CN108322311B - Method and device for generating digital certificate - Google Patents
Method and device for generating digital certificate Download PDFInfo
- Publication number
- CN108322311B CN108322311B CN201810094404.XA CN201810094404A CN108322311B CN 108322311 B CN108322311 B CN 108322311B CN 201810094404 A CN201810094404 A CN 201810094404A CN 108322311 B CN108322311 B CN 108322311B
- Authority
- CN
- China
- Prior art keywords
- law enforcement
- enforcement instrument
- certificate
- equipment
- instrument
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application discloses a method and a device for generating a digital certificate, relates to the technical field of internet security, and solves the problem of security of file information recorded by a law enforcement instrument in the related art. The method comprises the following steps: when a local certificate of law enforcement equipment does not exist in the law enforcement instrument, a certificate import request is sent to an upper-level system, and the certificate import request is used for requesting the upper-level system to digitally sign the law enforcement equipment and generate the local certificate of the law enforcement equipment; importing a local certificate of the law enforcement instrument equipment digitally signed by the superior system into the law enforcement instrument; and digitally signing the file information in the law enforcement instrument according to the local certificate of the law enforcement instrument equipment to generate a digital certificate of the file information in the law enforcement instrument. The method and the device are suitable for generating the digital certificate.
Description
Technical Field
The invention relates to the technical field of internet security, in particular to a method and a device for generating a digital certificate.
Background
The law enforcement officer can digitally record the dynamic and static field conditions through a law enforcement instrument in the law enforcement process, such as shooting into files like videos and pictures, and the like, so that the law enforcement officer can conveniently use the law enforcement officer in various environments.
The security of documents in law enforcement is particularly important since they may be related to important secrets or may be evidence of a forensic case, with some legal effectiveness, and if not properly stored, they are susceptible to being stolen or tampered by others.
Disclosure of Invention
The embodiment of the invention provides a method and a device for generating a digital certificate, which solve the problem of safety of file information recorded by a law enforcement instrument in the related art.
According to an aspect of the embodiments of the present invention, there is provided a method for generating a digital certificate, including: when a local certificate of law enforcement equipment does not exist in the law enforcement instrument, a certificate import request is sent to an upper-level system, and the certificate import request is used for requesting the upper-level system to digitally sign the law enforcement equipment and generate the local certificate of the law enforcement equipment; importing a local certificate of the law enforcement instrument equipment digitally signed by the superior system into the law enforcement instrument; and digitally signing the file information in the law enforcement instrument according to the local certificate of the law enforcement instrument equipment to generate a digital certificate of the file information in the law enforcement instrument.
Further, before the sending of the certificate import request to the superior system, the method includes: acquiring attribute information of the law enforcement instrument; the sending of the certificate import request to the superior system specifically includes: and sending a certificate import request carrying the attribute information of the law enforcement instrument to a superior system, so that the superior system carries out digital signature on the law enforcement instrument equipment according to the attribute information of the law enforcement instrument.
Further, after the importing the local certificate of the law enforcement instrument device digitally signed by the superordinate system into a law enforcement instrument, the method further comprises: verifying the local certificate of the law enforcement instrument device.
Further, the verifying the local certificate digitally signed by the superior system includes: extracting signature data from a local certificate of the law enforcement instrument device; comparing the signature data with attribute information of the law enforcement instrument; if the comparison result is consistent, the verification is passed, and the local certificate of the law enforcement instrument equipment is reserved; and if not, deleting the local certificate of the law enforcement instrument equipment if the verification fails.
Further, the signature data includes signature digest information and signature encryption information, and comparing the signature data with the attribute information of the law enforcement instrument includes: decrypting the signature data according to the signature encryption information; and judging whether the digest information in the decrypted signature data is consistent with the digest information of the law enforcement instrument.
According to another aspect of the embodiments of the present invention, there is provided a digital certificate generation apparatus, including: the system comprises a sending unit, a certificate importing unit and a certificate importing unit, wherein the sending unit is used for sending a certificate importing request to an upper-level system when a local certificate of law enforcement equipment does not exist in the law enforcement equipment, and the certificate importing request is used for requesting the upper-level system to digitally sign the law enforcement equipment and generating the local certificate of the law enforcement equipment; the importing unit is used for importing the local certificate of the law enforcement instrument equipment digitally signed by the superior system into the law enforcement instrument; and the generation unit is used for digitally signing the file information in the law enforcement instrument according to the local certificate of the law enforcement instrument equipment to generate a digital certificate of the file information in the law enforcement instrument.
Further, the apparatus further comprises: the acquisition unit is used for acquiring the attribute information of the law enforcement instrument; the sending unit is specifically configured to send a certificate import request carrying attribute information of a law enforcement instrument to a superior system, so that the superior system performs digital signature on the law enforcement instrument device according to the attribute information of the law enforcement instrument.
Further, the apparatus further comprises: and the verification unit is used for verifying the local certificate of the law enforcement instrument equipment.
Further, the authentication unit includes: an extraction module for extracting signature data from a local certificate of the law enforcement instrument device; the comparison module is used for comparing the signature data with the attribute information of the law enforcement instrument; the first verification module is used for passing the verification and reserving the local certificate of the law enforcement instrument equipment if the comparison result is consistent; and the second verification module is used for deleting the local certificate of the law enforcement instrument equipment if the comparison result is inconsistent and the verification fails.
Further, the signature data includes signature digest information and signature encryption information, and the comparison module is specifically configured to decrypt the signature data according to the signature encryption information; the comparison module is specifically used for judging whether the digest information in the decrypted signature data is consistent with the digest information of the law enforcement instrument.
According to the method and the system, when the local certificate of the law enforcement instrument does not exist in the law enforcement instrument, the certificate import request is sent to the superior system, the local certificate of the law enforcement instrument digitally signed by the superior system is imported into the law enforcement instrument, the law enforcement instrument is digitally signed by the superior system, the use safety of the law enforcement instrument can be guaranteed, the file information in the law enforcement instrument is digitally signed according to the local certificate of the law enforcement instrument, the digital certificate of the file information in the law enforcement instrument is generated, and the use safety of the file information in the law enforcement instrument can be guaranteed. Compared with the method for generating the digital certificate in the prior art, the method for generating the digital certificate in the law enforcement instrument has the advantages that the local certificate signed by the superior system is led into the law enforcement instrument, file information in the law enforcement instrument is signed according to the local certificate, the law enforcement instrument has safe users, files in the signed law enforcement instrument have non-repudiation performance, information such as files recorded in the law enforcement instrument and the law enforcement instrument has legal effectiveness after being digitally signed, the problem that file information recorded in the law enforcement instrument in the prior art is tampered is solved, and the safety of law enforcement evidence is guaranteed.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
FIG. 1 is a first flowchart of a method for generating a digital certificate according to an embodiment of the present invention;
FIG. 2 is a flow chart of a method for generating a digital certificate according to an embodiment of the present invention;
FIG. 3 is a flow diagram of a method for generating a digital certificate in a law enforcement instrument device, according to an embodiment of the present invention;
fig. 4 is a first block diagram of the structure of a digital certificate generation apparatus according to an embodiment of the present invention;
fig. 5 is a block diagram of the structure of a digital certificate generation apparatus according to an embodiment of the present invention;
fig. 6 is a block diagram of the structure of a digital certificate generation apparatus according to an embodiment of the present invention.
Detailed Description
The invention will be described in detail hereinafter with reference to the accompanying drawings in conjunction with embodiments. It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
In this embodiment, a method for generating a digital certificate is provided, and fig. 1 is a first flowchart of a method for generating a digital certificate according to an embodiment of the present invention, as shown in fig. 1, the flowchart includes the following steps:
step S101, when a local certificate of the law enforcement instrument does not exist in the law enforcement instrument, a certificate import request is sent to an upper system;
the law enforcement instrument is also called police law enforcement recorder or field law enforcement recorder, is a high-tech police individual product designed and researched according to the actual requirements of law enforcement departments, and is suitable for various police. The digital video camera, the digital camera, the talkback transmitter and the like are integrated, and dynamic and static field conditions can be digitally recorded in the law enforcement process. The law enforcement instrument can provide effective on-site image data for case commanding, detecting and checking authorities to obtain evidence.
The security of the law enforcement instrument is particularly important because the content of the document recorded in the law enforcement instrument may relate to confidential information and the like, and once the content is tampered or deleted by others, the evidence may be insufficient or lost, and the judgment of a court is affected, so that not all persons can use the law enforcement instrument at will. According to the embodiment of the invention, before the law enforcement instrument records the file information, whether the local certificate of the law enforcement instrument exists in the law enforcement instrument equipment needs to be judged, the local certificate of the law enforcement instrument equipment is equivalent to the identity certification of a superior system for the law enforcement instrument equipment, the attribute information of the law enforcement instrument is digitally signed through the superior system to obtain the local certificate, and the law enforcement instrument and a user are efficiently and uniformly managed. The superior system is usually a competent department of a law enforcement instrument equipment usage unit or a superior unit, and is not specifically limited herein, and if the law enforcement instrument equipment usage unit is a police station, the superior system may be a police administration department or a government police department, and the like. The attribute information of the law enforcement instrument may include, but is not limited to, attribute information about law enforcement instrument devices, such as law enforcement instrument user information, law enforcement instrument usage information, law enforcement instrument number, and the like, and embodiments of the present invention are not limited thereto.
It should be noted that the local certificate of the law enforcement device is equivalent to a string of numbers which mark the identity information of each party in communication in internet communication, and provides a way for verifying the identity of the communication entity, and is not the digital identity card of the law enforcement device, but a signature on the digital identity card of the law enforcement device is signed by an authority, wherein the authority is a superior system of a user of the law enforcement device.
Step S102, importing a local certificate of the law enforcement instrument equipment digitally signed by the superior system into the law enforcement instrument;
the local certificate in the law enforcement instrument is equivalent to the authentication of a superior system to the law enforcement instrument equipment, and the local certificate contains the information of the superior system to a user of the law enforcement instrument equipment and the digital signature of the information of the law enforcement instrument equipment.
According to the embodiment of the invention, the local certificate digitally signed by the superior system allows users meeting the signature condition to use, prevents other users not meeting the signature condition from using, and can not cause abuse phenomenon of the law enforcement instrument by importing the local certificate of the law enforcement instrument digitally signed by the superior system into the law enforcement instrument, thereby ensuring the safety of the law enforcement instrument in use.
And step S103, carrying out digital signature on the file information in the law enforcement instrument according to the local certificate of the law enforcement instrument equipment to generate a digital certificate of the file information in the law enforcement instrument.
The files in the law enforcement instrument can be video information, picture information or audio information and the like recorded by the law enforcement instrument, and the specific file information can include but is not limited to the name, recording time, file size and the like of the files. Similarly, while the safety of the law enforcement instrument is protected, the safety of the document information in the law enforcement instrument is also important, and other people are not allowed to tamper or delete the document information randomly, so that the embodiment of the invention digitally signs the document information in the law enforcement instrument. During signing, the law enforcement instrument device automatically generates a digital certificate through local software of the law enforcement instrument device by acquiring digest information of a file in the law enforcement instrument and through public key information, an encryption algorithm and the like in the local certificate, and because the file information subjected to digital signing uses a mathematical algorithm, such as an SHA-256 algorithm, or the algorithm operation encrypts the file information, the encrypted digital signature file cannot be reversed and decrypted under the condition that decryption authorization is not obtained, and the security is higher.
For the embodiment of the invention, the file information digitally signed in the law enforcement instrument is equivalent to encrypting the file information in the law enforcement instrument, so that the file information can be prevented from being falsified in the transmission process, the file data can not be forged, the file information in the law enforcement instrument is further digitally signed according to the local certificate in the law enforcement instrument, and a digital certificate of the file information in the law enforcement instrument is generated.
It should be noted that the encryption technology of the core in the digital certificate can encrypt and decrypt the information to be transmitted, digitally sign and sign, etc., and the confidentiality, integrity and non-repudiation, etc. of the file information transmission process in the law enforcement instrument can be ensured by the digital certificate generated after digitally signing the file information in the law enforcement instrument.
According to the method for generating the digital certificate, when the local certificate of the law enforcement instrument does not exist in the law enforcement instrument, the certificate import request is sent to the superior system, the local certificate of the law enforcement instrument digitally signed by the superior system is imported into the law enforcement instrument, the law enforcement instrument is digitally signed by the superior system, the use safety of the law enforcement instrument can be guaranteed, the file information in the law enforcement instrument is digitally signed according to the local certificate of the law enforcement instrument, the digital certificate of the file information in the law enforcement instrument is generated, and the use safety of the file information in the law enforcement instrument can be guaranteed. Compared with the method for generating the digital certificate in the prior art, the method for generating the digital certificate in the law enforcement instrument has the advantages that the local certificate signed by the superior system is led into the law enforcement instrument, file information in the law enforcement instrument is signed according to the local certificate, the law enforcement instrument has safe users, files in the signed law enforcement instrument have non-repudiation performance, information such as files recorded in the law enforcement instrument and the law enforcement instrument has legal effectiveness after being digitally signed, the problem that file information recorded in the law enforcement instrument in the prior art is tampered is solved, and the safety of law enforcement evidence is guaranteed.
Fig. 2 is a second flowchart of a method for generating a digital certificate according to an embodiment of the present invention, and as shown in fig. 2, the flowchart includes the following steps:
step S201, when a local certificate of law enforcement instrument equipment does not exist in a law enforcement instrument, acquiring attribute information of the law enforcement instrument;
the attribute information of the law enforcement instrument may include, but is not limited to, attribute information about law enforcement instrument devices, such as law enforcement instrument user information, law enforcement instrument usage information, law enforcement instrument numbers, and the like, and embodiments of the present invention are not limited thereto.
For example, the attribute information of a law enforcement instrument may be: the law enforcement instrument is the police station in district C, city B, province A, the law enforcement instrument user is the police leaflet, the police number is 310612, the law enforcement instrument number is D0228, and the like.
It should be noted that, the attribute information of the law enforcement instrument is generally unique or deterministic, such as the law enforcement instrument number, and the law enforcement instrument usage unit and the law enforcement instrument usage information are deterministic and not arbitrarily changed, so the attribute information of the law enforcement instrument is used for identifying the law enforcement instrument device.
Step S202, sending a certificate import request carrying attribute information of a law enforcement instrument to an upper-level system;
the security of the law enforcement instrument equipment may affect the security of the equipment in the law enforcement instrument, so before the law enforcement instrument records file information, the superior system performs digital signature on the attribute information of the law enforcement instrument, specifically, after the law enforcement instrument acquires the attribute information of the law enforcement instrument, the attribute information of the law enforcement instrument generates a request file packet, and further sends a certificate import request to the superior system, wherein the certificate import request is used for requesting the superior system to perform digital signature on the law enforcement instrument equipment and generating a local certificate of the law enforcement instrument equipment.
For the embodiment of the present invention, the request file packet carrying the attribute information of the law enforcement instrument is sent to the certificate import request of the superior system, so that the superior system digitally signs the attribute information of the law enforcement instrument according to the request file packet, and specifically, the superior system may use a mathematical algorithm, such as SHA-1, SHA-128, SHA-256, or other algorithms, the mathematical algorithm used in the embodiment of the present invention is not limited, and may include but not limited to the above algorithm to encrypt the attribute information of the law enforcement instrument, so as to obtain the digitally signed law enforcement instrument attribute information file, and generate the local certificate.
It should be noted that, in the embodiment of the present invention, the manner in which the superior system digitally signs the attribute information of the law enforcement instrument is not limited, and in the prior art, the digital signature public key information is encrypted by using the SHA-256 algorithm. The SHA-256 algorithm is one of hash algorithms, is suitable for digital signature data authentication, and cannot be decrypted irreversibly in an encryption process without decryption authorization.
Step S203, importing the local certificate of the law enforcement instrument equipment digitally signed by the superior system into the law enforcement instrument;
the signed law enforcement instrument attribute letter contains public key information, owner identity information and a digital signature of a superior system on the law enforcement instrument attribute information, so that the whole content of the law enforcement instrument attribute information file is correct. The law enforcement owner can indicate the owner identity to other users or equipment by means of the attribute information file, and the other party obtains trust and authorizes access or use of certain sensitive computer services. A computer or other users can verify the content of the local certificate through a certain program, including whether the certificate is expired or not and whether the digital signature is valid or not, and if a superior system is trusted, the secret key on the certificate can be trusted, and the computer or other users can reliably communicate with the owner by public key encryption.
For the embodiment of the invention, the local certificate of the law enforcement instrument equipment digitally signed by the superior system is introduced into the law enforcement instrument, so that the sensitive personal data of the user, such as the birth date, the identification number and the like, can not be transmitted to the computer system of a data requester during the authentication of the identity of the user of the law enforcement instrument.
Step S204, verifying the local certificate of the law enforcement instrument equipment;
after a certificate import request carrying attribute information of a law enforcement instrument is sent to an upper-level system, due to the fact that a security problem exists in the data transmission process or the superior system sends an error condition, the number of the law enforcement instrument is wrongly recorded or the superior system sends the signed attribute information of the law enforcement instrument to an un-corresponding law enforcement instrument, if the attribute information of the law enforcement instrument numbered 11100 is sent to the law enforcement instrument numbered 11101, the attribute information cannot be matched with the attribute information of a correct law enforcement instrument, if the attribute information of file information in a subsequent law enforcement instrument is wrong in time, a local certificate of law enforcement instrument equipment digitally signed by the superior system needs to be verified, the confirmed local certificate can be stored in the law enforcement instrument equipment, and the security of the law enforcement instrument equipment in the using process is guaranteed.
For the embodiment of the invention, signature data, such as signed superior organization name and attribute information of the law enforcement instrument, can be extracted from the local certificate of the law enforcement instrument digitally signed by the superior system, and the signature data is compared with the attribute information of the law enforcement instrument, usually the attribute information of the law enforcement instrument needs to be compared one by one, of course, several fixed attribute information can be selected for comparison, such as abstract information of the law enforcement instrument, serial number of the law enforcement instrument, and the like, if the comparison result is consistent, the corresponding relationship between the law enforcement instrument digitally signed by the superior system and the current law enforcement instrument is correct, the verification is passed, the local certificate of the law enforcement instrument is retained, if the comparison result is inconsistent, the corresponding relationship between the law enforcement instrument digitally signed by the superior system and the current law enforcement instrument is wrong, the verification is failed, the local certificate of the law enforcement instrument is deleted, the certificate import request needs to be sent to the upper-level system again.
It should be noted that, since the law enforcement instrument needs to perform encryption processing during the process of digital signature by the upper system, the signature data needs to be decrypted in advance according to the signature encryption information during the process of verifying the local certificate digitally signed by the upper system, so as to determine whether the digest information in the decrypted signature data is consistent with the digest information of the law enforcement instrument.
And step S205, digitally signing the file information in the law enforcement instrument according to the local certificate of the law enforcement instrument equipment to generate a digital certificate of the file information in the law enforcement instrument.
According to the embodiment of the invention, when file information such as video files, photo files or log files recorded in the law enforcement instrument equipment needs to be digitally signed, the law enforcement instrument equipment automatically generates the digital certificate through local software of the law enforcement instrument equipment by acquiring the summary information of the files in the law enforcement instrument and through public key information, an encryption algorithm and the like in the local certificate.
It should be noted that, if the local certificate of the law enforcement instrument device exists in the law enforcement instrument, after the local certificate of the law enforcement instrument device is verified, the file information in the law enforcement instrument can be digitally signed directly according to the local certificate of the law enforcement instrument device without sending a certificate import request to the superior system.
The trust chain architecture is formed by digital certificate sent by digital signature verification and public key certification sent by using public key encryption as digital signature verification, the trust chain architecture is realized in TLS, introduced and widely applied in HTTP of world wide web by HTTPS and SMTP of E-mail by STARTTLS, and the current standard in the industry is X.509 established by telecommunication standardization department of International telecommunication Union, and is described in detail by RFC5208 issued by IETF. In many advanced countries, legislation has been granted that digital signatures made using digital certificates have legal power equivalent to in-person signatures.
It should be noted that, in the embodiment of the present invention, the specification of the generated digital certificate is not limited, and may be an x.509 certificate, or may be in other forms, and the specific x.509 digital certificate specification may include the following fields:
version: the current universal version is V3
Sequence number: for identifying each certificate, particularly when revoking a certificate
A main body: a legal or natural person identity or machine possessing such a certificate, comprising:
country (C, Country)
State/province (S, State)
Region/city (L, Location)
Organization/unit (O, Organization)
Common Name (CN, Common Name): in TLS applications, this field is typically the network domain
The issuer: digital certificate authority for signing the certificate in digital signature form
Expiration date start time: the time of validity of the certificate, the certificate not having been validated before
Expiration date end time: the end time of validity of the certificate, after which the certificate is revoked
Public key usage: specifying the use of public keys on certificates, e.g. digital signatures, server authentication, client authentication, etc
Public key
Public key fingerprint
Digital signature
Digital signature algorithm
Principal alias
For the embodiment of the present invention, a specific application scenario may be as follows, but is not limited thereto, as shown in fig. 3, fig. 3 is a flowchart of a method for generating a digital certificate in law enforcement equipment, and specifically includes: before recording by using a law enforcement instrument, firstly judging whether a local certificate of the law enforcement instrument exists in the law enforcement instrument equipment, if the local certificate of the law enforcement instrument does not exist, acquiring attribute information of the law enforcement instrument equipment, sending a certificate import request carrying the attribute information of the law enforcement instrument to an upper-level system so that the upper-level system digitally signs the law enforcement instrument equipment according to the attribute information of the law enforcement instrument and generates the local certificate of the law enforcement instrument equipment, importing the local certificate of the law enforcement instrument equipment digitally signed by the upper-level system into the law enforcement instrument equipment, verifying the local certificate of the law enforcement instrument equipment by comparing the attribute information of the law enforcement instrument equipment with signature data of the law enforcement instrument equipment extracted from the local certificate, if the result is inconsistent, the verification is failed, deleting the local certificate of the law enforcement instrument equipment, and requesting the upper-level system to regenerate the local certificate, if the verification result is consistent, the verification is passed, the local certificate of the law enforcement instrument equipment is reserved, the video abstract, the attribute information of the law enforcement instrument, the user information and the key of the local certificate are further acquired, the file information recorded by the law enforcement instrument is signed through local software of the law enforcement instrument equipment, and a digitally signed X.509 digital certificate is generated, so that video files, sound recording files, log files and the like including but not limited to other files recorded by the law enforcement instrument equipment and the signed X.509 digital certificate are stored on a TF card, the safety of the file information in the law enforcement instrument is ensured, if the local certificate of the law enforcement instrument equipment exists in the law enforcement instrument equipment, a certificate import request is not required to be sent to a superior system, the local certificate is imported, the local certificate of the law enforcement instrument equipment is directly verified, and the file information recorded by the law enforcement instrument equipment is digitally signed, a digitally signed x.509 digital certificate is generated.
According to the method for generating the digital certificate, when the local certificate of the law enforcement instrument does not exist in the law enforcement instrument, the certificate import request is sent to the superior system, the local certificate of the law enforcement instrument digitally signed by the superior system is imported into the law enforcement instrument, the law enforcement instrument is digitally signed by the superior system, the use safety of the law enforcement instrument can be guaranteed, the file information in the law enforcement instrument is digitally signed according to the local certificate of the law enforcement instrument, the digital certificate of the file information in the law enforcement instrument is generated, and the use safety of the file information in the law enforcement instrument can be guaranteed. Compared with the method for generating the digital certificate in the prior art, the method for generating the digital certificate in the law enforcement instrument has the advantages that the local certificate signed by the superior system is led into the law enforcement instrument, file information in the law enforcement instrument is signed according to the local certificate, the law enforcement instrument has safe users, files in the signed law enforcement instrument have non-repudiation performance, information such as files recorded in the law enforcement instrument and the law enforcement instrument has legal effectiveness after being digitally signed, the problem that file information recorded in the law enforcement instrument in the prior art is tampered is solved, and the safety of law enforcement evidence is guaranteed.
Fig. 4 is a block diagram showing a first structure of an apparatus for generating a digital certificate according to an embodiment of the present invention, as shown in fig. 4, the apparatus includes:
the sending unit 31 may be configured to send a certificate import request to the superior system when a local certificate of the law enforcement instrument device does not exist in the law enforcement instrument, where the certificate import request is used to request the superior system to digitally sign the law enforcement instrument device and generate the local certificate of the law enforcement instrument device;
an importing unit 32, which can be used to import the local certificate of the law enforcement instrument digitally signed by the superior system into the law enforcement instrument;
the generating unit 33 may be configured to digitally sign the document information in the law enforcement instrument according to the local certificate of the law enforcement instrument device, and generate a digital certificate of the document information in the law enforcement instrument.
According to the device for generating the digital certificate, provided by the embodiment of the invention, when the local certificate of the law enforcement instrument does not exist in the law enforcement instrument, the certificate import request is sent to the superior system, the local certificate of the law enforcement instrument digitally signed by the superior system is imported into the law enforcement instrument, the digital signature is carried out on the law enforcement instrument through the superior system, the use safety of the law enforcement instrument can be ensured, the file information in the law enforcement instrument is further digitally signed according to the local certificate of the law enforcement instrument, the digital certificate of the file information in the law enforcement instrument is generated, and the use safety of the file information in the law enforcement instrument can be ensured. Compared with the method for generating the digital certificate in the prior art, the method for generating the digital certificate in the law enforcement instrument has the advantages that the local certificate signed by the superior system is led into the law enforcement instrument, file information in the law enforcement instrument is signed according to the local certificate, the law enforcement instrument has safe users, files in the signed law enforcement instrument have non-repudiation performance, information such as files recorded in the law enforcement instrument and the law enforcement instrument has legal effectiveness after being digitally signed, the problem that file information recorded in the law enforcement instrument in the prior art is tampered is solved, and the safety of law enforcement evidence is guaranteed.
As a further explanation of the digital certificate generating apparatus shown in fig. 4, fig. 5 is a block diagram of a structure of a digital certificate generating apparatus according to an embodiment of the present invention, and as shown in fig. 5, the apparatus further includes:
an acquisition unit 34, which can be used for acquiring the attribute information of the law enforcement instrument;
the sending unit 31 may be specifically configured to send a certificate import request carrying attribute information of a law enforcement instrument to a superordinate system, so that the superordinate system performs digital signature on the law enforcement instrument device according to the attribute information of the law enforcement instrument;
an authentication unit 35 may be used to authenticate the local certificate of the law enforcement instrument device.
Further, the verification unit 35 includes:
an extraction module 351, operable to extract signature data from a local certificate of the law enforcement instrument device;
a comparison module 352, configured to compare the signature data with attribute information of the law enforcement instrument;
the first authentication module 353 may be configured to, if the comparison result is consistent, pass the authentication and retain the local certificate of the law enforcement instrument device;
the second verification module 354 may be configured to delete the local certificate of the law enforcement device if the comparison result is inconsistent and the verification fails.
Further, the signature data includes signature digest information and signature encryption information,
the comparison module 352 may be specifically configured to decrypt the signature data according to the signature encryption information;
the comparison module 352 may be further configured to specifically determine whether digest information in the decrypted signature data is consistent with digest information of the law enforcement instrument.
According to the other digital certificate generation device provided by the embodiment of the invention, when the local certificate of the law enforcement instrument does not exist in the law enforcement instrument, the certificate import request is sent to the superior system, the local certificate of the law enforcement instrument digitally signed by the superior system is imported into the law enforcement instrument, the digital signature is carried out on the law enforcement instrument through the superior system, the use safety of the law enforcement instrument can be ensured, the file information in the law enforcement instrument is further digitally signed according to the local certificate of the law enforcement instrument, the digital certificate of the file information in the law enforcement instrument is generated, and the use safety of the file information in the law enforcement instrument can be ensured. Compared with the method for generating the digital certificate in the prior art, the method for generating the digital certificate in the law enforcement instrument has the advantages that the local certificate signed by the superior system is led into the law enforcement instrument, file information in the law enforcement instrument is signed according to the local certificate, the law enforcement instrument has safe users, files in the signed law enforcement instrument have non-repudiation performance, information such as files recorded in the law enforcement instrument and the law enforcement instrument has legal effectiveness after being digitally signed, the problem that file information recorded in the law enforcement instrument in the prior art is tampered is solved, and the safety of law enforcement evidence is guaranteed.
Fig. 6 is a block diagram of a third configuration of an apparatus for generating a digital certificate according to an embodiment of the present invention, as shown in fig. 6, the apparatus includes: a local certificate request module 41, a local certificate import module 42, a local certificate verification module 43, and a digital certificate generation module 44;
the local certificate request module 41 may be configured to request a superior system to generate a local certificate of a law enforcement instrument device;
specifically, when the local certificate of the law enforcement instrument device does not exist in the law enforcement instrument, the abstract information of the law enforcement instrument device, such as the ID of a police officer of the law enforcement instrument, the ID of the law enforcement instrument device, law enforcement units and the like, is acquired, and a certificate import request carrying the abstract information of the law enforcement instrument device is sent to a superior system, so that the superior system generates the local certificate signed by the superior system of the law enforcement instrument device according to the abstract information of the law enforcement instrument device, and the local certificate is equivalent to the identifier of the law enforcement instrument device, and can prevent users who do not meet the conditions from using the local certificate.
The local certificate import module 42 may be configured to import a local certificate of a law enforcement instrument device issued by a superordinate system into the law enforcement instrument device;
a local certificate verification module 43, which may be used to verify a local certificate of the law enforcement instrument device;
the local certificate after the digital signature of the superior system is required to be in one-to-one correspondence with the law enforcement instrument equipment, and if the digital signature has wrong correspondence, the use of the law enforcement instrument equipment is possibly unsafe, so that the confirmed local certificate can be stored on the law enforcement instrument equipment;
the digital certificate generation module 44 may be configured to digitally sign the file information recorded by the law enforcement instrument according to the local certificate of the law enforcement instrument device, and generate a digital certificate of the file information;
the specific process of generating the digital certificate of the file information may include, but is not limited to, the following implementation manners: when digital signature is needed to be carried out on video files, photo files, sound recording files or log files recorded by the law enforcement instrument, the law enforcement instrument equipment acquires summary information of the files, and the digital certificate in the X.509 format is automatically generated by local software of the law enforcement instrument equipment by adding public key information, an encryption algorithm and the like of a local certificate.
It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of multiple computing devices, and alternatively, they may be implemented by program code executable by a computing device, such that they may be stored in a storage device and executed by a computing device, and in some cases, the steps shown or described may be performed in an order different than that described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple ones of them may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (8)
1. A method for generating a digital certificate, comprising:
when a local certificate of law enforcement equipment does not exist in the law enforcement equipment, a certificate import request is sent to an upper level system, the certificate import request is used for requesting the upper level system to digitally sign the law enforcement equipment, and a local certificate of the law enforcement equipment is generated, wherein the local certificate comprises the user information of the law enforcement equipment and the digital signature of the law enforcement equipment information by the upper level system;
importing a local certificate of the law enforcement instrument equipment digitally signed by the superior system into the law enforcement instrument;
and digitally signing the file information in the law enforcement instrument according to the local certificate of the law enforcement instrument equipment to generate a digital certificate of the file information in the law enforcement instrument.
2. The method according to claim 1, wherein prior to said sending a certificate import request to a superordinate system, the method comprises:
acquiring attribute information of the law enforcement instrument;
the sending of the certificate import request to the superior system specifically includes: and sending a certificate import request carrying the attribute information of the law enforcement instrument to a superior system, so that the superior system carries out digital signature on the law enforcement instrument equipment according to the attribute information of the law enforcement instrument.
3. The method of claim 1, wherein after importing the local certificate of the law enforcement instrument device digitally signed by the superordinate system to a law enforcement instrument, the method further comprises:
verifying the local certificate of the law enforcement instrument device.
4. The method of claim 3, wherein the verifying the local certificate digitally signed by the superior system comprises:
extracting signature data from a local certificate of the law enforcement instrument device;
comparing the signature data with attribute information of the law enforcement instrument;
if the comparison result is consistent, the verification is passed, and the local certificate of the law enforcement instrument equipment is reserved;
and if not, deleting the local certificate of the law enforcement instrument equipment if the verification fails.
5. An apparatus for generating a digital certificate, comprising:
the system comprises a sending unit, a secondary system and a management unit, wherein the sending unit is used for sending a certificate import request to the secondary system when a local certificate of the law enforcement instrument device does not exist in the law enforcement instrument, the certificate import request is used for requesting the primary system to digitally sign the law enforcement instrument device and generating the local certificate of the law enforcement instrument device, and the local certificate comprises the user information of the law enforcement instrument device and the digital signature of the law enforcement instrument device information of the primary system;
the importing unit is used for importing the local certificate of the law enforcement instrument equipment digitally signed by the superior system into the law enforcement instrument;
and the generation unit is used for digitally signing the file information in the law enforcement instrument according to the local certificate of the law enforcement instrument equipment to generate a digital certificate of the file information in the law enforcement instrument.
6. The apparatus of claim 5, further comprising:
the acquisition unit is used for acquiring the attribute information of the law enforcement instrument;
the sending unit is specifically configured to send a certificate import request carrying attribute information of a law enforcement instrument to a superior system, so that the superior system performs digital signature on the law enforcement instrument device according to the attribute information of the law enforcement instrument.
7. The apparatus of claim 5, further comprising:
and the verification unit is used for verifying the local certificate of the law enforcement instrument equipment.
8. The apparatus of claim 7, wherein the authentication unit comprises:
an extraction module for extracting signature data from a local certificate of the law enforcement instrument device;
the comparison module is used for comparing the signature data with the attribute information of the law enforcement instrument;
the first verification module is used for passing the verification and reserving the local certificate of the law enforcement instrument equipment if the comparison result is consistent;
and the second verification module is used for deleting the local certificate of the law enforcement instrument equipment if the comparison result is inconsistent and the verification fails.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810094404.XA CN108322311B (en) | 2018-01-29 | 2018-01-29 | Method and device for generating digital certificate |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810094404.XA CN108322311B (en) | 2018-01-29 | 2018-01-29 | Method and device for generating digital certificate |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108322311A CN108322311A (en) | 2018-07-24 |
CN108322311B true CN108322311B (en) | 2021-01-22 |
Family
ID=62888354
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810094404.XA Active CN108322311B (en) | 2018-01-29 | 2018-01-29 | Method and device for generating digital certificate |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108322311B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109145649A (en) * | 2018-08-03 | 2019-01-04 | 金联汇通信息技术有限公司 | Method for processing video frequency, certificates constructing method and related device based on law enforcement terminal |
CN111181893A (en) * | 2018-11-09 | 2020-05-19 | 航天信息股份有限公司 | Law enforcement evidence processing method, device and system |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105023310A (en) * | 2014-04-30 | 2015-11-04 | 上海汽车集团股份有限公司 | Vehicle driving data storage method and device and vehicle driving data recorder |
CN105282122A (en) * | 2014-07-22 | 2016-01-27 | 中兴通讯股份有限公司 | Information security implementing method and system based on digital certificates |
-
2018
- 2018-01-29 CN CN201810094404.XA patent/CN108322311B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105023310A (en) * | 2014-04-30 | 2015-11-04 | 上海汽车集团股份有限公司 | Vehicle driving data storage method and device and vehicle driving data recorder |
CN105282122A (en) * | 2014-07-22 | 2016-01-27 | 中兴通讯股份有限公司 | Information security implementing method and system based on digital certificates |
Also Published As
Publication number | Publication date |
---|---|
CN108322311A (en) | 2018-07-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6938157B2 (en) | Distributed information system and protocol for affixing electronic signatures and authenticating documents | |
US6401206B1 (en) | Method and apparatus for binding electronic impressions made by digital identities to documents | |
US7475250B2 (en) | Assignment of user certificates/private keys in token enabled public key infrastructure system | |
US8656166B2 (en) | Storage and authentication of data transactions | |
US7925023B2 (en) | Method and apparatus for managing cryptographic keys | |
US6745327B1 (en) | Electronic certificate signature program | |
US20100005318A1 (en) | Process for securing data in a storage unit | |
US11531746B2 (en) | Method for electronic signing of a document by a plurality of signatories | |
CN106953732B (en) | Key management system and method for chip card | |
US20070014399A1 (en) | High assurance key management overlay | |
CN112995144A (en) | File processing method and system, readable storage medium and electronic device | |
CN112583772B (en) | Data acquisition and storage platform | |
CN108322311B (en) | Method and device for generating digital certificate | |
CN110086818B (en) | Cloud file secure storage system and access control method | |
CN115396096A (en) | Encryption and decryption method and protection system for secret file based on national cryptographic algorithm | |
KR20100114321A (en) | Digital content transaction-breakdown the method thereof | |
EP1092182A2 (en) | Apparatus and method for end-to-end authentication using biometric data | |
CN111817858A (en) | Block chain data security method based on multiple signatures | |
WO2021027982A1 (en) | System and method for electronic signature creation and management for long-term archived documents | |
US11671475B2 (en) | Verification of data recipient | |
CN115277093A (en) | Tamper verification method, system and device thereof and electronic equipment | |
Campbell | Supporting digital signatures in mobile environments | |
GB2391669A (en) | Portable device for verifying a document's authenticity | |
TWM579789U (en) | Electronic contract signing device | |
CN111414629B (en) | Electronic contract signing device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |