CN112019339B - Automatic distribution method and device for digital certificates - Google Patents
Automatic distribution method and device for digital certificates Download PDFInfo
- Publication number
- CN112019339B CN112019339B CN201910473120.6A CN201910473120A CN112019339B CN 112019339 B CN112019339 B CN 112019339B CN 201910473120 A CN201910473120 A CN 201910473120A CN 112019339 B CN112019339 B CN 112019339B
- Authority
- CN
- China
- Prior art keywords
- certificate
- data packet
- certificate file
- file
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 57
- 238000012544 monitoring process Methods 0.000 claims abstract description 62
- 238000012545 processing Methods 0.000 claims abstract description 38
- 230000015654 memory Effects 0.000 claims description 21
- 230000002457 bidirectional effect Effects 0.000 claims description 6
- 238000012795 verification Methods 0.000 claims description 6
- 238000004458 analytical method Methods 0.000 claims description 4
- 230000005540 biological transmission Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
Abstract
The invention discloses a method and a device for automatically distributing a digital certificate, which are applied to a monitoring system comprising a monitoring terminal and a processing terminal, wherein the method comprises the following steps: receiving a digital certificate request data packet sent by a monitoring terminal, wherein the digital certificate request data packet at least comprises; authentication mode information; inquiring a corresponding certificate file from a preset certificate file list according to the authentication mode information; generating a certificate file list data packet according to the certificate file and sending the certificate file list data packet to the monitoring terminal; receiving a certificate file request which is sent by a monitoring terminal and generated according to a certificate file list data packet; and generating a certificate file data packet according to the certificate file request and the certificate file, and sending the certificate file data packet to the monitoring terminal.
Description
Technical Field
The invention relates to the technical field of digital certificates, in particular to an automatic digital certificate distribution method and device.
Background
The TLS is that when the communication parties establish communication connection, a special protocol is adopted to transmit the CA certificate to one party or both parties, and then whether the party is legal or not is checked according to the verification rule of the CA certificate. If the data is legal, establishing connection, and encrypting transmission data by adopting parameters configured in a CA certificate or according to the TLS protocol interaction result; if not, stopping closing connection immediately and giving related error prompt. SSL (Secure Socket Layer) is also the principle of operation, both of which are collectively described herein as TLS.
TLS (SSL) is currently widely used in the fields of online transactions, online tax returns, secure email, etc. With increasing public importance on information security, TLS is also gradually introduced in the medical field for data encryption transmission. Authentication methods in TLS communication generally include two methods, i.e., one-way authentication and two-way authentication, but both methods require that terminals participating in authentication provide a USB interface to support copying digital certificate files from a mobile device to terminals participating in authentication. The whole process needs staff to operate, is complex, low in efficiency and easy to make mistakes.
Disclosure of Invention
In view of the above, the embodiment of the invention provides a method and a device for automatically distributing a digital certificate, so as to solve the problems of complex process, low efficiency and easy error caused by the need of manual participation in the existing authentication mode.
According to a first aspect, an embodiment of the present invention provides a method for automatically distributing a digital certificate, which is applied to a monitoring system including a monitoring terminal and a processing terminal, and the method includes: receiving a digital certificate request data packet sent by a monitoring terminal, wherein the digital certificate request data packet at least comprises; authentication mode information; inquiring a corresponding certificate file from a preset certificate file list according to the authentication mode information; generating a certificate file list data packet according to the certificate file and sending the data packet to the monitoring terminal; receiving a certificate file request which is sent by the monitoring terminal and generated according to the certificate file list data packet; and generating a certificate file data packet according to the certificate file request and the certificate file, and sending the certificate file data packet to the monitoring terminal.
With reference to the first aspect, in a first implementation manner of the first aspect, after receiving a digital certificate request packet sent by a monitoring terminal and before querying a corresponding certificate file from a preset certificate file list according to the authentication mode information, the method further includes: extracting check bits in the request data packet; and verifying according to the check bit, wherein the verification is successful, and executing the step of inquiring the corresponding certificate file from a preset certificate file list according to the authentication mode information.
With reference to the first aspect, in a second implementation manner of the first aspect, the querying, according to the authentication mode information, a corresponding certificate file from a preset certificate file list includes: judging the authentication mode to be a one-way authentication mode according to the authentication mode information, and inquiring a root certificate from the preset certificate file list.
