beautypg.com

Webcctv user manual – Quadrox WebCCTV User Manual User Manual

Page 143

background image

WebCCTV User Manual

143

Version 4.9 Series

Quadrox has based all of these systems on the open standard technology to prevent
any possibility of security holes or “back doors”. All algorithms that are used are well
known and widely used cryptographic standards, like MD5, SHA-1 and RSA. They
cannot be broken if the key is not known, not even by the people that implemented
them. The certificate is standard (X.509, PKSC #12), as is the digital signature format
(PKCS #7). Apart from the true signature standard that can be viewed by publicly
available specialized viewers, we also provide the signature in a standard email
format (S/MIME format) so that it can be viewed by common email clients like
Outlook Express. Quadrox uses Microsoft’s implementations of these formats and
algorithms, which are validated and certified by the National Institute of Standards
and Technology (NIST).

Step 3 – Signature and movie transportation

The movie file and the signature are transported to the courtroom. They don’t necessarily
have to travel together and the channel can be unsafe (e.g. they can be sent over the Internet).

To save the signature for further transportation, follow the steps below:

1. Right click on the signature you want to save.
2. From the pop-up menu that appears choose Save Target As… and define destination.

Saving Digital Signature Screen

Step 4 + Step 5 - Certificate transportation and trust

The certificate should be trusted by the court. By trusting the validity of a certificate (by
manually checking that it is indeed what it claims to be), the court acknowledges explicitly
that the certificate belongs to the machine on which the export was created.

The court expresses this trust by explicitly adding it to the list of trusted root certificates.
When doing this, the system will ask to manually verify the certificate, e.g. by comparing the
thumbprint of the certificate to the thumbprint of the certificate that is present on the recorder.
The latter should be retrieved by physically going to the recorder, it should be done by the
authorities and a proven track record should be available. Trusting the certificate has to be
done only once per recorder (not for every movie) and doesn’t have to necessarily happen at
the moment of movie verification.

When using CA certificates, the trust in the certificate might come from trusting the
CA that delivered the certificate. In that case, this procedure might not be necessary.