Configuration method and apparatus for terminal device, and communication device

The invention claimed is: 1 . A method for configuring a terminal device, comprising: generating, by a Universal Subscriber Identity Module (USIM) of the terminal device, at least one first key, wherein the at least one first key is generated by the USIM through negotiation with a Bootstrapping Server Function (BSF); generating, by the USIM of the terminal device, at least one second key based on at least one first key, and performing, by the USIM of the terminal device, at least encryption or integrity protection on at least one certificate request message based on the at least one second key; transmitting, by the USIM of the terminal device to a client of the terminal device, at least one message which comprises the at least one certificate request message at least encrypted or integrity-protected by the at least one second key; and transmitting, by the client of the terminal device to a server, at least one first request message which comprises the at least one certificate request message at least encrypted or integrity-protected by the at least one second key, and comprises a Bootstrapping-Transaction Identifier (B-TID) and a Fully Qualified Domain Name (FQDN) of the server. 2 . The method of claim 1 , further comprising: receiving, by the terminal device, at least one first response message from a server, and performing, by the terminal device, at least integrity verification or decryption on the at least one first response message based on the at least one second key, and obtaining, by the terminal device, at least one digital certificate carried in the at least one first response message. 3 . The method of claim 2 , wherein the terminal device comprises a modem, receiving, by the terminal device, the at least one first response message from the server, and performing, by the terminal device, at least integrity verification or decryption on the at least one first response message based on the at least one second key, and obtaining, by the terminal device, the at least one digital certificate carried in the at least one first response message comprises: receiving, by the client, the at least one first response message from the server, and transmitting, by the client, the at least one first response message to the USIM through the modem; performing, by the USIM, at least integrity verification or decryption on the at least one first response message based on the at least one second key; and obtaining, by the USIM, the at least one digital certificate carried in the at least one first response message after the verification is passed, and storing, by the USIM, the at least one digital certificate in a security component. 4 . The method of claim 1 , wherein the terminal device comprises a modem, generating, by the USIM of the terminal device, the at least one second key based on the at least one first key, and performing, by the USIM of the terminal device, at least encryption or integrity protection on the at least one certificate request message based on the at least one second key comprises: triggering, by the client, the USIM through the modem, to generate the at least one second key based on the at least one first key; generating, by the client, at least one first certificate request message, and transmitting, by the client, the at least one first certificate request message to the USIM through the modem; generating, by the USIM, a public/private key pair, and adding, by the USIM, the public key in the public/private key pair to the at least one first certificate request message, and signing, by the USIM, the at least one first certificate request message with the private key in the public/private key pair, to obtain at least one second certificate request message; performing, by the USIM, at least encryption or integrity protection on the at least one second certificate request message based on the at least one second key, and performing, by the USIM, the at least encryption or integrity protection including: adding, by the USIM, a first verification value to the at least one second certificate request message; and transmitting, by the USIM, the processed at least one second certificate request message to the client through the modem. 5 . The method of claim 1 , further comprising: performing, by the terminal device, a Generic Bootstrapping Architecture (GBA) authentication process or an Authentication and Key Management for Applications (AKMA) authentication process. 6 . A terminal device, comprising a memory, a processor, and a computer program stored on the memory and executable by the processor, the processor is configured to implement steps of the method of claim 1 when the processor executes the computer program. 7 . The terminal device of claim 6 , wherein the processor, when executing the computer program, is further configured to: receive at least one first response message from a server, and perform at least integrity verification or decryption on the at least one first response message based on the at least one second key, and obtain at least one digital certificate carried in the at least one first response message. 8 . A method for configuring a terminal device, comprising: receiving, by a server, at least one first request message, which comprises at least one certificate request message at least encrypted or integrity-protected by at least one second key, and comprises a Bootstrapping-Transaction Identifier (B-TID) and a Fully Qualified Domain Name (FQDN) of the server, from the terminal device; obtaining, by the server, the at least one second key from a network device, comprising: transmitting, by the server, at least one second request message to the network device, the at least one second request message being configured to request the at least one second key and comprising the B-TID and the FQDN; and receiving, by the server, at least one second response message transmitted by the network device, the at least one second response message comprising the at least one second key; and performing, by the server, at least integrity verification or decryption on the at least one first request message based on the at least one second key, and wherein in a case that the server receives the at least one first request message, the method further comprises: issuing, by the server, at least one digital certificate after authorization of the at least one first request message is passed; and transmitting, by the server, at least one first response message to the terminal device, the at least one first response message comprising the at least one digital certificate. 9 . The method of claim 8 , wherein transmitting, by the server, the at least one first response message to the terminal device comprises: constructing, by the server, the at least one first response message containing the at least one digital certificate, and performing, by the server, at least encryption or integrity protection on the at least one first response message based on the at least one second key, and performing, by the server, the at least encryption or integrity protection including: adding, by the server, a second verification value to the at least one first response message; and transmitting, by the server, the processed at least one first response message to the terminal device. 10 . The method of claim 8 , wherein the at least one first request message comprises B-TID, obtaining, by the server, the at least one second key from the network device comprises: querying, by the server, whether there is at least one second key corresponding to the B-TID; and obtaining, by the server, the at least one second key from the network device, in response to the querying result indicating