CN113746636B

CN113746636B - Unified digital security service method, device, electronic equipment and storage medium

Info

Publication number: CN113746636B
Application number: CN202110995922.0A
Authority: CN
Inventors: 路伟朋; 樊婧竹; 万斌; 姚静; 刘秀领; 顾晗霞
Original assignee: Shanghai Pudong Development Bank Co Ltd
Current assignee: Shanghai Pudong Development Bank Co Ltd
Priority date: 2021-08-27
Filing date: 2021-08-27
Publication date: 2024-04-12
Anticipated expiration: 2041-08-27
Also published as: CN113746636A

Abstract

The embodiment of the invention relates to a unified digital security service method, a device, electronic equipment and a storage medium, in particular to the technical field of financial science and technology, wherein the method comprises the following steps: acquiring cloud license passing information through a cloud license passing SDK request so as to acquire authentication request information returned by the cloud license passing SDK; the authentication request information is sent to a service server, so that the service server forwards the authentication request information to a cloud card communication server and returns authentication response information after receiving the authentication response information returned by the cloud card communication server; and after the authentication response information is sent to the cloud license management SDK, acquiring a certificate state returned by the cloud license management SDK. According to the invention, the scattered secret keys and the scene certificate signature flow are integrated and unified, so that the development cost of introducing digital certificates in other subsequent business scenes can be saved, and the signature accuracy can be improved.

Description

Unified digital security service method, device, electronic equipment and storage medium

Technical Field

The embodiment of the invention relates to the technical field of financial science and technology, in particular to a unified digital security service method, a device, electronic equipment and a storage medium.

Background

With the deepening development of digital strategies of retail business of financial institutions such as banks, mobile phone banks of the financial institutions such as banks generally provide digital certificate electronic signature services for the financial institutions such as banks by introducing third-party security certification institutions, provide better financial services for clients, increase client behavior records, solidify related transaction evidences, strengthen evidence proving effectiveness through technical means, effectively guarantee rights and interests of all parties, and at present the digital certificate electronic signature services are divided into two forms of distributed key digital certificate signature and scene certificate signature, and related architecture diagrams are shown in fig. 1 and 2.

Each business scene such as fund, financial and the like is independently interacted with a distributed key digital certificate management system and a signature verification server, each micro service is independently used for realizing a series of business functions such as certificate authentication, certificate application, certificate downloading, certificate installation, certificate signature and the like, each signature business scene is independent of each other, the functional coupling is higher, when a new business scene is added, the same signature business process is required to be added, and the development cost is higher.

In the prior art, after signing of various business scenes such as fund and financial accounting is completed, signature data are respectively reserved to an image platform and a big data platform, as shown in fig. 3, various businesses are required to be in butt joint with the image platform and the big data, a plurality of data-reserved tasks are newly added, and the functions are high in coupling and low in cohesion. And meanwhile, a plurality of tasks are maintained, the maintenance cost is greatly improved, and the overall efficiency is lower.

Disclosure of Invention

In view of this, the embodiments of the present invention provide a unified digital security service method, apparatus, electronic device, and storage medium, so as to achieve cost saving and accuracy improvement.

Other features and advantages of embodiments of the invention will be apparent from the following detailed description, or may be learned by the practice of embodiments of the invention.

In a first aspect of the present disclosure, an embodiment of the present invention provides a unified digital security service method, performed by any APP on a mobile terminal, the method including:

acquiring cloud license passing information through a cloud license passing SDK request so as to acquire authentication request information returned by the cloud license passing SDK;

the authentication request information is sent to a service server, so that the service server forwards the authentication request information to a cloud card communication server and returns authentication response information after receiving the authentication response information returned by the cloud card communication server;

and after the authentication response information is sent to the cloud license management SDK, acquiring a certificate state returned by the cloud license management SDK.

In an embodiment, after obtaining the certificate status returned by the cloud license passing SDK, the method further includes:

initiating a signature to the cloud license communication SDK to acquire signature application request information returned by the cloud license communication SDK;

The signature application request information and the transaction related information are sent to the service server, so that after the service server forwards the transaction related information carrying the signature application request information to the cloud card communication server and receives signature application response information returned by the cloud card communication server, the signature application response information is returned;

acquiring signature application return information through the cloud license pass SDK request so as to acquire signature completion request information returned by the cloud license pass SDK;

the signature completion request information is sent to the service server, so that the service server forwards the signature completion request information to a cloud card communication server and returns the signature completion response information after receiving the signature completion response information returned by the cloud card communication server;

and receiving the signature completion response information and sending the signature completion response information to the cloud license general SDK.

In an embodiment, obtaining the certificate status returned by the cloud license through the SDK further includes: acquiring a PIN code state returned by the cloud license general SDK;

when signature is initiated to the cloud license general SDK, a PIN code is input;

after the business server forwards the transaction related information carrying the signature application request information to the cloud card passing server, the cloud card passing server also verifies the PIN code.

initiating certificate downloading to the cloud certificate general SDK to acquire certificate application request information returned by the cloud certificate general SDK;

the certificate application request information is sent to the service server, so that after the service server forwards the certificate application request information to the cloud certificate communication server and receives the certificate application response information returned by the cloud certificate communication server, the certificate application response information is returned;

acquiring certificate application response information through the cloud certificate passing SDK request so as to acquire certificate downloading request information returned by the cloud certificate passing SDK;

the certificate downloading request information is sent to the service server, so that the service server forwards the certificate downloading request information to a cloud certificate passing server and returns the certificate downloading response information after receiving the certificate downloading response information returned by the cloud certificate passing server;

and receiving the certificate download response information and sending the certificate download response information to the cloud license general SDK.

When initiating certificate downloading to the cloud certificate general SDK, inputting a PIN code;

after the service server forwards the certificate application request information to the cloud certificate passing server, the cloud certificate passing server also verifies the PIN code.

In a second aspect of the present disclosure, an embodiment of the present invention further provides a unified digital security service device configured in any APP on a mobile terminal, where the device includes:

the request information acquisition unit is used for requesting to acquire cloud license communication information through the cloud license communication SDK so as to acquire authentication request information returned by the cloud license communication SDK;

the authentication response information acquisition unit is used for sending the authentication request information to a service server so that the service server can send the authentication request information to a cloud card communication server and return the authentication response information after receiving the authentication response information returned by the cloud card communication server;

and the certificate state acquisition unit is used for acquiring the certificate state returned by the cloud certificate SDK after the authentication response information is sent to the cloud certificate SDK.

In one embodiment, the apparatus further comprises:

the signature application request information acquisition unit is used for initiating a signature to the cloud license communication SDK after acquiring the certificate state returned by the cloud license communication SDK so as to acquire the signature application request information returned by the cloud license communication SDK;

The signature application request initiating unit is used for sending the signature application request information and the transaction related information to the service server so as to return the signature application response information after the service server forwards the transaction related information carrying the signature application request information to the cloud card communication server and receives the signature application response information returned by the cloud card communication server;

the signature completion request information acquisition unit is used for requesting acquisition of signature application return information through the cloud card SDK so as to acquire the signature completion request information returned by the cloud card SDK;

the signature completion request initiating unit is used for sending the signature completion request information to the service server so that the service server can send the signature completion request information to the cloud card communication server and return the signature completion response information after receiving the signature completion response information returned by the cloud card communication server;

and the response sending unit is used for receiving the signature completion response information and sending the signature completion response information to the cloud license SDK.

In one embodiment, the apparatus further comprises:

the certificate application request information acquisition unit is used for initiating certificate downloading to the cloud certificate passing SDK after acquiring the certificate state returned by the cloud certificate passing SDK so as to acquire the certificate application request information returned by the cloud certificate passing SDK;

The certificate application request initiating unit is used for sending the certificate application request information to the service server so as to return the certificate application response information after the service server forwards the certificate application request information to the cloud certificate passing server and receives the certificate application response information returned by the cloud certificate passing server;

the certificate download request information acquisition unit is used for requesting to acquire certificate application response information through the cloud certificate general SDK so as to acquire the certificate download request information returned by the cloud certificate general SDK;

the certificate downloading request initiating unit is used for sending the certificate downloading request information to the service server so that the service server can send the certificate downloading request information to the cloud certificate passing server and return the certificate downloading response information after receiving the certificate downloading response information returned by the cloud certificate passing server;

and the response sending unit is used for receiving the certificate download response information and sending the certificate download response information to the cloud license SDK.

In a third aspect of the present disclosure, an electronic device is provided. The electronic device includes: a processor; and a memory storing executable instructions that, when executed by the processor, cause the electronic device to perform the method of the first aspect.

In a fourth aspect of the present disclosure, there is provided a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the method of the first aspect.

The technical scheme provided by the embodiment of the invention has the beneficial technical effects that:

the embodiment of the invention discloses a method for acquiring cloud card communication information by any APP on a mobile terminal through a cloud card communication SDK request so as to acquire authentication request information returned by the cloud card communication SDK; the authentication request information is sent to a service server, so that the service server forwards the authentication request information to a cloud card communication server and returns authentication response information after receiving the authentication response information returned by the cloud card communication server; after the authentication response information is sent to the cloud license general SDK, the certificate state returned by the cloud license general SDK is obtained, and the scattered secret key and the scene certificate signature flow are integrated and unified, so that the development cost of introducing digital certificates in other subsequent business scenes can be saved, and the signature accuracy can be improved.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the following description will briefly explain the drawings required to be used in the description of the embodiments of the present invention, and it is apparent that the drawings in the following description are only some of the embodiments of the present invention, and other drawings may be obtained according to the contents of the embodiments of the present invention and these drawings without any inventive effort for those skilled in the art.

FIG. 1 is a schematic diagram of a distributed key signature architecture in a mobile-side digital certificate architecture in the prior art;

FIG. 2 is a schematic diagram of a field Jing Miyao signature architecture in a mobile-side digital certificate architecture in the prior art;

FIG. 3 is a schematic diagram of a prior art data retention model;

FIG. 4 is a schematic diagram of an overall business architecture of a unified digital security services method provided in accordance with an embodiment of the present invention;

FIG. 5 is a schematic diagram of a unified digital signature service architecture of a mobile terminal in a unified digital security service method according to an embodiment of the present invention;

FIG. 6 is a flow chart of a unified digital security services method provided in accordance with an embodiment of the present invention;

FIG. 7 is a flow diagram of a method for signing business flow in a unified digital security service according to an embodiment of the present invention;

FIG. 8 is an interactive schematic diagram of a signature business process in a unified digital security service provided according to an embodiment of the present invention;

FIG. 9 is a flowchart of a method for downloading certificate business in a unified digital security service according to an embodiment of the present invention;

FIG. 10 is an interactive schematic diagram of a download certificate business process in a unified digital security service according to an embodiment of the present invention;

FIG. 11 is an interactive schematic diagram of a scene certificate digital signature process in a unified digital security service according to an embodiment of the present invention;

FIG. 12 is an interactive schematic diagram of a signature data processing procedure in a unified digital security service according to an embodiment of the present invention;

fig. 13 is a schematic structural diagram of a unified digital security service device according to an embodiment of the present invention;

FIG. 14 is another schematic diagram of another unified digital security services device provided in accordance with an embodiment of the invention;

FIG. 15 is a schematic diagram of another unified digital security services device according to an embodiment of the present invention;

fig. 16 shows a schematic diagram of an electronic device suitable for use in implementing embodiments of the invention.

Detailed Description

In order to make the technical problems solved, the technical solutions adopted and the technical effects achieved by the embodiments of the present invention more clear, the technical solutions of the embodiments of the present invention will be described in further detail below with reference to the accompanying drawings, and it is apparent that the described embodiments are only some embodiments, but not all embodiments of the present invention. All other embodiments, which are obtained by a person skilled in the art without making any inventive effort, are intended to fall within the scope of protection of the embodiments of the present invention.

It should be noted that the terms "system" and "network" are often used interchangeably herein in embodiments of the present invention. Reference to "and/or" in embodiments of the invention is intended to include any and all combinations of one or more of the associated listed items. The terms first, second and the like in the description and in the claims and drawings are used for distinguishing between different objects and not for limiting a particular order.

It should be noted that, in the embodiments of the present invention, the following embodiments may be executed separately, or the embodiments may be executed in combination with each other, and the embodiments of the present invention are not limited thereto.

The names of messages or information interacted between the various devices in the embodiments of the present disclosure are for illustrative purposes only and are not intended to limit the scope of such messages or information.

The technical scheme of the embodiment of the invention is further described below by means of specific implementation mode in combination with the attached drawings.

The embodiment can be applied to the situation that a plurality of APP on the mobile terminal uniformly carry out digital security services such as digital certificate downloading, digital signature, scene certificate application, signature and the like,

Compared with the prior art, from the two aspects of a signature mode and processing efficiency, the existing digital certificate signature adopts an independent signature data model of each business scene and signature data to maintain and store respectively. In this way, the following problems are encountered: firstly, when the signature service scenes of the access digital certificates are continuously increased, the cost of input workload is multiplied, the digital certificate signatures are introduced for a plurality of times, so that the uniformity of the signature models is not facilitated, in addition, when the signature service models are changed, the corresponding transformation is required to be uniformly carried out on each access scene, the transformation workload is multiplied, the input cost is more, and the later maintenance is not convenient. Secondly, in the aspect of signature service correctness, the probability of occurrence of problems of multiple sets of signature services is increased exponentially, and when a certain service scene signature has problems, the correctness of the whole digital certificate signature is reduced; 3. in the aspect of signature data retention, each scene is retained independently, the workload cost investment is huge, and the error probability of a plurality of sets of data retention models is increased by times.

The implementation integrates the scattered secret keys and the scene certificate signature flow through the mobile terminal unified digital certificate signature service, and as shown in fig. 5, functions of digital certificate authentication, application, downloading, installation, signature and the like are cohesive, public service logic integration is performed, a digital certificate signature interface is integrated, and service function scene access flow and a data model are standardized. When a new service scene needs to introduce digital certificate signature, signature service logic and data retention service can be realized by only calling the digital certificate signature service, and the mobile terminal unified digital signature service has the greatest advantages of unifying a signature model and a data model, so that development cost of introducing digital certificates in other subsequent service scenes can be saved, and signature accuracy can be improved.

The method of this embodiment may be performed by a unified digital security service device configured on any APP on a mobile terminal, and fig. 6 shows a flow chart of a unified digital security service method provided by the embodiment of the present invention, as shown in fig. 6, where the unified digital security service method of this embodiment includes:

in step S610, the cloud license side SDK requests to obtain the cloud license side information, so as to obtain the authentication request information returned by the cloud license side SDK.

In step S620, the authentication request information is sent to a service server, so that the service server returns the authentication response information after forwarding the authentication request information to a cloud license server and receiving the authentication response information returned by the cloud license server.

In step S630, after the authentication response information is sent to the cloud license SDK, a certificate status returned by the cloud license SDK is obtained.

The above procedure is used to authenticate the user credentials state. After this, digital security services such as digital signing and digital certificate downloading may also be performed.

Fig. 7 is a flow diagram of a method for signing a service flow in a unified digital security service according to an embodiment of the present invention, and fig. 8 is an interaction diagram of a signing service flow in a unified digital security service according to an embodiment of the present invention, where when a user certificate is installed and not expired, the signing service flow is shown in fig. 8, and the service is composed of three service interactions including authentication, signing application, and signing completion.

In the interaction diagram shown in fig. 8, the distributed key digital certificate signature: under the mobile terminal software environment, a national encryption algorithm can be adopted to authenticate the distributed key digital certificate, and the signature technology adopts the private key distributed generation storage based on an asymmetric encryption algorithm (SM 2 algorithm) and the multi-private key cooperation prior technology. When the private key is generated, private key segments which are mutually independent in storage are respectively generated in the mobile terminal security module and the cloud system, and the private key cannot be completely generated; and when in digital signature, the mobile terminal security module and the cloud system complete independent digital signature by using the private key segments stored respectively, and complete signature data is generated by combining.

Cloud syndrome-dredging SDK: is a development package integrated at the mobile phone end, has the functions of certificate management, key decentralized operation and the like, provides an external interface for mobile phone APP to call, and provides the product by CFCA

Cell phone APP: integrating the cloud license communication SDK, realizing service by calling an interface of the SDK, and realizing communication between the cloud license communication SDK and a cloud license communication server by communication between the cloud license communication SDK and the service server;

service server: docking the mobile phone APP, completing the back-end service of the mobile phone APP, and realizing communication between the cloud card communication SDK and the cloud card communication server;

Cloud card communication server: the cloud certificate server and the cloud certificate SDK are matched to realize the functions of downloading cloud certificates to the mobile phone, signing keys in a scattered manner and the like, an external interface is provided, and the cloud certificate server and the cloud certificate SDK are provided by the CFCA.

As shown in fig. 7, from the perspective of any APP on the mobile terminal, the unified digital security service method described in this embodiment includes:

in step S710, acquiring cloud license communication information through a cloud license communication SDK request to acquire authentication request information returned by the cloud license communication SDK.

As shown in the interaction diagram of fig. 8, the mobile phone APP requests to the cloud license service SDK to acquire cloud license service information.

In step S720, the authentication request information is sent to a service server, so that the service server forwards the authentication request information to a cloud license server and returns the authentication response information after receiving the authentication response information returned by the cloud license server.

As shown in the interaction diagram of fig. 8, after receiving authentication request information returned by the cloud license service SDK, the mobile phone APP sends the authentication request information to a service server, and the service server sends the authentication request information to the cloud license service server, so that after the cloud license service server returns authentication response information, the service server returns authentication response information to the mobile phone APP;

In step S730, after the authentication response information is sent to the cloud license SDK, a certificate status returned by the cloud license SDK is obtained.

As shown in the interaction diagram of fig. 8, the mobile phone APP returns the received authentication response information to the cloud license SDK to obtain information such as a certificate state returned by the cloud license SDK and a PIN code state;

in step S740, a signature is initiated to the cloud license service SDK to obtain signature application request information returned by the cloud license service SDK.

As shown in the interaction diagram of fig. 8, the mobile phone APP initiates a signature to the cloud card service SDK, inputs a PIN code, and receives signature application request information returned by the cloud card service SDK;

in step S750, the signature application request information and the transaction related information are sent to the service server, so that after the service server forwards the transaction related information carrying the signature application request information to the cloud card server and receives signature application response information returned by the cloud card server, the signature application response information is returned.

As shown in the interaction diagram of fig. 8, the mobile phone APP sends transaction related information and signature application request information to the service server, so that the service server sends an assembled transaction original document to the cloud card server, including submitting the transaction original document and the signature application request information, and returns the assembled transaction original document to the mobile phone APP after receiving signature application response information returned by the cloud card server;

In step S760, the signature application return information is requested to be obtained by the cloud license SDK, so as to obtain the signature completion request information returned by the cloud license SDK.

As shown in the interaction diagram of fig. 8, the mobile phone APP sends the received signature application return information to the cloud license service SDK, and obtains signature completion request information returned by the cloud license service SDK.

In step S770, the signature completion request information is sent to the service server, so that the service server forwards the signature completion request information to a cloud license server and returns the signature completion response information after receiving the signature completion response information returned by the cloud license server.

As shown in the interaction diagram of fig. 8, the mobile phone APP sends signature completion request information to the service server, so that after the service server forwards the signature completion request information to the cloud license server, signature completion response information returned by the cloud license server is returned to the mobile phone APP.

In step S780, the signature completion response information is received and sent to the cloud license SDK.

As shown in the interaction diagram of fig. 8, after receiving the signature completion response information forwarded by the service server, the mobile phone APP sends signature final completion information to the cloud license SDK, and ends.

According to one or more embodiments of the present disclosure, when acquiring the certificate status returned by the cloud license SDK, if necessary, the PIN code status returned by the cloud license SDK may also be acquired. And a PIN code can be input when a signature is initiated to the cloud license general SDK. After the service server forwards the transaction related information carrying the signature application request information to the cloud card communication server, if necessary, the cloud card communication server can also verify the PIN code.

Fig. 9 is a flow chart of a method for downloading a certificate service flow in a unified digital security service according to an embodiment of the present invention, and fig. 10 is an interaction diagram of a flow for downloading a certificate service in a unified digital security service according to an embodiment of the present invention, where when a user certificate is not installed or has expired, the flow for downloading a certificate service interaction is shown in fig. 10, and the service is composed of three service interactions including authentication, certificate application, and certificate downloading.

Authentication user credentials status: before the signing process, the mobile phone APP certificate module and the cloud certificate module acquire user certificate states, authentication additional information returned by the cloud certificate general server is encrypted by a digital envelope, two vertical lines are divided into two Base64 character strings, the front half part is symmetric encrypted ciphertext of SDKRESInfo, and the rear half part is asymmetric encrypted ciphertext (request key pair) of a random symmetric key.

Certificate application: apply for a certificate to CFCA, precondition, digital certificate not installed or certificate status expired.

Certificate download: the mobile phone APP end certificate module independently generates a public and private key pair, encrypts and stores the private key, uploads the public key to the cloud end certificate module, the cloud end certificate module independently generates the public and private key pair, encrypts and stores the private key, the cloud end certificate module synthesizes a user public key, adds user information, signs the user public key into a certificate through a CA system, and a user downloads the certificate through the mobile phone APP. The digital certificate application is completed under the precondition.

As shown in fig. 9, from the perspective of any APP on the mobile terminal, the unified digital security service method described in this embodiment includes:

in step S910, the cloud license side SDK requests to obtain the cloud license side information, so as to obtain the authentication request information returned by the cloud license side SDK.

In step S920, the authentication request information is sent to a service server, so that the service server forwards the authentication request information to a cloud license server and returns the authentication response information after receiving the authentication response information returned by the cloud license server.

In step S930, after the authentication response information is sent to the cloud license SDK, a certificate status returned by the cloud license SDK is obtained.

In step S940, a certificate download is initiated to the cloud license service SDK to obtain the certificate application request information returned by the cloud license service SDK.

In step S950, the certificate application request information is sent to the service server, so that after the service server forwards the certificate application request information to the cloud certificate server and receives the certificate application response information returned by the cloud certificate server, the certificate application response information is returned.

In step S960, the request for obtaining the certificate application response information by the cloud license SDK is performed to obtain the certificate download request information returned by the cloud license SDK.

In step S970, the certificate download request information is sent to the service server, so that the service server forwards the certificate download request information to a cloud certificate server, receives the certificate download response information returned by the cloud certificate server, and returns the certificate download response information.

In step S980, the certificate download response information is received and sent to the cloud license SDK.

According to one or more embodiments of the present disclosure, when acquiring the certificate status returned by the cloud license SDK, if necessary, the PIN code status returned by the cloud license SDK may also be acquired. When the certificate download is initiated to the cloud certificate general SDK, a PIN code can be input if necessary. After the service server forwards the certificate application request information to the cloud certificate passing server, if necessary, the cloud certificate passing server can also verify the PIN code.

The scene certificate digital signature can use a national cryptographic algorithm to sign the operation behavior record of a client and the related legal document, so as to ensure the integrity of transaction records and legal text information and prevent tampering, and fig. 11 is an interaction schematic diagram of a scene certificate digital signature process in a unified digital security service provided according to an embodiment of the invention, as shown in fig. 11, the scene certificate digital signature process includes:

in step 1, the browser makes electronic product purchases and signs through application of the micro-service.

In step 2, the application micro-service initiates a signing application to the unified signature service through the public signature interface of the unified digital signature service of the Internet.

In step 3, the unified signing service generates a signature pipeline.

In step 4, the unified signing service initiates a signing application to the signing server.

In step 5, the signature server applies for a certificate to the RA.

In step 6, RA applies for a certificate to CFCA

In step 7, the CFCA issues a certificate to the RA.

In step 8, the RA issues a certificate to the signature server.

In step 9, the signing server signs with the certificate

In step 10, the signature server returns a signature status and a signature value to the unified signature service.

In step 11, the unified signing service retains signature data.

In step 12, the unified signature service returns a signature status to the application micro-service over the internet unified digital signature service public signature interface.

In step 13, the application micro-services issues purchases and subscriptions using the signature.

In step 14, the application micro-service returns a transaction success result or a transaction failure result to the browser.

The key steps are as follows:

generating signature flowing water: a snowflake algorithm is used for generating signature running water and binding signature transactions.

Initiating a signature application: and initiating a signature application to the signature verification server by using the user transaction scene information and the related legal agreement document information.

Application scene certificate: the signature server initiates a scene certificate application, and applies for a scene certificate for each transaction.

Signature: the signature verification service obtains the field Jing Zheng and signs the relevant legal agreement document.

And (5) preserving signature data: and (3) reserving scene evidence and legal agreement file information in a database for subsequent uploading of the image platform and the big data platform.

Fig. 12 is an interaction schematic diagram of a signature data processing flow in a unified digital security service according to an embodiment of the present invention, where signature data is divided into two parts, namely success and failure, and signature success data uses signature stream information to save user transactions from an object storage, which involves legal protocol files and signature data uploading image platform. The signature failure data is transmitted to the big data platform through the number delivery and discharge, and when disputes occur, related evidence materials are provided, so that rights and interests of all parties are effectively ensured. As shown in fig. 12, the signature data processing flow includes:

In step 1, an asynchronous batch task obtains a signature pipeline from a database request.

In step 2, the database returns signature pipeline information to the asynchronous batch task.

In step 3, the asynchronous batch task requests the object store to retrieve the protocol file.

In step 4, the object store returns a protocol file to the asynchronous batch task.

In step 5, the asynchronous batch task collection integration file.

In step 6, the asynchronous batch task uploads the integrated file to the image platform.

In step 7, the asynchronous batch task sends the signature failure data to the data exchange platform

In step 8, the data exchange platform performs dump retention on the big data.

The embodiment can realize multiparty butt joint with CFCA, a headquarter signature verification server, a headquarter image platform system and a big data platform system, signature service data has unified signature service signature nano-tubes and retention, a new data retention model is not required to be developed for each newly added scene, and consistency and accuracy of signature data are improved.

As an implementation of the method shown in the foregoing figures, an embodiment of a unified digital security service device is provided, and fig. 13 shows a schematic structural diagram of the unified digital security service device provided in this embodiment, where the embodiment of the device corresponds to the embodiment of the method shown in fig. 1 to 12, and the device may be specifically configured in any APP on a mobile terminal. As shown in fig. 13, the unified digital security service device according to the present embodiment includes a request information acquisition unit 1310, an authentication response information acquisition unit 1320, and a certificate status acquisition unit 1330.

The request information obtaining unit 1310 is configured to request to obtain cloud license passing information through a cloud license passing SDK, so as to obtain authentication request information returned by the cloud license passing SDK.

The authentication response information obtaining unit 1320 is configured to send the authentication request information to a service server, so that the service server forwards the authentication request information to a cloud license server and returns the authentication response information after receiving the authentication response information returned by the cloud license server.

The certificate status acquiring unit 1330 is configured to acquire a certificate status returned by the cloud license SDK after sending the authentication response information to the cloud license SDK.

The unified digital security service device provided by the embodiment can execute the unified digital security service method provided by the embodiment of the method disclosed by the invention, and has the corresponding functional modules and beneficial effects of the execution method.

Fig. 14 is a schematic structural diagram of another unified digital security service device according to an embodiment of the present invention, and as shown in fig. 14, the unified digital security service device according to this embodiment includes a request information acquiring unit 1410, an authentication response information acquiring unit 1420, a certificate status acquiring unit 1430, a signature application request information acquiring unit 1440, a signature application request initiating unit 1450, a signature completion request information acquiring unit 1460, a signature completion request initiating unit 1470, and a response transmitting unit 1480.

The request information obtaining unit 1410 is configured to obtain, by requesting to obtain cloud license passing information through a cloud license passing SDK, authentication request information returned by the cloud license passing SDK.

The authentication response information obtaining unit 1420 is configured to send the authentication request information to a service server, so that the service server forwards the authentication request information to a cloud license server and returns the authentication response information after receiving the authentication response information returned by the cloud license server.

The certificate status acquisition unit 1430 is configured to acquire the certificate status returned by the cloud license SDK after sending the authentication response information to the cloud license SDK.

The signature application request information obtaining unit 1440 is configured to initiate a signature to the cloud license SDK to obtain signature application request information returned by the cloud license SDK after obtaining the certificate status returned by the cloud license SDK.

The signature application request initiating unit 1450 is configured to send the signature application request information and the transaction related information to the service server, so as to return the signature application response information after the service server forwards the transaction related information carrying the signature application request information to the cloud card communication server and receives the signature application response information returned by the cloud card communication server.

The signature completion request information obtaining unit 1460 is configured to obtain signature application return information by the cloud license SDK request, so as to obtain signature completion request information returned by the cloud license SDK.

The signature completion request initiating unit 1470 is configured to send the signature completion request information to the service server, so that the service server forwards the signature completion request information to a cloud license server and returns the signature completion response information after receiving the signature completion response information returned by the cloud license server.

The response transmitting unit 1480 is configured to receive the signature completion response information and transmit to the cloud license SDK.

Fig. 15 shows a schematic structural diagram of another unified digital security service device according to an embodiment of the present invention, as shown in fig. 15, the unified digital security service device according to this embodiment includes a request information acquisition unit 1510, an authentication response information acquisition unit 1520, a certificate status acquisition unit 1530, a certificate application request information acquisition unit 1540, a certificate application request initiation unit 1550, a certificate download request information acquisition unit 1560, a certificate download request initiation unit 1570, and a response transmission unit 1580.

The request information obtaining unit 1510 is configured to obtain, by requesting the cloud license SDK to obtain the cloud license information, authentication request information returned by the cloud license SDK.

The authentication response information obtaining unit 1520 is configured to send the authentication request information to a service server, so that the service server forwards the authentication request information to a cloud license server and returns the authentication response information after receiving the authentication response information returned by the cloud license server.

The certificate status acquisition unit 1530 is configured to acquire a certificate status returned by the cloud license SDK after sending the authentication response information to the cloud license SDK.

The certificate application request information acquiring unit 1540 is configured to initiate a certificate download to the cloud license service SDK after acquiring the certificate status returned by the cloud license service SDK, so as to acquire the certificate application request information returned by the cloud license service SDK.

The certificate application request initiating unit 1550 is configured to send the certificate application request information to the service server, so that after the service server forwards the certificate application request information to the cloud certificate passing server and receives the certificate application response information returned by the cloud certificate passing server, the certificate application response information is returned.

The certificate download request information obtaining unit 1560 is configured to obtain the certificate application response information by requesting the cloud license SDK to obtain the certificate download request information returned by the cloud license SDK.

The certificate download request initiating unit 1570 is configured to send the certificate download request information to the service server, so that the service server forwards the certificate download request information to a cloud license server and returns the certificate download response information after receiving the certificate download response information returned by the cloud license server.

The response sending unit 1580 is configured to receive the certificate download response information and send the certificate download response information to the cloud license SDK.

Referring now to fig. 16, a schematic diagram of an electronic device 1600 suitable for use in implementing embodiments of the present invention is shown. The terminal device in the embodiment of the present invention is, for example, a mobile device, a computer, or an in-vehicle device built in a floating car, or any combination thereof. In some embodiments, the mobile device may include, for example, a cell phone, smart home device, wearable device, smart mobile device, virtual reality device, etc., or any combination thereof. The electronic device shown in fig. 16 is merely an example, and should not impose any limitation on the functionality and scope of use of embodiments of the present invention.

As shown in fig. 16, the electronic device 1600 may include a processing means (e.g., a central processor, a graphics processor, etc.) 1601 that may perform various suitable actions and processes according to a program stored in a Read Only Memory (ROM) 1602 or a program loaded from a storage means 1608 into a Random Access Memory (RAM) 1603. In the RAM 1603, various programs and data required for the operation of the electronic device 1600 are also stored. The processing device 1601, ROM 1602, and RAM 1603 are connected to each other by a bus 1604. An input/output (I/O) interface 1605 is also connected to the bus 1604.

In general, the following devices may be connected to the I/O interface 1605: input devices 1606 including, for example, a touch screen, a touch pad, a keyboard, a mouse, a camera, a microphone, an accelerometer, a gyroscope, and the like; an output device 1607 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage 1608 including, for example, magnetic tape, hard disk, etc.; communication device 1609. The communication means 1609 may allow the electronic device 1600 to communicate wirelessly or by wire with other devices to exchange data. While fig. 16 shows an electronic device 1600 having various means, it is to be understood that not all illustrated means are required to be implemented or provided. More or fewer devices may be implemented or provided instead.

In particular, according to embodiments of the present invention, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present invention include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flowcharts. In such an embodiment, the computer program may be downloaded and installed from a network via the communication device 1609, or installed from the storage device 1608, or installed from the ROM 1602. When being executed by the processing means 1601, performs the above-described functions defined in the method of the embodiment of the present invention.

It should be noted that, the computer readable medium according to the embodiment of the present invention may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In embodiments of the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In contrast, in embodiments of the present invention, the computer-readable signal medium may comprise a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: electrical wires, fiber optic cables, RF (radio frequency), and the like, or any suitable combination of the foregoing.

The computer readable medium may be contained in the electronic device; or may exist alone without being incorporated into the electronic device.

The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to: acquiring cloud license passing information through a cloud license passing SDK request so as to acquire authentication request information returned by the cloud license passing SDK; the authentication request information is sent to a service server, so that the service server forwards the authentication request information to a cloud card communication server and returns authentication response information after receiving the authentication response information returned by the cloud card communication server; and after the authentication response information is sent to the cloud license management SDK, acquiring a certificate state returned by the cloud license management SDK.

Computer program code for carrying out operations for embodiments of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).

The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

The units involved in the embodiments of the present invention may be implemented in software or in hardware. The name of the unit does not in any way constitute a limitation of the unit itself, for example the first acquisition unit may also be described as "unit acquiring at least two internet protocol addresses".

The above description is only illustrative of the preferred embodiments of the present invention and of the principles of the technology employed. It will be understood by those skilled in the art that the scope of the disclosure in the embodiments of the present invention is not limited to the specific combination of the above technical features, but encompasses other technical features formed by any combination of the above technical features or their equivalents without departing from the spirit of the disclosure. Such as the technical solution formed by mutually replacing the above features and the technical features with similar functions (but not limited to) disclosed in the embodiments of the present invention.

Claims

1. A method of unified digital security services, performed by any APP on a mobile terminal, the method comprising:

after the authentication response information is sent to the cloud license communication SDK, acquiring a certificate state returned by the cloud license communication SDK;

After the certificate state returned by the cloud certificate passing SDK is obtained, the method further comprises the following steps:

receiving the signature completion response information and sending the signature completion response information to the cloud license communication SDK;

the obtaining the certificate status returned by the cloud license passing SDK further comprises: acquiring a PIN code state returned by the cloud license general SDK;

2. The method of claim 1, further comprising, after obtaining the certificate status returned by the cloud license passing SDK:

3. The method of claim 2, wherein obtaining the certificate status returned by the cloud license passing SDK further comprises: acquiring a PIN code state returned by the cloud license general SDK;

4. A unified digital security service device, configured in any APP on a mobile terminal, the device comprising:

the certificate state acquisition unit is used for acquiring the certificate state returned by the cloud certificate SDK after sending the authentication response information to the cloud certificate SDK;

The apparatus further comprises:

The response sending unit is used for receiving the signature completion response information and sending the signature completion response information to the cloud license communication SDK;

5. The apparatus of claim 4, wherein the apparatus further comprises:

6. An electronic device, comprising:

one or more processors; and

a memory for storing executable instructions that, when executed by the one or more processors, cause the electronic device to perform the method of any of claims 1-3.

7. A computer readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, implements the method according to any of claims 1-3.