CN111200491A - Key updating method, data decrypting method, device, client and interactive system - Google Patents
Key updating method, data decrypting method, device, client and interactive system Download PDFInfo
- Publication number
- CN111200491A CN111200491A CN201811389017.5A CN201811389017A CN111200491A CN 111200491 A CN111200491 A CN 111200491A CN 201811389017 A CN201811389017 A CN 201811389017A CN 111200491 A CN111200491 A CN 111200491A
- Authority
- CN
- China
- Prior art keywords
- key
- server
- currently used
- new
- currently
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 49
- 230000002452 interceptive effect Effects 0.000 title claims abstract description 12
- 230000000694 effects Effects 0.000 claims abstract description 17
- 238000010200 validation analysis Methods 0.000 claims description 14
- 238000004590 computer program Methods 0.000 claims description 11
- 230000000977 initiatory effect Effects 0.000 claims description 2
- 230000005540 biological transmission Effects 0.000 abstract description 14
- 238000010586 diagram Methods 0.000 description 8
- 238000006467 substitution reaction Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04B—TRANSMISSION
- H04B7/00—Radio transmission systems, i.e. using radiation field
- H04B7/14—Relay systems
- H04B7/15—Active relay systems
- H04B7/185—Space-based or airborne stations; Stations for satellite systems
- H04B7/18578—Satellite systems for providing broadband data service to individual earth stations
- H04B7/18593—Arrangements for preventing unauthorised access or for providing user protection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Astronomy & Astrophysics (AREA)
- Aviation & Aerospace Engineering (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention is suitable for the technical field of communication, and provides a method and a device for updating a secret key and decrypting data, a client and an interactive system, wherein the updating method comprises the following steps: when confirming that the key needs to be updated currently, the server side sends out an acquisition request, and the currently used key is in the validity period; receiving and storing a new key fed back by a server when the server confirms to provide based on an acquisition request, wherein the new key comprises a corresponding effective time point and an effective period; replacing the currently used key with the new key when the point in effect time is reached, the end point of the validity period of the currently used key being after the point in effect time. In the invention, the new key is updated before the old key is invalid, so that the normal use of data can be ensured after the data decryption is carried out by using the key each time, and the reliability of data transmission is improved.
Description
Technical Field
The invention belongs to the technical field of satellite positioning, and particularly relates to a method and a device for updating a secret key and decrypting data, a client and an interactive system.
Background
In a typical scenario where a satellite broadcast data terminal communicates with a server, an encryption technique is used to ensure the security of the communication between the server and the terminal. The server side encrypts data according to a specified key, the data are sent to the client side through a network, a satellite or a broadcast mode and the like, and the client side decrypts the data according to the appointed key for use. The key for encrypting and decrypting data is very important, and two parties need to use a set of preset or negotiated keys. However, when the system operates for a while, the originally agreed key may be expired and invalidated for some reason, and the server should notify the terminal in an effective manner.
Taking the example of broadcasting data by a satellite link, a service end generally encrypts service data by using an agreed key, and then sends the data to a satellite through an upper satellite link; and then broadcast to the terminal by the satellite. And the terminal decrypts the received data according to the appointed key, thereby completing the service data use. For the application scenario, when the server updates the key, the terminal must be updated synchronously, otherwise, the terminal cannot correctly decrypt the updated data of the server, so that the product function cannot be normally used.
There are two types of existing key update methods: offline updates and online updates. Both ways are that an update is triggered when a key expires or is close to expiring. The offline updating means that: inputting a new key into the terminal in an off-line mode by using a U disk, a floppy disk, manual input and other modes, wherein after the key of the server is updated, the key updating time of the terminal is uncontrollable; the online mode refers to that a terminal device is networked (generally, the internet capable of interacting) to obtain a key, when a server key is expired or renewed, a client terminal cannot be networked immediately, or the networking cannot be successful in pulling the updated key of the server terminal, so that the risk still exists. If the terminal cannot timely and reliably update the encryption key, the next period begins, and the terminal cannot correctly decrypt the encrypted data sent by the server, thereby affecting the positioning accuracy.
Disclosure of Invention
The embodiment of the invention provides a method and a device for updating a secret key and decrypting data, a client and an interactive system, and aims to solve the problem that the reliability of data transmission is possibly influenced by the secret key update of a server side because the secret key is updated only after the secret key expires in the prior art.
A method for updating a key, comprising:
when confirming that the key needs to be updated currently, sending an acquisition request to a server, wherein the currently used key is in the validity period;
receiving and storing a new key fed back by the server side when the server side confirms to provide based on the acquisition request, wherein the new key comprises a corresponding effective time point and an effective period;
replacing the currently used key with the new key when the point in effect time is reached, the end point of the validity period of the currently used key being after the point in effect time.
Preferably, when it is determined that the key needs to be updated currently, before sending the acquisition request to the server, the method further includes:
it is confirmed whether the key needs to be updated.
Preferably, confirming whether the key needs to be updated includes:
judging whether a new key is stored currently;
if no new key is stored currently, determining whether the key needs to be updated based on the currently used key;
and if the new key is stored currently, confirming that the key does not need to be updated.
Preferably, if no new key is currently stored, determining whether to update the key based on the currently used key includes:
judging whether the current key enters an expiration early warning time window;
when the judgment is yes, acquiring a forecast time window of the new key;
confirming whether the key needs to be updated based on the acquired forecast time window.
Preferably, when the judgment result is yes, acquiring a forecast time window of the new key further comprises:
and sending a key expiration early warning to the server to prompt the server to generate a new key.
Preferably, confirming whether the key needs to be updated based on the acquired forecast time window comprises:
judging whether entering a forecast time window of a new key at present;
when the judgment is yes, the key needs to be updated.
Preferably, obtaining the forecast time window of the new key comprises:
acquiring a forecast time window of a currently used key;
a forecast time window for the new key is calculated based on the acquired forecast time window for the currently used key.
Preferably, sending an acquisition request to the server includes:
initiating a connection request to the server;
and when the server is connected with the server, sending a request for acquiring a new key to the server.
The present invention also provides a device for updating a secret key, comprising:
the request unit is used for sending an acquisition request to the server side when confirming that the key is updated currently, and the currently used key is in the validity period;
the acquisition storage unit is used for receiving and storing a new key fed back by the server side when the server side confirms to provide the new key based on the acquisition request, and the new key comprises a corresponding effective time point and an effective period;
and the validation unit is used for replacing the currently used key with the new key when the validation time point is reached, wherein the end point of the validity period of the currently used key is behind the validation time point.
The present invention also provides a client including an update apparatus for a key, the update apparatus including:
the request unit is used for sending an acquisition request to the server side when confirming that the key is updated currently, and the currently used key is in the validity period;
the acquisition storage unit is used for receiving and storing a new key fed back by the server side when the server side confirms to provide the new key based on the acquisition request, and the new key comprises a corresponding effective time point and an effective period;
and the validation unit is used for replacing the currently used key with the new key when the validation time point is reached, wherein the end point of the validity period of the currently used key is behind the validation time point.
The invention also provides a data decryption method, which comprises the following steps:
receiving encrypted data of a server;
acquiring a key corresponding to the encrypted data based on a currently used key, wherein the currently used key is in a validity period;
and decrypting the encryption based on the acquired key to obtain decrypted data.
Preferably, the obtaining of the key corresponding to the encrypted data based on the currently used key comprises:
when a new key is stored currently, acquiring a key corresponding to the encrypted data based on the effective time point of the new key;
and when the new key is not stored at present and the currently used key is in the validity period, taking the currently used key as the key corresponding to the encrypted data.
Preferably, when a new key is currently stored, acquiring a key corresponding to the encrypted data based on the validation time of the new key includes:
when a new key is stored currently, judging whether the effective time point of the new key is reached currently;
and if so, acquiring the new key as the key corresponding to the encrypted data.
The present invention also provides a data decryption apparatus, comprising:
the receiving unit is used for receiving the encrypted data of the server;
an acquisition unit configured to acquire a key corresponding to the encrypted data based on a key currently used;
and the decryption unit is used for decrypting the encryption based on the acquired key to obtain decrypted data.
The invention also provides an interactive system comprising:
the server is used for receiving the data, encrypting the received data by adopting a key to obtain encrypted data, sending the encrypted data to the connected client, and generating the key and sending the key to the connected client;
and the client is used for receiving the encrypted data and the key of the server and decrypting the encrypted data and the key corresponding to the received encrypted data to obtain decrypted data.
The invention also provides a memory storing a computer program executed by a processor to perform the steps of:
when confirming that a new key is required to be acquired currently, sending an acquisition request to a server, wherein the currently used key is in the validity period;
receiving and storing a new key fed back by the server based on the acquisition request, wherein the new key comprises a corresponding effective time point;
when the effective time point is reached, the new key replaces the currently used key, when the end point of the effective period of the currently used key confirms that the key needs to be updated currently at the effective time point, an acquisition request is sent to a server, and the currently used key is in the effective period;
receiving and storing a new key fed back by the server side when the server side confirms to provide based on the acquisition request, wherein the new key comprises a corresponding effective time point and an effective period;
and when the effective time point is reached, replacing the currently used key with the new key, wherein the end point of the validity period of the currently used key is behind the effective time point.
The invention also provides a service terminal, which comprises a memory, a processor and a computer program which is stored in the memory and can run on the processor, wherein the processor executes the computer program to realize the following steps:
when confirming that the key needs to be updated currently, sending an acquisition request to a server, wherein the currently used key is in the validity period;
receiving and storing a new key fed back by the server side when the server side confirms to provide based on the acquisition request, wherein the new key comprises a corresponding effective time point and an effective period;
replacing the currently used key with the new key when the point in effect time is reached, the end point of the validity period of the currently used key being after the point in effect time.
In the embodiment of the invention, the new key is updated before the old key is invalid, so that the normal use of data can be ensured after the key is used for data decryption every time, and the reliability of data transmission is improved.
Drawings
Fig. 1 is a flowchart of a method for updating a key according to a first embodiment of the present invention;
fig. 2 is a flowchart illustrating a step S4 of a method for updating a key according to a first embodiment of the present invention;
fig. 3 is a flowchart illustrating a step S43 of a method for updating a key according to a first embodiment of the present invention;
fig. 4 is a structural diagram of a key updating apparatus according to a second embodiment of the present invention;
fig. 5 is a flowchart of a data decryption method according to a third embodiment of the present invention;
fig. 6 is a block diagram of a data decryption apparatus according to a fourth embodiment of the present invention;
fig. 7 is a block diagram of an interactive system according to a fifth embodiment of the present invention;
fig. 8 is a structural diagram of a service terminal according to a sixth embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In an embodiment of the present invention, a method for updating a key includes: when confirming that the key needs to be updated currently, sending an acquisition request to a server, wherein the currently used key is in the validity period; receiving and storing a new key fed back by the server side when the server side confirms to provide based on the acquisition request, wherein the new key comprises a corresponding effective time point and an effective period; replacing the currently used key with the new key when the point in effect time is reached, the end point of the validity period of the currently used key being after the point in effect time.
In order to explain the technical means of the present invention, the following description will be given by way of specific examples.
The first embodiment is as follows:
fig. 1 is a flowchart illustrating a method for updating a key according to a first embodiment of the present invention, where the method includes:
step S1, when confirming that the key needs to be updated currently, sending an acquisition request to the server;
specifically, when the key needs to be updated is confirmed, an acquisition request is initiated to the server, the key is generated by the server, the server firstly prepares service data, then encrypts the service data by adopting the key, and then broadcasts the service data through a satellite. The server generates a key at intervals, namely, the key is updated periodically, and when the key is generated, each key corresponds to a forenotice time window, an expiration forewarning time window, an effective time point, a validity period, an expiration time point and the like. If a new key needs to be acquired currently, the client sends an acquisition request to the server, and the client is not necessarily in a connection state with the server before sending the request, and at this time, the client needs to try to connect the server continuously, and sends the acquisition request when the network (which can be a satellite communication network or a common internet network) is connected normally, and the server feeds back the new key. I.e. the latest key. It should be noted that the currently used key must be within the validity period.
Step S2, receiving and storing a new key fed back when the server confirms to provide based on the acquisition request;
specifically, when the server is connected, the server receives the acquisition request, and after confirming that the new key is available for updating, the server feeds back the new key (that is, after the server has prepared the new key and when the key can be updated currently), the server returns the latest key, and after receiving the new key, the server stores the new key in time, and each new key carries a corresponding effective time point, an expiration early warning time window, a forenotice time window, an expiration date and the like.
Step S3, when the effective time point is reached, the new key is substituted for the currently used key;
in particular, when a new key is received, it is stored, and when the time of validity of the new key is reached, the key is updated, i.e. the currently used key is replaced by the new key. It should be noted that the currently used key is still in the validity period before being replaced.
In this embodiment, the new key is updated before the old key is invalidated, so that the normal use of data can be ensured after data decryption is performed by using the key each time, and the reliability of data transmission is improved.
In a preferable embodiment of this embodiment, the step S1 may further include:
step S4, confirming whether the key needs to be updated;
specifically, it is first necessary to confirm whether the key needs to be updated;
in a further preferred embodiment of this embodiment, as shown in fig. 2, a specific flowchart of step S4 of the method for updating a key according to the first embodiment of the present invention is provided, where the step S4 specifically includes:
step S41, judging whether a new key is stored currently;
specifically, firstly, judging whether a new key is stored currently;
preferably, first, it is determined whether a new key is currently stored, if the new key is currently stored, the step goes to step S42, and if the new key is not currently stored, the step goes to step S43;
step S42, no key update is required;
step S43, confirming whether the key needs to be updated based on the currently used key;
specifically, when the server generates a new key, the server usually notifies the connected client to update the key, the connected client receives and stores the new key, and when the time of validity of the new key arrives, the server updates the key to replace the old key with the new key. It should be noted that, if the client is not connected to the server or cannot receive the new key when the client is disconnected from the server, the client needs to actively connect to the server to request the new key.
In a preferred embodiment of this embodiment, as shown in fig. 3, a specific flowchart of step S43 of a method for updating a key according to a first embodiment of the present invention is provided, where step S43 specifically includes:
step S431, judging whether the key currently used enters an expiration early warning time window;
specifically, whether the currently used key enters an expiration warning time window is analyzed, when the key does not enter the expiration warning time window, the process is stopped, and when the key enters the expiration warning time window, the process goes to the step S432;
in a further preferred scheme of this embodiment, if it is determined that the expiration warning time window of the currently used key has been entered, an expiration warning is sent to the server to prompt the server to generate a new key, and then the new key is fed back. Then, the process proceeds to step S432, or the expiration warning is issued simultaneously with step S432, or after step S432, which is not limited herein.
Step S432, obtaining the effective time point of the new key;
specifically, when an expiration early warning time window of a currently used key has been entered, an effective time point of a new key needs to be acquired;
in a preferable scheme of this embodiment, the step 432 specifically includes:
acquiring a forecast time window of a currently used key;
calculating a forecast time window of a new key based on the acquired forecast time window of the currently used key;
specifically, each key corresponds to a preview time window, and the preview time window of the new key is calculated according to the preview time window of the currently used key and the generation cycle of the key, for example, the preview time window of the currently used key is from 9 months 10, 3 o 'clock to 4 o' clock, and the generation cycle is 7 days, then the preview time window of the new key is: 9/month 17 # 3 to 4 points.
Step S433 of confirming whether or not updating of the key is required based on the acquired advance notice time window;
specifically, if the key currently used has entered the expiration warning time window, a forenotice time window of the new key is obtained, and whether the key needs to be updated is determined based on the obtained forenotice time window.
Further, it is first determined whether to enter a forecast time window of a new key, for example, if the current time is 9 months, 17 th, and 3 rd, it indicates that the forecast time window has been entered, and at this time, if the new key has not been acquired, the new key needs to be acquired. If the point forecast time window is not reached, the process is stopped.
In this embodiment, the new key is updated before the old key is invalidated, so that the normal use of data can be ensured after data decryption is performed by using the key each time, and the reliability of data transmission is improved.
Example two:
based on the first embodiment, as shown in fig. 4, a block diagram of an apparatus for updating a key according to a second embodiment of the present invention is provided, where the apparatus includes: a request unit 1, an acquisition storage unit 2 connected with the request unit 1, and an validation unit 3 connected with the acquisition storage unit 2, wherein:
the system comprises a request unit 1, a server and a key updating unit, wherein the request unit is used for sending an acquisition request to the server when confirming that a key needs to be updated currently;
specifically, when the key needs to be updated is confirmed, an acquisition request is initiated to the server, the key is generated by the server, the server firstly prepares service data, then encrypts the service data by adopting the key, and then broadcasts the service data through a satellite. The server generates a key at intervals, namely, the key is updated periodically, and when the key is generated, each key corresponds to a forenotice time window, an expiration forewarning time window, an effective time point, a validity period, an expiration time point and the like. If a new key needs to be acquired currently, the client sends an acquisition request to the server, and the client is not necessarily in a connection state with the server before sending the request, and at this time, the client needs to try to connect the server continuously, and sends the acquisition request when the network (which can be a satellite communication network or a common internet network) is connected normally, and the server feeds back the new key. I.e. the latest key. It should be noted that the currently used key must be within the validity period.
The acquisition storage unit 2 is used for receiving and storing a new key fed back by the server when the server confirms to provide based on the acquisition request;
specifically, when the server is connected, the server receives the acquisition request, and after confirming that the new key is available for updating, the server feeds back the new key (that is, after the server has prepared the new key and when the key is currently updatable), the server returns the latest key, and after receiving the new key, the server timely stores the new key, each new key carries an effective time point, an expiration early warning time window, an advance warning time window, an effective period and other effective units 3, which are used for replacing the currently used key with the new key when the effective time point is reached, and an end point of the effective period of the currently used key is after the effective time point.
When the effective time point is reached, replacing the currently used key with the new key;
in particular, when a new key is received, it is stored, and when the time of validity of the new key is reached, the key is updated, i.e. the currently used key is replaced by the new key. It should be noted that the currently used key is still in the validity period before being replaced.
In this embodiment, the new key is updated before the old key is invalidated, so that the normal use of data can be ensured after data decryption is performed by using the key each time, and the reliability of data transmission is improved.
In a preferable aspect of this embodiment, the updating apparatus further includes: a validation unit 4 connected to the requesting unit 1, wherein:
a confirming unit 4 for confirming whether the key needs to be updated;
specifically, it is first necessary to confirm whether the key needs to be updated;
in a further preferred embodiment of the present embodiment, the confirming unit 4 includes: the judging subunit, with judge subunit's connected affirmation subunit, wherein:
the judging subunit is used for judging whether a new key is stored currently;
specifically, whether a new key is stored currently is judged, and then the new key is fed back to the confirming subunit;
the confirming subunit is used for confirming whether the key needs to be updated or not based on the currently used key when the new key is not stored; and is also used for confirming that the key does not need to be updated when the new key is judged to be stored.
Specifically, when the server generates a new key, the server usually notifies the connected client to update the key, the connected client receives and stores the new key, and when the time of validity of the new key arrives, the server updates the key to replace the old key with the new key. It should be noted that, if the client is not connected to the server or cannot receive the new key when the client is disconnected from the server, the client needs to actively connect to the server to request the new key.
In a preferred embodiment of this embodiment, the confirming subunit is specifically configured to:
firstly, judging whether a currently used secret key enters an expiration early warning time window;
specifically, whether a currently used key enters an expiration early warning time window is analyzed, and when the key does not enter the expiration early warning time window, the process is stopped;
when entering, the method is also used for acquiring the effective time point of the new key;
specifically, when an expiration early warning time window of a currently used key has been entered, an effective time point of a new key needs to be acquired;
in a further preferred scheme of this embodiment, if it is determined that the expiration warning time window of the currently used key has been entered, the determining subunit is further configured to send an expiration warning of the currently used key to the service end, so as to prompt the service end to generate a new key, and then feed back the new key.
In a preferred embodiment of this embodiment, the specific process of obtaining the effective time point of the new key is as follows:
acquiring a forecast time window of a currently used key;
calculating a forecast time window of a new key based on the acquired forecast time window of the currently used key;
specifically, each key corresponds to a preview time window, and the preview time window of the new key is calculated according to the preview time window of the currently used key and the generation cycle of the key, for example, the preview time window of the currently used key is from 9 months 10, 3 o 'clock to 4 o' clock, and the generation cycle is 7 days, then the preview time window of the new key is: 9/month 17 # 3 to 4 points.
