Key update method and device, equipment, computer readable storage medium
By matching and updating keys in the mobile terminal, the problem of new keys being unable to decrypt information encrypted by old keys is solved, ensuring the correctness of the decryption process and optimizing storage space.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- CHINA TELECOM CORP LTD TECHNOLOGY INNOVATION CENTER
- Filing Date
- 2023-07-10
- Publication Date
- 2026-06-09
Smart Images

Figure CN116827534B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of communications, specifically to a key update method, apparatus, device, and computer-readable storage medium. Background Technology
[0002] In existing network technologies, after a mobile terminal receives a new key, it immediately uses the new key to update the old key, and then uses the new key to encrypt or decrypt relevant information. However, in actual commercial scenarios, after obtaining a new key, the mobile terminal still needs to decrypt information encrypted with the old key. At this point, the old key has been replaced by the new key, and the new key cannot decrypt information encrypted with the old key, resulting in the inability to decrypt the encrypted information and compromising the correctness of the mobile terminal's decryption process. Summary of the Invention
[0003] To address the aforementioned technical problems, embodiments of this application provide a key update method, apparatus, device, and computer-readable storage medium to ensure the correctness of the mobile terminal decryption process.
[0004] Other features and advantages of this application will become apparent from the following detailed description, or may be learned in part from practice of this application.
[0005] According to one aspect of the embodiments of this application, a key update method is provided, applied to a mobile terminal, comprising: performing a matching operation between a received update key and an existing key to obtain a matching result;
[0006] If the matching result indicates that the updated key and the existing key are not the same key, then the existing key is updated to the historical key, and the updated key is updated to the existing key;
[0007] If the matching result indicates that the updated key and the existing key are the same key, and the mobile terminal is found to include a historical key, then the existing key will not be updated, and the historical key will be deleted.
[0008] According to one aspect of the embodiments of this application, a key update apparatus is provided, applied to a mobile terminal, comprising: a matching module configured to perform a matching operation on a received update key and an existing key to obtain a matching result; an update module configured to update the existing key to a historical key and update the update key to an existing key if the matching result indicates that the update key and the existing key are not the same key; and a deletion module configured to not update the existing key and delete the historical key if the matching result indicates that the update key and the existing key are the same key and the mobile terminal is detected to include a historical key.
[0009] In this embodiment, during the key update process, the mobile terminal matches the received updated key with the existing key to obtain a matching result. If the matching result indicates that the updated key and the existing key are not the same, the existing key is updated to the historical key, and the updated key is updated back to the existing key. This ensures that even if the existing key is updated, the mobile terminal can still use the historical key to decrypt previously encrypted information, guaranteeing the correctness of the decryption process. If the matching result indicates that the updated key and the existing key are the same, and the mobile terminal is detected to have a historical key, it means that the mobile terminal has received the same updated key again, and there is no need to update the existing key. If the existing key is updated to the historical key, the updated existing key and the historical key are the same. To reduce the data storage volume of the mobile terminal, there is no need to store redundant and duplicate keys, thus optimizing the stored data of the mobile terminal.
[0010] In another exemplary embodiment, the mobile terminal includes a hash map table for storing key data, the key data including keys corresponding to various types of keys; the key update device further includes: a zero-value detection module configured to detect whether the number of keys in the hash map table is zero; wherein the number of keys is positively correlated with the number of stored key data; a zero-value module configured to store the updated key as an existing key if the number of keys in the hash map table is detected to be zero; and a non-zero-value module configured to perform the step of matching the received updated key with the existing key to obtain a matching result if the number of keys in the hash map table is detected to be non-zero.
[0011] This embodiment improves the data structure for storing keys by storing existing and historical keys in the form of HashMap key-value pairs in the mobile terminal. By detecting whether the number of keys in the hash map is zero, it is determined whether the mobile terminal stores at least one key. The entire detection process only requires comparing the number of keys with zero, making the entire detection process convenient and fast.
[0012] In another exemplary embodiment, the mobile terminal includes a hash mapping table for storing keys corresponding to the historical keys; the key update device further includes: a detection module configured to detect whether the hash mapping table stores keys corresponding to the historical keys; a first detection result module configured to obtain a detection result indicating that the mobile terminal includes the historical keys if the historical keys exist; and a second detection result module configured to obtain a detection result indicating that the mobile terminal does not include the historical keys if the historical keys do not exist.
[0013] This embodiment provides a method for determining whether a mobile terminal includes a historical key. By detecting whether the hash mapping table stores the key corresponding to the historical key, the method can accurately determine whether the mobile terminal includes a historical key.
[0014] In another exemplary embodiment, the mobile terminal includes a hash map table storing fields corresponding to the existing key; the matching module includes: an update field acquisition unit configured to acquire the update field corresponding to the update key in the hash map table; a field detection unit configured to detect whether the update field is the same as the field corresponding to the existing key; a first detection result unit configured to obtain a matching result indicating that the update key and the existing key are the same key if they are the same; and a second detection result unit configured to obtain a matching result indicating that the update key and the existing key are not the same key if they are different.
[0015] This embodiment provides a method for comparing an updated key and an existing key by obtaining their corresponding fields in a hash mapping table for comparison. Since the values of the fields are stored in the form of strings, the differences between the fields can be determined more accurately, thereby accurately determining whether the updated key and the existing key are the same key.
[0016] In another exemplary embodiment, the hash map table also stores the field corresponding to the historical key; the update module includes: an update unit configured to update the field corresponding to the existing key to the field corresponding to the historical key, and update the updated field to the field corresponding to the existing key; the deletion module includes: a deletion unit configured to perform a zeroing operation on the field corresponding to the historical key in the hash map table.
[0017] This embodiment further illustrates updating existing and historical keys at the field level, and explains that deleting a historical key involves setting its corresponding field to zero. Because most strings in the fields are interchangeable, updating a field does not require updating the entire field, making it faster than directly updating the relevant key.
[0018] In another exemplary embodiment, the key update device further includes: an initial key receiving module configured to receive an initial key issued by a near-domain service management platform; and a storage module configured to store the initial key as the existing key.
[0019] This embodiment describes how the mobile terminal stores the initial key, directly storing it as an existing key for use. It also clarifies that the initial key is issued by the near-domain service management platform, which provides more timely optimization and management of the key.
[0020] In another exemplary embodiment, the detection result indicates that the mobile terminal includes the historical key; the key update device further includes: a sending module configured to send the current existing key and the historical key to the near-domain service management platform, so that the near-domain service management platform determines whether to reissue the update key.
[0021] This embodiment further illustrates the interaction process between the mobile terminal and the near-domain service management platform. The mobile terminal sends the current key information to the near-domain service management platform so that it can determine whether to issue an updated key again, thereby further optimizing the keys stored in each mobile terminal.
[0022] According to one aspect of the embodiments of this application, an electronic device is provided, including: a controller; and a memory for storing one or more programs, which, when executed by the controller, perform the key update method described above.
[0023] According to one aspect of the embodiments of this application, a computer-readable storage medium is also provided, on which computer-readable instructions are stored, which, when executed by a computer's processor, cause the computer to perform the above-described key update method.
[0024] According to one aspect of the embodiments of this application, a computer program product or computer program is also provided, which includes computer instructions stored in a computer-readable storage medium. A processor of a computer device reads the computer instructions from the computer-readable storage medium and executes the computer instructions, causing the computer device to perform the key update method described above.
[0025] In the technical solution provided in the embodiments of this application, during the key update process, the mobile terminal matches the received updated key with the existing key to obtain a matching result. If the matching result indicates that the updated key and the existing key are not the same key, the existing key is updated to a historical key, and the updated key is updated to the existing key. This ensures that even if the existing key is updated, the mobile terminal can still use the historical key to decrypt previously encrypted information, guaranteeing the correctness of the mobile terminal's decryption process. If the matching result indicates that the updated key and the existing key are the same key, and the mobile terminal is detected to include a historical key, it means that the mobile terminal has received the same updated key again, and there is no need to update the existing key. If the existing key is updated to a historical key, the updated existing key and the historical key are the same, thus reducing the data storage volume of the mobile terminal and eliminating the need to store redundant duplicate keys.
[0026] It should be understood that the above general description and the following detailed description are exemplary and explanatory only, and are not intended to limit this application. Attached Figure Description
[0027] The accompanying drawings, which are incorporated in and form part of this specification, illustrate embodiments consistent with this application and, together with the description, serve to explain the principles of this application. It is obvious that the drawings described below are merely some embodiments of this application, and those skilled in the art can obtain other drawings based on these drawings without any inventive effort.
[0028] Figure 1 This is a schematic diagram of the existing key update process.
[0029] Figure 2 This is a flowchart illustrating a key update method in an exemplary embodiment of this application.
[0030] Figure 3 Based on Figure 2 A flowchart of another key update method proposed in the illustrated embodiment.
[0031] Figure 4 This is a hash map table illustrated in an exemplary embodiment of this application.
[0032] Figure 5 Based on Figure 2 A flowchart of another key update method proposed in the illustrated embodiment.
[0033] Figure 6 Based on Figure 2 A flowchart of another key update method proposed in the illustrated embodiment.
[0034] Figure 7 Based on Figure 6 A flowchart of another key update method proposed in the illustrated embodiment.
[0035] Figure 8 Based on Figure 2 , Figure 3 , Figures 5 to 7 A flowchart of another key update method proposed in any of the embodiments shown.
[0036] Figure 9 Based on Figure 2 , Figure 3 , Figures 5 to 7 A flowchart of another key update method proposed in any of the embodiments shown.
[0037] Figure 10 This is a schematic diagram of the application environment for the key update method of this application.
[0038] Figure 11 This is a schematic diagram of the key update device shown in an exemplary embodiment of this application.
[0039] Figure 12 This is a schematic diagram of the structure of a computer system for an electronic device, as illustrated in an exemplary embodiment of this application. Detailed Implementation
[0040] Exemplary embodiments will now be described in detail, examples of which are illustrated in the accompanying drawings. When the following description relates to the drawings, unless otherwise indicated, the same numbers in different drawings denote the same or similar elements. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with this application. Rather, they are merely examples of apparatuses and methods consistent with some aspects of this application as detailed in the appended claims.
[0041] The block diagrams shown in the accompanying drawings are merely functional entities and do not necessarily correspond to physically independent entities. That is, these functional entities can be implemented in software, in one or more hardware modules or integrated circuits, or in different network and / or processor devices and / or microcontroller devices.
[0042] The flowcharts shown in the accompanying drawings are merely illustrative and do not necessarily include all content and operations / steps, nor do they necessarily have to be performed in the described order. For example, some operations / steps can be broken down, while others can be combined or partially combined; therefore, the actual execution order may change depending on the specific circumstances.
[0043] In this application, "multiple" refers to two or more. "And / or" describes the relationship between related objects, indicating that three relationships can exist. For example, A and / or B can represent: A alone, A and B simultaneously, or B alone. The character " / " generally indicates that the preceding and following related objects have an "or" relationship.
[0044] The existing key update process is as follows: Figure 1 As shown, Figure 1 This is a schematic diagram of the existing key update process. The process includes steps S101 to S106, which are described in detail below:
[0045] S101: The first terminal device sends a Direct Rekey Request message to the second terminal device to request a key update.
[0046] S102: The second terminal device determines a new encryption and integrity protection algorithm and updates the calculation of a new key based on the selected encryption and integrity protection algorithm.
[0047] S103: The second terminal device sends a Direct Security Mode Command message to the first terminal device; the second terminal device receives the message from the first terminal device using a new integrity protection and encryption algorithm.
[0048] S104: The first terminal device verifies the integrity of the security mode command message, and recalculates the key using the method of the second terminal device, comparing it with the key carried in the received message. After successful verification, it begins sending and receiving information using the new integrity protection and encryption algorithm. The first terminal device sends a Direct Security Mode Complete message to the second terminal device.
[0049] S105: After the second terminal device successfully verifies the integrity protection and decodes the message, confirming the key update is correct, it begins sending messages using the new integrity protection and encryption algorithm. The second terminal device deletes the security context associated with the old key.
[0050] S106: After receiving the message about the new integrity protection and encryption algorithm, the first terminal device deletes the security context associated with the old key.
[0051] As shown in S105, after the second terminal device successfully verifies the integrity protection and decodes the message, it confirms the key update is correct and begins sending messages using the new integrity protection and encryption algorithm. However, the second terminal device directly deletes the security context related to the old key without considering the possibility that information encrypted with the old key may still exist within the device and remains undecrypted. Since the old key has been replaced by the new key, the new key cannot decrypt the information encrypted with the old key, resulting in the inability to decrypt the relevant encrypted information and compromising the correctness of the mobile terminal's decryption process.
[0052] Therefore, this application provides a key update method to ensure the correctness of the mobile terminal decryption process. Please refer to [link / reference] for details. Figure 2 , Figure 2 This is a flowchart illustrating a key update method in an exemplary embodiment of this application. The method is applied to a mobile terminal, such as... Figure 2 As shown, the method includes at least S210 to S230, which are described in detail below:
[0053] S210: Perform a matching operation between the received update key and the existing key to obtain the matching result.
[0054] The update key is a key sent from the platform or other terminals to the mobile terminal of this embodiment. The existing key is a key stored in the mobile terminal of this embodiment.
[0055] The matching operation compares the updated key with the existing key to determine whether they are the same key.
[0056] S220: If the matching result indicates that the updated key and the existing key are not the same key, then update the existing key to the historical key and update the updated key to the existing key.
[0057] If the update key is different from the existing key, it indicates that the existing key needs to be updated, i.e., updated to the update key, and the original existing key is updated to the historical key. Specifically, if the mobile terminal has no historical key, the original existing key is directly stored as the historical key; if the mobile terminal has a historical key, the original historical key is replaced by the original existing key.
[0058] For example, if the updated key is A, and the existing key of the mobile terminal is B (A and B are not the same key), and there is no historical key, then the updated existing key of the mobile terminal is A, and the historical key is B.
[0059] In another example, if the updated key is A, and the mobile terminal's existing key is B and the historical key is C, where A, B, and C are all different, then the updated mobile terminal's existing key is A, and the original historical key C is updated to B.
[0060] S230: If the matching result indicates that the updated key and the existing key are the same key, and the mobile terminal is found to include a historical key, then the existing key is not updated, and the historical key is deleted.
[0061] For example, if the update key is A, and the mobile terminal's existing key is A and the historical key is C, where A and C are different, then if the update key and the existing key are the same, it means the mobile terminal has received the same update key again, and there is no need to update the existing key. If the existing key is updated to the historical key, then the updated existing key and the historical key are the same. To reduce the data storage volume of the mobile terminal, there is no need to store redundant duplicate keys, and the historical key is deleted.
[0062] In this embodiment, during the key update process, the mobile terminal matches the received updated key with the existing key to obtain a matching result. If the matching result indicates that the updated key and the existing key are not the same, the existing key is updated to the historical key, and the updated key is updated back to the existing key. This ensures that even if the existing key is updated, the mobile terminal can still use the historical key to decrypt previously encrypted information, guaranteeing the correctness of the decryption process. If the matching result indicates that the updated key and the existing key are the same, and the mobile terminal is detected to have a historical key, it means that the mobile terminal has received the same updated key again, and there is no need to update the existing key. If the existing key is updated to the historical key, the updated existing key and the historical key are the same. To reduce the data storage volume of the mobile terminal, there is no need to store redundant and duplicate keys, thus optimizing the stored data of the mobile terminal.
[0063] Before step S210, it is necessary to determine whether the mobile terminal has stored the relevant key. An exemplary embodiment of this application provides a detailed description of the preliminary step; please refer to [link / reference needed]. Figure 3 , Figure 3 Based on Figure 2 The flowchart of another key update method proposed in the illustrated embodiment is shown. The mobile terminal includes a hash mapping table for storing key data, and the key data includes keys corresponding to various key types; this method... Figure 2 The S210 shown includes S310 to S330, which will be described in detail below:
[0064] S310: Check if the number of keys in the hash map is zero; the number of keys is positively correlated with the amount of stored key data.
[0065] A hash map, also known as a hash table, is a data structure that allows direct access to data based on key-value pairs. It uses a hash function to map keys to indices (array subscripts) and stores the corresponding values at those indices. Hash maps offer constant-time lookup, insertion, and deletion operations, significantly improving efficiency for processing large amounts of data. Figure 4 As shown, Figure 4 This is an exemplary embodiment of the hash map table shown in this application. Existing keys and historical keys serve as keys in the hash map table, each corresponding to a string, i.e., a value in the hash map table. The number of keys in the hash map table is positively correlated with the number of keys in the mobile terminal.
[0066] S320: If the number of keys in the hash map is detected to be zero, the update key will be stored as the existing key.
[0067] If the number of keys in the hash map is zero, it indicates that the mobile terminal does not store any keys, and the received updated key can be directly stored as the existing key.
[0068] S330: If the number of keys in the hash map is detected to be non-zero, then perform the step of matching the received update key with the existing key to obtain the matching result.
[0069] If the number of keys in the hash map is detected to be non-zero, it indicates that the mobile terminal stores at least one key, that is, in this embodiment, at least an existing key is stored. Further matching of the received update key with the existing key is required to determine the subsequent update process based on the matching result.
[0070] This embodiment improves the data structure for storing keys by storing existing and historical keys in the form of HashMap key-value pairs in the mobile terminal. By detecting whether the number of keys in the hash map is zero, it is determined whether the mobile terminal stores at least one key. The entire detection process only requires comparing the number of keys with zero, making the entire detection process convenient and fast.
[0071] An exemplary embodiment of this application describes how to determine whether a mobile terminal stores historical keys. Please refer to [link / reference needed]. Figure 5 , Figure 5 Based on Figure 2 The flowchart of another key update method proposed in the illustrated embodiment is shown. The mobile terminal includes a hash mapping table for storing keys corresponding to historical keys; the method further includes steps S510 to S530, which are described in detail below:
[0072] S510: Check whether the hash map table stores the key corresponding to the historical key.
[0073] This embodiment determines whether a historical key is stored based on the key in the hash map table.
[0074] S520: If it exists, the detection result representing the mobile terminal including the historical key is obtained.
[0075] S530: If it does not exist, the detection result indicating that the mobile terminal does not include the historical key is obtained.
[0076] For example, in the hash mapping table, the historical key corresponds to the key B, and the existing key corresponds to the key A. By detecting whether the key B exists, it can be determined whether the mobile terminal stores the historical key.
[0077] This embodiment provides a method for determining whether a mobile terminal includes a historical key. By detecting whether the hash mapping table stores the key corresponding to the historical key, the method can accurately determine whether the mobile terminal includes a historical key.
[0078] In another exemplary embodiment of this application, a detailed description is provided of how to compare the updated key and the existing key; please refer to [link to relevant documentation]. Figure 6 , Figure 6 Based on Figure 2 The flowchart illustrates another key update method proposed in the illustrated embodiment. The mobile terminal includes a hash mapping table storing fields corresponding to existing keys; this method, as shown in... Figure 2 The S210 shown includes S610 to S640, which will be described in detail below:
[0079] S610: Retrieve the update field corresponding to the update key in the hash map table.
[0080] In this embodiment, the update key can be converted into an update field in a hash map table, such as... Figure 4 As shown, each key corresponds to a value, where the value is a string. In this embodiment, the value of each field is stored in the form of a string.
[0081] S620: Check whether the updated field is the same as the field corresponding to the existing key.
[0082] This embodiment can more accurately determine whether the updated key is the same as the existing key by comparing fields.
[0083] S630: If they are the same, then the matching result indicates that the updated key and the existing key are the same key.
[0084] S640: If they are different, the result indicates that the updated key and the existing key are not the same key.
[0085] For example, if the field corresponding to the update key in the hash map table is asdfffads, and the field corresponding to the existing key in the hash map table is asfdsfff, then the update key and the existing key are not the same key; if the field corresponding to the existing key in the hash map table is asdfffads, then the update key and the existing key are the same key.
[0086] This embodiment provides a method for comparing an updated key and an existing key by obtaining their corresponding fields in a hash mapping table for comparison. Since the values of the fields are stored in the form of strings, the differences between the fields can be determined more accurately, thereby accurately determining whether the updated key and the existing key are the same key.
[0087] Please see Figure 7 , Figure 7 Based on Figure 6The flowchart of another key update method proposed in the illustrated embodiment is shown. The hash mapping table also stores fields corresponding to historical keys; this method includes S710 in S220 and S720 in S230, which will be described in detail below:
[0088] S710: Update the field corresponding to the existing key to the field corresponding to the historical key, and update the updated field to the field corresponding to the existing key.
[0089] Because most of the strings in the fields are interchangeable, updating a field doesn't require updating the entire field, making it faster than directly updating the relevant keys. For example, if the historical key corresponds to the field "asdf" and the current key corresponds to the field "asdd", then updating the current key to the historical key only requires changing "f" to "d" in the historical key's field, thus speeding up the historical key update process.
[0090] S720: Set the field corresponding to the historical key in the hash map table to zero.
[0091] The zeroing operation deletes the field corresponding to the historical key, making the historical key stored in the mobile terminal empty, thus ensuring that the mobile terminal does not include the historical key.
[0092] This embodiment further illustrates updating existing and historical keys at the field level, and explains that deleting a historical key involves setting its corresponding field to zero. Because most strings in the fields are interchangeable, updating a field does not require updating the entire field, making it faster than directly updating the relevant key.
[0093] Please see Figure 8 , Figure 8 Based on Figure 2 , Figure 3 , Figures 5 to 7 A flowchart of another key update method proposed in any of the illustrated embodiments is provided. This method further includes steps S810 to S820 before S210, which will be described in detail below:
[0094] S810: Receives the initial key issued by the near-field service management platform.
[0095] The Near Field Business Management Platform (NFC) is an integrated platform based on IoT, cloud computing, big data, and smart hardware technologies, primarily used to manage and optimize the entire business process. Its core functions include real-time monitoring and control, data acquisition and analysis, equipment management and maintenance, and intelligent analysis and decision-making.
[0096] The initial key is the key initially sent from the near-domain business management platform to the mobile terminal, which uses it to encrypt and decrypt file information.
[0097] S820: Store the initial key as an existing key.
[0098] When the mobile terminal receives the initial key, it does not have any existing or historical keys stored locally. The initial key is stored as an existing key to facilitate the rapid use of existing keys to encrypt or decrypt relevant file information in the future.
[0099] This embodiment describes how the mobile terminal stores the initial key, directly storing it as an existing key for use. It also clarifies that the initial key is issued by the near-domain service management platform, which provides more timely optimization and management of the key.
[0100] In another exemplary embodiment of this application, the interaction between the mobile terminal and the platform is partially described; please refer to [link / reference needed]. Figure 9 , Figure 9 Based on Figure 2 , Figure 3 , Figures 5 to 7 A flowchart of another key update method proposed in any of the embodiments shown. This method further includes S910 after S230, which will be described in detail below:
[0101] S910: Send the current existing key and historical key to the near-domain service management platform so that the near-domain service management platform can determine whether to issue an updated key again.
[0102] For example, the near-domain service management platform stores a list of key information stored by each mobile terminal, used to record the status of existing and historical keys of each mobile terminal. After each mobile terminal updates its own key, it sends the updated key information (i.e., the current existing key A and historical keys) to the near-domain service management platform. The platform detects from the key information list that the existing keys of each mobile terminal have been updated to the latest key A. Then, each mobile terminal uses the latest key to encrypt or decrypt file information, and its stored historical keys become ineffective. The near-domain service management platform then sends the latest key A to each mobile terminal again so that the mobile terminal receives the latest key A again and deletes its stored historical keys to optimize the stored data of each mobile terminal.
[0103] This embodiment further illustrates the interaction process between the mobile terminal and the near-domain service management platform. The mobile terminal sends the current key information to the near-domain service management platform so that it can determine whether to issue an updated key again, thereby further optimizing the keys stored in each mobile terminal.
[0104] Please see Figure 10 , Figure 10 This is a schematic diagram illustrating the application environment of the key update method of this application. It includes a near-domain service management platform 1000, a first mobile terminal 1010, and a second mobile terminal 1020. The mobile terminals store keys in a <current key, historical key> format; if a corresponding key does not exist, it is represented by 0. The key update methods in the above embodiments can be applied to the first mobile terminal 1010 and the second mobile terminal 1020.
[0105] First, the near-domain service management platform 1000 distributes the initial key to all mobile terminals connected to the platform. Each mobile terminal receives the initial key and stores it as its existing key; the stored key information is now <initial key, 0>. Each mobile terminal can use this initial key to encrypt or decrypt file information. For example, the first mobile terminal 1010 encrypts file information that needs to be transmitted to the second mobile terminal 1020, and also uses the initial key to decrypt received encrypted file information. If mobile terminal 1010 cannot decrypt the file, it sends a request to the near-domain service management platform 1000 to obtain an updated key.
[0106] Then, the mobile terminal 1010 receives the update key and applies it to update its existing key, storing the original key (i.e., the initial key) as a historical key. At this point, the key information stored by the mobile terminal 1010 is <update key, initial key>. The mobile terminal 1010 uses the updated key to decrypt or encrypt encrypted file information and sends the current key and historical key to the near-domain service management platform 1000, so that the near-domain service management platform 1000 updates its key information list that records the relevant key information of each mobile terminal. Key updates can be requested by the mobile terminal from the platform, or the platform can periodically issue updates or update them upon detecting abnormal events.
[0107] If the near-domain service management platform 1000 detects that both the first mobile terminal 1010 and the second mobile terminal 1020 have updated their existing keys using the update key, meaning that the existing keys of the first mobile terminal 1010 and the second mobile terminal 1020 are both update keys, the near-domain service management platform 1000 will reissue the same update key to cause the first mobile terminal 1010 and the second mobile terminal 1020 to delete their respective stored historical keys, so that their stored key information becomes <update key, 0>, thus completing the key update process.
[0108] This application proposes a mechanism for the coexistence of new and old keys. The mobile terminal stores the current key and key status, allowing the new key and the old key to coexist for a period of time. When the new key cannot decrypt file information, the old key can be used to decrypt the file information. This solves the problem in actual commercial use where the new key cannot decrypt file information encrypted with the old key, enabling the mobile terminal to encrypt or decrypt normally during the key update transition period.
[0109] Another aspect of this application provides a key update device, such as... Figure 11 As shown, Figure 11 This is a schematic diagram illustrating the structure of a key update device according to an exemplary embodiment of this application. The key update device is applied to a mobile terminal and includes:
[0110] The matching module 1110 is configured to perform a matching operation between the received update key and the existing key to obtain a matching result.
[0111] The update module 1130 is configured to update the existing key to the historical key and update the update key to the existing key if the matching result indicates that the update key and the existing key are not the same key.
[0112] The deletion module 1150 is configured to delete the historical key if the matching result indicates that the updated key and the existing key are the same key, and the mobile terminal is detected to include a historical key.
[0113] In another exemplary embodiment, the mobile terminal includes a hash map for storing key data, the key data including keys corresponding to various types of keys. The key update device further includes:
[0114] The zero-value detection module is configured to detect whether the number of keys in the hash map is zero; the number of keys is positively correlated with the amount of stored key data.
[0115] The zero-value module is configured to store the updated key as the existing key if the number of keys in the hash map is detected to be zero.
[0116] The non-zero value module is configured to perform a matching operation between the received update key and the existing key if a non-zero number of keys is detected in the hash map table, and obtain the matching result.
[0117] In another exemplary embodiment, the mobile terminal includes a hash mapping table for storing keys corresponding to historical keys; the key update device further includes:
[0118] The detection module is configured to detect whether the hash map table stores the key corresponding to the historical key.
[0119] The first detection result module is configured to obtain a detection result representing the mobile terminal, including historical keys, if it exists.
[0120] The second detection result module is configured to, if it does not exist, obtain a detection result indicating that the mobile terminal does not include historical keys.
[0121] In another exemplary embodiment, the mobile terminal includes a hash mapping table storing fields corresponding to existing keys; the matching module 1110 includes:
[0122] The update field retrieval unit is configured to retrieve the update field corresponding to the update key in the hash map table.
[0123] The field detection unit is configured to detect whether the updated field is the same as the field corresponding to the existing key.
[0124] The first detection result unit is configured to obtain a matching result indicating that the updated key and the existing key are the same key if they are the same.
[0125] The second detection result unit is configured to obtain a matching result indicating that the updated key and the existing key are not the same key if they are different.
[0126] In another exemplary embodiment, the hash map table also stores fields corresponding to historical keys.
[0127] The update module 1130 includes an update unit configured to update the field corresponding to the existing key to the field corresponding to the historical key, and update the updated field to the field corresponding to the existing key.
[0128] The deletion module 1150 includes a deletion unit configured to set the field corresponding to the historical key in the hash map table to zero.
[0129] In another exemplary embodiment, the key update device further includes:
[0130] The initial key receiving module is configured to receive the initial key issued by the near-domain service management platform.
[0131] The storage module is configured to store the initial key as an existing key.
[0132] In another exemplary embodiment, the detection result characterizes the mobile terminal as including a historical key; the key update device further includes:
[0133] The sending module is configured to send the current existing key and the historical key to the near-domain service management platform so that the near-domain service management platform can determine whether to issue an updated key again.
[0134] It should be noted that the key update device provided in the above embodiments and the key update method provided in the foregoing embodiments belong to the same concept. The specific way in which each module and unit performs operations has been described in detail in the method embodiments, and will not be repeated here.
[0135] Another aspect of this application provides an electronic device, including: a controller; and a memory for storing one or more programs, which, when executed by the controller, perform the key update method described above.
[0136] Please see Figure 12 , Figure 12 This is a schematic diagram of the structure of a computer system for an electronic device, illustrating an exemplary embodiment of this application. It shows a schematic diagram of the structure of a computer system suitable for implementing the embodiments of this application.
[0137] It should be noted that, Figure 12 The computer system 1200 of the electronic device shown is merely an example and should not impose any limitation on the functionality and scope of use of the embodiments of this application.
[0138] like Figure 12 As shown, the computer system 1200 includes a Central Processing Unit (CPU) 1201, which can perform various appropriate actions and processes, such as executing the methods described in the above embodiments, based on programs stored in Read-Only Memory (ROM) 1202 or programs loaded from storage portion 1208 into Random Access Memory (RAM) 1203. The RAM 1203 also stores various programs and data required for system operation. The CPU 1201, ROM 1202, and RAM 1203 are interconnected via a bus 1204. An Input / Output (I / O) interface 1205 is also connected to the bus 1204.
[0139] The following components are connected to I / O interface 1205: an input section 1206 including a keyboard, mouse, etc.; an output section 1207 including a cathode ray tube (CRT), liquid crystal display (LCD), etc., and speakers, etc.; a storage section 1208 including a hard disk, etc.; and a communication section 1209 including a network interface card such as a LAN (Local Area Network) card, modem, etc. The communication section 1209 performs communication processing via a network such as the Internet. A drive 1210 is also connected to I / O interface 1205 as needed. Removable media 1211, such as a disk, optical disk, magneto-optical disk, semiconductor memory, etc., are installed on drive 1210 as needed so that computer programs read from them can be installed into storage section 1208 as needed.
[0140] Specifically, according to embodiments of this application, the processes described above with reference to the flowcharts can be implemented as computer software programs. For example, embodiments of this application include a computer program product comprising a computer program carried on a computer-readable medium, the computer program including a computer program for performing the methods shown in the flowcharts. In such embodiments, the computer program can be downloaded and installed from a network via communication section 1209, and / or installed from removable medium 1211. When the computer program is executed by central processing unit (CPU) 1201, it performs various functions defined in the system of this application.
[0141] It should be noted that the computer-readable medium shown in the embodiments of this application can be a computer-readable signal medium or a computer-readable storage medium, or any combination of the two. A computer-readable storage medium can be, for example, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples of a computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer disk, a hard disk, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM), flash memory, optical fiber, portable compact disc read-only memory (CD-ROM), optical storage device, magnetic storage device, or any suitable combination thereof. In this application, a computer-readable storage medium can be any tangible medium containing or storing a program that can be used by or in conjunction with an instruction execution system, apparatus, or device. In this application, a computer-readable signal medium can include a data signal propagated in baseband or as part of a carrier wave, carrying a computer-readable computer program. The transmitted data signal can take various forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination thereof. The computer-readable signal medium can also be any computer-readable medium other than a computer-readable storage medium, which can send, propagate, or transmit a program for use by or in connection with an instruction execution system, apparatus, or device. The computer program contained on the computer-readable medium can be transmitted using any suitable medium, including but not limited to wireless, wired, etc., or any suitable combination thereof.
[0142] The flowcharts and block diagrams in the accompanying drawings illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various embodiments of this application. Each block in a flowchart or block diagram may represent a module, segment, or portion of code, which contains one or more executable instructions for implementing a specified logical function. It should also be noted that in some alternative implementations, the functions indicated in the blocks may occur in a different order than those indicated in the drawings. For example, two consecutively indicated blocks may actually be executed substantially in parallel, and they may sometimes be executed in reverse order, depending on the functions involved. It should also be noted that each block in a block diagram or flowchart, and combinations of blocks in a block diagram or flowchart, may be implemented using a dedicated hardware-based system that performs the specified function or operation, or using a combination of dedicated hardware and computer instructions.
[0143] The units described in the embodiments of this application can be implemented in software or hardware, and the described units can also be located in a processor. The names of these units do not necessarily limit the specific unit itself.
[0144] Another aspect of this application provides a computer-readable storage medium storing a computer program that, when executed by a processor, implements the aforementioned key update method. This computer-readable storage medium may be included in the electronic device described in the above embodiments, or it may exist independently and not assembled into the electronic device.
[0145] Another aspect of this application provides a computer program product or computer program including computer instructions stored in a computer-readable storage medium. A processor of a computer device reads the computer instructions from the computer-readable storage medium and executes the computer instructions, causing the computer device to perform the key update method provided in the various embodiments described above.
[0146] According to one aspect of the embodiments of this application, a computer system is also provided, including a Central Processing Unit (CPU), which can perform various appropriate actions and processes based on a program stored in read-only memory (ROM) or a program loaded from storage into random access memory (RAM), such as performing the methods described above. Various programs and data required for system operation are also stored in the RAM. The CPU, ROM, and RAM are interconnected via a bus. Input / output (I / O) interfaces are also connected to the bus.
[0147] The following components are connected to the I / O interface: input components including keyboards, mice, etc.; output components including cathode ray tubes (CRTs), liquid crystal displays (LCDs), and speakers; storage components including hard drives; and communication components including network interface cards such as LAN (Local Area Network) cards and modems. The communication components perform communication processing via networks such as the Internet. Drives are also connected to the I / O interface as needed. Removable media, such as disks, optical discs, magneto-optical discs, semiconductor memories, etc., are installed on the drive as needed so that computer programs read from them can be installed into the storage components as required.
[0148] The above description is merely a preferred exemplary embodiment of this application and is not intended to limit the implementation of this application. Those skilled in the art can easily make corresponding modifications or alterations based on the main concept and spirit of this application. Therefore, the scope of protection of this application should be determined by the scope of protection claimed in the claims.
Claims
1. A key update method, characterized in that, Applied to a mobile terminal, the mobile terminal includes a hash mapping table storing fields corresponding to existing keys and historical keys; key data includes keys corresponding to various types of keys; the method includes: Check whether the number of keys in the hash map table is zero; wherein, the number of keys is positively correlated with the amount of stored key data; If the number of keys in the hash map is detected to be zero, the mobile terminal does not store a key and stores the updated key as the existing key. If the number of keys in the hash map is detected to be non-zero, the mobile terminal stores the existing key, and performs a matching operation between the received updated key and the existing key to obtain a matching result. If the matching result indicates that the updated key and the existing key are not the same key, then the field corresponding to the existing key is updated to the field corresponding to the historical key, and the updated field is updated to the field corresponding to the existing key; If the matching result indicates that the updated key and the existing key are the same key, and the mobile terminal is found to include a historical key, then the existing key is not updated, and the field corresponding to the historical key in the hash mapping table is set to zero to delete the field corresponding to the historical key; The step of matching the received updated key with the existing key to obtain the matching result includes: Obtain the update field corresponding to the update key in the hash map table; Check whether the updated field is the same as the field corresponding to the existing key; If they are the same, then a matching result is obtained indicating that the updated key and the existing key are the same key; If they are different, a matching result is obtained indicating that the updated key and the existing key are not the same key.
2. The method according to claim 1, characterized in that, The mobile terminal includes a hash mapping table for storing the keys corresponding to the historical keys; the method further includes: Check whether the hash map table stores the key corresponding to the historical key; If it exists, a detection result is obtained that indicates the mobile terminal includes the historical key; If it does not exist, a detection result is obtained indicating that the mobile terminal does not include the historical key.
3. The method according to any one of claims 1 to 2, characterized in that, Before performing the matching operation between the received updated key and the existing key to obtain the matching result, the method further includes: Receive the initial key issued by the near-domain business management platform; The initial key is stored as the existing key.
4. The method according to any one of claims 1 to 2, characterized in that, The detection results indicate that the mobile terminal includes the historical key; After updating the update key to the existing key, the method further includes: The current and historical keys are sent to the near-domain service management platform so that the near-domain service management platform can determine whether to reissue the updated key.
5. A key update device, characterized in that, Applied to a mobile terminal, the mobile terminal includes a hash mapping table storing fields corresponding to existing keys and historical keys; key data includes keys corresponding to various types of keys; the key update device includes: A zero-value detection module is configured to detect whether the number of keys in the hash map table is zero; wherein the number of keys is positively correlated with the amount of stored key data. The zero-value module is configured to, if the number of keys in the hash map is detected to be zero, then the mobile terminal does not store a key and stores the updated key as the existing key. The non-zero value module is configured to, if the number of keys in the hash map table is detected to be non-zero, then the mobile terminal stores the existing key, and performs a matching operation between the received updated key and the existing key to obtain a matching result; The update module is configured to update the field corresponding to the existing key to the field corresponding to the historical key and update the updated field to the field corresponding to the existing key if the matching result indicates that the updated key and the existing key are not the same key. The deletion module is configured to, if the matching result indicates that the updated key and the existing key are the same key, and the mobile terminal is detected to include a historical key, then not to update the existing key, and to set the field corresponding to the historical key in the hash mapping table to zero, so as to delete the field corresponding to the historical key; The matching module is configured to obtain the update field corresponding to the update key in the hash mapping table; detect whether the update field is the same as the field corresponding to the existing key; if they are the same, a matching result indicating that the update key and the existing key are the same key is obtained; if they are different, a matching result indicating that the update key and the existing key are not the same key is obtained.
6. An electronic device, characterized in that, include: Controller; A memory for storing one or more programs that, when executed by the controller, cause the controller to implement the key update method according to any one of claims 1 to 4.
7. A computer-readable storage medium, characterized in that, It stores computer-readable instructions that, when executed by the computer's processor, cause the computer to perform the key update method according to any one of claims 1 to 4.