CN114268467A - Key updating processing method, device, system, equipment and storage medium - Google Patents

Key updating processing method, device, system, equipment and storage medium Download PDF

Info

Publication number
CN114268467A
CN114268467A CN202111468358.3A CN202111468358A CN114268467A CN 114268467 A CN114268467 A CN 114268467A CN 202111468358 A CN202111468358 A CN 202111468358A CN 114268467 A CN114268467 A CN 114268467A
Authority
CN
China
Prior art keywords
secret key
service
key
updating
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111468358.3A
Other languages
Chinese (zh)
Other versions
CN114268467B (en
Inventor
张珂珂
吕舟
张敏
杨肃
张元新
季尚鹏
崔同帅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN202111468358.3A priority Critical patent/CN114268467B/en
Publication of CN114268467A publication Critical patent/CN114268467A/en
Application granted granted Critical
Publication of CN114268467B publication Critical patent/CN114268467B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S40/00Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
    • Y04S40/20Information technology specific aspects, e.g. CAD, simulation, modelling, system security

Landscapes

  • Stored Programmes (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The application provides a secret key updating processing method, a secret key updating processing device, a secret key updating processing system, secret key updating processing equipment and a storage medium. The method comprises the following steps: when a target secret key updating strategy is met, updating a first secret key stored in the capability open platform to obtain a second secret key; the target secret key updating strategy is a secret key updating strategy corresponding to a target service, the target service is a service for calling a service system by a service calling end, and both the first secret key and the second secret key are used for authenticating the service calling end; and updating the first secret key of the service calling end into a second secret key.

Description

Key updating processing method, device, system, equipment and storage medium
Technical Field
The present application relates to communications technologies, and in particular, to a method, an apparatus, a system, a device, and a storage medium for key update processing.
Background
Currently, a communication carrier opens an Application Programming Interface (API) to a user to allow the user to use a service provided by a third party through a terminal device such as a personal computer or a mobile phone.
When a user needs to use some service, a service calling request initiated by a user terminal is sent to a capability opening platform, the service calling request carries a secret key or a token for authentication, the capability opening platform authenticates the service calling request according to the secret key or the token, and routes the service calling request to a service end providing the service after the authentication is successful; after receiving the service request, the service end processes the service request to obtain a service processing result; sending the service processing result to the capability opening platform; and finally, the capability open platform returns the service request processing result to the user terminal.
However, in the prior art, a fixed key or token is used, so that the key or token is easy to leak, and thus the capability calling service of the capability open platform is at risk of illegal use.
Disclosure of Invention
The application provides a secret key updating processing method, a secret key updating processing device, a secret key updating processing system, secret key updating processing equipment and a storage medium, and aims to solve the problem that in the prior art, a fixed secret key or a fixed token is used, so that the secret key or the token is easy to leak, and therefore the risk of illegal use of the capacity calling service of a capacity open platform exists.
In a first aspect, the present application provides a key update processing method, where the method is applied to a capability openness platform, and the method includes: when a target secret key updating strategy is met, updating a first secret key stored by the capability open platform to obtain a second secret key; the target secret key updating strategy is a secret key updating strategy corresponding to a target service, the target service is a service for calling a service system by a service calling end, and the first secret key and the second secret key are both used for authenticating the service calling end; and updating the first secret key of the service calling end into the second secret key.
In a second aspect, the present application provides a key update processing method, where the method is applied to a key management center, and the method includes: receiving a secret key updating strategy of each service; each service is a service for calling the service system by a service calling end; when a secret key updating strategy corresponding to a target service is met, generating a secret key updating request aiming at the target service according to the secret key updating strategy of the target service; the secret key updating request is used for indicating the capability opening platform to update the first secret key stored in the capability opening platform to obtain a second secret key, and updating the first secret key of the service calling end into the second secret key; and sending a key updating request aiming at the target service to the capability open platform.
In a third aspect, the present application provides a key update processing method, where the method is applied to a service invocation end, and the method includes: receiving a second key; the second secret key is obtained by updating the first secret key stored by the capability open platform when the capability open platform meets a target secret key updating strategy; the target secret key updating strategy is a secret key updating strategy corresponding to a target service, the target service is a service for calling a service system by a service calling end, and the first secret key and the second secret key are both used for authenticating the service calling end; and updating the first secret key of the service calling end into the second secret key.
In a fourth aspect, the present application provides a key update processing apparatus, which is applied to a capability openness platform, and the apparatus includes: the updating module is used for updating the first secret key stored by the capability open platform to obtain a second secret key when a target secret key updating strategy is met; the target secret key updating strategy is a secret key updating strategy corresponding to a target service, the target service is a service for calling a service system by a service calling end, and the first secret key and the second secret key are both used for authenticating the service calling end; the updating module is further configured to update the first secret key of the service invoking end to the second secret key.
In a fifth aspect, the present application provides a key update processing apparatus, applied to a key management center, the apparatus including: the receiving module is used for receiving the secret key updating strategy of each service; each service is a service for calling the service system by a service calling end; the generating module is used for generating a key updating request of each service according to a key updating strategy of each service; the secret key updating request is used for indicating the capability opening platform to update the first secret key stored in the capability opening platform to obtain a second secret key, and updating the first secret key of the service calling end into the second secret key; and the sending module is used for sending the secret key updating request of each service to the capability open platform.
In a sixth aspect, the present application provides a key update processing apparatus, which is applied to a service invocation end, where the apparatus includes: a receiving module, configured to receive a second key; the second secret key is obtained by updating the first secret key stored by the capability open platform when the capability open platform meets a target secret key updating strategy; the target secret key updating strategy is a secret key updating strategy corresponding to a target service, the target service is a service for calling a service system by a service calling end, and the first secret key and the second secret key are both used for authenticating the service calling end; and the updating module is used for updating the first secret key of the service calling end into the second secret key.
In a seventh aspect, the present application provides a key update processing system, including: a capability openness platform for performing the method according to the first aspect; at least one service calling terminal, communicatively connected to the capability openness platform, for executing the method according to the second aspect; a key management center, communicatively connected to the capability openness platform, for performing the method according to the third aspect.
In an eighth aspect, the present application provides an electronic device, comprising: a processor, and a memory communicatively coupled to the processor; the memory stores computer-executable instructions; the processor executes computer-executable instructions stored by the memory to implement the method of the first, second or third aspect.
In a ninth aspect, the present application provides a computer readable storage medium having stored therein computer executable instructions for implementing the method according to the first, second or third aspect when executed by a processor.
According to the secret key updating processing method, the secret key updating processing device, the secret key updating processing system, the secret key updating processing equipment and the storage medium, when a target secret key updating strategy is met, a first secret key stored in an open capability platform is updated, and a second secret key is obtained; the target secret key updating strategy is a secret key updating strategy corresponding to a target service, the target service is a service of a service calling end calling capacity open platform, and both the first secret key and the second secret key are used for authenticating the service calling end; and updating the first secret key of the service calling end into a second secret key. Since the first secret key stored in the open capability platform and the service invocation end is updated under the condition that the target secret key update policy is satisfied, the secret key in the embodiment is updated dynamically. In addition, the first secret key in the service calling end is updated through the capability openness platform, so that the updating of the first secret key in the service calling end is one-way updating, namely the service calling end passively receives the second secret key sent by the capability openness platform and updates the first secret key of the service calling end, and cannot actively initiate a secret key updating request to the capability openness platform.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application.
FIG. 1 is a diagram of a prior art application scenario;
fig. 2 is a schematic diagram of a key update processing system according to an embodiment of the present application;
fig. 3 is a schematic diagram of another key update processing system according to an embodiment of the present application;
fig. 4 is a flowchart of a key update processing method according to an embodiment of the present application;
fig. 5 is a first interaction diagram of a key update processing method according to an embodiment of the present application;
fig. 6 is a second interaction diagram of a key update processing method according to an embodiment of the present application;
fig. 7 is a third interaction diagram of a key update processing method according to an embodiment of the present application;
fig. 8 is a fourth interaction diagram of a key update processing method according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of a key update processing apparatus according to an embodiment of the present application;
fig. 10 is a schematic structural diagram of another key update processing apparatus according to an embodiment of the present application;
fig. 11 is a schematic structural diagram of another key update processing apparatus according to an embodiment of the present application;
fig. 12 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
With the above figures, there are shown specific embodiments of the present application, which will be described in more detail below. These drawings and written description are not intended to limit the scope of the inventive concepts in any manner, but rather to illustrate the inventive concepts to those skilled in the art by reference to specific embodiments.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
Fig. 1 is a diagram of an application scenario of the prior art. As shown in fig. 1, the application scenario includes: the system comprises a capability opening platform 11 and a plurality of service calling terminals 12; each service invocation terminal 12 is in communication connection with the capability openness platform.
The service calling terminal 12 includes a smart phone, a tablet computer, a desktop computer, a notebook computer, and the like.
The service calling terminal 12 sends a service request to the capability opening platform 11, and the capability opening platform 11 authenticates the service request. In the authentication process, authentication is currently performed based on a key or Token (Token). Specifically, when the service invocation end 12 sends the service request to the capability openness platform 11, the service request carries a key or Token, and the capability openness platform also stores a key or Token. And when the capability opening platform receives the service request, matching the key or Token carried in the service request with the key or Token stored in the capability opening platform, and if the matching is successful, providing capability calling service for the service calling end. Namely: and routing the service request to a service server, acquiring a service request result, and returning the service request result to the service calling end.
At present, a key or Token is kept by a service invocation end, and the key or Token of each service invocation end is fixed, which may cause the key to be easily leaked and to be easily forged, and the forged key is easily used to invoke the service of the capability opening platform, so that the service provided by the capability opening platform is illegally invoked, which causes a loss to the capability opening platform.
In order to solve the technical problems, the application provides the following technical concepts: by dynamically updating the secret key or Token of the capability open platform and the service calling end, the probability of secret key or forgery is reduced, the leakage probability of the secret key or Token is reduced, and the security of the capability open platform for providing services to the outside is improved.
The following describes the technical solutions of the present application and how to solve the above technical problems with specific embodiments. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.
Fig. 2 is a schematic diagram of a key update processing system according to an embodiment of the present application. As shown in fig. 2, the application scenario includes: the system comprises a key management center 21, a capability opening platform 22 and a plurality of service calling terminals 23; each service invoking terminal 23 is communicatively connected to the capability openness platform 22, and the key management center 21 is communicatively connected to the capability openness platform 22. The service calling terminal 23 includes a smart phone, a tablet computer, a desktop computer, a notebook computer, and the like.
The capability openness platform 22 and the plurality of service call terminals 23 may set a key update policy for each type of service, and store the key update policy in the key management center. And then, the key management center updates the keys of the capacity open platform and the service calling end according to the key updating strategy.
Fig. 2 shows that a secret key management center 21 needs to be arranged outside the capability opening platform 22. This incurs overhead in hardware. In order to reduce the hardware overhead, the capability openness platform 22 may be further modified to make the capability openness platform 22 have the function of the key management center 21, which may be specifically referred to as the following description of the embodiment:
fig. 3 is a schematic diagram of another key update processing system according to an embodiment of the present application. As shown in fig. 3, the application scenario includes: a capability opening platform 31 and a plurality of service calling terminals 32; each service invocation terminal 32 is communicatively connected with the capability opening platform 31. Each service calling terminal 32 includes a smart phone, a tablet computer, a desktop computer or a notebook computer.
The capability openness platform 31 and the plurality of service invokers 32 may set a key update policy for each type of service and store the key update policy in the capability openness platform 31. Then, the capability openness platform 31 updates the keys stored in the capability openness platform 31 and the service invocation terminal 32 according to the key update policy.
Specifically, the capability openness platform 31 may include a key management unit 311 and a key update unit 312. The key management unit 311 functions as the key management center 21 in fig. 2, i.e., performs the method steps performed by the key management center 21; the key update unit 312 functions as the capability openness platform 22 in fig. 2, i.e., performs the method steps of the capability openness platform 22.
Based on the application scenarios shown in fig. 2 and fig. 3, the embodiment of the present application further provides a key update processing method. The following describes a key update processing method provided in an embodiment of the present application in detail with reference to the accompanying drawings:
fig. 4 is a flowchart of a key update processing method according to an embodiment of the present application, and as shown in fig. 4, the key update processing method includes the following steps:
s401, when a target secret key updating strategy is met, updating a first secret key stored in an open capability platform to obtain a second secret key; the target secret key updating strategy is a secret key updating strategy corresponding to the target service, the target service is a service for calling a service system by the service calling end, and the first secret key and the second secret key are both used for authenticating the service calling end.
The main execution body of the method of the embodiment is the capability open platform in fig. 2 or fig. 3.
When the service calling end needs to call the service of the third-party service system, a service calling request is sent to the capability opening platform, and the service calling request comprises the type of the service to be called. The capability open platform can determine a key updating strategy corresponding to the service to be called, namely a target key updating strategy, according to the type of the service to be called.
The target secret key updating strategy is used for triggering the capacity opening platform to update the first secret key stored by the capacity opening platform and the service calling end. The specific triggering process of the target key updating policy can be introduced as two alternative embodiments:
in a first optional implementation manner, based on the application scenario shown in fig. 2, the target key update policy may be stored in the key management center, and the key management center determines whether the target key update policy is satisfied according to the target key update policy, and when it is determined that the target key update policy is satisfied, sends a key update request to the capability openness platform to instruct the capability openness platform to update the first key stored in the capability openness platform and the service invocation end.
In a second optional implementation manner, based on the application scenario shown in fig. 3, the target key update policy may be stored in the capability openness platform, the capability openness platform determines whether the target key update policy is satisfied according to the target key update policy, and when it is determined that the target key update policy is satisfied, the first secret key stored in the capability openness platform and the first secret key stored in the service invocation terminal are updated.
In this embodiment, before step S401, this embodiment further includes: s400, aiming at the service of each service system butted by the capability open platform, setting a secret key updating strategy of each service; and sending the key updating strategy of each service to the key management center.
Specifically, the following two optional examples can be included:
example one: illustratively, on the basis of the first optional implementation manner, the capability openness platform needs to set a key update policy for each service system that the capability openness platform interfaces with; and sending the key updating strategy of each service to the key management center. Or the service calling end sets a key updating strategy of each service aiming at each service required and sends the key updating strategy to the capacity opening platform, and the capacity opening platform sends the key updating strategy of each service to the key management center.
Accordingly, the key management center may perform the following steps: receiving a secret key updating strategy of each service; each service is a service for calling a service system by a service calling end; when a secret key updating strategy corresponding to the target service is met, generating a secret key updating request aiming at the target service according to the secret key updating strategy of the target service; the secret key updating request is used for indicating the capability openness platform to update the first secret key stored in the capability openness platform to obtain a second secret key, and updating the first secret key of the service calling end into the second secret key; and sending a key updating request aiming at the target service to the capability open platform. Specifically, the key update policy may include at least one of the following: receiving prompt information of abnormal calling sent by the capability opening platform; the prompt message is used for triggering the secret key management center to send the secret key updating request; and determining the time of reaching the key updating according to the key updating frequency of the target service.
Example two: for example, on the basis of the second optional implementation manner, the capability openness platform may set a key update policy for each service system that the capability openness platform interfaces with, and store the key update policy for each service in the capability openness platform. Or the service calling end sets a target key updating strategy of each service for each service required and sends the target key updating strategy to the capacity opening platform, and the capacity opening platform stores the target key updating strategy of each service.
Optionally, when the capability openness platform or the service invocation end sets the key update policy of each service, the key update frequency of each service may be set according to the security requirement of each service. The security requirement of each service is positively correlated with the key update frequency of each service, that is, the higher the security requirement of each service is, the higher the key update frequency of the service is, and conversely, the lower the security requirement of each service is, the lower the key update frequency of the service is.
S402, the first secret key of the service calling end is updated to be a second secret key.
Specifically, updating the first secret key of the service invocation end to the second secret key includes: and the capability open platform sends the second secret key to the service calling end. Correspondingly, the service calling terminal receives the second secret key and updates the first secret key of the service calling terminal into the second secret key.
Based on the second secret key, when the service calling end sends the service request to the capability opening platform, the service request carries the second secret key, the capability opening platform receives the service request, authenticates the service request according to the second secret key in the service request, and forwards the service request to a service system corresponding to the service type of the service request if the authentication is successful, the service system obtains a service processing result according to the service request and returns the service processing result to the capability opening platform, and the capability opening platform further returns the service processing result to the service calling end.
Specifically, the authenticating the service request by the capability openness platform according to the second key in the service request includes: and the capability opening platform compares the second secret key in the service request with a second secret key corresponding to the type of the service request stored in the capability opening platform, if the second secret key in the service request is the same as the second secret key corresponding to the type of the service request stored in the capability opening platform, the authentication is successful, otherwise, the authentication is failed.
In this embodiment, a key update interface is disposed between the capability openness platform and the service invocation end, and the key update interface is a unidirectional transmission interface, that is, a unidirectional interface for performing data transmission from the capability openness platform to the service invocation end. This means that the update of the first key in the service invocation end can only be performed by receiving the second key sent by the capability openness platform, and the service invocation end cannot actively initiate a key update request to the capability openness platform.
In the embodiment, when a target secret key updating strategy is met, a first secret key stored in an open capability platform is updated to obtain a second secret key; the target secret key updating strategy is a secret key updating strategy corresponding to a target service, the target service is a service of a service calling end calling capacity open platform, and both the first secret key and the second secret key are used for authenticating the service calling end; and updating the first secret key of the service calling end into a second secret key. Since the first secret key stored in the open capability platform and the service invocation end is updated under the condition that the target secret key update policy is satisfied, the secret key in the embodiment is updated dynamically. In addition, the first secret key in the service calling end is updated through the capability openness platform, so that the updating of the first secret key in the service calling end is one-way updating, namely the service calling end passively receives the second secret key sent by the capability openness platform and updates the first secret key of the service calling end, and cannot actively initiate a secret key updating request to the capability openness platform.
On the basis of the above embodiment, the target key update policy may include at least one of:
a. and receiving a key updating request aiming at the target service from the key management center.
b. And monitoring the exception of the target service of the service calling end calling capability open platform.
c. And determining the time of reaching the key updating according to the key updating frequency of the target service.
Based on the above three-item key update strategy, there can be two different implementations as follows:
in an alternative embodiment, the key management center may determine whether the target update policy is satisfied according to the target key update policies of items b and c, and when determining that the target update policy is satisfied, send a key update request for the target service to the capability openness platform, and when receiving the key update request for the target service from the key management center, the capability openness platform performs steps S401 and S402.
In another alternative embodiment, the capability openness platform may determine whether the target update policy is satisfied according to the target key update policies of b and c, and perform step S401 and step S402 when determining that the target update policy is satisfied. The following describes two optional embodiments in detail based on the application scenarios shown in fig. 2 and fig. 3, in combination with interaction among the key management center, the capability open platform, and the service invocation end:
based on the application scenario shown in fig. 2, the present application provides a key update processing method. Fig. 5 is a first interaction diagram of a key update processing method according to an embodiment of the present application. As shown in fig. 5, the key update processing method includes:
s501, the key management center determines whether the key updating time is reached according to the key updating frequency of the target service.
Before step S501, the capability openness platform needs to set a key update frequency of each service system of the service system that the capability openness platform interfaces with, and send the key update frequency to the key management center, where the key management center stores the key update frequency of each service. Or the service calling end sets the key updating frequency of each service required by the service calling end and sends the key updating frequency to the capacity opening platform, the capacity opening platform sends the key updating frequency of each service to the key management center, and the key management center stores the key updating frequency of each service.
S502, if the key management center determines that the key updating time is up according to the key updating frequency of the target service, the key management center determines that the target key updating strategy is met.
Optionally, if it is determined that the key update time does not arrive according to the key update frequency of the target service, it is determined that the target key update policy is not satisfied.
For example, assuming that the key update frequency of the target service is 5 minutes, the key update request of the target service is generated and sent to the capability openness platform every 5 minutes in this embodiment.
S503, when the key management center determines that the target key updating strategy is met, generating a key updating request of the target service; and the secret key updating request of the target service is used for indicating the capability opening platform to update the first secret key stored in the capability opening platform to obtain a second secret key, and updating the first secret key stored in the service calling end according to the second secret key.
S504, the key management center sends a key updating request to the capability opening platform.
And S505, the capability openness platform receives the secret key updating request, and updates the first secret key stored in the capability openness platform to obtain a second secret key.
Specifically, the capability openness platform deletes the first secret key and stores the second secret key. Or the first secret key is set to be invalid and the second secret key is set to be valid.
S506, the capability openness platform sends the second secret key to the service calling end.
S507, the service invoking end receives the second secret key, and updates the first secret key stored in the service invoking end into the second secret key according to the second secret key.
Specifically, the service invocation end may delete the first secret key and store the second secret key. Or the first secret key is set to be invalid and the second secret key is set to be valid.
Based on the application scenario shown in fig. 2, the present application provides a key update processing method. Fig. 6 is a second interaction diagram of a key update processing method according to an embodiment of the present application. As shown in fig. 6, the key update processing method includes:
s601, the capability opening platform monitors a service calling end to call the service of the service system.
S602, if the capacity open platform monitors that the service calling end calls the service system abnormally, sending prompt information of abnormal calling to the secret key management center; the prompt message is used for triggering the secret key management center to send the secret key updating request.
S603, the secret key management center receives prompt information of abnormal calling sent by the capability open platform and confirms that a target secret key updating strategy is met.
In this embodiment, the key management center receives the prompt message of the abnormal call sent by the capability openness platform, and then determines that the target key update policy is satisfied.
S604, when the key management center determines that the target key updating strategy is met, generating a key updating request of the target service; and the secret key updating request of the target service is used for indicating the capability opening platform to update the first secret key stored in the capability opening platform to obtain a second secret key, and updating the first secret key stored in the service calling end according to the second secret key.
S605, the key management center sends a key updating request to the capability opening platform.
S606, the capability openness platform receives the key update request, and updates the first secret key stored in the capability openness platform to obtain a second secret key.
For a specific implementation of step S606, refer to the description of step S505.
S607, the capability openness platform sends the second secret key to the service calling end.
S608, the service invoking end receives the second secret key, and updates the first secret key stored in the service invoking end into the second secret key according to the second secret key.
For a specific implementation of step S608, refer to the description of step S507.
Based on the application scenario shown in fig. 3, the present application provides a key update processing method. Fig. 7 is a third interaction diagram of a key update processing method according to an embodiment of the present application. As shown in fig. 7, the key update processing method includes:
s701, the capability open platform determines whether the key updating time is reached according to the key updating frequency of the target service.
Before step S701, the capability openness platform further needs to set a key update frequency of each service system of the service system that the capability openness platform interfaces with, and store the key update frequency of each service. Or the service calling end sets the key updating frequency of each service required by the service calling end and sends the key updating frequency to the capacity opening platform, and the capacity opening platform stores the key updating frequency of each service.
S702, if the capacity open platform determines whether the key updating time is reached according to the key updating frequency of the target service, determining that a target key updating strategy is met; the target secret key updating strategy is a secret key updating strategy corresponding to a target service, the target service is a service for calling the capability open platform by a service calling end, and the first secret key and the second secret key are both used for authenticating the service calling end.
For a specific implementation of step S702, refer to the description of step S502.
And S703, when the capability open platform determines that the target secret key updating strategy is met, updating the first secret key stored in the capability open platform to obtain a second secret key.
For a specific implementation of step S703, refer to the description of step S505.
S704, the capability openness platform sends the second secret key to the service calling end.
S705, the service invoking end receives the second secret key, and updates the first secret key stored in the service invoking end into the second secret key according to the second secret key.
For a specific implementation of step S705, refer to the description of step S507.
Based on the application scenario shown in fig. 3, the present application provides a key update processing method. Fig. 8 is a fourth interaction diagram of the key update processing method according to the embodiment of the present application. As shown in fig. 8, the key update processing method includes:
s801, the capability opening platform monitors the service calling end to call the service of the service system.
S802, if the capacity open platform monitors that the service calling end calls the service system abnormally, the capacity open platform determines that the target secret key updating strategy is met.
And S803, when the capability open platform determines that the target secret key updating strategy is met, updating the first secret key stored in the capability open platform to obtain a second secret key.
For a specific implementation of step S803, refer to the description of step S505.
S804, the capability open platform sends the second secret key to the service calling end.
S805, the service invoking end receives the second secret key, and updates the first secret key stored in the service invoking end into the second secret key according to the second secret key.
For a specific implementation of step S805, refer to the description of step S507.
On the basis of the foregoing embodiment, in order to improve security of key update, the present application further provides at least three optional implementation manners as follows for updating a first secret key of a service invocation end to a second secret key:
in a first optional implementation manner, updating the first secret key of the service invocation end to the second secret key includes steps a1 and a 2:
and a1, encrypting the second secret key to obtain an encrypted second secret key.
The encryption algorithm for encrypting the second secret key may adopt any existing encryption algorithm, which is not limited in this embodiment.
Step a2, sending a first secret key update instruction to a service invoking end, where the first secret key update instruction is used to instruct the service invoking end to update a first secret key of the service invoking end to the second secret key, and the first secret key update instruction carries the encrypted second secret key.
On the basis of the first optional implementation, correspondingly, the service invocation end may perform the following steps: and receiving a first secret key updating instruction sent by the capability open platform.
In a second optional implementation manner, updating the first secret key of the service invocation end to the second secret key includes: and sending a second secret key updating instruction to the service calling end, wherein the second secret key updating instruction is used for indicating the service calling end to update the first secret key of the service calling end into a second secret key when the second secret key is determined to be legal, and the second secret key updating instruction carries the second secret key.
On the basis of the second optional implementation, correspondingly, the service invocation end may perform the following steps: and receiving a second secret key updating instruction sent by the capability open platform.
In a third optional implementation manner, updating the first secret key of the service invocation end to the second secret key includes: and sending a third secret key updating instruction to the service calling end through a private network between the capability open platform and the service calling end, wherein the third secret key updating instruction is used for instructing the service calling end to update the first secret key of the service calling end into a second secret key, and the third secret key updating instruction carries the second secret key.
On the basis of the third optional implementation manner, correspondingly, the service invoking end may perform the following steps: and receiving a third secret key updating instruction sent to the service calling end by the capacity opening platform through a special network between the capacity opening platform and the service calling end.
On the basis of the above embodiment, in order to ensure that the update of the secret key does not affect the service invocation, after the first secret key stored in the open platform is updated to obtain the second secret key, the embodiment of the present application may further include the following steps a and B:
step A, setting the effective time of a second secret key; the valid time of the second secret key is partially overlapped with the valid time of the first secret key.
And step B, storing the valid time of the second secret key.
Optionally, on the basis of step a and step B, the first secret key of the service invocation end is updated to be the second secret key, which includes the following three optional implementations:
in a second optional implementation manner, updating the first secret key of the service invocation end to the second secret key includes:
b1, encrypting the second secret key to obtain the encrypted second secret key.
b2, sending a first secret key updating instruction to the service calling end, wherein the first secret key updating instruction is used for instructing the service calling end to update the first secret key of the service calling end into a second secret key, and the first secret key updating instruction carries the encrypted second secret key and the effective time of the second secret key.
On the basis of step b1 and step b2, the service calling side can perform the following steps accordingly: and receiving a first secret key updating instruction sent by the capability open platform.
In a second optional implementation manner, updating the first secret key of the service invocation end to the second secret key includes: and sending a second secret key updating instruction to the service calling end, wherein the second secret key updating instruction is used for indicating the service calling end to update the first secret key of the service calling end into a second secret key when the second secret key is determined to be legal, and the second secret key updating instruction carries the second secret key and the valid time of the second secret key. Accordingly, the service invoking terminal may perform the following steps: and receiving a second secret key updating instruction sent by the capability open platform.
In a third optional implementation manner, updating the first secret key of the service invocation end to the second secret key includes: and sending a third secret key updating instruction to the service calling end through a private network between the capability open platform and the service calling end, wherein the third secret key updating instruction is used for indicating the service calling end to update the first secret key of the service calling end into a second secret key, and the third secret key updating instruction carries the second secret key and the effective time of the second secret key. Accordingly, the service invoking terminal may perform the following steps: and receiving a third secret key updating instruction sent by the capability open platform.
Illustratively, the validity time of the first key may be set to 18:50 at 11/25/2021 to 19:50 at 11/25/2021, and the validity time of the second key may be set to 20:00 at 11/25/19/30 at 2021 to 12/25/20/00 at 2021. The user can use the first key to make service call from the capability openness platform or the second key to make service call from the capability openness platform in the period from 11/25/19/30/2021 to 12/25/19/50/2021.
It should be noted that, before the first secret key of the capability openness platform and the first secret key of the service invocation end are updated for the first time, the first secret key needs to be stored in both the capability openness platform and the service invocation end. Before the first secret key of the capability openness platform and the first secret key of the service calling end are updated for the first time, the first secret key stored in the capability openness platform and the first secret key stored in the service calling end may be the first secret key randomly generated by triggering the capability openness platform according to a random number generation algorithm when a target secret key update strategy is generated and stored in the capability openness platform for the first time, and the first secret key is written in a storage unit of the capability openness platform. Thereafter, the first secret key may be updated according to the above-described embodiment.
Based on the above embodiment of the key update processing method, an embodiment of the present application further provides a key update processing apparatus. Fig. 9 is a schematic structural diagram of a key update processing apparatus according to an embodiment of the present application. As shown in fig. 9, the key update processing apparatus includes: an update module 91;
the updating module 91 is configured to update the first secret key stored in the capability open platform to obtain a second secret key when a target secret key updating policy is satisfied; the target secret key updating strategy is a secret key updating strategy corresponding to a target service, the target service is a service for calling a service system by a service calling end, and the first secret key and the second secret key are both used for authenticating the service calling end;
the updating module 91 is further configured to update the first secret key of the service invoking end to the second secret key.
In some embodiments, the target key update policy comprises at least one of:
receiving a key updating request aiming at the target service from a key management center;
monitoring the exception of the target service of the capacity open platform called by the service calling end;
and determining the time for reaching the key updating according to the key updating frequency of the target service.
In some embodiments, the apparatus further comprises: a setting module 92 and a sending module 93;
a setting module 92, configured to set, for a service of each service system docked by the capability open platform, a key update policy for each service;
a sending module 93, configured to send the key update policy of each service to the key management center.
In some embodiments, the apparatus further comprises: a monitoring module 94;
a monitoring module 94, configured to monitor a service that the service calling end calls the service system;
the sending module 93 is further configured to send a prompt message of abnormal call to the key management center if it is monitored that the service calling end calls the service system abnormally; the prompt message is used for triggering the secret key management center to send the secret key updating request.
In some embodiments, the apparatus further comprises: a storage module 95;
a setting module 92, further configured to set a valid time of the second key; the valid time of the second key is partially overlapped with the valid time of the first key;
the storage module 95 is configured to store the valid time of the second key.
In some embodiments, the update module 91 is specifically configured to:
encrypting the second secret key to obtain an encrypted second secret key;
sending a first secret key updating instruction to the service calling end, where the first secret key updating instruction is used to instruct the service calling end to update the first secret key of the service calling end to the second secret key, and the first secret key updating instruction carries the encrypted second secret key and the valid time of the second secret key;
alternatively, the first and second electrodes may be,
sending a second secret key updating instruction to the service calling end, where the second secret key updating instruction is used to instruct the service calling end to update the first secret key of the service calling end to the second secret key when the second secret key is determined to be legal, and the second secret key updating instruction carries the second secret key and the valid time of the second secret key;
alternatively, the first and second electrodes may be,
and sending a third secret key updating instruction to the service calling end through a private network between the capability open platform and the service calling end, wherein the third secret key updating instruction is used for indicating the service calling end to update the first secret key of the service calling end into the second secret key, and the third secret key updating instruction carries the second secret key and the effective time of the second secret key.
Fig. 10 is a schematic structural diagram of another key update processing apparatus according to an embodiment of the present application. As shown in fig. 10, the key update processing apparatus includes: a receiving module 101, a generating module 102 and a sending module 103;
a receiving module 101, configured to receive a key update policy of each service; each service is a service for calling the service system by a service calling end;
the generation module 102 is configured to generate a key update request for a target service according to a key update policy of the target service when the key update policy corresponding to the target service is satisfied; the secret key updating request is used for indicating the capability opening platform to update the first secret key stored in the capability opening platform to obtain a second secret key, and updating the first secret key of the service calling end into the second secret key;
a sending module 103, configured to send a key update request for the target service to the capability openness platform.
In some embodiments, the key update policy comprises at least one of:
receiving prompt information of abnormal calling sent by the capability open platform; the prompt message is used for triggering the secret key management center to send the secret key updating request;
and determining the time for reaching the key updating according to the key updating frequency of the target service.
Fig. 11 is a schematic structural diagram of another key update processing apparatus according to an embodiment of the present application. As shown in fig. 11, the key update processing apparatus includes: a receiving module 111 and an updating module 112;
a receiving module 111, configured to receive a second key; the second secret key is obtained by updating the first secret key stored by the capability open platform when the capability open platform meets a target secret key updating strategy; the target secret key updating strategy is a secret key updating strategy corresponding to a target service, the target service is a service for calling a service system by a service calling end, and the first secret key and the second secret key are both used for authenticating the service calling end;
an updating module 112, configured to update the first secret key of the service invocation end to the second secret key.
In some embodiments, the receiving module 111 is specifically configured to:
receiving a first secret key updating instruction sent by the capability open platform, wherein the first secret key updating instruction is used for indicating the service calling end to update a first secret key of the service calling end into a second secret key, and the first secret key updating instruction carries the encrypted second secret key and the valid time of the second secret key;
alternatively, the first and second electrodes may be,
receiving a second secret key updating instruction sent by the capability open platform, wherein the second secret key updating instruction is used for indicating the service calling end to update the first secret key of the service calling end into the second secret key when the second secret key is determined to be legal, and the second secret key updating instruction carries the second secret key and the valid time of the second secret key;
alternatively, the first and second electrodes may be,
and receiving a third secret key updating instruction sent by the capability opening platform to the service calling end through a private network between the capability opening platform and the service calling end, wherein the third secret key updating instruction is used for indicating the service calling end to update the first secret key of the service calling end into the second secret key, and the third secret key updating instruction carries the second secret key and the effective time of the second secret key.
The three key update processing apparatuses provided in the embodiment of the present application may be used to implement the technical solution of the key update processing method in the embodiment, and the implementation principle and the technical effect are similar, which are not described herein again.
It should be noted that the division of the modules of the above apparatus is only a logical division, and the actual implementation may be wholly or partially integrated into one physical entity, or may be physically separated. And these modules can be realized in the form of software called by processing element; or may be implemented entirely in hardware; and part of the modules can be realized in the form of calling software by the processing element, and part of the modules can be realized in the form of hardware. For example, the updating module 91 may be a processing element separately set up, or may be implemented by being integrated into a chip of the apparatus, or may be stored in a memory of the apparatus in the form of program code, and a processing element of the apparatus calls and executes the functions of the updating module 91. Other modules are implemented similarly. In addition, all or part of the modules can be integrated together or can be independently realized. The processing element here may be an integrated circuit with signal processing capabilities. In implementation, each step of the above method or each module above may be implemented by an integrated logic circuit of hardware in a processor element or an instruction in the form of software.
Fig. 12 is a schematic structural diagram of an electronic device according to an embodiment of the present application. As shown in fig. 12, the electronic device may include: transceiver 121, processor 122, memory 123.
The processor 122 executes computer-executable instructions stored in the memory, causing the processor 122 to perform the aspects of the embodiments described above. The processor 122 may be a general-purpose processor including a central processing unit CPU, a Network Processor (NP), and the like; but also a digital signal processor DSP, an application specific integrated circuit ASIC, a field programmable gate array FPGA or other programmable logic device, discrete gate or transistor logic, discrete hardware components.
Memory 123 is coupled to processor 122 via a system bus and communicates with each other, and memory 123 is used for storing computer program instructions.
The transceiver 121 may be configured to receive a key update request for the target service from a key management center.
The system bus may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The system bus may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus. The transceiver is used to enable communication between the database access device and other computers (e.g., clients, read-write libraries, and read-only libraries). The memory may include Random Access Memory (RAM) and may also include non-volatile memory (non-volatile memory).
The electronic device provided by the embodiment of the present application may be the capability opening platform, the service invoking end, or the key management center of the above embodiments.
The embodiment of the present application further provides a chip for executing the instruction, where the chip is used to execute the technical scheme of the key update processing method in the foregoing embodiment.
An embodiment of the present application further provides a computer-readable storage medium, where a computer instruction is stored in the computer-readable storage medium, and when the computer instruction runs on a computer, the computer is enabled to execute the technical solution of the key update processing method according to the foregoing embodiment.
The embodiment of the present application further provides a computer program product, where the computer program product includes a computer program stored in a computer-readable storage medium, where the computer program can be read by at least one processor from the computer-readable storage medium, and the at least one processor can implement the technical solution of the key update processing method in the foregoing embodiment when executing the computer program.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
It will be understood that the present application is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the application is limited only by the appended claims.

Claims (16)

1. A secret key updating processing method is applied to a capability open platform, and comprises the following steps:
when a target secret key updating strategy is met, updating a first secret key stored by the capability open platform to obtain a second secret key; the target secret key updating strategy is a secret key updating strategy corresponding to a target service, the target service is a service for calling a service system by a service calling end, and the first secret key and the second secret key are both used for authenticating the service calling end;
and updating the first secret key of the service calling end into the second secret key.
2. The method of claim 1, wherein the target key update policy comprises at least one of:
receiving a key updating request aiming at the target service from a key management center;
monitoring the exception of the target service of the capacity open platform called by the service calling end;
and determining the time for reaching the key updating according to the key updating frequency of the target service.
3. The method according to claim 2, wherein if the key update policy includes receiving a key update request from a key management center for the target service, the key management center triggers sending the key update request to a capability openness platform based on the target key update policy;
before updating the first secret key stored in the capability openness platform when the secret key update policy is satisfied, the method further includes:
setting a secret key updating strategy of each service aiming at the service of each service system butted by the capability open platform;
and sending the key updating strategy of each service to the key management center.
4. The method according to claim 3, wherein before updating the first secret key stored in the capability openness platform to obtain the second secret key when the target secret key update policy is satisfied, the method further comprises:
monitoring the service of the service system called by the service calling terminal;
if the abnormal service calling of the service system by the service calling terminal is monitored, sending prompt information of abnormal calling to the key management center; the prompt message is used for triggering the secret key management center to send the secret key updating request.
5. The method according to any one of claims 1 to 4, wherein after updating the first secret key stored in the capability openness platform and obtaining the second secret key, the method further comprises:
setting a validity time of the second key; the valid time of the second key is partially overlapped with the valid time of the first key;
storing a validity time of the second key.
6. The method according to claim 5, wherein the updating the first secret key of the service invocation terminal to the second secret key comprises:
encrypting the second secret key to obtain an encrypted second secret key;
sending a first secret key updating instruction to the service calling end, where the first secret key updating instruction is used to instruct the service calling end to update the first secret key of the service calling end to the second secret key, and the first secret key updating instruction carries the encrypted second secret key and the valid time of the second secret key;
alternatively, the first and second electrodes may be,
sending a second secret key updating instruction to the service calling end, where the second secret key updating instruction is used to instruct the service calling end to update the first secret key of the service calling end to the second secret key when the second secret key is determined to be legal, and the second secret key updating instruction carries the second secret key and the valid time of the second secret key;
alternatively, the first and second electrodes may be,
and sending a third secret key updating instruction to the service calling end through a private network between the capability open platform and the service calling end, wherein the third secret key updating instruction is used for indicating the service calling end to update the first secret key of the service calling end into the second secret key, and the third secret key updating instruction carries the second secret key and the effective time of the second secret key.
7. A key update processing method is applied to a key management center, and comprises the following steps:
receiving a secret key updating strategy of each service; each service is a service for calling the service system by a service calling end;
when a secret key updating strategy corresponding to a target service is met, generating a secret key updating request aiming at the target service according to the secret key updating strategy of the target service; the secret key updating request is used for indicating the capability opening platform to update the first secret key stored in the capability opening platform to obtain a second secret key, and updating the first secret key of the service calling end into the second secret key;
and sending a key updating request aiming at the target service to the capability open platform.
8. The method of claim 7, wherein the key update policy comprises at least one of:
receiving prompt information of abnormal calling sent by the capability open platform; the prompt message is used for triggering the secret key management center to send the secret key updating request;
and determining the time of reaching the key updating according to the key updating frequency of the target service.
9. A secret key updating processing method is applied to a service calling end, and the method comprises the following steps:
receiving a second key; the second secret key is obtained by updating the first secret key stored by the capability open platform when the capability open platform meets a target secret key updating strategy; the target secret key updating strategy is a secret key updating strategy corresponding to a target service, the target service is a service for calling a service system by a service calling end, and the first secret key and the second secret key are both used for authenticating the service calling end;
and updating the first secret key of the service calling end into the second secret key.
10. The method of claim 9, wherein receiving the second key comprises:
receiving a first secret key updating instruction sent by the capability open platform, wherein the first secret key updating instruction is used for indicating the service calling end to update a first secret key of the service calling end into a second secret key, and the first secret key updating instruction carries the encrypted second secret key and the valid time of the second secret key;
alternatively, the first and second electrodes may be,
receiving a second secret key updating instruction sent by the capability open platform, wherein the second secret key updating instruction is used for indicating the service calling end to update the first secret key of the service calling end into the second secret key when the second secret key is determined to be legal, and the second secret key updating instruction carries the second secret key and the valid time of the second secret key;
alternatively, the first and second electrodes may be,
and receiving a third secret key updating instruction sent by the capability opening platform to the service calling end through a private network between the capability opening platform and the service calling end, wherein the third secret key updating instruction is used for indicating the service calling end to update the first secret key of the service calling end into the second secret key, and the third secret key updating instruction carries the second secret key and the effective time of the second secret key.
11. A key update processing apparatus applied to a capability openness platform, the apparatus comprising:
the updating module is used for updating the first secret key stored by the capability open platform to obtain a second secret key when a target secret key updating strategy is met; the target secret key updating strategy is a secret key updating strategy corresponding to a target service, the target service is a service for calling a service system by a service calling end, and the first secret key and the second secret key are both used for authenticating the service calling end;
the updating module is further configured to update the first secret key of the service invoking end to the second secret key.
12. A key update processing apparatus applied to a key management center, the apparatus comprising:
the receiving module is used for receiving the secret key updating strategy of each service; each service is a service for calling the service system by a service calling end;
the generating module is used for generating a key updating request of each service according to a key updating strategy of each service; the secret key updating request is used for indicating the capability opening platform to update the first secret key stored in the capability opening platform to obtain a second secret key, and updating the first secret key of the service calling end into the second secret key;
and the sending module is used for sending the secret key updating request of each service to the capability open platform.
13. A key update processing apparatus, applied to a service invocation end, the apparatus comprising:
a receiving module, configured to receive a second key; the second secret key is obtained by updating the first secret key stored by the capability open platform when the capability open platform meets a target secret key updating strategy; the target secret key updating strategy is a secret key updating strategy corresponding to a target service, the target service is a service for calling a service system by a service calling end, and the first secret key and the second secret key are both used for authenticating the service calling end;
and the updating module is used for updating the first secret key of the service calling end into the second secret key.
14. A key update processing system, comprising:
a capability openness platform for performing the method of any one of claims 1-6;
at least one service calling terminal, communicatively connected to the capability openness platform, for executing the method according to claim 7 or 8;
a key management center, communicatively coupled to the capability openness platform, for performing the method of claim 9 or 10.
15. An electronic device, comprising: a processor, and a memory communicatively coupled to the processor;
the memory stores computer-executable instructions;
the processor executes computer-executable instructions stored by the memory to implement the method of any of claims 1-10.
16. A computer-readable storage medium having computer-executable instructions stored therein, which when executed by a processor, are configured to implement the method of any one of claims 1-10.
CN202111468358.3A 2021-12-03 2021-12-03 Key updating processing method, device, system, equipment and storage medium Active CN114268467B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111468358.3A CN114268467B (en) 2021-12-03 2021-12-03 Key updating processing method, device, system, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111468358.3A CN114268467B (en) 2021-12-03 2021-12-03 Key updating processing method, device, system, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN114268467A true CN114268467A (en) 2022-04-01
CN114268467B CN114268467B (en) 2023-09-05

Family

ID=80826365

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111468358.3A Active CN114268467B (en) 2021-12-03 2021-12-03 Key updating processing method, device, system, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114268467B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1889399A1 (en) * 2005-06-10 2008-02-20 Samsung Electronics Co., Ltd. Method for managing group traffic encryption key in wireless portable internet system
CN106656923A (en) * 2015-10-30 2017-05-10 阿里巴巴集团控股有限公司 Device association method, key update method and apparatuses
CN112152978A (en) * 2019-06-28 2020-12-29 北京金山云网络技术有限公司 Key management method, device, equipment and storage medium
CN112399369A (en) * 2019-07-31 2021-02-23 华为技术有限公司 Secret key updating, obtaining and canceling method and communication device
CN112436939A (en) * 2020-12-11 2021-03-02 杭州海康威视数字技术股份有限公司 Key negotiation method, device and system and electronic equipment
CN112653911A (en) * 2020-12-08 2021-04-13 中国联合网络通信集团有限公司 Key updating method and device
CN113438242A (en) * 2021-06-25 2021-09-24 未鲲(上海)科技服务有限公司 Service authentication method, device and storage medium
WO2021196915A1 (en) * 2020-04-02 2021-10-07 深圳壹账通智能科技有限公司 Encryption and decryption operation-based data transmission methods and systems, and computer device

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1889399A1 (en) * 2005-06-10 2008-02-20 Samsung Electronics Co., Ltd. Method for managing group traffic encryption key in wireless portable internet system
CN106656923A (en) * 2015-10-30 2017-05-10 阿里巴巴集团控股有限公司 Device association method, key update method and apparatuses
CN112152978A (en) * 2019-06-28 2020-12-29 北京金山云网络技术有限公司 Key management method, device, equipment and storage medium
WO2020259606A1 (en) * 2019-06-28 2020-12-30 北京金山云网络技术有限公司 Key management method and apparatus, device, and storage medium
CN112399369A (en) * 2019-07-31 2021-02-23 华为技术有限公司 Secret key updating, obtaining and canceling method and communication device
WO2021196915A1 (en) * 2020-04-02 2021-10-07 深圳壹账通智能科技有限公司 Encryption and decryption operation-based data transmission methods and systems, and computer device
CN112653911A (en) * 2020-12-08 2021-04-13 中国联合网络通信集团有限公司 Key updating method and device
CN112436939A (en) * 2020-12-11 2021-03-02 杭州海康威视数字技术股份有限公司 Key negotiation method, device and system and electronic equipment
CN113438242A (en) * 2021-06-25 2021-09-24 未鲲(上海)科技服务有限公司 Service authentication method, device and storage medium

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
V. SPOORTHI: "Key Update Mechanism in PKI: Study and a New Approach", 《2013 2ND INTERNATIONAL CONFERENCE ON ADVANCED COMPUTING, NETWORKING AND SECURITY》 *
孔志印;宋震;: "基于身份标识的MANET公开密钥管理方案", 计算机工程与设计, no. 22 *
赵欣, 吴敏强, 陈道蓄, 谢立: "一个自适应的安全组通信秘钥更新算法", 电子学报, no. 05 *

Also Published As

Publication number Publication date
CN114268467B (en) 2023-09-05

Similar Documents

Publication Publication Date Title
US11076295B2 (en) Remote management method, and device
US9438608B2 (en) Method and device for verifying the integrity of platform software of an electronic device
CN111460429B (en) Task processing method, device, equipment and medium based on trusted execution environment
US20140066015A1 (en) Secure device service enrollment
MX2007009790A (en) Context limited shared secret.
CN113269642B (en) Transaction processing method, device, equipment and storage medium based on block chain
CN109981576B (en) Key migration method and device
CN111294203B (en) Information transmission method
CN112632573B (en) Intelligent contract execution method, device, system, storage medium and electronic equipment
CN112968892B (en) Information verification method, device, computing equipment and medium
CN112311769B (en) Method, system, electronic device and medium for security authentication
CN111414640B (en) Key access control method and device
CN113282951B (en) Application program security verification method, device and equipment
CN112328415A (en) Interface calling method and device, computer equipment and readable storage medium
CN114268467B (en) Key updating processing method, device, system, equipment and storage medium
CN116886391A (en) Internet of things equipment authentication method and device, storage medium and electronic equipment
CN115065562B (en) Block chain-based injection determination method, device, equipment and storage medium
CN108848094B (en) Data security verification method, device, system, computer equipment and storage medium
CN113098685B (en) Security verification method and device based on cloud computing and electronic equipment
CN114338091B (en) Data transmission method, device, electronic equipment and storage medium
US20210243036A1 (en) Blockchain network communication management
CN110166452B (en) Access control method and system based on JavaCard shared interface
CN111600717B (en) SM 2-based decryption method, system, electronic equipment and storage medium
US20070009101A1 (en) Method for allocating secured resources in a security module
EP3163488B1 (en) Message sender authentication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant