CN103885723B - Digital certificate store method, system and digital certificate read method and system - Google Patents
Digital certificate store method, system and digital certificate read method and system Download PDFInfo
- Publication number
- CN103885723B CN103885723B CN201410077035.5A CN201410077035A CN103885723B CN 103885723 B CN103885723 B CN 103885723B CN 201410077035 A CN201410077035 A CN 201410077035A CN 103885723 B CN103885723 B CN 103885723B
- Authority
- CN
- China
- Prior art keywords
- data
- digital certificate
- certificate
- slot
- fragment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of digital certificate store method, system and digital certificate read method and system, the digital certificate store method includes:Digital certificate is divided into two or more data slots;Data Matching is carried out to the data slot obtained by segmentation, at least two structures data slot consistent with content is obtained, the structure data slot consistent with content is divided at least one redundant data fragment and at least one valid data fragment;By other data slots in the data slot obtained by segmentation in addition to the redundant data fragment, store certificate memory space, and data positional information of each data slot of corresponding record storage in digital certificate, wherein, to the valid data piece segment record its own data positional information and the redundant data fragment data positional information.Implement the method for the present invention and system, while full storage digital certificate is ensured, memory space can be saved, and can quickly read complete digital certificate.
Description
Technical field
The present invention relates to digital authentication technology field, more particularly to a kind of digital certificate store method, system and number
Word certificate read method and system.
Background technology
In digital authentication technology, the content of digital certificate is by certificate authority (Certificate
Authority, CA) signature, the strict guarantee integrality of data is when being transmitted to digital certificate and being stored also necessary
Ensure the integrality of its data, will otherwise be considered as invalid certificate.Therefore prior art is in digital certificate, typically
Stored digital certificate as a complete data file in credential media.
Because legal CA needs to implement double certificate system, storage signing certificate is at least needed in a credential media and is added
Two certificates of close certificate.And in order to realize SM2 (a kind of asymmetric cryptographic algorithm that China national password office formulates) certificates and show
There are RSA certificates applying upper compatibility, be likely to require in a credential media and deposit the signing certificate of SM2 algorithms simultaneously, add
The signing certificate of close certificate and RSA Algorithm, encrypted certificate, cause the memory space of digital certificate nervous.
Meanwhile, with the continuous popularization of quadrature digital up-converter, credential media rapidly (makes from traditional USB Key
With the certificate and key storage media of USB) expand to various IC (the integrated electricity of Integrate Circuit
Road) card, SIM (Subscriber Identity Module user identification modules) card, RFID (Radio Frequency
IDentification radio frequency identifications) card etc. in the strictly limited medium of memory space, also result in digital certificate and received in space
Storage in limit medium is difficult.
Additionally, with " Key is multiplex ", the popularization of " card is multiplex " idea, even memory space is relatively abundant
USB Key, also usually because simultaneously assume responsibility for multiple application demands, stored in USB Key in addition to certificate and key
Various applied business data, so as to cause USB Key memory spaces nervous.
The content of the invention
Based on this, it is necessary to for the problem that digital certificate store in the storage medium of above-mentioned digital authentication technology is difficult,
A kind of digital certificate store method, system and digital certificate read method and system are provided.
A kind of digital certificate store method, comprises the following steps:
According to ASN.1 coding rules, digital certificate is divided into two or more data slots;
Data Matching is carried out to the data slot obtained by segmentation, structure at least two data slices consistent with content are obtained
Section, at least one redundant data fragment and at least one significant figure are divided into by the structure data slot consistent with content
According to fragment;
Other data slots in data slot obtained by segmentation in addition to the redundant data fragment, storage are deposited to certificate
Storage space, and corresponding record storage data positional information of each data slot in digital certificate, wherein, to the significant figure
According to piece segment record its own data positional information and the redundant data fragment data positional information.
A kind of digital certificate store system, including:
Segmentation module, for according to ASN.1 coding rules, digital certificate being divided into two or more data slices
Section;
Matching module, for carrying out Data Matching to the data slot obtained by segmentation, obtains structure consistent with content
At least two data slots, by the structure data slot consistent with content be divided at least one redundant data fragment and
At least one valid data fragment;
Memory module, for by other data slices in the data slot obtained by segmentation in addition to the redundant data fragment
Data positional information of each data slot of section, storage to certificate memory space, and corresponding record storage in digital certificate, its
In, to the valid data piece segment record its own data positional information and the redundant data fragment data bit confidence
Breath.
Above-mentioned digital certificate store method and system, two or more data slices are divided into by by digital certificate
Section, and the structure data slot consistent with content is obtained from the data slot obtained by segmentation again by except the structure of fractional numbers
Other data slots outside the data slot consistent with content, storage to certificate memory space, and record storage is in the card
Data positional information of each data slot of book memory space in each digital certificate, to the valid data piece segment record its from
The data positional information of the data positional information of body and the redundant data fragment, is ensureing the same of full storage digital certificate
When, can not storage part fraction purpose structure and the consistent data slot of content, eliminate partial redundance information, saved digital card
Book amount of storage, reduces to certificate storage center or the request memory of certificate storage medium.
A kind of digital certificate read method, comprises the following steps:
Data slot corresponding with digital certificate to be read is obtained from certificate memory space, and the data slot exists
Corresponding data positional information in the digital certificate, wherein, the data slot includes at least one valid data fragment, institute
State valid data fragment at least two data positional informations of correspondence;
Data slot outside the valid data fragment is combined according to its corresponding data positional information, will be had
Effect data slot recovers corresponding data slot in its corresponding each Data Position respectively, reassembles into the digital certificate.
A kind of digital certificate reads system, including:
Read module, for obtaining data slot corresponding with digital certificate to be read from certificate memory space, and
The data slot corresponding data positional information in the digital certificate, wherein, the data slot includes at least one
Valid data fragment, at least two data positional informations of the valid data fragment correspondence;
Recombination module, for by the data slot outside the valid data fragment according to its corresponding data positional information
It is combined, valid data fragment is recovered into corresponding data slot in its corresponding each Data Position respectively, reassembles into institute
State digital certificate.
Above-mentioned digital certificate read method and system, obtain and digital certificate pair to be read by from certificate memory space
The data slot answered, and the data slot corresponding data positional information in the digital certificate, then will be described effective
Data slot outside data slot is combined according to its corresponding data positional information, by valid data fragment respectively at it
Corresponding each Data Position recovers corresponding data slot, reassembles into the digital certificate, can save the base of memory space
On plinth, complete digital certificate is quickly read.
A kind of digital certificate read method, comprises the following steps:
According to ASN.1 coding rules, digital certificate is divided into two or more data slots;
Data Matching is carried out to the data slot obtained by segmentation, structure at least two data slices consistent with content are obtained
Section, at least one redundant data fragment and at least one significant figure are divided into by the structure data slot consistent with content
According to fragment;
Other data slots in data slot obtained by segmentation in addition to the redundant data fragment, storage are deposited to certificate
Storage space, and corresponding record storage data positional information of each data slot in the digital certificate, wherein, have to described
Effect data slot record its own data positional information and the redundant data fragment data positional information;
Data slot corresponding with digital certificate to be read is obtained from certificate memory space, and the data slot exists
Corresponding data positional information in the digital certificate;
Data slot outside the valid data fragment is combined according to its corresponding data positional information, will be had
Effect data slot recovers corresponding data slot in its corresponding each Data Position respectively, reassembles into the digital certificate.
A kind of digital certificate reads system, including:
Segmentation module, for according to ASN.1 coding rules, digital certificate being divided into two or more data slices
Section;
Matching module, for carrying out Data Matching to the data slot obtained by segmentation, obtains structure consistent with content
At least two data slots, by the structure data slot consistent with content be divided at least one redundant data fragment and
At least one valid data fragment;
Memory module, for by other data slices in the data slot obtained by segmentation in addition to the redundant data fragment
Data bit confidence of each data slot of section, storage to certificate memory space, and corresponding record storage in the digital certificate
Breath, wherein, to the valid data piece segment record its own data positional information and the redundant data fragment data
Positional information;
Read module, for obtaining data slot corresponding with digital certificate to be read from certificate memory space, and
The data slot corresponding data positional information in the digital certificate;
Recombination module, for by the data slot outside the valid data fragment according to its corresponding data positional information
It is combined, valid data fragment is recovered into corresponding data slot in its corresponding each Data Position respectively, reassembles into institute
State digital certificate.
Above-mentioned digital certificate read method and system, remove the redundant data piece in the data slot as obtained by by segmentation
Each data slot of other data slots outside section, storage to certificate memory space, and corresponding record storage is in the numeral card
Data positional information in book, and the data slot corresponding data positional information in the digital certificate, then by institute
State the data slot outside valid data fragment to be combined according to its corresponding data positional information, by valid data fragment point
Do not recover corresponding data slot in its corresponding each Data Position, reassemble into the digital certificate, storage sky can saved
Between on the basis of, quickly read complete digital certificate.
Brief description of the drawings
Fig. 1 is the schematic flow sheet of digital certificate store method first embodiment of the present invention;
Fig. 2 is the schematic flow sheet of digital certificate store method second embodiment of the present invention;
Fig. 3 is the schematic flow sheet of the implementation method of digital certificate store method the 3rd of the present invention;
Fig. 4 is the attribute schematic diagram of data set in the implementation method of digital certificate store method the 4th of the present invention;
Fig. 5 is the structural representation of digital certificate store system first embodiment of the present invention;
Fig. 6 is the schematic flow sheet of digital certificate read method first embodiment of the present invention;
Fig. 7 is the schematic flow sheet of digital certificate read method second embodiment of the present invention;
Fig. 8 is the structural representation that digital certificate of the present invention reads system first embodiment;
Fig. 9 is the schematic flow sheet of another digital certificate read method first embodiment of the invention;
Figure 10 is the structural representation that another digital certificate of the invention reads system first embodiment.
Specific embodiment
Fig. 1 is referred to, Fig. 1 is the schematic flow sheet of digital certificate store method first embodiment of the present invention.
The digital certificate store method of present embodiment is comprised the following steps:
Step 101, according to ASN.1 coding rules, two or more data slots is divided into by digital certificate.
Step 102, carries out Data Matching to the data slot obtained by segmentation, obtains structure and content consistent at least two
Individual data slot, at least one redundant data fragment and at least one are divided into by the structure data slot consistent with content
Individual valid data fragment.
Step 103, by other data slots in the data slot obtained by segmentation in addition to the redundant data fragment, storage
To certificate memory space, and corresponding record storage data positional information of each data slot in digital certificate, wherein, to institute
State valid data piece segment record its own data positional information and the redundant data fragment data positional information.
Above-mentioned digital certificate store method, two or more data slots are divided into by by digital certificate, and
The structure data slot consistent with content is obtained from the data slot obtained by segmentation will remove the structure of fractional numbers and interior again
Hold other data slots outside consistent data slot, storage to certificate memory space, and record storage to be deposited in the certificate
Store up the data positional information of each data slot in each digital certificate in space, to the valid data piece segment record its own
The data positional information of data positional information and the redundant data fragment, while full storage digital certificate is ensured,
Can not storage part fraction purpose structure and the consistent data slot of content, eliminate partial redundance information, saved digital certificate
Amount of storage, reduces to certificate storage center or the request memory of certificate storage medium.
Wherein, for step 101, the digital certificate is by certificate authority (Certificate Authority, CA)
Signature distribution, it is preferable that may include root certificate, two grades of CA service certificates, user certificates etc..
Further, when splitting to digital certificate, when digital certificate to be stored is only 1, by the numeral
Certificate is divided into two or more data slots, then performs the operation of step 102.When digital certificate to be stored is
At more than 2, each digital certificate can be divided into two or more data slots, then perform step 102
Operation, from the data slot obtained by the multiple certificates of segmentation, obtains the structure data slot consistent with content.
In one embodiment, it is described according to ASN.1 coding rules, digital certificate is divided into two or more
The step of data slot, comprises the following steps:
According to the certificate type of digital certificate, it is determined that partitioning boundary corresponding with the digital certificate.
According to the partitioning boundary for determining, the digital certificate is divided into two or more data slots.
The digital certificate store method of the present embodiment, can reduce data storage positional information and consume internal memory, further reduce
The memory space that digital certificate takes.
In the present embodiment, the basic structural unit of ASN.1 codings is label (Tag), length (Length), value
(Value), i.e. TLV structures.TLV structures allow nesting to use, i.e., certain TLV structure can be the Value of another TLV structure
Field.When data segmentation is carried out according to ASN.1 coding rules, partitioning boundary can be independent Tag fields, Length fields
With Value word section boundaries, or some independent fields composition composite construction border.Such as:When digital certificate is OID classes
During the digital certificate of type, partitioning boundary is defined as Tag words section boundary compound with what Length fields and Value fields were constituted
The structure boundary of structure.
In other embodiments, can also be using the usual other technologies means of those skilled in the art to digital certificate
Carry out data segmentation.
In another embodiment, described digital certificate is divided into two or more data slots performing
Before step, can also include the steps of:
Step 1012, sets the storage lattice of certificate storage template corresponding with digital certificate to be stored and data slot
Formula.
Wherein, in step 1012, can make a digital certificate can correspond to a certificate storage template, can also make many numbers
Word certificate one certificate template of correspondence, can be set a kind of compound certificate format, and a compound certificate can be comprising multiple digital certificates
Data.On the one hand can ensure that the user data of redundancy only preserves an example, on the other hand can help eliminate ASN.1 again
The redundancy of coding.
Further, can be in compound certificate with data set format data storage fragment, by the elementary cell of compound certificate
Be set to data set, for preserving the data slot of the digital certificate for meeting certain data characteristics, these features by data set category
Property (Attribute) is identified.The attribute, preferably may include Tag values (label), the object type of each data cell and deposits
Storage form etc..
Preferably, data set can be set according to the data content of digital certificate to be stored.Same data set can be used for
Preserve same type of data slot.For example:OID data sets can be set, for preserving the data slot that content is object identifier.
Wherein, object identifier is used to identify the numbering of object class or attribute.Can also setting data collection be used for preserving and contain any
Justice, but meet the discrete data of specified conditions, and for example length is the data of 1 byte.
In other embodiments, it is also possible to each data slot is stored in the way of partitioned storage, and by each number
Carried out with digital certificate residing before the storage of each data slot according to the storage region of fragment corresponding.
For step 102, a secondary data can be carried out with one digital certificate of every segmentation, the data slot to the digital certificate
Matching, finds out the structure data slot consistent with content in the data slot split obtained by the digital certificate.Can also be
After segmenting more than two digital certificates, the data slot to more than two digital certificates carries out a Data Matching, looks into
Find out the data slot consistent with content of structure in the data slot obtained by the segmentation of more than two digital certificates.
Preferably, a data slot in the structure data slot consistent with content can be divided into valid data piece
Section, remaining data fragment is divided into redundant data fragment.If after dividing, when the number of valid data fragment is two or more,
Can to a valid data piece segment record in multiple valid data fragments its own data positional information and the redundancy
The data positional information of data slot.
Further, the structure one group data slot consistent with content, in being one or more digital certificates
Redundancy.A Ukey (it is a kind of be directly connected with computer by USB, with cryptographic authorization functions, reliable high speed it is small
Type storage device) in preserve digital certificate there is substantial amounts of redundancy.For example:The certificate storage medium such as Ukey, generally needs
Mechanism's certificate of user certificate and certificate authority is preserved simultaneously, to construct complete certificate chain.And user certificate is issued
Originator is completely the same with the main information of the public key certificate of certificate authority, as redundancy.And for example:The certificates such as Ukey are deposited
Storage media, saves signing certificate and encrypted certificate respectively, and this two issuers of certificate, main informations are completely the same, i.e.,
It is redundancy.For another example:Above-mentioned certificate storage medium, can preserve the user certificate of various Key Tpes, and these user certificates
The general all same of main information, as redundancy.
Additionally, the ASN.1 codings that digital certificate is followed there is also many redundancies in itself, for example certificate typically has
SEQUENCE (certificate version number) type nesting is formed, now can be comprising many such for identifying in digital certificate
Tag bytes.There is substantial amounts of OID categorical datas in digital certificate, can equally include multiple Tag words for identifying the type
Section.After segmentation step (step 101), matching step (step 102) can find out above-mentioned redundancy, some of them
It is the valid data fragment for storing, the redundant data fragment that other are not stored.
In one embodiment, the data slot obtained by described pair of segmentation carries out Data Matching, obtains structure and content is equal
The step of consistent at least two data slot, comprises the following steps:
Step 1021, the Hash check values of the data slot as obtained by calculating segmentation, matches to each data slot
Verification, verifies out the structure data slot consistent with content.
In other embodiments, those skilled in the art can also be right by other technologies means customary in the art
Data slot obtained by segmentation carries out Data Matching.Such as:Certificate template is analyzed in advance, can be entered according to prior information
Row matching, is not necessarily complete intelligent algorithm.And for example:Certificate authority person object can be matched as overall, certificate main body
Information should then take the combination of its some SET sequence of signature to be matched.
In another embodiment, can be divided according to the size of the memory space of the storage medium of digital certificate
The redundant data fragment and the valid data fragment, if memory space it is smaller, it is necessary to storage digital certificate number compared with
It is many, then a data slot in the structure data slot consistent with content can be divided into valid data fragment, it is other
Data slot is redundant data fragment (preferably, can delete redundant data fragment), i.e. the structure number consistent with content
One is only stored according to fragment.
For step 103, when in the structure data slot consistent with content except a data slot is used as valid data
Fragment is used to store outer, when other data slots are redundant data fragment, to a valid data fragment for storing
Record its own data positional information and be divided into redundant data fragment other data slots data positional information,
For substituting Data Position of the redundant data fragment consistent with its structure and content in each digital certificate during restructuring.It is described
Data positional information is used to record each data slot present position in digital certificate, can be the relative position between each data slot
Relation is put, the absolute position (relatively with digital certificate initial data or end data) of each data slot is can also be.
Preferably, a Data Identification can be set for each data slot, the Data Identification can be digital numbering,
Can be the storage location of each data slot, and then each data slice can be recorded by recording the Data Identification of each data slot
Intersegmental data relationship, and the data relationship for recording is corresponded with each digital certificate.
In one embodiment, by other data slices in the data slot obtained by segmentation in addition to the redundant data fragment
Data positional information of each data slot of section, storage to certificate memory space, and corresponding record storage in digital certificate
Step is further comprising the steps of:
Step 1031, by other data slots in the data slot obtained by segmentation in addition to the redundant data fragment, point
Do not stored as the data cell of data set, wherein, data slot one data set data cell of correspondence.
Step 1032, the Data Position of each data slot according to obtained by segmentation in the digital certificate, obtains and deposits
The data relationship between each data cell is stored up, with data bit confidence of each data slot of record storage in the digital certificate
Breath.
Wherein, the data relationship is preferably position relationship of each data slot in digital certificate or puts in order.
Further, it is described to obtain and comprised the following steps the step of storing the data relationship between each data cell:
For each data cell distributes unique global index, and the global index that will be distributed is stored in default index number
According to concentration.
Data Position of each data slot obtained by segmentation in the digital certificate is corresponded to, by the overall situation of each data cell
Index is ranked up, and forms the index sequence for recovering the digital certificate, with each data slot of record storage described
Data positional information in digital certificate.
Further, after the step of described formation for recovering the digital certificate index sequence, also including with
Lower step:
According to the index sequence for being formed, tract of the occurrence number higher than frequency threshold in the index sequence to be formed is found out
Section, the sequence fragment that will be above frequency threshold is stored as the data cell of data set, and to store the sequence fragment
Data cell distribution global index, to replace the sequence fragment in the index sequence.
Wherein, the frequency threshold determines by the size of sequence fragment and the size of memory space, preferably can in or
Equal to 2.
In another embodiment, other in the data slot by obtained by segmentation in addition to the redundant data fragment
Data of each data slot of data slot, storage to certificate memory space, and corresponding record storage in the digital certificate
The step of positional information, is further comprising the steps of:
Judge whether the number of data slot exceedes fragment threshold in every group of same clip group in the data slot obtained by segmentation
Value, wherein, the same clip group is one group of structure data slot consistent with content.
If exceeding, using exceed the fragment threshold value same clip group in valid data fragment as data set category
Property is stored.
The valid data fragment that will be stored except the redundant data fragment and the attribute as the data set
Data slot obtained by other outer segmentations, the data cell respectively as the data set is stored, wherein, a data
Fragment one data set data cell of correspondence.
The Data Position of each data slot according to obtained by segmentation in the digital certificate, obtains and stores the data
Data relationship between the attribute of collection and each data cell, with number of each data slot of record storage in the digital certificate
According to positional information.
Wherein, the fragment threshold value determines by the size of data slot and the size of memory space, preferably can in or
Equal to 2.
Preferably, for example digital certificate for OID types digital certificate, partitioning boundary be defined as Tag words section boundary with
The structure boundary of the composite construction of Length fields and Value fields composition, in the present embodiment, can be using Tag fields as number
According to set attribute, remaining data slot is stored as the data cell of data set after above-mentioned steps.
Fig. 2 is referred to, Fig. 2 is the schematic flow sheet of digital certificate store method second embodiment of the present invention.
The digital certificate store method of present embodiment is with the difference of first embodiment:It is described to be compiled according to ASN.1
Code rule, comprises the following steps the step of digital certificate is divided into two or more data slots:
Step 201, obtains each digital certificate to be stored.
Step 202, unified coded format is converted to by the data content of each digital certificate, while recording obtained by conversion
Original coding form and data positional information of the data content in each digital certificate.
Step 203, according to the characteristic information of each digital certificate after form conversion, looks into from default certificate storage template
The certificate matched with each digital certificate after form conversion is looked for store template.
Step 204, each placeholder in the certificate storage template that foundation finds and each digital certificate after form conversion
Data content between corresponding relation.
Step 205, according to ASN.1 coding rules, pair data content corresponding with each placeholder carries out data segmentation, segmentation
It is two or more data slots.
Digital certificate store method described in present embodiment, can further eliminate the redundancy of ASN.1 codings, save
Memory space.
Wherein, for step 202, the data content of digital certificate is converted into unified coded format, can be by originally not
Same data content is converted to the structure data content consistent with content.
In one embodiment, the data content by each digital certificate is converted to unified coded format, while note
The step of recording original coding form and data positional information of the data content obtained by conversion in each digital certificate includes following
Step:
All strings in each digital certificate are converted into UTF8 forms, while recording each word obtained by conversion
Original coding form and data positional information of the symbol string object in each digital certificate.
In other embodiments, the unified coded format can also be other usual volumes of those skilled in the art
Code form.
Fig. 3 is referred to, Fig. 3 is the schematic flow sheet of the implementation method of digital certificate store method the 3rd of the present invention.
The digital certificate store method of present embodiment is with the difference of first embodiment:After being changed with form
When the certificate storage template of each digital certificate matching is a compound certificate, except described in the data slot by obtained by segmentation
Other data slots outside redundant data fragment, storage to certificate memory space, and each data slot of corresponding record storage exist
The step of data positional information in digital certificate, comprises the following steps:
Step 301, the data characteristics of the data slot according to obtained by segmentation will remove redundancy in the data slot obtained by segmentation
Other data slots outside data slot, are stored as the data cell of each data set of the compound certificate, wherein, institute
State default storage format corresponding with the data form of each digital certificate.
Step 302, be the compound certificate each data set in each data cell set up global index, and will set up
Global index's storage is concentrated in default index data.
Step 303, corresponds to Data Position of each data slot obtained by segmentation in each digital certificate, by each data cell
Global index be ranked up, form the index sequence for recovering each digital certificate, existed with each data slot of record storage
Data positional information in each digital certificate.
Step 304, is stored each index sequence as the data cell of the data set of the compound certificate, and to deposit
The data cell for storing up each index sequence sets up global index.
Step 305, the global index that will store the data cell of each index sequence describes as the certificate of each digital certificate.
Digital certificate store method described in present embodiment, one compound certificate template of multiple digital certificate correspondences is carried out
The storage of data slot, can be by the redundancy elimination in multiple digital certificates, by indexing come reference data unit, convenient note
The data relationship between each data cell is recorded, and can fast and accurately retrieve corresponding data slot.
Wherein, for step 302 and step 304, the user data that each data set inside preserves assigns a sequence number,
The sequence number of all data sets carries out Unified coding, and a sequence number only corresponds to a data cell, and is referred to as index.By inciting somebody to action
A series of index splices according to particular order, represents that these corresponding user data of index can enter in that same order
Row splicing, so that a segment for digital certificate is built, even one complete digital certificate.Such index sequence also may be used
It is numbered with by an index, the structure of digital certificate in other words can be described using nested sequence.
For step 305, can also be according to the certificate characteristic of each digital certificate for obtaining, by the certificate name of each digital certificate
It is stored in the compound certificate as certificate description
Preferably, can also be according to the certificate characteristic of each digital certificate for obtaining, by private key title, the key of each digital certificate
The index value of usage, the index value of Key Tpe, the index value of private key file and public key file, as key description storage in institute
In stating compound certificate.
In one embodiment, the data cell of the data set using each index sequence as the compound certificate is carried out
The step of storage, is further comprising the steps of:
According to each index sequence for being formed, it is higher than frequency threshold to find out the occurrence number in one or more index sequences
Sequence fragment, the sequence fragment that will be above frequency threshold stored as the data cell of data set, and for storage is described
The data cell distribution global index of sequence fragment, to replace the sequence fragment in one or more index sequences.
Each index sequence after using replacement is stored as the data cell of the data set of the compound certificate.
In another embodiment, using data slot, index sequence or global index as data set data cell
When being stored, the object type and storage format of each data cell are recorded in the attribute of each data set, wherein, the object
Type includes object, the object of index sequence form, the object of X509 forms, the object of tape format, the band of ASN.1 forms in fact
At least one in the object and external file object of exampleization sequence, the storage format is used to for data cell to be converted to data
Fragment.
The following is the implementation method of digital certificate store method the 4th of the present invention.
The digital certificate store method of present embodiment is with the difference of first embodiment to the 3rd implementation method:Card
Book memory space is provided with certificate container, and certificate container may include identifier 1, the certificate container identifier of identifier 2 and at least
Individual compound certificate, the setting number in the specific form such as table 1 of certificate container, the specific form of compound certificate such as table 2, compound certificate
It is as shown in table 3 according to collection list:
Table 1:
Table 2:
Table 3:
Wherein, certificate memory space preferably may include 8 certificate container files, can be wrapped in each certificate container file
Containing at least one compound certificate object, each compound certificate object can include at least one digital certificate.
Preferably, global information table record certificate information of container, including ID and length.Wherein, ID accounts for 1 byte, highest
Bit is used to judge that container whether there is that 1 to represent exist, and 0 represents do not exist, and remaining 7 bit is used to represent certificate container
Identifier, length accounts for 2 bytes, the length for representing certificate container, if container does not exist, length is set to 0.
Further, all of inside, external data cells all have and uniquely index as identifier.All certificates hold
The index of any one data cell in device file is different from.The span of index is 0~0xDF, has 224.
0xE0-0xFF corresponds to 0-31 spaces respectively for indicating NameSpace.
Wherein, the data cell for being included in certificate container file is internal data cells, and the identifier of external file etc. is
External data cells.
For table 1, certificate container including identifier 1, identifier 2, can only there is 1 reality etc. certificate container identifier
Example, each compound certificate object can be by the way of TLV codings.
For table 2, being combined certificate includes that multiple certificate descriptions and multiple data sets are constituted, each certificate description object and one
Individual digital certificate is corresponding, compound certificate can by comprising multiple certificate description objects save multiple numerals stating it
Certificate.The data of these digital certificates can be stored in multiple compound certificate institutes in multiple certificate containers, and each certificate container
Comprising multiple data sets.
Certificate is described preferably, it may include index value, certificate text that certificate name, credential key type are concentrated in O data
The Hash check values of index value and certificate file of the index value, certificate serial number of part root object in N data sets, each field
By the way of TLV codings, as shown in table 4:
Table 4:
Type | Length (length, unit byte) | Value (codomain) |
1 | It is variable | Certificate name |
2 | 2 | The index value of certificate file root object |
3 | 2 | Index value of the certificate serial number in N data sets |
4 | 8 | The Hash check values of certificate file |
Further, key description is as shown in table 5:
Table 5:
In one embodiment, the storage format of data set is as shown in table 6:
Table 6:
NS | Attribute | Baselndex | Count | Tag | Length | Value |
1 | 2 | 1 | 1 | 1 | 2 | It is elongated |
For table 6, NS is the data space of data set, and Attribute is the attribute of data set, and BaseIndex is the number
Indexed according to the base of collection object, Count is object number, Tag is the corresponding identifier of object data set, and Length joins for Value
Several byte numbers, Value is that Count object is sequentially connected in series.
Preferably, NS spans are 0~31, and on the one hand the parameter indicates notebook data and concentrate life belonging to the object for including
The name space, data cell is quoting acquiescence during other object data sets using index on the other hand also show data set
NameSpace.If the object outside indexing default namespace, 0xE0-0xFF is needed to use as lead byte.
Attribute elements show the association attributes of the data cell of current data set, as shown in figure 4, wherein:
0- simple objects, contain the data (note for being used directly for decoding:Except simple object need according to b4,
B3 } determine decoding rule, { b4, the b3 } of other objects=00).1- composite objects, a sequence being made up of index.2-
The certificate or certificate data template of X509 forms, comprising ASN.1 elements such as SEQUENCE, SET and length in this data cell, and
And the placeholder for also being represented comprising A-Z letters.The composite object of 3- tape format sequences, its data cell storage format for O,
P }, i.e., each data cell is made up of 2 user indexes, wherein the 1st index points to certain composite object, the 2nd index
Certain " string format sequence " object of X data sets should be pointed to.Format sequence and there are two kinds of describing modes:1 is leading
Character is A, then include some indexes below, and N number of character string is corresponded to respectively.2 leading characters are I, then include several below
{ Index, Tag } key-value pair, corresponds to the corrigendum description of several string formats.
4- with instantiation sequence composite object, its data cell storage format be { O, P }, i.e. each data cell by
2 user indexes are constituted, wherein the 1st indexes certain the certificate template object pointed in P data set, the 2nd index should refer to
To certain " placeholder instantiation sequence " object of M data collection.The mark of 5- external files.
Usage/Len={ b3, b2, b1, b0 }:
0- retains, and the byte number of 1- fixed-length datas is the byte number of 2,3- fixed-length datas for the byte number of 1,2- fixed-length datas
It is that the byte number of 3,4- fixed-length datas is 4, for longer fixed-length data, should be stored using elongated data form, 5- [TL]
Elongated data cell is TL structures, and 6-L [V] elongated data cell is LV structures, and each V data can be directly used for decoding behaviour
Make, fixed-length data unit is V structure, can it is direct/be indirectly for decoding operate, 7- [LV] data cell is LV structures, and often
Individual LV data can be directly used for decoding operate, and 8- [(T) LV] data cell is LV structures, and each LV data will be with set
Tag element combinations could be used for decoding operate, and 9-L [FOL] data cell is LV structures, wherein, V data save a FOL
Structure (File/Offset/Length), F is file identifier, and O/L is the length data of compound ASN.1 coding rules, 10-
[TLV] data cell is TLV structures, and each TLV data can be directly used for decoding operate, the Tag elements of this kind of data set
There is no practical significance, preserve data according to TLV structures in data set, it is any only by the TLV data using 1 time, all push away
Recommend and be saved in such data set so that 1 operation of retrieval Tag data sets, 11-L [V] L [P] data sheet are saved in decoding process
Unit is LVLP structures, and wherein LV represents certain object, and LP represents the parameter to LV amendments, and 12- [OP] data cell is OP structures
(Object/Parameters), wherein, O be point to certain object index, P be point to corrected parameter index.In bracket
Portion's data are directly used in decoding operate, and round parentheses internal data comes from parameter set metadata.
Wherein, the rule of combination of Type and Usage/Len is as shown in table 7:
Table 7:
Sequence number | Type | Usage/Len |
1 | Simple object | 1~10 |
2 | Composite object | 6 |
3 | X509 forms | 6 |
4 | The composite object of tape format sequence | 11、12 |
5 | Composite object with instantiation sequence | 11、12 |
6 | The mark of external file | 2 |
Further, BaseIndex elements are the 1st index value of data cell of current data set, thereafter each data
The index of unit is incremented by successively, and base index is decided in its sole discretion by compression algorithm, is adjusted as required by the capacity of all kinds of set, but
The index of data cell in any two set must be avoided to clash.
Count elements are the data cell number that notebook data collection is included.The type of Tag element representation data sets, with data
Element Tag in the certificate is consistent, and Tag is matched during decomposing element to determine which set the element belongs to.If Attribute
The Usage=8 of element, concatenates Tag with each data cell during restructuring digital certificate, and replace index.Length units
Element represents the byte number of Value elements.Value elements are the set of multiple data cells, each data cell storage format by
Type, Usage of Attribute elements are determined.
Digital certificate store system described in present embodiment, sets the specific storage side of the data slot of digital certificate
Formula, devises flexible index rule, simply uses 1 index of byte, effectively saves what index sequence itself was occupied
Memory space, while extending the quantity of index using NameSpace.
Fig. 5 is referred to, Fig. 5 is the structural representation of digital certificate store system first embodiment of the present invention.
The digital certificate store system of present embodiment includes segmentation module 100, matching module 200 and memory module
300, wherein:
Segmentation module 100, for according to ASN.1 coding rules, digital certificate being divided into two or more numbers
According to fragment.
Matching module 200, for carrying out Data Matching to the data slot obtained by segmentation, obtains structure consistent with content
At least two data slots, the structure data slot consistent with content is divided at least one redundant data fragment
With at least one valid data fragment.
Memory module 300, for by other data in the data slot obtained by segmentation in addition to the redundant data fragment
Data positional information of each data slot of fragment, storage to certificate memory space, and corresponding record storage in digital certificate,
Wherein, to the valid data piece segment record its own data positional information and the redundant data fragment Data Position
Information.
Above-mentioned digital certificate store system, two or more data slots are divided into by by digital certificate, and
The structure data slot consistent with content is obtained from the data slot obtained by segmentation will remove the structure of fractional numbers and interior again
Hold other data slots outside consistent data slot, storage to certificate memory space, and record storage to be deposited in the certificate
Store up the data positional information of each data slot in each digital certificate in space, to the valid data piece segment record its own
The data positional information of data positional information and the redundant data fragment, while full storage digital certificate is ensured,
Can not storage part fraction purpose structure and the consistent data slot of content, eliminate partial redundance information, saved digital certificate
Amount of storage, reduces to certificate storage center or the request memory of certificate storage medium.
Wherein, for segmentation module 100, the digital certificate is by certificate authority (Certificate
Authority, CA) signature distribution, it is preferable that may include root certificate, two grades of CA service certificates, user certificates etc..
Further, when splitting to digital certificate, when digital certificate to be stored is only 1, by the numeral
Certificate is divided into two or more data slots, then performs the operation of matching module 200.When numeral card to be stored
When book is more than 2, each digital certificate can be divided into two or more data slots, then perform matching mould
The operation of block 200, from the data slot obtained by the multiple certificates of segmentation, obtains the structure data slot consistent with content.
In one embodiment, segmentation module 100 can be additionally used in:
According to the certificate type of digital certificate, it is determined that partitioning boundary corresponding with the digital certificate.
According to the partitioning boundary for determining, the digital certificate is divided into two or more data slots.
The digital certificate store method of the present embodiment, can reduce data positional information and consume internal memory, further reduce storage
The memory space that digital certificate takes.
In the present embodiment, the basic structural unit of ASN.1 codings is label (Tag), length (Length), value
(Value), i.e. TLV structures.TLV structures allow nesting to use, i.e., certain TLV structure can be the Value of another TLV structure
Field.When data segmentation is carried out according to ASN.1 coding rules, partitioning boundary can be independent Tag fields, Length fields
With Value word section boundaries, or some independent fields composition composite construction border.Such as:When digital certificate is OID classes
During the digital certificate of type, partitioning boundary is defined as Tag words section boundary compound with what Length fields and Value fields were constituted
The structure boundary of structure.
In other embodiments, can also be using the usual other technologies means of those skilled in the art to digital certificate
Carry out data segmentation.
In another embodiment, also including setup module, for digital certificate to be divided into two or more
Data slot before, the storage format of corresponding with digital certificate to be stored certificate storage template and data slot is set.
Wherein, can make a digital certificate can correspond to a certificate storage template, can also make multiple digital certificate correspondences one
Individual certificate template, can be set a kind of compound certificate format, and a compound certificate can include the data of multiple digital certificates.On the one hand
Can ensure that the user data of redundancy only preserves an example, the redundancy for eliminating ASN.1 codings on the other hand can be helped to believe again
Breath.
Further, can be in compound certificate with data set format data storage fragment, by the elementary cell of compound certificate
Be set to data set, for preserving the data slot of the digital certificate for meeting certain data characteristics, these features by data set category
Property (Attribute) is identified.The attribute, preferably may include Tag values (label), the object type of each data cell and deposits
Storage form etc..
Preferably, data set can be set according to the data content of digital certificate to be stored.Same data set can be used for
Preserve same type of data slot.For example:OID data sets can be set, for preserving the data slot that content is object identifier.
Wherein, object identifier is used to identify the numbering of object class or attribute.Can also setting data collection be used for preserving and contain any
Justice, but meet the discrete data of specified conditions, and for example length is the data of 1 byte.
In other embodiments, it is also possible to each data slot is stored in the way of partitioned storage, and by each number
Carried out with digital certificate residing before the storage of each data slot according to the storage region of fragment corresponding.
For matching module 200, can be carried out once with one digital certificate of every segmentation, the data slot to the digital certificate
Data Matching, finds out the structure data slot consistent with content in the data slot obtained by the segmentation of this digital certificate.Also may be used
So that after more than two digital certificates are segmented, the data slot to more than two digital certificates carries out a secondary data
Match somebody with somebody, find out the data slot consistent with content of structure in the data slot obtained by the segmentation of more than two digital certificates.
Preferably, a data slot in the structure data slot consistent with content can be divided into valid data piece
Section, remaining data fragment is divided into redundant data fragment.If after dividing, when the number of valid data fragment is two or more,
Can to a valid data piece segment record in multiple valid data fragments its own data positional information and the redundancy
The data positional information of data slot.
Further, the structure one group data slot consistent with content, in being one or more digital certificates
Redundancy.A Ukey (it is a kind of be directly connected with computer by USB, with cryptographic authorization functions, reliable high speed it is small
Type storage device) in preserve digital certificate there is substantial amounts of redundancy.For example:The certificate storage medium such as Ukey, generally needs
Mechanism's certificate of user certificate and certificate authority is preserved simultaneously, to construct complete certificate chain.And user certificate is issued
Originator is completely the same with the main information of the public key certificate of certificate authority, as redundancy.And for example:The certificates such as Ukey are deposited
Storage media, saves signing certificate and encrypted certificate respectively, and this two issuers of certificate, main informations are completely the same, i.e.,
It is redundancy.For another example:Above-mentioned certificate storage medium, can preserve the user certificate of various Key Tpes, and these user certificates
The general all same of main information, as redundancy.
Additionally, the ASN.1 codings that digital certificate is followed there is also many redundancies in itself, for example certificate typically has
SEQUENCE (certificate version number) type nesting is formed, now can be comprising many such for identifying in digital certificate
Tag bytes.There is substantial amounts of OID categorical datas in digital certificate, can equally include multiple Tag words for identifying the type
Section.After segmentation step (step 101), matching step (step 102) can find out above-mentioned redundancy, some of them
It is the valid data fragment for storing, the redundant data fragment that other are not stored.
In one embodiment, matching module 200 can be used for:
The Hash check values of the data slot as obtained by calculating segmentation, matching verification is carried out to each data slot, is verified
Go out the structure data slot consistent with content.
In other embodiments, those skilled in the art can also be right by other technologies means customary in the art
Data slot obtained by segmentation carries out Data Matching.Such as:Certificate template is analyzed in advance, can be entered according to prior information
Row matching, is not necessarily complete intelligent algorithm.And for example:Certificate authority person object can be matched as overall, certificate main body
Information should then take the combination of its some SET sequence of signature to be matched.
In another embodiment, can be divided according to the size of the memory space of the storage medium of digital certificate
The redundant data fragment and the valid data fragment, if memory space it is smaller, it is necessary to storage digital certificate number compared with
It is many, then a data slot in the structure data slot consistent with content can be divided into valid data fragment, it is other
Data slot is redundant data fragment (preferably, can delete redundant data fragment), i.e. the structure number consistent with content
One is only stored according to fragment.
For memory module 300, when in the structure data slot consistent with content except a data slot is used as effective
Data slot is used to store outer, when other data slots are redundant data fragment, to a valid data for storing
Piece segment record its own data positional information and be divided into redundant data fragment other data slots data bit confidence
Breath, in restructuring for substituting data bit of the redundant data fragment consistent with its structure and content in each digital certificate
Put.
Preferably, a Data Identification can be set for each data slot, the Data Identification can be digital numbering,
Can be the storage location of each data slot, and then each data slice can be recorded by recording the Data Identification of each data slot
Intersegmental data relationship, and the data relationship for recording is corresponded with each digital certificate.
In one embodiment, memory module 300 can be used for:
By other data slots in the data slot obtained by segmentation in addition to the redundant data fragment, respectively as data
The data cell of collection is stored, wherein, data slot one data set data cell of correspondence.
The Data Position of each data slot according to obtained by segmentation in the digital certificate, obtains and stores each data sheet
Data relationship between unit, with data positional information of each data slot of record storage in the digital certificate.
Wherein, the data relationship is preferably position relationship of each data slot in digital certificate or puts in order.
Further, memory module 300 can be additionally used in:
For each data cell distributes unique global index, and the global index that will be distributed is stored in default index number
According to concentration.
Data Position of each data slot obtained by segmentation in the digital certificate is corresponded to, by the overall situation of each data cell
Index is ranked up, and forms the index sequence for recovering the digital certificate, with each data slot of record storage described
Data positional information in digital certificate.
Further, memory module 300 can be further used for, according to the index sequence for being formed, finding out the rope to be formed
Occurrence number will be above the sequence fragment of frequency threshold as the number of data set higher than the sequence fragment of frequency threshold in drawing sequence
Stored according to unit, and global index is distributed to store the data cell of the sequence fragment, to replace the index sequence
In the sequence fragment.
In another embodiment, memory module 300 can be used for:
Judge whether the number of data slot exceedes fragment threshold in every group of same clip group in the data slot obtained by segmentation
Value, wherein, the same clip group is one group of structure data slot consistent with content.
If exceeding, using exceed the fragment threshold value same clip group in valid data fragment as data set category
Property is stored.
The valid data fragment that will be stored except the redundant data fragment and the attribute as the data set
Data slot obtained by other outer segmentations, the data cell respectively as the data set is stored, wherein, a data
Fragment one data set data cell of correspondence.
The Data Position of each data slot according to obtained by segmentation in the digital certificate, obtains and stores the data
Data relationship between the attribute of collection and each data cell, with number of each data slot of record storage in the digital certificate
According to positional information.
Wherein, for example digital certificate for OID types digital certificate, partitioning boundary be defined as Tag words section boundary with
The structure boundary of the composite construction of Length fields and Value fields composition, in the present embodiment, can be using Tag fields as number
According to set attribute, remaining data slot is stored as the data cell of data set after above-mentioned steps.
As described below is digital certificate store system second embodiment of the present invention.
The digital certificate store system of present embodiment is with the difference of first embodiment:Segmentation module 100 may be used also
For:
Obtain each digital certificate to be stored.
The data content of each digital certificate is converted into unified coded format, while recording the data content obtained by conversion
Original coding form and data positional information in each digital certificate.
According to the characteristic information of each digital certificate after form conversion, searched and form from default certificate storage template
The certificate storage template of each digital certificate matching after conversion.
The certificate that foundation finds is stored in the data of each digital certificate after each placeholder and the form conversion in template
Corresponding relation between appearance.
According to ASN.1 coding rules, pair data content corresponding with each placeholder carries out data segmentation, be divided into two or
More than two data slots.
Digital certificate store system described in present embodiment, can further eliminate the redundancy of ASN.1 codings, save
Memory space.
Wherein, for segmentation module 100, the data content of digital certificate is converted into unified coded format, can be by original
Carry out different data contents and be converted to the structure data content consistent with content.
In one embodiment, segmentation module 100 can be additionally used in:
All strings in each digital certificate are converted into UTF8 forms, while recording each word obtained by conversion
Original coding form and data positional information of the symbol string object in each digital certificate.
In other embodiments, the unified coded format can also be other usual volumes of those skilled in the art
Code form.
As described below is the implementation method of digital certificate store system the 3rd of the present invention.
The digital certificate store system of present embodiment is with the difference of first embodiment:After being changed with form
When the certificate storage template of each digital certificate matching is a compound certificate, memory module 300 can be additionally used in:
The data characteristics of the data slot according to obtained by segmentation, will remove redundant data fragment in the data slot obtained by segmentation
Other outer data slots, are stored as the data cell of each data set of the compound certificate, wherein, it is described default
Storage format is corresponding with the data form of each digital certificate.
For each data cell in each data set of the compound certificate sets up global index, and the global index that will be set up
Storage is concentrated in default index data.
Data Position of each data slot obtained by segmentation in each digital certificate is corresponded to, by the global rope of each data cell
Draw and be ranked up, form the index sequence for recovering each digital certificate, with each data slot of record storage in each numeral card
Data positional information in book.
Stored each index sequence as the data cell of the data set of the compound certificate, and to store each index
The data cell of sequence sets up global index.
The global index that the data cell of each index sequence will be stored describes as the certificate of each digital certificate.
Digital certificate store system described in present embodiment, one compound certificate template of multiple digital certificate correspondences is carried out
The storage of data slot, can be by the redundancy elimination in multiple digital certificates, by indexing come reference data unit, convenient note
The data relationship between each data cell is recorded, and can fast and accurately retrieve corresponding data slot.
Wherein, for memory module 300, the user data that each data set inside preserves assigns a sequence number, owns
The sequence number of data set carries out Unified coding, and a sequence number only corresponds to a data cell, and is referred to as index.It is by by one
The index of row splices according to particular order, represents that these corresponding user data of index can be spelled in that same order
Connect, so that a segment for digital certificate is built, even one complete digital certificate.Such index sequence can also be by
One index is numbered, and the structure of digital certificate in other words can be described using nested sequence.
Further, the certificate name of each digital certificate can be also referred to as according to the certificate characteristic of each digital certificate for obtaining
For certificate description is stored in the compound certificate
Preferably, can also be according to the certificate characteristic of each digital certificate for obtaining, by private key title, the key of each digital certificate
The index value of usage, the index value of Key Tpe, the index value of private key file and public key file, as key description storage in institute
In stating compound certificate.
In one embodiment, memory module 300 can be additionally used in:
According to each index sequence for being formed, it is higher than frequency threshold to find out the occurrence number in one or more index sequences
Sequence fragment, the sequence fragment that will be above frequency threshold stored as the data cell of data set, and for storage is described
The data cell distribution global index of sequence fragment, to replace the sequence fragment in one or more index sequences.
Each index sequence after using replacement is stored as the data cell of the data set of the compound certificate.
In another embodiment, using data slot, index sequence or global index as data set data cell
When being stored, the object type and storage format of each data cell are recorded in the attribute of each data set, wherein, the object
Type includes object, the object of index sequence form, the object of X509 forms, the object of tape format, the band of ASN.1 forms in fact
At least one in the object and external file object of exampleization sequence, the storage format is used to for data cell to be converted to data
Fragment.
Fig. 6 is referred to, Fig. 6 show the schematic flow sheet of digital certificate read method first embodiment of the present invention.
Digital certificate read method described in present embodiment is comprised the following steps:
Step 601, data slot corresponding with digital certificate to be read, and the number are obtained from certificate memory space
According to fragment in the digital certificate corresponding data positional information, wherein, the data slot include at least one significant figure
According to fragment, at least two data positional informations of the valid data fragment correspondence.
Step 602, the data slot outside the valid data fragment is carried out according to its corresponding data positional information
Combination, corresponding data slot is recovered by valid data fragment in its corresponding each Data Position respectively, reassembles into the number
Word certificate.
Digital certificate read method described in present embodiment, obtains and numeral to be read by from certificate memory space
The corresponding data slot of certificate, and the data slot corresponding data positional information in the digital certificate, then by institute
State the data slot outside valid data fragment to be combined according to its corresponding data positional information, by valid data fragment point
Do not recover corresponding data slot in its corresponding each Data Position, reassemble into the digital certificate, storage sky can saved
Between on the basis of, quickly read complete digital certificate.
Wherein, for step 601, acquired data slot is by the digital certificate in Fig. 1 to 4 shown in any one
The data slot of storage method storage.
Preferably, can be special according to the mark (as indexed) for pre-setting or data corresponding with digital certificate to be read
Property, find the data slot.
For step 602, the pre-recorded storage the certificate memory space each data slot in each numeral
Data Position in certificate is corresponding with the Data Position recorded in the digital certificate store method shown in any one in Fig. 1 to 4.
Fig. 7 is referred to, Fig. 7 is the schematic flow sheet of digital certificate read method second embodiment of the present invention.
The digital certificate read method of present embodiment is with the difference of first embodiment:When the data slot is made
For the data cell of data set is stored in the certificate memory space, the data positional information is for recovering the numeral card
It is described to obtain data slot corresponding with digital certificate to be read, Yi Jisuo from certificate memory space during the index sequence of book
Data slot is stated to be comprised the following steps the step of corresponding data positional information in the digital certificate:
Step 701, obtains the index sequence of the digital certificate, and each global index in the index sequence is scanned successively
The data cell of corresponding data set, and each global index is converted to the data cell for scanning.
Step 702, according to the attribute of each affiliated data set of the data cell for scanning, to the global index after each conversion
Default recovery operation is performed, corresponding data slot is reverted to.
Digital certificate read method described in present embodiment, by global index, can quickly read the number for needing to read
Word certificate, saves read access time.
Wherein, for step 701, the global index is set up in digital certificate store method of the present invention complete
Office's index.Preferably, when the index sequence of the digital certificate describes corresponding record as the certificate of the digital certificate, directly
Obtained by connecing the certificate description for searching the digital certificate.
In one embodiment, before performing the step of the root for obtaining the digital certificate is indexed, also including with
Lower step:
Each data set in the certificate memory space is analyzed, is set up between global index and data cell and is corresponded
Tables of data.
Preferably, during specific analysis, index file is can read, obtains the row of certificate container file identifier
Table, reads each certificate container file, and all compound certificate that analysis is wherein included reads each compound certificate, analyzes
The description of all certificates, the data set for wherein including, analyze each data set, extract the corresponding index of each data cell,
Check whether data cell number matches with Count parameters, terminate reading digital certificate if mismatching, check all data sheets
The index of unit terminates reading digital certificate with the presence or absence of conflict if clashing.
In another embodiment, the step of index sequence of the acquisition digital certificate is comprised the following steps:
The certificate description of the digital certificate is obtained, the contained corresponding data set of global index of the certificate description is scanned
Data cell, the index sequence of the digital certificate is obtained from the data cell.
In other embodiments, the data cell of the corresponding data set of each global index for scanning acquisition successively,
And comprise the following steps the step of each global index is converted into the data cell for scanning:
The attribute of data set according to where the data cell for scanning, obtains the object type of the data cell, wherein,
The object type includes object, the object of index sequence form, the object of tape format, the band instantiation sequence of ASN.1 forms
At least one in the object and external file object of row.
If the data cell for scanning is the object (or simple object) of ASN.1 forms, by the conversion of each global index
It is the data cell for scanning.
If the data cell for scanning is the object (or composite object) of index sequence form, by the data cell still
Preserved in the form of index sequence, and continued to scan on according to the index sequence, until the data cell for scanning is ASN.1 lattice
During the object of formula, each global index in the index sequence is converted to the data cell for scanning.
If the data cell for scanning is the object (or composite object of tape format sequence) of tape format, according to
One subindex is scanned, until corresponding data cell, when the data cell for scanning is the object of ASN.1 forms, by institute
Each global index stated in index sequence is converted to the data cell for scanning.
String format is obtained according to the second subindex.
If the data cell for scanning is the object (or the composite object with instantiation sequence) with instantiation sequence, root
The certificate matched with the digital certificate is read according to the first subindex and stores template.
The index sequence of data cell corresponding with each placeholder is obtained according to the second subindex.
Continued to scan on according to each index sequence, until when the data cell for scanning is the object of ASN.1 forms, will be described
Each global index in index sequence is converted to the data cell for scanning.
If the data cell for scanning is external file object (or external file indicia), corresponding external file is read
Data content.
Preferably, by Multiple-Scan, attempt recovering each corresponding initial data fragment of index, wherein the 1st scanning
Recover all of simple object, then user recovers composite object for each scanning thereafter, when the object for finding composite object index
It is the object for not yet recovering initial data, then first processes the object being indexed.After scanning several times, it should recover all
Corresponding initial data is indexed, for each corresponding data cell of index, it is necessary to the Attribute according to place data set is first
Element, is respectively adopted following different modes to recover their initial data.
For step 702, the default recovery operation is implemented with digital certificate store method the 4th of the present invention
Attribute (Attribute elements) correspondence of the specific form of the centrally stored data cell of data or affiliated data set in mode.
In one embodiment, according to the attribute of each affiliated data set of the data cell for scanning, after each conversion
Global index perform default recovery operation, comprise the following steps the step of revert to corresponding data slot:
If the data cell for scanning is the object of ASN.1 forms, and/or the object of index sequence form, according to most
Record storage form in the attribute of each affiliated data set of data cell for scanning eventually, global index after each is changed as
Data slot corresponding with the digital certificate, or after each global index after changing is concatenated with the Tag elements of data set
As the corresponding data slot of the digital certificate.
If the data cell for scanning is the object with instantiation sequence, the global index after conversion is filled into reading
Certificate storage template in, the index sequence of the corresponding data cell of each placeholder all after conversion, then calculates its corresponding
The length of data slot, to replace the data of Length fields in the certificate storage template.
In another embodiment:
The data slot by outside the valid data fragment is combined according to its corresponding data positional information
The step of it is further comprising the steps of:
Data slot after recovery is ranked up according to the index sequence and/or nested.
Or, before performing the step of the root for obtaining the digital certificate is indexed, it is further comprising the steps of:
Each data set in the certificate memory space is analyzed, is set up between global index and data cell and is corresponded
Tables of data.
In addition, the corresponding initial data of index sequence is successfully recovered, then represent certain certificate and be successfully recovered, and passes through
Calculate hash and be compared with the Hash in certificate description, so as to judge whether the certificate of decoding is correct.
Fig. 8 is referred to, Fig. 8 show the structural representation that digital certificate of the present invention reads system first embodiment.
Digital certificate described in present embodiment reads system includes read module 810 and recombination module 820, wherein:
Read module 810, data slot corresponding with digital certificate to be read, Yi Jisuo are obtained from certificate memory space
Data slot corresponding data positional information in the digital certificate is stated, wherein, the data slot has including at least one
Effect data slot, at least two data positional informations of the valid data fragment correspondence.
Recombination module 820, by the data slot outside the valid data fragment according to its corresponding data positional information
It is combined, valid data fragment is recovered into corresponding data slot in its corresponding each Data Position respectively, reassembles into institute
State digital certificate.
Digital certificate described in present embodiment reads system, is obtained and numeral to be read by from certificate memory space
The corresponding data slot of certificate, and the data slot corresponding data positional information in the digital certificate, then by institute
State the data slot outside valid data fragment to be combined according to its corresponding data positional information, by valid data fragment point
Do not recover corresponding data slot in its corresponding each Data Position, reassemble into the digital certificate, storage sky can saved
Between on the basis of, quickly read complete digital certificate.
Wherein, for read module 810, acquired data slot is by the numeral in Fig. 1 to 4 shown in any one
The data slot of certificate storage method storage.
Preferably, can be special according to the mark (as indexed) for pre-setting or data corresponding with digital certificate to be read
Property, find the data slot.
For recombination module 820, the pre-recorded storage the certificate memory space each data slot each
The Data Position recorded in digital certificate store method in Data Position and Fig. 1 to 4 in digital certificate shown in any one
Correspondence.
Digital certificate of the present invention as described below reads system second embodiment.
The digital certificate of present embodiment reads system:When the data slot is made
For the data cell of data set is stored in the certificate memory space, the data positional information is for recovering the numeral card
During the index sequence of book, read module 810 can be additionally used in:
The index sequence of the digital certificate is obtained, the corresponding number of each global index in the index sequence is scanned successively
According to the data cell of collection, and each global index is converted to the data cell for scanning.
According to the attribute of each affiliated data set of the data cell for scanning, the global index after each conversion is performed default
Recovery operation, revert to corresponding data slot.
Digital certificate described in present embodiment reads system, by global index, can quickly read the number for needing to read
Word certificate, saves read access time.
Wherein, for read module 810, the global index is foundation in digital certificate store method of the present invention
Global index.Preferably, when the index sequence of the digital certificate describes corresponding record as the certificate of the digital certificate
When, obtained by the certificate description for directly searching the digital certificate.
In one embodiment, before performing the step of the root for obtaining the digital certificate is indexed, also including with
Lower step:
Each data set in the certificate memory space is analyzed, is set up between global index and data cell and is corresponded
Tables of data.
Preferably, during specific analysis, index file is can read, obtains the row of certificate container file identifier
Table, reads each certificate container file, and all compound certificate that analysis is wherein included reads each compound certificate, analyzes
The description of all certificates, the data set for wherein including, analyze each data set, extract the corresponding index of each data cell,
Check whether data cell number matches with Count parameters, terminate reading digital certificate if mismatching, check all data sheets
The index of unit terminates reading digital certificate with the presence or absence of conflict if clashing.
In another embodiment, the step of index sequence of the acquisition digital certificate is comprised the following steps:
The certificate description of the digital certificate is obtained, the contained corresponding data set of global index of the certificate description is scanned
Data cell, the index sequence of the digital certificate is obtained from the data cell.
In other embodiments, the data cell of the corresponding data set of each global index for scanning acquisition successively,
And comprise the following steps the step of each global index is converted into the data cell for scanning:
The attribute of data set according to where the data cell for scanning, obtains the object type of the data cell, wherein,
The object type includes object, the object of index sequence form, the object of tape format, the band instantiation sequence of ASN.1 forms
At least one in the object and external file object of row.
If the data cell for scanning is the object (or simple object) of ASN.1 forms, by the conversion of each global index
It is the data cell for scanning.
If the data cell for scanning is the object (or composite object) of index sequence form, by the data cell still
Preserved in the form of index sequence, and continued to scan on according to the index sequence, until the data cell for scanning is ASN.1 lattice
During the object of formula, each global index in the index sequence is converted to the data cell for scanning.
If the data cell for scanning is the object (or composite object of tape format sequence) of tape format, according to
One subindex is scanned, until corresponding data cell, when the data cell for scanning is the object of ASN.1 forms, by institute
Each global index stated in index sequence is converted to the data cell for scanning.
String format is obtained according to the second subindex.
If the data cell for scanning is the object (or the composite object with instantiation sequence) with instantiation sequence, root
The certificate matched with the digital certificate is read according to the first subindex and stores template.
The index sequence of data cell corresponding with each placeholder is obtained according to the second subindex.
Continued to scan on according to each index sequence, until when the data cell for scanning is the object of ASN.1 forms, will be described
Each global index in index sequence is converted to the data cell for scanning.
If the data cell for scanning is external file object (or external file indicia), corresponding external file is read
Data content.
Preferably, by Multiple-Scan, attempt recovering each corresponding initial data fragment of index, wherein the 1st scanning
Recover all of simple object, then user recovers composite object for each scanning thereafter, when the object for finding composite object index
It is the object for not yet recovering initial data, then first processes the object being indexed.After scanning several times, it should recover all
Corresponding initial data is indexed, for each corresponding data cell of index, it is necessary to the Attribute according to place data set is first
Element, is respectively adopted following different modes to recover their initial data.
For read module 810, the default recovery operation and digital certificate store method the 4th of the present invention
The attribute (Attribute elements) of the specific form of the centrally stored data cell of data or affiliated data set is right in implementation method
Should.
In one embodiment, according to the attribute of each affiliated data set of the data cell for scanning, after each conversion
Global index perform default recovery operation, comprise the following steps the step of revert to corresponding data slot:
If the data cell for scanning is the object of ASN.1 forms, and/or the object of index sequence form, according to most
Record storage form in the attribute of each affiliated data set of data cell for scanning eventually, global index after each is changed as
Data slot corresponding with the digital certificate, or after each global index after changing is concatenated with the Tag elements of data set
As the corresponding data slot of the digital certificate.
If the data cell for scanning is the object with instantiation sequence, the global index after conversion is filled into reading
Certificate storage template in, the index sequence of the corresponding data cell of each placeholder all after conversion, then calculates its corresponding
The length of data slot, to replace the data of Length fields in the certificate storage template.
In another embodiment:
The data slot by outside the valid data fragment is combined according to its corresponding data positional information
The step of it is further comprising the steps of:
Data slot after recovery is ranked up according to the index sequence and/or nested.
Or, before performing the step of the root for obtaining the digital certificate is indexed, it is further comprising the steps of:
Each data set in the certificate memory space is analyzed, is set up between global index and data cell and is corresponded
Tables of data.
In addition, the corresponding initial data of index sequence is successfully recovered, then represent certain certificate and be successfully recovered, and passes through
Calculate hash and be compared with the Hash in certificate description, so as to judge whether the certificate of decoding is correct.
Fig. 9 is referred to, the flow that Fig. 9 show another digital certificate read method first embodiment of the invention is illustrated
Figure.
Digital certificate read method described in present embodiment is comprised the following steps:
Step 901, according to ASN.1 coding rules, two or more data slots is divided into by digital certificate.
Step 902, carries out Data Matching to the data slot obtained by segmentation, obtains structure and content consistent at least two
Individual data slot, at least one redundant data fragment and at least one are divided into by the structure data slot consistent with content
Individual valid data fragment.
Step 903, by other data slots in the data slot obtained by segmentation in addition to the redundant data fragment, storage
To certificate memory space, and corresponding record storage data positional information of each data slot in the digital certificate, wherein,
To the valid data piece segment record its own data positional information and the redundant data fragment data positional information.
Step 904, data slot corresponding with digital certificate to be read, and the number are obtained from certificate memory space
According to fragment in the digital certificate corresponding data positional information.
Step 905, the data slot outside the valid data fragment is carried out according to its corresponding data positional information
Combination, corresponding data slot is recovered by valid data fragment in its corresponding each Data Position respectively, reassembles into the number
Word certificate.
Wherein, above-mentioned steps 901 are to step 903, with any one corresponding above-mentioned digital certificate store in Fig. 1 to Fig. 4
The operating process of the digital certificate in method is corresponding.
Step 904 is corresponding with the operating process in the digital certificate read method described in Fig. 6 and Fig. 7 to step 905.
Figure 10 is referred to, Figure 10 show the structural representation that another digital certificate of the present invention reads system first embodiment
Figure.
Digital certificate described in present embodiment reads system includes segmentation module 100, matching module 200, memory module
300th, read module 810 and recombination module 820, wherein:
Segmentation module 100, for according to ASN.1 coding rules, digital certificate being divided into two or more numbers
According to fragment.
Matching module 200, for carrying out Data Matching to the data slot obtained by segmentation, obtains structure consistent with content
At least two data slots, the structure data slot consistent with content is divided at least one redundant data fragment
With at least one valid data fragment.
Memory module 300, for by other data in the data slot obtained by segmentation in addition to the redundant data fragment
Data Position of each data slot of fragment, storage to certificate memory space, and corresponding record storage in the digital certificate
Information, wherein, to the valid data piece segment record its own data positional information and the redundant data fragment number
According to positional information.
Read module 810, for obtaining data slot corresponding with digital certificate to be read from certificate memory space, with
And the data slot corresponding data positional information in the digital certificate.
Recombination module 820, for by the data slot outside the valid data fragment according to its corresponding Data Position
Information is combined, and valid data fragment is recovered into corresponding data slot, restructuring in its corresponding each Data Position respectively
Into the digital certificate.
Embodiment described above only expresses several embodiments of the invention, and its description is more specific and detailed, but simultaneously
Therefore the limitation to the scope of the claims of the present invention can not be interpreted as.It should be pointed out that for one of ordinary skill in the art
For, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to guarantor of the invention
Shield scope.Therefore, the protection domain of patent of the present invention should be determined by the appended claims.
Claims (19)
1. a kind of digital certificate store method, it is characterised in that comprise the following steps:
According to ASN.1 coding rules, digital certificate is divided into two or more data slots;
Data Matching is carried out to the data slot obtained by segmentation, structure at least two data slots consistent with content are obtained,
The structure data slot consistent with content is divided at least one redundant data fragment and at least one valid data
Fragment;
Other data slots in data slot obtained by segmentation in addition to the redundant data fragment, storage to certificate are stored empty
Between, and corresponding record storage data positional information of each data slot in the digital certificate, wherein, to the significant figure
According to piece segment record its own data positional information and the redundant data fragment data positional information;
Other data slots in the data slot by obtained by segmentation in addition to the redundant data fragment, storage is deposited to certificate
Storage space, and the step of data positional information of each data slot in the digital certificate of corresponding record storage also include with
Lower step:
By other data slots in the data slot obtained by segmentation in addition to the redundant data fragment, respectively as data set
Data cell is stored, wherein, data slot one data set data cell of correspondence;
The Data Position of each data slot according to obtained by segmentation in the digital certificate, between obtaining and storing each data cell
Data relationship, with data positional information of each data slot of record storage in the digital certificate;
It is described to obtain and comprised the following steps the step of storing the data relationship between each data cell:
For each data cell distributes unique global index, and the global index that will be distributed is stored in default directoried data set
In;
Data Position of each data slot obtained by segmentation in the digital certificate is corresponded to, by the global index of each data cell
It is ranked up, forms the index sequence for recovering the digital certificate, with each data slot of record storage in the numeral
Data positional information in certificate.
2. digital certificate store method according to claim 1, it is characterised in that the data slot obtained by described pair of segmentation
Carry out Data Matching, comprise the following steps the step of obtain structure at least two data slots consistent with content:
The Hash check values of the data slot as obtained by calculating segmentation, matching verification is carried out to each data slot, verifies out knot
The structure data slot consistent with content.
3. digital certificate store method according to claim 1, it is characterised in that formed for recovering the number described
It is further comprising the steps of after the step of word certificate index sequence:
According to the index sequence for being formed, the sequence fragment of occurrence number in the index sequence to be formed higher than frequency threshold is found out,
The sequence fragment that will be above frequency threshold is stored as the data cell of data set, and to store the number of the sequence fragment
Global index is distributed according to unit, to replace the sequence fragment in the index sequence.
4. digital certificate store method according to claim 1, it is characterised in that the data slot by obtained by segmentation
In other data slots in addition to the redundant data fragment, storage to certificate memory space, and corresponding record storage each number
It is further comprising the steps of the step of data positional information in the digital certificate according to fragment:
Judge whether the number of data slot exceedes fragment threshold value in every group of same clip group in the data slot obtained by segmentation, its
In, the same clip group is one group of structure data slot consistent with content;
If exceeding, the valid data fragment in the same clip group for exceeding the fragment threshold value is entered as the attribute of data set
Row storage;
Using in addition to the valid data fragment that the redundant data fragment and the attribute as the data set are stored
Data slot obtained by other segmentations, the data cell respectively as the data set is stored, wherein, a data slot
One data set data cell of correspondence;
The Data Position of each data slot according to obtained by segmentation in the digital certificate, obtains and stores the data set
Data relationship between attribute and each data cell, with data bit of each data slot of record storage in the digital certificate
Confidence ceases.
5. digital certificate store method according to claim 1, it is characterised in that described according to ASN.1 coding rules, will
The step of digital certificate is divided into two or more data slots comprises the following steps:
Obtain each digital certificate to be stored;
The data content of each digital certificate is converted into unified coded format, while recording the data content obtained by changing each
Original coding form and data positional information in digital certificate;
According to the characteristic information of each digital certificate after form conversion, searched from default certificate storage template and form conversion
The certificate storage template of each digital certificate matching afterwards;
Between the certificate that foundation finds stores the data content of each digital certificate after each placeholder and the form conversion in template
Corresponding relation;
According to ASN.1 coding rules, pair data content corresponding with each placeholder carries out data segmentation, is divided into two or two
Data slot above.
6. digital certificate store method according to claim 5, it is characterised in that described by the data of each digital certificate
Appearance is converted to unified coded format, while recording original coding form of the data content obtained by changing in each digital certificate
And the step of data positional information is comprised the following steps:
All strings in each digital certificate are converted into UTF8 forms, while recording each character string obtained by conversion
Original coding form and data positional information of the object in each digital certificate.
7. digital certificate store method according to claim 6, it is characterised in that each numeral card after being changed with form
When the certificate storage template of book matching is a compound certificate, the redundant data is removed in the data slot by obtained by segmentation
Each data slot of other data slots outside fragment, storage to certificate memory space, and corresponding record storage is in the numeral
The step of data positional information in certificate, comprises the following steps:
The data characteristics of the data slot according to obtained by segmentation and default storage format, will remove in the data slot obtained by segmentation
Other data slots outside redundant data fragment, are stored as the data cell of each data set of the compound certificate, its
In, the default storage format is corresponding with the data form of each digital certificate;
For each data cell in each data set of the compound certificate sets up global index, and the global index's storage that will be set up
Concentrated in default index data;
Data Position of each data slot obtained by segmentation in each digital certificate is corresponded to, the global index of each data cell is entered
Row sequence, forms the index sequence for recovering each digital certificate, with each data slot of record storage in each digital certificate
Data positional information;
Stored each index sequence as the data cell of the data set of the compound certificate, and to store each index sequence
Data cell set up global index;
The global index that the data cell of each index sequence will be stored describes as the certificate of each digital certificate.
8. digital certificate store method according to claim 7, it is characterised in that it is described using each index sequence as described
The step of data cell of the data set of compound certificate is stored is further comprising the steps of:
According to each index sequence for being formed, sequence of the occurrence number higher than frequency threshold in one or more index sequences is found out
Column-slice section, the sequence fragment that will be above frequency threshold is stored as the data cell of data set, and to store the sequence
The data cell distribution global index of fragment, to replace the sequence fragment in one or more index sequences;
Each index sequence after using replacement is stored as the data cell of the data set of the compound certificate.
9. the digital certificate store method according to claim 3,4,7 or 8, it is characterised in that:
When data slot, index sequence or global index are stored as the data cell of data set, in each data set
Attribute in record the object type and storage format of each data cell, wherein, the object type includes the right of ASN.1 forms
As, the object of index sequence form, the object of X509 forms, the object of tape format, with instantiation sequence object and outside
At least one in file object, the storage format is used to for data cell to be converted to data slot.
10. a kind of digital certificate store system, it is characterised in that including:
Segmentation module, for according to ASN.1 coding rules, digital certificate being divided into two or more data slots;
Matching module, for carrying out Data Matching to the data slot obtained by segmentation, obtain structure and content it is consistent at least
Two data slots, at least one redundant data fragment and at least is divided into by the structure data slot consistent with content
One valid data fragment;
Memory module, for by other data slots in the data slot obtained by segmentation in addition to the redundant data fragment, depositing
Store up certificate memory space, and corresponding record storage data positional information of each data slot in the digital certificate, its
In, to the valid data piece segment record its own data positional information and the redundant data fragment data bit confidence
Breath;
The memory module, for by other data slices in the data slot obtained by segmentation in addition to the redundant data fragment
Section, the data cell respectively as data set is stored, wherein, data slot one data set data of correspondence
Unit;The Data Position of each data slot according to obtained by segmentation in the digital certificate, obtains and stores each data cell
Between data relationship, with data positional information of each data slot of record storage in the digital certificate;
The memory module, for distributing unique global index, and the global index's storage that will be distributed for each data cell
Concentrated in default index data;Data Position of each data slot obtained by segmentation in the digital certificate is corresponded to, will be each
The global index of data cell is ranked up, and the index sequence for recovering the digital certificate is formed, with each of record storage
Data positional information of the data slot in the digital certificate.
11. a kind of digital certificate read methods, it is characterised in that comprise the following steps:
Data slot corresponding with digital certificate to be read is obtained from certificate memory space, and the data slot is described
Corresponding data positional information in digital certificate, wherein, the data slot includes at least one valid data fragment, described to have
Effect data slot at least two data positional informations of correspondence;
Data slot outside the valid data fragment is combined according to its corresponding data positional information, by significant figure
Recover corresponding data slot in its corresponding each Data Position respectively according to fragment, reassemble into the digital certificate;
When the data slot is stored in the certificate memory space, the data positional information as the data cell of data set
It is described to be obtained and digital certificate pair to be read from certificate memory space when being the index sequence for recovering the digital certificate
The data slot answered, and the data slot in the digital certificate the step of corresponding data positional information include it is following
Step:
The index sequence of the digital certificate is obtained, the corresponding data set of each global index in the index sequence is scanned successively
Data cell, and each global index is converted to the data cell for scanning;
According to the attribute of each affiliated data set of the data cell for scanning, the global index after each conversion is performed default extensive
Multiple operation, reverts to corresponding data slot.
12. digital certificate read methods according to claim 11, it is characterised in that the acquisition digital certificate
The step of index sequence, comprises the following steps:
The certificate description of the digital certificate is obtained, the number of the contained corresponding data set of global index of the certificate description is scanned
According to unit, the index sequence of the digital certificate is obtained from the data cell.
13. digital certificate read methods according to claim 11, it is characterised in that the acquisition digital certificate
Index sequence, scans the data cell of the corresponding data set of each global index of acquisition, and each global index is turned successively
The step of being changed to the data cell for scanning comprises the following steps:
The attribute of data set according to where the data cell for scanning, obtains the object type of the data cell, wherein, it is described
The object of object type including ASN.1 forms, the object of index sequence form, the object of tape format, band instantiate sequence
At least one in object and external file object;
If the data cell for scanning is the object of ASN.1 forms, each global index is converted to the data sheet for scanning
Unit;
If the data cell for scanning is the object of index sequence form, by the data cell still in the form of index sequence
Preserve, and continued to scan on according to the index sequence, until when the data cell for scanning is the object of ASN.1 forms, by institute
Each global index stated in index sequence is converted to the data cell for scanning;
If the data cell for scanning is the object of tape format, it is scanned according to the first subindex, until corresponding number
According to unit, when the data cell for scanning is the object of ASN.1 forms, each global index in the index sequence is converted to
The data cell for scanning;
String format is obtained according to the second subindex;
If the data cell for scanning is the object with instantiation sequence, read and the digital certificate according to the first subindex
The certificate storage template of matching;
The index sequence of data cell corresponding with each placeholder is obtained according to the second subindex;
Continued to scan on according to each index sequence, until when the data cell for scanning is the object of ASN.1 forms, by the index
Each global index in sequence is converted to the data cell for scanning;
If the data cell for scanning is external file object, the data content of corresponding external file is read.
14. digital certificate read methods according to claim 13, it is characterised in that described according to each data for scanning
The attribute of the affiliated data set of unit, default recovery operation is performed to the global index after each conversion, reverts to corresponding number
The step of according to fragment, comprises the following steps:
If the data cell for scanning is the object of ASN.1 forms, and/or the object of index sequence form, according to final each
The storage format recorded in the attribute of the affiliated data set of data cell for scanning, global index after each is changed as with
The corresponding data slot of the digital certificate, or make after each global index after changing is concatenated with the Tag elements of data set
It is the corresponding data slot of the digital certificate;The type of data set described in the Tag element representations;
If the data cell for scanning is the object with instantiation sequence, the global index after conversion is filled into the card of reading
In book storage template, after the index sequence of the corresponding data cell of each placeholder is all changed, then its corresponding data is calculated
The length of fragment, to replace the data of Length fields in the certificate storage template;Length in the certificate storage template
Field represents the Length fields in the TLV structures for meeting ASN.1 codings included in the certificate storage masterplate.
15. digital certificate read methods according to claim 11, it is characterised in that described by the valid data fragment
Outside data slot it is further comprising the steps of the step of be combined according to its corresponding data positional information:
Data slot after recovery is ranked up according to the index sequence and/or nested.
16. digital certificate read methods according to claim 11, it is characterised in that performing the acquisition numeral
It is further comprising the steps of before the step of index sequence of certificate:
Each data set in the certificate memory space is analyzed, is set up between global index and data cell and is counted correspondingly
According to table.
A kind of 17. digital certificates read system, it is characterised in that including:
Read module for obtaining data slot corresponding with digital certificate to be read and described from certificate memory space
Data slot corresponding data positional information in the digital certificate, wherein, the data slot includes that at least one is effective
Data slot, at least two data positional informations of the valid data fragment correspondence;
Recombination module, for the data slot outside the valid data fragment to be carried out according to its corresponding data positional information
Combination, corresponding data slot is recovered by valid data fragment in its corresponding each Data Position respectively, reassembles into the number
Word certificate;
The read module, for storing empty in the certificate as the data cell storage of data set when the data slot
Between, when the data positional information is the index sequence for recovering the digital certificate, obtain the index of the digital certificate
Sequence, scans the data cell of the corresponding data set of each global index in the index sequence successively, and by each global rope
Draw the data cell for being converted to and scanning;According to the attribute of each affiliated data set of the data cell for scanning, after each conversion
Global index perform default recovery operation, revert to corresponding data slot.
18. a kind of digital certificate read methods, it is characterised in that comprise the following steps:
According to ASN.1 coding rules, digital certificate is divided into two or more data slots;
Data Matching is carried out to the data slot obtained by segmentation, structure at least two data slots consistent with content are obtained,
The structure data slot consistent with content is divided at least one redundant data fragment and at least one valid data
Fragment;
Other data slots in data slot obtained by segmentation in addition to the redundant data fragment, storage to certificate are stored empty
Between, and corresponding record storage data positional information of each data slot in the digital certificate, wherein, to the significant figure
According to piece segment record its own data positional information and the redundant data fragment data positional information;
Data slot corresponding with digital certificate to be read is obtained from certificate memory space, and the data slot is described
Corresponding data positional information in digital certificate;
Data slot outside the valid data fragment is combined according to its corresponding data positional information, by significant figure
Recover corresponding data slot in its corresponding each Data Position respectively according to fragment, reassemble into the digital certificate;
Wherein, other data slots in the data slot by obtained by segmentation in addition to the redundant data fragment, storage is arrived
Certificate memory space, and the step of data positional information of each data slot in the digital certificate of corresponding record storage is also
Comprise the following steps:
By other data slots in the data slot obtained by segmentation in addition to the redundant data fragment, respectively as data set
Data cell is stored, wherein, data slot one data set data cell of correspondence;
The Data Position of each data slot according to obtained by segmentation in the digital certificate, between obtaining and storing each data cell
Data relationship, with data positional information of each data slot of record storage in the digital certificate;
It is described to obtain and comprised the following steps the step of storing the data relationship between each data cell:
For each data cell distributes unique global index, and the global index that will be distributed is stored in default directoried data set
In;
Data Position of each data slot obtained by segmentation in the digital certificate is corresponded to, by the global index of each data cell
It is ranked up, forms the index sequence for recovering the digital certificate, with each data slot of record storage in the numeral
Data positional information in certificate.
A kind of 19. digital certificates read system, it is characterised in that including:
Segmentation module, for according to ASN.1 coding rules, digital certificate being divided into two or more data slots;
Matching module, for carrying out Data Matching to the data slot obtained by segmentation, obtain structure and content it is consistent at least
Two data slots, at least one redundant data fragment and at least is divided into by the structure data slot consistent with content
One valid data fragment;
Memory module, for by other data slots in the data slot obtained by segmentation in addition to the redundant data fragment, depositing
Store up certificate memory space, and corresponding record storage data positional information of each data slot in the digital certificate, its
In, to the valid data piece segment record its own data positional information and the redundant data fragment data bit confidence
Breath;
Read module for obtaining data slot corresponding with digital certificate to be read and described from certificate memory space
Data slot corresponding data positional information in the digital certificate;
Recombination module, for the data slot outside the valid data fragment to be carried out according to its corresponding data positional information
Combination, corresponding data slot is recovered by valid data fragment in its corresponding each Data Position respectively, reassembles into the number
Word certificate;
Wherein, the memory module, for other in the data slot obtained by segmentation in addition to the redundant data fragment to be counted
According to fragment, the data cell respectively as data set is stored, wherein, a data slot correspondence one the one of data set
Data cell;The Data Position of each data slot according to obtained by segmentation in the digital certificate, obtains and stores each data
Data relationship between unit, with data positional information of each data slot of record storage in the digital certificate;And pass through
For each data cell distributes unique global index, the global index's storage that will be distributed is concentrated in default index data;It is right
Data Position of each data slot of gained in the digital certificate should be split, the global index of each data cell is arranged
Sequence, forms the index sequence for recovering the digital certificate, with each data slot of record storage in the digital certificate
Data positional information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410077035.5A CN103885723B (en) | 2014-03-04 | 2014-03-04 | Digital certificate store method, system and digital certificate read method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410077035.5A CN103885723B (en) | 2014-03-04 | 2014-03-04 | Digital certificate store method, system and digital certificate read method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103885723A CN103885723A (en) | 2014-06-25 |
CN103885723B true CN103885723B (en) | 2017-06-06 |
Family
ID=50954643
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410077035.5A Active CN103885723B (en) | 2014-03-04 | 2014-03-04 | Digital certificate store method, system and digital certificate read method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103885723B (en) |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107229877A (en) * | 2017-06-05 | 2017-10-03 | 北京凤凰理理它信息技术有限公司 | Certificate management, acquisition methods, device, computer program and electronic equipment |
CN107733882B (en) * | 2017-09-30 | 2021-03-19 | 亚数信息科技(上海)有限公司 | SSL certificate automatic deployment method and equipment |
CN108171239A (en) * | 2018-02-02 | 2018-06-15 | 杭州清本科技有限公司 | The extracting method of certificate pictograph, apparatus and system, computer storage media |
CN108183804B (en) * | 2018-03-28 | 2021-01-26 | 湖南东方华龙信息科技有限公司 | Certificate sharing method |
CN108683504B (en) * | 2018-04-24 | 2021-06-29 | 湖南东方华龙信息科技有限公司 | Certificate issuing method based on multi-identity |
CN109977684B (en) * | 2019-02-12 | 2024-02-20 | 平安科技(深圳)有限公司 | Data transmission method and device and terminal equipment |
CN112632147B (en) * | 2020-12-11 | 2023-10-24 | 邦彦技术股份有限公司 | Data differentiation comparison method, system and storage medium |
CN114268431B (en) * | 2021-12-16 | 2023-06-16 | 统信软件技术有限公司 | Browser certificate transcoding method and device, computing equipment and readable storage medium |
CN115514484A (en) * | 2022-11-22 | 2022-12-23 | 国开启科量子技术(北京)有限公司 | Digital certificate request online sending method and digital certificate online issuing method |
CN116016624A (en) * | 2022-12-26 | 2023-04-25 | 浪潮云信息技术股份公司 | Method, device and equipment for calling Kerberos bill information |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008126224A1 (en) * | 2007-03-29 | 2008-10-23 | Fujitsu Limited | Information processing apparatus and information processing method |
CN102142006A (en) * | 2010-10-27 | 2011-08-03 | 华为技术有限公司 | File processing method and device of distributed file system |
CN103257934A (en) * | 2013-04-12 | 2013-08-21 | 广东数字证书认证中心有限公司 | Storage and acquisition method and device of digital certificate |
-
2014
- 2014-03-04 CN CN201410077035.5A patent/CN103885723B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008126224A1 (en) * | 2007-03-29 | 2008-10-23 | Fujitsu Limited | Information processing apparatus and information processing method |
CN102142006A (en) * | 2010-10-27 | 2011-08-03 | 华为技术有限公司 | File processing method and device of distributed file system |
CN103257934A (en) * | 2013-04-12 | 2013-08-21 | 广东数字证书认证中心有限公司 | Storage and acquisition method and device of digital certificate |
Also Published As
Publication number | Publication date |
---|---|
CN103885723A (en) | 2014-06-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103885723B (en) | Digital certificate store method, system and digital certificate read method and system | |
CN110678929B (en) | Methods and systems for efficient compression of genomic sequence reads | |
CN104346357B (en) | The file access method and system of a kind of built-in terminal | |
CN104199860B (en) | Dataset fragmentation method based on two-dimensional geographic position information | |
CN103279532B (en) | Many set elements duplicate removal also identifies the affiliated filtration system gathered and method thereof | |
CN102682024B (en) | Method for recombining incomplete JPEG file fragmentation | |
CN102750379B (en) | Fast character string matching method based on filtering type | |
CN103645974B (en) | Method and device for recovering portable document format (PDF) file | |
CN105339904A (en) | Methods and systems for storing and retrieving data | |
CN101976253A (en) | Chinese variation text matching recognition method | |
CN105589894B (en) | Document index establishing method and device and document retrieval method and device | |
CN103995904A (en) | Recognition system for image file electronic data | |
CN111144117B (en) | Method for disambiguating Chinese address of knowledge graph | |
CN105488471B (en) | A kind of font recognition methods and device | |
CN109359174B (en) | Administrative division belongs to recognition methods, device, storage medium and computer equipment | |
CN112597345A (en) | Laboratory data automatic acquisition and matching method | |
CN104021217A (en) | System and method for extracting fragment file and deleted file of mobile phone | |
CN112307737A (en) | Complex document comparison method based on dynamic programming technology | |
WO2007050486A2 (en) | An architecture and method for efficient bulk loading of a patricia trie | |
CN110297781B (en) | Method for recovering deleted data in APFS (advanced File System) based on copy-on-write | |
CN106651972A (en) | Binary image coding and decoding methods and devices | |
CN101925898A (en) | Method and apparatus for organizing media data in database | |
CN103870364B (en) | A kind of final version restoration methods of YAFFS2 files based on timestamp | |
CN116319815B (en) | Cloud data placement policy management system introducing SaaS features | |
CN107707346A (en) | A kind of key storage based on database, acquisition methods |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: 528200 science and technology road, Nanhai Software Science Park, Nanhai Town, Nanhai District, Foshan, Guangdong Applicant after: Age of security Polytron Technologies Inc Address before: 528200 science and technology road, Nanhai Software Science Park, Nanhai Town, Nanhai District, Foshan, Guangdong Applicant before: Guangdong Certificate Authority Center Co., Ltd. |
|
COR | Change of bibliographic data | ||
GR01 | Patent grant | ||
GR01 | Patent grant |