CN113919007A

CN113919007A - Data signature method and device, electronic equipment and computer readable storage medium

Info

Publication number: CN113919007A
Application number: CN202111248329.6A
Authority: CN
Inventors: 沈雪冰; 浦雨三; 贺鑫; 靳立法
Original assignee: Boya Zhongke Beijing Information Technology Co ltd
Current assignee: Boya Zhongke Beijing Information Technology Co ltd
Priority date: 2021-10-26
Filing date: 2021-10-26
Publication date: 2022-01-11

Abstract

The embodiment of the application provides a data signature method and device, electronic equipment and a computer readable storage medium, and relates to the field of data processing. The method is applied to first electronic equipment and comprises the following steps: acquiring signature indicating information, sending the corresponding data to be signed to second electronic equipment through preset communication connection according to the signature indicating information, and indicating the second electronic equipment to sign the data to be signed; the preset communication connection is established in a manner that the first electronic device and the second electronic device are in close-range communication connection. According to the embodiment of the application, a special safety data transmission channel is established between the electronic devices in a near field communication mode, and the data to be signed and the signature result are transmitted based on the safety data transmission channel, so that the data signature process is simplified, and the safety is high.

Description

Data signature method and device, electronic equipment and computer readable storage medium

Technical Field

The present application relates to the field of data processing technologies, and in particular, to a data signature method and apparatus, an electronic device, and a computer-readable storage medium.

Background

In the mobile office scene of the internet, a collaborative signature technology is mostly adopted to realize the secure access of a mobile communication intelligent terminal APP (Application, mobile phone software). The collaborative signature technology adopts SM2 algorithm to divide the signature key, and issues a digital certificate for the mobile intelligent terminal, and completes digital signature based on collaborative operation of a collaborative signature SDK (Software Development Kit) soft module of the mobile communication intelligent terminal APP and a collaborative signature server, thereby realizing the business security access of the mobile communication intelligent terminal APP without special media.

In order to not change the office habit of using a PC (Personal Computer) by a user, two ways of introducing a collaborative signature technology into a PC end have been provided so as to realize secure access based on no special media at the PC end. One is that a collaborative signature SDK soft module of a PC end is developed, the PC end carries out cryptographic operations such as digital signature, encryption and decryption and the like by calling the SDK soft module of the local computer, so that the safe access of services is realized, but the security of the collaborative signature SDK soft module of the PC end is lower, the security of the whole application system is reduced, and the collaborative signature SDK soft module can become a security risk point of the application system; secondly, a PC terminal is adopted to generate a two-dimensional code of data to be signed, a service application APP on a mobile communication intelligent terminal carried by a user finishes code scanning to read the data to be signed, and a collaborative signature SDK soft module based on the bottom layer of the APP realizes the safe service access of the PC.

Disclosure of Invention

The embodiment of the application provides a data signature method and device, electronic equipment and a computer readable storage medium, and is used for solving the technical problems that the PC-side collaborative signature technology is low in security and complex in operation in the prior art.

According to an aspect of the embodiments of the present application, there is provided a method for data signature, the method being applied to a first electronic device, and the method including:

acquiring signature indication information;

sending the corresponding data to be signed to the second electronic equipment through preset communication connection according to the signature indication information, and indicating the second electronic equipment to perform signature processing on the data to be signed;

the preset communication connection is established in a manner that the first electronic device and the second electronic device are in close-range communication connection.

Optionally, before obtaining the signature indication information, the method includes:

and receiving a data access request of the second electronic equipment, and establishing a preset communication connection under the condition of being in close-range communication connection with the second electronic equipment.

Optionally, the establishing a preset communication connection includes:

and generating identification information through the first preset communication module, and indicating the second electronic equipment to establish preset communication connection with the first electronic equipment according to the identification information.

According to another aspect of the embodiments of the present application, there is provided a method for data signature, the method being applied to a second electronic device, and the method including:

acquiring signature indication information;

receiving data to be signed sent by first electronic equipment through a preset communication connection according to the signature indication information, and carrying out signature processing on the data to be signed; the data to be signed is data corresponding to the signature indication information; the preset communication connection is established in a manner that the first electronic device and the second electronic device are in close-range communication connection.

and sending a data access request to the first electronic equipment, and establishing a preset communication connection under the condition of being in close-range communication connection with the first electronic equipment.

Optionally, the signing processing is performed on the data to be signed, and includes:

and calling a signature Software Development Kit (SDK) to instruct a server to sign the data to be signed.

According to another aspect of the embodiments of the present application, there is provided a data signing apparatus, which is applied to a first electronic device, and includes:

the first acquisition module is used for acquiring the signature indication information;

the indication module is used for sending the corresponding data to be signed to the second electronic equipment through the preset communication connection according to the signature indication information and indicating the second electronic equipment to carry out signature processing on the data to be signed;

Optionally, the apparatus further comprises:

the first establishing module is used for receiving a data access request of the second electronic equipment and establishing a preset communication connection under the condition that the second electronic equipment is in close-range communication connection.

Optionally, the first establishing module includes:

and the first establishing submodule is used for generating identification information through the first preset communication module and indicating the second electronic equipment to establish preset communication connection with the first electronic equipment according to the identification information.

According to another aspect of the embodiments of the present application, there is provided a data signing apparatus, which is applied to a second electronic device, and includes:

the second acquisition module is used for acquiring the signature indication information;

the signature module is used for receiving the data to be signed sent by the first electronic equipment through the preset communication connection according to the signature indication information and carrying out signature processing on the data to be signed; the data to be signed is data corresponding to the signature indication information; the preset communication connection is established in a manner that the first electronic device and the second electronic device are in close-range communication connection.

Optionally, the apparatus further comprises:

and the second establishing module is used for sending a data access request to the first electronic equipment and establishing preset communication connection under the condition that the first electronic equipment is in close-range communication connection.

Optionally, the signature module comprises:

and the signature submodule is used for calling the signature software development kit SDK to indicate the server to sign the data to be signed.

According to another aspect of embodiments of the present application, there is provided an electronic device, including a memory, a processor, and a computer program stored on the memory, the processor executing the computer program to implement the steps of the data signing method of any one of the above aspects.

According to a further aspect of embodiments of the present application, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the data signing method of any one of the above aspects.

The technical scheme provided by the embodiment of the application has the following beneficial effects:

a special safety data transmission channel is established between the electronic devices in a near field communication mode, and the data to be signed and the signature result are transmitted based on the safety data transmission channel, so that the data signature process is simplified, and the safety is high.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings used in the description of the embodiments of the present application will be briefly described below.

Fig. 1 is a schematic flow chart of a data signing method according to an embodiment of the present application;

fig. 2 is a second schematic flowchart of a data signing method according to an embodiment of the present application;

fig. 3 is a schematic diagram of a system architecture for implementing a data signature method according to an embodiment of the present application;

fig. 4 is a third schematic flowchart of a data signing method according to an embodiment of the present application;

fig. 5 is a schematic structural diagram of a data signing apparatus according to an embodiment of the present application;

fig. 6 is a second schematic structural diagram of a data signing apparatus according to an embodiment of the present application;

fig. 7 is a schematic structural diagram of an electronic device for data signature according to an embodiment of the present application.

Detailed Description

Embodiments of the present application are described below in conjunction with the drawings in the present application. It should be understood that the embodiments set forth below in connection with the drawings are exemplary descriptions for explaining technical solutions of the embodiments of the present application, and do not limit the technical solutions of the embodiments of the present application.

As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should be further understood that the terms "comprises" and/or "comprising," when used in this specification in connection with embodiments of the present application, specify the presence of stated features, information, data, steps, operations, elements, and/or components, but do not preclude the presence or addition of other features, information, data, steps, operations, elements, components, and/or groups thereof, as embodied in the art. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. The term "and/or" as used herein indicates at least one of the items defined by the term, e.g., "a and/or B" indicates either an implementation as "a", or an implementation as "a and B".

To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.

The technical solutions of the embodiments of the present application and the technical effects produced by the technical solutions of the present application will be described below through descriptions of several exemplary embodiments. It should be noted that the following embodiments may be referred to, referred to or combined with each other, and the description of the same terms, similar features, similar implementation steps and the like in different embodiments is not repeated.

An embodiment of the present application provides a method for data signature, which is applied to a first electronic device, and as shown in fig. 1, the method includes:

step S101, signature indication information is acquired.

The first electronic device may be a Personal Computer (PC) of a user, and the second electronic device may be a mobile terminal of the user, such as an electronic device like a mobile phone or a tablet Computer. One first electronic device may correspond to one second electronic device, or may correspond to a plurality of second electronic devices.

And the user accesses the service application system by using the first electronic equipment to obtain the data to be signed which needs to be subjected to data signature. The security of directly adopting the first electronic device to sign the data to be signed is low, so the embodiment of the application provides a data signing method. And the first electronic equipment and the second electronic equipment are connected through preset communication to carry out data transmission.

The signature indication information may be information for confirming that the predetermined communication connection is normal. And the first electronic equipment acquires the signature indication information and confirms that the signature operation can be normally executed on the basis of normal preset communication connection. The signature indication information may be locally and actively acquired by the first electronic device, or may be acquired by the first electronic device and the second electronic device in a two-way manner through data interaction.

It should be noted that the embodiment of the application is applied to a case that the preset communication connection between the first electronic device and the second electronic device is already established, and when the first electronic device acquires the signature indication information, the first electronic device may directly send the data to be signed to the second electronic device through the preset communication connection. Data interaction between the first electronic equipment and the second electronic equipment is carried out through the preset communication connection, and data are prevented from being leaked.

Step S102, according to the signature indication information, sending the corresponding data to be signed to second electronic equipment through preset communication connection, and indicating the second electronic equipment to carry out signature processing on the data to be signed;

And the first electronic equipment sends the corresponding data to be signed to the second electronic equipment through the preset communication connection according to the signature indication information, and instructs the second electronic equipment to carry out signature processing on the data to be signed.

Correspondingly, the second electronic device receives the data to be signed, calls a local signature SDK (Software Development Kit) to perform data interaction with the server, realizes signature processing of the data to be signed, feeds back a signature result to the first electronic device through preset communication connection after the signature processing is completed, and feeds back the signature result to the service application system according to needs by the first electronic device. The server in the embodiment of the application may be a collaborative signature server, and the second electronic device may perform signature processing on the data to be signed by using a collaborative signature method.

The preset communication connection is a communication channel which is established in advance between the first electronic device and the second electronic device, and the preset communication connection is established in a close-range communication connection mode between the first electronic device and the second electronic device.

In the embodiment of the application, the preset communication connection is established between the first electronic device and the second electronic device, when a user needs to sign the data to be signed of the first electronic device by using the second electronic device, the user only needs to send the data to be signed to the second electronic device according to the signature indication information, the communication connection is not needed to be established again, other operations such as code scanning are not needed, and the operation flow of the user is simplified when the data signature is carried out for multiple times.

The data signing method applied to the first electronic device, provided by the embodiment of the application, is used for acquiring signature indicating information, sending corresponding data to be signed to the second electronic device through preset communication connection according to the signature indicating information, and indicating the second electronic device to sign the data to be signed; the preset communication connection is established in a manner that the first electronic device and the second electronic device are in close-range communication connection.

According to the embodiment of the application, the preset communication connection between the first electronic device and the second electronic device is established in a near field communication mode, the safety of data transmission between the first electronic device and the second electronic device is ensured, the processing operation of the data to be signed for multiple times can be completed based on the preset communication connection, the process of signing the data to be signed of the first electronic device is simplified, and the high-reliability application processing of a business application system is facilitated. Meanwhile, the data to be signed acquired by the first electronic device is transmitted to the second electronic device for signature processing, so that the problem of low safety caused by installation of the signature SDK on the first electronic device is avoided.

The embodiment of the present application provides a method for data signature, which is applied to a first electronic device, and as shown in fig. 1 and 2, the method includes:

step S101, signature indication information is acquired.

The first electronic device may be a PC of a user, and the second electronic device may be a mobile terminal of the user, such as an electronic device like a mobile phone or a tablet computer. One first electronic device may correspond to one second electronic device, or may correspond to a plurality of second electronic devices.

A preset communication connection is established between the first electronic device and the second electronic device, and the first electronic device and the second electronic device ensure safe transmission of data based on the preset communication connection.

In an application scenario, a first electronic device actively acquires confirmation information that a preset communication connection is normal, namely signature indication information, locally according to related information of the preset communication connection, for example, a name of the preset communication connection. In another application scenario, the first electronic device and the second electronic device perform data interaction, respectively confirm that the connection is normal from the ports at the two ends of the preset communication connection, and perform bidirectional feedback, thereby obtaining signature indication information.

As shown in fig. 3, the system architecture of the method for implementing data signature is schematically illustrated, the service application system may be a service application system that a user requests to access or request to perform service data processing through the first electronic device; the server may be a collaborative signature server, and the collaborative signature server is a network server that performs signature operation on data to be signed corresponding to the service request of the first electronic device.

The business application system corresponds to a business application system server, and the first electronic device corresponds to a business application system client. The user initiates a related service request to the service application system through the first electronic device, so that the service application system feeds back the data to be signed corresponding to the service request to the first electronic device.

The first electronic equipment acquires corresponding data to be signed, transmits the data to be signed to the second electronic equipment, and instructs the second electronic equipment to sign the data to be signed.

Taking an example that one first electronic device corresponds to one second electronic device, a user signs data to be signed corresponding to a related service request initiated by the first electronic device through the second electronic device. Before that, the first electronic device acquires the signature indication information, and accordingly sends the corresponding data to be signed to the second electronic device according to the signature indication information.

It should be noted that, in the embodiment of the present application, a manner of obtaining the signature indication information is not limited.

In a preferred embodiment of the present application, before the step S101 acquires the signature indication information, the method includes:

The data access request is a request of the second electronic device for requesting the secure data access with the first electronic device, and can also be understood as a request for establishing a preset communication connection. The first electronic device and the second electronic device realize the transmission of the data to be signed and the signature result based on the preset communication connection, so that the first electronic device receives the data access request of the second electronic device before acquiring the signature indication information, and establishes the preset communication connection under the condition of being in close-range communication connection with the second electronic device.

In a preferred embodiment of the present application, the establishing of the preset communication connection includes:

The first electronic device and the second electronic device both have a secure communication module, wherein the secure communication module of the first electronic device is a first preset communication module, and the secure communication module of the second electronic device is a second preset communication module. Specifically, the preset communication connection established between the first electronic device and the second electronic device is established between a first preset communication module of the first electronic device and a second preset communication module of the second electronic device.

The safety communication module is pre-installed on the first electronic device and the second electronic device in a software mode, and the main functions of the safety communication module comprise:

(1) and generating connection related information of the electronic equipment, and taking charge of equipment discovery operation when the related electronic equipment is connected. For example, a first preset communication module on a first electronic device generates identification information, and according to the identification information, connection between the first electronic device and a second electronic device can be achieved, that is, a preset communication connection between the first electronic device and the second electronic device is established. The mode of establishing the preset communication connection can be based on Bluetooth and a local area network to perform two-dimensional code scanning connection or data connection lines to perform two-dimensional code scanning connection and the like.

(2) And performing identity authentication of the electronic equipment. The first preset communication module on the first electronic device and the second preset communication module on the second electronic device are initialized in advance, and relevant parameters are configured, so that the secure communication module can perform bidirectional identity authentication on the first electronic device and the second electronic device based on the preconfigured relevant parameters. The identity authentication of the electronic equipment can be applied to the technologies of ID check, password authentication and the like. And when the bidirectional identity authentication passes, establishing a preset communication connection.

(3) Receive, transmit, and forward data. The related indication information and related data between the first electronic device and the second electronic device can be received, transmitted and forwarded through a preset safety communication module, so that the safety and reliability of data transmission are ensured.

When the user uses the first electronic device, the user sends a related service request to the service application system by clicking a key or other triggering modes. Further, the service application system feeds back the data to be signed corresponding to the service request to the first electronic device according to the service request, and instructs the first electronic device to generate corresponding identification information.

The method comprises the steps that a first preset communication module of first electronic equipment generates corresponding identification information, wherein the identification information comprises a first electronic equipment identification. The instructing, by the first electronic device, the second electronic device to establish the preset communication connection with the first electronic device according to the identification information may include: the method comprises the steps that first electronic equipment directly sends identification information to second electronic equipment and indicates the second electronic equipment to establish preset communication connection with the first electronic equipment; or the first electronic equipment displays the identification information to the second electronic equipment and indicates the second electronic equipment to establish the preset communication connection with the first electronic equipment.

In this embodiment of the application, the identification information may be two-dimensional code information. That is to say, the first electronic device may also instruct the second electronic device to establish the preset communication connection in a manner of displaying the two-dimensional code information.

For example, the first electronic device generates corresponding two-dimensional code information through a first preset communication module, where the two-dimensional code information includes a first electronic device identifier. Further, the second electronic device scans the two-dimensional code information displayed by the first electronic device, obtains the first electronic device identifier, and sends a data access request to the first electronic device according to the first electronic device identifier.

Specifically, when the second electronic device determines that the first electronic device is in close-range communication connection with the second electronic device, a data access request is transmitted to the first electronic device. Therefore, the first preset communication module of the first electronic device and the second preset communication module of the second electronic device establish preset communication connection.

After the preset communication connection is established between the first electronic device and the second electronic device based on the data access request, the first electronic device may obtain the signature indication information and indicate that the second electronic device performs a data signature operation.

It should be noted that, in an application scenario, a user uses a first electronic device to obtain data to be signed, and displays a two-dimensional code including an identifier of the first electronic device, and the user uses a second electronic device to scan the two-dimensional code, so as to establish a preset communication connection between the first electronic device and the second electronic device. Further, the second electronic device obtains the data to be signed based on the signature indication information and carries out signature. In this case, the user performs the data signature for the first time or does not perform the data signature for the first time, and both the first electronic device and the second electronic device need to acquire the signature indication information to confirm that the preset communication connection is normal. The two-dimensional code is only used for establishing preset communication connection between the first electronic device and the second electronic device.

In another application scenario, a user uses the first electronic device to acquire data to be signed and displays a two-dimensional code comprising the first electronic device identifier and the data to be signed, and the user uses the second electronic device to scan the two-dimensional code, so that the corresponding data to be signed can be directly acquired and preset communication connection is established. Under the condition that a user signs data for the first time, the data to be signed can be directly acquired without acquiring signature indication information. And under the condition that the user does not sign the data for the first time, the first electronic equipment and the second electronic equipment still need to acquire signature indication information to confirm that the preset communication connection is normal.

In the two application scenarios, when the user does not perform data signature for the first time, the user does not need to scan the code again, the data to be signed can be directly acquired for signature, the signature process when performing data signature for multiple times is simplified, and the user experience is improved.

Specifically, for example, in the first application scenario, before the first electronic device obtains the signature indication information, a data access request of the second electronic device is received, and a preset communication connection is established based on the data access request. After the preset communication connection is established, the first electronic device sends the data to be signed corresponding to the signature indication information acquired for the first time to the second electronic device based on the preset communication connection, and the second electronic device is instructed to perform signature processing.

Further, when the first electronic device acquires the signature indication information again under the condition that the preset condition is met, the first electronic device directly feeds back corresponding data to be signed to the second electronic device based on the established preset communication connection without establishing the preset communication connection again.

The condition that the preset condition is met may mean that the time of the current data signature meets the preset time, or the amount of money corresponding to the current data signature meets the preset amount of money, or both the time of the current data signature and the amount of money corresponding to the current data signature meet the preset condition.

The specific preset condition may be adjusted correspondingly by adjusting the interface parameter of the configuration file, which is not limited in the embodiment of the present application.

According to the embodiment of the application, the first electronic device and the second electronic device can directly transmit the safety data in a preset communication connection mode. Under the condition that the preset condition is met, the second electronic equipment can acquire the corresponding data to be signed only by completing the operation of identifying the identification information once, the process of signing the data to be signed of the first electronic equipment by using the second electronic equipment for multiple times is simplified, and meanwhile, the safety of data transmission can be ensured by presetting the communication connection.

In a preferred embodiment of the present application, the near field communication connection includes bluetooth connection, lan connection, and physical communication data line connection.

For example, bluetooth modules exist on a first electronic device and a second electronic device, the first electronic device or the second electronic device starts the bluetooth modules to scan nearby devices, pairing connection is performed in a bluetooth pairing connection mode, after the bluetooth connection is successful, a first preset communication module on the first electronic device and a second preset communication module on the second electronic device are started, the first preset communication module on the first electronic device generates two-dimensional code information, the second electronic device scans the two-dimensional code to realize bidirectional identity authentication, and when the identity authentication passes, the preset communication connection between the first electronic device and the second electronic device is established based on the bluetooth connection.

The first electronic device and the second electronic device can also join the same local area network through the WiFi local area network ID. The second electronic equipment acquires network identification information of the first electronic equipment through the local area network, initiates a connection request to the first electronic equipment, starts a first preset communication module on the first electronic equipment and a second preset communication module on the second electronic equipment after the local area network is successfully connected, the first preset communication module on the first electronic equipment generates two-dimensional code information, the second electronic equipment scans the two-dimensional code to realize bidirectional identity authentication, and when the identity authentication passes, the preset communication connection between the first electronic equipment and the second electronic equipment is established based on the local area network connection.

The first electronic device and the second electronic device can also be connected in a close range in a physical communication data line connection mode, after the devices at two ends of the data line discover the devices, a first preset communication module on the first electronic device generates two-dimensional code information, the second electronic device scans the two-dimensional code to realize bidirectional identity authentication, and when the identity authentication passes, the preset communication connection between the first electronic device and the second electronic device is established based on the physical communication data line connection.

It should be noted that the preset communication connection in the embodiment of the present application is established in a short-distance connection manner. When the relative position of the first electronic device and the second electronic device changes, for example, the electronic devices exceed the close-range connection range, the preset communication connection between the electronic devices is interrupted, so that the reliability of the signature process is ensured.

After the preset communication connection is established between the first electronic device and the second electronic device, the first electronic device sends the corresponding data to be signed to the second electronic device through the preset communication connection according to the signature indication information.

The data to be signed is data to be signed, which is fed back to the first electronic device by the service application system based on a service request initiated by the first electronic device.

And the second electronic equipment receives the data to be signed sent by the first electronic equipment, calls the local signature SDK to perform data interaction with the server, realizes signature processing of the data to be signed, and feeds back a signature result to the first electronic equipment through preset communication connection after the signature processing is completed.

The server in the embodiment of the present application may be a collaborative signature server, and the specific signature method applied may be a collaborative signature method. For example, the second electronic device stores a first key for signing the data to be signed, and the collaborative signing server stores a second key for signing the data to be signed. Wherein the first key corresponds to the second key one to one.

And the second electronic equipment calls the local signature SDK and uses the first secret key to perform signature operation on the data to be signed. And meanwhile, the second electronic equipment initiates a request of cooperative signature operation to the cooperative signature server, sends the data to be signed to the cooperative signature server, and the cooperative signature server carries out signature operation on the data to be signed by using a second secret key and returns a signature result to the second electronic equipment.

Further, the second electronic device synthesizes the signature result signed by the first key and the signature result signed by the second key to generate a final signature result, and returns the final signature result to the first electronic device through a preset communication connection to complete the signature processing of the data.

By applying the data signature method applied to the first electronic equipment, signature indication information is obtained, corresponding data to be signed is sent to the second electronic equipment through preset communication connection according to the signature indication information, and the second electronic equipment is instructed to sign the data to be signed; the preset communication connection is established in a manner that the first electronic device and the second electronic device are in close-range communication connection.

An embodiment of the present application provides a method for data signature, which is applied to a second electronic device, and as shown in fig. 4, the method includes:

in step S401, signature instruction information is acquired.

The first electronic device may be a PC terminal for initiating a relevant service request for a user, and the second electronic device may be a mobile communication intelligent terminal of the user, for example, an electronic device such as a mobile phone and a tablet computer. One first electronic device may correspond to one second electronic device, or may correspond to a plurality of second electronic devices.

The signature indication information may be information for confirming that the predetermined communication connection is normal. And the second electronic equipment acquires the signature indication information and confirms that the signature operation can be normally executed on the basis of normal preset communication connection. The signature indication information may be locally and actively acquired by the second electronic device, or may be acquired by the second electronic device and the first electronic device in a two-way manner through data interaction.

In an application scenario, the second electronic device actively acquires confirmation information that the preset communication connection is normal, that is, signature indication information, locally according to related information of the preset communication connection, for example, a name of the preset communication connection. In another application scenario, the second electronic device performs data interaction with the first electronic device, respectively confirms that the connection is normal from the ports at the two ends of the preset communication connection, and performs bidirectional feedback, thereby acquiring signature indication information.

Taking an example that one first electronic device corresponds to one second electronic device, a user signs data to be signed corresponding to a related service request initiated by the first electronic device through the second electronic device. Before that, the second electronic device acquires signature indication information confirming that the preset communication connection is normal.

It should be noted that, in the embodiment of the present application, a manner of acquiring the signature indication information by the second electronic device is not limited.

In a preferred embodiment of the present application, before the step S401 acquires the signature indication information, the method includes:

The data access request is a request of the second electronic device for requesting the secure data access with the first electronic device, and can also be understood as a request for establishing a preset communication connection. The first electronic device and the second electronic device realize the transmission of the data to be signed and the signature result based on the preset communication connection, so that the second electronic device sends a data access request to the first electronic device before acquiring the signature indication information, and establishes the preset communication connection under the condition of being in close-range communication connection with the first electronic device.

and acquiring identification information, and establishing a preset communication connection with the first electronic equipment through a second preset communication module according to the identification information.

(1) and generating connection related information of the electronic equipment, and taking charge of equipment discovery operation when the related electronic equipment is connected. For example, a first preset communication module on a first electronic device generates identification information, and according to the identification information, connection between the first electronic device and a second electronic device can be achieved, that is, a preset communication connection between the first electronic device and the second electronic device is established. The preset communication connection establishing mode may include a bluetooth connection, a local area network connection, an entity communication data line connection, and the like.

The method comprises the steps that a first preset communication module of first electronic equipment generates corresponding identification information, wherein the identification information comprises a first electronic equipment identification. The step of acquiring the identification information may include receiving the identification information sent by the first electronic device, or directly acquiring the identification information displayed by the first electronic device.

The second electronic device may directly receive the identification information sent by the first electronic device, and establish a preset communication connection according to the identification information.

In this embodiment of the application, the identification information may be two-dimensional code information. That is to say, the second electronic device may also acquire the identification information by scanning the two-dimensional code, and establish the preset communication connection according to the identification information.

Specifically, for example, in the first application scenario, before the second electronic device first acquires the signature indication information, the second electronic device first sends a data access request, and establishes a preset communication connection based on feedback performed by the first electronic device for the data access request. After the preset communication connection is established, the first electronic device sends the data to be signed corresponding to the signature indication information acquired for the first time to the second electronic device based on the preset communication connection, and the second electronic device is instructed to perform signature processing.

Further, when the second electronic device acquires the signature indication information again under the condition that the preset condition is met, the first electronic device directly feeds back corresponding data to be signed to the second electronic device based on the established preset communication connection without establishing the preset communication connection again.

Step S402, receiving data to be signed sent by the first electronic device through preset communication connection according to the signature indication information, and carrying out signature processing on the data to be signed; the data to be signed is data corresponding to the signature indication information; the preset communication connection is established in a manner that the first electronic device and the second electronic device are in close-range communication connection.

After the preset communication connection between the first electronic device and the second electronic device is established, the first electronic device and the second electronic device can perform secure transmission of the data to be signed and the signature result. The second electronic equipment receives the data to be signed sent by the first electronic equipment through the preset communication connection, and carries out signature processing on the data to be signed through the signature APP on the second electronic equipment.

The data to be signed is corresponding data to be signed sent by the first electronic device based on the signature indication information.

The first electronic device and the second electronic device can also be connected in a close range in a way of connecting through an entity communication data line, after the devices at two ends of the data line discover the devices, a first preset communication module on the first electronic device generates two-dimensional code information, the second electronic device scans the two-dimensional code to realize bidirectional identity authentication, and when the identity authentication passes, the preset communication connection between the first electronic device and the second electronic device is established based on the entity communication data line.

In a preferred embodiment of the present application, signing data to be signed includes:

The second electronic equipment is provided with a local signature APP and an SDK, and when the second electronic equipment receives the data to be signed of the first electronic equipment, signature processing is realized by using the APP to call the signature SDK. The signature processing comprises the cooperative signature processing of the second electronic equipment and the server.

The server in the embodiment of the present application may be a collaborative signature server, and the specific signature method applied may be a collaborative signature method. For example, the second electronic device initiates a collaborative signing request to the collaborative signing server, and accordingly, the collaborative signing server returns a corresponding signing result to the second electronic device, and the second electronic device returns the signing result to the first electronic device through a preset communication connection.

Specifically, the second electronic device stores a first key for signing the data to be signed, and the collaborative signing server stores a second key for signing the data to be signed. Wherein the first key corresponds to the second key one to one.

By applying the data signature method applied to the second electronic device, signature indication information is obtained, then data to be signed sent by the first electronic device is received through preset communication connection according to the signature indication information, and signature processing is carried out on the data to be signed; the data to be signed is data corresponding to the signature indication information; the preset communication connection is established in a manner that the first electronic device and the second electronic device are in close-range communication connection.

According to the embodiment of the application, a special safety data transmission channel is established between the electronic devices in a near field communication mode, namely, communication connection is preset, the data to be signed acquired by the first electronic device is transmitted to the second electronic device for signature processing, the problem that the security is low due to the fact that the signature SDK is installed on the first electronic device is avoided, the signature processing of the data to be signed is completed based on the signature SDK in the second electronic device, and the security and the normalization of data signatures are improved. Meanwhile, multiple safe transmission of the data to be signed and the signature result can be realized based on the preset communication connection, the data signature process is simplified, and high-reliability application processing of a business application system is facilitated.

An embodiment of the present application provides a data signature apparatus, which is applied to a first electronic device, and as shown in fig. 5, the data signature apparatus 50 may include:

a first obtaining module 501, configured to obtain signature indication information;

the indicating module 502 is configured to send the corresponding data to be signed to the second electronic device through a preset communication connection according to the signature indicating information, and instruct the second electronic device to perform signature processing on the data to be signed;

In one possible implementation, an apparatus includes:

In one possible implementation, the establishing module includes:

In one possible implementation, the close range communication connection includes a bluetooth connection, a local area network connection, and a physical communication data line connection.

The device for data signature applied to the first electronic equipment, provided by the embodiment of the application, is used for acquiring signature indication information, then sending the corresponding data to be signed to the second electronic equipment through the preset communication connection according to the signature indication information, and indicating the second electronic equipment to carry out signature processing on the data to be signed; the preset communication connection is established in a manner that the first electronic device and the second electronic device are in close-range communication connection.

According to the embodiment of the application, a special safety data transmission channel is established between the electronic devices in a near field communication mode, namely, communication connection is preset, the data to be signed acquired by the first electronic device is transmitted to the second electronic device for signature processing, and the problem that the safety is low due to the fact that a signature SDK is installed on the first electronic device is avoided. Meanwhile, multiple safe transmission of the data to be signed and the signature result can be realized based on the preset communication connection, the data signature process is simplified, and high-reliability application processing of a business application system is facilitated.

An embodiment of the present application provides a data signature apparatus, which is applied to a second electronic device, and as shown in fig. 6, the data signature apparatus 60 may include:

a second obtaining module 601, configured to obtain signature indication information;

the signature module 602 is configured to receive data to be signed sent by the first electronic device through a preset communication connection according to the signature indication information, and perform signature processing on the data to be signed; the data to be signed is data corresponding to the signature indication information; the preset communication connection is established in a manner that the first electronic device and the second electronic device are in close-range communication connection.

In one possible implementation, an apparatus includes:

In one possible implementation, the second establishing module includes:

and the second establishing submodule is used for acquiring the identification information and establishing the preset communication connection with the first electronic equipment through the second preset communication module according to the identification information.

In one possible implementation, the signature module includes:

The device for data signature applied to the second electronic equipment, provided by the embodiment of the application, is used for acquiring signature indication information, receiving data to be signed sent by the first electronic equipment through the preset communication connection according to the signature indication information, and carrying out signature processing on the data to be signed; the data to be signed is data corresponding to the signature indication information; the preset communication connection is established in a manner that the first electronic device and the second electronic device are in close-range communication connection.

The embodiment of the application provides an electronic device, which comprises a memory, a processor and a computer program stored on the memory, wherein the processor executes the computer program to realize the steps of the data signature method, and compared with the prior art, the method can realize the following steps: through the near field communication mode, establish dedicated safe data transmission passageway between electronic equipment, predetermine communication connection promptly, wait to sign data transmission that first electronic equipment obtained and carry out the signature processing for second electronic equipment, avoid installing signature SDK at first electronic equipment and cause the lower problem of security. Meanwhile, multiple safe transmission of the data to be signed and the signature result can be realized based on the preset communication connection, the data signature process is simplified, and high-reliability application processing of a business application system is facilitated.

In an alternative embodiment, an electronic device is provided, as shown in FIG. 7, where electronic device 7000 shown in FIG. 7 comprises: a processor 7001 and a memory 7003. Wherein the processor 7001 and the memory 7003 are coupled, such as via a bus 7002. Optionally, the electronic device 7000 may further include the transceiver 7004, and the transceiver 7004 may be used for data interaction between the electronic device and other electronic devices, such as transmission of data and/or reception of data. It should be noted that the transceiver 7004 is not limited to one in practical applications, and the structure of the electronic device 7000 does not constitute a limitation to the embodiments of the present application.

The Processor 7001 may be a CPU (Central Processing Unit), a general purpose Processor, a DSP (Digital Signal Processor), an ASIC (Application Specific Integrated Circuit), an FPGA (Field Programmable Gate Array) or other Programmable logic device, a transistor logic device, a hardware component, or any combination thereof. Which may implement or perform the various illustrative logical blocks, modules, and circuits described in connection with the disclosure. The processor 7001 may also be a combination implementing computing functionality, e.g., comprising one or more microprocessors, a combination of DSPs and microprocessors, or the like.

Bus 7002 may include a path to transfer information between the above components. The bus 7002 may be a PCI (Peripheral Component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus 7002 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in FIG. 7, but this is not intended to represent only one bus or type of bus.

The Memory 7003 may be a ROM (Read Only Memory) or other type of static storage device that can store static information and instructions, a RAM (Random Access Memory) or other type of dynamic storage device that can store information and instructions, an EEPROM (Electrically Erasable Programmable Read Only Memory), a CD-ROM (Compact Disc Read Only Memory) or other optical Disc storage, optical Disc storage (including Compact Disc, laser Disc, optical Disc, digital versatile Disc, blu-ray Disc, etc.), a magnetic Disc storage medium, other magnetic storage devices, or any other medium that can be used to carry or store a computer program and that can be Read by a computer, without limitation.

The memory 7003 is used for storing computer programs for executing the embodiments of the present application, and execution is controlled by the processor 7001. The processor 7001 is used to execute computer programs stored in the memory 7003 to implement the steps shown in the foregoing method embodiments.

Embodiments of the present application provide a computer-readable storage medium, on which a computer program is stored, and when being executed by a processor, the computer program may implement the steps and corresponding contents of the foregoing method embodiments.

It should be understood that, although each operation step is indicated by an arrow in the flowchart of the embodiment of the present application, the implementation order of the steps is not limited to the order indicated by the arrow. In some implementation scenarios of the embodiments of the present application, the implementation steps in the flowcharts may be performed in other sequences as desired, unless explicitly stated otherwise herein. In addition, some or all of the steps in each flowchart may include multiple sub-steps or multiple stages based on an actual implementation scenario. Some or all of these sub-steps or stages may be performed at the same time, or each of these sub-steps or stages may be performed at different times, respectively. In a scenario where execution times are different, an execution sequence of the sub-steps or the phases may be flexibly configured according to requirements, which is not limited in the embodiment of the present application.

The foregoing is only an optional implementation manner of a part of implementation scenarios in this application, and it should be noted that, for those skilled in the art, other similar implementation means based on the technical idea of this application are also within the protection scope of the embodiments of this application without departing from the technical idea of this application.

Claims

1. A data signature method is applied to first electronic equipment and is characterized by comprising the following steps:

acquiring signature indication information;

sending the corresponding data to be signed to second electronic equipment through preset communication connection according to the signature indication information, and indicating the second electronic equipment to sign the data to be signed;

2. The data signing method according to claim 1, wherein before said obtaining signature indication information, said method comprises:

and receiving a data access request of the second electronic equipment, and establishing the preset communication connection under the condition of being in close-range communication connection with the second electronic equipment.

3. The data signing method of claim 2, wherein said establishing said predetermined communication connection comprises:

and generating identification information through a first preset communication module, and indicating the second electronic equipment to establish the preset communication connection with the first electronic equipment according to the identification information.

4. A data signature method is applied to a second electronic device and is characterized by comprising the following steps:

acquiring signature indication information;

receiving data to be signed sent by the first electronic equipment through a preset communication connection according to the signature indication information, and carrying out signature processing on the data to be signed; the data to be signed is data corresponding to the signature indication information; the preset communication connection is established in a manner that the first electronic device and the second electronic device are in close-range communication connection.

5. The data signing method of claim 4, wherein before said obtaining signature indication information, the method comprises:

and sending a data access request to the first electronic equipment, and establishing the preset communication connection under the condition of being in close-range communication connection with the first electronic equipment.

6. The data signing method according to claim 4, wherein said signing the data to be signed comprises:

and calling a signature Software Development Kit (SDK) to indicate a server to sign the data to be signed.

7. A data signature device is applied to first electronic equipment, and is characterized by comprising:

the indication module is used for sending the corresponding data to be signed to the second electronic equipment through a preset communication connection according to the signature indication information and indicating the second electronic equipment to sign the data to be signed;

8. A data signature device is applied to a second electronic device, and is characterized by comprising:

the signature module is used for receiving the data to be signed sent by the first electronic equipment through a preset communication connection according to the signature indication information and carrying out signature processing on the data to be signed; the data to be signed is data corresponding to the signature indication information; the preset communication connection is established in a manner that the first electronic device and the second electronic device are in close-range communication connection.

9. An electronic device comprising a memory, a processor and a computer program stored on the memory, wherein the processor executes the computer program to implement the steps of the data signing method of any one of claims 1 to 6.

10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the data signing method according to any one of claims 1 to 6.