[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN108322311B - Method and device for generating digital certificate - Google Patents

Method and device for generating digital certificate Download PDF

Info

Publication number
CN108322311B
CN108322311B CN201810094404.XA CN201810094404A CN108322311B CN 108322311 B CN108322311 B CN 108322311B CN 201810094404 A CN201810094404 A CN 201810094404A CN 108322311 B CN108322311 B CN 108322311B
Authority
CN
China
Prior art keywords
law enforcement
enforcement instrument
certificate
equipment
instrument
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810094404.XA
Other languages
Chinese (zh)
Other versions
CN108322311A (en
Inventor
张少龙
明家万
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Huadean Technology Co ltd
Original Assignee
Shenzhen Huadean Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Huadean Technology Co ltd filed Critical Shenzhen Huadean Technology Co ltd
Priority to CN201810094404.XA priority Critical patent/CN108322311B/en
Publication of CN108322311A publication Critical patent/CN108322311A/en
Application granted granted Critical
Publication of CN108322311B publication Critical patent/CN108322311B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application discloses a method and a device for generating a digital certificate, relates to the technical field of internet security, and solves the problem of security of file information recorded by a law enforcement instrument in the related art. The method comprises the following steps: when a local certificate of law enforcement equipment does not exist in the law enforcement instrument, a certificate import request is sent to an upper-level system, and the certificate import request is used for requesting the upper-level system to digitally sign the law enforcement equipment and generate the local certificate of the law enforcement equipment; importing a local certificate of the law enforcement instrument equipment digitally signed by the superior system into the law enforcement instrument; and digitally signing the file information in the law enforcement instrument according to the local certificate of the law enforcement instrument equipment to generate a digital certificate of the file information in the law enforcement instrument. The method and the device are suitable for generating the digital certificate.

Description

Method and device for generating digital certificate
Technical Field
The invention relates to the technical field of internet security, in particular to a method and a device for generating a digital certificate.
Background
The law enforcement officer can digitally record the dynamic and static field conditions through a law enforcement instrument in the law enforcement process, such as shooting into files like videos and pictures, and the like, so that the law enforcement officer can conveniently use the law enforcement officer in various environments.
The security of documents in law enforcement is particularly important since they may be related to important secrets or may be evidence of a forensic case, with some legal effectiveness, and if not properly stored, they are susceptible to being stolen or tampered by others.
Disclosure of Invention
The embodiment of the invention provides a method and a device for generating a digital certificate, which solve the problem of safety of file information recorded by a law enforcement instrument in the related art.
According to an aspect of the embodiments of the present invention, there is provided a method for generating a digital certificate, including: when a local certificate of law enforcement equipment does not exist in the law enforcement instrument, a certificate import request is sent to an upper-level system, and the certificate import request is used for requesting the upper-level system to digitally sign the law enforcement equipment and generate the local certificate of the law enforcement equipment; importing a local certificate of the law enforcement instrument equipment digitally signed by the superior system into the law enforcement instrument; and digitally signing the file information in the law enforcement instrument according to the local certificate of the law enforcement instrument equipment to generate a digital certificate of the file information in the law enforcement instrument.
Further, before the sending of the certificate import request to the superior system, the method includes: acquiring attribute information of the law enforcement instrument; the sending of the certificate import request to the superior system specifically includes: and sending a certificate import request carrying the attribute information of the law enforcement instrument to a superior system, so that the superior system carries out digital signature on the law enforcement instrument equipment according to the attribute information of the law enforcement instrument.
Further, after the importing the local certificate of the law enforcement instrument device digitally signed by the superordinate system into a law enforcement instrument, the method further comprises: verifying the local certificate of the law enforcement instrument device.
Further, the verifying the local certificate digitally signed by the superior system includes: extracting signature data from a local certificate of the law enforcement instrument device; comparing the signature data with attribute information of the law enforcement instrument; if the comparison result is consistent, the verification is passed, and the local certificate of the law enforcement instrument equipment is reserved; and if not, deleting the local certificate of the law enforcement instrument equipment if the verification fails.
Further, the signature data includes signature digest information and signature encryption information, and comparing the signature data with the attribute information of the law enforcement instrument includes: decrypting the signature data according to the signature encryption information; and judging whether the digest information in the decrypted signature data is consistent with the digest information of the law enforcement instrument.
According to another aspect of the embodiments of the present invention, there is provided a digital certificate generation apparatus, including: the system comprises a sending unit, a certificate importing unit and a certificate importing unit, wherein the sending unit is used for sending a certificate importing request to an upper-level system when a local certificate of law enforcement equipment does not exist in the law enforcement equipment, and the certificate importing request is used for requesting the upper-level system to digitally sign the law enforcement equipment and generating the local certificate of the law enforcement equipment; the importing unit is used for importing the local certificate of the law enforcement instrument equipment digitally signed by the superior system into the law enforcement instrument; and the generation unit is used for digitally signing the file information in the law enforcement instrument according to the local certificate of the law enforcement instrument equipment to generate a digital certificate of the file information in the law enforcement instrument.
Further, the apparatus further comprises: the acquisition unit is used for acquiring the attribute information of the law enforcement instrument; the sending unit is specifically configured to send a certificate import request carrying attribute information of a law enforcement instrument to a superior system, so that the superior system performs digital signature on the law enforcement instrument device according to the attribute information of the law enforcement instrument.
Further, the apparatus further comprises: and the verification unit is used for verifying the local certificate of the law enforcement instrument equipment.
Further, the authentication unit includes: an extraction module for extracting signature data from a local certificate of the law enforcement instrument device; the comparison module is used for comparing the signature data with the attribute information of the law enforcement instrument; the first verification module is used for passing the verification and reserving the local certificate of the law enforcement instrument equipment if the comparison result is consistent; and the second verification module is used for deleting the local certificate of the law enforcement instrument equipment if the comparison result is inconsistent and the verification fails.
Further, the signature data includes signature digest information and signature encryption information, and the comparison module is specifically configured to decrypt the signature data according to the signature encryption information; the comparison module is specifically used for judging whether the digest information in the decrypted signature data is consistent with the digest information of the law enforcement instrument.
According to the method and the system, when the local certificate of the law enforcement instrument does not exist in the law enforcement instrument, the certificate import request is sent to the superior system, the local certificate of the law enforcement instrument digitally signed by the superior system is imported into the law enforcement instrument, the law enforcement instrument is digitally signed by the superior system, the use safety of the law enforcement instrument can be guaranteed, the file information in the law enforcement instrument is digitally signed according to the local certificate of the law enforcement instrument, the digital certificate of the file information in the law enforcement instrument is generated, and the use safety of the file information in the law enforcement instrument can be guaranteed. Compared with the method for generating the digital certificate in the prior art, the method for generating the digital certificate in the law enforcement instrument has the advantages that the local certificate signed by the superior system is led into the law enforcement instrument, file information in the law enforcement instrument is signed according to the local certificate, the law enforcement instrument has safe users, files in the signed law enforcement instrument have non-repudiation performance, information such as files recorded in the law enforcement instrument and the law enforcement instrument has legal effectiveness after being digitally signed, the problem that file information recorded in the law enforcement instrument in the prior art is tampered is solved, and the safety of law enforcement evidence is guaranteed.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
FIG. 1 is a first flowchart of a method for generating a digital certificate according to an embodiment of the present invention;
FIG. 2 is a flow chart of a method for generating a digital certificate according to an embodiment of the present invention;
FIG. 3 is a flow diagram of a method for generating a digital certificate in a law enforcement instrument device, according to an embodiment of the present invention;
fig. 4 is a first block diagram of the structure of a digital certificate generation apparatus according to an embodiment of the present invention;
fig. 5 is a block diagram of the structure of a digital certificate generation apparatus according to an embodiment of the present invention;
fig. 6 is a block diagram of the structure of a digital certificate generation apparatus according to an embodiment of the present invention.
Detailed Description
The invention will be described in detail hereinafter with reference to the accompanying drawings in conjunction with embodiments. It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
In this embodiment, a method for generating a digital certificate is provided, and fig. 1 is a first flowchart of a method for generating a digital certificate according to an embodiment of the present invention, as shown in fig. 1, the flowchart includes the following steps:
step S101, when a local certificate of the law enforcement instrument does not exist in the law enforcement instrument, a certificate import request is sent to an upper system;
the law enforcement instrument is also called police law enforcement recorder or field law enforcement recorder, is a high-tech police individual product designed and researched according to the actual requirements of law enforcement departments, and is suitable for various police. The digital video camera, the digital camera, the talkback transmitter and the like are integrated, and dynamic and static field conditions can be digitally recorded in the law enforcement process. The law enforcement instrument can provide effective on-site image data for case commanding, detecting and checking authorities to obtain evidence.
The security of the law enforcement instrument is particularly important because the content of the document recorded in the law enforcement instrument may relate to confidential information and the like, and once the content is tampered or deleted by others, the evidence may be insufficient or lost, and the judgment of a court is affected, so that not all persons can use the law enforcement instrument at will. According to the embodiment of the invention, before the law enforcement instrument records the file information, whether the local certificate of the law enforcement instrument exists in the law enforcement instrument equipment needs to be judged, the local certificate of the law enforcement instrument equipment is equivalent to the identity certification of a superior system for the law enforcement instrument equipment, the attribute information of the law enforcement instrument is digitally signed through the superior system to obtain the local certificate, and the law enforcement instrument and a user are efficiently and uniformly managed. The superior system is usually a competent department of a law enforcement instrument equipment usage unit or a superior unit, and is not specifically limited herein, and if the law enforcement instrument equipment usage unit is a police station, the superior system may be a police administration department or a government police department, and the like. The attribute information of the law enforcement instrument may include, but is not limited to, attribute information about law enforcement instrument devices, such as law enforcement instrument user information, law enforcement instrument usage information, law enforcement instrument number, and the like, and embodiments of the present invention are not limited thereto.
It should be noted that the local certificate of the law enforcement device is equivalent to a string of numbers which mark the identity information of each party in communication in internet communication, and provides a way for verifying the identity of the communication entity, and is not the digital identity card of the law enforcement device, but a signature on the digital identity card of the law enforcement device is signed by an authority, wherein the authority is a superior system of a user of the law enforcement device.
Step S102, importing a local certificate of the law enforcement instrument equipment digitally signed by the superior system into the law enforcement instrument;
the local certificate in the law enforcement instrument is equivalent to the authentication of a superior system to the law enforcement instrument equipment, and the local certificate contains the information of the superior system to a user of the law enforcement instrument equipment and the digital signature of the information of the law enforcement instrument equipment.
According to the embodiment of the invention, the local certificate digitally signed by the superior system allows users meeting the signature condition to use, prevents other users not meeting the signature condition from using, and can not cause abuse phenomenon of the law enforcement instrument by importing the local certificate of the law enforcement instrument digitally signed by the superior system into the law enforcement instrument, thereby ensuring the safety of the law enforcement instrument in use.
And step S103, carrying out digital signature on the file information in the law enforcement instrument according to the local certificate of the law enforcement instrument equipment to generate a digital certificate of the file information in the law enforcement instrument.
The files in the law enforcement instrument can be video information, picture information or audio information and the like recorded by the law enforcement instrument, and the specific file information can include but is not limited to the name, recording time, file size and the like of the files. Similarly, while the safety of the law enforcement instrument is protected, the safety of the document information in the law enforcement instrument is also important, and other people are not allowed to tamper or delete the document information randomly, so that the embodiment of the invention digitally signs the document information in the law enforcement instrument. During signing, the law enforcement instrument device automatically generates a digital certificate through local software of the law enforcement instrument device by acquiring digest information of a file in the law enforcement instrument and through public key information, an encryption algorithm and the like in the local certificate, and because the file information subjected to digital signing uses a mathematical algorithm, such as an SHA-256 algorithm, or the algorithm operation encrypts the file information, the encrypted digital signature file cannot be reversed and decrypted under the condition that decryption authorization is not obtained, and the security is higher.
For the embodiment of the invention, the file information digitally signed in the law enforcement instrument is equivalent to encrypting the file information in the law enforcement instrument, so that the file information can be prevented from being falsified in the transmission process, the file data can not be forged, the file information in the law enforcement instrument is further digitally signed according to the local certificate in the law enforcement instrument, and a digital certificate of the file information in the law enforcement instrument is generated.
It should be noted that the encryption technology of the core in the digital certificate can encrypt and decrypt the information to be transmitted, digitally sign and sign, etc., and the confidentiality, integrity and non-repudiation, etc. of the file information transmission process in the law enforcement instrument can be ensured by the digital certificate generated after digitally signing the file information in the law enforcement instrument.
According to the method for generating the digital certificate, when the local certificate of the law enforcement instrument does not exist in the law enforcement instrument, the certificate import request is sent to the superior system, the local certificate of the law enforcement instrument digitally signed by the superior system is imported into the law enforcement instrument, the law enforcement instrument is digitally signed by the superior system, the use safety of the law enforcement instrument can be guaranteed, the file information in the law enforcement instrument is digitally signed according to the local certificate of the law enforcement instrument, the digital certificate of the file information in the law enforcement instrument is generated, and the use safety of the file information in the law enforcement instrument can be guaranteed. Compared with the method for generating the digital certificate in the prior art, the method for generating the digital certificate in the law enforcement instrument has the advantages that the local certificate signed by the superior system is led into the law enforcement instrument, file information in the law enforcement instrument is signed according to the local certificate, the law enforcement instrument has safe users, files in the signed law enforcement instrument have non-repudiation performance, information such as files recorded in the law enforcement instrument and the law enforcement instrument has legal effectiveness after being digitally signed, the problem that file information recorded in the law enforcement instrument in the prior art is tampered is solved, and the safety of law enforcement evidence is guaranteed.
Fig. 2 is a second flowchart of a method for generating a digital certificate according to an embodiment of the present invention, and as shown in fig. 2, the flowchart includes the following steps:
step S201, when a local certificate of law enforcement instrument equipment does not exist in a law enforcement instrument, acquiring attribute information of the law enforcement instrument;
the attribute information of the law enforcement instrument may include, but is not limited to, attribute information about law enforcement instrument devices, such as law enforcement instrument user information, law enforcement instrument usage information, law enforcement instrument numbers, and the like, and embodiments of the present invention are not limited thereto.
For example, the attribute information of a law enforcement instrument may be: the law enforcement instrument is the police station in district C, city B, province A, the law enforcement instrument user is the police leaflet, the police number is 310612, the law enforcement instrument number is D0228, and the like.
It should be noted that, the attribute information of the law enforcement instrument is generally unique or deterministic, such as the law enforcement instrument number, and the law enforcement instrument usage unit and the law enforcement instrument usage information are deterministic and not arbitrarily changed, so the attribute information of the law enforcement instrument is used for identifying the law enforcement instrument device.
Step S202, sending a certificate import request carrying attribute information of a law enforcement instrument to an upper-level system;
the security of the law enforcement instrument equipment may affect the security of the equipment in the law enforcement instrument, so before the law enforcement instrument records file information, the superior system performs digital signature on the attribute information of the law enforcement instrument, specifically, after the law enforcement instrument acquires the attribute information of the law enforcement instrument, the attribute information of the law enforcement instrument generates a request file packet, and further sends a certificate import request to the superior system, wherein the certificate import request is used for requesting the superior system to perform digital signature on the law enforcement instrument equipment and generating a local certificate of the law enforcement instrument equipment.
For the embodiment of the present invention, the request file packet carrying the attribute information of the law enforcement instrument is sent to the certificate import request of the superior system, so that the superior system digitally signs the attribute information of the law enforcement instrument according to the request file packet, and specifically, the superior system may use a mathematical algorithm, such as SHA-1, SHA-128, SHA-256, or other algorithms, the mathematical algorithm used in the embodiment of the present invention is not limited, and may include but not limited to the above algorithm to encrypt the attribute information of the law enforcement instrument, so as to obtain the digitally signed law enforcement instrument attribute information file, and generate the local certificate.
It should be noted that, in the embodiment of the present invention, the manner in which the superior system digitally signs the attribute information of the law enforcement instrument is not limited, and in the prior art, the digital signature public key information is encrypted by using the SHA-256 algorithm. The SHA-256 algorithm is one of hash algorithms, is suitable for digital signature data authentication, and cannot be decrypted irreversibly in an encryption process without decryption authorization.
Step S203, importing the local certificate of the law enforcement instrument equipment digitally signed by the superior system into the law enforcement instrument;
the signed law enforcement instrument attribute letter contains public key information, owner identity information and a digital signature of a superior system on the law enforcement instrument attribute information, so that the whole content of the law enforcement instrument attribute information file is correct. The law enforcement owner can indicate the owner identity to other users or equipment by means of the attribute information file, and the other party obtains trust and authorizes access or use of certain sensitive computer services. A computer or other users can verify the content of the local certificate through a certain program, including whether the certificate is expired or not and whether the digital signature is valid or not, and if a superior system is trusted, the secret key on the certificate can be trusted, and the computer or other users can reliably communicate with the owner by public key encryption.
For the embodiment of the invention, the local certificate of the law enforcement instrument equipment digitally signed by the superior system is introduced into the law enforcement instrument, so that the sensitive personal data of the user, such as the birth date, the identification number and the like, can not be transmitted to the computer system of a data requester during the authentication of the identity of the user of the law enforcement instrument.
Step S204, verifying the local certificate of the law enforcement instrument equipment;
after a certificate import request carrying attribute information of a law enforcement instrument is sent to an upper-level system, due to the fact that a security problem exists in the data transmission process or the superior system sends an error condition, the number of the law enforcement instrument is wrongly recorded or the superior system sends the signed attribute information of the law enforcement instrument to an un-corresponding law enforcement instrument, if the attribute information of the law enforcement instrument numbered 11100 is sent to the law enforcement instrument numbered 11101, the attribute information cannot be matched with the attribute information of a correct law enforcement instrument, if the attribute information of file information in a subsequent law enforcement instrument is wrong in time, a local certificate of law enforcement instrument equipment digitally signed by the superior system needs to be verified, the confirmed local certificate can be stored in the law enforcement instrument equipment, and the security of the law enforcement instrument equipment in the using process is guaranteed.
For the embodiment of the invention, signature data, such as signed superior organization name and attribute information of the law enforcement instrument, can be extracted from the local certificate of the law enforcement instrument digitally signed by the superior system, and the signature data is compared with the attribute information of the law enforcement instrument, usually the attribute information of the law enforcement instrument needs to be compared one by one, of course, several fixed attribute information can be selected for comparison, such as abstract information of the law enforcement instrument, serial number of the law enforcement instrument, and the like, if the comparison result is consistent, the corresponding relationship between the law enforcement instrument digitally signed by the superior system and the current law enforcement instrument is correct, the verification is passed, the local certificate of the law enforcement instrument is retained, if the comparison result is inconsistent, the corresponding relationship between the law enforcement instrument digitally signed by the superior system and the current law enforcement instrument is wrong, the verification is failed, the local certificate of the law enforcement instrument is deleted, the certificate import request needs to be sent to the upper-level system again.
It should be noted that, since the law enforcement instrument needs to perform encryption processing during the process of digital signature by the upper system, the signature data needs to be decrypted in advance according to the signature encryption information during the process of verifying the local certificate digitally signed by the upper system, so as to determine whether the digest information in the decrypted signature data is consistent with the digest information of the law enforcement instrument.
And step S205, digitally signing the file information in the law enforcement instrument according to the local certificate of the law enforcement instrument equipment to generate a digital certificate of the file information in the law enforcement instrument.
According to the embodiment of the invention, when file information such as video files, photo files or log files recorded in the law enforcement instrument equipment needs to be digitally signed, the law enforcement instrument equipment automatically generates the digital certificate through local software of the law enforcement instrument equipment by acquiring the summary information of the files in the law enforcement instrument and through public key information, an encryption algorithm and the like in the local certificate.
It should be noted that, if the local certificate of the law enforcement instrument device exists in the law enforcement instrument, after the local certificate of the law enforcement instrument device is verified, the file information in the law enforcement instrument can be digitally signed directly according to the local certificate of the law enforcement instrument device without sending a certificate import request to the superior system.
The trust chain architecture is formed by digital certificate sent by digital signature verification and public key certification sent by using public key encryption as digital signature verification, the trust chain architecture is realized in TLS, introduced and widely applied in HTTP of world wide web by HTTPS and SMTP of E-mail by STARTTLS, and the current standard in the industry is X.509 established by telecommunication standardization department of International telecommunication Union, and is described in detail by RFC5208 issued by IETF. In many advanced countries, legislation has been granted that digital signatures made using digital certificates have legal power equivalent to in-person signatures.
It should be noted that, in the embodiment of the present invention, the specification of the generated digital certificate is not limited, and may be an x.509 certificate, or may be in other forms, and the specific x.509 digital certificate specification may include the following fields:
version: the current universal version is V3
Sequence number: for identifying each certificate, particularly when revoking a certificate
A main body: a legal or natural person identity or machine possessing such a certificate, comprising:
country (C, Country)
State/province (S, State)
Region/city (L, Location)
Organization/unit (O, Organization)
Common Name (CN, Common Name): in TLS applications, this field is typically the network domain
The issuer: digital certificate authority for signing the certificate in digital signature form
Expiration date start time: the time of validity of the certificate, the certificate not having been validated before
Expiration date end time: the end time of validity of the certificate, after which the certificate is revoked
Public key usage: specifying the use of public keys on certificates, e.g. digital signatures, server authentication, client authentication, etc
Public key
Public key fingerprint
Digital signature
Digital signature algorithm
Principal alias
For the embodiment of the present invention, a specific application scenario may be as follows, but is not limited thereto, as shown in fig. 3, fig. 3 is a flowchart of a method for generating a digital certificate in law enforcement equipment, and specifically includes: before recording by using a law enforcement instrument, firstly judging whether a local certificate of the law enforcement instrument exists in the law enforcement instrument equipment, if the local certificate of the law enforcement instrument does not exist, acquiring attribute information of the law enforcement instrument equipment, sending a certificate import request carrying the attribute information of the law enforcement instrument to an upper-level system so that the upper-level system digitally signs the law enforcement instrument equipment according to the attribute information of the law enforcement instrument and generates the local certificate of the law enforcement instrument equipment, importing the local certificate of the law enforcement instrument equipment digitally signed by the upper-level system into the law enforcement instrument equipment, verifying the local certificate of the law enforcement instrument equipment by comparing the attribute information of the law enforcement instrument equipment with signature data of the law enforcement instrument equipment extracted from the local certificate, if the result is inconsistent, the verification is failed, deleting the local certificate of the law enforcement instrument equipment, and requesting the upper-level system to regenerate the local certificate, if the verification result is consistent, the verification is passed, the local certificate of the law enforcement instrument equipment is reserved, the video abstract, the attribute information of the law enforcement instrument, the user information and the key of the local certificate are further acquired, the file information recorded by the law enforcement instrument is signed through local software of the law enforcement instrument equipment, and a digitally signed X.509 digital certificate is generated, so that video files, sound recording files, log files and the like including but not limited to other files recorded by the law enforcement instrument equipment and the signed X.509 digital certificate are stored on a TF card, the safety of the file information in the law enforcement instrument is ensured, if the local certificate of the law enforcement instrument equipment exists in the law enforcement instrument equipment, a certificate import request is not required to be sent to a superior system, the local certificate is imported, the local certificate of the law enforcement instrument equipment is directly verified, and the file information recorded by the law enforcement instrument equipment is digitally signed, a digitally signed x.509 digital certificate is generated.
According to the method for generating the digital certificate, when the local certificate of the law enforcement instrument does not exist in the law enforcement instrument, the certificate import request is sent to the superior system, the local certificate of the law enforcement instrument digitally signed by the superior system is imported into the law enforcement instrument, the law enforcement instrument is digitally signed by the superior system, the use safety of the law enforcement instrument can be guaranteed, the file information in the law enforcement instrument is digitally signed according to the local certificate of the law enforcement instrument, the digital certificate of the file information in the law enforcement instrument is generated, and the use safety of the file information in the law enforcement instrument can be guaranteed. Compared with the method for generating the digital certificate in the prior art, the method for generating the digital certificate in the law enforcement instrument has the advantages that the local certificate signed by the superior system is led into the law enforcement instrument, file information in the law enforcement instrument is signed according to the local certificate, the law enforcement instrument has safe users, files in the signed law enforcement instrument have non-repudiation performance, information such as files recorded in the law enforcement instrument and the law enforcement instrument has legal effectiveness after being digitally signed, the problem that file information recorded in the law enforcement instrument in the prior art is tampered is solved, and the safety of law enforcement evidence is guaranteed.
Fig. 4 is a block diagram showing a first structure of an apparatus for generating a digital certificate according to an embodiment of the present invention, as shown in fig. 4, the apparatus includes:
the sending unit 31 may be configured to send a certificate import request to the superior system when a local certificate of the law enforcement instrument device does not exist in the law enforcement instrument, where the certificate import request is used to request the superior system to digitally sign the law enforcement instrument device and generate the local certificate of the law enforcement instrument device;
an importing unit 32, which can be used to import the local certificate of the law enforcement instrument digitally signed by the superior system into the law enforcement instrument;
the generating unit 33 may be configured to digitally sign the document information in the law enforcement instrument according to the local certificate of the law enforcement instrument device, and generate a digital certificate of the document information in the law enforcement instrument.
According to the device for generating the digital certificate, provided by the embodiment of the invention, when the local certificate of the law enforcement instrument does not exist in the law enforcement instrument, the certificate import request is sent to the superior system, the local certificate of the law enforcement instrument digitally signed by the superior system is imported into the law enforcement instrument, the digital signature is carried out on the law enforcement instrument through the superior system, the use safety of the law enforcement instrument can be ensured, the file information in the law enforcement instrument is further digitally signed according to the local certificate of the law enforcement instrument, the digital certificate of the file information in the law enforcement instrument is generated, and the use safety of the file information in the law enforcement instrument can be ensured. Compared with the method for generating the digital certificate in the prior art, the method for generating the digital certificate in the law enforcement instrument has the advantages that the local certificate signed by the superior system is led into the law enforcement instrument, file information in the law enforcement instrument is signed according to the local certificate, the law enforcement instrument has safe users, files in the signed law enforcement instrument have non-repudiation performance, information such as files recorded in the law enforcement instrument and the law enforcement instrument has legal effectiveness after being digitally signed, the problem that file information recorded in the law enforcement instrument in the prior art is tampered is solved, and the safety of law enforcement evidence is guaranteed.
As a further explanation of the digital certificate generating apparatus shown in fig. 4, fig. 5 is a block diagram of a structure of a digital certificate generating apparatus according to an embodiment of the present invention, and as shown in fig. 5, the apparatus further includes:
an acquisition unit 34, which can be used for acquiring the attribute information of the law enforcement instrument;
the sending unit 31 may be specifically configured to send a certificate import request carrying attribute information of a law enforcement instrument to a superordinate system, so that the superordinate system performs digital signature on the law enforcement instrument device according to the attribute information of the law enforcement instrument;
an authentication unit 35 may be used to authenticate the local certificate of the law enforcement instrument device.
Further, the verification unit 35 includes:
an extraction module 351, operable to extract signature data from a local certificate of the law enforcement instrument device;
a comparison module 352, configured to compare the signature data with attribute information of the law enforcement instrument;
the first authentication module 353 may be configured to, if the comparison result is consistent, pass the authentication and retain the local certificate of the law enforcement instrument device;
the second verification module 354 may be configured to delete the local certificate of the law enforcement device if the comparison result is inconsistent and the verification fails.
Further, the signature data includes signature digest information and signature encryption information,
the comparison module 352 may be specifically configured to decrypt the signature data according to the signature encryption information;
the comparison module 352 may be further configured to specifically determine whether digest information in the decrypted signature data is consistent with digest information of the law enforcement instrument.
According to the other digital certificate generation device provided by the embodiment of the invention, when the local certificate of the law enforcement instrument does not exist in the law enforcement instrument, the certificate import request is sent to the superior system, the local certificate of the law enforcement instrument digitally signed by the superior system is imported into the law enforcement instrument, the digital signature is carried out on the law enforcement instrument through the superior system, the use safety of the law enforcement instrument can be ensured, the file information in the law enforcement instrument is further digitally signed according to the local certificate of the law enforcement instrument, the digital certificate of the file information in the law enforcement instrument is generated, and the use safety of the file information in the law enforcement instrument can be ensured. Compared with the method for generating the digital certificate in the prior art, the method for generating the digital certificate in the law enforcement instrument has the advantages that the local certificate signed by the superior system is led into the law enforcement instrument, file information in the law enforcement instrument is signed according to the local certificate, the law enforcement instrument has safe users, files in the signed law enforcement instrument have non-repudiation performance, information such as files recorded in the law enforcement instrument and the law enforcement instrument has legal effectiveness after being digitally signed, the problem that file information recorded in the law enforcement instrument in the prior art is tampered is solved, and the safety of law enforcement evidence is guaranteed.
Fig. 6 is a block diagram of a third configuration of an apparatus for generating a digital certificate according to an embodiment of the present invention, as shown in fig. 6, the apparatus includes: a local certificate request module 41, a local certificate import module 42, a local certificate verification module 43, and a digital certificate generation module 44;
the local certificate request module 41 may be configured to request a superior system to generate a local certificate of a law enforcement instrument device;
specifically, when the local certificate of the law enforcement instrument device does not exist in the law enforcement instrument, the abstract information of the law enforcement instrument device, such as the ID of a police officer of the law enforcement instrument, the ID of the law enforcement instrument device, law enforcement units and the like, is acquired, and a certificate import request carrying the abstract information of the law enforcement instrument device is sent to a superior system, so that the superior system generates the local certificate signed by the superior system of the law enforcement instrument device according to the abstract information of the law enforcement instrument device, and the local certificate is equivalent to the identifier of the law enforcement instrument device, and can prevent users who do not meet the conditions from using the local certificate.
The local certificate import module 42 may be configured to import a local certificate of a law enforcement instrument device issued by a superordinate system into the law enforcement instrument device;
a local certificate verification module 43, which may be used to verify a local certificate of the law enforcement instrument device;
the local certificate after the digital signature of the superior system is required to be in one-to-one correspondence with the law enforcement instrument equipment, and if the digital signature has wrong correspondence, the use of the law enforcement instrument equipment is possibly unsafe, so that the confirmed local certificate can be stored on the law enforcement instrument equipment;
the digital certificate generation module 44 may be configured to digitally sign the file information recorded by the law enforcement instrument according to the local certificate of the law enforcement instrument device, and generate a digital certificate of the file information;
the specific process of generating the digital certificate of the file information may include, but is not limited to, the following implementation manners: when digital signature is needed to be carried out on video files, photo files, sound recording files or log files recorded by the law enforcement instrument, the law enforcement instrument equipment acquires summary information of the files, and the digital certificate in the X.509 format is automatically generated by local software of the law enforcement instrument equipment by adding public key information, an encryption algorithm and the like of a local certificate.
It will be apparent to those skilled in the art that the modules or steps of the present invention described above may be implemented by a general purpose computing device, they may be centralized on a single computing device or distributed across a network of multiple computing devices, and alternatively, they may be implemented by program code executable by a computing device, such that they may be stored in a storage device and executed by a computing device, and in some cases, the steps shown or described may be performed in an order different than that described herein, or they may be separately fabricated into individual integrated circuit modules, or multiple ones of them may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (8)

1. A method for generating a digital certificate, comprising:
when a local certificate of law enforcement equipment does not exist in the law enforcement equipment, a certificate import request is sent to an upper level system, the certificate import request is used for requesting the upper level system to digitally sign the law enforcement equipment, and a local certificate of the law enforcement equipment is generated, wherein the local certificate comprises the user information of the law enforcement equipment and the digital signature of the law enforcement equipment information by the upper level system;
importing a local certificate of the law enforcement instrument equipment digitally signed by the superior system into the law enforcement instrument;
and digitally signing the file information in the law enforcement instrument according to the local certificate of the law enforcement instrument equipment to generate a digital certificate of the file information in the law enforcement instrument.
2. The method according to claim 1, wherein prior to said sending a certificate import request to a superordinate system, the method comprises:
acquiring attribute information of the law enforcement instrument;
the sending of the certificate import request to the superior system specifically includes: and sending a certificate import request carrying the attribute information of the law enforcement instrument to a superior system, so that the superior system carries out digital signature on the law enforcement instrument equipment according to the attribute information of the law enforcement instrument.
3. The method of claim 1, wherein after importing the local certificate of the law enforcement instrument device digitally signed by the superordinate system to a law enforcement instrument, the method further comprises:
verifying the local certificate of the law enforcement instrument device.
4. The method of claim 3, wherein the verifying the local certificate digitally signed by the superior system comprises:
extracting signature data from a local certificate of the law enforcement instrument device;
comparing the signature data with attribute information of the law enforcement instrument;
if the comparison result is consistent, the verification is passed, and the local certificate of the law enforcement instrument equipment is reserved;
and if not, deleting the local certificate of the law enforcement instrument equipment if the verification fails.
5. An apparatus for generating a digital certificate, comprising:
the system comprises a sending unit, a secondary system and a management unit, wherein the sending unit is used for sending a certificate import request to the secondary system when a local certificate of the law enforcement instrument device does not exist in the law enforcement instrument, the certificate import request is used for requesting the primary system to digitally sign the law enforcement instrument device and generating the local certificate of the law enforcement instrument device, and the local certificate comprises the user information of the law enforcement instrument device and the digital signature of the law enforcement instrument device information of the primary system;
the importing unit is used for importing the local certificate of the law enforcement instrument equipment digitally signed by the superior system into the law enforcement instrument;
and the generation unit is used for digitally signing the file information in the law enforcement instrument according to the local certificate of the law enforcement instrument equipment to generate a digital certificate of the file information in the law enforcement instrument.
6. The apparatus of claim 5, further comprising:
the acquisition unit is used for acquiring the attribute information of the law enforcement instrument;
the sending unit is specifically configured to send a certificate import request carrying attribute information of a law enforcement instrument to a superior system, so that the superior system performs digital signature on the law enforcement instrument device according to the attribute information of the law enforcement instrument.
7. The apparatus of claim 5, further comprising:
and the verification unit is used for verifying the local certificate of the law enforcement instrument equipment.
8. The apparatus of claim 7, wherein the authentication unit comprises:
an extraction module for extracting signature data from a local certificate of the law enforcement instrument device;
the comparison module is used for comparing the signature data with the attribute information of the law enforcement instrument;
the first verification module is used for passing the verification and reserving the local certificate of the law enforcement instrument equipment if the comparison result is consistent;
and the second verification module is used for deleting the local certificate of the law enforcement instrument equipment if the comparison result is inconsistent and the verification fails.
CN201810094404.XA 2018-01-29 2018-01-29 Method and device for generating digital certificate Active CN108322311B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810094404.XA CN108322311B (en) 2018-01-29 2018-01-29 Method and device for generating digital certificate

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810094404.XA CN108322311B (en) 2018-01-29 2018-01-29 Method and device for generating digital certificate

Publications (2)

Publication Number Publication Date
CN108322311A CN108322311A (en) 2018-07-24
CN108322311B true CN108322311B (en) 2021-01-22

Family

ID=62888354

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810094404.XA Active CN108322311B (en) 2018-01-29 2018-01-29 Method and device for generating digital certificate

Country Status (1)

Country Link
CN (1) CN108322311B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109145649A (en) * 2018-08-03 2019-01-04 金联汇通信息技术有限公司 Method for processing video frequency, certificates constructing method and related device based on law enforcement terminal
CN111181893A (en) * 2018-11-09 2020-05-19 航天信息股份有限公司 Law enforcement evidence processing method, device and system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105023310A (en) * 2014-04-30 2015-11-04 上海汽车集团股份有限公司 Vehicle driving data storage method and device and vehicle driving data recorder
CN105282122A (en) * 2014-07-22 2016-01-27 中兴通讯股份有限公司 Information security implementing method and system based on digital certificates

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105023310A (en) * 2014-04-30 2015-11-04 上海汽车集团股份有限公司 Vehicle driving data storage method and device and vehicle driving data recorder
CN105282122A (en) * 2014-07-22 2016-01-27 中兴通讯股份有限公司 Information security implementing method and system based on digital certificates

Also Published As

Publication number Publication date
CN108322311A (en) 2018-07-24

Similar Documents

Publication Publication Date Title
US6938157B2 (en) Distributed information system and protocol for affixing electronic signatures and authenticating documents
US6401206B1 (en) Method and apparatus for binding electronic impressions made by digital identities to documents
US7475250B2 (en) Assignment of user certificates/private keys in token enabled public key infrastructure system
US8656166B2 (en) Storage and authentication of data transactions
US7925023B2 (en) Method and apparatus for managing cryptographic keys
US6745327B1 (en) Electronic certificate signature program
US20100005318A1 (en) Process for securing data in a storage unit
US11531746B2 (en) Method for electronic signing of a document by a plurality of signatories
CN106953732B (en) Key management system and method for chip card
US20070014399A1 (en) High assurance key management overlay
CN112995144A (en) File processing method and system, readable storage medium and electronic device
CN112583772B (en) Data acquisition and storage platform
CN108322311B (en) Method and device for generating digital certificate
CN110086818B (en) Cloud file secure storage system and access control method
CN115396096A (en) Encryption and decryption method and protection system for secret file based on national cryptographic algorithm
KR20100114321A (en) Digital content transaction-breakdown the method thereof
EP1092182A2 (en) Apparatus and method for end-to-end authentication using biometric data
CN111817858A (en) Block chain data security method based on multiple signatures
WO2021027982A1 (en) System and method for electronic signature creation and management for long-term archived documents
US11671475B2 (en) Verification of data recipient
CN115277093A (en) Tamper verification method, system and device thereof and electronic equipment
Campbell Supporting digital signatures in mobile environments
GB2391669A (en) Portable device for verifying a document's authenticity
TWM579789U (en) Electronic contract signing device
CN111414629B (en) Electronic contract signing device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant