WO2012065422A1 - Method for updating key of mobile terminal, and mobile terminal - Google Patents

Method for updating key of mobile terminal, and mobile terminal Download PDF

Info

Publication number
WO2012065422A1
WO2012065422A1 PCT/CN2011/074578 CN2011074578W WO2012065422A1 WO 2012065422 A1 WO2012065422 A1 WO 2012065422A1 CN 2011074578 W CN2011074578 W CN 2011074578W WO 2012065422 A1 WO2012065422 A1 WO 2012065422A1
Authority
WO
WIPO (PCT)
Prior art keywords
mobile terminal
key
update
key update
request message
Prior art date
Application number
PCT/CN2011/074578
Other languages
French (fr)
Chinese (zh)
Inventor
韩静
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2012065422A1 publication Critical patent/WO2012065422A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]

Definitions

  • the present invention relates to the field of communications, and in particular to a method for updating a mobile terminal key and a mobile terminal.
  • BACKGROUND At present, with large-capacity memory cards widely used in mobile terminals and PDA devices, users and operators have increasingly demanded security for files stored on mobile devices, many mobile terminals and PDA devices. This feature is supported on the top. They are mainly used as follows: The user enters the password method for the entire file directory to encrypt; the user encrypts the key file for a single file; although these methods are simple to implement, the disadvantages are very obvious, these keys can be Randomly read and write by users, it is easy to be cracked and modified, security is not enough, it is difficult to achieve real protection of important information of users.
  • the main object of the present invention is to provide a method for updating a key of a mobile terminal and a mobile terminal to solve the above problem.
  • a method for updating a mobile terminal key is provided.
  • the method for updating a mobile terminal key receives a key update request message from a PC, wherein the key update request message is used to request to update a key of the mobile terminal; the mobile terminal updates the request message according to the key , determining to allow the PC to update the key; the mobile terminal is in the key update instruction message from the PC, and updates the key.
  • the mobile terminal resides in a key update request message, and the determining that the PC is allowed to update the key comprises: the mobile terminal determines the authentication of the PC according to the key update request message; the mobile terminal opens the key update permitting the key, wherein the key is updated Allowed labels have been used to indicate that the PC is allowed to update the key.
  • the mobile terminal determines, according to the key update request message, that the authentication of the PC includes: the mobile terminal sends the identity information saved by the mobile terminal to the PC according to the key update request message, where the identifier information uniquely identifies the mobile terminal; and the mobile terminal receives the information from the PC.
  • the predetermined encryption rule is pre-stored on the dongle, and the dongle is preset on the PC.
  • the mobile terminal determines, according to the key update request message, that the authentication of the PC includes: the mobile terminal sends the self-generated random number to the PC according to the key update request message; the mobile terminal receives the random number encrypted by the RSA algorithm from the PC; The mobile terminal decrypts the encrypted random number according to the decryption rule corresponding to the RSA algorithm; the mobile terminal determines whether the decrypted random number is the same as the self-generated random number; if the judgment result is yes, it determines that the PC authentication is passed. .
  • the method further includes: the mobile terminal receiving the key update instruction message from the PC; the mobile terminal determining whether the key update permission flag is turned on; If so, the mobile terminal performs an operation of updating the key. After the mobile terminal updates the key, the method further includes: turning off the key update permission flag.
  • a method for updating a mobile terminal key is also provided.
  • the method for updating a mobile terminal key according to the present invention includes: the PC transmitting a key update request message to the mobile terminal, wherein the key update request message is used to request to update the key of the mobile terminal; and the PC determines to allow the PC to update at the mobile terminal.
  • a key update instruction message is sent to the mobile terminal, wherein the key update instruction message is used to update the key of the mobile terminal.
  • the mobile terminal according to the present invention includes: a receiving module, configured to receive a key update request message from a PC, wherein the key update request message is used to request to update a key of the mobile terminal; It is set to determine that the PC is allowed to update the key according to the key update request message; and the update module is configured to update the key according to the key update instruction message from the PC.
  • the determining module includes: a determining submodule, configured to determine that the PC is authenticated to pass; the opening submodule, being set to open a key update permission flag, wherein the key update allowing flag is used to indicate that the PC is allowed to update the key.
  • the mobile terminal determines whether to allow the key to be updated according to the key update request message from the PC, and solves the problem that the key of the mobile terminal in the related art can be arbitrarily updated by the user, thereby ensuring the security of the mobile terminal.
  • FIG. 1 is a first flowchart of a method for updating a key of a mobile terminal according to an embodiment of the present invention
  • FIG. 2 is a diagram showing a method for performing PC side encryption by means of a dongle according to a preferred embodiment 2 of the present invention
  • FIG. 3 is a flow chart of performing a side key update tool and a mobile terminal authentication in a manner of not using a dongle according to a preferred embodiment 3 of the present invention
  • FIG. 4 is a flowchart.
  • FIG. 5 is a flowchart of updating a plurality of sets of keys according to an embodiment of the present invention
  • FIG. 6 is a flowchart of an embodiment of the present invention.
  • FIG. 7 is a schematic diagram of a PC side key update tool interface according to an embodiment of the present invention
  • FIG. 8 is a method for updating a mobile terminal key according to an embodiment of the present invention
  • FIG. 9 is a structural block diagram of a mobile terminal according to an embodiment of the present invention.
  • FIG. 1 is a first flowchart of a method for updating a key of a mobile terminal according to an embodiment of the present invention. As shown in FIG. 1, the method includes the following steps: step S102 to step 4: S. Step S102: The mobile terminal receives a key update request message from the PC, where the key update request message is used to request to update the key of the mobile terminal.
  • Step S104 The mobile terminal resides in a key update request message, and determines to allow the PC to update the key.
  • Step 4 gathers S 106, the mobile terminal resides in a key update instruction message from the PC, and updates the key.
  • the key of the mobile terminal can be arbitrarily updated by the user, so that the security of the mobile terminal is poor.
  • a key update software is developed on the PC side, and a software module for key download and management is also implemented on the mobile terminal, so that the mobile terminal is based on
  • the key update request message of the PC determines whether the key is allowed to be updated, so that the key can be prevented from being arbitrarily updated by the user, thereby ensuring the security of the mobile terminal.
  • the mobile terminal resides in a key update request message, and determining that the PC is allowed to update the key comprises: the mobile terminal determines the authentication of the PC according to the key update request message; and the mobile terminal opens the key update permitting the label, wherein The key update allows the label to be used to indicate that the PC is allowed to update the key.
  • the mobile terminal when the PC side software version is used to update the key, the mobile terminal performs authentication and authentication on the update tool, and only the update tool that passes the authentication authentication can perform the key update process, thereby ensuring PC side software security. Sex.
  • the mobile terminal resides in a key update request message, and determines that the authentication of the PC includes: the mobile terminal sends the identity information saved by the PC to the PC, wherein the identifier information uniquely identifies the mobile terminal; Receiving identification information encrypted by the PC according to a predetermined encryption rule; the mobile terminal decrypts the encrypted identification information according to a decryption rule corresponding to the predetermined encryption rule; the mobile terminal determines the decrypted identification information and the identification information saved by the mobile terminal Whether they are the same; if the judgment result is yes, it is determined that the PC authentication is passed.
  • the predetermined encryption rule is pre-stored on the dongle, wherein the dongle is preset on the PC.
  • a legally customized dongle is added during the use of the PC side software, so that the PC side key update tool can only operate normally after inserting a legally customized dongle on the PC, thereby ensuring the PC. Side software security.
  • the protection of the software version download tool by the customized dongle can be based on the PKI technology.
  • the mobile terminal resides in a key update request message, and determining to authenticate the PC includes: the mobile terminal sends a self-generated random number to the PC according to the key update request message; the mobile terminal receives the encrypted data according to the RSA algorithm from the PC.
  • the mobile terminal decrypts the encrypted random number according to a decryption rule corresponding to the RSA algorithm; the mobile terminal determines whether the decrypted random number is the same as the self-generated random number; if the judgment result is yes, determining the PC The authentication was passed.
  • the handshake mode is directly used by the PC-side key update tool and the mobile terminal key update module without using the dongle mode, and the implementation manner is simple and convenient.
  • the method further includes: the mobile terminal receiving the key update instruction message from the PC; the mobile terminal determining whether the key update permission flag is turned on; If the result of the determination is YES, the mobile terminal performs an operation of updating the key.
  • the key update allows the opening or closing of the flag, thereby controlling whether to update the mobile terminal key, and the implementation manner is simple and reliable.
  • the method further includes: closing the key update permission flag. In the preferred embodiment, the mobile terminal immediately turns off the key update permission flag regardless of whether the key update is successful or not, thereby ensuring the security of the mobile terminal.
  • the implementation process of the embodiment of the present invention will be described in detail below with reference to examples.
  • Preferred Embodiment 1 This preferred embodiment 1 describes a basic process for updating a mobile terminal key, including the following steps: step 4 to step 4: 7.
  • Step 1 Implement a PC-side key update software, which includes an interface operation flow, an authentication process, a key update process, and a key file import process.
  • Step 4 When the software download key is updated by using the PC side key, the PC side tool and the mobile terminal key update module perform authentication authentication, and the authentication and authentication process can be performed in two ways.
  • the dog performs the authentication authentication process, and the other directly uses the PC side key update tool and the mobile terminal key update module to directly perform handshake communication.
  • Step 4: Develop a key update module on the mobile terminal side. This module ensures that all files encrypted and decrypted are not updated in any other way except for the PC side key update tool, including OTA. The way.
  • the key update software module on the mobile terminal side adds a key update permission label. After the mobile terminal side software detects that the authentication authentication is passed, the key update permission flag is allowed to be opened, and the key update process can be activated.
  • the key update permission flag is immediately closed after the update ends.
  • Step 5 After the mobile terminal side software detects that the authentication is passed, the PC side software continues to send the key update instruction message to perform the key update process.
  • Step 6 The key update process is to send a key update instruction message through the PC tool, and the mobile terminal side updates the corresponding index value, the public key and the private key according to the instruction.
  • Step 7 The PC side key update tool can update multiple sets of keys in two ways: file update and manual update. Manual update mode ⁇ Use the interface to enter the key to send the key.
  • the file update key first uses the PC side tool to import the key file and delivers the key in the file.
  • Step S202 booting up.
  • Step S204 inserting a dongle on the PC, running the key update software, and not operating the PC side key update software without inserting the dongle.
  • Step S206 the PC side software requests the mobile terminal to identify the mobile terminal unique information.
  • Step S212 the PC side sends the information identifying the uniqueness of the mobile terminal to the dongle for private key encryption.
  • the PC side key update tool sends the ciphertext of the mobile terminal that identifies the unique information of the mobile terminal returned by the dongle to the mobile terminal.
  • Step S216 the mobile terminal decrypts the information ciphertext identifying the mobile terminal uniquely by using a set of public keys corresponding to the storage in the dongle.
  • Step S218, the mobile terminal determines whether the decrypted data is the same as the information identifying the uniqueness of the mobile terminal, and if yes, proceeds to step S220, otherwise proceeds to step S226.
  • Step 4 is gathered into S220, and the mobile terminal returns the authentication success to the key update tool.
  • FIG. 3 is a flowchart of performing a side key update tool and mobile terminal authentication in a manner of not using a dongle according to a preferred embodiment 3 of the present invention.
  • Step S304, the PC key update software requests to read the random number from the mobile terminal.
  • Step S308, the key update tool encrypts the random data by using the RSA algorithm, and sends a handshake instruction to the mobile terminal.
  • Step S310 the mobile terminal decrypts the handshake data.
  • Step S312 the mobile terminal determines whether the decrypted handshake data is equal to the transmitted random data, and if yes, proceeds to step S314, otherwise proceeds to step S318.
  • Step 4 gathers S314, and the mobile terminal returns the authentication success to the key update tool.
  • Step S316 the key update process is started and ends.
  • step S320 the update is rejected.
  • FIG. 4 is a flowchart of an update key according to an embodiment of the present invention. As shown in FIG. 4, the following steps S402 to S416 are included. Step S402, the PC side key update tool and the mobile phone authentication succeed.
  • Step S404 the mobile phone side opens the permission update flag, and returns a PC side success message.
  • the PC side tool continues to send the key update instruction message.
  • Step 4 gathers S410 to update the key operation.
  • Step S412 the mobile terminal side determines whether the update is successful, and if yes, proceeds to step S410, otherwise proceeds to step S416.
  • the permission update flag is turned off, the mobile phone returns to the key update tool to update successfully, and the PC side displays the update result.
  • step S416 the permission update flag is turned off, the update fails, and the PC side displays the update result.
  • the key update enable flag is turned off for each update operation, whether successful or not.
  • the present invention also provides a method of updating a plurality of sets of keys in a file mode or a manual mode, which will be described below with reference to FIGS. 5 and 6.
  • FIG. 5 is a flowchart of updating multiple sets of keys in a file manner according to an embodiment of the present invention. As shown in FIG. 5, multiple sets of keys are encrypted in advance and saved in a file according to a certain format, and then performed. The following step 4 gathers S502 to step 4 to gather S512.
  • Step S502 selecting a file import button of the PC side key update tool.
  • Step S504 selecting a file.
  • the file contains multiple sets of key pairs and is encrypted.
  • Step S508, the PC side tool decrypts it to determine whether it is legal. If yes, proceed to step 4 to gather S510, otherwise step 4 to gather S512.
  • Step 4 gathers S510 to update the key operation.
  • the update fails, and the PC side displays the update result.
  • FIG. 6 is a flowchart of manually updating a plurality of sets of keys according to an embodiment of the present invention. As shown in FIG. 6, the following steps S602 to S610 are included. Step 4 gathers S602 and manually inputs multiple sets of public and private keys.
  • FIG. 7 is a schematic diagram of a PC side key update tool interface according to an embodiment of the present invention. As shown in FIG. 7, it may be imported through a file (corresponding to the above file method) or manually imported (corresponding to the manual mode described above). The plurality of sets of keys of the mobile terminal are updated.
  • FIG. 8 is a second flowchart of a method for updating a key of a mobile terminal according to an embodiment of the present invention.
  • the method includes the following steps S802 to Step S804.
  • Step S802 the PC sends a key update request message to the mobile terminal, where the key update request message is used to request to update the key of the mobile terminal.
  • Step S804 after the mobile terminal determines to allow the PC to update the key, the PC sends a key update instruction message to the mobile terminal, where the key update instruction message is used to update the key of the mobile terminal.
  • the embodiment of the invention provides a mobile terminal, which can be used to implement the method for updating the key of the mobile terminal.
  • FIG. 9 is a structural block diagram of a mobile terminal according to an embodiment of the present invention, including a receiving module 92, a determining module 94, and an updating module 96. The structure is described in detail below.
  • the receiving module 92 is configured to receive a key update request message from the personal computer PC, where the key update request message is used to request to update the key of the mobile terminal; the determining module 94 is connected to the receiving module 92 and configured to receive the module 92. Receiving a key update request message, determining to allow the PC to update the key; an update module 96, coupled to the determining module 94, configured to update the key update command message according to the key from the PC after the determining module 94 determines that the PC is allowed to update the key Key.
  • the key of the mobile terminal can be arbitrarily updated by the user, so that the security of the mobile terminal is poor.
  • a key update software is developed on the PC side, and a software module for key downloading and management is also implemented on the mobile terminal, so that the mobile terminal receives the key update request message received by the receiving module 92 to determine whether The key is allowed to be updated, so that the key can be prevented from being arbitrarily updated by the user, thereby ensuring the security of the mobile terminal.
  • the determination module 94 includes a determination sub-module 942 and an opening sub-module 944. The structure is described in detail below.
  • the determining sub-module 942 is configured to determine to pass the authentication of the PC; the opening sub-module 944 is connected to the determining sub-module 942, and is configured to open the key update permitting flag after the determining sub-module 942 determines that the PC is authenticated.
  • the key update allows the label to be used to indicate that the PC is allowed to update the key.
  • the key update request message from the PC is determined by the mobile terminal to determine whether to allow the key to be updated, which solves the problem that the key of the mobile terminal in the related art can be arbitrarily updated by the user, thereby ensuring the security of the mobile terminal.
  • the above modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices.
  • they may be implemented by program code executable by the computing device, such that they may be stored in the storage device by the computing device, or they may be separately fabricated into individual integrated circuit modules, or they may be Multiple modules or steps are made into a single integrated circuit module.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephone Function (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method for updating a key of a mobile terminal, and a mobile terminal are disclosed. The method involves: a key updating request message from a personal computer (PC) is received by a mobile terminal, wherein the key updating request message is used for requesting updating a key of the mobile terminal (S102); allowing of the PC for updating the key is determined by the mobile terminal according to the key updating request message (S104); the key is updated by the mobile terminal according to a key updating instruction message from the PC (S106). With the solution applied, security of the mobile terminal is ensured.

Description

移动终端密钥的更新方法及移动终端 技术领域 本发明涉及通信领域, 具体而言, 涉及一种移动终端密钥的更新方法及移 动终端。 背景技术 目前, 随着大容量存储卡在移动终端和 PDA设备上广泛使用, 用户和运 营商对于移动设备上存储的文件安全性, 安全性提出越来越高的要求, 很多移 动终端和 PDA设备上都支持了这个功能。 它们主要釆用方式如下: 用户对于整个文件目录输入密码方式来进行加密; 用户对于单个文件输入密钥方式来进行加密; 虽然这些方法实现方式比较简单, 但是缺点是非常明显的, 这些密钥可以 随意的被用户读写, 很容易被破解并且被修改, 安全性是远远不够的, 很难达 到对用户的重要信息做到真正的保护。 针对这种情况, 我们提出一套完善的解决方案, 通过在 PC侧开发的密钥 更新工具来更新移动终端侧文件加解密密钥。 发明内容 针对相关技术中移动终端的密钥可以被用户随意更新的问题而提出本发 明, 为此, 本发明的主要目的在于提供一种移动终端密钥的更新方法及移动终 端, 以解决上述问题。 为了实现上述目的, 才艮据本发明的一个方面, 提供了一种移动终端密钥的 更新方法。 根据本发明的移动终端密钥的更新方法移动终端接收到来自 PC的密钥更 新请求消息, 其中密钥更新请求消息用于请求更新移动终端的密钥; 移动终端 才艮据密钥更新请求消息, 确定允许 PC更新密钥; 移动终端 居来自 PC的密 钥更新指令消息, 更新密钥。 移动终端 居密钥更新请求消息, 确定允许 PC更新密钥包括: 移动终端 才艮据密钥更新请求消息, 确定对 PC鉴权通过; 移动终端打开密钥更新允许标 ΐ己, 其中密钥更新允许标 ΐ己用于指示允许 PC更新密钥。 移动终端根据密钥更新请求消息, 确定对 PC鉴权通过包括: 移动终端根 据密钥更新请求消息, 向 PC发送自身保存的标识信息, 其中标识信息唯一标 识移动终端;移动终端接收到来自 PC的按照预定加密规则加密后的标识信息; 移动终端按照与预定加密规则对应的解密规则, 对加密后的标识信息进行解 密; 移动终端判断解密后的标识信息与自身保存的标识信息是否相同; 如果判 断结果为是, 则确定对 PC鉴权通过。 预定加密规则预先存储在加密狗上, 其中加密狗预先设置在 PC上。 移动终端根据密钥更新请求消息, 确定对 PC鉴权通过包括: 移动终端根 据密钥更新请求消息, 向 PC发送自身生成的随机数; 移动终端接收到来自 PC 的按照 RSA算法加密的随机数; 移动终端按照与 RSA算法对应的解密规则, 对加密后的随机数进行解密; 移动终端判断解密后的随机数与自身生成的随机 数是否相同; 如果判断结果为是, 则确定对 PC鉴权通过。 在移动终端 据来自 PC的密钥更新指令消息, 更新密钥之前, 上述方法 还包括: 移动终端接收到来自 PC的密钥更新指令消息; 移动终端判断密钥更 新允许标记是否打开; 如果判断结果为是, 则移动终端执行更新密钥的操作。 在移动终端更新密钥之后, 上述方法还包括: 关闭密钥更新允许标记。 为了实现上述目的, 才艮据本发明的一个方面, 还提供了一种移动终端密钥 的更新方法。 才艮据本发明的移动终端密钥的更新方法包括: PC 向移动终端发送密钥更 新请求消息, 其中密钥更新请求消息用于请求更新移动终端的密钥; PC 在移 动终端确定允许 PC更新密钥之后, 向移动终端发送密钥更新指令消息, 其中 密钥更新指令消息用于更新移动终端的密钥。 为了实现上述目的, 根据本发明的另一个方面, 还提供了一种移动终端。 根据本发明的移动终端包括: 接收模块, 设置为接收来自 PC的密钥更新 请求消息, 其中密钥更新请求消息用于请求更新移动终端的密钥; 确定模块, 设置为根据密钥更新请求消息, 确定允许 PC更新密钥; 更新模块, 设置为根 据来自 PC的密钥更新指令消息, 更新密钥。 确定模块包括: 确定子模块, 设置为确定对 PC鉴权通过; 打开子模块, 设置为打开密钥更新允许标记, 其中密钥更新允许标记用于指示允许 PC更新 密钥。 通过本发明, 移动终端根据来自 PC的密钥更新请求消息确定是否允许对 密钥进行更新, 解决了相关技术中移动终端的密钥可以被用户随意更新的问 题, 从而保证了移动终端的安全性。 附图说明 此处所说明的附图用来提供对本发明的进一步理解, 构成本申请的一部 分, 本发明的示意性实施例及其说明用于解释本发明, 并不构成对本发明的不 当限定。 在附图中: 图 1是才艮据本发明实施例的移动终端密钥的更新方法的第一流程图; 图 2是根据本发明优选实施例二的釆用加密狗的方式执行 PC侧密钥更新 工具与移动终端鉴权的流程图; 图 3是根据本发明优选实施例三的不釆用加密狗的方式执行侧密钥更新工 具与移动终端鉴权的流程图; 图 4是才艮据本发明实施例的更新密钥的流程图; 图 5是才艮据本发明实施例的釆用文件方式更新多组密钥的流程图; 图 6是才艮据本发明实施例的釆用手动方式更新多组密钥的流程图; 图 7是才艮据本发明实施例的 PC侧密钥更新工具界面的示意图; 图 8是才艮据本发明实施例的移动终端密钥的更新方法的第二流程图; 图 9是 居本发明实施例的移动终端的结构框图。 具体实施方式 需要说明的是, 在不冲突的情况下, 本申请中的实施例及实施例中的特征 可以相互组合。 下面将参考附图并结合实施例来详细说明本发明。 才艮据本发明的实施例, 提供了一种移动终端密钥的更新方法。 图 1是才艮据 本发明实施例的移动终端密钥的更新方法的第一流程图, 如图 1所示, 包括如 下的步 4聚 S 102至步 4聚 S 106。 步骤 S 102, 移动终端接收到来自 PC的密钥更新请求消息, 其中密钥更新 请求消息用于请求更新移动终端的密钥。 步骤 S 104, 移动终端 居密钥更新请求消息, 确定允许 PC更新密钥。 步 4聚 S 106, 移动终端 居来自 PC的密钥更新指令消息, 更新密钥。 相关技术中, 移动终端的密钥可以被用户随意的更新, 从而使得该移动终 端的安全性较差。 本发明实施例中, 在 PC侧开发一个密钥更新软件, 在移动 终端上同样实现了一个密钥下载和管理的软件模块, 这样, 移动终端根据来自The present invention relates to the field of communications, and in particular to a method for updating a mobile terminal key and a mobile terminal. BACKGROUND At present, with large-capacity memory cards widely used in mobile terminals and PDA devices, users and operators have increasingly demanded security for files stored on mobile devices, many mobile terminals and PDA devices. This feature is supported on the top. They are mainly used as follows: The user enters the password method for the entire file directory to encrypt; the user encrypts the key file for a single file; although these methods are simple to implement, the disadvantages are very obvious, these keys can be Randomly read and write by users, it is easy to be cracked and modified, security is not enough, it is difficult to achieve real protection of important information of users. In response to this situation, we propose a complete solution to update the mobile terminal side file encryption and decryption key by the key update tool developed on the PC side. SUMMARY OF THE INVENTION The present invention has been made in view of the problem that the key of the mobile terminal in the related art can be arbitrarily updated by the user. Therefore, the main object of the present invention is to provide a method for updating a key of a mobile terminal and a mobile terminal to solve the above problem. In order to achieve the above object, according to an aspect of the present invention, a method for updating a mobile terminal key is provided. The method for updating a mobile terminal key according to the present invention receives a key update request message from a PC, wherein the key update request message is used to request to update a key of the mobile terminal; the mobile terminal updates the request message according to the key , determining to allow the PC to update the key; the mobile terminal is in the key update instruction message from the PC, and updates the key. The mobile terminal resides in a key update request message, and the determining that the PC is allowed to update the key comprises: the mobile terminal determines the authentication of the PC according to the key update request message; the mobile terminal opens the key update permitting the key, wherein the key is updated Allowed labels have been used to indicate that the PC is allowed to update the key. The mobile terminal determines, according to the key update request message, that the authentication of the PC includes: the mobile terminal sends the identity information saved by the mobile terminal to the PC according to the key update request message, where the identifier information uniquely identifies the mobile terminal; and the mobile terminal receives the information from the PC. The identification information encrypted according to the predetermined encryption rule; the mobile terminal decrypts the encrypted identification information according to the decryption rule corresponding to the predetermined encryption rule; the mobile terminal determines whether the decrypted identification information is identical to the identification information saved by itself; The result is yes, then it is determined that the PC is authenticated. The predetermined encryption rule is pre-stored on the dongle, and the dongle is preset on the PC. The mobile terminal determines, according to the key update request message, that the authentication of the PC includes: the mobile terminal sends the self-generated random number to the PC according to the key update request message; the mobile terminal receives the random number encrypted by the RSA algorithm from the PC; The mobile terminal decrypts the encrypted random number according to the decryption rule corresponding to the RSA algorithm; the mobile terminal determines whether the decrypted random number is the same as the self-generated random number; if the judgment result is yes, it determines that the PC authentication is passed. . Before the mobile terminal updates the key according to the key update instruction message from the PC, the method further includes: the mobile terminal receiving the key update instruction message from the PC; the mobile terminal determining whether the key update permission flag is turned on; If so, the mobile terminal performs an operation of updating the key. After the mobile terminal updates the key, the method further includes: turning off the key update permission flag. In order to achieve the above object, according to an aspect of the present invention, a method for updating a mobile terminal key is also provided. The method for updating a mobile terminal key according to the present invention includes: the PC transmitting a key update request message to the mobile terminal, wherein the key update request message is used to request to update the key of the mobile terminal; and the PC determines to allow the PC to update at the mobile terminal. After the key, a key update instruction message is sent to the mobile terminal, wherein the key update instruction message is used to update the key of the mobile terminal. In order to achieve the above object, according to another aspect of the present invention, a mobile terminal is also provided. The mobile terminal according to the present invention includes: a receiving module, configured to receive a key update request message from a PC, wherein the key update request message is used to request to update a key of the mobile terminal; It is set to determine that the PC is allowed to update the key according to the key update request message; and the update module is configured to update the key according to the key update instruction message from the PC. The determining module includes: a determining submodule, configured to determine that the PC is authenticated to pass; the opening submodule, being set to open a key update permission flag, wherein the key update allowing flag is used to indicate that the PC is allowed to update the key. With the present invention, the mobile terminal determines whether to allow the key to be updated according to the key update request message from the PC, and solves the problem that the key of the mobile terminal in the related art can be arbitrarily updated by the user, thereby ensuring the security of the mobile terminal. BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings, which are set to illustrate,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, In the drawings: FIG. 1 is a first flowchart of a method for updating a key of a mobile terminal according to an embodiment of the present invention; FIG. 2 is a diagram showing a method for performing PC side encryption by means of a dongle according to a preferred embodiment 2 of the present invention; FIG. 3 is a flow chart of performing a side key update tool and a mobile terminal authentication in a manner of not using a dongle according to a preferred embodiment 3 of the present invention; FIG. 4 is a flowchart. FIG. 5 is a flowchart of updating a plurality of sets of keys according to an embodiment of the present invention; FIG. 6 is a flowchart of an embodiment of the present invention. FIG. 7 is a schematic diagram of a PC side key update tool interface according to an embodiment of the present invention; FIG. 8 is a method for updating a mobile terminal key according to an embodiment of the present invention; FIG. 9 is a structural block diagram of a mobile terminal according to an embodiment of the present invention. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS It should be noted that the embodiments in the present application and the features in the embodiments may be combined with each other without conflict. The invention will be described in detail below with reference to the drawings in conjunction with the embodiments. According to an embodiment of the present invention, a method for updating a mobile terminal key is provided. FIG. 1 is a first flowchart of a method for updating a key of a mobile terminal according to an embodiment of the present invention. As shown in FIG. 1, the method includes the following steps: step S102 to step 4: S. Step S102: The mobile terminal receives a key update request message from the PC, where the key update request message is used to request to update the key of the mobile terminal. Step S104: The mobile terminal resides in a key update request message, and determines to allow the PC to update the key. Step 4 gathers S 106, the mobile terminal resides in a key update instruction message from the PC, and updates the key. In the related art, the key of the mobile terminal can be arbitrarily updated by the user, so that the security of the mobile terminal is poor. In the embodiment of the present invention, a key update software is developed on the PC side, and a software module for key download and management is also implemented on the mobile terminal, so that the mobile terminal is based on
PC 的密钥更新请求消息确定是否允许对密钥进行更新, 从而可以避免该密钥 被用户随意的更新, 进而保证了移动终端的安全性。 优选地, 移动终端 居密钥更新请求消息, 确定允许 PC更新密钥包括: 移动终端才艮据密钥更新请求消息, 确定对 PC鉴权通过; 移动终端打开密钥更 新允许标 ΐ己, 其中密钥更新允许标 ΐ己用于指示允许 PC更新密钥。 本优选实施例中, 在使用 PC侧软件版本更新密钥时, 移动终端对更新工 具进行鉴权认证, 只有通过鉴权认证的更新工具才能执行密钥的更新流程, 从 而保证了 PC侧软件安全性。 优选地, 移动终端 居密钥更新请求消息, 确定对 PC鉴权通过包括: 移 动终端才艮据密钥更新请求消息, 向 PC发送自身保存的标识信息, 其中标识信 息唯一标识移动终端; 移动终端接收到来自 PC的按照预定加密规则加密后的 标识信息; 移动终端按照与预定加密规则对应的解密规则, 对加密后的标识信 息进行解密; 移动终端判断解密后的标识信息与自身保存的标识信息是否相 同; 如果判断结果为是, 则确定对 PC鉴权通过。 优选地, 预定加密规则预先存储在加密狗上, 其中加密狗预先设置在 PC 上。 本优选实施例中, 在 PC侧软件的使用过程中添加了一个合法定制的加密 狗, 这样, PC侧密钥更新工具只有在 PC机上插入合法定制的加密狗之后才能 正常运行, 从而保证了 PC侧软件安全性。 需要说明的是, 定制的加密狗对软件版本下载工具的保护可以基于 PKI技 术。 优选地, 移动终端 居密钥更新请求消息, 确定对 PC鉴权通过包括: 移 动终端根据密钥更新请求消息, 向 PC发送自身生成的随机数; 移动终端接收 到来自 PC的按照 RSA算法加密的随机数; 移动终端按照与 RSA算法对应的 解密规则, 对加密后的随机数进行解密; 移动终端判断解密后的随机数与自身 生成的随机数是否相同; 如果判断结果为是, 则确定对 PC鉴权通过。 本优选实施例中, 不通过加密狗方式, 而直接使用 PC侧密钥更新工具与 移动终端密钥更新模块进行握手通讯, 其实现方式简单、 便捷。 优选地, 在移动终端 居来自 PC的密钥更新指令消息, 更新密钥之前, 上述方法还包括: 移动终端接收到来自 PC的密钥更新指令消息; 移动终端判 断密钥更新允许标记是否打开; 如果判断结果为是, 则移动终端执行更新密钥 的操作。 本优选实施例中, 通过密钥更新允许标记的打开或关闭, 从而控制是否对 移动终端密钥进行更新, 其实现方式简单、 可靠。 优选地, 在移动终端更新密钥之后, 上述方法还包括: 关闭密钥更新允许 标 ΐ己。 本优选实施例中, 不论密钥更新成功与否, 移动终端均会立即关闭密钥更 新允许标记, 从而保证移动终端的安全性。 另外, 本优选实施例中, 密钥更新 允许标记一旦被关闭, 不能以其它任何方式打开, 并且任何密钥更新流程不允 许生效。 下面将结合实例对本发明实施例的实现过程进行详细描述。 优选实施例一 本优选实施例一描述了一个基本的对移动终端密钥进行更新的流程, 包括 如下的步 4聚一至步 4聚七。 步骤一: 实现一个 PC侧密钥更新软件, 此软件包括界面操作流程, 鉴权 流程, 密钥更新流程, 密钥文件导入流程。 步骤二: 界面操作流程包含设置输入密钥界面, 密钥文件导入界面, 密钥 鉴权成功与否界面, 密钥更新成功与否界面。 步 4聚三: 在用 PC侧密钥更新软件下载密钥时, PC侧工具与移动终端密钥 更新模块进行鉴权认证, 鉴权认证流程可以釆用两种方式进行, 一种釆用加密 狗来执行鉴权认证的流程, 另外一种直接用 PC侧密钥更新工具和移动终端密 钥更新模块之间直接进行握手通讯。 步骤四: 在移动终端侧开发一个密钥更新模块, 此模块保证所有文件加解 密的密钥除了釆用 PC侧密钥更新工具进行更新之外, 不允许釆用任何其它方 式进行更新, 包括 OTA 的方式。 实现方式: 在移动终端侧密钥更新软件模块 加入了一个密钥更新允许标 ΐ己。 移动终端侧软件只有检测到鉴权认证通过后, 密钥更新允许标记才允许被打开, 密钥更新流程才能起作用, 更新结束后立即 关闭密钥更新允许标记。 步骤五: 移动终端侧软件检测到鉴权认证通过后, PC 侧软件继续发送密 钥更新指令消息, 执行密钥更新的流程。 步骤六: 密钥更新流程是通过 PC工具发送密钥更新指令消息, 移动终端 侧根据其指令更新相应的索引值, 公钥和私钥。 步骤七: PC 侧密钥更新工具可以通过文件更新和手动更新的两种方式来 更新多组密钥。 手动更新模式釆用界面输入密钥的方式来下发密钥。 文件更新 密钥首先利用 PC侧工具导入密钥文件, 并下发文件中的密钥。 优选实施例二 图 2是根据本发明优选实施例二的釆用加密狗的方式执行 PC侧密钥更新 工具与移动终端鉴权的流程图,如图 2所示,包括如下的步骤 S202至步骤 S226。 步骤 S202, 开机。 步骤 S204, 在 PC机上插入加密狗, 运行密钥更新软件, 没有插加密狗的 情况下是不允许运行 PC侧密钥更新软件。 步骤 S206, PC侧软件向移动终端请求标识移动终端唯一信息。 步 4聚 S208, 移动终端侧判断标识移动终端唯一的信息是否有效, 如果是, 则进行步骤 S210 , 否则进行步骤 S224。 步 4聚 S210, 移动终端返回标识移动终端唯一的信息给 PC侧工具。 步骤 S212, PC侧把标识移动终端唯一的信息发给加密狗进行私钥加密。 步骤 S214, PC侧密钥更新工具把加密狗返回的标识移动终端唯一的信息 密文发送给移动终端。 步骤 S216,移动终端用与加密狗中存储相对应的一组公钥对标识移动终端 唯一的信息密文进行解密。 步骤 S218,移动终端判断解密后的数据与标识移动终端唯一的信息是否相 同, 如果是, 则进行步骤 S220, 否则进行步骤 S226。 步 4聚 S220, 移动终端向密钥更新工具返回鉴权成功。 步骤 S222 , 开始密钥更新流程并结束。 步骤 S224, 移动终端和 PC侧工具的握手处理过程。 步骤 S226, 拒绝更新。 优选实施例三 图 3是根据本发明优选实施例三的不釆用加密狗的方式执行侧密钥更新工 具与移动终端鉴权的流程图,如图 3所示, 包括如下的步骤 S302至步骤 S320。 步骤 S302, 开机。 步骤 S304, PC密钥更新软件请求从移动终端读取随机数。 步骤 S306 , 移动终端返回随机数据。 步骤 S308, 密钥更新工具通过 RSA算法加密随机数据, 发送握手指令给 移动终端。 步骤 S310 , 移动终端对握手数据进行解密。 步骤 S312, 移动终端判断解密的握手数据与发送的随机数据是否相等, 如 果是, 则进行步骤 S314, 否则进行步骤 S318。 步 4聚 S314, 移动终端向密钥更新工具返回鉴权成功。 步骤 S316, 开始密钥更新流程并结束。 步骤 S318, 移动终端和 PC侧工具的握手处理过程。 步骤 S320, 拒绝更新。 图 4是才艮据本发明实施例的更新密钥的流程图, 如图 4所示, 包括如下的 步骤 S402至步 4聚 S416。 步骤 S402, PC侧密钥更新工具与手机鉴权成功。 步骤 S404 , 手机侧打开允许更新标记, 返回 PC侧成功消息。 步骤 S406, PC侧工具继续发送密钥更新指令消息。 步骤 S408 , 移动终端侧接收到指令后, 判断密钥更新允许标记是否为打开 的状态, 如果是, 则进行步骤 S410, 否则进行步骤 S416。 步 4聚 S410, 更新密钥操作。 步骤 S412, 移动终端侧判断是否更新成功, 如果是, 则进行步骤 S410, 否则进行步骤 S416。 步骤 S414, 关闭允许更新标记, 手机向密钥更新工具返回更新成功, PC 侧显示更新结果。 步骤 S416, 关闭允许更新标记, 更新失败, PC侧显示更新结果。 需要说明的是, 任何一次更新密钥操作前, 均需要执行鉴权流程。 每次更 新操作无论成功与否, 均会关闭密钥更新允许标记。 另外, 本发明还提供了一种釆用文件方式或者手动方式更新多组密钥的方 法, 下面结合图 5和图 6对其进行描述。 图 5是才艮据本发明实施例的釆用文件方式更新多组密钥的流程图, 如图 5 所示, 预先对多组密钥进行加密并按照一定的格式保存在文件中, 然后进行如 下的步 4聚 S502至步 4聚 S512。 步骤 S502, 选择 PC侧密钥更新工具的文件导入按钮。 步骤 S504, 选择文件。 步骤 S506, 文件中含有多组密钥对, 并且是经过加密的。 步骤 S508, PC侧工具对其的进行解密, 判断其是否合法。 如果是, 则进 行步 4聚 S510, 否则进行步 4聚 S512。 步 4聚 S510, 更新密钥操作。 步骤 S512, 更新失败, PC侧显示更新结果。 图 6是才艮据本发明实施例的釆用手动方式更新多组密钥的流程图, 如图 6 所示, 包括如下的步骤 S602至步骤 S610。 步 4聚 S602, 手动输入多组公钥和私钥。 步骤 S604, 选择 PC侧密钥更新工具的手动导入按钮。 步骤 S606, PC侧工具判断是否合法。 如果是, 则进行步骤 S608, 否则进 行步 4聚 S610。 步骤 S608, 更新密钥操作。 步 4聚 S610, 更新失败, PC侧显示更新结果。 图 7是才艮据本发明实施例的 PC侧密钥更新工具界面的示意图, 如图 7所 示, 可以通过文件导入(对应于上述文件方式)或者手动导入(对应于上述手 动方式), 对移动终端的多组密钥进行更新。 需要说明的是, 在附图的流程图示出的步骤可以在诸如一组计算机可执行 指令的计算机系统中执行, 并且, 虽然在流程图中示出了逻辑顺序, 但是在某 些情况下, 可以以不同于此处的顺序执行所示出或描述的步 4聚。 本发明实施例提供了一种移动终端密钥的更新方法, 图 8是 居本发明实 施例的移动终端密钥的更新方法的第二流程图, 如图 8所示, 包括如下的步骤 S802至步骤 S804。 步骤 S802, PC向移动终端发送密钥更新请求消息, 其中密钥更新请求消 息用于请求更新移动终端的密钥。 步骤 S804, PC在移动终端确定允许 PC更新密钥之后, 向移动终端发送 密钥更新指令消息, 其中密钥更新指令消息用于更新移动终端的密钥。 本发明实施例提供了一种移动终端, 该移动终端可以用于实现上述移动终 端密钥的更新方法。 图 9是才艮据本发明实施例的移动终端的结构框图, 包括接 收模块 92 , 确定模块 94和更新模块 96。 下面对其结构进行详细描述。 接收模块 92 , 设置为接收来自个人计算机 PC的密钥更新请求消息, 其中 密钥更新请求消息用于请求更新移动终端的密钥; 确定模块 94 , 连接至接收模 块 92 , 设置为 居接收模块 92接收的密钥更新请求消息, 确定允许 PC更新 密钥; 更新模块 96 , 连接至确定模块 94 , 设置为在确定模块 94确定允许 PC 更新密钥之后, 根据来自 PC的密钥更新指令消息, 更新密钥。 相关技术中, 移动终端的密钥可以被用户随意的更新, 从而使得该移动终 端的安全性较差。 本发明实施例中, 在 PC侧开发一个密钥更新软件, 在移动 终端上同样实现了一个密钥下载和管理的软件模块, 这样, 移动终端 居接收 模块 92接收的密钥更新请求消息确定是否允许对密钥进行更新, 从而可以避 免该密钥被用户随意的更新, 进而保证了移动终端的安全性。 优选地, 确定模块 94包括确定子模块 942和打开子模块 944。 下面对其结 构进行详细描述。 确定子模块 942 , 设置为确定对 PC鉴权通过; 打开子模块 944 , 连接至确 定子模块 942 , 设置为在确定子模块 942确定对 PC鉴权通过之后, 打开密钥 更新允许标 ΐ己, 其中密钥更新允许标 ΐ己用于指示允许 PC更新密钥。 需要说明的是, 装置实施例中描述的移动终端对应于上述的方法实施例, 其具体的实现过程在方法实施例中已经进行过详细说明, 在此不再赞述。 综上所述, 居本发明的上述实施例, 提供了一种移动终端密钥的更新方 法及移动终端。 通过移动终端 居来自 PC的密钥更新请求消息确定是否允许 对密钥进行更新, 解决了相关技术中移动终端的密钥可以被用户随意更新的问 题, 从而保证了移动终端的安全性。 显然, 本领域的技术人员应该明白, 上述的本发明的各模块或各步骤可以 用通用的计算装置来实现, 它们可以集中在单个的计算装置上, 或者分布在多 个计算装置所组成的网络上, 可选地, 它们可以用计算装置可执行的程序代码 来实现, 从而, 可以将它们存储在存储装置中由计算装置来执行, 或者将它们 分别制作成各个集成电路模块, 或者将它们中的多个模块或步骤制作成单个集 成电路模块来实现。 这样, 本发明不限制于任何特定的硬件和软件结合。 以上所述仅为本发明的优选实施例而已, 并不用于限制本发明, 对于本领 域的技术人员来说, 本发明可以有各种更改和变化。 凡在本发明的 ^"神和原则 之内, 所作的任何修改、 等同替换、 改进等, 均应包含在本发明的保护范围之 内。 The key update request message of the PC determines whether the key is allowed to be updated, so that the key can be prevented from being arbitrarily updated by the user, thereby ensuring the security of the mobile terminal. Preferably, the mobile terminal resides in a key update request message, and determining that the PC is allowed to update the key comprises: the mobile terminal determines the authentication of the PC according to the key update request message; and the mobile terminal opens the key update permitting the label, wherein The key update allows the label to be used to indicate that the PC is allowed to update the key. In the preferred embodiment, when the PC side software version is used to update the key, the mobile terminal performs authentication and authentication on the update tool, and only the update tool that passes the authentication authentication can perform the key update process, thereby ensuring PC side software security. Sex. Preferably, the mobile terminal resides in a key update request message, and determines that the authentication of the PC includes: the mobile terminal sends the identity information saved by the PC to the PC, wherein the identifier information uniquely identifies the mobile terminal; Receiving identification information encrypted by the PC according to a predetermined encryption rule; the mobile terminal decrypts the encrypted identification information according to a decryption rule corresponding to the predetermined encryption rule; the mobile terminal determines the decrypted identification information and the identification information saved by the mobile terminal Whether they are the same; if the judgment result is yes, it is determined that the PC authentication is passed. Preferably, the predetermined encryption rule is pre-stored on the dongle, wherein the dongle is preset on the PC. In the preferred embodiment, a legally customized dongle is added during the use of the PC side software, so that the PC side key update tool can only operate normally after inserting a legally customized dongle on the PC, thereby ensuring the PC. Side software security. It should be noted that the protection of the software version download tool by the customized dongle can be based on the PKI technology. Preferably, the mobile terminal resides in a key update request message, and determining to authenticate the PC includes: the mobile terminal sends a self-generated random number to the PC according to the key update request message; the mobile terminal receives the encrypted data according to the RSA algorithm from the PC. a random number; the mobile terminal decrypts the encrypted random number according to a decryption rule corresponding to the RSA algorithm; the mobile terminal determines whether the decrypted random number is the same as the self-generated random number; if the judgment result is yes, determining the PC The authentication was passed. In the preferred embodiment, the handshake mode is directly used by the PC-side key update tool and the mobile terminal key update module without using the dongle mode, and the implementation manner is simple and convenient. Preferably, before the mobile terminal is in the key update instruction message from the PC, before updating the key, the method further includes: the mobile terminal receiving the key update instruction message from the PC; the mobile terminal determining whether the key update permission flag is turned on; If the result of the determination is YES, the mobile terminal performs an operation of updating the key. In the preferred embodiment, the key update allows the opening or closing of the flag, thereby controlling whether to update the mobile terminal key, and the implementation manner is simple and reliable. Preferably, after the mobile terminal updates the key, the method further includes: closing the key update permission flag. In the preferred embodiment, the mobile terminal immediately turns off the key update permission flag regardless of whether the key update is successful or not, thereby ensuring the security of the mobile terminal. Additionally, in the preferred embodiment, the key update enable flag, once closed, cannot be opened in any other way, and any key update process is not allowed to take effect. The implementation process of the embodiment of the present invention will be described in detail below with reference to examples. Preferred Embodiment 1 This preferred embodiment 1 describes a basic process for updating a mobile terminal key, including the following steps: step 4 to step 4: 7. Step 1: Implement a PC-side key update software, which includes an interface operation flow, an authentication process, a key update process, and a key file import process. Step 2: The interface operation process includes setting an input key interface, a key file import interface, a key authentication success or failure interface, and a key update success or not interface. Step 4: When the software download key is updated by using the PC side key, the PC side tool and the mobile terminal key update module perform authentication authentication, and the authentication and authentication process can be performed in two ways. The dog performs the authentication authentication process, and the other directly uses the PC side key update tool and the mobile terminal key update module to directly perform handshake communication. Step 4: Develop a key update module on the mobile terminal side. This module ensures that all files encrypted and decrypted are not updated in any other way except for the PC side key update tool, including OTA. The way. Implementation: The key update software module on the mobile terminal side adds a key update permission label. After the mobile terminal side software detects that the authentication authentication is passed, the key update permission flag is allowed to be opened, and the key update process can be activated. The key update permission flag is immediately closed after the update ends. Step 5: After the mobile terminal side software detects that the authentication is passed, the PC side software continues to send the key update instruction message to perform the key update process. Step 6: The key update process is to send a key update instruction message through the PC tool, and the mobile terminal side updates the corresponding index value, the public key and the private key according to the instruction. Step 7: The PC side key update tool can update multiple sets of keys in two ways: file update and manual update. Manual update mode 下 Use the interface to enter the key to send the key. The file update key first uses the PC side tool to import the key file and delivers the key in the file. Preferred Embodiment 2 FIG. 2 is a flowchart of performing PC-side key update tool and mobile terminal authentication according to a preferred embodiment of the present invention. As shown in FIG. 2, the following steps S202 to FIG. S226. Step S202, booting up. Step S204, inserting a dongle on the PC, running the key update software, and not operating the PC side key update software without inserting the dongle. Step S206, the PC side software requests the mobile terminal to identify the mobile terminal unique information. Step 4: S208, the mobile terminal side determines whether the information identifying the uniqueness of the mobile terminal is valid, and if yes, proceeds to step S210, otherwise proceeds to step S224. Step 4 gathers S210, and the mobile terminal returns information identifying the uniqueness of the mobile terminal to the PC side tool. Step S212, the PC side sends the information identifying the uniqueness of the mobile terminal to the dongle for private key encryption. Step S214: The PC side key update tool sends the ciphertext of the mobile terminal that identifies the unique information of the mobile terminal returned by the dongle to the mobile terminal. Step S216, the mobile terminal decrypts the information ciphertext identifying the mobile terminal uniquely by using a set of public keys corresponding to the storage in the dongle. Step S218, the mobile terminal determines whether the decrypted data is the same as the information identifying the uniqueness of the mobile terminal, and if yes, proceeds to step S220, otherwise proceeds to step S226. Step 4 is gathered into S220, and the mobile terminal returns the authentication success to the key update tool. Step S222, starting the key update process and ending. Step S224, a handshake process of the mobile terminal and the PC side tool. Step S226, rejecting the update. Preferred Embodiment 3 FIG. 3 is a flowchart of performing a side key update tool and mobile terminal authentication in a manner of not using a dongle according to a preferred embodiment 3 of the present invention. As shown in FIG. 3, the following steps S302 to FIG. S320. Step S302, booting up. Step S304, the PC key update software requests to read the random number from the mobile terminal. Step S306, the mobile terminal returns random data. Step S308, the key update tool encrypts the random data by using the RSA algorithm, and sends a handshake instruction to the mobile terminal. Step S310, the mobile terminal decrypts the handshake data. Step S312, the mobile terminal determines whether the decrypted handshake data is equal to the transmitted random data, and if yes, proceeds to step S314, otherwise proceeds to step S318. Step 4 gathers S314, and the mobile terminal returns the authentication success to the key update tool. Step S316, the key update process is started and ends. Step S318, a handshake process of the mobile terminal and the PC side tool. In step S320, the update is rejected. FIG. 4 is a flowchart of an update key according to an embodiment of the present invention. As shown in FIG. 4, the following steps S402 to S416 are included. Step S402, the PC side key update tool and the mobile phone authentication succeed. Step S404, the mobile phone side opens the permission update flag, and returns a PC side success message. In step S406, the PC side tool continues to send the key update instruction message. Step S408: After receiving the instruction, the mobile terminal side determines whether the key update permission flag is in an open state, and if yes, proceeds to step S410, otherwise proceeds to step S416. Step 4 gathers S410 to update the key operation. Step S412, the mobile terminal side determines whether the update is successful, and if yes, proceeds to step S410, otherwise proceeds to step S416. In step S414, the permission update flag is turned off, the mobile phone returns to the key update tool to update successfully, and the PC side displays the update result. In step S416, the permission update flag is turned off, the update fails, and the PC side displays the update result. It should be noted that the authentication process needs to be performed before any key operation is updated. The key update enable flag is turned off for each update operation, whether successful or not. In addition, the present invention also provides a method of updating a plurality of sets of keys in a file mode or a manual mode, which will be described below with reference to FIGS. 5 and 6. FIG. 5 is a flowchart of updating multiple sets of keys in a file manner according to an embodiment of the present invention. As shown in FIG. 5, multiple sets of keys are encrypted in advance and saved in a file according to a certain format, and then performed. The following step 4 gathers S502 to step 4 to gather S512. Step S502, selecting a file import button of the PC side key update tool. Step S504, selecting a file. In step S506, the file contains multiple sets of key pairs and is encrypted. Step S508, the PC side tool decrypts it to determine whether it is legal. If yes, proceed to step 4 to gather S510, otherwise step 4 to gather S512. Step 4 gathers S510 to update the key operation. In step S512, the update fails, and the PC side displays the update result. FIG. 6 is a flowchart of manually updating a plurality of sets of keys according to an embodiment of the present invention. As shown in FIG. 6, the following steps S602 to S610 are included. Step 4 gathers S602 and manually inputs multiple sets of public and private keys. In step S604, a manual import button of the PC side key update tool is selected. In step S606, the PC side tool determines whether it is legal. If yes, proceed to step S608, otherwise step 4 to S610. Step S608, updating the key operation. Step 4 gathers S610, the update fails, and the PC side displays the update result. FIG. 7 is a schematic diagram of a PC side key update tool interface according to an embodiment of the present invention. As shown in FIG. 7, it may be imported through a file (corresponding to the above file method) or manually imported (corresponding to the manual mode described above). The plurality of sets of keys of the mobile terminal are updated. It should be noted that the steps shown in the flowchart of the accompanying drawings may be performed in a computer system such as a set of computer executable instructions, and, although the logical order is shown in the flowchart, in some cases, The steps shown or described may be performed in an order different from that herein. The embodiment of the present invention provides a method for updating a key of a mobile terminal, and FIG. 8 is a second flowchart of a method for updating a key of a mobile terminal according to an embodiment of the present invention. As shown in FIG. 8, the method includes the following steps S802 to Step S804. Step S802, the PC sends a key update request message to the mobile terminal, where the key update request message is used to request to update the key of the mobile terminal. Step S804, after the mobile terminal determines to allow the PC to update the key, the PC sends a key update instruction message to the mobile terminal, where the key update instruction message is used to update the key of the mobile terminal. The embodiment of the invention provides a mobile terminal, which can be used to implement the method for updating the key of the mobile terminal. FIG. 9 is a structural block diagram of a mobile terminal according to an embodiment of the present invention, including a receiving module 92, a determining module 94, and an updating module 96. The structure is described in detail below. The receiving module 92 is configured to receive a key update request message from the personal computer PC, where the key update request message is used to request to update the key of the mobile terminal; the determining module 94 is connected to the receiving module 92 and configured to receive the module 92. Receiving a key update request message, determining to allow the PC to update the key; an update module 96, coupled to the determining module 94, configured to update the key update command message according to the key from the PC after the determining module 94 determines that the PC is allowed to update the key Key. In the related art, the key of the mobile terminal can be arbitrarily updated by the user, so that the security of the mobile terminal is poor. In the embodiment of the present invention, a key update software is developed on the PC side, and a software module for key downloading and management is also implemented on the mobile terminal, so that the mobile terminal receives the key update request message received by the receiving module 92 to determine whether The key is allowed to be updated, so that the key can be prevented from being arbitrarily updated by the user, thereby ensuring the security of the mobile terminal. Preferably, the determination module 94 includes a determination sub-module 942 and an opening sub-module 944. The structure is described in detail below. The determining sub-module 942 is configured to determine to pass the authentication of the PC; the opening sub-module 944 is connected to the determining sub-module 942, and is configured to open the key update permitting flag after the determining sub-module 942 determines that the PC is authenticated. The key update allows the label to be used to indicate that the PC is allowed to update the key. It should be noted that the mobile terminal described in the device embodiment corresponds to the foregoing method embodiment, and the specific implementation process has been described in detail in the method embodiment, and is not described herein. In summary, the foregoing embodiment of the present invention provides a method for updating a mobile terminal key and a mobile terminal. The key update request message from the PC is determined by the mobile terminal to determine whether to allow the key to be updated, which solves the problem that the key of the mobile terminal in the related art can be arbitrarily updated by the user, thereby ensuring the security of the mobile terminal. Obviously, those skilled in the art should understand that the above modules or steps of the present invention can be implemented by a general-purpose computing device, which can be concentrated on a single computing device or distributed over a network composed of multiple computing devices. Alternatively, they may be implemented by program code executable by the computing device, such that they may be stored in the storage device by the computing device, or they may be separately fabricated into individual integrated circuit modules, or they may be Multiple modules or steps are made into a single integrated circuit module. Thus, the invention is not limited to any specific combination of hardware and software. The above is only the preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes can be made to the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the scope of the present invention are intended to be included within the scope of the present invention.

Claims

权 利 要 求 书 Claim
1. 一种移动终端密钥的更新方法, 包括: A method for updating a mobile terminal key, comprising:
移动终端接收到来自个人计算机 PC 的密钥更新请求消息, 其中所 述密钥更新请求消息用于请求更新所述移动终端的密钥;  The mobile terminal receives a key update request message from the personal computer PC, where the key update request message is used to request to update the key of the mobile terminal;
所述移动终端 -据所述密钥更新请求消息, 确定允许所述 PC 更新 所述密钥;  The mobile terminal determines, according to the key update request message, that the PC is allowed to update the key;
所述移动终端 -据来自所述 PC 的密钥更新指令消息, 更新所述密 钥。  The mobile terminal - updates the key in accordance with a key update instruction message from the PC.
2. 根据权利要求 1所述的方法, 其中, 所述移动终端根据所述密钥更新请 求消息, 确定允许所述 PC更新所述密钥包括: The method according to claim 1, wherein the mobile terminal determines, according to the key update request message, that allowing the PC to update the key comprises:
所述移动终端 -据所述密钥更新请求消息, 确定对所述 PC鉴权通 过;  The mobile terminal determines, according to the key update request message, that the PC is authenticated;
所述移动终端打开密钥更新允许标记, 其中所述密钥更新允许标记 用于指示允许所述 PC更新所述密钥。  The mobile terminal opens a key update enable flag, wherein the key update enable flag is used to indicate that the PC is allowed to update the key.
3. 根据权利要求 2所述的方法, 其中, 所述移动终端根据所述密钥更新请 求消息, 确定对所述 PC鉴权通过包括: The method according to claim 2, wherein the mobile terminal determines, according to the key update request message, that the authentication of the PC includes:
所述移动终端 -据所述密钥更新请求消息, 向所述 PC发送自身保 存的标识信息, 其中所述标识信息唯一标识所述移动终端;  The mobile terminal sends the identity information saved by itself to the PC according to the key update request message, where the identifier information uniquely identifies the mobile terminal;
所述移动终端接收到来自所述 PC 的按照预定加密规则加密后的所 述标识信息;  Receiving, by the mobile terminal, the identification information that is encrypted according to a predetermined encryption rule from the PC;
所述移动终端按照与所述预定加密规则对应的解密规则, 对所述加 密后的所述标识信息进行解密;  The mobile terminal decrypts the encrypted identification information according to a decryption rule corresponding to the predetermined encryption rule;
所述移动终端判断所述解密后的所述标识信息与所述自身保存的标 识信息是否相同;  Determining, by the mobile terminal, whether the decrypted identification information is the same as the self-preserved identification information;
如果判断结果为是, 则确定对所述 PC鉴权通过。  If the result of the determination is yes, it is determined that the PC is authenticated.
4. 根据权利要求 3所述的方法, 其中, 所述预定加密规则预先存储在加密 狗上, 其中所述加密狗预先设置在所述 PC上。 4. The method according to claim 3, wherein the predetermined encryption rule is pre-stored on a dongle, wherein the dongle is preset on the PC.
5. 根据权利要求 2所述的方法, 其中, 所述移动终端根据所述密钥更新请 求消息, 确定对所述 PC鉴权通过包括: The method according to claim 2, wherein the mobile terminal determines, according to the key update request message, that the authentication of the PC includes:
所述移动终端 -据所述密钥更新请求消息, 向所述 PC发送自身生 成的随机数;  The mobile terminal sends a random number generated by itself to the PC according to the key update request message;
所述移动终端接收到来自所述 PC的按照 RSA算法加密的所述随机 数;  Receiving, by the mobile terminal, the random number encrypted according to an RSA algorithm from the PC;
所述移动终端按照与所述 RSA算法对应的解密规则,对所述加密后 的所述随机数进行解密;  The mobile terminal decrypts the encrypted random number according to a decryption rule corresponding to the RSA algorithm;
所述移动终端判断所述解密后的所述随机数与所述自身生成的随机 数是否相同;  Determining, by the mobile terminal, whether the decrypted random number is the same as the self-generated random number;
如果判断结果为是, 则确定对所述 PC鉴权通过。  If the result of the determination is yes, it is determined that the PC is authenticated.
6. 根据权利要求 2 所述的方法, 其中, 在所述移动终端根据来自所述 PC 的所述密钥更新指令消息, 更新所述密钥之前, 所述方法还包括: The method according to claim 2, wherein, before the mobile terminal updates the key according to the key update instruction message from the PC, the method further includes:
所述移动终端接收到来自所述 PC的所述密钥更新指令消息; 所述移动终端判断所述密钥更新允许标记是否打开;  Receiving, by the mobile terminal, the key update instruction message from the PC; the mobile terminal determining whether the key update permission flag is turned on;
如果判断结果为是, 则所述移动终端执行更新所述密钥的操作。  If the result of the determination is YES, the mobile terminal performs an operation of updating the key.
7. 根据权利要求 6所述的方法, 其中, 在所述移动终端更新所述密钥之后, 所述方法还包括: 关闭所述密钥更新允许标记。 7. The method according to claim 6, wherein after the mobile terminal updates the key, the method further comprises: turning off the key update permission flag.
8. —种移动终端密钥的更新方法, 包括: 8. A method for updating a mobile terminal key, comprising:
个人计算机 PC 向移动终端发送密钥更新请求消息, 其中所述密钥 更新请求消息用于请求更新所述移动终端的密钥; 所述 PC在所述移动终端确定允许所述 PC更新所述密钥之后 ,向所 述移动终端发送密钥更新指令消息, 其中所述密钥更新指令消息用于更 新所述移动终端的所述密钥。  The personal computer PC transmits a key update request message to the mobile terminal, wherein the key update request message is used to request to update a key of the mobile terminal; the PC determines at the mobile terminal that the PC is allowed to update the secret After the key, a key update instruction message is sent to the mobile terminal, wherein the key update instruction message is used to update the key of the mobile terminal.
9. 一种移动终端, 包括: 9. A mobile terminal, comprising:
接收模块, 设置为接收来自个人计算机 PC 的密钥更新请求消息, 其中所述密钥更新请求消息用于请求更新所述移动终端的密钥; 确定模块, 设置为 居所述密钥更新请求消息, 确定允许所述 PC 更新所述密钥; 更新模块, 设置为根据来自所述 PC 的密钥更新指令消息, 更新所 述密钥。 根据权利要求 9所述的移动终端, 其中, 所述确定模块包括: a receiving module, configured to receive a key update request message from a personal computer PC, where the key update request message is used to request to update a key of the mobile terminal; a determining module, configured to reside in the key update request message, to determine that the PC is allowed to update the key; and an update module configured to update the key based on a key update instruction message from the PC. The mobile terminal according to claim 9, wherein the determining module comprises:
确定子模块, 设置为确定对所述 PC鉴权通过;  Determining a submodule, configured to determine that the PC is authenticated to pass;
打开子模块, 设置为打开密钥更新允许标记, 其中所述密钥更新允 许标记用于指示允许所述 PC更新所述密钥。  The sub-module is opened, set to open a key update enable flag, wherein the key update enable flag is used to indicate that the PC is allowed to update the key.
PCT/CN2011/074578 2010-11-19 2011-05-24 Method for updating key of mobile terminal, and mobile terminal WO2012065422A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201010552427.4 2010-11-19
CN2010105524274A CN102012984A (en) 2010-11-19 2010-11-19 Method for updating key of mobile terminal and mobile terminal

Publications (1)

Publication Number Publication Date
WO2012065422A1 true WO2012065422A1 (en) 2012-05-24

Family

ID=43843157

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/074578 WO2012065422A1 (en) 2010-11-19 2011-05-24 Method for updating key of mobile terminal, and mobile terminal

Country Status (2)

Country Link
CN (1) CN102012984A (en)
WO (1) WO2012065422A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102012984A (en) * 2010-11-19 2011-04-13 中兴通讯股份有限公司 Method for updating key of mobile terminal and mobile terminal
CN102855422B (en) * 2012-08-21 2015-03-04 飞天诚信科技股份有限公司 Method and device for identifying pirated encryption lock
CN105471829A (en) * 2014-09-05 2016-04-06 深圳市同盛绿色科技有限公司 Signal transmission method and system
CN107204848B (en) * 2017-07-25 2018-08-28 北京深思数盾科技股份有限公司 A kind of method managing secret key data and the device for managing key data

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1835623A (en) * 2005-08-08 2006-09-20 华为技术有限公司 Updating method of controlled secret key
CN1870808A (en) * 2005-05-28 2006-11-29 华为技术有限公司 Key updating method
CN1953369A (en) * 2006-09-30 2007-04-25 中国移动通信集团公司 A method, system and device to initiate and identify secret key update request
CN101114958A (en) * 2006-07-24 2008-01-30 华为技术有限公司 Method for implementing mobile IP cipher key update in WiMAX system
CN101631290A (en) * 2008-07-16 2010-01-20 鸿富锦精密工业(深圳)有限公司 Mobile communication system, dual mode mobile phone and key setting method thereof
CN102012984A (en) * 2010-11-19 2011-04-13 中兴通讯股份有限公司 Method for updating key of mobile terminal and mobile terminal

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101281575A (en) * 2008-05-14 2008-10-08 北京深思洛克数据保护中心 Method for protecting software
CN101621795A (en) * 2009-07-17 2010-01-06 中兴通讯股份有限公司 Method, system and device for realizing private ownership of wireless data terminal
CN101711027B (en) * 2009-12-22 2012-07-04 上海大学 Method for managing dispersed keys based on identities in wireless sensor network

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1870808A (en) * 2005-05-28 2006-11-29 华为技术有限公司 Key updating method
CN1835623A (en) * 2005-08-08 2006-09-20 华为技术有限公司 Updating method of controlled secret key
CN101114958A (en) * 2006-07-24 2008-01-30 华为技术有限公司 Method for implementing mobile IP cipher key update in WiMAX system
CN1953369A (en) * 2006-09-30 2007-04-25 中国移动通信集团公司 A method, system and device to initiate and identify secret key update request
CN101631290A (en) * 2008-07-16 2010-01-20 鸿富锦精密工业(深圳)有限公司 Mobile communication system, dual mode mobile phone and key setting method thereof
CN102012984A (en) * 2010-11-19 2011-04-13 中兴通讯股份有限公司 Method for updating key of mobile terminal and mobile terminal

Also Published As

Publication number Publication date
CN102012984A (en) 2011-04-13

Similar Documents

Publication Publication Date Title
US10951630B2 (en) Registry apparatus, agent device, application providing apparatus and corresponding methods
US11240222B2 (en) Registry apparatus, agent device, application providing apparatus and corresponding methods
KR101974452B1 (en) Methods and system for managing personal information based on programmable blockchain and one-id
CN108377190B (en) Authentication equipment and working method thereof
US9307405B2 (en) Method for assigning an agent device from a first device registry to a second device registry
US9118662B2 (en) Method and system for distributed off-line logon using one-time passwords
EP2687036B1 (en) Permitting access to a network
WO2013182154A1 (en) Method, system and terminal for encrypting/decrypting application program on communication terminal
JP2012530311A5 (en)
JP2004021755A (en) Storage device
JP2011530957A (en) Mobile device association
JP2011530960A (en) Protocol for associating devices with stations
WO2015056010A2 (en) Registry apparatus, agent device, application providing apparatus and corresponding methods
CN114125832B (en) Network connection method, terminal, network equipment to be distributed and storage medium
JP7135569B2 (en) Terminal registration system and terminal registration method
CN107944234B (en) Machine refreshing control method for Android equipment
WO2017066995A1 (en) Method and device for preventing unauthorized access to server
CN113132977A (en) Network distribution method, network distribution system and computer readable storage medium
WO2016035299A1 (en) Certificate issuing system, communication method, and management device
WO2012065422A1 (en) Method for updating key of mobile terminal, and mobile terminal
WO2021082996A1 (en) File management method
WO2013067792A1 (en) Method, device and system for querying smart card
CN115801287A (en) Signature authentication method and device
JP5553914B1 (en) Authentication system, authentication device, and authentication method
CN112637140A (en) Password transmission method, terminal, server and readable storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11840960

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11840960

Country of ref document: EP

Kind code of ref document: A1