With reference to the first aspect, in a third implementation manner of the first aspect, the digital certificate request packet further includes: identification information; the querying the corresponding certificate file from the preset certificate file list according to the authentication mode information comprises the following steps: and judging that the authentication mode is an independent certificate mode of bidirectional authentication according to the authentication mode information, and inquiring a root certificate, a server side certificate and a client side certificate corresponding to the identification information from the preset certificate file list.
With reference to the first aspect, in a fourth implementation manner of the first aspect, the querying, according to the authentication mode information, a corresponding certificate file from a preset certificate file list includes: and judging that the authentication mode is the same authentication mode of bidirectional authentication according to the authentication mode information, and inquiring a root certificate, a server side certificate and any client side certificate from the preset certificate file list.
With reference to the first aspect, in a fifth implementation manner of the first aspect, the generating a certificate file data packet according to the certificate file request and the certificate file, and sending the certificate file data packet to the guardian terminal includes: according to the certificate file request, the certificate files are sent to the monitoring terminal one by one through the certificate file data packet; judging whether the whole certificate file is sent completely or not according to the status bit in the certificate file data packet when sending each time; and when the sending is judged to be completed, sending prompt information to the monitoring terminal.
With reference to the first aspect or any implementation manner of the first aspect, in a sixth implementation manner of the first aspect, the preset certificate file list is established through the following steps: receiving certificate authentication mode information input by a user and quantity information of monitoring terminals; numbering and naming the corresponding certificates according to the authentication mode information and the quantity information; generating a certificate configuration file according to the numbered and named certificates; and generating the certificate file list according to the use state of each certificate and the certificate configuration file.
According to a second aspect, an embodiment of the present invention provides a method for automatically distributing a digital certificate, which is applied to a monitoring system including a monitoring terminal and a processing terminal, and the method includes: generating a digital certificate request data packet according to an authentication mode configured by the monitoring system, and sending the digital certificate request data packet to a processing terminal, wherein the digital certificate request data packet at least comprises; authentication mode information; receiving a certificate file list data packet sent by the processing terminal according to the digital certificate request data packet; analyzing the certificate file list data packet to obtain certificate information; sending a certificate file request to the processing terminal according to the certificate information; and receiving the certificate file sent by the processing terminal according to the certificate file request.
With reference to the second aspect, in a first implementation manner of the second aspect, the certificate information includes: the sending of the certificate file request to the processing terminal according to the certificate information comprises the following steps: and sending a certificate file request for requesting the certificate files one by one to the processing terminal according to the number and the certificate names of the certificates.
According to a third aspect, an embodiment of the present invention provides an automatic digital certificate distribution apparatus, including: the digital certificate request data packet receiving module is used for receiving a digital certificate request data packet sent by the monitoring terminal, and the digital certificate request data packet at least comprises; authentication mode information; the certificate file inquiring module is used for inquiring corresponding certificate files from a preset certificate file list according to the authentication mode information; the certificate file list data packet generation module is used for generating a certificate file list data packet according to the certificate file and sending the certificate file list data packet to the monitoring terminal; the certificate file request module is used for receiving a certificate file request generated according to the certificate file list data packet and sent by the monitoring terminal; and the certificate file data packet generation module is used for generating a certificate file data packet according to the certificate file request and the certificate file and sending the certificate file data packet to the monitoring terminal.
According to a fourth aspect, an embodiment of the present invention provides an apparatus for automatically distributing a digital certificate, the apparatus including: the digital certificate request data packet generation module is used for generating a digital certificate request data packet according to a configured authentication mode, and sending the digital certificate request data packet to the processing terminal, wherein the digital certificate request data packet at least comprises; authentication mode information; the certificate file list data packet receiving module is used for receiving a certificate file list data packet sent by the processing terminal according to the digital certificate request data packet; the certificate information analysis module is used for analyzing the certificate file list data packet to obtain certificate information; the certificate file request sending module is used for sending a certificate file request to the processing terminal according to the certificate information; and the certificate file receiving module is used for receiving the certificate file sent by the processing terminal according to the certificate file request.
According to a fifth aspect, an embodiment of the present invention provides an electronic device/mobile terminal/server, including: the device comprises a memory and a processor, wherein the memory and the processor are in communication connection, the memory stores computer instructions, and the processor executes the computer instructions, so as to execute the automatic distribution method of the digital certificate in the first aspect or any implementation manner of the first aspect, or execute the automatic distribution method of the digital certificate in the second aspect or any implementation manner of the second aspect.
According to a sixth aspect, an embodiment of the present invention provides a computer-readable storage medium storing computer instructions for causing a computer to perform the method for automatically distributing a digital certificate of a certificate described in the first aspect or any implementation manner of the first aspect, or to perform the method for automatically distributing a digital certificate of a certificate described in the second aspect or any implementation manner of the second aspect.
The main advantages of the embodiment of the invention are as follows:
1. full-automatic distribution and use: the use scheme can be distributed fully automatically without violating information security regulations or trust of the central station monitoring system by the hospital. This solution only requires the choice of "automatic use certificate" on the monitor, and no other manual operations are required.
2. Semi-automatic distribution uses: semi-automatic distribution of usage schemes is available when regulations or hospitals have explicit requirements. This solution requires the selection of a "semi-automatic use certificate" on the monitor and the manual entry of the certificate password, again without manual operations.
3. The central station management certificate is simple: it is only necessary to deposit the server-side certificate and the client-side digital certificate on the central station and specify the deposit directory on the software of the central station. And the information such as the number and the password of the certificate is not required to be read out and stored in the database for management operations such as adding, deleting and the like.
4. The certificate is convenient to replace by the monitor: when the monitor is replaced with the central monitor system, only the certificate on the monitor needs to be deleted, and the automatic certificate or the semi-automatic certificate is selected. The U disk is not required to be held for reproducing the certificate to the monitor.
5. Better adaptability: the central monitoring system can adopt the scheme to complete whether the central monitoring system adopts one-way authentication or two-way authentication.
Drawings
The features and advantages of the present invention will be more clearly understood by reference to the accompanying drawings, which are illustrative and should not be construed as limiting the invention in any way, in which:
fig. 1 shows a schematic view of an application scenario according to an embodiment of the present invention;
FIG. 2 is a flow chart of an automatic digital certificate distribution method according to an embodiment of the present invention;
FIG. 3 is a schematic diagram showing the structure of an automatic digital certificate distribution apparatus according to an embodiment of the present invention;
FIG. 4 is a schematic diagram showing a method for automatically distributing digital certificates according to another embodiment of the present invention;
fig. 5 shows a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to fall within the scope of the invention.
Fig. 1 is a schematic view of an application scenario according to an embodiment of the present invention. The monitoring terminal (such as a monitor) and the processing terminal (such as a central station) are connected to form a network (monitoring system), and the connection mode is wired or wireless of the ethernet, which is not limited by the invention.
The embodiment of the invention provides an automatic digital certificate distribution method, which is applied to a monitoring system including a monitoring terminal and a processing terminal as shown in fig. 1, specifically, a monitoring system including a monitor and a central station, for example, will be described below by way of example, but the invention is not limited thereto. As shown in fig. 2, the automatic digital certificate distribution method mainly includes:
step S1: the monitor generates a digital certificate request data packet according to an authentication mode configured by the monitoring system, and sends the digital certificate request data packet to the central station, wherein the digital certificate request data packet at least comprises; authentication mode information.
In the embodiment of the invention, the authentication mode of the certificate mainly refers to one-way authentication and two-way authentication, wherein the specific selection of which authentication mode can be completed according to the requirements of a specific medical institution, if the medical institution has no requirements, one-way authentication can be preferred, so that the consumption of system resources (CPU and memory) of the monitor and the central station is relatively low, but the information security level is relatively reduced. If the medical institution determines that one-way authentication or two-way authentication is good, a corresponding authentication mode can be configured in the monitoring system, specifically, in the central station. If the central station is configured with one-way authentication, the central station does not authenticate the certificate of the monitor even if the monitor adopts two-way authentication when the TLS is established; if two-way authentication is configured at the central station and one-way authentication is employed by the monitor, the monitor cannot successfully establish a TLS connection with the central station.
Specifically, the structure of the digital certificate request packet sent by the monitor may be, for example, as shown in table 1:
TABLE 1
| 01 | Check bit | Bed number | Whether one-way authentication or two-way authentication | Tail wrapping |
The "bed number" refers to identification information corresponding to the monitor, and is used for identifying different monitors.
Step S2: the central station receives a digital certificate request data packet sent by the monitor, wherein the digital certificate request data packet at least comprises; authentication mode information. In particular, the central station may listen to the corresponding data transfer port (e.g., 6666 port) for the monitor to send a digital certificate request packet.
Step S3: and the central station inquires corresponding certificate files from a preset certificate file list according to the authentication mode information.
Optionally, in some embodiments of the present invention, the preset certificate file list is established by:
1. receiving certificate authentication mode information input by a user and quantity information of monitoring terminals; 2. numbering and naming the corresponding certificates according to the authentication mode information and the quantity information;
the central station names the certificate file names on the monitors according to the number of monitors to be accessed, for example, 3 monitors to be accessed, and then the certificate file names are 1, 2 and 3 respectively. Here, the file name may be a file suffix name such as pfx, cer, p12, and the file name suffixes provided by different institutions may not be consistent.
In practical application, the server and the client of the digital certificate are paired and can be one-to-many, and each certificate can have independent numbers. Here we name the necessary files as shown in table 2 for simplicity of description:
TABLE 2
| File name | Function of | Running end |
| ca.cer | Root certificate | Central station and monitor |
| server.cer | Service side certificate | Central station |
| 1.cer | Client certificate | Monitoring instrument |
| 2.cer | Client certificate | Monitoring instrument |
| ...... | ||
| N.cer | Client certificate | Monitoring instrument |
3. Generating a certificate configuration file according to the numbered and named certificates; 4. and generating a certificate file list according to the use state of each certificate and the certificate configuration file.
And generating and storing a certificate generation configuration file configF according to the information set in the steps, and automatically generating the certificate file to a specified storing path. If errors occur in the generation process, prompting related information; if the generation is successful, the files in table 2 are read to form a certificate file list, as shown in table 3:
TABLE 3 Table 3
| File name | There is a state of use |
| ca.cer | 1 |
| server.cer | 1 |
| 1.cer | 1 represents the use |
| 2.cer | 0 represents unused |
| ...... | 1 |
| N.cer | 0 |
Based on the certificate file list and the authentication mode, the central station determines a distribution flow.
If the authentication mode is one-way authentication, only a ca.cer is needed to be found from the certificate file list shown in the table 3;
if the authentication mode is a two-way authenticated independent certificate, 3 files of ca.cer, server.cer and the certificate corresponding to the bed number need to be found from the certificate file list shown in table 3. At this time, if no corresponding file is found, prompting the monitor of the reason of failure in acquiring the certificate; if the corresponding file is found, step S4 is executed.
If the authentication mode is the same certificate of the two-way authentication, 3 files of ca.cer, server.cer and any one client certificate (e.g. 1. Cer) need to be found from the certificate file list shown in table 3. At this time, if no corresponding file is found, prompting the monitor of the reason of failure in acquiring the certificate; if the corresponding file is found, step S4 is executed.
Step S4: the central station generates a certificate file list data packet according to the certificate file and sends the certificate file list data packet to the monitor; the data packet of the certificate file list informs the guardian of which certificate files can be acquired, and the format of the data packet is shown in table 4:
TABLE 4 Table 4
| 02 | Check bit | Bed number | ca.cer&&server.cer&&1.cer | Tail wrapping |
Step S5: the monitor receives a certificate file list data packet sent by the central station according to the digital certificate request data packet; step S6: the guardian analyzes the certificate file list data packet to obtain certificate information;
according to the certificate file list data packet, the guardian can analyze specific information such as the number of certificates, certificate names and the like.
Step S7: the monitor sends a certificate file request to the central station according to the certificate information; and according to the information obtained by analysis, a certificate file request which requests the certificate files one by one can be sent to the processing terminal. And sending a certificate file request for requesting the certificate files one by one to the processing terminal.
Step S8: the central station receives a certificate file request which is sent by the monitor and generated according to a certificate file list data packet;
step S9: the central station generates a certificate file data packet according to the certificate file request and the certificate file, and sends the certificate files to the guardian terminal one by one through the certificate file data packet; the certificate file packet is as shown in table 5:
TABLE 5
| 03 | Check bit | Bed number | ca.cer&&state&&Sequence number&&1024 byte file content | Tail wrapping |
Wherein, a state bit state of 0 indicates that the file is not transferred yet, the central station will continue to send data packets to transfer the rest file contents; if state is 1, this file is transferred.
Step S10: the guardian receives the certificate file sent by the central station according to the certificate file request, and can store a file with a file name of ca.
Optionally, in some embodiments of the present invention, the certificate file queried in step S3 may be set with a corresponding password, where the password is used when installing or preparing to use the certificate to load the file. If the hospital configures the full-automatic acquisition use certificate on the monitor, the same password is uniformly adopted for the certificate file, namely the initial password of loading the digital certificate, which is set by the monitor in a factory. If the hospital sets up on the monitor and semi-automatically acquires the use certificate, then a password needs to be manually input to all files in table 2 for use.
The automatic distribution method of the digital certificate has the following main advantages:
1. full-automatic distribution and use: the use scheme can be distributed fully automatically without violating information security regulations or trust of the central station monitoring system by the hospital. This solution only requires the choice of "automatic use certificate" on the monitor, and no other manual operations are required.
2. Semi-automatic distribution uses: semi-automatic distribution of usage schemes is available when regulations or hospitals have explicit requirements. This solution requires the selection of a "semi-automatic use certificate" on the monitor and the manual entry of the certificate password, again without manual operations.
3. The central station management certificate is simple: it is only necessary to deposit the server-side certificate and the client-side digital certificate on the central station and specify the deposit directory on the software of the central station. And the information such as the number and the password of the certificate is not required to be read out and stored in the database for management operations such as adding, deleting and the like.
4. The certificate is convenient to replace by the monitor: when the monitor is replaced with the central monitor system, only the certificate on the monitor needs to be deleted, and the automatic certificate or the semi-automatic certificate is selected. The U disk is not required to be held for reproducing the certificate to the monitor.
5. Better adaptability: the central monitoring system can adopt the scheme to complete whether the central monitoring system adopts one-way authentication or two-way authentication.
Optionally, in some embodiments of the present invention, the central station may further perform a verification step between performing step S2 and step S3 to verify the validity of the data packet. Specifically, the check bit in the data packet shown in table 1 is extracted, verification is performed according to the check bit, verification is successful, and step S3 is performed.
Alternatively, in some embodiments of the present invention, the TLS connection between the central station and the monitor may be established after the respective digital certificate files are generated in the central station and the monitor through the steps described above.
The central station may initiate a listening 9999 port as a TLS service waiting for the monitor to apply for a TLS connection.
When receiving the TLS connection establishment request from the monitor, the central station completes the TLS establishment according to the configuration:
if the central station monitor system is configured to be one-way authentication, the central station receives that the connection of the monitor is legal connection, and encryption transmission can be carried out;
if the central station monitoring system is configured with bidirectional authentication, for connection with authentication failure, the central station is disconnected, and for connection with authentication success, the next step is needed to be entered: if the central station is configured with the same certificate of the two-way authentication, the process is finished, and thus encryption transmission can be carried out;
if the central station configures an independent certificate of bidirectional authentication, it needs to check whether the certificate corresponding to the bed number in the "certificate file list" is in use: if the corresponding certificate is not used in the certificate file list, the status bit 1 is updated to indicate use. If the corresponding certificate is already in use in the "certificate file list", the connection is broken and the central station is alerted to the presence of a reusable monitor for the certificate.
The embodiment of the invention also provides an automatic digital certificate distribution device, as shown in fig. 3, which comprises:
a digital certificate request data packet receiving module 21, configured to receive a digital certificate request data packet sent by the monitoring terminal, where the digital certificate request data packet at least includes; authentication mode information; see the relevant description of step S2 of the method embodiment above for details.
A certificate file inquiring module 22, configured to inquire a corresponding certificate file from a preset certificate file list according to the authentication mode information; see the relevant description of step S3 of the above method embodiment for details.
A certificate file list data packet generating module 23, configured to generate a certificate file list data packet according to a certificate file, and send the certificate file list data packet to the monitoring terminal; see the relevant description of step S4 of the method embodiment above for details.
A certificate file request module 24, configured to receive a certificate file request generated according to a certificate file list packet sent by a monitoring terminal; see the relevant description of step S8 of the method embodiment above for details.
The certificate file data packet generating module 25 is configured to generate a certificate file data packet according to the certificate file request and the certificate file, and send the certificate file data packet to the monitoring terminal. See the relevant description of step S9 of the above method embodiment for details.
The embodiment of the invention also provides an automatic certificate and digital certificate distribution device, as shown in fig. 4, which comprises:
a digital certificate request packet generation module 31, configured to generate a digital certificate request packet according to a configured authentication mode, and send the digital certificate request packet to a processing terminal, where the digital certificate request packet at least includes; authentication mode information; for details, see the relevant description of step S1 of the above method embodiment.
A certificate file list data packet receiving module 32, configured to receive a certificate file list data packet sent by a processing terminal according to a digital certificate request data packet; see the relevant description of step S5 of the method embodiment above for details.
A certificate information analysis module 33, configured to analyze the certificate file list packet to obtain certificate information; see the relevant description of step S6 of the method embodiment above for details.
A certificate file request transmitting module 34 for transmitting a certificate file request to the processing terminal according to the certificate information; see the relevant description of step S7 of the method embodiment above for details.
The certificate file receiving module 35 is configured to receive a certificate file sent by the processing terminal according to the certificate file request. See the relevant description of step S10 of the above method embodiment for details.
The embodiment of the present invention further provides an electronic device, as shown in fig. 5, where the electronic device may include a processor 51 and a memory 52, where the processor 51 and the memory 52 may be connected by a bus or other means, and in fig. 5, the connection is exemplified by a bus.
The processor 51 may be a central processing unit (Central Processing Unit, CPU). The processor 51 may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or combinations thereof.
The memory 52 is used as a non-transitory computer readable storage medium for storing non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules corresponding to the automatic certificate digital certificate distribution method in the embodiment of the present invention. The processor 51 executes various functional applications of the processor and data processing by running non-transitory software programs, instructions, and modules stored in the memory 52, i.e., implements the certificate digital certificate automatic distribution method in the above-described method embodiment.
Memory 52 may include a storage program area that may store an operating system, at least one application program required for functionality, and a storage data area; the storage data area may store data created by the processor 51, etc. In addition, memory 52 may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, memory 52 may optionally include memory located remotely from processor 51, which may be connected to processor 51 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The one or more modules are stored in the memory 52 and when executed by the processor 51 perform the method of automatic distribution of digital certificates of certificates in the embodiment shown in fig. 1.
The specific details of the electronic device may be understood correspondingly with respect to the corresponding related descriptions and effects in the embodiment shown in fig. 1, which are not repeated herein.
It will be appreciated by those skilled in the art that implementing all or part of the above-described embodiment method may be implemented by a computer program to instruct related hardware, where the program may be stored in a computer readable storage medium, and the program may include the above-described embodiment method when executed. Wherein the storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a Flash Memory (Flash Memory), a Hard Disk (HDD), or a Solid State Drive (SSD); the storage medium may also comprise a combination of memories of the kind described above.
Although embodiments of the present invention have been described in connection with the accompanying drawings, various modifications and variations may be made by those skilled in the art without departing from the spirit and scope of the invention, and such modifications and variations are within the scope of the invention as defined by the appended claims.
Claims (13)
1. An automatic distribution method of digital certificates, which is applied to a monitoring system comprising a monitoring terminal and a processing terminal, is characterized in that the method comprises the following steps:
receiving a digital certificate request data packet sent by a monitoring terminal, wherein the digital certificate request data packet at least comprises: authentication mode information;
inquiring a corresponding certificate file from a preset certificate file list according to the authentication mode information;
generating a certificate file list data packet according to the certificate file and sending the data packet to the monitoring terminal;
receiving a certificate file request which is sent by the monitoring terminal and generated according to the certificate file list data packet;
and generating a certificate file data packet according to the certificate file request and the certificate file, and sending the certificate file data packet to the monitoring terminal.
2. The automatic digital certificate distribution method according to claim 1, wherein after receiving a digital certificate request packet transmitted from a monitoring terminal and before querying a corresponding certificate file from a preset certificate file list according to the authentication mode information, the method further comprises:
extracting check bits in the request data packet;
and verifying according to the check bit, wherein the verification is successful, and executing the step of inquiring the corresponding certificate file from a preset certificate file list according to the authentication mode information.
3. The method according to claim 1, wherein the querying the corresponding certificate file from the preset certificate file list according to the authentication mode information comprises:
judging the authentication mode to be a one-way authentication mode according to the authentication mode information, and inquiring a root certificate from the preset certificate file list.
4. The method for automatic distribution of digital certificates according to claim 1, wherein the digital certificate request packet further comprises: identification information;
the querying the corresponding certificate file from the preset certificate file list according to the authentication mode information comprises the following steps:
and judging that the authentication mode is an independent certificate mode of bidirectional authentication according to the authentication mode information, and inquiring a root certificate, a server side certificate and a client side certificate corresponding to the identification information from the preset certificate file list.
5. The method according to claim 1, wherein the querying the corresponding certificate file from the preset certificate file list according to the authentication mode information comprises:
and judging that the authentication mode is the same authentication mode of bidirectional authentication according to the authentication mode information, and inquiring a root certificate, a server side certificate and any client side certificate from the preset certificate file list.
6. The method for automatically distributing digital certificates according to claim 1, wherein generating a certificate file packet according to the certificate file request and the certificate file, and transmitting the certificate file packet to the guardian terminal, comprises:
according to the certificate file request, the certificate files are sent to the monitoring terminal one by one through the certificate file data packet;
judging whether the whole certificate file is sent completely or not according to the status bit in the certificate file data packet when sending each time;
and when the sending is judged to be completed, sending prompt information to the monitoring terminal.
7. The method according to any one of claims 1 to 6, wherein the preset certificate file list is established by:
receiving certificate authentication mode information input by a user and quantity information of monitoring terminals;
numbering and naming the corresponding certificates according to the authentication mode information and the quantity information;
generating a certificate configuration file according to the numbered and named certificates;
and generating the certificate file list according to the use state of each certificate and the certificate configuration file.
8. An automatic distribution method of digital certificates, which is applied to a monitoring system comprising a monitoring terminal and a processing terminal, is characterized in that the method comprises the following steps:
generating a digital certificate request data packet according to an authentication mode configured by the monitoring system, and sending the digital certificate request data packet to a processing terminal, wherein the digital certificate request data packet at least comprises: authentication mode information;
receiving a certificate file list data packet sent by the processing terminal according to the digital certificate request data packet; the certificate file list data packet is generated by the processing terminal according to the certificate file and the corresponding certificate file is queried from a preset certificate file list according to the authentication mode information;
analyzing the certificate file list data packet to obtain certificate information;
sending a certificate file request to the processing terminal according to the certificate information;
and receiving the certificate file sent by the processing terminal according to the certificate file request.
9. The automatic digital certificate distribution method according to claim 8, wherein the certificate information includes: the number of certificates and the name of the certificates,
the sending a certificate file request to the processing terminal according to the certificate information comprises the following steps:
and sending a certificate file request for requesting the certificate files one by one to the processing terminal according to the number and the certificate names of the certificates.
10. An automatic digital certificate distribution apparatus, comprising:
the digital certificate request data packet receiving module is used for receiving a digital certificate request data packet sent by the monitoring terminal, and the digital certificate request data packet at least comprises: authentication mode information;
the certificate file inquiring module is used for inquiring corresponding certificate files from a preset certificate file list according to the authentication mode information;
the certificate file list data packet generation module is used for generating a certificate file list data packet according to the certificate file and sending the certificate file list data packet to the monitoring terminal;
the certificate file request module is used for receiving a certificate file request generated according to the certificate file list data packet and sent by the monitoring terminal;
and the certificate file data packet generation module is used for generating a certificate file data packet according to the certificate file request and the certificate file and sending the certificate file data packet to the monitoring terminal.
11. An automatic digital certificate distribution apparatus, comprising:
the digital certificate request data packet generation module is used for generating a digital certificate request data packet according to a configured authentication mode, and sending the digital certificate request data packet to the processing terminal, wherein the digital certificate request data packet at least comprises: authentication mode information;
the certificate file list data packet receiving module is used for receiving a certificate file list data packet sent by the processing terminal according to the digital certificate request data packet; the certificate file list data packet is generated by the processing terminal according to the certificate file and the corresponding certificate file is queried from a preset certificate file list according to the authentication mode information;
the certificate information analysis module is used for analyzing the certificate file list data packet to obtain certificate information;
the certificate file request sending module is used for sending a certificate file request to the processing terminal according to the certificate information;
and the certificate file receiving module is used for receiving the certificate file sent by the processing terminal according to the certificate file request.
12. An electronic device, comprising:
a memory and a processor, the memory and the processor being communicatively connected to each other, the memory having stored therein computer instructions, the processor executing the computer instructions to perform the method for automatically distributing digital certificates according to any of claims 1-9.
13. A computer-readable storage medium storing computer instructions for causing the computer to perform the digital certificate automatic distribution method according to any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910473120.6A CN112019339B (en) | 2019-05-31 | 2019-05-31 | Automatic distribution method and device for digital certificates |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910473120.6A CN112019339B (en) | 2019-05-31 | 2019-05-31 | Automatic distribution method and device for digital certificates |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112019339A CN112019339A (en) | 2020-12-01 |
| CN112019339B true CN112019339B (en) | 2024-02-27 |
Family
ID=73506904
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910473120.6A Active CN112019339B (en) | 2019-05-31 | 2019-05-31 | Automatic distribution method and device for digital certificates |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112019339B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102088699A (en) * | 2009-12-08 | 2011-06-08 | 中兴通讯股份有限公司 | Trust list-based system and method |
| CN103685187A (en) * | 2012-09-14 | 2014-03-26 | 华耀(中国)科技有限公司 | Method for switching SSL (Secure Sockets Layer) authentication mode on demands to achieve resource access control |
| CN105007277A (en) * | 2015-07-30 | 2015-10-28 | 浪潮电子信息产业股份有限公司 | Method for generating user certificate and web application |
| CN105846996A (en) * | 2016-03-17 | 2016-08-10 | 上海携程商务有限公司 | Automatic server certificate deployment system and method |
| CN107306182A (en) * | 2016-04-19 | 2017-10-31 | 大唐移动通信设备有限公司 | A kind of method, client and server for generating digital certificate |
| CN107948186A (en) * | 2017-12-13 | 2018-04-20 | 山东浪潮商用系统有限公司 | A kind of safety certifying method and device |
| WO2018121249A1 (en) * | 2016-12-30 | 2018-07-05 | 中国银联股份有限公司 | Ssl protocol-based access control method and device |
| CN108989039A (en) * | 2017-05-31 | 2018-12-11 | 中兴通讯股份有限公司 | Certificate acquisition method and device |
| CN109587101A (en) * | 2017-09-29 | 2019-04-05 | 腾讯科技(深圳)有限公司 | A kind of digital certificate management method, device and storage medium |
-
2019
- 2019-05-31 CN CN201910473120.6A patent/CN112019339B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102088699A (en) * | 2009-12-08 | 2011-06-08 | 中兴通讯股份有限公司 | Trust list-based system and method |
| CN103685187A (en) * | 2012-09-14 | 2014-03-26 | 华耀(中国)科技有限公司 | Method for switching SSL (Secure Sockets Layer) authentication mode on demands to achieve resource access control |
| CN105007277A (en) * | 2015-07-30 | 2015-10-28 | 浪潮电子信息产业股份有限公司 | Method for generating user certificate and web application |
| CN105846996A (en) * | 2016-03-17 | 2016-08-10 | 上海携程商务有限公司 | Automatic server certificate deployment system and method |
| CN107306182A (en) * | 2016-04-19 | 2017-10-31 | 大唐移动通信设备有限公司 | A kind of method, client and server for generating digital certificate |
| WO2018121249A1 (en) * | 2016-12-30 | 2018-07-05 | 中国银联股份有限公司 | Ssl protocol-based access control method and device |
| CN108989039A (en) * | 2017-05-31 | 2018-12-11 | 中兴通讯股份有限公司 | Certificate acquisition method and device |
| CN109587101A (en) * | 2017-09-29 | 2019-04-05 | 腾讯科技(深圳)有限公司 | A kind of digital certificate management method, device and storage medium |
| CN107948186A (en) * | 2017-12-13 | 2018-04-20 | 山东浪潮商用系统有限公司 | A kind of safety certifying method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112019339A (en) | 2020-12-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3333744A1 (en) | Authorization code flow for in-browser applications | |
| CN106209726B (en) | Mobile application single sign-on method and device | |
| CN112613010A (en) | Authentication service method, device, server and authentication service system | |
| CN103259797B (en) | data file transmission method and platform | |
| CN110677383B (en) | Firewall wall opening method and device, storage medium and computer equipment | |
| CN112035822A (en) | Multi-application single sign-on method, device, equipment and storage medium | |
| CN112612985A (en) | Websocket-based multi-user and multi-type message pushing system and method | |
| US11316703B2 (en) | Acme centralized management system and load balancing method thereof | |
| US20090132810A1 (en) | Distributed digital certificate validation method and system | |
| CN114157432A (en) | Digital certificate acquisition method, device, electronic equipment, system and storage medium | |
| CN110417905B (en) | Contract issuing method, device, equipment and union chain system | |
| CN102611683B (en) | A kind of method, device, equipment and system for performing Third Party Authentication | |
| CN106789987B (en) | Method and system for single sign-on of multi-service interconnection APP (application) of mobile terminal | |
| CN111049789B (en) | Domain name access method and device | |
| CN111737681A (en) | Resource acquisition method and device, storage medium and electronic device | |
| CN113051539A (en) | Method and device for calling digital certificate | |
| CN113449322A (en) | Data sharing method and device based on block chain, electronic equipment and readable medium | |
| CN112019339B (en) | Automatic distribution method and device for digital certificates | |
| KR101395830B1 (en) | Session checking system via proxy and checkhing method thereof | |
| JP6527576B2 (en) | Method, apparatus and system for acquiring local information | |
| CN114143010A (en) | Digital certificate acquisition method, device, terminal, system and storage medium | |
| CN115314532A (en) | Information interaction method and device for power distribution terminal and Internet of things master station | |
| CN110740039B (en) | Digital certificate management system, method and service terminal | |
| CN110324373B (en) | File sharing method and device and file synchronization system | |
| CN103001767A (en) | User authentication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |