CN112019339A - Automatic digital certificate distribution method and device - Google Patents
Automatic digital certificate distribution method and device Download PDFInfo
- Publication number
- CN112019339A CN112019339A CN201910473120.6A CN201910473120A CN112019339A CN 112019339 A CN112019339 A CN 112019339A CN 201910473120 A CN201910473120 A CN 201910473120A CN 112019339 A CN112019339 A CN 112019339A
- Authority
- CN
- China
- Prior art keywords
- certificate
- data packet
- certificate file
- file
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 57
- 238000012544 monitoring process Methods 0.000 claims abstract description 61
- 238000012545 processing Methods 0.000 claims abstract description 35
- 230000015654 memory Effects 0.000 claims description 22
- 230000002457 bidirectional effect Effects 0.000 claims description 7
- 238000012795 verification Methods 0.000 claims description 6
- 238000004458 analytical method Methods 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000012546 transfer Methods 0.000 description 3
- 238000007792 addition Methods 0.000 description 2
- 238000012217 deletion Methods 0.000 description 2
- 230000037430 deletion Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- 241000510009 Varanus griseus Species 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method and a device for automatically distributing digital certificates, which are applied to a monitoring system comprising a monitoring terminal and a processing terminal, wherein the method comprises the following steps: receiving a digital certificate request data packet sent by a monitoring terminal, wherein the digital certificate request data packet at least comprises; authentication mode information; inquiring a corresponding certificate file from a preset certificate file list according to the authentication mode information; generating a certificate file list data packet according to the certificate file and sending the certificate file list data packet to the monitoring terminal; receiving a certificate file request which is sent by a monitoring terminal and generated according to a certificate file list data packet; and generating a certificate file data packet according to the certificate file request and the certificate file, and sending the certificate file data packet to the monitoring terminal.
Description
Technical Field
The invention relates to the technical field of digital certificates, in particular to a method and a device for automatically distributing digital certificates.
Background
TLS is a method in which when two communication parties establish communication connection, a dedicated protocol is used to transfer a CA certificate to one or both of the parties, and then whether the party is legitimate is checked according to the verification rule of the CA certificate. If the certificate is legal, establishing connection, and encrypting transmission data by adopting parameters configured in the CA certificate or according to the interactive result of the TLS protocol; if the connection is illegal, the connection is immediately stopped to be closed and relevant error prompt is given. Ssl (secure Socket layer) is also such a working principle, both of which are collectively described herein as TLS.
Tls (ssl) is currently widely used in the fields of online transactions, online tax returns, secure e-mails, etc. With the increasing importance of the public on information security, TLS is also gradually introduced in the medical field for data encryption transmission. The authentication mode in TLS communication generally includes a one-way authentication mode and a two-way authentication mode, but both authentication modes require that the terminal participating in authentication provide a USB interface to support copying of a digital certificate file from the mobile device to the terminal participating in authentication. The whole process needs to be operated by workers, and is relatively complex, low in efficiency and easy to make mistakes.
Disclosure of Invention
In view of this, embodiments of the present invention provide an automatic digital certificate distribution method and apparatus, so as to solve the problems of a complicated process, low efficiency and easy error caused by manual participation in the existing authentication method.
According to a first aspect, an embodiment of the present invention provides an automatic digital certificate distribution method, which is applied to a monitoring system including a monitoring terminal and a processing terminal, and the method includes: receiving a digital certificate request data packet sent by a monitoring terminal, wherein the digital certificate request data packet at least comprises a digital certificate request data packet; authentication mode information; inquiring a corresponding certificate file from a preset certificate file list according to the authentication mode information; generating a certificate file list data packet according to the certificate file and sending the certificate file list data packet to the monitoring terminal; receiving a certificate file request which is sent by the monitoring terminal and generated according to the certificate file list data packet; and generating a certificate file data packet according to the certificate file request and the certificate file, and sending the certificate file data packet to the monitoring terminal.
With reference to the first aspect, in a first implementation manner of the first aspect, after receiving a digital certificate request packet sent by a monitoring terminal, and before querying a corresponding certificate file from a preset certificate file list according to the authentication mode information, the method further includes: extracting the check bit in the request data packet; and verifying according to the check bit, and executing the step of inquiring a corresponding certificate file from a preset certificate file list according to the authentication mode information after the verification is successful.
With reference to the first aspect, in a second implementation manner of the first aspect, the querying, according to the authentication mode information, a corresponding certificate file from a preset certificate file list includes: and judging that the authentication mode is a one-way authentication mode according to the authentication mode information, and inquiring a root certificate from the preset certificate file list.
With reference to the first aspect, in a third implementation manner of the first aspect, the digital certificate request packet further includes: identifying information; the querying, according to the authentication mode information, a corresponding certificate file from a preset certificate file list includes: and judging that the authentication mode is an independent certificate mode of bidirectional authentication according to the authentication mode information, and inquiring a root certificate, a server certificate and a client certificate corresponding to the identification information from the preset certificate file list.
With reference to the first aspect, in a fourth implementation manner of the first aspect, the querying, according to the authentication mode information, a corresponding certificate file from a preset certificate file list includes: and judging that the authentication mode is the same certificate mode of bidirectional authentication according to the authentication mode information, and inquiring a root certificate, a server certificate and any client certificate from the preset certificate file list.
With reference to the first aspect, in a fifth implementation manner of the first aspect, the generating a certificate file data packet according to the certificate file request and the certificate file, and sending the certificate file data packet to the monitoring terminal includes: according to the certificate file request, sending the certificate files to the monitoring terminal one by one through the certificate file data packet; judging whether the whole certificate file is completely sent according to the status bit in the certificate file data packet during each sending; and when the sending is judged to be finished, sending prompt information to the monitoring terminal.
With reference to the first aspect or any one implementation manner of the first aspect, in a sixth implementation manner of the first aspect, the preset certificate file list is created through the following steps: receiving certificate authentication mode information and number information of monitoring terminals input by a user; numbering and naming corresponding certificates according to the authentication mode information and the quantity information; generating a certificate configuration file according to the certificate after numbering and naming; and generating the certificate file list according to the use state of each certificate and the certificate configuration file.
According to a second aspect, an embodiment of the present invention provides an automatic certificate digital certificate distribution method, which is applied to a monitoring system including a monitoring terminal and a processing terminal, and the method includes: generating a digital certificate request data packet according to an authentication mode configured by the monitoring system, and sending the digital certificate request data packet to a processing terminal, wherein the digital certificate request data packet at least comprises; authentication mode information; receiving a certificate file list data packet sent by the processing terminal according to the digital certificate request data packet; analyzing the certificate file list data packet to obtain certificate information; sending a certificate file request to the processing terminal according to the certificate information; and receiving the certificate file sent by the processing terminal according to the certificate file request.
With reference to the second aspect, in a first embodiment of the second aspect, the certificate information includes: the sending of the certificate file request to the processing terminal according to the certificate information includes: and sending certificate file requests for requesting certificate files one by one to the processing terminal according to the number of the certificates and the certificate names.
According to a third aspect, an embodiment of the present invention provides an automatic digital certificate distribution apparatus, including: the digital certificate request data packet receiving module is used for receiving a digital certificate request data packet sent by a monitoring terminal, and the digital certificate request data packet at least comprises; authentication mode information; the certificate file query module is used for querying a corresponding certificate file from a preset certificate file list according to the authentication mode information; the certificate file list data packet generating module is used for generating a certificate file list data packet according to the certificate file and sending the certificate file list data packet to the monitoring terminal; the certificate file request module is used for receiving a certificate file request which is sent by the monitoring terminal and generated according to the certificate file list data packet; and the certificate file data packet generating module is used for generating a certificate file data packet according to the certificate file request and the certificate file and sending the certificate file data packet to the monitoring terminal.
According to a fourth aspect, an embodiment of the present invention provides an apparatus for automatically distributing a certificate digital certificate, including: the digital certificate request data packet generation module is used for generating a digital certificate request data packet according to a configured authentication mode and sending the digital certificate request data packet to a processing terminal, wherein the digital certificate request data packet at least comprises a request data packet; authentication mode information; the certificate file list data packet receiving module is used for receiving the certificate file list data packet sent by the processing terminal according to the digital certificate request data packet; the certificate information analysis module is used for analyzing the certificate file list data packet to obtain certificate information; a certificate file request sending module, configured to send a certificate file request to the processing terminal according to the certificate information; and the certificate file receiving module is used for receiving the certificate file sent by the processing terminal according to the certificate file request.
According to a fifth aspect, an embodiment of the present invention provides an electronic device/mobile terminal/server, including: a memory and a processor, the memory and the processor being communicatively connected to each other, the memory storing therein computer instructions, and the processor executing the computer instructions to perform the method for automatically distributing digital certificates according to the first aspect or any one of the embodiments of the first aspect, or to perform the method for automatically distributing digital certificates according to the second aspect or any one of the embodiments of the second aspect.
According to a sixth aspect, an embodiment of the present invention provides a computer-readable storage medium, which stores computer instructions for causing a computer to execute the automatic certificate digital certificate distribution method described in the first aspect or any one of the embodiments of the first aspect, or execute the automatic certificate digital certificate distribution method described in the second aspect or any one of the embodiments of the second aspect.
The embodiment of the invention has the following main advantages:
1. full-automatic distribution and use: a fully automatic distribution usage scheme may be used without violating information security regulations or the hospital trusting the central station monitoring system. This solution only requires the selection of "automatic use certificate" on the monitor, no further manual operations.
2. Semi-automatic dispensing uses: semi-automatic dispensing usage scenarios may be used when regulations or hospitals specifically require it. This solution requires the selection of a "semi-automatic certificate of use" on the monitor and the manual entry of the password for the certificate, without manual operation.
3. The central station management certificate is simple: it is only necessary to store the server-side certificate and the client-side digital certificate on the central station and to specify the storage directory on the software of the central station. The information such as the serial number and the password of the certificate is not required to be read out and stored in the database for management operations such as addition, deletion, modification and the like.
4. The monitor is convenient to replace the certificate: when the central monitor system is replaced by the monitor, only the certificate on the monitor needs to be deleted, and the automatic certificate or the semi-automatic certificate is selected. The U disk is not required to be held on the monitor to copy the certificate again.
5. Better adaptability: the central monitoring system can adopt the scheme to complete the one-way authentication or the two-way authentication.
Drawings
The features and advantages of the present invention will be more clearly understood by reference to the accompanying drawings, which are illustrative and not to be construed as limiting the invention in any way, and in which:
FIG. 1 shows a schematic diagram of an application scenario of an embodiment of the present invention;
fig. 2 is a flowchart illustrating an automatic digital certificate distribution method according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an automatic digital certificate distribution apparatus according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram illustrating an automatic digital certificate distribution method according to another embodiment of the present invention;
fig. 5 shows a hardware configuration diagram of the electronic device according to the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic view of an application scenario according to an embodiment of the present invention. The monitoring terminal (e.g. monitor) and the processing terminal (e.g. central station) are connected to form a network (monitoring system), and the connection mode may be wired or wireless of ethernet, which is not limited in the present invention.
An embodiment of the present invention provides an automatic digital certificate distribution method, which is applied to a monitoring system including a monitoring terminal and a processing terminal as shown in fig. 1, and specifically, the monitoring system may be, for example, a monitoring system composed of a monitor and a central station, which will be described below as an example, but the present invention is not limited thereto. As shown in fig. 2, the automatic digital certificate distribution method mainly includes:
step S1: the monitor generates a digital certificate request data packet according to an authentication mode configured by the monitoring system, and sends the digital certificate request data packet to the central station, wherein the digital certificate request data packet at least comprises the digital certificate request data packet; authentication mode information.
In the embodiment of the invention, the authentication modes of the certificate mainly refer to one-way authentication and two-way authentication, wherein the specific authentication mode can be completed according to the requirements of specific medical institutions, and if the medical institutions do not have the requirements, one-way authentication can be preferred, so that the consumption of system resources (CPU and memory) of the monitor and the central station is lower, but the information security level is relatively reduced. If the medical institution determines that the one-way authentication or the two-way authentication is good, a corresponding authentication mode can be configured in the monitoring system, specifically, the central station. If the central station is configured with one-way authentication, even if the monitor adopts two-way authentication when establishing TLS, the central station can not authenticate the certificate of the monitor; if the central station is configured with a two-way authentication and the monitor uses a one-way authentication, the monitor cannot successfully establish a TLS connection with the central station.
Specifically, the structure of the digital certificate request packet sent by the monitor may be, for example, as shown in table 1:
TABLE 1
| 01 | Check bit | Bed number | One-way authentication or two-way authentication | Bag tail |
The "bed number" refers to identification information corresponding to the monitor, and is used for identifying different monitors.
Step S2: the central station receives a digital certificate request data packet sent by the monitor, wherein the digital certificate request data packet at least comprises a digital certificate request data packet; authentication mode information. Specifically, the central station may listen to a corresponding data transfer port (e.g., 6666 port) waiting for the monitor to send a digital certificate request packet.
