines that the update packet does not pass the verification, the update may be prompted to be reset, and may be reset to the factory state, and other processes may be performed, which are not limited herein.
本发明实施例中,待更新设备检测到更新信号后,通过服务器指定的第一密码算法与服务器建立安全链接,并接收服务器发送的更新包,根据该更新包进行更新,该第一密码算法不包含更新包要求禁用的目标密码算法。也就是说,本方案中服务器可以指定安全链接使用的密码算法,禁止使用低版本不安全的算法,从而避免恶意攻击,从而提高系统的安全性。In the embodiment of the present invention, after the device to be updated detects the update signal, the first cryptographic algorithm specified by the server establishes a secure link with the server, and receives the update package sent by the server, and updates according to the update package, the first cryptographic algorithm does not Contains the target cryptographic algorithm that the update package requires to be disabled. That is to say, in this solution, the server can specify a cryptographic algorithm used by the secure link, prohibiting the use of a lower version of the insecure algorithm, thereby avoiding malicious attacks, thereby improving the security of the system.
其次,本发明实施例中,更新包中携带第二密码算法,使得待更新设备可以使用第二密码算法对更新包进行验证,再根据验证结果完成更新,该第二密码算法不包含更新包要求禁用的目标密码算法。也就是说本方案中待更新设备禁止使用不安全的算法对更新包进行校验,进一步提高了系统的安全性。In the embodiment of the present invention, the update packet carries the second cryptographic algorithm, so that the device to be updated can use the second cryptographic algorithm to verify the update package, and then complete the update according to the verification result, and the second cryptographic algorithm does not include the update package requirement. Disabled target cryptographic algorithm. That is to say, the device to be updated in the solution prohibits the use of an insecure algorithm to verify the update package, thereby further improving the security of the system.
基于上述图2对应的实施例,在本发明实施例中算法更新方法的另一实施例中,待更新设备检测服务器发出的更新信号之前,待更新设备还可以建立算法使用表,该算法使用表用于指示待更新设备可以使用的密码算法及禁止使用的密码算法。待更新设备建立算法使用表后,可以根据更新包刷新该算法使用表。具体地,待更新设备接收到服务器发送的更新包,且该更新包检验通过后,在该算法使用表中将该目标密码算法标识为禁止使用的密码算法。具体地,待更新设备可以用标志位置“1”表示可以使用的密码算法,置“0”表示禁止使用的密码算法。In another embodiment of the method for updating an algorithm in the embodiment of the present invention, before the device to be updated detects the update signal sent by the server, the device to be updated may further establish an algorithm usage table, and the algorithm uses the table. A cryptographic algorithm used to indicate that the device to be updated can be used and a cryptographic algorithm that is prohibited from being used. After the device establishment algorithm uses the table to be updated, the algorithm usage table may be refreshed according to the update package. Specifically, the device to be updated receives the update packet sent by the server, and after the verification packet is verified, the target password algorithm is identified in the algorithm usage table as a password algorithm that is prohibited from being used. Specifically, the device to be updated may use a flag position "1" to indicate a cryptographic algorithm that can be used, and a "0" to indicate a cipher algorithm that is prohibited from being used.
需要说明的是,该密码算法使用表中指示的密码算法可以是芯片的软件部分中的密码算法,也可以是设备的硬件模块中的密码算法。It should be noted that the cryptographic algorithm indicated in the cryptographic algorithm using the table may be a cryptographic algorithm in the software part of the chip or a cryptographic algorithm in the hardware module of the device.
还需要说明的是,对于硬件模块的密码算法使用表,如果该硬件模块中实 现某些密码算法的单元被证明存在安全问题,操作系统同样可以将这些单元对应密码算法标识为禁止使用的密码算法。对于软件部分的密码算法使用表,如果更新包中包含软件部分新增的密码算法,待更新设备可以根据该更新包在该算法使用表上新增该密码算法,并标识为可以使用的密码算法。It should also be noted that the table is used for the cryptographic algorithm of the hardware module, if the hardware module is Some units of cryptographic algorithms are now proven to have security problems, and the operating system can also identify these unit-specific cryptographic algorithms as banned cryptographic algorithms. For the cryptographic algorithm usage table of the software part, if the update package includes a new cryptographic algorithm in the software part, the device to be updated may add the cryptographic algorithm to the algorithm usage table according to the update package, and identify the cryptographic algorithm as available. .
本发明实施例中,待更新设备可以建立并维护算法使用表,该算法使用表可以指示待更新设备可以使用的密码算法及禁止使用的密码算法,提高了方案的灵活性。In the embodiment of the present invention, the device to be updated may establish and maintain an algorithm usage table, where the algorithm usage table may indicate a cryptographic algorithm that can be used by the device to be updated and a cipher algorithm that is prohibited from being used, thereby improving the flexibility of the solution.
上面从待更新设备的角度介绍了本发明实施例中的算法更新方法,下面从服务器的角度介绍本发明实施例中的算法更新方法,本发明实施例中算法更新方法的另一实施例包括:The algorithm update method in the embodiment of the present invention is introduced from the perspective of the device to be updated. The algorithm update method in the embodiment of the present invention is introduced from the perspective of the server. Another embodiment of the algorithm update method in the embodiment of the present invention includes:
301、服务器发出更新信号;301. The server sends an update signal.
当目标密码算法可能被攻击者攻破,或者由于其他原因导致该密码算法的实现出现问题时,服务器会发出更新信号,该更新信号用于指示待更新设备由新的更新包可用,该更新包用于指示待更新设备将目标密码算法禁用。When the target cryptographic algorithm may be attacked by an attacker, or the implementation of the cryptographic algorithm is problematic due to other reasons, the server sends an update signal indicating that the device to be updated is available by the new update package, and the update package is used. The target password algorithm is disabled for indicating that the device to be updated.
需要说明的是,密码算法均由设备的实体芯片中的软件部分实现的,对于某些密码算法,设备还可以调用硬件模块来加速实现相关的运算。本发明实施例中,目标密码算法可以是设备的软件部分禁用的密码算法,也可以是设备的硬件模块禁用的密码算法。待更新设备可以是移动终端,可以是基站还可以是其他基于ARM架构的设备,具体此处不作限定。It should be noted that the cryptographic algorithm is implemented by the software part of the physical chip of the device. For some cryptographic algorithms, the device can also invoke the hardware module to accelerate the implementation of related operations. In the embodiment of the present invention, the target cryptographic algorithm may be a cryptographic algorithm that is disabled by the software part of the device, or a cryptographic algorithm that is disabled by the hardware module of the device. The device to be updated may be a mobile terminal, and may be a base station or other device based on the ARM architecture, which is not limited herein.
302、服务器接收待更新设备发送的安全链接请求;302. The server receives a secure link request sent by the device to be updated.
服务器发出更新信号后,待更新设备检测到该更新信号,并向服务器发送安全链接请求。After the server sends an update signal, the device to be updated detects the update signal and sends a secure link request to the server.
303、服务器指定安全链接请求对应的第一密码算法,并将第一密码算法告知该待更新设备;303. The server specifies a first cryptographic algorithm corresponding to the secure link request, and notifies the first cryptographic algorithm to the device to be updated.
服务器接收安全链接请求后,根据该安全链接请求确定第一密码算法,并将第一密码算法告知该待更新设备,该第一密码算法不包括目标密码算法。After receiving the secure link request, the server determines the first cryptographic algorithm according to the secure link request, and notifies the first cryptographic algorithm to the device to be updated, the first cryptographic algorithm does not include the target cryptographic algorithm.
304、服务器使用第一密码算法与该待更新设备建立安全链接;304. The server establishes a secure link with the device to be updated by using a first cryptographic algorithm.
服务器确定并告知待更新设备第一密码算法后,通过第一密码算法与该待更新设备建立安全链接。 After the server determines and informs the device to update the first cryptographic algorithm, the server establishes a secure link with the device to be updated by using the first cryptographic algorithm.
305、服务器通过该安全链接向待更新设备发送更新包。305. The server sends the update package to the device to be updated through the secure link.
服务器与待更新设备建立完成安全链接后,通过该安全链接向待更新设备发送更新包。After the server establishes a secure link with the device to be updated, the update package is sent to the device to be updated through the secure link.
本发明实施例中,服务器决定将待更新设备中的目标密码算法禁用时,发出更新信号,当服务器接收到待更新设备的安全链接请求后,指定第一密码算法,使用该密码算法与待更新设备建立安全链接,并通过该安全链接发送更新包,使得待更新设备根据该更新包进行更新,该第一密码算法不包含更新包要求禁用的目标密码算法。也就是说,本方案中服务器可以指定安全链接使用的密码算法,禁止使用低版本不安全的算法,从而避免恶意攻击,从而提高系统的安全性。In the embodiment of the present invention, when the server decides to disable the target cryptographic algorithm in the device to be updated, the server sends an update signal. When the server receives the secure link request of the device to be updated, the server specifies a first cryptographic algorithm, and uses the cryptographic algorithm to be updated. The device establishes a secure link and sends an update package through the secure link, so that the device to be updated is updated according to the update package, and the first cryptographic algorithm does not include a target cryptographic algorithm that the update package requires to be disabled. That is to say, in this solution, the server can specify a cryptographic algorithm used by the secure link, prohibiting the use of a lower version of the insecure algorithm, thereby avoiding malicious attacks, thereby improving the security of the system.
为了便于理解,下面从服务器的角度对本发明实施例中的算法更新方法进行详细描述,本发明实施例中算法更新方法的另一实施例包括:For ease of understanding, the algorithm update method in the embodiment of the present invention is described in detail from the perspective of a server. Another embodiment of the algorithm update method in the embodiment of the present invention includes:
401、服务器发出更新信号;401. The server sends an update signal.
当目标密码算法可能被攻击者攻破,或者由于其他原因导致该密码算法的实现出现问题时,服务器会发出更新信号,该更新信号用于指示待更新设备由新的更新包可用,该更新包用于指示待更新设备将目标密码算法禁用。When the target cryptographic algorithm may be attacked by an attacker, or the implementation of the cryptographic algorithm is problematic due to other reasons, the server sends an update signal indicating that the device to be updated is available by the new update package, and the update package is used. The target password algorithm is disabled for indicating that the device to be updated.
需要说明的是,密码算法均由设备的实体芯片中的软件部分实现的,对于某些密码算法,设备还可以调用硬件模块来加速实现相关的运算。本发明实施例中,目标密码算法可以是设备的软件部分禁用的密码算法,也可以是设备的硬件模块禁用的密码算法。待更新设备可以是移动终端,可以是基站还可以是其他基于ARM架构的设备,具体此处不作限定。It should be noted that the cryptographic algorithm is implemented by the software part of the physical chip of the device. For some cryptographic algorithms, the device can also invoke the hardware module to accelerate the implementation of related operations. In the embodiment of the present invention, the target cryptographic algorithm may be a cryptographic algorithm that is disabled by the software part of the device, or a cryptographic algorithm that is disabled by the hardware module of the device. The device to be updated may be a mobile terminal, and may be a base station or other device based on the ARM architecture, which is not limited herein.
402、服务器接收待更新设备发送的安全链接请求;402. The server receives a secure link request sent by the device to be updated.
服务器发出更新信号后,待更新设备检测到该更新信号,并向服务器发送安全链接请求。After the server sends an update signal, the device to be updated detects the update signal and sends a secure link request to the server.
403、服务器根据该安全链接请求确定该待更新设备中的密码算法集合;403. The server determines, according to the secure link request, a set of cryptographic algorithms in the device to be updated.
服务器接收到安全链接请求后,解析该安全链接请求,得到该待更新设备的设备信息,该设备信息包括该支持的密码算法集合,该密码算法集合中包含至少两种密码算法。该设备信息还可以包括该待更新设备支持的通信协议版本、该待更新设备支持的压缩版本等信息。还可以包括其他信息,具体此处不作限 定。After receiving the secure link request, the server parses the secure link request to obtain device information of the device to be updated, and the device information includes the supported cryptographic algorithm set, and the cryptographic algorithm set includes at least two cryptographic algorithms. The device information may further include information such as a communication protocol version supported by the device to be updated, a compressed version supported by the device to be updated, and the like. It can also include other information, which is not limited here. set.
本发明实施例中,密码算法集合可以是设备中硬件模块支持的密码算法集合,也可以是设备的实体芯片中软件部分支持的密码算法集合,具体此处不作限定。In the embodiment of the present invention, the cryptographic algorithm set may be a cryptographic algorithm set supported by the hardware module in the device, or may be a cryptographic algorithm set supported by the software part of the physical chip of the device, which is not limited herein.
404、服务器判断密码算法集合中是否包含目标密码算法,若是,则执行步骤405,若否,则执行步骤409;404, the server determines whether the cryptographic algorithm set contains the target cryptographic algorithm, and if so, step 405 is performed, and if not, step 409 is performed;
服务器确定待更新设备中的密码算法集合后,判断该密码算法集合中是否包含需要禁用的目标密码算法,若是,则执行步骤405,若否,则执行步骤409。After determining the cryptographic algorithm set in the device to be updated, the server determines whether the cryptographic algorithm set includes a target cryptographic algorithm that needs to be disabled. If yes, step 405 is performed, and if no, step 409 is performed.
405、服务器确定密码算法集合中除了目标密码算法外的其他密码算法,并从其他密码算法中选择第一密码算法;405. The server determines another cryptographic algorithm other than the target cryptographic algorithm in the cryptographic algorithm set, and selects the first cryptographic algorithm from other cryptographic algorithms;
当服务器确定该密码算法集合中存在该目标密码算法时,服务器确定密码算法集合中除了目标密码算法外的其他密码算法,并从其他密码算法中选择第一密码算法,作为与该待更新设备建立安全链接使用的密码算法。When the server determines that the target cryptographic algorithm exists in the cryptographic algorithm set, the server determines other cryptographic algorithms other than the target cryptographic algorithm in the cryptographic algorithm set, and selects the first cryptographic algorithm from other cryptographic algorithms to establish as the device to be updated. The cryptographic algorithm used by secure links.
406、服务器将该第一密码算法告知该待更新设备;406. The server notifies the first cryptographic algorithm to the device to be updated.
服务器确定第一密码算法后,将该第一密码算法告知待更新设备。After the server determines the first cryptographic algorithm, the first cryptographic algorithm is notified to the device to be updated.
407、服务器使用第一密码算法与该待更新设备建立安全链接;407. The server establishes a secure link with the device to be updated by using a first cryptographic algorithm.
服务器将第一密码算法告知待更新设备后,使用第一密码算法与待更新设备建立安全链接。After the server notifies the device to be updated by the first cryptographic algorithm, the first cryptographic algorithm is used to establish a secure link with the device to be updated.
具体地,服务器可以根据HTTPS协议与待更新设备建立安全链接,建立安全链接的过程中,服务器除了需要确定与待更新设备通信使用的加密算法,即第一密码算法外,还需要确定与该待更新设备通信使用的加密通信协议版本,确,将这些信息告知待更新设备,同时向更新设备发送服务器证书,该服务器证书包含公钥等信息,当待更新设备确定该公钥有效后,生成一个随机值,然后使用该公钥对该随机值进行加密,并向服务器发送该随机值,服务器用该公钥对应的私钥解密得到该随机值,该随机值即对称密钥,该对称密钥用于服务器加密向该待更新设备发送的数据,还用于待更新设备解密该服务器发送的数据。由此,待更新设备与服务器完成安全链接的建立,随后双方之间传送的信息都采用该第一密码算法及该对称密钥进行加密。Specifically, the server may establish a secure link with the device to be updated according to the HTTPS protocol. In the process of establishing a secure link, the server needs to determine the encryption algorithm used in communication with the device to be updated, that is, the first cryptographic algorithm. Updating the version of the encrypted communication protocol used by the device communication, and surely, notifying the device to be updated, and sending a server certificate to the update device, the server certificate containing information such as a public key, and generating a message when the device to be updated determines that the public key is valid. a random value, and then encrypting the random value by using the public key, and sending the random value to the server, and the server decrypts the random value corresponding to the public key corresponding to the public key, where the random value is a symmetric key, and the symmetric key The data sent by the server to the device to be updated is also used for decrypting the data sent by the server. Thereby, the device to be updated and the server complete the establishment of the secure link, and then the information transmitted between the two parties is encrypted by using the first cryptographic algorithm and the symmetric key.
服务器与待更新设备还可以通过其他方式建立安全链接,具体此处不作限 定。The server and the device to be updated can also establish a secure link by other means, which is not limited here. set.
408、服务器通过该安全链接向该待更新设备发送更新包;408. The server sends an update package to the to-be-updated device by using the secure link.
服务器与待更新设备完成安全链接的建立后,通过该安全链接向待更新设备发送更新包。需要说明的是,该更新包可以携带第二密码算法,以使得待更新设备能够根据该第二密码算法对更新包进行检验,并根据检验结果完成更新。需要说明的是该第二密码算法不包括目标密码算法。After the server and the device to be updated complete the establishment of the secure link, the update package is sent to the device to be updated through the secure link. It should be noted that the update package may carry a second cryptographic algorithm, so that the device to be updated can check the update package according to the second cryptographic algorithm, and complete the update according to the check result. It should be noted that the second cryptographic algorithm does not include the target cryptographic algorithm.
409、服务器执行其他流程。409. The server executes other processes.
当服务器确定该密码算法集合中不存在该目标密码算法时,服务器执行其他流程。When the server determines that the target cryptographic algorithm does not exist in the cryptographic algorithm set, the server performs other processes.
本发明实施例中,服务器决定将待更新设备中的目标密码算法禁用时,发出更新信号,当服务器接收到待更新设备的安全链接请求后,指定第一密码算法,使用该密码算法与待更新设备建立安全链接,并通过该安全链接发送更新包,使得待更新设备根据该更新包进行更新,该第一密码算法不包含更新包要求禁用的目标密码算法。也就是说,本方案中服务器可以指定安全链接使用的密码算法,禁止使用低版本不安全的算法,从而避免恶意攻击,从而提高系统的安全性。In the embodiment of the present invention, when the server decides to disable the target cryptographic algorithm in the device to be updated, the server sends an update signal. When the server receives the secure link request of the device to be updated, the server specifies a first cryptographic algorithm, and uses the cryptographic algorithm to be updated. The device establishes a secure link and sends an update package through the secure link, so that the device to be updated is updated according to the update package, and the first cryptographic algorithm does not include a target cryptographic algorithm that the update package requires to be disabled. That is to say, in this solution, the server can specify a cryptographic algorithm used by the secure link, prohibiting the use of a lower version of the insecure algorithm, thereby avoiding malicious attacks, thereby improving the security of the system.
其次,本发明实施例中,提供了一种服务器确定第一密码算法的具体过程,提高了方案的可实现性。Secondly, in the embodiment of the present invention, a specific process for determining a first cryptographic algorithm by a server is provided, and the achievability of the solution is improved.
再次,本发明实施例中,更新包可以携带第二密码算法,使得待更新设备能够使用该第二密码算法对更新包进行验证,并根据验证结果完成更新,该第二密码算法不包括目标密码算法。也就是说待更新设备在验证更新包的过程中不会使用到不安全的密码算法,进一步提高了系统的安全性。In the embodiment of the present invention, the update package may carry the second cryptographic algorithm, so that the device to be updated can use the second cryptographic algorithm to verify the update package, and complete the update according to the verification result, where the second cryptographic algorithm does not include the target password. algorithm. That is to say, the device to be updated does not use an insecure cryptographic algorithm in the process of verifying the update package, which further improves the security of the system.
为了便于理解,下面以一实际应用场景对本发明实施例中算法更新方法进行详细描述:For ease of understanding, the algorithm update method in the embodiment of the present invention is described in detail in an actual application scenario:
手机A能够实现DES算法、AES算法和3DES算法,且该三种算法均能够调用手机中的加速实现,手机A在操作系统中增加一个算法使用表,该算法使用表用于指示硬件模块中可以使用的密码算法及禁止使用的密码算法,如表1所示,其中“0”表示不可用,“1”表示可用。Mobile phone A can implement DES algorithm, AES algorithm and 3DES algorithm, and all three algorithms can call the acceleration implementation in the mobile phone. Mobile phone A adds an algorithm usage table in the operating system, and the algorithm uses a table to indicate that the hardware module can The cryptographic algorithm used and the banned cryptographic algorithm are shown in Table 1, where "0" means unavailable and "1" means available.
表1 Table 1
算法algorithm 状态status
DESDES 11
AESAES 11
3DES3DES 11
现在,手机A的运营商发现DES算法在使用硬件模块实现的过程中会被攻击者攻破,运营商服务器要通知其生成的手机将硬件模块上的DES算法禁用,运营商服务器发出更新信号,该更新信号用于指示运营商旗下的手机将硬件模块上的目标密码算法,即DES算法禁用。Now, the operator of mobile phone A finds that the DES algorithm will be attacked by the attacker in the process of using the hardware module, and the operator server notifies the generated mobile phone to disable the DES algorithm on the hardware module, and the operator server sends an update signal. The update signal is used to indicate that the handset of the operator's handset disables the target cryptographic algorithm on the hardware module, ie the DES algorithm.
手机A通过后台的更新检测程序检测到运营商服务器发出的更新信号,向该服务器发送安全链接请求,该安全链接请求中包含该手机的信息,信息用于告知服务器该手机支持的密码算法集合包括DES算法、AES算法和3DES算法。服务器得知该信息后,判断该密码算法中包含有需要禁用的DES算法,服务器密码算法集合中的其他算法中选择安全链接使用的加密算法,即从AES算法及3DES算法中选择,服务器选择AES算法作为安全链接使用的加密算法,即第一密码算法,服务器回应手机A的请求,告知手机A双方通信使用的加密算法为AES算法,并且将运营商服务器的公钥K发送至手机A,手机A使用存储运营商公钥的SHA256值来检验运营商服务器发送的公钥K,公钥K通过校验,手机A生成一个对称密钥S,手机A用公钥K对对称密钥S进行加密,并向运营商服务器发送加密后的对称密钥S,运营商服务器接收到对称密钥S后,用公钥K对应的私钥P解密得到对称密钥S,至此运营商服务器与手机A完成HTTPS安全链接的建立,随后,运营商服务器找到手机A对应的更新包B。运营商服务器使用第一密码算法AES算法及对称私钥S对更新包B进行加密,并将加密后的更新包B发送至手机A,手机A接收该更新包,并使用AES算法及私钥S解密得到该更新包B,手机A对更新包B的签名进行验证。更新包的签名通过验证,手机A根据更新包B将模块上的DES算法禁用,即手机A将不再调用硬件模块来加速实现DES算法,同时手机A更新硬件模块的算法使用表,将算法使用表中DES算法的标识为禁止使用的算法,即将DES对应的状态标识为“0”,见表2。The mobile phone A detects the update signal sent by the operator server through the background update detection program, and sends a secure link request to the server, where the secure link request includes information about the mobile phone, and the information is used to inform the server that the set of cryptographic algorithms supported by the mobile phone includes DES algorithm, AES algorithm and 3DES algorithm. After the server knows the information, it is determined that the cryptographic algorithm includes a DES algorithm that needs to be disabled, and other algorithms in the server cryptographic algorithm set select an encryption algorithm used by the secure link, that is, select from the AES algorithm and the 3DES algorithm, and the server selects AES. The algorithm uses the encryption algorithm used as the secure link, that is, the first cryptographic algorithm, the server responds to the request of the mobile phone A, and informs the mobile phone A that the encryption algorithm used by the communication between the two parties is the AES algorithm, and sends the public key K of the operator server to the mobile phone A, the mobile phone. A uses the SHA256 value of the storage operator's public key to verify the public key K sent by the operator's server. The public key K passes the check, the mobile phone A generates a symmetric key S, and the mobile phone A encrypts the symmetric key S with the public key K. And sending the encrypted symmetric key S to the operator server, and after receiving the symmetric key S, the operator server decrypts the private key P corresponding to the public key K to obtain the symmetric key S, and the operator server and the mobile phone A complete The establishment of the HTTPS secure link, and then the carrier server finds the update package B corresponding to the mobile phone A. The operator server encrypts the update package B by using the first cryptographic algorithm AES algorithm and the symmetric private key S, and sends the encrypted update package B to the mobile phone A, and the mobile phone A receives the update package, and uses the AES algorithm and the private key S. The update packet B is decrypted, and the mobile phone A verifies the signature of the update packet B. The signature of the update package is verified, and the mobile phone A disables the DES algorithm on the module according to the update package B, that is, the mobile phone A will no longer call the hardware module to accelerate the implementation of the DES algorithm, and the mobile phone A updates the algorithm usage table of the hardware module, and uses the algorithm. The identifier of the DES algorithm in the table is an algorithm that is forbidden to use, that is, the status corresponding to the DES is identified as "0", as shown in Table 2.
表2 Table 2
算法algorithm 状态status
DESDES 00
AESAES 11
3DES3DES 11
下面介绍本发明实施例中的待更新设备,请参阅图5,本发明实施例中待更新设备的一个实施例包括:The following describes the device to be updated in the embodiment of the present invention. Referring to FIG. 5, an embodiment of the device to be updated in the embodiment of the present invention includes:
检测模块501,用于检测服务器发出的更新信号,该更新信号用于指示系统存在更新包,该更新包用于指示该待更新设备将目标密码算法禁用;The detecting module 501 is configured to detect an update signal sent by the server, where the update signal is used to indicate that the system has an update package, where the update package is used to indicate that the device to be updated disables the target cryptographic algorithm;
发送模块502,用于向该服务器发送安全链接请求;a sending module 502, configured to send a secure link request to the server;
第一建立模块503,用于使用该服务器指定的第一密码算法与该服务器建立安全链接,该第一密码算法不包括该目标密码算法;a first establishing module 503, configured to establish a secure link with the server by using a first cryptographic algorithm specified by the server, where the first cryptographic algorithm does not include the target cryptographic algorithm;
接收模块504,用于通过第一建立模块503建立的安全链接接收服务器发送的更新包;The receiving module 504 is configured to receive, by using the secure link established by the first establishing module 503, an update package sent by the server;
更新模块505,用于根据接收模块504接收的更新包进行更新。The update module 505 is configured to update according to the update package received by the receiving module 504.
本发明实施例中,检测模块501检测到更新信号后,发送模块502向服务器发送安全链接请求,第一建立模块503通过服务器指定的第一密码算法与服务器建立安全链接,接收模块504接收服务器发送的更新包,更新模块505根据该更新包进行更新,该第一密码算法不包含更新包要求禁用的目标密码算法。也就是说,本方案中服务器可以指定安全链接使用的密码算法,禁止使用低版本不安全的算法,从而避免恶意攻击,从而提高系统的安全性。In the embodiment of the present invention, after the detection module 501 detects the update signal, the sending module 502 sends a secure link request to the server, the first establishing module 503 establishes a secure link with the server by using the first cryptographic algorithm specified by the server, and the receiving module 504 receives the server. The update package 505 is updated according to the update package, and the first cryptographic algorithm does not include a target cryptographic algorithm that the update package requires to be disabled. That is to say, in this solution, the server can specify a cryptographic algorithm used by the secure link, prohibiting the use of a lower version of the insecure algorithm, thereby avoiding malicious attacks, thereby improving the security of the system.
为了便于理解,下面对本发明实施例中的待更新设备进行详细描述,请参阅图6,本发明实施例中待更新设备的另一实施例包括:For ease of understanding, the device to be updated in the embodiment of the present invention is described in detail below. Referring to FIG. 6, another embodiment of the device to be updated in the embodiment of the present invention includes:
检测模块601,用于检测服务器发出的更新信号,该更新信号用于指示系统存在更新包,该更新包用于指示该待更新设备将目标密码算法禁用;The detecting module 601 is configured to detect an update signal sent by the server, where the update signal is used to indicate that the system has an update package, where the update package is used to indicate that the device to be updated disables the target cryptographic algorithm;
发送模块602,用于向该服务器发送安全链接请求;a sending module 602, configured to send a secure link request to the server;
第一建立模块603,用于使用该服务器指定的第一密码算法与该服务器建立安全链接,该第一密码算法不包括该目标密码算法;a first establishing module 603, configured to establish a secure link with the server by using a first cryptographic algorithm specified by the server, where the first cryptographic algorithm does not include the target cryptographic algorithm;
接收模块604,用于通过第一建立模块603建立的安全链接接收服务器发送的更新包,该更新包携带第二密码算法,该第二密码算法用于指示该待更新 设备验证更新包使用的密码算法,该第二密码算法不包括目标密码算法;The receiving module 604 is configured to receive, by using the secure link established by the first establishing module 603, an update package sent by the server, where the update packet carries a second cryptographic algorithm, where the second cryptographic algorithm is used to indicate that the packet is to be updated. The device verifies the cryptographic algorithm used by the update package, and the second cryptographic algorithm does not include the target cryptographic algorithm;
更新模块605,用于根据接收模块604接收的更新包进行更新;An update module 605, configured to update according to the update package received by the receiving module 604;
其中,更新模块605包括:The update module 605 includes:
验证单元6051,用于使用第二密码算法对更新包进行验证;a verification unit 6051, configured to verify the update package by using a second cryptographic algorithm;
禁用单元6052,用于当验证单元6051确定该更新包验证通过时,根据该更新包将该目标密码算法禁用。The disabling unit 6052 is configured to disable the target cipher algorithm according to the update package when the verification unit 6051 determines that the update package is verified.
可选地,第一建立模块603可以包括:Optionally, the first establishing module 603 may include:
接收单元6031,用于接收服务器发送的第一密码算法对应的公钥;The receiving unit 6031 is configured to receive a public key corresponding to the first cryptographic algorithm sent by the server;
检验单元6032,用于检验接收单元6031接收的公钥;The checking unit 6032 is configured to check the public key received by the receiving unit 6031;
生成单元6033,用于当检验单元确定公钥通过检验时,生成对称密钥;a generating unit 6033, configured to generate a symmetric key when the verification unit determines that the public key passes the verification;
加密单元6034,用于使用公钥加密对称密钥;An encryption unit 6034, configured to encrypt the symmetric key by using a public key;
发送单元6035,用于向服务器发送加密后的对称密钥,对称密钥用于服务器加密向待更新设备发送的数据,及待更新设备解密服务器发送的数据。The sending unit 6035 is configured to send the encrypted symmetric key to the server, where the symmetric key is used by the server to encrypt data sent to the device to be updated, and the data sent by the device decryption server to be updated.
可选地,本发明实施例中,待更新设备还可以包括:Optionally, in the embodiment of the present invention, the device to be updated may further include:
第二建立模块606,用于建立算法使用表,该算法使用表用于指示该待更新设备可以使用的密码算法及禁止使用的密码算法;a second establishing module 606, configured to establish an algorithm usage table, the algorithm uses a table to indicate a cryptographic algorithm that can be used by the device to be updated, and a cipher algorithm that is prohibited from being used;
禁用单元6052包括:The disabling unit 6052 includes:
标识子单元60521,用于在该算法使用表中将目标密码算法标识为禁止使用的密码算法。The identifier sub-unit 60521 is configured to identify the target cryptographic algorithm as a cipher algorithm forbidden in the algorithm usage table.
本发明实施例中,检测模块601检测到更新信号后,发送模块602向服务器发送安全链接请求,第一建立模块603通过服务器指定的第一密码算法与服务器建立安全链接,接收模块604接收服务器发送的更新包,更新模块605根据该更新包进行更新,该第一密码算法不包含更新包要求禁用的目标密码算法。也就是说,本方案中服务器可以指定安全链接使用的密码算法,禁止使用低版本不安全的算法,从而避免恶意攻击,从而提高系统的安全性。In the embodiment of the present invention, after the detecting module 601 detects the update signal, the sending module 602 sends a secure link request to the server, the first establishing module 603 establishes a secure link with the server by using the first cryptographic algorithm specified by the server, and the receiving module 604 receives the sending by the server. The update package 605 is updated according to the update package, and the first cryptographic algorithm does not include a target cryptographic algorithm that the update package requires to be disabled. That is to say, in this solution, the server can specify a cryptographic algorithm used by the secure link, prohibiting the use of a lower version of the insecure algorithm, thereby avoiding malicious attacks, thereby improving the security of the system.
其次,本发明实施例中,更新包中携带第二密码算法,更新模块605中的验证单元6051可以使用第二密码算法对更新包进行验证,再根据验证结果完成更新,该第二密码算法不包含更新包要求禁用的目标密码算法。也就是说本方案中待更新设备禁止使用不安全的算法对更新包进行校验,进一步提高了系 统的安全性。In the embodiment of the present invention, the update packet carries the second cipher algorithm, and the verification unit 6051 in the update module 605 can verify the update package by using the second cipher algorithm, and then complete the update according to the verification result, and the second cipher algorithm does not Contains the target cryptographic algorithm that the update package requires to be disabled. That is to say, the device to be updated in this solution prohibits the use of an unsafe algorithm to verify the update package, further improving the system. Security.
再次,本发明实施例中,第二建立模块606可以建立算法使用表,更新模块605中的标识子单元60521可以对该算法使用表进行更新,该算法使用表可以指示待更新设备可以使用的密码算法及禁止使用的密码算法,提高了方案的灵活性。In the embodiment of the present invention, the second establishing module 606 can establish an algorithm usage table, and the identifier sub-unit 60521 in the updating module 605 can update the algorithm usage table, and the algorithm usage table can indicate a password that can be used by the device to be updated. Algorithms and banned cryptographic algorithms increase the flexibility of the solution.
为了便于理解,下面以一具体应用场景对本发明实施例中各模块之间的交互进行详细描述:For the sake of easy understanding, the interaction between modules in the embodiment of the present invention is described in detail in a specific application scenario:
当服务器确定系统中的目标密码算法是不安全的,或者由于其他原因需要将该目标密码算法禁用时,服务器会发出更新信号,检测模块601就可以通过后台的更新检测程序检测到该服务器发出的更新信号,该更新信号用于指示该待更新设备有新的更新包可用,该更新包用于指示待更新设备将目标密码算法禁用。When the server determines that the target cryptographic algorithm in the system is unsecure, or if the target cryptographic algorithm needs to be disabled for other reasons, the server sends an update signal, and the detection module 601 can detect the utterance sent by the server through the background update detection program. And an update signal, the update signal is used to indicate that the device to be updated has a new update package, and the update package is used to indicate that the device to be updated disables the target password algorithm.
需要说明的是,密码算法均由设备的实体芯片中的软件部分实现的,对于某些密码算法,设备还可以调用硬件模块来加速实现相关的运算。本发明实施例中,目标密码算法可以是软件部分禁用的密码算法,也可以是硬件模块禁用的密码算法。It should be noted that the cryptographic algorithm is implemented by the software part of the physical chip of the device. For some cryptographic algorithms, the device can also invoke the hardware module to accelerate the implementation of related operations. In the embodiment of the present invention, the target cryptographic algorithm may be a cryptographic algorithm that is partially disabled by the software, or a cryptographic algorithm that is disabled by the hardware module.
检测模块601检测到该服务器发出的更新信号后,发送模块602向该服务器发送安全链接请求,该安全链接请求中包含该待更新设备的设备信息,该设备信息包括该待更新设备支持的密码算法集合,该密码算法集合中包含至少两种密码算法。该设备信息还可以包括该待更新设备支持的通信协议版本、该待更新设备支持的压缩版本等信息。还可以包括其他信息,具体此处不作限定。After the detecting module 601 detects the update signal sent by the server, the sending module 602 sends a secure link request to the server, where the secure link request includes device information of the device to be updated, and the device information includes a cryptographic algorithm supported by the device to be updated. A collection, the cryptographic algorithm set containing at least two cryptographic algorithms. The device information may further include information such as a communication protocol version supported by the device to be updated, a compressed version supported by the device to be updated, and the like. Other information may also be included, which is not limited herein.
密码算法集合可以是设备中硬件模块支持的密码算法集合,也可以是设备的实体芯片中软件部分支持的密码算法集合,也可以是两者的组合,具体此处不作限定。The cryptographic algorithm set may be a cryptographic algorithm set supported by the hardware module in the device, or may be a cryptographic algorithm set supported by the software part of the physical chip of the device, or a combination of the two, which is not limited herein.
服务器接收到待更新设备发送的安全链接请求后,指定建立安全链接使用的密码算法,该密码算法即第一密码算法,并将该第一密码算法告知待更新设备,第一建立模块603使用该服务器指定的第一密码算法与该服务器建立安全链接。需要说明的是,该第一密码算法不包括需要禁用的目标密码算法。After receiving the secure link request sent by the device to be updated, the server specifies a cryptographic algorithm used by the secure link, and the cryptographic algorithm is the first cryptographic algorithm, and the first cryptographic algorithm is notified to the device to be updated, and the first establishing module 603 uses the cryptographic algorithm. The first cryptographic algorithm specified by the server establishes a secure link with the server. It should be noted that the first cryptographic algorithm does not include a target cryptographic algorithm that needs to be disabled.
待更新设备可以根据HTTPS协议与服务器建立安全链接,具体地,服务 器接收到待更新设备发送的安全链接请求后,根据安全链接中的设备信息确定与该待更新设备通信使用的加密通信协议版本,确定通信使用的加密算法之后,将这些信息告知待更新设备,同时向更新设备发送服务器证书,该服务器证书包含公钥等信息,接收单元6031接收该公钥,检验单元6032检验该公钥是否有效,具体可以检验颁发机构是否合法,证书是否过期等,当待更新设备确定该公钥有效后,生成单元6033生成一个随机值,然后加密单元6034使用该公钥对该随机值进行加密,发送单元6035向服务器发送该随机值,服务器用该公钥对应的私钥解密得到该随机值,该随机值即对称密钥,该对称密钥用于服务器加密向该待更新设备发送的数据,还用于待更新设备解密该服务器发送的数据。由此,待更新设备与服务器完成安全链接的建立,随后双方之间传送的信息都采用该第一密码算法及该对称密钥进行加密。The device to be updated can establish a secure link with the server according to the HTTPS protocol, specifically, the service After receiving the secure link request sent by the device to be updated, the device determines the version of the encrypted communication protocol used for communication with the device to be updated according to the device information in the secure link, determines the encryption algorithm used by the communication, and then notifies the device to be updated. At the same time, the server certificate is sent to the update device, the server certificate contains information such as a public key, the receiving unit 6031 receives the public key, and the checking unit 6032 checks whether the public key is valid, and specifically, whether the issuing authority is legal, whether the certificate expires, etc. After the update device determines that the public key is valid, the generating unit 6033 generates a random value, and then the encryption unit 6034 encrypts the random value by using the public key, and the sending unit 6035 sends the random value to the server, and the server uses the private key corresponding to the public key. The key decryption obtains the random value, which is a symmetric key, which is used by the server to encrypt data sent to the device to be updated, and is also used by the device to be updated to decrypt data sent by the server. Thereby, the device to be updated and the server complete the establishment of the secure link, and then the information transmitted between the two parties is encrypted by using the first cryptographic algorithm and the symmetric key.
第一建立模块603还可以通过其他方式建立安全链接,具体此处不作限定。The first establishing module 603 can also establish a secure link by other means, which is not limited herein.
第一建立模块603与服务器建立安全链接后,服务器确定与该待更新设备对应的更新包,通过该安全链接向服务器发送该更新包,接收模块604通过该安全链接接收该服务器发送的更新包。需要说明的是,该更新包可以携带第二密码算法,第二密码算法用于指示待更新设备验证该更新包使用的密码算法,第二密码算法不包括目标密码算法。After the first establishing module 603 establishes a secure link with the server, the server determines an update package corresponding to the device to be updated, and sends the update package to the server through the secure link, and the receiving module 604 receives the update package sent by the server through the secure link. It should be noted that the update packet may carry a second cryptographic algorithm, where the second cryptographic algorithm is used to indicate that the device to be updated verifies the cryptographic algorithm used by the update packet, and the second cryptographic algorithm does not include the target cryptographic algorithm.
接收模块604接收到更新包后,根据该更新包上的指示,更新模块605中验证单元6051的使用第二密码算法对该更新包进行验证,检验该更新包是否有来自运营商或设备商的合法签名,如果签名合法,则验证通过,触发禁用单元6052。After receiving the update package, the receiving module 604, according to the instruction on the update package, the verification unit 6051 of the update module 605 uses the second cryptographic algorithm to verify the update package, and checks whether the update package has an operator or a device vendor. Legal signature, if the signature is legal, the verification passes, triggering the disable unit 6052.
当验证单元6051确定该更新包通过验证时,禁用单元6052根据该更新包将目标密码算法禁用。When the verification unit 6051 determines that the update package passes the verification, the disabling unit 6052 disables the target cryptographic algorithm according to the update package.
在本发明实施例中算法更新方法的另一实施例中,检测模块601检测服务器发出的更新信号之前,第二建立模块606还可以建立算法使用表,该算法使用表用于指示待更新设备可以使用的密码算法及禁止使用的密码算法。第二建立模块606建立算法使用表后,可以根据更新包刷新该算法使用表。具体地,接收模块604接收到服务器发送的更新包,且该更新包检验通过后,标识子单元60521在该算法使用表中将该目标密码算法标识为禁止使用的密码算法。具 体地,可以用标志位置“1”表示可以使用的密码算法,置“0”表示禁止使用的密码算法。In another embodiment of the algorithm updating method in the embodiment of the present invention, before the detecting module 601 detects the update signal sent by the server, the second establishing module 606 may further establish an algorithm usage table, where the algorithm usage table is used to indicate that the device to be updated may The cryptographic algorithm used and the cryptographic algorithm that is prohibited. After the second establishing module 606 establishes the algorithm usage table, the algorithm usage table may be refreshed according to the update package. Specifically, the receiving module 604 receives the update packet sent by the server, and after the verification packet is verified, the identifier subunit 60521 identifies the target cryptographic algorithm as a cipher algorithm forbidden in the algorithm usage table. With In general, the flag position "1" can be used to indicate a cryptographic algorithm that can be used, and "0" is used to indicate a cipher algorithm that is prohibited from being used.
需要说明的是,该密码算法使用表中指示的密码算法可以是芯片的软件部分中的密码算法,也可以是设备的硬件模块中的密码算法。It should be noted that the cryptographic algorithm indicated in the cryptographic algorithm using the table may be a cryptographic algorithm in the software part of the chip or a cryptographic algorithm in the hardware module of the device.
还需要说明的是,对于硬件模块的密码算法使用表,如果该硬件模块中实现某些密码算法的单元被证明存在安全问题,标识子单元60521同样可以将这些单元对应密码算法标识为禁止使用的密码算法。对于软件部分的密码算法使用表,如果更新包中包含软件部分新增的密码算法,标识子单元60521可以根据该更新包在该算法使用表上新增该密码算法,并标识为可以使用的密码算法。It should also be noted that, for the cryptographic algorithm usage table of the hardware module, if the unit implementing the cryptographic algorithm in the hardware module proves to have a security problem, the identifier sub-unit 60521 can also identify the cryptographic algorithms of the units as prohibited. Password algorithm. For the cryptographic algorithm usage table of the software part, if the update package includes a new cryptographic algorithm in the software part, the identifier sub-unit 60521 may add the cryptographic algorithm to the algorithm usage table according to the update package, and identify the password as available. algorithm.
上面介绍了本发明实施例中的待更新设备,下面介绍本发明实施例中的服务器,请参阅图7,本发明实施例中服务器的一个实施例包括:The device to be updated in the embodiment of the present invention is described above. The following describes the server in the embodiment of the present invention. Referring to FIG. 7, an embodiment of the server in the embodiment of the present invention includes:
第一发送模块701,用于发出更新信号,该更新信号用于指示待更新设备将不安全的目标密码算法禁用;The first sending module 701 is configured to send an update signal, where the update signal is used to indicate that the device to be updated disables the unsafe target cryptographic algorithm;
接收模块702,用于接收该待更新设备发送的安全链接请求;The receiving module 702 is configured to receive a secure link request sent by the device to be updated.
指定模块703,用于指定该安全链接请求对应的第一密码算法,并将该第一密码算法告知该待更新设备,该第一密码算法不包括该目标密码算法;The specifying module 703 is configured to specify a first cryptographic algorithm corresponding to the secure link request, and notify the device to be updated by the first cryptographic algorithm, where the first cryptographic algorithm does not include the target cryptographic algorithm;
建立模块704,用于使用指定模块703指定的第一密码算法与该待更新设备建立安全链接;The establishing module 704 is configured to establish a secure link with the to-be-updated device by using a first cryptographic algorithm specified by the specifying module 703;
第二发送模块705,用于通过建立模块704建立的安全链接向待更新设备发送更新包。The second sending module 705 is configured to send an update package to the device to be updated by using the secure link established by the establishing module 704.
本发明实施例中,服务器决定将待更新设备中的目标密码算法禁用时,第一发送模块701发出更新信号,当接收模块702接收到待更新设备的安全链接请求后,指定模块703指定第一密码算法,建立模块704使用该密码算法与待更新设备建立安全链接,第二发送模块705通过该安全链接发送更新包,使得待更新设备根据该更新包进行更新,该第一密码算法不包含更新包要求禁用的目标密码算法。也就是说,本方案中服务器可以指定安全链接使用的密码算法,禁止使用低版本不安全的算法,从而避免恶意攻击,从而提高系统的安全性。In the embodiment of the present invention, when the server determines that the target cryptographic algorithm in the device to be updated is disabled, the first sending module 701 sends an update signal, and after the receiving module 702 receives the secure link request of the device to be updated, the specifying module 703 specifies the first The cryptographic algorithm, the establishing module 704 uses the cryptographic algorithm to establish a secure link with the device to be updated, and the second sending module 705 sends the update packet through the secure link, so that the device to be updated updates according to the update package, and the first cryptographic algorithm does not include an update. The target password algorithm that the package requires to be disabled. That is to say, in this solution, the server can specify a cryptographic algorithm used by the secure link, prohibiting the use of a lower version of the insecure algorithm, thereby avoiding malicious attacks, thereby improving the security of the system.
为了便于理解,下面对本发明实施例中的服务器进行详细描述,请参阅图8,本发明实施例中服务器的另一实施例包括: For the sake of understanding, the server in the embodiment of the present invention is described in detail below. Referring to FIG. 8, another embodiment of the server in the embodiment of the present invention includes:
第一发送模块801,用于发出更新信号,该更新信号用于指示待更新设备将不安全的目标密码算法禁用;The first sending module 801 is configured to send an update signal, where the update signal is used to indicate that the device to be updated disables the unsafe target cryptographic algorithm;
接收模块802,用于接收该待更新设备发送的安全链接请求;The receiving module 802 is configured to receive a secure link request sent by the device to be updated;
指定模块803,用于指定该安全链接请求对应的第一密码算法,并将该第一密码算法告知该待更新设备,该第一密码算法不包括该目标密码算法;The specifying module 803 is configured to specify a first cryptographic algorithm corresponding to the secure link request, and notify the device to be updated by the first cryptographic algorithm, where the first cryptographic algorithm does not include the target cryptographic algorithm;
建立模块804,用于使用指定模块803指定的第一密码算法与该待更新设备建立安全链接;The establishing module 804 is configured to establish a secure link with the device to be updated by using a first cryptographic algorithm specified by the specifying module 803;
第二发送模块805,用于通过建立模块804建立的安全链接向待更新设备发送更新包;a second sending module 805, configured to send, by using a secure link established by the establishing module 804, an update package to the device to be updated;
其中,指定模块803包括:The specifying module 803 includes:
确定单元8031,用于根据该安全链接请求确定该待更新设备中的密码算法集合,该密码算法集合至少包含两种密码算法;a determining unit 8031, configured to determine, according to the secure link request, a set of cryptographic algorithms in the device to be updated, where the cryptographic algorithm set includes at least two cryptographic algorithms;
判断单元8032,用于判断确定单元8031确定的密码算法集合中是否包含目标密码算法;The determining unit 8032 is configured to determine whether the target cryptographic algorithm is included in the cryptographic algorithm set determined by the determining unit 8031;
选择单元8033,用于当判断单元8032确定密码算法集合中包含目标密码算法使,确定密码算法集合中除了目标密码算法外的其他密码算法,并从其他密码算法中选择第一密码算法。The selecting unit 8033 is configured to: when the determining unit 8032 determines that the target cryptographic algorithm is included in the cryptographic algorithm set, determine other cryptographic algorithms other than the target cryptographic algorithm in the cryptographic algorithm set, and select the first cryptographic algorithm from other cryptographic algorithms.
本发明实施例中,服务器决定将待更新设备中的目标密码算法禁用时,第一发送模块801发出更新信号,当接收模块802接收到待更新设备的安全链接请求后,指定模块803指定第一密码算法,建立模块804使用该密码算法与待更新设备建立安全链接,第二发送模块805通过该安全链接发送更新包,使得待更新设备根据该更新包进行更新,该第一密码算法不包含更新包要求禁用的目标密码算法。也就是说,本方案中服务器可以指定安全链接使用的密码算法,禁止使用低版本不安全的算法,从而避免恶意攻击,从而提高系统的安全性。In the embodiment of the present invention, when the server determines that the target cryptographic algorithm in the device to be updated is disabled, the first sending module 801 sends an update signal, and after the receiving module 802 receives the secure link request of the device to be updated, the specifying module 803 specifies the first The cryptographic algorithm, the establishing module 804 uses the cryptographic algorithm to establish a secure link with the device to be updated, and the second sending module 805 sends the update packet through the secure link, so that the device to be updated updates according to the update package, and the first cryptographic algorithm does not include an update. The target password algorithm that the package requires to be disabled. That is to say, in this solution, the server can specify a cryptographic algorithm used by the secure link, prohibiting the use of a lower version of the insecure algorithm, thereby avoiding malicious attacks, thereby improving the security of the system.
上面从功能模块化的角度对本发明实施例中的待更新设备及服务器进行了描述,下面以实体硬件处理的角度对本发明实施例中的待更新设备进行描述,本发明实施例中待更新设备可以为包括手机、平板电脑、PDA(Personal Digital Assistant,个人数字助理)、基站、车载电脑等基于ARM架构的设备,下面以终端为手机为例,请参阅图9,本发明实施例中待更新设备中的另一实施例包 括:The device to be updated and the server to be updated in the embodiment of the present invention are described in the above, and the device to be updated in the embodiment of the present invention is described in the following. For the ARM-based device, such as a mobile phone, a tablet computer, a PDA (Personal Digital Assistant), a base station, a vehicle-mounted computer, and the like, the following is a mobile phone as an example. Referring to FIG. 9, the device to be updated in the embodiment of the present invention is used. Another embodiment package include:
射频(Radio Frequency,RF)电路910、存储器920、输入单元930、显示单元940、传感器950、音频电路960、无线保真(wireless fidelity,WiFi)模块970、处理器980、以及电源990等部件。本领域技术人员可以理解,图9中示出的手机结构并不构成对手机的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。A radio frequency (RF) circuit 910, a memory 920, an input unit 930, a display unit 940, a sensor 950, an audio circuit 960, a wireless fidelity (WiFi) module 970, a processor 980, and a power supply 990. It will be understood by those skilled in the art that the structure of the handset shown in FIG. 9 does not constitute a limitation to the handset, and may include more or less components than those illustrated, or some components may be combined, or different components may be arranged.
下面结合图9对手机的各个构成部件进行具体的介绍:The following describes the components of the mobile phone in detail with reference to FIG. 9:
RF电路910可用于收发信息或通话过程中,信号的接收和发送,特别地,将基站的下行信息接收后,给处理器980处理;另外,将设计上行的数据发送给基站。通常,RF电路910包括但不限于天线、至少一个放大器、收发信机、耦合器、低噪声放大器(Low Noise Amplifier,LNA)、双工器等。此外,RF电路910还可以通过无线通信与网络和其他设备通信。上述无线通信可以使用任一通信标准或协议,包括但不限于全球移动通讯系统(Global System of Mobile communication,GSM)、通用分组无线服务(General Packet Radio Service,GPRS)、码分多址(Code Division Multiple Access,CDMA)、宽带码分多址(Wideband Code Division Multiple Access,WCDMA)、长期演进(Long Term Evolution,LTE)、电子邮件、短消息服务(Short Messaging Service,SMS)等。The RF circuit 910 can be used for receiving and transmitting signals during and after receiving or transmitting information, in particular, after receiving the downlink information of the base station, and processing it to the processor 980; in addition, transmitting the designed uplink data to the base station. Generally, RF circuit 910 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a Low Noise Amplifier (LNA), a duplexer, and the like. In addition, RF circuitry 910 can also communicate with the network and other devices via wireless communication. The above wireless communication may use any communication standard or protocol, including but not limited to Global System of Mobile communication (GSM), General Packet Radio Service (GPRS), Code Division Multiple Access (Code Division). Multiple Access (CDMA), Wideband Code Division Multiple Access (WCDMA), Long Term Evolution (LTE), E-mail, Short Messaging Service (SMS), and the like.
存储器920可用于存储软件程序以及模块,处理器980通过运行存储在存储器920的软件程序以及模块,从而执行手机的各种功能应用以及数据处理。存储器920可主要包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需的应用程序(比如声音播放功能、图像播放功能等)等;存储数据区可存储根据手机的使用所创建的数据(比如音频数据、电话本等)等。此外,存储器920可以包括高速随机存取存储器,还可以包括非易失性存储器,例如至少一个磁盘存储器件、闪存器件、或其他易失性固态存储器件。The memory 920 can be used to store software programs and modules, and the processor 980 executes various functional applications and data processing of the mobile phone by running software programs and modules stored in the memory 920. The memory 920 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may be stored according to Data created by the use of the mobile phone (such as audio data, phone book, etc.). Moreover, memory 920 can include high speed random access memory, and can also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
输入单元930可用于接收输入的数字或字符信息,以及产生与手机的用户设置以及功能控制有关的键信号输入。具体地,输入单元930可包括触控面板931以及其他输入设备932。触控面板931,也称为触摸屏,可收集用户在其 上或附近的触摸操作(比如用户使用手指、触笔等任何适合的物体或附件在触控面板931上或在触控面板931附近的操作),并根据预先设定的程式驱动相应的连接装置。可选的,触控面板931可包括触摸检测装置和触摸控制器两个部分。其中,触摸检测装置检测用户的触摸方位,并检测触摸操作带来的信号,将信号传送给触摸控制器;触摸控制器从触摸检测装置上接收触摸信息,并将它转换成触点坐标,再送给处理器980,并能接收处理器980发来的命令并加以执行。此外,可以采用电阻式、电容式、红外线以及表面声波等多种类型实现触控面板931。除了触控面板931,输入单元930还可以包括其他输入设备932。具体地,其他输入设备932可以包括但不限于物理键盘、功能键(比如音量控制按键、开关按键等)、轨迹球、鼠标、操作杆等中的一种或多种。The input unit 930 can be configured to receive input numeric or character information and to generate key signal inputs related to user settings and function controls of the handset. Specifically, the input unit 930 may include a touch panel 931 and other input devices 932. Touch panel 931, also known as a touch screen, can collect users in it Touch operation on or near (such as the user using a finger, a stylus, or the like, on any touch object 931 or in the vicinity of the touch panel 931), and driving the corresponding connection device according to a preset program . Optionally, the touch panel 931 can include two parts: a touch detection device and a touch controller. Wherein, the touch detection device detects the touch orientation of the user, and detects a signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts the touch information into contact coordinates, and sends the touch information. The processor 980 is provided and can receive commands from the processor 980 and execute them. In addition, the touch panel 931 can be implemented in various types such as resistive, capacitive, infrared, and surface acoustic waves. In addition to the touch panel 931, the input unit 930 may also include other input devices 932. Specifically, other input devices 932 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control buttons, switch buttons, etc.), trackballs, mice, joysticks, and the like.
显示单元940可用于显示由用户输入的信息或提供给用户的信息以及手机的各种菜单。显示单元940可包括显示面板941,可选的,可以采用液晶显示器(Liquid Crystal Display,LCD)、有机发光二极管(Organic Light-Emitting Diode,OLED)等形式来配置显示面板941。进一步的,触控面板931可覆盖显示面板941,当触控面板931检测到在其上或附近的触摸操作后,传送给处理器980以确定触摸事件的类型,随后处理器980根据触摸事件的类型在显示面板941上提供相应的视觉输出。虽然在图9中,触控面板931与显示面板941是作为两个独立的部件来实现手机的输入和输入功能,但是在某些实施例中,可以将触控面板931与显示面板941集成而实现手机的输入和输出功能。The display unit 940 can be used to display information input by the user or information provided to the user as well as various menus of the mobile phone. The display unit 940 can include a display panel 941. Alternatively, the display panel 941 can be configured in the form of a liquid crystal display (LCD), an organic light-emitting diode (OLED), or the like. Further, the touch panel 931 can cover the display panel 941. When the touch panel 931 detects a touch operation on or near the touch panel 931, the touch panel 931 transmits to the processor 980 to determine the type of the touch event, and then the processor 980 according to the touch event. The type provides a corresponding visual output on display panel 941. Although the touch panel 931 and the display panel 941 are used as two independent components to implement the input and input functions of the mobile phone in FIG. 9, in some embodiments, the touch panel 931 and the display panel 941 may be integrated. Realize the input and output functions of the phone.
手机还可包括至少一种传感器950,比如光传感器、运动传感器以及其他传感器。具体地,光传感器可包括环境光传感器及接近传感器,其中,环境光传感器可根据环境光线的明暗来调节显示面板941的亮度,接近传感器可在手机移动到耳边时,关闭显示面板941和/或背光。作为运动传感器的一种,加速计传感器可检测各个方向上(一般为三轴)加速度的大小,静止时可检测出重力的大小及方向,可用于识别手机姿态的应用(比如横竖屏切换、相关游戏、磁力计姿态校准)、振动识别相关功能(比如计步器、敲击)等;至于手机还可配置的陀螺仪、气压计、湿度计、温度计、红外线传感器等其他传感器,在此不再赘述。The handset may also include at least one type of sensor 950, such as a light sensor, motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display panel 941 according to the brightness of the ambient light, and the proximity sensor may close the display panel 941 and/or when the mobile phone moves to the ear. Or backlight. As a kind of motion sensor, the accelerometer sensor can detect the magnitude of acceleration in all directions (usually three axes). When it is stationary, it can detect the magnitude and direction of gravity. It can be used to identify the gesture of the mobile phone (such as horizontal and vertical screen switching, related Game, magnetometer attitude calibration), vibration recognition related functions (such as pedometer, tapping), etc.; as for the mobile phone can also be configured with gyroscopes, barometers, hygrometers, thermometers, infrared sensors and other sensors, no longer Narration.
音频电路960、扬声器961,传声器962可提供用户与手机之间的音频接 口。音频电路960可将接收到的音频数据转换后的电信号,传输到扬声器961,由扬声器961转换为声音信号输出;另一方面,传声器962将收集的声音信号转换为电信号,由音频电路960接收后转换为音频数据,再将音频数据输出处理器980处理后,经RF电路910以发送给比如另一手机,或者将音频数据输出至存储器920以便进一步处理。 Audio circuit 960, speaker 961, microphone 962 can provide audio connection between the user and the mobile phone mouth. The audio circuit 960 can transmit the converted electrical data of the received audio data to the speaker 961, and convert it into a sound signal output by the speaker 961. On the other hand, the microphone 962 converts the collected sound signal into an electrical signal, and the audio circuit 960 After receiving, it is converted into audio data, and then processed by the audio data output processor 980, sent to the other mobile phone via the RF circuit 910, or outputted to the memory 920 for further processing.
WiFi属于短距离无线传输技术,手机通过WiFi模块970可以帮助用户收发电子邮件、浏览网页和访问流式媒体等,它为用户提供了无线的宽带互联网访问。虽然图9示出了WiFi模块970,但是可以理解的是,其并不属于手机的必须构成,完全可以根据需要在不改变发明的本质的范围内而省略。WiFi is a short-range wireless transmission technology, and the mobile phone can help users to send and receive emails, browse web pages, and access streaming media through the WiFi module 970, which provides users with wireless broadband Internet access. Although FIG. 9 shows the WiFi module 970, it can be understood that it does not belong to the essential configuration of the mobile phone, and can be omitted as needed within the scope of not changing the essence of the invention.
处理器980是手机的控制中心,利用各种接口和线路连接整个手机的各个部分,通过运行或执行存储在存储器920内的软件程序和/或模块,以及调用存储在存储器920内的数据,执行手机的各种功能和处理数据,从而对手机进行整体监控。可选的,处理器980可包括一个或多个处理单元;优选的,处理器980可集成应用处理器和调制解调处理器,其中,应用处理器主要处理操作系统、用户界面和应用程序等,调制解调处理器主要处理无线通信。可以理解的是,上述调制解调处理器也可以不集成到处理器980中。The processor 980 is the control center of the handset, which connects various portions of the entire handset using various interfaces and lines, by executing or executing software programs and/or modules stored in the memory 920, and invoking data stored in the memory 920, executing The phone's various functions and processing data, so that the overall monitoring of the phone. Optionally, the processor 980 may include one or more processing units; preferably, the processor 980 may integrate an application processor and a modem processor, where the application processor mainly processes an operating system, a user interface, an application, and the like. The modem processor primarily handles wireless communications. It will be appreciated that the above described modem processor may also not be integrated into the processor 980.
手机还包括给各个部件供电的电源990(比如电池),优选的,电源可以通过电源管理系统与处理器980逻辑相连,从而通过电源管理系统实现管理充电、放电、以及功耗管理等功能。The handset also includes a power source 990 (such as a battery) that supplies power to the various components. Preferably, the power source can be logically coupled to the processor 980 through a power management system to manage functions such as charging, discharging, and power management through the power management system.
尽管未示出,手机还可以包括摄像头、蓝牙模块等,在此不再赘述。Although not shown, the mobile phone may further include a camera, a Bluetooth module, and the like, and details are not described herein again.
在本发明实施例中,该终端所包括的处理器980还具有以下功能:In the embodiment of the present invention, the processor 980 included in the terminal further has the following functions:
检测服务器发出的更新信号,该更新信号用于指示系统存在更新包,该更新包用于指示该手机将目标密码算法禁用;Detecting an update signal sent by the server, the update signal is used to indicate that the system has an update package, and the update package is used to indicate that the mobile phone disables the target password algorithm;
向服务器发送安全链接请求;Send a secure link request to the server;
使用该服务器指定的第一密码算法与该服务器建立安全链接,该第一密码算法不包括该目标密码算法;Establishing a secure link with the server using a first cryptographic algorithm specified by the server, the first cryptographic algorithm not including the target cryptographic algorithm;
通过该安全链接接收该服务器发送的更新包;Receiving, by the secure link, an update package sent by the server;
根据该更新包进行更新。Update according to the update package.
可选地,在本发明实施例中待更新设备的另一实施例中,该更新包携带第 二密码算法,该第二密码算法用于指示该手机验证该更新包使用的密码算法,该第二密码算法不包括该目标密码算法;Optionally, in another embodiment of the device to be updated in the embodiment of the present invention, the update package carries the a second cryptographic algorithm, the second cryptographic algorithm is used to instruct the mobile phone to verify a cryptographic algorithm used by the update packet, and the second cryptographic algorithm does not include the target cryptographic algorithm;
处理器具体还执行以下流程:The processor also performs the following processes:
使用该第二密码算法对该更新包进行验证,若验证通过,则根据该更新包将该目标密码算法禁用。The update packet is verified using the second cryptographic algorithm, and if the verification passes, the target cryptographic algorithm is disabled according to the update package.
可选地,在本发明实施例中待更新设备的另一实施例中,处理器还执行以下流程:Optionally, in another embodiment of the device to be updated in the embodiment of the present invention, the processor further performs the following process:
建立算法使用表,该算法使用表用于指示该手机可以使用的密码算法及禁止使用的密码算法;Establishing an algorithm usage table, which uses a table to indicate a cryptographic algorithm that can be used by the mobile phone and a cipher algorithm that is prohibited from being used;
在该算法使用表中将该目标密码算法标识为禁止使用的密码算法。The target cryptographic algorithm is identified in the algorithm usage table as a cryptographic algorithm that is prohibited from use.
可选地,在本发明实施例中待更新设备的另一实施例中,处理器具体还执行以下流程:Optionally, in another embodiment of the device to be updated in the embodiment of the present invention, the processor specifically performs the following process:
接收该服务器发送的第一密码算法对应的公钥;Receiving a public key corresponding to the first cryptographic algorithm sent by the server;
检验该公钥,若检验通过则生成对称密钥;Verify the public key and generate a symmetric key if the test passes;
使用该公钥加密该对称密钥;Encrypting the symmetric key using the public key;
向该服务器发送加密后的对称密钥,该对称密钥用于该服务器加密向该待手机发送的数据,及该手机解密该服务器发送的数据。Sending an encrypted symmetric key to the server, the symmetric key is used by the server to encrypt data sent to the mobile phone, and the mobile phone decrypts data sent by the server.
下面以实体硬件处理的角度对本发明实施例中的服务器进行描述,请参阅图10,图10是本发明实施例提供的一种服务器结构示意图,该服务器1000可因配置或性能不同而产生比较大的差异,可以包括一个或一个以上中央处理器(central processing units,CPU)1022(例如,一个或一个以上处理器)和存储器1032,一个或一个以上存储应用程序1042或数据1044的存储介质1030(例如一个或一个以上海量存储设备)。其中,存储器1032和存储介质1030可以是短暂存储或持久存储。存储在存储介质1030的程序可以包括一个或一个以上模块(图示没标出),每个模块可以包括对服务器中的一系列指令操作。更进一步地,中央处理器1022可以设置为与存储介质1030通信,在服务器1000上执行存储介质1030中的一系列指令操作。The server in the embodiment of the present invention is described below with reference to the physical hardware processing. Referring to FIG. 10, FIG. 10 is a schematic structural diagram of a server according to an embodiment of the present invention. The server 1000 may be relatively large due to different configurations or performances. The difference may include one or more central processing units (CPU) 1022 (eg, one or more processors) and memory 1032, one or more storage media 1030 that store application 1042 or data 1044 ( For example, one or one storage device in Shanghai). Among them, the memory 1032 and the storage medium 1030 may be short-term storage or persistent storage. The program stored on storage medium 1030 may include one or more modules (not shown), each of which may include a series of instruction operations in the server. Still further, the central processor 1022 can be configured to communicate with the storage medium 1030 on which a series of instruction operations in the storage medium 1030 are performed.
服务器1000还可以包括一个或一个以上电源1026,一个或一个以上有线或无线网络接口1050,一个或一个以上输入输出接口1058,和/或,一个或一 个以上操作系统1041,例如Windows ServerTM,Mac OS XTM,UnixTM,LinuxTM,FreeBSDTM等等。 Server 1000 may also include one or more power sources 1026, one or more wired or wireless network interfaces 1050, one or more input and output interfaces 1058, and/or one or one More than one operating system 1041, such as Windows ServerTM, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, and the like.
本发明实施例中,中央处理器1022具体执行以下步骤:In the embodiment of the present invention, the central processing unit 1022 specifically performs the following steps:
发出更新信号,该更新信号用于指示待更新设备将不安全的目标密码算法禁用;Sending an update signal, the update signal is used to indicate that the device to be updated disables the unsafe target cryptographic algorithm;
接收该待更新设备发送的安全链接请求;Receiving a secure link request sent by the device to be updated;
指定该安全链接请求对应的第一密码算法,并将该第一密码算法告知该待更新设备,该第一密码算法不包括该目标密码算法;Specifying a first cryptographic algorithm corresponding to the secure link request, and notifying the first cryptographic algorithm to the device to be updated, where the first cryptographic algorithm does not include the target cryptographic algorithm;
使用该第一密码算法与该待更新设备建立安全链接;Establishing a secure link with the device to be updated by using the first cryptographic algorithm;
通过该安全链接向待更新设备发送该更新包。The update package is sent to the device to be updated through the secure link.
可选地,在本发明实施例中处理器的另一实施例中,中央处理器1001具体还执行以下流程:Optionally, in another embodiment of the processor in the embodiment of the present invention, the central processing unit 1001 specifically performs the following processes:
根据该安全链接请求确定该待更新设备中的密码算法集合,该密码算法集合至少包含两种密码算法;Determining, according to the secure link request, a set of cryptographic algorithms in the device to be updated, the set of cryptographic algorithms comprising at least two cryptographic algorithms;
判断该密码算法集合中是否包含该目标密码算法;Determining whether the target cryptographic algorithm is included in the cryptographic algorithm set;
若是,则确定该密码算法集合中除了该目标密码算法外的其他密码算法,并从其他密码算法中选择第一密码算法。If so, other cryptographic algorithms other than the target cryptographic algorithm in the cryptographic algorithm set are determined, and the first cryptographic algorithm is selected from other cryptographic algorithms.
在本申请所提供的几个实施例中,应该理解到,所揭露的系统,装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided by the present application, it should be understood that the disclosed system, apparatus, and method may be implemented in other manners. For example, the device embodiments described above are merely illustrative. For example, the division of the unit is only a logical function division. In actual implementation, there may be another division manner, for example, multiple units or components may be combined or Can be integrated into another system, or some features can be ignored or not executed. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be in an electrical, mechanical or other form.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中, 也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in various embodiments of the present invention may be integrated in one processing unit. It is also possible that each unit physically exists alone, or two or more units may be integrated in one unit. The above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。The integrated unit, if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention, which is essential or contributes to the prior art, or all or part of the technical solution, may be embodied in the form of a software product stored in a storage medium. A number of instructions are included to cause a computer device (which may be a personal computer, server, or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present invention. The foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. .
以上对本发明所提供的一种……进行了详细介绍,本文中应用了具体个例对本发明的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本发明的方法及其核心思想;同时,对于本领域的技术人员,依据本发明实施例的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本发明的限制。 The foregoing provides a detailed description of the present invention. The principles and embodiments of the present invention are described herein by using specific examples. The description of the above embodiments is only for helping to understand the method and the core of the present invention. At the same time, those skilled in the art, according to the idea of the embodiments of the present invention, there are changes in the specific embodiments and application scopes. In summary, the content of the present specification should not be construed as limiting the present invention. .

Claims (22)

  1. 一种算法更新方法,其特征在于,包括:An algorithm updating method, comprising:
    待更新设备检测服务器发出的更新信号,所述更新信号用于指示系统存在更新包,所述更新包用于指示所述待更新设备将目标密码算法禁用;An update signal sent by the device detection server to be updated, the update signal is used to indicate that the system has an update package, and the update package is used to indicate that the device to be updated disables the target cryptographic algorithm;
    所述待更新设备向所述服务器发送安全链接请求;The device to be updated sends a secure link request to the server;
    所述待更新设备使用所述服务器指定的第一密码算法与所述服务器建立安全链接,所述第一密码算法不包括所述目标密码算法;The device to be updated establishes a secure link with the server by using a first cryptographic algorithm specified by the server, and the first cryptographic algorithm does not include the target cryptographic algorithm;
    所述待更新设备通过所述安全链接接收所述服务器发送的所述更新包;Receiving, by the secure link, the update package sent by the server by the device to be updated;
    所述待更新设备根据所述更新包进行更新。The device to be updated is updated according to the update package.
  2. 根据权利要求1所述的方法,其特征在于,所述更新包携带第二密码算法,所述第二密码算法用于指示所述待更新设备验证所述更新包使用的密码算法,所述第二密码算法不包括所述目标密码算法;The method according to claim 1, wherein the update packet carries a second cryptographic algorithm, and the second cryptographic algorithm is used to instruct the device to be updated to verify a cryptographic algorithm used by the update package, The second cryptographic algorithm does not include the target cryptographic algorithm;
    所述待更新设备根据所述更新包进行更新包括:The updating of the device to be updated according to the update package includes:
    所述待更新设备使用所述第二密码算法对所述更新包进行验证;The device to be updated uses the second cryptographic algorithm to verify the update package;
    若验证通过,则所述待更新设备根据所述更新包将所述目标密码算法禁用。If the verification is passed, the device to be updated disables the target cryptographic algorithm according to the update package.
  3. 根据权利要求2所述的方法,其特征在于,所述待更新设备检测服务器发出的更新信号之前包括:The method according to claim 2, wherein the device to be updated detects the update signal sent by the server before:
    所述待更新设备建立算法使用表,所述算法使用表用于指示所述待更新设备可以使用的密码算法及禁止使用的密码算法;The device to be updated establishes an algorithm usage table, where the algorithm usage table is used to indicate a cryptographic algorithm that can be used by the device to be updated and a cipher algorithm that is prohibited from being used;
    所述待更新设备根据所述更新包将所述目标密码算法禁用包括:The device to be updated, according to the update package, disabling the target password algorithm includes:
    所述待更新设备在所述算法使用表中将所述目标密码算法标识为所述禁止使用的密码算法。The device to be updated identifies the target cryptographic algorithm as the cipher algorithm forbidden in the algorithm usage table.
  4. 根据权利要求1至3中任一项所述的方法,其特征在于,所述待更新设备通过所述服务器指定的第一密码算法与所述服务器建立安全链接包括:The method according to any one of claims 1 to 3, wherein the device to be updated establishes a secure link with the server by using a first cryptographic algorithm specified by the server, including:
    所述待更新设备接收所述服务器发送的所述第一密码算法对应的公钥;Receiving, by the device to be updated, a public key corresponding to the first cryptographic algorithm sent by the server;
    所述待更新设备检验所述公钥,若检验通过则生成对称密钥;The device to be updated checks the public key, and if the test passes, generates a symmetric key;
    所述待更新设备使用所述公钥加密所述对称密钥;The device to be updated uses the public key to encrypt the symmetric key;
    所述待更新设备向所述服务器发送加密后的对称密钥,所述对称密钥用于所述服务器加密向所述待更新设备发送的数据,及所述待更新设备解密所述服 务器发送的数据。The device to be updated sends an encrypted symmetric key to the server, the symmetric key is used by the server to encrypt data sent to the device to be updated, and the device to be updated decrypts the service The data sent by the server.
  5. 根据权利要求1至3中任一项所述的方法,其特征在于,所述待更新设备包括移动终端或基站。The method according to any one of claims 1 to 3, wherein the device to be updated comprises a mobile terminal or a base station.
  6. 一种算法更新方法,其特征在于,包括:An algorithm updating method, comprising:
    服务器发出更新信号,所述更新信号用于指示待更新设备将目标密码算法禁用;The server sends an update signal, where the update signal is used to indicate that the device to be updated disables the target cryptographic algorithm;
    所述服务器接收所述待更新设备发送的安全链接请求;Receiving, by the server, a secure link request sent by the device to be updated;
    所述服务器指定所述安全链接请求对应的第一密码算法,并将所述第一密码算法告知所述待更新设备,所述第一密码算法不包括所述目标密码算法;Determining, by the server, a first cryptographic algorithm corresponding to the secure link request, and notifying the first cryptographic algorithm to the device to be updated, where the first cryptographic algorithm does not include the target cryptographic algorithm;
    所述服务器使用所述第一密码算法与所述待更新设备建立安全链接;The server establishes a secure link with the device to be updated by using the first cryptographic algorithm;
    所述服务器通过所述安全链接向待更新设备发送所述更新包。The server sends the update package to the device to be updated through the secure link.
  7. 根据权利要求6所述的方法,其特征在于,所述更新包携带第二密码算法,所述第二密码算法用于指示所述待更新设备验证所述更新包使用的密码算法,所述第二密码算法不包括所述目标密码算法。The method according to claim 6, wherein the update packet carries a second cryptographic algorithm, and the second cryptographic algorithm is used to instruct the device to be updated to verify a cryptographic algorithm used by the update package, The second cryptographic algorithm does not include the target cryptographic algorithm.
  8. 根据权利要求6或7所述的方法,其特征在于,所述服务器指定所述安全链接请求对应的第一密码算法包括:The method according to claim 6 or 7, wherein the first password algorithm corresponding to the server specifying the secure link request comprises:
    所述服务器根据所述安全链接请求确定所述待更新设备中的密码算法集合,所述密码算法集合至少包含两种密码算法;Determining, by the server, a set of cryptographic algorithms in the device to be updated according to the secure link request, where the cryptographic algorithm set includes at least two cipher algorithms;
    所述服务器判断所述密码算法集合中是否包含所述目标密码算法;Determining, by the server, whether the target cryptographic algorithm is included in the cryptographic algorithm set;
    若是,则所述服务器确定所述密码算法集合中除了所述目标密码算法外的其他密码算法,并从所述其他密码算法中选择第一密码算法。If so, the server determines other cryptographic algorithms in the set of cryptographic algorithms other than the target cryptographic algorithm, and selects the first cryptographic algorithm from the other cryptographic algorithms.
  9. 一种待更新设备,其特征在于,包括:A device to be updated, characterized in that it comprises:
    检测模块,用于检测服务器发出的更新信号,所述更新信号用于指示系统存在更新包,所述更新包用于指示所述待更新设备将目标密码算法禁用;a detection module, configured to detect an update signal sent by the server, where the update signal is used to indicate that the system has an update package, where the update package is used to indicate that the device to be updated disables the target cryptographic algorithm;
    发送模块,用于向所述服务器发送安全链接请求;a sending module, configured to send a secure link request to the server;
    第一建立模块,用于使用所述服务器指定的第一密码算法与所述服务器建立安全链接,所述第一密码算法不包括所述目标密码算法;a first establishing module, configured to establish a secure link with the server by using a first cryptographic algorithm specified by the server, where the first cryptographic algorithm does not include the target cryptographic algorithm;
    接收模块,用于通过所述第一建立模块建立的所述安全链接接收所述服务器发送的所述更新包; a receiving module, configured to receive, by using the secure link established by the first establishing module, the update package sent by the server;
    更新模块,用于根据所述接收模块接收的所述更新包进行更新。And an update module, configured to update according to the update package received by the receiving module.
  10. 根据权利要求9所述的待更新设备,其特征在于,所述更新包携带第二密码算法,所述第二密码算法用于指示所述待更新设备验证所述更新包使用的密码算法,所述第二密码算法不包括所述目标密码算法;The device to be updated according to claim 9, wherein the update packet carries a second cryptographic algorithm, and the second cryptographic algorithm is used to instruct the device to be updated to verify a cryptographic algorithm used by the update package. The second cryptographic algorithm does not include the target cryptographic algorithm;
    所述更新模块包括:The update module includes:
    验证单元,用于使用所述第二密码算法对所述更新包进行验证;a verification unit, configured to verify the update package by using the second cryptographic algorithm;
    禁用单元,用于当所述验证单元确定所述更新包验证通过时,根据所述更新包将所述目标密码算法禁用。And a disabling unit, configured to disable the target cryptographic algorithm according to the update package when the verification unit determines that the update package is verified to pass.
  11. 根据权利要求10所述的待更新设备,其特征在于,所述待更新设备还包括:The device to be updated according to claim 10, wherein the device to be updated further comprises:
    第二建立模块,用于建立算法使用表,所述算法使用表用于指示所述待更新设备可以使用的密码算法及禁止使用的密码算法;a second establishing module, configured to establish an algorithm usage table, where the algorithm uses a table to indicate a cryptographic algorithm that can be used by the device to be updated and a cipher algorithm that is prohibited from being used;
    所述禁用单元包括:The disabling unit includes:
    标识子单元,用于在所述算法使用表中将所述目标密码算法标识为所述禁止使用的密码算法。An identifier subunit, configured to identify the target cryptographic algorithm as the banned cryptographic algorithm in the algorithm usage table.
  12. 根据权利要求9至11中任一项所述的待更新设备,其特征在于,所述第一建立模块包括:The device to be updated according to any one of claims 9 to 11, wherein the first establishing module comprises:
    接收单元,用于接收所述服务器发送的所述第一密码算法对应的公钥;a receiving unit, configured to receive a public key corresponding to the first cryptographic algorithm sent by the server;
    检验单元,用于检验所述接收单元接收的所述公钥;a verification unit, configured to check the public key received by the receiving unit;
    生成单元,用于当所述检验单元确定所述公钥通过检验时,生成对称密钥;a generating unit, configured to generate a symmetric key when the checking unit determines that the public key passes the verification;
    加密单元,用于使用所述公钥加密所述对称密钥;An encryption unit, configured to encrypt the symmetric key by using the public key;
    发送单元,用于向所述服务器发送加密后的对称密钥,所述对称密钥用于所述服务器加密向所述待更新设备发送的数据,及所述待更新设备解密所述服务器发送的数据。a sending unit, configured to send, to the server, an encrypted symmetric key, where the symmetric key is used by the server to encrypt data sent to the to-be-updated device, and the to-be-updated device decrypts the sent by the server data.
  13. 根据权利要求9至11中任一项所述的待更新设备,其特征在于,所述待更新设备包括移动终端或基站。The device to be updated according to any one of claims 9 to 11, characterized in that the device to be updated comprises a mobile terminal or a base station.
  14. 一种服务器,其特征在于,包括:A server, comprising:
    第一发送模块,用于发出更新信号,所述更新信号用于指示待更新设备将目标密码算法禁用; a first sending module, configured to send an update signal, where the update signal is used to indicate that the device to be updated disables the target cryptographic algorithm;
    接收模块,用于接收所述待更新设备发送的安全链接请求;a receiving module, configured to receive a secure link request sent by the device to be updated;
    指定模块,用于指定所述安全链接请求对应的第一密码算法,并将所述第一密码算法告知所述待更新设备,所述第一密码算法不包括所述目标密码算法;a specifying module, configured to specify a first cryptographic algorithm corresponding to the secure link request, and notify the first cryptographic algorithm of the device to be updated, where the first cryptographic algorithm does not include the target cryptographic algorithm;
    建立模块,用于使用所述指定模块指定的所述第一密码算法与所述待更新设备建立安全链接;Establishing a module, configured to establish a secure link with the device to be updated by using the first cryptographic algorithm specified by the specified module;
    第二发送模块,用于通过所述建立模块建立的所述安全链接向待更新设备发送所述更新包。And a second sending module, configured to send the update package to the device to be updated by using the secure link established by the establishing module.
  15. 根据权利要求14所述的服务器,其特征在于,所述指定模块包括:The server according to claim 14, wherein the specifying module comprises:
    确定单元,用于根据所述安全链接请求确定所述待更新设备中的密码算法集合,所述密码算法集合至少包含两种密码算法;a determining unit, configured to determine, according to the secure link request, a set of cryptographic algorithms in the device to be updated, where the cryptographic algorithm set includes at least two cryptographic algorithms;
    判断单元,用于判断所述确定单元确定的密码算法集合中是否包含所述目标密码算法;a determining unit, configured to determine whether the target cryptographic algorithm is included in the cryptographic algorithm set determined by the determining unit;
    选择单元,用于当所述判断单元确定所述密码算法集合中包含所述目标密码算法使,确定所述密码算法集合中除了所述目标密码算法外的其他密码算法,并从所述其他密码算法中选择第一密码算法。a selecting unit, configured to: when the determining unit determines that the target cryptographic algorithm is included in the cryptographic algorithm set, determine another cryptographic algorithm other than the target cryptographic algorithm in the cryptographic algorithm set, and from the other cryptographic algorithm The first cryptographic algorithm is selected in the algorithm.
  16. 一种待更新设备,其特征在于,包括:处理器及存储器;A device to be updated, comprising: a processor and a memory;
    所述处理器用于执行以下流程:The processor is configured to perform the following processes:
    检测服务器发出的更新信号,所述更新信号用于指示系统存在更新包,所述更新包用于指示所述待更新设备将目标密码算法禁用;Detecting an update signal sent by the server, the update signal is used to indicate that the system has an update package, and the update package is used to indicate that the device to be updated disables the target cryptographic algorithm;
    向服务器发送安全链接请求;Send a secure link request to the server;
    使用所述服务器指定的第一密码算法与所述服务器建立安全链接,所述第一密码算法不包括所述目标密码算法;Establishing a secure link with the server using a first cryptographic algorithm specified by the server, the first cryptographic algorithm not including the target cryptographic algorithm;
    通过所述安全链接接收所述服务器发送的所述更新包;Receiving, by the secure link, the update package sent by the server;
    根据所述更新包进行更新。Update according to the update package.
  17. 根据权利要求16所述的待更新设备,其特征在于,所述更新包携带第二密码算法,所述第二密码算法用于指示所述待更新设备验证所述更新包使用的密码算法,所述第二密码算法不包括所述目标密码算法;The device to be updated according to claim 16, wherein the update packet carries a second cryptographic algorithm, and the second cryptographic algorithm is used to instruct the device to be updated to verify a cryptographic algorithm used by the update package. The second cryptographic algorithm does not include the target cryptographic algorithm;
    所述处理器具体执行以下流程:The processor specifically performs the following processes:
    使用所述第二密码算法对所述更新包进行验证,若验证通过,则根据所述 更新包将所述目标密码算法禁用。Verifying the update package by using the second cryptographic algorithm, and if the verification is passed, according to the The update package disables the target cryptographic algorithm.
  18. 根据权利要求17所述的待更新设备,其特征在于,所述处理器还执行以下流程:The device to be updated according to claim 17, wherein the processor further performs the following process:
    建立算法使用表,所述算法使用表用于指示所述待更新设备可以使用的密码算法及禁止使用的密码算法;Establishing an algorithm usage table, the algorithm usage table is used to indicate a cryptographic algorithm that can be used by the device to be updated, and a cipher algorithm that is prohibited from being used;
    在所述算法使用表中将所述目标密码算法标识为所述禁止使用的密码算法。The target cryptographic algorithm is identified in the algorithm usage table as the banned cryptographic algorithm.
  19. 根据权利要求16至18所述的待更新设备,其特征在于,所述处理器具体执行以下流程:The device to be updated according to any one of claims 16 to 18, wherein the processor specifically executes the following process:
    接收所述服务器发送的所述第一密码算法对应的公钥;Receiving a public key corresponding to the first cryptographic algorithm sent by the server;
    检验所述公钥,若检验通过则生成对称密钥;Verifying the public key and generating a symmetric key if the test passes;
    使用所述公钥加密所述对称密钥;Encrypting the symmetric key using the public key;
    向所述服务器发送加密后的对称密钥,所述对称密钥用于所述服务器加密向所述待更新设备发送的数据,及所述待更新设备解密所述服务器发送的数据。Sending the encrypted symmetric key to the server, the symmetric key is used by the server to encrypt data sent to the device to be updated, and the device to be updated decrypts data sent by the server.
  20. 根据权利要求16至18所述的待更新设备,其特征在于,所述待更新设备包括移动终端或基站。The device to be updated according to claims 16 to 18, characterized in that the device to be updated comprises a mobile terminal or a base station.
  21. 一种服务器,其特征在于,包括:中央处理器及存储介质;A server, comprising: a central processing unit and a storage medium;
    所述中央处理器执行以下流程:The central processor performs the following processes:
    发出更新信号,所述更新信号用于指示待更新设备将目标密码算法禁用;Sending an update signal, the update signal is used to indicate that the device to be updated disables the target cryptographic algorithm;
    接收所述待更新设备发送的安全链接请求;Receiving a secure link request sent by the device to be updated;
    指定所述安全链接请求对应的第一密码算法,并将所述第一密码算法告知所述待更新设备,所述第一密码算法不包括所述目标密码算法;Specifying a first cryptographic algorithm corresponding to the secure link request, and notifying the first cryptographic algorithm to the device to be updated, where the first cryptographic algorithm does not include the target cryptographic algorithm;
    使用所述第一密码算法与所述待更新设备建立安全链接;Establishing a secure link with the device to be updated by using the first cryptographic algorithm;
    通过所述安全链接向待更新设备发送所述更新包。The update package is sent to the device to be updated through the secure link.
  22. 根据权利要求21所述的服务器,其特征在于,所述中央处理器具体执行以下流程:The server according to claim 21, wherein the central processor specifically performs the following process:
    根据所述安全链接请求确定所述待更新设备中的密码算法集合,所述密码算法集合至少包含两种密码算法;Determining, according to the secure link request, a set of cryptographic algorithms in the device to be updated, where the cryptographic algorithm set includes at least two cryptographic algorithms;
    判断所述密码算法集合中是否包含所述目标密码算法; Determining whether the target cryptographic algorithm is included in the cryptographic algorithm set;
    若是,则确定所述密码算法集合中除了所述目标密码算法外的其他密码算法,并从所述其他密码算法中选择第一密码算法。 If yes, determine other cryptographic algorithms in the cryptographic algorithm set other than the target cryptographic algorithm, and select the first cryptographic algorithm from the other cryptographic algorithms.
PCT/CN2015/082860 2015-06-30 2015-06-30 Algorithm update method, device to be updated, and server WO2017000237A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201580027214.0A CN107925565B (en) 2015-06-30 2015-06-30 Algorithm updating method, equipment to be updated and server
PCT/CN2015/082860 WO2017000237A1 (en) 2015-06-30 2015-06-30 Algorithm update method, device to be updated, and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2015/082860 WO2017000237A1 (en) 2015-06-30 2015-06-30 Algorithm update method, device to be updated, and server

Publications (1)

Publication Number Publication Date
WO2017000237A1 true WO2017000237A1 (en) 2017-01-05

Family

ID=57607477

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/082860 WO2017000237A1 (en) 2015-06-30 2015-06-30 Algorithm update method, device to be updated, and server

Country Status (2)

Country Link
CN (1) CN107925565B (en)
WO (1) WO2017000237A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113708921A (en) * 2020-05-22 2021-11-26 华为技术有限公司 Method and equipment for carrying out safe start based on redundant cryptographic algorithm

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109587665B (en) * 2018-11-20 2023-06-06 陕西师范大学 WiFi networking method and device without SSID broadcasting

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101110672A (en) * 2006-07-19 2008-01-23 华为技术有限公司 Method and system for establishing ESP security alliance in communication system
CN101374153A (en) * 2007-08-23 2009-02-25 中国移动通信集团公司 Method for activating a third party application safely, a third party server, terminal and system
CN102170355A (en) * 2011-04-27 2011-08-31 北京深思洛克软件技术股份有限公司 Management method of remote upgrade secret key in information safety equipment
US20150047007A1 (en) * 2005-09-20 2015-02-12 Ohva, Inc. Methods and Apparatus for Enabling Secure Network-Based Transactions

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2471455A (en) * 2009-06-29 2011-01-05 Nec Corp Secure network connection
CN101997679A (en) * 2009-08-21 2011-03-30 华为终端有限公司 Encrypted message negotiation method, equipment and network system
CN101695038A (en) * 2009-10-27 2010-04-14 联想网御科技(北京)有限公司 Method and device for detecting SSL enciphered data safety
EP2907330B1 (en) * 2012-10-09 2018-07-25 Nokia Technologies Oy Method and apparatus for disabling algorithms in a device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150047007A1 (en) * 2005-09-20 2015-02-12 Ohva, Inc. Methods and Apparatus for Enabling Secure Network-Based Transactions
CN101110672A (en) * 2006-07-19 2008-01-23 华为技术有限公司 Method and system for establishing ESP security alliance in communication system
CN101374153A (en) * 2007-08-23 2009-02-25 中国移动通信集团公司 Method for activating a third party application safely, a third party server, terminal and system
CN102170355A (en) * 2011-04-27 2011-08-31 北京深思洛克软件技术股份有限公司 Management method of remote upgrade secret key in information safety equipment

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113708921A (en) * 2020-05-22 2021-11-26 华为技术有限公司 Method and equipment for carrying out safe start based on redundant cryptographic algorithm
EP4142207A4 (en) * 2020-05-22 2023-10-18 Huawei Technologies Co., Ltd. Redundant cryptographic algorithm-based secure boot method and device
JP7479517B2 (en) 2020-05-22 2024-05-08 華為技術有限公司 Method and device for performing a secure boot based on a redundant encryption algorithm - Patents.com

Also Published As

Publication number Publication date
CN107925565B (en) 2020-08-07
CN107925565A (en) 2018-04-17

Similar Documents

Publication Publication Date Title
US20210336780A1 (en) Key updating method, apparatus, and system
WO2018176781A1 (en) Information sending method, information receiving method, apparatus, and system
CN109600223B (en) Verification method, activation method, device, equipment and storage medium
KR102024331B1 (en) Message protection methods, related devices and systems
CN110611905A (en) Information sharing method, terminal device, storage medium, and computer program product
WO2017041599A1 (en) Service processing method and electronic device
WO2015101273A1 (en) Security verification method, and related device and system
WO2017020630A1 (en) Method, apparatus and system for processing order information
US10454905B2 (en) Method and apparatus for encrypting and decrypting picture, and device
CN107483213B (en) Security authentication method, related device and system
US20160241544A1 (en) User identity verification method and system, password protection apparatus and storage medium
CN104954126B (en) Sensitive operation verification method, device and system
WO2015027712A1 (en) Network access method of mobile terminal, mobile terminal, and terminal device
CN111193695A (en) Encryption method and device for third party account login and storage medium
WO2018201991A1 (en) Data processing method, system, apparatus, storage medium, and device
CN109768977B (en) Streaming media data processing method and device, related equipment and medium
CN111355707B (en) Data processing method and related equipment
CN107154935B (en) Service request method and device
WO2020164526A1 (en) Control method for nodes in distributed system and related device
CN107302526B (en) System interface calling method, device and computer readable storage medium
CN106713319B (en) Remote control method, device and system between terminals and mobile terminal
WO2017000237A1 (en) Algorithm update method, device to be updated, and server
WO2020192794A1 (en) Method for unlocking vehicle and related device
CN114697007A (en) Method, corresponding device and system for managing secret key
CN108737341B (en) Service processing method, terminal and server

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15896768

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15896768

Country of ref document: EP

Kind code of ref document: A1