The validation subunit is further to: confirming whether the key needs to be updated or not based on the acquired forecast time window;
specifically, if the key currently used has entered the expiration warning time window, a forenotice time window of the new key is obtained, and whether the key needs to be updated is determined based on the obtained forenotice time window.
Further, it is first determined whether to enter a forecast time window of a new key, for example, if the current time is 9 months, 17 th, and 3 rd, it is indicated that the forecast time window has been entered, and at this time, if the key has not been updated, the new key needs to be acquired. If the point forecast time window is not reached, the process is stopped.
In this embodiment, the new key is updated before the old key is invalidated, so that the normal use of data can be ensured after data decryption is performed by using the key each time, and the reliability of data transmission is improved.
The present invention further provides a client, where the client includes the key updating apparatus according to the second embodiment, and the specific structure, the working principle, and the technical effects of the key updating apparatus are consistent with the descriptions of the second embodiment, and are not described herein again.
Example three:
based on the first embodiment, as shown in fig. 5, a flowchart of a data decryption method according to a third embodiment of the present invention is shown, where the decryption method includes:
step A1, receiving encrypted data of a server;
specifically, encrypted data of a server side is received, and the encrypted data is formed by encrypting the received data (such as satellite data) by the server side by using a secret key;
a step a2 of obtaining a key corresponding to the encrypted data based on the currently used key;
specifically, a key corresponding to the encrypted data is obtained based on the currently used key, that is, the corresponding key is selected according to the currently used key and the current time, and the currently used key is in the validity period;
step A3, decrypting the encryption based on the obtained key to obtain decrypted data;
specifically, the obtained key is used to decrypt data, and decrypted data is obtained.
In this embodiment, when the currently used key is in the validity period, the key corresponding to the encrypted data is selected to perform decryption, and the currently used key is not directly used for decryption, so that normal decryption of the data can be ensured, and the reliability of data transmission is improved.
In a preferable embodiment of this embodiment, the step a2 specifically includes:
when a new key is stored currently, acquiring a key corresponding to encrypted data based on the effective time of the new key;
specifically, if a new key is currently stored, a key corresponding to the encrypted data is obtained based on the effective time point of the new key;
further, whether the effective time point is reached currently is judged, for example, if the effective time point of the new key is reached currently, the new key is directly obtained as the key corresponding to the encrypted data; if the effective time point of the new key is not reached currently, directly taking the currently used key as the key corresponding to the encrypted data;
and when the new key is not stored at present and the currently used key is in the validity period, taking the currently used key as the key corresponding to the encrypted data.
In a preferred embodiment of this embodiment, after receiving the encrypted data, if the current time window of the key used at present enters, the key needs to be updated first, and the updating process may refer to the first embodiment, which is described in detail herein.
In this embodiment, when the currently used key is in the validity period, the key corresponding to the encrypted data is selected to perform decryption, and the currently used key is not directly used for decryption, so that normal decryption of the data can be ensured, and the reliability of data transmission is improved.
Example four:
based on the third embodiment, as shown in fig. 6, a block diagram of a data decryption apparatus according to a fourth embodiment of the present invention is shown, where the decryption apparatus includes: a receiving unit 61, an obtaining unit 62 connected with the receiving unit 61, a decrypting unit 63 connected with the obtaining unit 62, wherein:
a receiving unit 61, configured to receive encrypted data of a server;
specifically, encrypted data of a server side is received, and the encrypted data is formed by encrypting the received data (such as satellite data) by the server side by using a secret key;
an acquisition unit 62 for acquiring a key corresponding to the encrypted data based on the key currently used;
specifically, a key corresponding to the encrypted data is obtained based on the currently used key, that is, the corresponding key is selected according to the currently used key and the current time, and the currently used key is in the validity period;
a decryption unit 63 configured to decrypt the encryption based on the acquired key to obtain decrypted data;
specifically, the obtained key is used to decrypt data, and decrypted data is obtained.
In this embodiment, when the currently used key is in the validity period, the key corresponding to the encrypted data is selected to perform decryption, and the currently used key is not directly used for decryption, so that normal decryption of the data can be ensured, and the reliability of data transmission is improved.
In a preferred embodiment of this embodiment, the obtaining unit 62 is specifically configured to:
when a new key is stored currently, acquiring a key corresponding to encrypted data based on the effective time of the new key;
specifically, if a new key is currently stored, a key corresponding to the encrypted data is obtained based on the effective time point of the new key;
further, whether the effective time point is reached currently is judged, for example, if the effective time point of the new key is reached currently, the new key is directly obtained as the key corresponding to the encrypted data; if the effective time point of the new key is not reached currently, directly taking the currently used key as the key corresponding to the encrypted data;
and when the new key is not stored at present and the currently used key is in the validity period, taking the currently used key as the key corresponding to the encrypted data.
In a preferred embodiment of this embodiment, the encryption apparatus further includes an updating unit, where the updating unit is configured to update the key first after receiving the encrypted data and when entering a time window for warning expiration of a currently used key, and a process of the update may refer to the first embodiment, which is not described herein again.
In this embodiment, when the currently used key is in the validity period, the key corresponding to the encrypted data is selected to perform decryption, and the currently used key is not directly used for decryption, so that normal decryption of the data can be ensured, and the reliability of data transmission is improved.
Example five:
fig. 7 is a block diagram illustrating an interactive system according to a fifth embodiment of the present invention, where the interactive system includes: a server 71 and a client 72, wherein:
the server 71 is configured to receive data, encrypt the received data with a key to obtain encrypted data, and send the encrypted data to the connected client 72, and further generate a key and send the key to the connected client 72;
and a client 72 configured to receive the encrypted data and the key of the server 71, and decrypt the encrypted data and the key corresponding to the received encrypted data to obtain decrypted data.
Specifically, the server 71 may update the key periodically and store the key, when the client 72 is connected to the server 71, the server 71 may directly send the updated key to the client 72, but when the client 72 is not connected to the server 71, the client 72 needs to actively connect to the server 71 to request to obtain a new key, after receiving the obtaining request, the server 71 determines whether the key is currently updatable, and if the current new key is ready, the new key may be fed back, or if the current time for updating the key has arrived, the latest key is fed back to the client 72, or if the current time for updating the key has arrived, the server 71 is not updated yet, and at this time, the key is updated directly, and then the latest key is fed back to the client 72.
In a preferred embodiment of this embodiment, the interactive system is preferably a data interactive system, the client 71 includes a decryption module and a key updating device, and the specific structure, the working principle, and the technical effects of the key updating device are consistent with those described in the second embodiment, and the steps are described herein. The decryption module corresponds to the decryption device of the fourth embodiment, and the specific structures, working principles and technical effects of the decryption module and the decryption device are the same, which is described in detail here.
Example six:
fig. 8 is a block diagram of a service terminal according to a sixth embodiment of the present invention, where the service terminal includes: a memory (memory)81, a processor (processor)82, a communication Interface (Communications Interface)83 and a bus 84, wherein the processor 82, the memory 81 and the communication Interface 83 complete mutual communication through the bus 84.
A memory 81 for storing various data;
specifically, the memory 81 is used for storing various data, such as data in communication, received data, and the like, and is not limited herein, and the memory further includes a plurality of computer programs.
A communication interface 83 for information transmission between communication devices of the service terminal;
the processor 82 is configured to call various computer programs in the memory 81 to execute a key updating method provided in the first embodiment, for example:
when confirming that the key needs to be updated currently, sending an acquisition request to a server, wherein the currently used key is in the validity period;
receiving and storing a new secret key fed back by the server based on the acquisition request and a new secret key fed back by the server when the server confirms to provide based on the acquisition request, wherein the new secret key comprises a corresponding effective time point and an effective period;
replacing the currently used key with the new key when the point in effect time is reached, the end point of the validity period of the currently used key being after the point in effect time.
In the embodiment, the new key is updated before the old key is invalid, so that the normal use of data can be ensured after the data decryption is carried out by using the key each time, and the reliability of data transmission is improved.
The present invention also provides a memory, in which a plurality of computer programs are stored, and the computer programs are called by a processor to execute the method for updating a secret key according to the first embodiment.
In the invention, the new key is updated before the old key is invalid, so that the normal use of data can be ensured after the data decryption is carried out by using the key each time, and the reliability of data transmission is improved.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation.
Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention. The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (17)
1. A method for updating a key, comprising:
when confirming that the key needs to be updated currently, sending an acquisition request to a server, wherein the currently used key is in the validity period;
receiving and storing a new key fed back by the server side when the server side confirms to provide based on the acquisition request, wherein the new key comprises a corresponding effective time point and an effective period;
replacing the currently used key with the new key when the point in effect time is reached, the end point of the validity period of the currently used key being after the point in effect time.
2. The updating method according to claim 1, wherein before sending an acquisition request to the server when confirming that the key needs to be updated currently, the method further comprises:
it is confirmed whether the key needs to be updated.
3. The updating method of claim 2, wherein confirming whether the key needs to be updated comprises:
judging whether a new key is stored currently;
if no new key is stored currently, determining whether the key needs to be updated based on the currently used key;
and if the new key is stored currently, confirming that the key does not need to be updated.
4. The updating method of claim 3, wherein if no new key is currently stored, determining whether the key needs to be updated based on the currently used key comprises:
judging whether the current key enters an expiration early warning time window;
when the judgment is yes, acquiring a forecast time window of the new key;
confirming whether the key needs to be updated based on the acquired forecast time window.
5. The updating method according to claim 4, wherein when the judgment is yes, obtaining the forecast time window of the new key further comprises:
and sending a key expiration early warning to the server to prompt the server to generate a new key.
6. The updating method of claim 4, wherein confirming whether the key needs to be updated based on the obtained forecast time window comprises:
judging whether entering a forecast time window of a new key at present;
when the judgment is yes, the key needs to be updated.
7. The updating method of claim 4, wherein obtaining a forecast time window for the new key comprises:
acquiring a forecast time window of a currently used key;
a forecast time window for the new key is calculated based on the acquired forecast time window for the currently used key.
8. The updating method according to claim 1, wherein sending the obtaining request to the server comprises:
initiating a connection request to the server;
and when the server is connected with the server, sending a request for acquiring a new key to the server.
9. An apparatus for updating a key, comprising:
the request unit is used for sending an acquisition request to the server side when confirming that the key is updated currently, and the currently used key is in the validity period;
the acquisition storage unit is used for receiving and storing a new key fed back by the server side when the server side confirms to provide the new key based on the acquisition request, and the new key comprises a corresponding effective time point and an effective period;
and the validation unit is used for replacing the currently used key with the new key when the validation time point is reached, wherein the end point of the validity period of the currently used key is behind the validation time point.
10. A client, characterized in that it comprises means for updating the keys according to claim 9.
11. A data decryption method, comprising:
receiving encrypted data of a server;
acquiring a key corresponding to the encrypted data based on a currently used key, wherein the currently used key is in a validity period;
and decrypting the encryption based on the acquired key to obtain decrypted data.
12. The data decryption method of claim 11, wherein obtaining the key corresponding to the encrypted data based on the currently used key comprises:
when a new key is stored currently, acquiring a key corresponding to the encrypted data based on the effective time point of the new key;
and when the new key is not stored at present and the currently used key is in the validity period, taking the currently used key as the key corresponding to the encrypted data.
13. The data decryption method of claim 12, wherein, when a new key is currently stored, obtaining the key corresponding to the encrypted data based on the validation time of the new key comprises:
when a new key is stored currently, judging whether the effective time point of the new key is reached currently;
and if so, acquiring the new key as the key corresponding to the encrypted data.
14. A data decryption apparatus, comprising:
the receiving unit is used for receiving the encrypted data of the server;
an acquisition unit configured to acquire a key corresponding to the encrypted data based on a key currently used;
and the decryption unit is used for decrypting the encryption based on the acquired key to obtain decrypted data.
15. An interactive system, comprising:
the server is used for receiving the data, encrypting the received data by adopting a key to obtain encrypted data, sending the encrypted data to the connected client, and generating the key and sending the key to the connected client;
and the client is used for receiving the encrypted data and the key of the server and decrypting the encrypted data and the key corresponding to the received encrypted data to obtain decrypted data.
16. A memory storing a computer program, the computer program being executable by a processor to perform the steps of:
when confirming that the key needs to be updated currently, sending an acquisition request to a server, wherein the currently used key is in the validity period;
receiving and storing a new key fed back by the server side when the server side confirms to provide based on the acquisition request, wherein the new key comprises a corresponding effective time point and an effective period;
replacing the currently used key with the new key when the point in effect time is reached, the end point of the validity period of the currently used key being after the point in effect time.
17. A service terminal comprising a memory, a processor and a computer program stored in said memory and executable on said processor, characterized in that said processor implements the steps of the method for updating a secret key according to any one of claims 1 to 8 when executing said computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811389017.5A CN111200491A (en) | 2018-11-20 | 2018-11-20 | Key updating method, data decrypting method, device, client and interactive system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811389017.5A CN111200491A (en) | 2018-11-20 | 2018-11-20 | Key updating method, data decrypting method, device, client and interactive system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111200491A true CN111200491A (en) | 2020-05-26 |
Family
ID=70745670
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811389017.5A Pending CN111200491A (en) | 2018-11-20 | 2018-11-20 | Key updating method, data decrypting method, device, client and interactive system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111200491A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112422281A (en) * | 2020-11-16 | 2021-02-26 | 杭州海康威视数字技术股份有限公司 | Method and system for changing secret key in security module |
| CN112671730A (en) * | 2020-12-15 | 2021-04-16 | 广东华兴银行股份有限公司 | Method, equipment and medium for exchanging symmetric encryption keys on line |
| CN113347146A (en) * | 2021-04-14 | 2021-09-03 | 上海瀚银信息技术有限公司 | Encryption and decryption method capable of automatically generating secret key |
| CN113347165A (en) * | 2021-05-24 | 2021-09-03 | 交通银行股份有限公司 | Method and device for seamlessly replacing secret key, server side and data interaction method |
| WO2022105113A1 (en) * | 2020-11-17 | 2022-05-27 | 平安科技(深圳)有限公司 | Key-update-based encryption method, apparatus and device, and storage medium |
| CN114710780A (en) * | 2022-03-16 | 2022-07-05 | 湖南斯北图科技有限公司 | Method for on-orbit updating and management of satellite measurement and control link communication secret key |
| CN115002763A (en) * | 2022-05-27 | 2022-09-02 | 青岛海尔科技有限公司 | Network key updating method and device, electronic equipment and server |
| WO2022257108A1 (en) * | 2021-06-11 | 2022-12-15 | 华为技术有限公司 | Method for updating vehicle-to-everything (v2x) communication key, and communication apparatus |
| CN115632802A (en) * | 2021-07-02 | 2023-01-20 | 腾讯科技(深圳)有限公司 | Processing method and device for authorization duration |
| CN116155491A (en) * | 2023-02-02 | 2023-05-23 | 广州万协通信息技术有限公司 | Symmetric key synchronization method of security chip and security chip device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101102552A (en) * | 2007-08-16 | 2008-01-09 | 中兴通讯股份有限公司 | Update method and system for service secret key |
| CN104009837A (en) * | 2014-04-28 | 2014-08-27 | 小米科技有限责任公司 | Method and device for updating key and terminal |
| CN106533659A (en) * | 2015-09-14 | 2017-03-22 | 北京中质信维科技有限公司 | Secret key updating method and system |
-
2018
- 2018-11-20 CN CN201811389017.5A patent/CN111200491A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101102552A (en) * | 2007-08-16 | 2008-01-09 | 中兴通讯股份有限公司 | Update method and system for service secret key |
| CN104009837A (en) * | 2014-04-28 | 2014-08-27 | 小米科技有限责任公司 | Method and device for updating key and terminal |
| CN106533659A (en) * | 2015-09-14 | 2017-03-22 | 北京中质信维科技有限公司 | Secret key updating method and system |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112422281A (en) * | 2020-11-16 | 2021-02-26 | 杭州海康威视数字技术股份有限公司 | Method and system for changing secret key in security module |
| WO2022105113A1 (en) * | 2020-11-17 | 2022-05-27 | 平安科技(深圳)有限公司 | Key-update-based encryption method, apparatus and device, and storage medium |
| CN112671730A (en) * | 2020-12-15 | 2021-04-16 | 广东华兴银行股份有限公司 | Method, equipment and medium for exchanging symmetric encryption keys on line |
| CN113347146A (en) * | 2021-04-14 | 2021-09-03 | 上海瀚银信息技术有限公司 | Encryption and decryption method capable of automatically generating secret key |
| CN113347146B (en) * | 2021-04-14 | 2023-09-08 | 上海瀚银信息技术有限公司 | Encryption and decryption method capable of automatically generating secret key |
| CN113347165A (en) * | 2021-05-24 | 2021-09-03 | 交通银行股份有限公司 | Method and device for seamlessly replacing secret key, server side and data interaction method |
| WO2022257108A1 (en) * | 2021-06-11 | 2022-12-15 | 华为技术有限公司 | Method for updating vehicle-to-everything (v2x) communication key, and communication apparatus |
| CN115632802A (en) * | 2021-07-02 | 2023-01-20 | 腾讯科技(深圳)有限公司 | Processing method and device for authorization duration |
| CN114710780A (en) * | 2022-03-16 | 2022-07-05 | 湖南斯北图科技有限公司 | Method for on-orbit updating and management of satellite measurement and control link communication secret key |
| CN115002763A (en) * | 2022-05-27 | 2022-09-02 | 青岛海尔科技有限公司 | Network key updating method and device, electronic equipment and server |
| CN116155491A (en) * | 2023-02-02 | 2023-05-23 | 广州万协通信息技术有限公司 | Symmetric key synchronization method of security chip and security chip device |
| CN116155491B (en) * | 2023-02-02 | 2024-03-08 | 广州万协通信息技术有限公司 | Symmetric key synchronization method of security chip and security chip device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111200491A (en) | Key updating method, data decrypting method, device, client and interactive system | |
| EP2827266B1 (en) | Information distribution system, and server, on-board terminal and communication terminal used therefor | |
| CN103370901B (en) | Long-term signatures terminal, long-term signatures server, long-term signatures terminal program and long-term signatures server program | |
| CN102118374A (en) | System and method for automatically updating digital certificates | |
| EP3644548A1 (en) | Key exchange system and key exchange method | |
| CN112035822B (en) | Multi-application single sign-on method, device, equipment and storage medium | |
| WO2004042490A2 (en) | System and method of automated licensing of an appliance or an application | |
| US20180300472A1 (en) | Vehicle Data Rewrite Control Device and Vehicle Data Rewrite Authentication System | |
| CN111970109B (en) | Data transmission method and system | |
| CN110620792A (en) | Communication encryption method, communication device, system, and computer-readable storage medium | |
| CN112202557B (en) | Encryption method, device, equipment and storage medium based on key update distribution | |
| EP1274195A1 (en) | Confidential data communication method | |
| CN113065857A (en) | Data processing method, device, equipment, medium and product in payment process | |
| CN111176710B (en) | Operation method of terminal software management system and terminal software management system | |
| JP4725070B2 (en) | Regular content confirmation method, content transmission / reception system, transmitter, and receiver | |
| US12050901B2 (en) | Over-the-air updating method, update server, terminal device, and internet of things system | |
| US10148439B2 (en) | Methods and systems for controlling medical device usage | |
| JP2004326763A (en) | Password change system | |
| KR102288444B1 (en) | Firmware updating method, apparatus and program of authentication module | |
| JP2013017089A (en) | Electronic signature system, signature server, signer client, electronic signature method, and program | |
| JP4020133B2 (en) | Account fraud suppression device and account fraud suppression program | |
| KR20190098863A (en) | System of collecting manufacturing facilities data and controlling the manufacturing facilities using iot communication with smart phone | |
| US20050169474A1 (en) | Distribution system | |
| CN100454320C (en) | Key management method and apparatus for digital copyright management | |
| CN111339198A (en) | Block chain-based water affair processing method, device, system, equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200526 |
|
| RJ01 | Rejection of invention patent application after publication |