CN109039609A - The method and terminal of key importing terminal - Google Patents
The method and terminal of key importing terminal Download PDFInfo
- Publication number
- CN109039609A CN109039609A CN201810986860.5A CN201810986860A CN109039609A CN 109039609 A CN109039609 A CN 109039609A CN 201810986860 A CN201810986860 A CN 201810986860A CN 109039609 A CN109039609 A CN 109039609A
- Authority
- CN
- China
- Prior art keywords
- terminal
- key
- decryption
- private key
- write
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
Abstract
The present invention provides the method and terminal of a kind of key importing terminal, is related to terminal production field.The method that the key imports terminal includes: that first terminal receives the decryption key that second terminal is sent, the first terminal is decrypted encrypted private key according to the decryption key, wherein, the encrypted private key is pre-stored in the first terminal, if the first terminal successful decryption obtains the private key, then the first terminal sends the first notification message to the second terminal, first notification message is used to indicate successful decryption, the first terminal receives the write instruction that the second terminal is sent according to first notification message, the first terminal instructs according to said write private key secure storage section is written.It realizes and secure storage section is written into private key again after encrypted private key is decrypted in terminal, convenient for operation, high safety and reduce costs.
Description
Technical field
The present invention relates to terminal production technical fields, and the method and terminal of terminal are imported in particular to a kind of key.
Background technique
Mobile payment has become the instantly popular means of payment, the use of fingerprint payment is most people in mobile terminal payment
When the encryption means of payment that selects, therefore the device requirement amount of fingerprint payment is supported also to be constantly increasing.
Most of producer takes in the secure storage section of private key deposit mobile phone that will be used for fingerprint payment at present
Method includes being written using softdog by platform.
But if private key is written by platform using softdog, the cost of private key write-in is increased, and cumbersome.
Summary of the invention
It is an object of the present invention in view of the deficiency of the prior art, provide a kind of method that key imports terminal
And terminal, it is cumbersome, at high cost low with safety in key importing process to solve the problems, such as.
To achieve the above object, technical solution used in the embodiment of the present invention is as follows:
In a first aspect, the embodiment of the invention provides a kind of methods that key imports terminal, comprising:
First terminal receives the decryption key that second terminal is sent;
The first terminal is decrypted encrypted private key according to the decryption key, wherein the encrypted private
Key is pre-stored in the first terminal;
If the first terminal successful decryption obtains the private key, the first terminal sends the to the second terminal
One notification message, first notification message are used to indicate successful decryption;
The first terminal receives the write instruction that the second terminal is sent according to first notification message;
The first terminal instructs according to said write private key secure storage section is written.
Further, after the first terminal is decrypted encrypted private key according to the decryption key, further includes:
Fail if the first terminal decrypts encrypted private key, the first terminal is sent to the second terminal
Second notification message, the second notification message are used to indicate decryption failure.
Further, before the decryption key that the first terminal reception second terminal is sent, further includes:
The first terminal receives the encrypted private key that the second terminal is sent;
The encrypted private key is stored in data area by the first terminal.
Further, after according to said write instruction secure storage section is written in the private key by the first terminal,
Further include:
The first terminal sends write-in notice to the second terminal, and said write notice, which is used to indicate the private key, is
It is no to be written successfully.
Second aspect provides a kind of method that key imports terminal, comprising:
Second terminal sends decryption key to first terminal;
The second terminal receives the first terminal after the completion of decrypting according to the decryption key to encrypted private key
The first notification message sent, first notification message are used to indicate successful decryption;
The second terminal sends write instruction to the first terminal according to first notification message, and said write refers to
Order is used to indicate the first terminal and secure storage section is written in the private key.
Further, after the second terminal sends decryption key to first terminal, further includes:
The second terminal receives the first terminal after failing according to the decryption key to the decryption of encrypted private key
The second notification message of transmission, the second notification message are used to indicate decryption failure.
Further, before the second terminal sends decryption key to first terminal, further includes:
The second terminal generates a pair of secret keys, and the pair of key includes: public key and private key;
The second terminal encrypts the private key, obtains encrypted private key and the decryption key;
The second terminal by the public key be sent to security server, by the decryption key be sent to decryption server,
And the encrypted private key is sent to the first terminal.
Further, before the second terminal sends decryption key to first terminal, further includes:
The second terminal sends connection request to the decryption server;
The second terminal receives the decryption key that the decryption server is sent according to the connection request.
Further, the second terminal according to first notification message to the first terminal send write instruction it
Afterwards, further includes:
The second terminal receives the write-in notice that the first terminal is sent, and said write notice is used to indicate the private
Whether key is written success.
The third aspect, provides a kind of terminal, and the terminal is first terminal, comprising:
First receiving module, for receiving the decryption key of second terminal transmission;
Deciphering module, for encrypted private key to be decrypted according to the decryption key, wherein the encrypted private
Key is pre-stored in the first terminal;
Notification module, for sending the first notification message to the second terminal after successful decryption obtains the private key,
First notification message is used to indicate successful decryption;
Correspondingly, first receiving module is also used to receive the second terminal and is sent out according to first notification message
The write instruction sent;
Writing module, for secure storage section to be written in the private key according to said write instruction.
Further, the notification module is also used to when the encrypting module decrypts failure to encrypted private key, to
Second terminal sends second notification message, and the second notification message is used to indicate decryption failure.
Further, further includes: data memory module;
First receiving module is also used to receive the encrypted private key that the second terminal is sent;
The data memory module, for storing the encrypted private key to data area.
Further, the notification module is also used to after secure storage section is written in the private key by writing module,
Write-in notice is sent to the second terminal, said write notice is used to indicate whether the private key is written success.
Fourth aspect, provides a kind of terminal, and the terminal is second terminal, comprising:
Sending module, for sending decryption key to first terminal;
Second receiving module is decrypting encrypted private key according to the decryption key for receiving the first terminal
At the first notification message of rear transmission, first notification message is used to indicate successful decryption;
Correspondingly, the sending module is also used to send write-in to the first terminal according to first notification message
Instruction, said write instruction are used to indicate the first terminal and secure storage section are written in the private key.
Further, second receiving module, be also used to the sending module to first terminal send decryption key it
Afterwards, the second notice that the first terminal is sent after failing to the decryption of encrypted private key according to the decryption key is received to disappear
Breath, the second notification message are used to indicate decryption failure.
Further, further includes: key production module and encrypting module;
The key production module, it is a pair of for generating before the sending module sends decryption key to first terminal
Key, the pair of key include: public key and private key;
The encrypting module, for obtaining encrypted private key and the decryption key for the private key encryption;
The sending module is also used to the public key being sent to security server, the decryption key is sent to decryption
The encrypted private key is simultaneously sent to the first terminal by server.
Further, the sending module is also used to before sending decryption key to first terminal, is serviced to the decryption
Device sends connection request;
Second receiving module is also used to receive the solution that the decryption server is sent according to the connection request
Key.
Further, second receiving module, be also used to the sending module according to first notification message to
After the first terminal sends write instruction, the write-in notice that the first terminal is sent is received, said write notice is used for
Indicate whether the private key is written success.
The beneficial effects of the present invention are: encrypted first to private key in the embodiment of the present invention, and by encrypted private key
Terminal is pre-deposited, and then encrypted private key is decrypted in terminal after terminal acquisition decryption key and private key is written
Secure storage section, the mode of this write-in private key are reduced into convenient for operation, high safety, and without other equipment
This.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to needed in the embodiment attached
Figure is briefly described, it should be understood that the following drawings illustrates only certain embodiments of the present invention, therefore is not construed as pair
The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this
A little attached drawings obtain other relevant attached drawings.
Fig. 1 is the system schematic for the method application scenarios that the key that one embodiment of the application provides imports terminal;
Fig. 2 is the method flow schematic diagram that the key that one embodiment of the application provides imports terminal;
Fig. 3 is the method flow schematic diagram that the key that one embodiment of the application provides imports terminal;
Fig. 4 is that the application is the method flow schematic diagram that the key that one embodiment of the application provides imports terminal;
Fig. 5 is the terminal structure schematic diagram that one embodiment of the application provides;
Fig. 6 is the terminal structure schematic diagram that one embodiment of the application provides;
Fig. 7 is the terminal structure schematic diagram that the another embodiment of the application provides, and the present embodiment is that the structure of second terminal is shown
It is intended to;
Fig. 8 is the terminal structure schematic diagram that another embodiment of the application provides;
Fig. 9 is the terminal structure schematic diagram that another embodiment of the application provides.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.
Fig. 1 is the system schematic for the method application scenarios that the key that one embodiment of the application provides imports terminal.
As shown in Figure 1, the system may include: first terminal 102, second terminal 101 and decryption server 103.
Optionally, the first terminal 102 is the terminal for having fingerprint payment function, for example, smart phone, tablet computer,
Palm PC and the laptop with fingerprint payment function etc..
Optionally, the second terminal 101 is that the terminal of operation Windows system, linux system or Mac OS system is set
It is standby, such as PC, work station, laptop etc..
Optionally, the decryption server 103 is that can store decryption key and be returned to the server of second terminal, can
To be virtual server, such as Cloud Server and fictitious host computer etc., it is also possible to physical server, such as tower server, machine
Rack server and blade server etc..
The first terminal is connected with second terminal by wired mode, and communication protocol includes DIAG (Diag, diagnosis)
Instruction and AT (Attention, dialing) instruction, but it is not limited to both agreements.
The decryption server and the second terminal can carry out data exchange, and the data exchange can pass through local area network
Or internet is realized, optionally, the connection type decrypted between server and second terminal includes wireless mode and wired mode.
Wherein, when the decryption server is if virtual server, same equipment, example can be integrated in the second terminal
Fictitious host computer is set such as in second of terminal as decryption server, the application is not limited.
Fig. 2 is the method flow schematic diagram that the key that one embodiment of the application provides imports terminal.The present embodiment is with first
Terminal is executing subject.
As shown in Fig. 2, this method comprises:
S201, first terminal receive the decryption key that second terminal is sent.
In the present embodiment, operation has brush machine tool in second terminal, which instructs decryption key by DIAG
It is sent to first terminal.
S202, the first terminal are decrypted encrypted private key according to the decryption key, wherein after the encryption
Private key be pre-stored in the first terminal.
In the present embodiment, the encrypted private key can be pre-stored in first terminal data area, by using solution
Encrypted private key decryption, can obtain private key described in key pair.
The decrypting process can carry out in the Trustzone (trusted domain) of first terminal, and the private key is temporarily stored into institute
It states in Trustzone, the Trustzone is the safety method of system scope, for largely answering on high-performance calculation platform
With including secure payment, digital copyright management, enterprises service and based on the service of Web.The Trustzone can protect peace
The peripheral hardwares such as full memory, cryptographic block, keyboard and screen, to can ensure that them from software attacks.
If S203, the first terminal successful decryption obtain the private key, the first terminal is to the second terminal
The first notification message is sent, first notification message is used to indicate successful decryption.
In the present embodiment, first notification message may include the status information of successful decryption, the first terminal
The status information is sent to the brush machine tool run in second terminal by DIAG instruction.Such as " 1 " expression successful decryption,
" 0 " indicates decryption unsuccessfully etc., is not limited.
S204, the first terminal receive the write instruction that the second terminal is sent according to first notification message.
In the present embodiment, after the second terminal receives the first notification message that first terminal is sent, confirmation decryption
Success can issue write instruction by brush machine tool, and be sent to first terminal by DIAG instruction.
S205, the first terminal are instructed according to said write is written secure storage section for the private key.
In the present embodiment, the first terminal is instructed according to said write, and secure storage section is written in the private key,
The processor of the secure storage section and the first terminal carries out physical bindings, and the processor of the only described first terminal can
It is communicated with the data to the secure storage section.
Wherein, in the present embodiment, encrypted private key is pre-deposited into terminal, and then in terminal after terminal acquisition decryption key
It is interior that encrypted private key is decrypted and private key is written into secure storage section, the mode of this write-in private key convenient for operation,
High safety, and without other equipment, it reduces costs.
Optionally, after the first terminal is decrypted encrypted private key according to the decryption key, further includes:
Fail if the first terminal decrypts encrypted private key, the first terminal sends the second notice to the second terminal
Message, the second notification message are used to indicate decryption failure.
It should be noted that in the present embodiment, first notification message and the second notification message can lead to
Carrying decryption mark instruction successful decryption or failure are crossed, after the second terminal receives decryption mark, recognizes and is decrypted into
Function then sends write instruction, recognizes decryption failure, then stops importing program, and show error message, such as in second terminal
Display screen show error message.
Optionally, after the second terminal receives second notification message, decryption key can be sent again, and attempts to decrypt,
If receiving the first notification message, write instruction is sent, if receiving second notification message, can be again attempted to, until n-th
Afterwards, stop importing program, and show error message, the numerical value of the N is not specifically limited.
Optionally, before the decryption key that the first terminal reception second terminal is sent, further includes: first terminal receives institute
State the encrypted private key of second terminal transmission;The encrypted private key is stored in data area by first terminal.
In the present embodiment, the encrypted private key is stored as data in the data area, the data area
For open region, it is easy to read and write.
Optionally, first terminal instructs according to said write and the private key is written after secure storage section, further includes:
The first terminal sends write-in notice to the second terminal, and said write notice, which is used to indicate the private key, is
It is no to be written successfully.
It should be noted that in the present embodiment, said write notice includes that write-in success flag or write-in unsuccessfully identify,
If the second terminal receives write-in success flag, write-in successful information is shown;If the second terminal receives write-in and unsuccessfully marks
Know, then stop write-in program, shows write-in failure information, such as the display screen display write-in failure information in second terminal.
Optionally, after the write-in notice that the second terminal receives unsuccessfully identifies for write-in, write-in can be sent again and referred to
It enables, and attempts to be written again, if the write-in notice received is success flag, show write-in successful information;If the write-in received
Notice unsuccessfully identifies for write-in, can again attempt to, and after n-th, stops write-in program, and show write-in failure information, N
Numerical value for the integer greater than 0, but the N is not specifically limited.
Fig. 3 is the method flow schematic diagram that the key that one embodiment of the application provides imports terminal.The present embodiment is with second
Terminal is executing subject.
As shown in figure 3, this method comprises:
S301, second terminal send decryption key to first terminal.
In the present embodiment, operation has brush machine tool in second terminal, which instructs decryption key by DIAG
It is sent to first terminal.
S302, the second terminal receive the first terminal and are being decrypted according to the decryption key to encrypted private key
At the first notification message of rear transmission, first notification message is used to indicate successful decryption.
In the present embodiment, first notification message may include the status information of successful decryption, the first terminal
The status information is sent to the brush machine tool run in second terminal by DIAG instruction.Such as " 1 " expression successful decryption,
" 0 " indicates decryption unsuccessfully etc., is not limited.
S303, the second terminal send write instruction to the first terminal according to first notification message, described
Write instruction is used to indicate the first terminal and secure storage section is written in the private key.
In the present embodiment, after the first notification message for receiving first terminal transmission of the second terminal, confirmation solution
Close success can issue write instruction by brush machine tool, and be sent to first terminal by DIAG instruction.
Wherein, in the present embodiment, encrypted private key is pre-deposited into terminal, and then in terminal after terminal acquisition decryption key
It is interior that encrypted private key is decrypted and private key is written into secure storage section, the mode of this write-in private key convenient for operation,
High safety, and without other equipment, it reduces costs.
Optionally, after the second terminal sends decryption key to first terminal, further includes:
The second terminal receives the first terminal after failing according to the decryption key to the decryption of encrypted private key
The second notification message of transmission, the second notification message are used to indicate decryption failure.
It should be noted that in the present embodiment, first notification message and the second notification message can lead to
Carrying decryption mark instruction successful decryption or failure are crossed, after the second terminal receives decryption mark, recognizes and is decrypted into
Function then sends write instruction, recognizes decryption failure, then stops importing program, and show error message, such as in second terminal
Display screen show error message.
Optionally, after the second terminal receives second notification message, decryption key can be sent again, and attempts to decrypt,
If receiving the first notification message, write instruction is sent, if receiving second notification message, can be again attempted to, until n-th
Afterwards, stop importing program, and show write-in failure information, N is the integer greater than 0, but the numerical value of the N is not specifically limited.
Optionally, before the second terminal sends decryption key to first terminal, further includes:
Second terminal generates a pair of secret keys, and the pair of key includes: public key and private key;Second terminal to the private key into
Row encryption, obtains encrypted private key and the decryption key.
The second terminal by the public key be sent to security server, by the decryption key be sent to decryption server,
And the encrypted private key is sent to the first terminal.
In the present embodiment, it can be Lee Vista-Shamir-A Deman algorithm that the second terminal, which generates a pair of secret keys,
(Rivest-Shamir-Adlemanalgorithm, RSA) key pair.
RSA key centering, one of them is privacy key, i.e., the described private key is saved by user;Another is close to disclose
Key, i.e., the described public key, can external disclosure, can be registered in network server.To improve encryption strength, RSA key is at least 500
Bit length is generally recommended to use 1024.
It should be noted that in the present embodiment, the mode of the private key encryption is rsa encryption mode, to the private key
A pair of secret keys is generated after encryption, i.e., encrypted private key and decryption key, it is possible to use the encryption of other cipher modes, to cipher mode
With no restrictions, specifically it is subject to the cipher mode of user.
Wherein, the security server be IFAA (Internet Finance Authentication Alliance, mutually
Network financial authentication alliance) server, for docking the fingerprint payment function of Alipay.
Optionally, the security server can also (Fast Identity Online, quickly identity be tested on line for FIDO
Card) server, TENCENTSOTER (Tencent's biological identification platform) server etc., to dock wechat payment or other types
Using fingerprint pay software.
Optionally, before the second terminal sends decryption key to first terminal, further includes:
Second terminal sends connection request to the decryption server;
Second terminal receives the decryption key that the decryption server is sent according to the connection request.
It should be noted that in the present embodiment, the decryption server can preserve multiple decryption keys, each
Decryption key is corresponding with the encrypted private key in a first terminal, and the second terminal is believed according to the feature of the first terminal
Breath determines decryption key corresponding to the encrypted private key in the first terminal, and sends connection to the decryption server and ask
It asks, the connection request includes the information for requesting the corresponding decryption key, after the decryption server receives the connection request,
According to the information of the corresponding decryption key, corresponding decryption key is sent to the second terminal.
Optionally, the second terminal according to first notification message to the first terminal send write instruction it
Afterwards, further includes:
The second terminal receives the write-in notice that the first terminal is sent, and said write notice is used to indicate the private
Whether key is written success.
It should be noted that in the present embodiment, said write notice includes that write-in success flag or write-in unsuccessfully identify,
If the second terminal receives write-in success flag, write-in successful information is shown;If the second terminal receives write-in and unsuccessfully marks
Know, then stop write-in program, shows write-in failure information, such as the display screen display write-in failure information in second terminal.
Optionally, after the write-in notice that the second terminal receives unsuccessfully identifies for write-in, write-in can be sent again and referred to
It enables, and attempts to be written again, if the write-in notice received is success flag, show write-in successful information;If the write-in received
Notice unsuccessfully identifies for write-in, can again attempt to, and after n-th, stops write-in program, and show write-in failure information,
The numerical value of the N is not specifically limited.
Fig. 4 is that the application is the method flow schematic diagram that the key that one embodiment of the application provides imports terminal.
As shown in figure 4, in the present embodiment, the step of private key is imported the secure storage section of first terminal, is wrapped
It includes:
S401, second terminal generate key pair, and the public key of cipher key pair is uploaded security server.
In the present embodiment, the second terminal is locally generated a pair of of RSA key, including public key and private key, the public affairs
Key is uploaded to IFAA server.
S402, second terminal encryption key, obtain decryption key and encrypted private key.
In the present embodiment, for the second terminal to the private key encryption, RSA is can be used in cipher mode, is generated a pair of
RSA key pair, i.e. decryption key and encrypted private key.
S403, second terminal send decryption key to decryption server.
In the present embodiment, the decryption key is sent to decryption server and saved by the second terminal.
S404, second terminal send encrypted private key to first terminal.
In the present embodiment, the encrypted private key is sent to first terminal by the second terminal.
Data area is written in encrypted private key by S405, first terminal.
In the present embodiment, the first terminal saves the encrypted private key in the data area.
S406, second terminal send connection request to the decryption server.
In the present embodiment, the second terminal sends connection request to the decryption server, and request corresponds to first
The decryption key of private key after terminal encryption.
S407, decryption server send decryption key according to connection request.
In the present embodiment, corresponding decryption key is sent to the second terminal by the decryption server.
S408, second terminal send decryption key to first terminal
In the present embodiment, after the second terminal receives the decryption key that decryption server is sent, by the decryption key
It is transmitted to the first terminal.
S409, first terminal decrypt encrypted private key using decryption key, obtain private key.
In the present embodiment, after shown first terminal receives the decryption key, in Trustzone to the encryption after
Private key be decrypted, obtain private key, success after, the private key is temporarily stored in Trustzone.
S410, first terminal send the first notification message to second terminal.
In the present embodiment, after successfully obtaining private key, the first terminal sends the first notification message to second terminal, leads to
Know successful decryption.
S411, second terminal send write instruction to first terminal.
In the present embodiment, after the second terminal receives the first notification message, write instruction is sent to first terminal.
According to write instruction secure storage section is written in private key by S412, first terminal.
In the present embodiment, after the first terminal receives write instruction, the private key write-in peace in Trustzone will be present
Full storage region.
After S413, first terminal are successfully written the private key, write-in notice is sent to second terminal.
In the present embodiment, after the first terminal is successfully written the private key, write-in notice is sent to second terminal.
It should be noted that the communication between shown first terminal and the second terminal can pass through in the present embodiment
DIAG instruction is completed, and brush machine tool has wherein been run in second terminal, and the DIAG instruction is sent by the brush machine tool.
Fig. 5 is the terminal structure schematic diagram that one embodiment of the application provides, and the present embodiment is the structural representation of first terminal
Figure.
The schematic diagram be only in first terminal part-structure signal relevant to of the invention implementations, the first terminal may be used also
To include other modules.
As shown in figure 5, the first terminal includes: the first receiving module 501, deciphering module 502 and notification module 503.
Wherein:
First receiving module 501, for receiving the decryption key of second terminal transmission.
Deciphering module 502, for encrypted private key to be decrypted according to the decryption key, wherein after the encryption
Private key be pre-stored in the first terminal.
Notification module 503, for sending the first notice to the second terminal and disappearing after successful decryption obtains the private key
Breath, first notification message are used to indicate successful decryption.
Correspondingly, first receiving module 501 is also used to receive the second terminal according to first notification message
The write instruction of transmission;
Writing module 504, for secure storage section to be written in the private key according to said write instruction.
Optionally, the notification module 503 is also used to decrypt encrypted private key in the encrypting module 502 and fail
When, second notification message is sent to second terminal, the second notification message is used to indicate decryption failure.
Fig. 6 is the terminal structure schematic diagram that another embodiment of the application provides.
As shown in fig. 6, on the basis of Fig. 5, further includes: data memory module 601;
First receiving module 501 is also used to receive the encrypted private key that the second terminal is sent.
The data memory module 601, for storing the encrypted private key to data area.
Optionally, the notification module 503 is also used to that secure storage section is written in the private key in writing module 504
Later, write-in notice is sent to the second terminal, said write notice is used to indicate whether the private key is written success.
Above-mentioned apparatus can be used for executing the method for above method embodiment offer, specific implementation and technical effect class
Seemingly, which is not described herein again.
Fig. 7 is the terminal structure schematic diagram that the another embodiment of the application provides, and the present embodiment is that the structure of second terminal is shown
It is intended to.
The schematic diagram be only in second terminal part-structure signal relevant to of the invention implementations, the second terminal may be used also
To include other modules.
As shown in fig. 7, the second terminal includes: sending module 701 and the second receiving module 702, in which:
Sending module 702, for sending decryption key to first terminal.
Second receiving module 701, for receive the first terminal according to the decryption key to encrypted private key solution
The first notification message sent after the completion of close, first notification message are used to indicate successful decryption.
Correspondingly, the sending module 702 is also used to be write according to first notification message to first terminal transmission
Enter instruction, said write instruction is used to indicate the first terminal and secure storage section is written in the private key.
Optionally, second receiving module 701, be also used to the sending module to first terminal send decryption key it
Afterwards, the second notice that the first terminal is sent after failing to the decryption of encrypted private key according to the decryption key is received to disappear
Breath, the second notification message are used to indicate decryption failure.
Fig. 8 is the terminal structure schematic diagram that another embodiment of the application provides.
As shown in figure 8, the terminal can also include: key production module 801 and encrypting module on the basis of Fig. 7
802.Wherein:
The key production module 801 is used for before the sending module 702 sends decryption key to first terminal, raw
Key in a pair, the pair of key include: public key and private key.
The encrypting module 802, for obtaining encrypted private key and the decryption key for the private key encryption.
Further, the sending module 701 is also used to for the public key being sent to security server, by the decryption
Key is sent to decryption server and the encrypted private key is sent to the first terminal.
Optionally, the sending module 701 is also used to before sending decryption key to first terminal, is taken to the decryption
Business device sends connection request.
Second receiving module 702 is also used to receive the institute that the decryption server is sent according to the connection request
State decryption key.
Optionally, second receiving module 702 is also used to be disappeared in the sending module 701 according to first notice
It ceases after first terminal transmission write instruction, receives the write-in notice that the first terminal is sent, said write notice
It is used to indicate whether the private key is written success.
Above-mentioned apparatus can be used for executing the method for above method embodiment offer, specific implementation and technical effect class
Seemingly, which is not described herein again.
It should be noted that it should be understood that the modules of the above terminal division be only a kind of logic function division,
It can completely or partially be integrated on a physical entity in actual implementation, it can also be physically separate.And these modules can be with
All realized by way of processing element calls with software;It can also all realize in the form of hardware;It can also part mould
Block realizes that part of module passes through formal implementation of hardware by way of processing element calls software.For example, determining module can be with
For the processing element individually set up, it also can integrate and realized in some chip of above-mentioned apparatus, in addition it is also possible to program
The form of code is stored in the memory of above-mentioned apparatus, is called by some processing element of above-mentioned apparatus and is executed above true
The function of cover half block.The realization of other modules is similar therewith.Furthermore these modules completely or partially can integrate together, can also
With independent realization.Processing element described here can be a kind of integrated circuit, the processing capacity with signal.In the process of realization
In, each step of the above method or the above modules can by the integrated logic circuit of the hardware in processor elements or
The instruction of software form is completed.
For example, the above module can be arranged to implement one or more integrated circuits of above method, such as:
One or more specific integrated circuits (Application Specific Integrated Circuit, ASIC), or, one
Or multi-microprocessor (Digital SingnalProcessor, DSP), or, one or more field programmable gate array
(Field Programmable Gate Array, FPGA) etc..For another example, when some above module dispatches journey by processing element
When the form of sequence code is realized, which can be general processor, such as central processing unit (Central
Processing Unit, abbreviation CPU) or it is other can be with the processor of caller code.For another example, these modules can integrate
Together, it is realized in the form of system on chip (System-On-a-Chip, abbreviation SOC).
Fig. 9 is the terminal structure schematic diagram that another embodiment of the application provides.
As shown in figure 9, the terminal can be above-mentioned first terminal or second terminal, can specifically include: 901 He of processor
Memory 902.Wherein:
Memory 902 realizes that above method embodiment or Fig. 5, Fig. 6, Fig. 7, embodiment illustrated in fig. 8 are each for storing
The program code of module, processor 901 call the program code, execute the operation of above method embodiment, to realize Fig. 5, figure
6, Fig. 7, embodiment illustrated in fig. 8 modules.
Alternatively, some or all of above each unit can also pass through field programmable gate array (Field
Programmable Gate Array, abbreviation FPGA) form be embedded on some chip of the terminal and realize.And it
Can be implemented separately, also can integrate together.
Here the same above description of processor 901, can be general processor, such as CPU, can also be and be configured to reality
One or more integrated circuits of above method are applied, such as: one or more specific integrated circuit (Application
Specific Integrated Circuit, abbreviation ASIC), or, one or more microprocessors (digital singnal
Processor, abbreviation DSP), or, one or more field programmable gate array (Field Programmable Gate
Array, abbreviation FPGA) etc..Memory 902 can be a storage device, be also possible to the general designation of multiple memory elements.
In addition, multiple interfaces can be set on the processor 901, be respectively used to connection peripheral equipment or connect with peripheral equipment
The interface circuit connect.For example, the interface for connecting display screen, for connecting the interface of camera, for connecting audio processing
The interface etc. of element.
In several embodiments provided by the present invention, it should be understood that disclosed device and method can pass through it
Its mode is realized.For example, the apparatus embodiments described above are merely exemplary, for example, the division of the unit, only
Only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components can be tied
Another system is closed or is desirably integrated into, or some features can be ignored or not executed.Another point, it is shown or discussed
Mutual coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or logical of device or unit
Letter connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of hardware adds SFU software functional unit.
The above-mentioned integrated unit being realized in the form of SFU software functional unit can store and computer-readable deposit at one
In storage media.Above-mentioned SFU software functional unit is stored in a storage medium, including some instructions are used so that a computer
Equipment (can be personal computer, server or the network equipment etc.) or processor (English: processor) execute this hair
The part steps of bright each embodiment the method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory
(English: Read-Only Memory, abbreviation: ROM), random access memory (English: Random Access Memory, letter
Claim: RAM), the various media that can store program code such as magnetic or disk.
Claims (18)
1. a kind of method that key imports terminal characterized by comprising
First terminal receives the decryption key that second terminal is sent;
The first terminal is decrypted encrypted private key according to the decryption key, wherein the encrypted private key is pre-
It is stored in the first terminal;
If the first terminal successful decryption obtains the private key, the first terminal sends first to the second terminal and leads to
Know message, first notification message is used to indicate successful decryption;
The first terminal receives the write instruction that the second terminal is sent according to first notification message;
The first terminal instructs according to said write private key secure storage section is written.
2. the method as described in claim 1, which is characterized in that the first terminal is according to the decryption key to encrypted private
After key is decrypted, further includes:
Fail if the first terminal decrypts encrypted private key, the first terminal sends second to the second terminal
Notification message, the second notification message are used to indicate decryption failure.
3. the method as described in claim 1, which is characterized in that the first terminal receive decryption key that second terminal is sent it
Before, further includes:
The first terminal receives the encrypted private key that the second terminal is sent;
The encrypted private key is stored in data area by the first terminal.
4. the method according to claim 1, which is characterized in that the first terminal is instructed according to said write will
After the private key write-in secure storage section, further includes:
The first terminal sends write-in notice to the second terminal, and said write notice is used to indicate whether the private key is write
Enter success.
5. a kind of method that key imports terminal characterized by comprising
Second terminal sends decryption key to first terminal;
The second terminal receives the first terminal and sends after the completion of being decrypted according to the decryption key to encrypted private key
The first notification message, first notification message is used to indicate successful decryption;
The second terminal sends write instruction to the first terminal according to first notification message, and said write instruction is used
Secure storage section is written into the private key in the instruction first terminal.
6. method as claimed in claim 5, which is characterized in that after the second terminal sends decryption key to first terminal,
Further include:
The second terminal receives the first terminal and sends after being failed according to the decryption key to the decryption of encrypted private key
Second notification message, the second notification message be used to indicate decryption failure.
7. method as claimed in claim 5, which is characterized in that before the second terminal sends decryption key to first terminal,
Further include:
The second terminal generates a pair of secret keys, and the pair of key includes: public key and private key;
The second terminal encrypts the private key, obtains encrypted private key and the decryption key;
The public key is sent to security server, the decryption key is sent to decryption server and will by the second terminal
The encrypted private key is sent to the first terminal.
8. the method for claim 7, which is characterized in that before the second terminal sends decryption key to first terminal,
Further include:
The second terminal sends connection request to the decryption server;
The second terminal receives the decryption key that the decryption server is sent according to the connection request.
9. such as the described in any item methods of claim 5-8, which is characterized in that the second terminal disappears according to first notice
It ceases after first terminal transmission write instruction, further includes:
The second terminal receives the write-in notice that the first terminal is sent, and said write notice, which is used to indicate the private key, is
It is no to be written successfully.
10. a kind of terminal, which is characterized in that the terminal is first terminal, comprising:
First receiving module, for receiving the decryption key of second terminal transmission;
Deciphering module, for encrypted private key to be decrypted according to the decryption key, wherein the encrypted private key is pre-
It is stored in the first terminal;
Notification module, it is described for sending the first notification message to the second terminal after successful decryption obtains the private key
First notification message is used to indicate successful decryption;
Correspondingly, first receiving module is also used to receive what the second terminal was sent according to first notification message
Write instruction;
Writing module, for secure storage section to be written in the private key according to said write instruction.
11. terminal as claimed in claim 10, which is characterized in that the notification module is also used in the encrypting module to adding
When private key after close decrypts failure, second notification message is sent to second terminal, the second notification message is used to indicate decryption
Failure.
12. terminal as claimed in claim 10, which is characterized in that further include: data memory module;
First receiving module is also used to receive the encrypted private key that the second terminal is sent;
The data memory module, for storing the encrypted private key to data area.
13. such as the described in any item terminals of claim 10-12, which is characterized in that the notification module is also used in write-in mould
After secure storage section is written in the private key by block, write-in notice is sent to the second terminal, said write notice is used for
Indicate whether the private key is written success.
14. a kind of terminal, which is characterized in that the terminal is second terminal, comprising:
Sending module, for sending decryption key to first terminal;
Second receiving module, for receiving the first terminal after the completion of decrypting according to the decryption key to encrypted private key
The first notification message sent, first notification message are used to indicate successful decryption;
Correspondingly, the sending module is also used to send write instruction to the first terminal according to first notification message,
Said write instruction is used to indicate the first terminal and secure storage section is written in the private key.
15. terminal as claimed in claim 14, which is characterized in that second receiving module is also used in the transmission mould
After block sends decryption key to first terminal, receives the first terminal and encrypted private key is being decrypted according to the decryption key
The second notification message sent after failure, the second notification message are used to indicate decryption failure.
16. terminal as claimed in claim 14, which is characterized in that further include: key production module and encrypting module;
The key production module, for generating a pair of secret keys before the sending module sends decryption key to first terminal,
The pair of key includes: public key and private key;
The encrypting module, for obtaining encrypted private key and the decryption key for the private key encryption;
The sending module is also used to for the public key being sent to security server, the decryption key is sent to decryption service
The encrypted private key is simultaneously sent to the first terminal by device.
17. terminal as claimed in claim 16, which is characterized in that the sending module is also used to send to first terminal
Before decryption key, connection request is sent to the decryption server;
Second receiving module is also used to receive the decryption that the decryption server is sent according to the connection request
Key.
18. such as the described in any item terminals of claim 14-17, which is characterized in that second receiving module is also used in institute
State sending module according to first notification message to the first terminal send write instruction after, receive the first terminal
The write-in of transmission notifies that said write notice is used to indicate whether the private key is written success.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810986860.5A CN109039609A (en) | 2018-08-24 | 2018-08-24 | The method and terminal of key importing terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810986860.5A CN109039609A (en) | 2018-08-24 | 2018-08-24 | The method and terminal of key importing terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109039609A true CN109039609A (en) | 2018-12-18 |
Family
ID=64625510
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810986860.5A Pending CN109039609A (en) | 2018-08-24 | 2018-08-24 | The method and terminal of key importing terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109039609A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101478538A (en) * | 2008-12-31 | 2009-07-08 | 成都市华为赛门铁克科技有限公司 | Storage method, apparatus or system for safety management device |
| CN101989991A (en) * | 2010-11-24 | 2011-03-23 | 北京天地融科技有限公司 | Method for importing secret keys safely, electronic signature tool, authentication device and system |
| CN106033503A (en) * | 2015-03-19 | 2016-10-19 | 阿里巴巴集团控股有限公司 | Method, device and system of online writing application secret key into digital content equipment |
| CN107276756A (en) * | 2017-07-27 | 2017-10-20 | 深圳市金立通信设备有限公司 | A kind of method and server for obtaining root key |
| WO2018026323A1 (en) * | 2016-08-05 | 2018-02-08 | 华为国际有限公司 | Data processing method and device |
| CN108235798A (en) * | 2017-12-27 | 2018-06-29 | 福建联迪商用设备有限公司 | A kind of public private key pair acquisition methods, system and POS terminal |
| CN108270558A (en) * | 2016-12-30 | 2018-07-10 | 上海格尔软件股份有限公司 | A kind of private key introduction method based on temporary key pair |
-
2018
- 2018-08-24 CN CN201810986860.5A patent/CN109039609A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101478538A (en) * | 2008-12-31 | 2009-07-08 | 成都市华为赛门铁克科技有限公司 | Storage method, apparatus or system for safety management device |
| CN101989991A (en) * | 2010-11-24 | 2011-03-23 | 北京天地融科技有限公司 | Method for importing secret keys safely, electronic signature tool, authentication device and system |
| CN106033503A (en) * | 2015-03-19 | 2016-10-19 | 阿里巴巴集团控股有限公司 | Method, device and system of online writing application secret key into digital content equipment |
| WO2018026323A1 (en) * | 2016-08-05 | 2018-02-08 | 华为国际有限公司 | Data processing method and device |
| CN108270558A (en) * | 2016-12-30 | 2018-07-10 | 上海格尔软件股份有限公司 | A kind of private key introduction method based on temporary key pair |
| CN107276756A (en) * | 2017-07-27 | 2017-10-20 | 深圳市金立通信设备有限公司 | A kind of method and server for obtaining root key |
| CN108235798A (en) * | 2017-12-27 | 2018-06-29 | 福建联迪商用设备有限公司 | A kind of public private key pair acquisition methods, system and POS terminal |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TW201723949A (en) | Disabling mobile payments for lost electronic devices | |
| CN108345806A (en) | A kind of hardware encryption card and encryption method | |
| CN106527673A (en) | Method and apparatus for binding wearable device, and electronic payment method and apparatus | |
| US10943020B2 (en) | Data communication system with hierarchical bus encryption system | |
| KR20090041352A (en) | Method of secure personalization of a nfc chipset | |
| CN106997439A (en) | TrustZone-based data encryption and decryption method and device and terminal equipment | |
| CN110971398A (en) | Data processing method, device and system | |
| CN110598429B (en) | Data encryption storage and reading method, terminal equipment and storage medium | |
| CN111178884A (en) | Information processing method, device, equipment and readable storage medium | |
| CN104468562A (en) | Portable transparent data safety protection terminal oriented to mobile applications | |
| CN108667784B (en) | System and method for protecting internet identity card verification information | |
| CN109903052A (en) | A kind of block chain endorsement method and mobile device | |
| CN114095277A (en) | Power distribution network secure communication method, secure access device and readable storage medium | |
| CN111008400A (en) | Data processing method, device and system | |
| CN111404706A (en) | Application downloading method, secure element, client device and service management device | |
| EP2993856B1 (en) | Establishment of communication connection between mobile device and secure element | |
| CN103873245B (en) | Dummy machine system data ciphering method and equipment | |
| CN106295372B (en) | A kind of encryption Hub device realized based on EMMC interface | |
| CN102480724A (en) | Software authentication data card, software authentication system and software authentication method | |
| CN101159542B (en) | Method and system for saving and/or obtaining authentication parameter on terminal network appliance | |
| EP3556046B1 (en) | Method for secure management of secrets in a hierarchical multi-tenant environment | |
| CN103514540B (en) | A kind of excellent shield service implementation method and system | |
| CN104182867A (en) | Order sending method, receiving method, sending device, receiving device and system | |
| CN112636914B (en) | Identity verification method, identity verification device and smart card | |
| CN109039609A (en) | The method and terminal of key importing terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181218 |