Step S3: and the central station inquires a corresponding certificate file from a preset certificate file list according to the authentication mode information.
Optionally, in some embodiments of the present invention, the preset certificate file list is created by:
1. receiving certificate authentication mode information and number information of monitoring terminals input by a user; 2. numbering and naming the corresponding certificate according to the authentication mode information and the quantity information;
the central station names the certificate file names on the monitors according to the number of the monitors to be accessed, for example, the certificate file names are 1, 2 and 3. Here, the file suffix name may be pfx, cer, p12, etc., and the file name suffixes provided by different organizations may not be identical.
In practical application, the server and the client of the digital certificate are paired, and may be one-to-many, and each certificate may have an independent number. Here we name the necessary files for simplicity of description as shown in table 2:
TABLE 2
| Filename | Function(s) | Operation terminal |
| ca.cer | Root certificate | Central station and monitor |
| server.cer | Server certificate | Central station |
| 1.cer | Client certificate | Monitor |
| 2.cer | Client certificate | Monitor |
| ...... | ||
| N.cer | Client certificate | Monitor |
3. Generating a certificate configuration file according to the certificate after numbering and naming; 4. and generating a certificate file list according to the use state of each certificate and the certificate configuration file.
And generating and storing a certificate generation configuration file configF according to the information set in the step, and automatically generating a certificate file to a specified storage path. If the generation process has errors, prompting related information; if the generation is successful, reading the files in table 2 to form a certificate file list, as shown in table 3:
TABLE 3
| Filename | Presence of use state |
| ca.cer | 1 |
| server.cer | 1 |
| 1.cer | 1 indicates the use |
| 2.cer | 0 means not used |
| ...... | 1 |
| N.cer | 0 |
Based on the list of certificate files and the authentication mode, the central station determines a distribution process.
If the authentication mode is one-way authentication, only ca.cer needs to be found from the certificate file list shown in table 3;
if the authentication mode is an independent certificate of bidirectional authentication, 3 files of certificates corresponding to ca.cer, server.cer and the bed number need to be found from the certificate file list shown in table 3. At the moment, if the corresponding file is not found, the monitor is prompted to obtain the reason of the certificate failure; if the corresponding file is found, step S4 is executed.
If the authentication mode is the same certificate of mutual authentication, 3 files of ca.cer, server.cer and any client certificate (such as 1.cer) need to be found from the certificate file list shown in table 3. At the moment, if the corresponding file is not found, the monitor is prompted to acquire the reason of the failure of the certificate; if the corresponding file is found, step S4 is executed.
Step S4: the central station generates a certificate file list data packet according to the certificate file and sends the certificate file list data packet to the monitor; the monitor is informed of which certificate files can be acquired through the certificate file list data packet, and the format of the data packet is shown in table 4:
TABLE 4
| 02 | Check bit | Bed number | ca.cer&&server.cer&&1.cer | Bag tail |
Step S5: the monitor receives a certificate file list data packet sent by the central station according to the digital certificate request data packet; step S6: the monitor analyzes the certificate file list data packet to obtain certificate information;
according to the certificate file list data packet, the monitor can analyze the specific number of the certificates, the names of the certificates and other related information.
Step S7: the monitor sends a certificate file request to the central station according to the certificate information; according to the analyzed information, certificate file requests for requesting certificate files one by one can be sent to the processing terminal. And sending certificate file requests for requesting certificate files one by one to the processing terminal.
Step S8: the central station receives a certificate file request which is sent by a monitor and generated according to a certificate file list data packet;
step S9: the central station generates a certificate file data packet according to the certificate file request and the certificate file, and sends the certificate files to the monitoring terminal one by one through the certificate file data packet; the certificate file data package is shown in table 5, for example:
TABLE 5
| 03 | Check bit | Bed number | ca.cer&&state&&Serial number&&1024 byte file content | Bag tail |
Wherein, the state bit state is 0, which indicates that the file is not transferred, and the central station will continue to send data packets to transfer the rest file content; if the state is 1, the file is transferred completely.
Step S10: the monitor receives the certificate file sent by the central station according to the certificate file request, and the monitor can store the file with the file name ca.
Optionally, in some embodiments of the present invention, the certificate file queried in step S3 may be set with a corresponding password, where the password is used when installing or preparing to use the certificate to load the file. If the hospital configures the fully-automatic acquisition use certificate on the monitor, the certificate file uniformly adopts the same password, namely the initial password for loading the digital certificate, which is set by the factory of the monitor. If the hospital sets a semi-automatic acquisition of the usage certificate on the monitor, it is necessary to manually input a password to all the files in table 2.
The automatic distribution method of the digital certificate of the embodiment of the invention has the following main advantages:
1. full-automatic distribution and use: a fully automatic distribution usage scheme may be used without violating information security regulations or the hospital trusting the central station monitoring system. This solution only requires the selection of "automatic use certificate" on the monitor, no further manual operations.
2. Semi-automatic dispensing uses: semi-automatic dispensing usage scenarios may be used when regulations or hospitals specifically require it. This solution requires the selection of a "semi-automatic certificate of use" on the monitor and the manual entry of the password for the certificate, without manual operation.
3. The central station management certificate is simple: it is only necessary to store the server-side certificate and the client-side digital certificate on the central station and to specify the storage directory on the software of the central station. The information such as the serial number and the password of the certificate is not required to be read out and stored in the database for management operations such as addition, deletion, modification and the like.
4. The monitor is convenient to replace the certificate: when the central monitor system is replaced by the monitor, only the certificate on the monitor needs to be deleted, and the automatic certificate or the semi-automatic certificate is selected. The U disk is not required to be held on the monitor to copy the certificate again.
5. Better adaptability: the central monitoring system can adopt the scheme to complete the one-way authentication or the two-way authentication.
Optionally, in some embodiments of the present invention, the central station may further perform a verification step to verify the validity of the data packet between performing the steps S2 and S3. Specifically, the check bits in the data packet shown in table 1 are extracted, verification is performed according to the check bits, the verification is successful, and step S3 is executed.
Optionally, in some embodiments of the present invention, after the corresponding digital certificate files are generated in the central station and the monitor through the above steps, a TLS connection between the central station and the monitor can be established.
The central station may initiate the listening 9999 port as a TLS service, waiting for the monitor to apply for a TLS connection.
When receiving a TLS connection setup request from the monitor, the central station will complete the setup of TLS according to the configuration:
if the central station monitor system is configured with one-way authentication, and the central station receives the monitor connection which is legal, encryption transmission can be carried out;
if the central station monitoring system is configured with bidirectional authentication, the central station can disconnect the connection for the connection failed in authentication, and the next step needs to be carried out for the connection successful in authentication: if the same certificate of the mutual authentication is configured in the central station, the process is finished, and encryption transmission can be carried out at this point;
if the central station is configured with the bidirectional authentication independent certificate, it needs to check whether the certificate corresponding to the bed number in the "certificate file list" is in use: if the corresponding certificate is not used in the "certificate file list", the status bit 1 is updated to indicate use. If the corresponding certificate is already in use in the "certificate file list", this connection is broken and the central station is alerted that there is a re-use of the certificate with the monitor.
An embodiment of the present invention further provides an automatic digital certificate distribution apparatus, as shown in fig. 3, the apparatus includes:
a digital certificate request data packet receiving module 21, configured to receive a digital certificate request data packet sent by a monitoring terminal, where the digital certificate request data packet at least includes a digital certificate request data packet; authentication mode information; see the description related to step S2 of the above method embodiment for details.
A certificate file query module 22, configured to query a corresponding certificate file from a preset certificate file list according to the authentication mode information; see the description related to step S3 of the above method embodiment for details.
The certificate file list data packet generating module 23 is configured to generate a certificate file list data packet according to the certificate file and send the certificate file list data packet to the monitoring terminal; see the description related to step S4 of the above method embodiment for details.
A certificate file request module 24, configured to receive a certificate file request generated according to the certificate file list data packet and sent by the monitoring terminal; see the description related to step S8 of the above method embodiment for details.
And the certificate file data packet generating module 25 is configured to generate a certificate file data packet according to the certificate file request and the certificate file, and send the certificate file data packet to the monitoring terminal. See the description related to step S9 of the above method embodiment for details.
An embodiment of the present invention further provides an apparatus for automatically distributing a certificate digital certificate, as shown in fig. 4, the apparatus includes:
a digital certificate request data packet generation module 31, configured to generate a digital certificate request data packet according to a configured authentication mode, and send the digital certificate request data packet to a processing terminal, where the digital certificate request data packet at least includes the digital certificate request data packet; authentication mode information; see the description related to step S1 of the above method embodiment for details.
A certificate file list data packet receiving module 32, configured to receive a certificate file list data packet sent by the processing terminal according to the digital certificate request data packet; see the description related to step S5 of the above method embodiment for details.
The certificate information analysis module 33 is configured to analyze the certificate file list data packet to obtain certificate information; see the description related to step S6 of the above method embodiment for details.
A certificate file request sending module 34, configured to send a certificate file request to the processing terminal according to the certificate information; see the description related to step S7 of the above method embodiment for details.
The certificate file receiving module 35 is configured to receive a certificate file sent by the processing terminal according to the certificate file request. See the description related to step S10 of the above method embodiment for details.
An embodiment of the present invention further provides an electronic device, as shown in fig. 5, the electronic device may include a processor 51 and a memory 52, where the processor 51 and the memory 52 may be connected by a bus or in another manner, and fig. 5 takes the connection by the bus as an example.
The processor 51 may be a Central Processing Unit (CPU). The Processor 51 may also be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, or combinations thereof.
The memory 52, which is a non-transitory computer readable storage medium, may be used for storing non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules corresponding to the certificate digital certificate automatic distribution method in the embodiment of the present invention. The processor 51 executes various functional applications and data processing of the processor by running non-transitory software programs, instructions and modules stored in the memory 52, that is, implements the certificate digital certificate automatic distribution method in the above-described method embodiments.
The memory 52 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created by the processor 51, and the like. Further, the memory 52 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory 52 may optionally include memory located remotely from the processor 51, and these remote memories may be connected to the processor 51 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The one or more modules are stored in the memory 52 and, when executed by the processor 51, perform the certificate digital certificate automatic distribution method in the embodiment shown in fig. 1.
The details of the electronic device may be understood with reference to the corresponding related description and effects in the embodiment shown in fig. 1, and are not described herein again.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a Flash Memory (Flash Memory), a Hard Disk (Hard Disk Drive, abbreviated as HDD), a Solid State Drive (SSD), or the like; the storage medium may also comprise a combination of memories of the kind described above.
Although the embodiments of the present invention have been described in conjunction with the accompanying drawings, those skilled in the art may make various modifications and variations without departing from the spirit and scope of the invention, and such modifications and variations fall within the scope defined by the appended claims.
Claims (13)
1. A digital certificate automatic distribution method is applied to a monitoring system comprising a monitoring terminal and a processing terminal, and is characterized by comprising the following steps:
receiving a digital certificate request data packet sent by a monitoring terminal, wherein the digital certificate request data packet at least comprises a digital certificate request data packet; authentication mode information;
inquiring a corresponding certificate file from a preset certificate file list according to the authentication mode information;
generating a certificate file list data packet according to the certificate file and sending the certificate file list data packet to the monitoring terminal;
receiving a certificate file request which is sent by the monitoring terminal and generated according to the certificate file list data packet;
and generating a certificate file data packet according to the certificate file request and the certificate file, and sending the certificate file data packet to the monitoring terminal.
2. The method according to claim 1, wherein after receiving the digital certificate request packet sent by the monitoring terminal, and before querying a corresponding certificate file from a preset certificate file list according to the authentication mode information, the method further comprises:
extracting the check bit in the request data packet;
and verifying according to the check bit, and executing the step of inquiring a corresponding certificate file from a preset certificate file list according to the authentication mode information after the verification is successful.
3. The method according to claim 1, wherein the querying a corresponding certificate file from a preset certificate file list according to the authentication mode information includes:
and judging that the authentication mode is a one-way authentication mode according to the authentication mode information, and inquiring a root certificate from the preset certificate file list.
4. The automatic digital certificate distribution method according to claim 1, wherein the digital certificate request packet further comprises: identifying information;
the querying, according to the authentication mode information, a corresponding certificate file from a preset certificate file list includes:
and judging that the authentication mode is an independent certificate mode of bidirectional authentication according to the authentication mode information, and inquiring a root certificate, a server certificate and a client certificate corresponding to the identification information from the preset certificate file list.
5. The method according to claim 1, wherein the querying a corresponding certificate file from a preset certificate file list according to the authentication mode information includes:
and judging that the authentication mode is the same certificate mode of bidirectional authentication according to the authentication mode information, and inquiring a root certificate, a server certificate and any client certificate from the preset certificate file list.
6. The method according to claim 1, wherein the generating a certificate file data packet according to the certificate file request and the certificate file, and sending the certificate file data packet to the monitoring terminal includes:
according to the certificate file request, sending the certificate files to the monitoring terminal one by one through the certificate file data packet;
judging whether the whole certificate file is completely sent according to the status bit in the certificate file data packet during each sending;
and when the sending is judged to be finished, sending prompt information to the monitoring terminal.
7. The automatic digital certificate distribution method according to any one of claims 1 to 6, characterized in that the preset certificate file list is established by:
receiving certificate authentication mode information and number information of monitoring terminals input by a user;
numbering and naming corresponding certificates according to the authentication mode information and the quantity information;
generating a certificate configuration file according to the certificate after numbering and naming;
and generating the certificate file list according to the use state of each certificate and the certificate configuration file.
8. A method for automatically distributing certificate digital certificates is applied to a monitoring system comprising a monitoring terminal and a processing terminal, and is characterized by comprising the following steps:
generating a digital certificate request data packet according to an authentication mode configured by the monitoring system, and sending the digital certificate request data packet to a processing terminal, wherein the digital certificate request data packet at least comprises; authentication mode information;
receiving a certificate file list data packet sent by the processing terminal according to the digital certificate request data packet;
analyzing the certificate file list data packet to obtain certificate information;
sending a certificate file request to the processing terminal according to the certificate information;
and receiving the certificate file sent by the processing terminal according to the certificate file request.
9. The automatic certificate distribution method according to claim 8, wherein the certificate information includes: the number of certificates and the name of the certificates,
the sending of the certificate file request to the processing terminal according to the certificate information includes:
and sending certificate file requests for requesting certificate files one by one to the processing terminal according to the number of the certificates and the certificate names.
10. An apparatus for automatically distributing digital certificates, the apparatus comprising:
the digital certificate request data packet receiving module is used for receiving a digital certificate request data packet sent by a monitoring terminal, and the digital certificate request data packet at least comprises; authentication mode information;
the certificate file query module is used for querying a corresponding certificate file from a preset certificate file list according to the authentication mode information;
the certificate file list data packet generating module is used for generating a certificate file list data packet according to the certificate file and sending the certificate file list data packet to the monitoring terminal;
the certificate file request module is used for receiving a certificate file request which is sent by the monitoring terminal and generated according to the certificate file list data packet;
and the certificate file data packet generating module is used for generating a certificate file data packet according to the certificate file request and the certificate file and sending the certificate file data packet to the monitoring terminal.
11. An apparatus for automatically distributing digital certificates, the apparatus comprising:
the digital certificate request data packet generation module is used for generating a digital certificate request data packet according to a configured authentication mode and sending the digital certificate request data packet to a processing terminal, wherein the digital certificate request data packet at least comprises a request data packet; authentication mode information;
the certificate file list data packet receiving module is used for receiving the certificate file list data packet sent by the processing terminal according to the digital certificate request data packet;
the certificate information analysis module is used for analyzing the certificate file list data packet to obtain certificate information;
a certificate file request sending module, configured to send a certificate file request to the processing terminal according to the certificate information;
and the certificate file receiving module is used for receiving the certificate file sent by the processing terminal according to the certificate file request.
12. An electronic device, comprising:
a memory and a processor, the memory and the processor being communicatively coupled to each other, the memory having stored therein computer instructions, the processor executing the computer instructions to perform the method for automatically distributing certificate digital certificates according to any of claims 1 to 9.
13. A computer-readable storage medium storing computer instructions for causing a computer to execute the automatic certificate distribution method according to any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910473120.6A CN112019339B (en) | 2019-05-31 | 2019-05-31 | Automatic distribution method and device for digital certificates |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910473120.6A CN112019339B (en) | 2019-05-31 | 2019-05-31 | Automatic distribution method and device for digital certificates |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112019339A true CN112019339A (en) | 2020-12-01 |
| CN112019339B CN112019339B (en) | 2024-02-27 |
Family
ID=73506904
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910473120.6A Active CN112019339B (en) | 2019-05-31 | 2019-05-31 | Automatic distribution method and device for digital certificates |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112019339B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102088699A (en) * | 2009-12-08 | 2011-06-08 | 中兴通讯股份有限公司 | Trust list-based system and method |
| CN103685187A (en) * | 2012-09-14 | 2014-03-26 | 华耀(中国)科技有限公司 | Method for switching SSL (Secure Sockets Layer) authentication mode on demands to achieve resource access control |
| CN105007277A (en) * | 2015-07-30 | 2015-10-28 | 浪潮电子信息产业股份有限公司 | Method for generating user certificate and web application |
| CN105846996A (en) * | 2016-03-17 | 2016-08-10 | 上海携程商务有限公司 | Automatic server certificate deployment system and method |
| CN107306182A (en) * | 2016-04-19 | 2017-10-31 | 大唐移动通信设备有限公司 | A kind of method, client and server for generating digital certificate |
| CN107948186A (en) * | 2017-12-13 | 2018-04-20 | 山东浪潮商用系统有限公司 | A kind of safety certifying method and device |
| WO2018121249A1 (en) * | 2016-12-30 | 2018-07-05 | 中国银联股份有限公司 | Ssl protocol-based access control method and device |
| CN108989039A (en) * | 2017-05-31 | 2018-12-11 | 中兴通讯股份有限公司 | Certificate acquisition method and device |
| CN109587101A (en) * | 2017-09-29 | 2019-04-05 | 腾讯科技(深圳)有限公司 | A kind of digital certificate management method, device and storage medium |
-
2019
- 2019-05-31 CN CN201910473120.6A patent/CN112019339B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102088699A (en) * | 2009-12-08 | 2011-06-08 | 中兴通讯股份有限公司 | Trust list-based system and method |
| CN103685187A (en) * | 2012-09-14 | 2014-03-26 | 华耀(中国)科技有限公司 | Method for switching SSL (Secure Sockets Layer) authentication mode on demands to achieve resource access control |
| CN105007277A (en) * | 2015-07-30 | 2015-10-28 | 浪潮电子信息产业股份有限公司 | Method for generating user certificate and web application |
| CN105846996A (en) * | 2016-03-17 | 2016-08-10 | 上海携程商务有限公司 | Automatic server certificate deployment system and method |
| CN107306182A (en) * | 2016-04-19 | 2017-10-31 | 大唐移动通信设备有限公司 | A kind of method, client and server for generating digital certificate |
| WO2018121249A1 (en) * | 2016-12-30 | 2018-07-05 | 中国银联股份有限公司 | Ssl protocol-based access control method and device |
| CN108989039A (en) * | 2017-05-31 | 2018-12-11 | 中兴通讯股份有限公司 | Certificate acquisition method and device |
| CN109587101A (en) * | 2017-09-29 | 2019-04-05 | 腾讯科技(深圳)有限公司 | A kind of digital certificate management method, device and storage medium |
| CN107948186A (en) * | 2017-12-13 | 2018-04-20 | 山东浪潮商用系统有限公司 | A kind of safety certifying method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112019339B (en) | 2024-02-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108549580B (en) | Method for automatically deploying Kubernets slave nodes and terminal equipment | |
| CN110442524B (en) | Method and device for testing web service interface with authentication authorization | |
| WO2019200701A1 (en) | Configuration management method and apparatus, terminal device and storage medium | |
| CN106209726B (en) | Mobile application single sign-on method and device | |
| EP2963958B1 (en) | Network device, terminal device and information security improving method | |
| US7886341B2 (en) | External authentication against a third-party directory | |
| CN105306733A (en) | Third-party login mobile phone number binding method based on mobile phone APP | |
| CN103259797B (en) | data file transmission method and platform | |
| US20160219045A1 (en) | Method and System for Authenticating a User of a Device | |
| US20140019957A1 (en) | Method, apparatus, and system for sharing software among terminals | |
| WO2014101112A1 (en) | Website identification method, device, and network system | |
| WO2022142153A1 (en) | Electricity meter upgrading method and system, smart meter, and storage medium | |
| CN110069909B (en) | Method and device for login of third-party system without secret | |
| WO2019201040A1 (en) | File update management method and system and terminal apparatus | |
| CN108289074B (en) | User account login method and device | |
| WO2014008864A1 (en) | Method, apparatus, and system for sharing software among terminals | |
| US20220377556A1 (en) | Internet-of-things device registration method and apparatus, device, and storage medium | |
| CN114531272B (en) | HTTPS request processing method and device based on national secret and international algorithm | |
| CN102611683B (en) | A kind of method, device, equipment and system for performing Third Party Authentication | |
| CN106789987B (en) | Method and system for single sign-on of multi-service interconnection APP (application) of mobile terminal | |
| CN111737681A (en) | Resource acquisition method and device, storage medium and electronic device | |
| CN113051539A (en) | Method and device for calling digital certificate | |
| CN113449322A (en) | Data sharing method and device based on block chain, electronic equipment and readable medium | |
| CN111049789A (en) | Domain name access method and device | |
| CN104468293A (en) | VPN accessing method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |