Nothing Special   »   [go: up one dir, main page]

CN109039609A - The method and terminal of key importing terminal - Google Patents

The method and terminal of key importing terminal Download PDF

Info

Publication number
CN109039609A
CN109039609A CN201810986860.5A CN201810986860A CN109039609A CN 109039609 A CN109039609 A CN 109039609A CN 201810986860 A CN201810986860 A CN 201810986860A CN 109039609 A CN109039609 A CN 109039609A
Authority
CN
China
Prior art keywords
terminal
key
decryption
private key
write
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810986860.5A
Other languages
Chinese (zh)
Inventor
罗盛旺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Creative Technology Ltd Shenzhen
Original Assignee
Creative Technology Ltd Shenzhen
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Creative Technology Ltd Shenzhen filed Critical Creative Technology Ltd Shenzhen
Priority to CN201810986860.5A priority Critical patent/CN109039609A/en
Publication of CN109039609A publication Critical patent/CN109039609A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The present invention provides the method and terminal of a kind of key importing terminal, is related to terminal production field.The method that the key imports terminal includes: that first terminal receives the decryption key that second terminal is sent, the first terminal is decrypted encrypted private key according to the decryption key, wherein, the encrypted private key is pre-stored in the first terminal, if the first terminal successful decryption obtains the private key, then the first terminal sends the first notification message to the second terminal, first notification message is used to indicate successful decryption, the first terminal receives the write instruction that the second terminal is sent according to first notification message, the first terminal instructs according to said write private key secure storage section is written.It realizes and secure storage section is written into private key again after encrypted private key is decrypted in terminal, convenient for operation, high safety and reduce costs.

Description

The method and terminal of key importing terminal
Technical field
The present invention relates to terminal production technical fields, and the method and terminal of terminal are imported in particular to a kind of key.
Background technique
Mobile payment has become the instantly popular means of payment, the use of fingerprint payment is most people in mobile terminal payment When the encryption means of payment that selects, therefore the device requirement amount of fingerprint payment is supported also to be constantly increasing.
Most of producer takes in the secure storage section of private key deposit mobile phone that will be used for fingerprint payment at present Method includes being written using softdog by platform.
But if private key is written by platform using softdog, the cost of private key write-in is increased, and cumbersome.
Summary of the invention
It is an object of the present invention in view of the deficiency of the prior art, provide a kind of method that key imports terminal And terminal, it is cumbersome, at high cost low with safety in key importing process to solve the problems, such as.
To achieve the above object, technical solution used in the embodiment of the present invention is as follows:
In a first aspect, the embodiment of the invention provides a kind of methods that key imports terminal, comprising:
First terminal receives the decryption key that second terminal is sent;
The first terminal is decrypted encrypted private key according to the decryption key, wherein the encrypted private Key is pre-stored in the first terminal;
If the first terminal successful decryption obtains the private key, the first terminal sends the to the second terminal One notification message, first notification message are used to indicate successful decryption;
The first terminal receives the write instruction that the second terminal is sent according to first notification message;
The first terminal instructs according to said write private key secure storage section is written.
Further, after the first terminal is decrypted encrypted private key according to the decryption key, further includes:
Fail if the first terminal decrypts encrypted private key, the first terminal is sent to the second terminal Second notification message, the second notification message are used to indicate decryption failure.
Further, before the decryption key that the first terminal reception second terminal is sent, further includes:
The first terminal receives the encrypted private key that the second terminal is sent;
The encrypted private key is stored in data area by the first terminal.
Further, after according to said write instruction secure storage section is written in the private key by the first terminal, Further include:
The first terminal sends write-in notice to the second terminal, and said write notice, which is used to indicate the private key, is It is no to be written successfully.
Second aspect provides a kind of method that key imports terminal, comprising:
Second terminal sends decryption key to first terminal;
The second terminal receives the first terminal after the completion of decrypting according to the decryption key to encrypted private key The first notification message sent, first notification message are used to indicate successful decryption;
The second terminal sends write instruction to the first terminal according to first notification message, and said write refers to Order is used to indicate the first terminal and secure storage section is written in the private key.
Further, after the second terminal sends decryption key to first terminal, further includes:
The second terminal receives the first terminal after failing according to the decryption key to the decryption of encrypted private key The second notification message of transmission, the second notification message are used to indicate decryption failure.
Further, before the second terminal sends decryption key to first terminal, further includes:
The second terminal generates a pair of secret keys, and the pair of key includes: public key and private key;
The second terminal encrypts the private key, obtains encrypted private key and the decryption key;
The second terminal by the public key be sent to security server, by the decryption key be sent to decryption server, And the encrypted private key is sent to the first terminal.
Further, before the second terminal sends decryption key to first terminal, further includes:
The second terminal sends connection request to the decryption server;
The second terminal receives the decryption key that the decryption server is sent according to the connection request.
Further, the second terminal according to first notification message to the first terminal send write instruction it Afterwards, further includes:
The second terminal receives the write-in notice that the first terminal is sent, and said write notice is used to indicate the private Whether key is written success.
The third aspect, provides a kind of terminal, and the terminal is first terminal, comprising:
First receiving module, for receiving the decryption key of second terminal transmission;
Deciphering module, for encrypted private key to be decrypted according to the decryption key, wherein the encrypted private Key is pre-stored in the first terminal;
Notification module, for sending the first notification message to the second terminal after successful decryption obtains the private key, First notification message is used to indicate successful decryption;
Correspondingly, first receiving module is also used to receive the second terminal and is sent out according to first notification message The write instruction sent;
Writing module, for secure storage section to be written in the private key according to said write instruction.
Further, the notification module is also used to when the encrypting module decrypts failure to encrypted private key, to Second terminal sends second notification message, and the second notification message is used to indicate decryption failure.
Further, further includes: data memory module;
First receiving module is also used to receive the encrypted private key that the second terminal is sent;
The data memory module, for storing the encrypted private key to data area.
Further, the notification module is also used to after secure storage section is written in the private key by writing module, Write-in notice is sent to the second terminal, said write notice is used to indicate whether the private key is written success.
Fourth aspect, provides a kind of terminal, and the terminal is second terminal, comprising:
Sending module, for sending decryption key to first terminal;
Second receiving module is decrypting encrypted private key according to the decryption key for receiving the first terminal At the first notification message of rear transmission, first notification message is used to indicate successful decryption;
Correspondingly, the sending module is also used to send write-in to the first terminal according to first notification message Instruction, said write instruction are used to indicate the first terminal and secure storage section are written in the private key.
Further, second receiving module, be also used to the sending module to first terminal send decryption key it Afterwards, the second notice that the first terminal is sent after failing to the decryption of encrypted private key according to the decryption key is received to disappear Breath, the second notification message are used to indicate decryption failure.
Further, further includes: key production module and encrypting module;
The key production module, it is a pair of for generating before the sending module sends decryption key to first terminal Key, the pair of key include: public key and private key;
The encrypting module, for obtaining encrypted private key and the decryption key for the private key encryption;
The sending module is also used to the public key being sent to security server, the decryption key is sent to decryption The encrypted private key is simultaneously sent to the first terminal by server.
Further, the sending module is also used to before sending decryption key to first terminal, is serviced to the decryption Device sends connection request;
Second receiving module is also used to receive the solution that the decryption server is sent according to the connection request Key.
Further, second receiving module, be also used to the sending module according to first notification message to After the first terminal sends write instruction, the write-in notice that the first terminal is sent is received, said write notice is used for Indicate whether the private key is written success.
The beneficial effects of the present invention are: encrypted first to private key in the embodiment of the present invention, and by encrypted private key Terminal is pre-deposited, and then encrypted private key is decrypted in terminal after terminal acquisition decryption key and private key is written Secure storage section, the mode of this write-in private key are reduced into convenient for operation, high safety, and without other equipment This.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to needed in the embodiment attached Figure is briefly described, it should be understood that the following drawings illustrates only certain embodiments of the present invention, therefore is not construed as pair The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this A little attached drawings obtain other relevant attached drawings.
Fig. 1 is the system schematic for the method application scenarios that the key that one embodiment of the application provides imports terminal;
Fig. 2 is the method flow schematic diagram that the key that one embodiment of the application provides imports terminal;
Fig. 3 is the method flow schematic diagram that the key that one embodiment of the application provides imports terminal;
Fig. 4 is that the application is the method flow schematic diagram that the key that one embodiment of the application provides imports terminal;
Fig. 5 is the terminal structure schematic diagram that one embodiment of the application provides;
Fig. 6 is the terminal structure schematic diagram that one embodiment of the application provides;
Fig. 7 is the terminal structure schematic diagram that the another embodiment of the application provides, and the present embodiment is that the structure of second terminal is shown It is intended to;
Fig. 8 is the terminal structure schematic diagram that another embodiment of the application provides;
Fig. 9 is the terminal structure schematic diagram that another embodiment of the application provides.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is A part of the embodiment of the present invention, instead of all the embodiments.
Fig. 1 is the system schematic for the method application scenarios that the key that one embodiment of the application provides imports terminal.
As shown in Figure 1, the system may include: first terminal 102, second terminal 101 and decryption server 103.
Optionally, the first terminal 102 is the terminal for having fingerprint payment function, for example, smart phone, tablet computer, Palm PC and the laptop with fingerprint payment function etc..
Optionally, the second terminal 101 is that the terminal of operation Windows system, linux system or Mac OS system is set It is standby, such as PC, work station, laptop etc..
Optionally, the decryption server 103 is that can store decryption key and be returned to the server of second terminal, can To be virtual server, such as Cloud Server and fictitious host computer etc., it is also possible to physical server, such as tower server, machine Rack server and blade server etc..
The first terminal is connected with second terminal by wired mode, and communication protocol includes DIAG (Diag, diagnosis) Instruction and AT (Attention, dialing) instruction, but it is not limited to both agreements.
The decryption server and the second terminal can carry out data exchange, and the data exchange can pass through local area network Or internet is realized, optionally, the connection type decrypted between server and second terminal includes wireless mode and wired mode.
Wherein, when the decryption server is if virtual server, same equipment, example can be integrated in the second terminal Fictitious host computer is set such as in second of terminal as decryption server, the application is not limited.
Fig. 2 is the method flow schematic diagram that the key that one embodiment of the application provides imports terminal.The present embodiment is with first Terminal is executing subject.
As shown in Fig. 2, this method comprises:
S201, first terminal receive the decryption key that second terminal is sent.
In the present embodiment, operation has brush machine tool in second terminal, which instructs decryption key by DIAG It is sent to first terminal.
S202, the first terminal are decrypted encrypted private key according to the decryption key, wherein after the encryption Private key be pre-stored in the first terminal.
In the present embodiment, the encrypted private key can be pre-stored in first terminal data area, by using solution Encrypted private key decryption, can obtain private key described in key pair.
The decrypting process can carry out in the Trustzone (trusted domain) of first terminal, and the private key is temporarily stored into institute It states in Trustzone, the Trustzone is the safety method of system scope, for largely answering on high-performance calculation platform With including secure payment, digital copyright management, enterprises service and based on the service of Web.The Trustzone can protect peace The peripheral hardwares such as full memory, cryptographic block, keyboard and screen, to can ensure that them from software attacks.
If S203, the first terminal successful decryption obtain the private key, the first terminal is to the second terminal The first notification message is sent, first notification message is used to indicate successful decryption.
In the present embodiment, first notification message may include the status information of successful decryption, the first terminal The status information is sent to the brush machine tool run in second terminal by DIAG instruction.Such as " 1 " expression successful decryption, " 0 " indicates decryption unsuccessfully etc., is not limited.
S204, the first terminal receive the write instruction that the second terminal is sent according to first notification message.
In the present embodiment, after the second terminal receives the first notification message that first terminal is sent, confirmation decryption Success can issue write instruction by brush machine tool, and be sent to first terminal by DIAG instruction.
S205, the first terminal are instructed according to said write is written secure storage section for the private key.
In the present embodiment, the first terminal is instructed according to said write, and secure storage section is written in the private key, The processor of the secure storage section and the first terminal carries out physical bindings, and the processor of the only described first terminal can It is communicated with the data to the secure storage section.
Wherein, in the present embodiment, encrypted private key is pre-deposited into terminal, and then in terminal after terminal acquisition decryption key It is interior that encrypted private key is decrypted and private key is written into secure storage section, the mode of this write-in private key convenient for operation, High safety, and without other equipment, it reduces costs.
Optionally, after the first terminal is decrypted encrypted private key according to the decryption key, further includes: Fail if the first terminal decrypts encrypted private key, the first terminal sends the second notice to the second terminal Message, the second notification message are used to indicate decryption failure.
It should be noted that in the present embodiment, first notification message and the second notification message can lead to Carrying decryption mark instruction successful decryption or failure are crossed, after the second terminal receives decryption mark, recognizes and is decrypted into Function then sends write instruction, recognizes decryption failure, then stops importing program, and show error message, such as in second terminal Display screen show error message.
Optionally, after the second terminal receives second notification message, decryption key can be sent again, and attempts to decrypt, If receiving the first notification message, write instruction is sent, if receiving second notification message, can be again attempted to, until n-th Afterwards, stop importing program, and show error message, the numerical value of the N is not specifically limited.
Optionally, before the decryption key that the first terminal reception second terminal is sent, further includes: first terminal receives institute State the encrypted private key of second terminal transmission;The encrypted private key is stored in data area by first terminal.
In the present embodiment, the encrypted private key is stored as data in the data area, the data area For open region, it is easy to read and write.
Optionally, first terminal instructs according to said write and the private key is written after secure storage section, further includes:
The first terminal sends write-in notice to the second terminal, and said write notice, which is used to indicate the private key, is It is no to be written successfully.
It should be noted that in the present embodiment, said write notice includes that write-in success flag or write-in unsuccessfully identify, If the second terminal receives write-in success flag, write-in successful information is shown;If the second terminal receives write-in and unsuccessfully marks Know, then stop write-in program, shows write-in failure information, such as the display screen display write-in failure information in second terminal.
Optionally, after the write-in notice that the second terminal receives unsuccessfully identifies for write-in, write-in can be sent again and referred to It enables, and attempts to be written again, if the write-in notice received is success flag, show write-in successful information;If the write-in received Notice unsuccessfully identifies for write-in, can again attempt to, and after n-th, stops write-in program, and show write-in failure information, N Numerical value for the integer greater than 0, but the N is not specifically limited.
Fig. 3 is the method flow schematic diagram that the key that one embodiment of the application provides imports terminal.The present embodiment is with second Terminal is executing subject.
As shown in figure 3, this method comprises:
S301, second terminal send decryption key to first terminal.
In the present embodiment, operation has brush machine tool in second terminal, which instructs decryption key by DIAG It is sent to first terminal.
S302, the second terminal receive the first terminal and are being decrypted according to the decryption key to encrypted private key At the first notification message of rear transmission, first notification message is used to indicate successful decryption.
In the present embodiment, first notification message may include the status information of successful decryption, the first terminal The status information is sent to the brush machine tool run in second terminal by DIAG instruction.Such as " 1 " expression successful decryption, " 0 " indicates decryption unsuccessfully etc., is not limited.
S303, the second terminal send write instruction to the first terminal according to first notification message, described Write instruction is used to indicate the first terminal and secure storage section is written in the private key.
In the present embodiment, after the first notification message for receiving first terminal transmission of the second terminal, confirmation solution Close success can issue write instruction by brush machine tool, and be sent to first terminal by DIAG instruction.
Wherein, in the present embodiment, encrypted private key is pre-deposited into terminal, and then in terminal after terminal acquisition decryption key It is interior that encrypted private key is decrypted and private key is written into secure storage section, the mode of this write-in private key convenient for operation, High safety, and without other equipment, it reduces costs.
Optionally, after the second terminal sends decryption key to first terminal, further includes:
The second terminal receives the first terminal after failing according to the decryption key to the decryption of encrypted private key The second notification message of transmission, the second notification message are used to indicate decryption failure.
It should be noted that in the present embodiment, first notification message and the second notification message can lead to Carrying decryption mark instruction successful decryption or failure are crossed, after the second terminal receives decryption mark, recognizes and is decrypted into Function then sends write instruction, recognizes decryption failure, then stops importing program, and show error message, such as in second terminal Display screen show error message.
Optionally, after the second terminal receives second notification message, decryption key can be sent again, and attempts to decrypt, If receiving the first notification message, write instruction is sent, if receiving second notification message, can be again attempted to, until n-th Afterwards, stop importing program, and show write-in failure information, N is the integer greater than 0, but the numerical value of the N is not specifically limited.
Optionally, before the second terminal sends decryption key to first terminal, further includes:
Second terminal generates a pair of secret keys, and the pair of key includes: public key and private key;Second terminal to the private key into Row encryption, obtains encrypted private key and the decryption key.
The second terminal by the public key be sent to security server, by the decryption key be sent to decryption server, And the encrypted private key is sent to the first terminal.
In the present embodiment, it can be Lee Vista-Shamir-A Deman algorithm that the second terminal, which generates a pair of secret keys, (Rivest-Shamir-Adlemanalgorithm, RSA) key pair.
RSA key centering, one of them is privacy key, i.e., the described private key is saved by user;Another is close to disclose Key, i.e., the described public key, can external disclosure, can be registered in network server.To improve encryption strength, RSA key is at least 500 Bit length is generally recommended to use 1024.
It should be noted that in the present embodiment, the mode of the private key encryption is rsa encryption mode, to the private key A pair of secret keys is generated after encryption, i.e., encrypted private key and decryption key, it is possible to use the encryption of other cipher modes, to cipher mode With no restrictions, specifically it is subject to the cipher mode of user.
Wherein, the security server be IFAA (Internet Finance Authentication Alliance, mutually Network financial authentication alliance) server, for docking the fingerprint payment function of Alipay.
Optionally, the security server can also (Fast Identity Online, quickly identity be tested on line for FIDO Card) server, TENCENTSOTER (Tencent's biological identification platform) server etc., to dock wechat payment or other types Using fingerprint pay software.
Optionally, before the second terminal sends decryption key to first terminal, further includes:
Second terminal sends connection request to the decryption server;
Second terminal receives the decryption key that the decryption server is sent according to the connection request.
It should be noted that in the present embodiment, the decryption server can preserve multiple decryption keys, each Decryption key is corresponding with the encrypted private key in a first terminal, and the second terminal is believed according to the feature of the first terminal Breath determines decryption key corresponding to the encrypted private key in the first terminal, and sends connection to the decryption server and ask It asks, the connection request includes the information for requesting the corresponding decryption key, after the decryption server receives the connection request, According to the information of the corresponding decryption key, corresponding decryption key is sent to the second terminal.
Optionally, the second terminal according to first notification message to the first terminal send write instruction it Afterwards, further includes:
The second terminal receives the write-in notice that the first terminal is sent, and said write notice is used to indicate the private Whether key is written success.
It should be noted that in the present embodiment, said write notice includes that write-in success flag or write-in unsuccessfully identify, If the second terminal receives write-in success flag, write-in successful information is shown;If the second terminal receives write-in and unsuccessfully marks Know, then stop write-in program, shows write-in failure information, such as the display screen display write-in failure information in second terminal.
Optionally, after the write-in notice that the second terminal receives unsuccessfully identifies for write-in, write-in can be sent again and referred to It enables, and attempts to be written again, if the write-in notice received is success flag, show write-in successful information;If the write-in received Notice unsuccessfully identifies for write-in, can again attempt to, and after n-th, stops write-in program, and show write-in failure information, The numerical value of the N is not specifically limited.
Fig. 4 is that the application is the method flow schematic diagram that the key that one embodiment of the application provides imports terminal.
As shown in figure 4, in the present embodiment, the step of private key is imported the secure storage section of first terminal, is wrapped It includes:
S401, second terminal generate key pair, and the public key of cipher key pair is uploaded security server.
In the present embodiment, the second terminal is locally generated a pair of of RSA key, including public key and private key, the public affairs Key is uploaded to IFAA server.
S402, second terminal encryption key, obtain decryption key and encrypted private key.
In the present embodiment, for the second terminal to the private key encryption, RSA is can be used in cipher mode, is generated a pair of RSA key pair, i.e. decryption key and encrypted private key.
S403, second terminal send decryption key to decryption server.
In the present embodiment, the decryption key is sent to decryption server and saved by the second terminal.
S404, second terminal send encrypted private key to first terminal.
In the present embodiment, the encrypted private key is sent to first terminal by the second terminal.
Data area is written in encrypted private key by S405, first terminal.
In the present embodiment, the first terminal saves the encrypted private key in the data area.
S406, second terminal send connection request to the decryption server.
In the present embodiment, the second terminal sends connection request to the decryption server, and request corresponds to first The decryption key of private key after terminal encryption.
S407, decryption server send decryption key according to connection request.
In the present embodiment, corresponding decryption key is sent to the second terminal by the decryption server.
S408, second terminal send decryption key to first terminal
In the present embodiment, after the second terminal receives the decryption key that decryption server is sent, by the decryption key It is transmitted to the first terminal.
S409, first terminal decrypt encrypted private key using decryption key, obtain private key.
In the present embodiment, after shown first terminal receives the decryption key, in Trustzone to the encryption after Private key be decrypted, obtain private key, success after, the private key is temporarily stored in Trustzone.
S410, first terminal send the first notification message to second terminal.
In the present embodiment, after successfully obtaining private key, the first terminal sends the first notification message to second terminal, leads to Know successful decryption.
S411, second terminal send write instruction to first terminal.
In the present embodiment, after the second terminal receives the first notification message, write instruction is sent to first terminal.
According to write instruction secure storage section is written in private key by S412, first terminal.
In the present embodiment, after the first terminal receives write instruction, the private key write-in peace in Trustzone will be present Full storage region.
After S413, first terminal are successfully written the private key, write-in notice is sent to second terminal.
In the present embodiment, after the first terminal is successfully written the private key, write-in notice is sent to second terminal.
It should be noted that the communication between shown first terminal and the second terminal can pass through in the present embodiment DIAG instruction is completed, and brush machine tool has wherein been run in second terminal, and the DIAG instruction is sent by the brush machine tool.
Fig. 5 is the terminal structure schematic diagram that one embodiment of the application provides, and the present embodiment is the structural representation of first terminal Figure.
The schematic diagram be only in first terminal part-structure signal relevant to of the invention implementations, the first terminal may be used also To include other modules.
As shown in figure 5, the first terminal includes: the first receiving module 501, deciphering module 502 and notification module 503. Wherein:
First receiving module 501, for receiving the decryption key of second terminal transmission.
Deciphering module 502, for encrypted private key to be decrypted according to the decryption key, wherein after the encryption Private key be pre-stored in the first terminal.
Notification module 503, for sending the first notice to the second terminal and disappearing after successful decryption obtains the private key Breath, first notification message are used to indicate successful decryption.
Correspondingly, first receiving module 501 is also used to receive the second terminal according to first notification message The write instruction of transmission;
Writing module 504, for secure storage section to be written in the private key according to said write instruction.
Optionally, the notification module 503 is also used to decrypt encrypted private key in the encrypting module 502 and fail When, second notification message is sent to second terminal, the second notification message is used to indicate decryption failure.
Fig. 6 is the terminal structure schematic diagram that another embodiment of the application provides.
As shown in fig. 6, on the basis of Fig. 5, further includes: data memory module 601;
First receiving module 501 is also used to receive the encrypted private key that the second terminal is sent.
The data memory module 601, for storing the encrypted private key to data area.
Optionally, the notification module 503 is also used to that secure storage section is written in the private key in writing module 504 Later, write-in notice is sent to the second terminal, said write notice is used to indicate whether the private key is written success.
Above-mentioned apparatus can be used for executing the method for above method embodiment offer, specific implementation and technical effect class Seemingly, which is not described herein again.
Fig. 7 is the terminal structure schematic diagram that the another embodiment of the application provides, and the present embodiment is that the structure of second terminal is shown It is intended to.
The schematic diagram be only in second terminal part-structure signal relevant to of the invention implementations, the second terminal may be used also To include other modules.
As shown in fig. 7, the second terminal includes: sending module 701 and the second receiving module 702, in which:
Sending module 702, for sending decryption key to first terminal.
Second receiving module 701, for receive the first terminal according to the decryption key to encrypted private key solution The first notification message sent after the completion of close, first notification message are used to indicate successful decryption.
Correspondingly, the sending module 702 is also used to be write according to first notification message to first terminal transmission Enter instruction, said write instruction is used to indicate the first terminal and secure storage section is written in the private key.
Optionally, second receiving module 701, be also used to the sending module to first terminal send decryption key it Afterwards, the second notice that the first terminal is sent after failing to the decryption of encrypted private key according to the decryption key is received to disappear Breath, the second notification message are used to indicate decryption failure.
Fig. 8 is the terminal structure schematic diagram that another embodiment of the application provides.
As shown in figure 8, the terminal can also include: key production module 801 and encrypting module on the basis of Fig. 7 802.Wherein:
The key production module 801 is used for before the sending module 702 sends decryption key to first terminal, raw Key in a pair, the pair of key include: public key and private key.
The encrypting module 802, for obtaining encrypted private key and the decryption key for the private key encryption.
Further, the sending module 701 is also used to for the public key being sent to security server, by the decryption Key is sent to decryption server and the encrypted private key is sent to the first terminal.
Optionally, the sending module 701 is also used to before sending decryption key to first terminal, is taken to the decryption Business device sends connection request.
Second receiving module 702 is also used to receive the institute that the decryption server is sent according to the connection request State decryption key.
Optionally, second receiving module 702 is also used to be disappeared in the sending module 701 according to first notice It ceases after first terminal transmission write instruction, receives the write-in notice that the first terminal is sent, said write notice It is used to indicate whether the private key is written success.
Above-mentioned apparatus can be used for executing the method for above method embodiment offer, specific implementation and technical effect class Seemingly, which is not described herein again.
It should be noted that it should be understood that the modules of the above terminal division be only a kind of logic function division, It can completely or partially be integrated on a physical entity in actual implementation, it can also be physically separate.And these modules can be with All realized by way of processing element calls with software;It can also all realize in the form of hardware;It can also part mould Block realizes that part of module passes through formal implementation of hardware by way of processing element calls software.For example, determining module can be with For the processing element individually set up, it also can integrate and realized in some chip of above-mentioned apparatus, in addition it is also possible to program The form of code is stored in the memory of above-mentioned apparatus, is called by some processing element of above-mentioned apparatus and is executed above true The function of cover half block.The realization of other modules is similar therewith.Furthermore these modules completely or partially can integrate together, can also With independent realization.Processing element described here can be a kind of integrated circuit, the processing capacity with signal.In the process of realization In, each step of the above method or the above modules can by the integrated logic circuit of the hardware in processor elements or The instruction of software form is completed.
For example, the above module can be arranged to implement one or more integrated circuits of above method, such as: One or more specific integrated circuits (Application Specific Integrated Circuit, ASIC), or, one Or multi-microprocessor (Digital SingnalProcessor, DSP), or, one or more field programmable gate array (Field Programmable Gate Array, FPGA) etc..For another example, when some above module dispatches journey by processing element When the form of sequence code is realized, which can be general processor, such as central processing unit (Central Processing Unit, abbreviation CPU) or it is other can be with the processor of caller code.For another example, these modules can integrate Together, it is realized in the form of system on chip (System-On-a-Chip, abbreviation SOC).
Fig. 9 is the terminal structure schematic diagram that another embodiment of the application provides.
As shown in figure 9, the terminal can be above-mentioned first terminal or second terminal, can specifically include: 901 He of processor Memory 902.Wherein:
Memory 902 realizes that above method embodiment or Fig. 5, Fig. 6, Fig. 7, embodiment illustrated in fig. 8 are each for storing The program code of module, processor 901 call the program code, execute the operation of above method embodiment, to realize Fig. 5, figure 6, Fig. 7, embodiment illustrated in fig. 8 modules.
Alternatively, some or all of above each unit can also pass through field programmable gate array (Field Programmable Gate Array, abbreviation FPGA) form be embedded on some chip of the terminal and realize.And it Can be implemented separately, also can integrate together.
Here the same above description of processor 901, can be general processor, such as CPU, can also be and be configured to reality One or more integrated circuits of above method are applied, such as: one or more specific integrated circuit (Application Specific Integrated Circuit, abbreviation ASIC), or, one or more microprocessors (digital singnal Processor, abbreviation DSP), or, one or more field programmable gate array (Field Programmable Gate Array, abbreviation FPGA) etc..Memory 902 can be a storage device, be also possible to the general designation of multiple memory elements.
In addition, multiple interfaces can be set on the processor 901, be respectively used to connection peripheral equipment or connect with peripheral equipment The interface circuit connect.For example, the interface for connecting display screen, for connecting the interface of camera, for connecting audio processing The interface etc. of element.
In several embodiments provided by the present invention, it should be understood that disclosed device and method can pass through it Its mode is realized.For example, the apparatus embodiments described above are merely exemplary, for example, the division of the unit, only Only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components can be tied Another system is closed or is desirably integrated into, or some features can be ignored or not executed.Another point, it is shown or discussed Mutual coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or logical of device or unit Letter connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of hardware adds SFU software functional unit.
The above-mentioned integrated unit being realized in the form of SFU software functional unit can store and computer-readable deposit at one In storage media.Above-mentioned SFU software functional unit is stored in a storage medium, including some instructions are used so that a computer Equipment (can be personal computer, server or the network equipment etc.) or processor (English: processor) execute this hair The part steps of bright each embodiment the method.And storage medium above-mentioned includes: USB flash disk, mobile hard disk, read-only memory (English: Read-Only Memory, abbreviation: ROM), random access memory (English: Random Access Memory, letter Claim: RAM), the various media that can store program code such as magnetic or disk.

Claims (18)

1. a kind of method that key imports terminal characterized by comprising
First terminal receives the decryption key that second terminal is sent;
The first terminal is decrypted encrypted private key according to the decryption key, wherein the encrypted private key is pre- It is stored in the first terminal;
If the first terminal successful decryption obtains the private key, the first terminal sends first to the second terminal and leads to Know message, first notification message is used to indicate successful decryption;
The first terminal receives the write instruction that the second terminal is sent according to first notification message;
The first terminal instructs according to said write private key secure storage section is written.
2. the method as described in claim 1, which is characterized in that the first terminal is according to the decryption key to encrypted private After key is decrypted, further includes:
Fail if the first terminal decrypts encrypted private key, the first terminal sends second to the second terminal Notification message, the second notification message are used to indicate decryption failure.
3. the method as described in claim 1, which is characterized in that the first terminal receive decryption key that second terminal is sent it Before, further includes:
The first terminal receives the encrypted private key that the second terminal is sent;
The encrypted private key is stored in data area by the first terminal.
4. the method according to claim 1, which is characterized in that the first terminal is instructed according to said write will After the private key write-in secure storage section, further includes:
The first terminal sends write-in notice to the second terminal, and said write notice is used to indicate whether the private key is write Enter success.
5. a kind of method that key imports terminal characterized by comprising
Second terminal sends decryption key to first terminal;
The second terminal receives the first terminal and sends after the completion of being decrypted according to the decryption key to encrypted private key The first notification message, first notification message is used to indicate successful decryption;
The second terminal sends write instruction to the first terminal according to first notification message, and said write instruction is used Secure storage section is written into the private key in the instruction first terminal.
6. method as claimed in claim 5, which is characterized in that after the second terminal sends decryption key to first terminal, Further include:
The second terminal receives the first terminal and sends after being failed according to the decryption key to the decryption of encrypted private key Second notification message, the second notification message be used to indicate decryption failure.
7. method as claimed in claim 5, which is characterized in that before the second terminal sends decryption key to first terminal, Further include:
The second terminal generates a pair of secret keys, and the pair of key includes: public key and private key;
The second terminal encrypts the private key, obtains encrypted private key and the decryption key;
The public key is sent to security server, the decryption key is sent to decryption server and will by the second terminal The encrypted private key is sent to the first terminal.
8. the method for claim 7, which is characterized in that before the second terminal sends decryption key to first terminal, Further include:
The second terminal sends connection request to the decryption server;
The second terminal receives the decryption key that the decryption server is sent according to the connection request.
9. such as the described in any item methods of claim 5-8, which is characterized in that the second terminal disappears according to first notice It ceases after first terminal transmission write instruction, further includes:
The second terminal receives the write-in notice that the first terminal is sent, and said write notice, which is used to indicate the private key, is It is no to be written successfully.
10. a kind of terminal, which is characterized in that the terminal is first terminal, comprising:
First receiving module, for receiving the decryption key of second terminal transmission;
Deciphering module, for encrypted private key to be decrypted according to the decryption key, wherein the encrypted private key is pre- It is stored in the first terminal;
Notification module, it is described for sending the first notification message to the second terminal after successful decryption obtains the private key First notification message is used to indicate successful decryption;
Correspondingly, first receiving module is also used to receive what the second terminal was sent according to first notification message Write instruction;
Writing module, for secure storage section to be written in the private key according to said write instruction.
11. terminal as claimed in claim 10, which is characterized in that the notification module is also used in the encrypting module to adding When private key after close decrypts failure, second notification message is sent to second terminal, the second notification message is used to indicate decryption Failure.
12. terminal as claimed in claim 10, which is characterized in that further include: data memory module;
First receiving module is also used to receive the encrypted private key that the second terminal is sent;
The data memory module, for storing the encrypted private key to data area.
13. such as the described in any item terminals of claim 10-12, which is characterized in that the notification module is also used in write-in mould After secure storage section is written in the private key by block, write-in notice is sent to the second terminal, said write notice is used for Indicate whether the private key is written success.
14. a kind of terminal, which is characterized in that the terminal is second terminal, comprising:
Sending module, for sending decryption key to first terminal;
Second receiving module, for receiving the first terminal after the completion of decrypting according to the decryption key to encrypted private key The first notification message sent, first notification message are used to indicate successful decryption;
Correspondingly, the sending module is also used to send write instruction to the first terminal according to first notification message, Said write instruction is used to indicate the first terminal and secure storage section is written in the private key.
15. terminal as claimed in claim 14, which is characterized in that second receiving module is also used in the transmission mould After block sends decryption key to first terminal, receives the first terminal and encrypted private key is being decrypted according to the decryption key The second notification message sent after failure, the second notification message are used to indicate decryption failure.
16. terminal as claimed in claim 14, which is characterized in that further include: key production module and encrypting module;
The key production module, for generating a pair of secret keys before the sending module sends decryption key to first terminal, The pair of key includes: public key and private key;
The encrypting module, for obtaining encrypted private key and the decryption key for the private key encryption;
The sending module is also used to for the public key being sent to security server, the decryption key is sent to decryption service The encrypted private key is simultaneously sent to the first terminal by device.
17. terminal as claimed in claim 16, which is characterized in that the sending module is also used to send to first terminal Before decryption key, connection request is sent to the decryption server;
Second receiving module is also used to receive the decryption that the decryption server is sent according to the connection request Key.
18. such as the described in any item terminals of claim 14-17, which is characterized in that second receiving module is also used in institute State sending module according to first notification message to the first terminal send write instruction after, receive the first terminal The write-in of transmission notifies that said write notice is used to indicate whether the private key is written success.
CN201810986860.5A 2018-08-24 2018-08-24 The method and terminal of key importing terminal Pending CN109039609A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810986860.5A CN109039609A (en) 2018-08-24 2018-08-24 The method and terminal of key importing terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810986860.5A CN109039609A (en) 2018-08-24 2018-08-24 The method and terminal of key importing terminal

Publications (1)

Publication Number Publication Date
CN109039609A true CN109039609A (en) 2018-12-18

Family

ID=64625510

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810986860.5A Pending CN109039609A (en) 2018-08-24 2018-08-24 The method and terminal of key importing terminal

Country Status (1)

Country Link
CN (1) CN109039609A (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101478538A (en) * 2008-12-31 2009-07-08 成都市华为赛门铁克科技有限公司 Storage method, apparatus or system for safety management device
CN101989991A (en) * 2010-11-24 2011-03-23 北京天地融科技有限公司 Method for importing secret keys safely, electronic signature tool, authentication device and system
CN106033503A (en) * 2015-03-19 2016-10-19 阿里巴巴集团控股有限公司 Method, device and system of online writing application secret key into digital content equipment
CN107276756A (en) * 2017-07-27 2017-10-20 深圳市金立通信设备有限公司 A kind of method and server for obtaining root key
WO2018026323A1 (en) * 2016-08-05 2018-02-08 华为国际有限公司 Data processing method and device
CN108235798A (en) * 2017-12-27 2018-06-29 福建联迪商用设备有限公司 A kind of public private key pair acquisition methods, system and POS terminal
CN108270558A (en) * 2016-12-30 2018-07-10 上海格尔软件股份有限公司 A kind of private key introduction method based on temporary key pair

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101478538A (en) * 2008-12-31 2009-07-08 成都市华为赛门铁克科技有限公司 Storage method, apparatus or system for safety management device
CN101989991A (en) * 2010-11-24 2011-03-23 北京天地融科技有限公司 Method for importing secret keys safely, electronic signature tool, authentication device and system
CN106033503A (en) * 2015-03-19 2016-10-19 阿里巴巴集团控股有限公司 Method, device and system of online writing application secret key into digital content equipment
WO2018026323A1 (en) * 2016-08-05 2018-02-08 华为国际有限公司 Data processing method and device
CN108270558A (en) * 2016-12-30 2018-07-10 上海格尔软件股份有限公司 A kind of private key introduction method based on temporary key pair
CN107276756A (en) * 2017-07-27 2017-10-20 深圳市金立通信设备有限公司 A kind of method and server for obtaining root key
CN108235798A (en) * 2017-12-27 2018-06-29 福建联迪商用设备有限公司 A kind of public private key pair acquisition methods, system and POS terminal

Similar Documents

Publication Publication Date Title
TWI576778B (en) Disabling mobile payments for lost electronic devices
CN108345806A (en) A kind of hardware encryption card and encryption method
CN106527673A (en) Method and apparatus for binding wearable device, and electronic payment method and apparatus
KR20090041352A (en) Method of secure personalization of a nfc chipset
CN110971398A (en) Data processing method, device and system
US20190012472A1 (en) Hierarchical bus encryption system
CN110598429B (en) Data encryption storage and reading method, terminal equipment and storage medium
CN111178884A (en) Information processing method, device, equipment and readable storage medium
CN104468562A (en) Portable transparent data safety protection terminal oriented to mobile applications
CN109903052A (en) A kind of block chain endorsement method and mobile device
CN111404706A (en) Application downloading method, secure element, client device and service management device
CN112636914B (en) Identity verification method, identity verification device and smart card
CN114584287A (en) Method and device for key management
CN116015627A (en) Face recognition tamper-proof method and system based on symmetric algorithm
CN114095277A (en) Power distribution network secure communication method, secure access device and readable storage medium
WO2024114095A1 (en) Data transmission control method and apparatus, electronic device, and readable storage medium
EP2993856B1 (en) Establishment of communication connection between mobile device and secure element
CN103873245B (en) Dummy machine system data ciphering method and equipment
CN106295372B (en) A kind of encryption Hub device realized based on EMMC interface
CN102480724A (en) Software authentication data card, software authentication system and software authentication method
US8826028B1 (en) Cryptography secure input device
CN101159542B (en) Method and system for saving and/or obtaining authentication parameter on terminal network appliance
CN113411347B (en) Transaction message processing method and processing device
CN103514540B (en) A kind of excellent shield service implementation method and system
CN104182867A (en) Order sending method, receiving method, sending device, receiving device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181218