HK1232994B - Method and device for acquiring electronical prescription - Google Patents

Description

Method and device for obtaining electronic files

Technical Field

The present application relates to the field of information technology, and in particular to a method and device for obtaining electronic files.

Background Art

To strengthen the management of prescription drug distribution and ensure the safety and effectiveness of medication, prescription drugs must be sold based on a doctor's written prescription. China is gradually liberalizing online sales of prescription drugs to further reduce healthcare costs for both the government and the public and improve the convenience of drug procurement. Compared to paper prescriptions, electronic prescriptions offer standardized formats, comprehensive and clear content, and facilitate historical records for both doctors and patients. These electronic prescriptions are the foundation for the large-scale promotion of online sales of prescription drugs.

To protect the privacy of patients included in electronic prescriptions, private information such as the patient's name, medical record number, and address is hidden, deleted, or encrypted during the electronic prescription process. However, electronic prescriptions involve different user roles, such as doctors, patients, and pharmacies. Furthermore, doctors need to verify the patient's identity when verifying their previous medical records, and regulators need to verify their case reviews. Therefore, simply hiding or deleting a patient's identity information will result in the loss of critical patient information and the inability to trace their previous medical records.

Summary of the Invention

In view of this, the present application provides a new technical solution that can solve the technical problem that the existing technology cannot effectively protect the user's privacy information.

To achieve the above objectives, this application provides the following technical solutions:

According to a first aspect of the present application, a method for obtaining an electronic file is proposed, which is applied on a terminal device and includes:

Sending a first request message for obtaining an electronic file to the platform server, wherein the first request message carries a first identifier of an information providing server that provides the electronic file;

Receiving first prompt information returned by the platform server according to the first request message;

Determining first verification information for identity authentication according to the first prompt information, and sending the first verification information to the platform server;

After the platform server determines the information providing server based on the first identifier, and determines the user identifier registered by the user of the terminal device on the platform server based on the first login information of the user, and sends the first verification information and the user identifier to the information providing server, the platform server receives the electronic file from the information providing server forwarded by the platform server, and the private information in the electronic file is encrypted using the first encryption key of the information providing server.

According to a second aspect of the present application, a method for obtaining an electronic file is proposed, which is applied on a platform server and includes:

receiving a first request message for obtaining an electronic file from a terminal device, wherein the first request message carries a first identifier of an information providing server that provides the electronic file;

Returning first prompt information to the terminal device according to the first request message;

After the terminal device determines first verification information for identity authentication according to the first prompt information, receiving the first verification information from the terminal device;

Determining the information providing server according to the first identifier, and sending the first verification information and the user identifier of the user of the terminal device registered in the information providing server to the information providing server;

After the information providing server verifies the first verification information and determines the electronic file based on the user identifier, the electronic file is received from the information providing server and forwarded to the terminal device. The private information in the electronic file is encrypted using the first encryption key of the information providing server.

According to a third aspect of the present application, a method for obtaining an electronic file is proposed, which is applied on an information providing server, comprising:

Receiving first verification information from the platform server and a user identifier of a user of a terminal device registered on the information providing server;

Verifying the first verification information, and determining the electronic file according to the user identifier after the verification is passed;

encrypting the private information in the electronic file using a first encryption key of the information providing server;

The electronic file is sent to the platform server, so that the platform server forwards the electronic file to the terminal device.

According to a fourth aspect of the present application, a device for acquiring an electronic file is provided, which is applied to a terminal device and includes:

A first sending module is configured to send a first request message for obtaining an electronic file to the platform server, wherein the first request message carries a first identifier of an information providing server that provides the electronic file;

a first receiving module, configured to receive first prompt information returned from the platform server according to the first request message sent by the first sending module;

a first determining module, configured to determine first verification information for identity authentication according to the first prompt information received by the first receiving module, and send the first verification information to the platform server;

The second receiving module is used to determine the information providing server based on the first identifier on the platform server, and determine the user identifier registered by the user of the terminal device on the information providing server based on the first login information of the user on the platform server, and after sending the first verification information and the user identifier determined by the first determination module to the information providing server, receive the electronic file from the information providing server forwarded by the platform server, where the privacy information in the electronic file is encrypted with the first encryption key of the information providing server.

According to a fifth aspect of the present application, a device for obtaining an electronic file is provided, which is applied on a platform server and includes:

A ninth receiving module, configured to receive a first request message for obtaining an electronic file from a terminal device, wherein the first request message carries a first identifier of a server providing information of the electronic file;

a seventh sending module, configured to return first prompt information to the terminal device according to the first request message received by the ninth receiving module;

an eighth sending module, configured to receive the first verification information from the terminal device after the terminal device determines the first verification information for identity authentication according to the first prompt information sent by the seventh sending module;

a ninth sending module, configured to determine the information providing server according to the first identifier received by the ninth receiving module, and send the first verification information and the user identifier of the user of the terminal device registered in the information providing server to the information providing server;

A first forwarding module is used to receive the electronic file from the information providing server after the information providing server verifies the first verification information sent by the ninth sending module and determines the electronic file based on the user identifier, and forward the electronic file to the terminal device, wherein the private information in the electronic file is encrypted using the first encryption key of the information providing server.

According to a sixth aspect of the present application, a device for obtaining an electronic file is provided, which is applied to an information providing server and includes:

A sixteenth receiving module is configured to receive the first verification information from the platform server and the user identifier of the user of the terminal device registered on the information providing server;

a third verification module, configured to verify the first verification information received by the sixteenth receiving module, and determine the electronic file according to the user identifier after the verification is passed;

a third encryption module, configured to encrypt the private information in the electronic file using a first encryption key of the information providing server;

A fifteenth sending module is used to send the electronic file encrypted by the third encryption module to the platform server, so that the platform server forwards the electronic file to the terminal device.

It can be seen from the above technical solution that the present application encrypts and protects the privacy information in the electronic file by using the first encryption key. Since the platform server does not have the first encryption key of the information providing server, even if the electronic file is stolen on the platform server, the thief cannot obtain the user's true privacy information, and the administrator on the platform server side cannot obtain the user's true privacy information, thereby effectively protecting the user's privacy information from being leaked by the platform server and ensuring the user's privacy security.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG1 is a flow chart of a method for acquiring an electronic file according to a first exemplary embodiment;

FIG2 is a flow chart of a method for acquiring an electronic file according to a second exemplary embodiment;

FIG3 is a flowchart of a method for acquiring an electronic file according to a third exemplary embodiment;

FIG4 is a flowchart of a method for obtaining an electronic file according to a fourth exemplary embodiment;

FIG5 is a flowchart of a method for acquiring an electronic file according to yet another exemplary embodiment;

FIG6 is a flowchart of a method for acquiring an electronic file according to yet another exemplary embodiment 2;

FIG7 is a flowchart of a method for acquiring an electronic file according to yet another exemplary embodiment three;

FIG8 is a flowchart of a method for obtaining an electronic file according to yet another exemplary embodiment 4;

FIG9 is a flowchart of a method for acquiring an electronic file according to another exemplary embodiment;

FIG10 is a flowchart of a method for acquiring an electronic file according to another exemplary embodiment 2;

FIG11 is a flowchart of a method for obtaining an electronic file according to another exemplary embodiment three;

FIG12 is a flowchart of a method for obtaining an electronic file according to another exemplary embodiment 4;

FIG13 is a diagram showing one of the scenarios of a method for acquiring an electronic file according to an exemplary embodiment;

FIG14 is a second scene diagram of a method for obtaining an electronic file according to an exemplary embodiment;

FIG15 is a third scene diagram of a method for obtaining an electronic file according to an exemplary embodiment;

FIG16 is a fourth scene diagram of a method for obtaining an electronic file according to an exemplary embodiment;

FIG17 shows a structural diagram of a terminal device according to an exemplary embodiment of the present invention;

FIG18 shows a structural diagram of a platform server according to an exemplary embodiment of the present invention;

FIG19 shows a structural diagram of an information providing server according to an exemplary embodiment of the present invention;

FIG20 is a schematic structural diagram of an apparatus for acquiring an electronic file according to a first exemplary embodiment;

FIG21 is a schematic structural diagram of an apparatus for acquiring an electronic file according to a second exemplary embodiment;

FIG22 is a schematic structural diagram of an apparatus for acquiring an electronic file according to yet another exemplary embodiment;

FIG23 is a schematic structural diagram of an apparatus for acquiring an electronic file according to yet another exemplary embodiment 2;

FIG24 is a schematic structural diagram of an apparatus for acquiring an electronic file according to another exemplary embodiment 1;

FIG25 is a schematic structural diagram of an apparatus for acquiring an electronic file according to another exemplary embodiment 2.

DETAILED DESCRIPTION

Exemplary embodiments will be described in detail herein, with examples illustrated in the accompanying drawings. In the following description, when referring to the drawings, identical numerals in different figures represent identical or similar elements, unless otherwise indicated. The embodiments described in the following exemplary embodiments are not intended to represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.

The terms used in this application are for the purpose of describing specific embodiments only and are not intended to limit this application. As used in this application and the appended claims, the singular forms "a," "an," "the," and "the" are intended to include the plural forms, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.

It should be understood that although the terms first, second, third, etc. may be used in this application to describe various information, such information should not be limited to these terms. These terms are only used to distinguish information of the same type from each other. For example, without departing from the scope of this application, first information may also be referred to as second information, and similarly, second information may also be referred to as first information. Depending on the context, the word "if" as used herein may be interpreted as "at the time of" or "when" or "in response to determining".

This application encrypts and protects the privacy information in the electronic file using a first encryption key. Since the platform server does not have the first encryption key of the information providing server, even if the electronic file is stolen on the platform server, the thief cannot obtain the user's real privacy information, and the administrator on the platform server side cannot obtain the user's real privacy information, thereby effectively protecting the user's privacy information from being leaked by the platform server and ensuring the user's privacy security.

To further illustrate this application, the following examples are provided:

Please refer to FIG1 , which is a flowchart of a method for obtaining an electronic file according to an exemplary embodiment 1. This embodiment can be applied to a terminal device. In one embodiment, the terminal device can be a smart phone, a tablet computer, a personal computer, etc., and can communicate with the platform server and the information providing server through an application or a browser on the terminal device. As shown in FIG1 , the method includes the following steps:

Step 101: Send a first request message for obtaining an electronic file to a platform server. The first request message carries a first identifier of an information providing server that provides the electronic file.

Step 102: Receive first prompt information returned from the platform server according to the first request message.

Step 103: Determine first verification information for identity authentication according to the first prompt information, and send the first verification information to the platform server.

In step 104, after the platform server determines the information providing server based on the first identifier and determines the user identifier registered by the user on the information providing server based on the first login information of the user of the terminal device on the platform server, and sends the first verification information and the user identifier to the information providing server, the platform server receives the electronic file from the information providing server forwarded by the platform server, and the private information in the electronic file is encrypted using the first encryption key of the information providing server.

In the above step 101, in one embodiment, the platform server can serve as a network platform connecting the terminal device and the information provision server, and can be provided by an e-commerce platform. Different terminal devices and different information provision servers can transmit electronic files through the platform server. In one embodiment, the electronic file can be an electronic prescription, the information provision server can be a hospital information system (HIS) located on the hospital side, and the platform server can be an electronic prescription platform (EPP) located on the network side. In another embodiment, the electronic file can also be a user's social security file on the terminal device side, the information provision server can be a social security service system on the social security center side, and the platform server can be a social security information platform located on the network side. In yet another embodiment, the electronic file can also be a user's housing provident fund bill on the terminal device side, the information provision server can be a provident fund service system on the housing provident fund management center side, and the platform server can be a provident fund information platform located on the network side. Therefore, it can be seen that this application does not limit the specific content of the electronic file. As long as it is an electronic file that needs to be encrypted and protected by this application, it is an electronic file in this application. This embodiment is illustrative using an electronic document specifically being an electronic prescription. In one embodiment, the first request message may carry a first identifier, where the first identifier is the hospital code HIS_ID corresponding to the user of the terminal device in the HIS. If the first request message does not carry the prescription number P_ID of the electronic prescription (the second identifier in this application), the HIS may determine that the user needs the latest electronic prescription based on the opening time of the electronic prescription. If the second identifier is carried, the HIS may provide the user with the electronic prescription corresponding to the second identifier.

In the above steps 102 and 103, in one embodiment, the first verification information can be generated by encrypting the first original verification information input by the user on the terminal device using the first encryption key. The first original verification information can be, for example, the user's ID number or the last four digits of the ID number, the user's name, etc. In one embodiment, the first original verification information input by the user on the terminal device and the first encryption key of the information providing server can be determined based on the first prompt information. The first original verification information is encrypted using the first encryption key to obtain the first verification information for identity authentication. The first verification information is encrypted using the first encryption key of the information providing server, so that the platform server cannot obtain the user's original verification information. For example, if the first verification information to be determined according to the first prompt information is the user's ID number, after the ID number is encrypted using the first encryption key and sent to the platform server, the platform server cannot obtain the user's real ID number, thereby ensuring that the user's real verification information is kept confidential on the platform server.

In step 104, in one embodiment, the private information in the electronic file may be, for example, the user's name, ID number, mobile phone number, home address, etc. The private information is encrypted using a first encryption key, thereby preventing the platform server from accessing the user's private information in the electronic file. In one embodiment, if the information providing server uses a symmetric encryption algorithm, the first encryption key on the information providing server may be the same as the first decryption key on the information providing server. Symmetric encryption algorithms may include DES (Data Encryption Standard), 3DES (Triple DES), AES (Advanced Encryption Standard), etc. If the information providing server uses an asymmetric encryption algorithm, the first encryption key may be the public key of the information providing server, and the first decryption key of the information providing server may be the private key of the information providing server. In one embodiment, the asymmetric encryption algorithm used by the information providing server may include RSA (Rivest Shamir Adleman), Elgamal, Knapsack algorithm, Rabin, D-H (Diffie-Hellman), elliptic curve cryptography (ECC), etc.

In this embodiment, the privacy information in the electronic file is encrypted and protected by the first encryption key. Since the platform server does not have the first encryption key of the information providing server, even if the electronic file is stolen on the platform server, the thief cannot obtain the user's real privacy information, and the administrator on the platform server side cannot obtain the user's real privacy information, thereby effectively protecting the user's privacy information from being leaked by the platform server and ensuring the user's privacy security.

Please refer to FIG2 , which is a flowchart of a method for obtaining an electronic file according to a second exemplary embodiment. This embodiment is described by taking an example where a user needs to log in to a platform server through a terminal device, and includes the following steps:

Step 201: When the user has not logged into the platform server, determine the user's first login information and log into the platform server using the first login information.

Step 202: Receive a first verification code from the information providing server via the first mobile phone number. The first verification code is sent by the platform server to the information providing server according to the second mobile phone number. The second mobile phone number is obtained by encrypting the first mobile phone number with the first encryption key.

Step 203: Send the first verification code to the platform server.

Step 204: After the platform server verifies the first verification code and the second verification code from the information providing server, it is determined that the user login is successful, and a first response message indicating successful login is received from the platform server.

In the above step 201, in one embodiment, the first login information may include the user's login name and login password on the platform server, wherein the login name may be the user's real first mobile phone number. The user's real first mobile phone number is encrypted by the first encryption key to generate the first login information. The user logs in to the platform server using the encrypted mobile phone number, thereby ensuring that the platform server cannot obtain the user's real mobile phone number.

In the above steps 202 and 203, in one embodiment, after the user logs in to the platform server using the first login information, the second mobile phone number encrypted with the first encryption key provided by the user when registering on the platform server can be determined based on the first login information. In another embodiment, if the login name in the first login information is the second mobile phone number, the second mobile phone number can be determined using the login name in the first login information. As a result, the platform server can request the information provider server to send a first verification code to the terminal device corresponding to the second mobile phone number. After receiving the second mobile phone number, the information provider server decrypts the second mobile phone number using the first decryption key of the information provider server to obtain the original first mobile phone number registered by the user on the information provider server, and then sends the first verification code to the terminal device using the first mobile phone number. In one embodiment, the first verification code can be a text message verification code.

In step 204, in one embodiment, the information providing server may send a second verification code to the platform server when sending the first verification code to the terminal device. The terminal device then sends the first verification code to the platform server. Therefore, when the platform server verifies the first verification code, it can compare the first and second verification codes to see if they are identical. If they are identical, verification is successful, confirming that the user has logged in successfully.

In this embodiment, when a user needs to log in to the platform server, the user's real login information is encrypted by the first encryption key, and the user logs in to the platform server through the encrypted first login information. When the data on the platform server is leaked, the first login information stolen from the platform server by the thief is encrypted data, so the thief cannot obtain the user's original login information, nor can he log in to the platform server through the login information obtained from the platform server, thereby effectively preventing the thief from illegally logging in to the platform server through the login information stolen on the platform server, thereby ensuring the security of the user's login information.

Please refer to FIG3 , which is a flowchart of a method for obtaining an electronic file according to a third exemplary embodiment. This embodiment is illustrative in the example of a user needing to bind the user's first login information on the platform server with the user identifier generated by the user on the information providing server. As shown in FIG3 , the method includes the following steps:

Step 301: When the first login information of the user on the platform server is not bound to the user identifier, an association request is sent to the platform server, where the association request carries the first identifier of the information providing server.

Step 302: Receive second prompt information returned from the platform server according to the association request.

Step 303: Determine the second original verification information input by the user on the terminal device according to the second prompt information.

In step 304, the second original verification information is encrypted according to the first encryption key to obtain second verification information for identity authentication, and the second verification information is sent to the platform server. The platform server forwards the binding request and the second verification information to the information providing server, so that the information providing server can decrypt the second verification information according to the first decryption key corresponding to the first encryption key, determine the user ID of the user on the information providing server based on the decrypted second verification information, and return the user ID to the platform server so that the platform server can establish a binding relationship between the first login information and the user ID.

In one embodiment, the user identifier can be a unique identifier of the user on the information providing server. The user identifier does not contain the user's privacy information and can be used as an index when the platform server initiates a request for an electronic prescription to the information providing server, avoiding the information providing server having to decrypt the second mobile phone number from the platform server to obtain the first mobile phone number every time, and then use the first mobile phone number as an index to search for the corresponding electronic file.

This embodiment is explained by taking the platform server as EPP and the information providing server as HIS as an example. The terminal device logs in to EPP through the second mobile phone number, wherein the second mobile phone number is the original first mobile phone number encrypted by the first encryption key of the HIS information providing server; the terminal device sends an association request to EPP, which carries HIS_ID. After the user of the terminal device enters the ID number according to the prompt of EPP, the ID number is encrypted by the first encryption key to obtain the second verification information; EPP sends the second mobile phone number, the second verification information, and the second encryption key of EPP to HIS, requesting HIS to verify the second verification information; after the HIS verifies the second verification information, it returns the user identification to EPP; EPP stores the second verification information and the association relationship between the second mobile phone number and the user identification. In one embodiment, HIS can generate a user identification based on the first mobile phone number.

In this embodiment, the information providing server assists the platform server in implementing secondary identity authentication by verifying the second verification information from the platform server; on the platform server, since the second verification information is generated by encrypting the second original verification information with the first encryption key of the information providing server, the platform server cannot obtain the real verification information of the user of the terminal device, thereby preventing eavesdroppers from stealing the verification information of the user of the terminal device and avoiding illegal users from binding the first login information of the legitimate user on the platform server and the user identification of the user on the information providing server to the platform server through illegal association requests.

Please refer to FIG4 , which is a flowchart of a method for obtaining an electronic file according to a fourth exemplary embodiment. This embodiment is described by taking a user registering on a platform server and an information providing server as an example. As shown in FIG4 , the method includes the following steps:

Step 401: Send a second request message for obtaining a second encryption key of the platform server to the platform server.

Step 402: Receive a second encryption key returned by the platform server according to the second request message.

Step 403: When the user is not registered on the platform server and the information providing server, the first registration information that the user of the terminal device needs to register on the information providing server is encrypted using the second encryption key of the platform server.

Step 404: After the user logs in to the information providing server using the first mobile phone number, the first registration information encrypted using the second encryption key is sent to the information providing server.

Step 405: After the information providing server generates a user identifier based on the first mobile phone number, it receives a first encryption key, a first response message of successful registration, and a second mobile phone number from the information providing server. The second mobile phone number is generated by encrypting the first mobile phone number with the first encryption key.

Step 406: Register with the platform server using the second mobile phone number.

Step 407: After the platform server registers the second mobile phone number, a second response message indicating successful registration is received from the platform server.

In step 402, in one embodiment, if the platform server uses a symmetric encryption algorithm, the second encryption key on the platform server can be the same as the second decryption key on the platform server. In one embodiment, the symmetric encryption algorithm can be DES (Data Encryption Standard), 3DES (Triple DES), AES (Advanced Encryption Standard), etc. In another embodiment, if the platform server uses an asymmetric encryption algorithm, the second encryption key can be the public key of the platform server, and the second decryption key of the platform server can be the private key of the platform server. In one embodiment, the asymmetric encryption algorithm used by the platform server can be RSA (Rivest Shamir Adleman), Elgamal, Knapsack algorithm, Rabin, D-H (Diffie-Hellman), Elliptic Curve Cryptography (ECC), etc. In one embodiment, when the platform server needs to send the second encryption key to the information provision server, the public key of the asymmetric encryption algorithm can be used as the second encryption key. The transmission of the symmetric key can be carried out through a secure transmission channel, or the symmetric key can be encrypted before transmission to ensure the security of the symmetric key.

In step 404, the terminal device can send the second mobile phone number to the platform server and receive a third verification code returned by the information provision server. The third verification code can be sent to the terminal device by the platform server upon request from the information provision server based on the second mobile phone number. The terminal device sends the third verification code to the platform server. After the platform server compares the third verification code with the fourth verification code returned by the information provision server to confirm that the verification is successful, the terminal device receives a second response message from the platform server indicating successful registration. Because the information provision server can decrypt the second mobile phone number using its first decryption key and assist the platform server in sending the SMS verification code, secondary verification of the user is achieved.

In this embodiment, after the platform server obtains the second mobile phone number encrypted by the first encryption key of the information providing server, it cannot decrypt the second mobile phone number to obtain the real first mobile phone number because it does not have the corresponding decryption key. Therefore, even if the second mobile phone number is stolen on the platform server, the thief cannot decrypt the second mobile phone number because he does not have the first decryption key of the information providing server; at the same time, the private data registered by the user on the information providing server is encrypted by the second encryption key of the platform server, so the information providing server cannot decrypt the data stored on the platform server. Since it is very difficult for a thief to break into the platform server and the information providing server at the same time, this application can greatly improve the security protection level of the platform server and the information providing server.

Please refer to FIG5 , which is a flowchart of a method for obtaining an electronic file according to yet another exemplary embodiment. This embodiment can be applied on a platform server. In one embodiment, the platform server can be a service of an e-commerce platform. As shown in FIG5 , the method includes the following steps:

Step 501: Receive a first request message for obtaining an electronic file from a terminal device, where the first request message carries a first identifier of an information providing server that provides the electronic file.

Step 502: Return first prompt information to the terminal device according to the first request message.

Step 503: After the terminal device determines the first verification information for identity authentication according to the first prompt information, the first verification information is received from the terminal device.

Step 504: Determine the information providing server according to the first identifier, and send the first verification information and the user identifier of the user of the terminal device registered in the information providing server to the information providing server.

Step 505: After the information providing server verifies the first verification information and determines the electronic file according to the user identifier, the electronic file is received from the information providing server and forwarded to the terminal device. The private information in the electronic file is encrypted using the first encryption key of the information providing server.

In the above step 501, for the description of the first request message and the electronic file, please refer to the relevant description of the above step 101, which will not be described in detail here.

In the above steps 502 and 503 , the relevant descriptions of the first verification information and the first original verification information can be found in the relevant descriptions of the above steps 102 and 103 , which will not be described in detail here.

In the above step 504, in one embodiment, the platform server can act as an intermediary platform to provide electronic file forwarding and user identity authentication for different terminal devices and different information providing servers. After the platform server parses the first identifier from the first request message, it determines the corresponding information providing server based on the first identifier; by sending the first verification information and the user identifier of the user of the terminal device registered on the information providing server to the information providing server, the information providing server can verify the first verification information, and after the verification is passed, determine the electronic file that the user needs to view based on the user identifier.

In the above step 505, the description of the privacy information in the electronic file can be found in the relevant description of the above step 104, which will not be described in detail here.

In this embodiment, after the platform server receives the first verification information and the first request message from the terminal device, it determines the information providing server based on the first identifier, and sends the first verification information and the user identifier to the information providing server so that the information providing server can determine the electronic file corresponding to the user identifier. The private information in the electronic file is encrypted and protected by the first encryption key of the information providing server. Since the platform server does not have the first decryption key of the information providing server, even if the electronic file is stolen on the platform server side, the thief cannot obtain the user's true private information through the electronic file, and the administrator on the platform server side cannot obtain the user's true private information through the electronic file, thereby effectively protecting the user's private information from being leaked by the platform server and ensuring the user's privacy security.

Please refer to FIG6 , which is a flowchart of a method for obtaining an electronic file according to another exemplary embodiment 2. This embodiment is described by taking an example where a user needs to log in to a platform server through a terminal device. As shown in FIG6 , the method includes the following steps:

Step 601: When the user has not logged into the platform server, determine the first login information of the user on the platform server.

Step 602: The second mobile phone number registered by the user of the terminal device on the platform server is used to instruct the information providing server to send a first verification code to the terminal device. The second mobile phone number is obtained by encrypting the first mobile phone number with the first encryption key. The first mobile phone number is the mobile phone number registered by the user on the information providing server.

In step 603, the information providing server decrypts the second mobile phone number using the first decryption key of the information providing server to obtain the first mobile phone number, instructs the terminal device to send the first verification code through the first mobile phone number, and then receives the first verification code from the terminal device and the second verification code from the information providing server.

Step 604: Verify the first verification code and the second verification code, and determine that the user login is successful after the verification is successful.

Step 605: Return a first response message indicating successful login to the terminal device.

In the above step 601, the description of the first login information can refer to the relevant description of the above step 201, which will not be described in detail here.

In the above steps 602 to 604, the information providing server can send a second verification code to the platform server when sending the first verification code to the terminal device. Therefore, when the platform server verifies the first verification code, it can compare whether the contents of the first verification code and the second verification code are the same. If they are the same, the verification is passed, and it is determined that the user login is successful.

In this embodiment, when a user needs to log in to the platform server, since the user logs in to the platform server through the encrypted first login information, when the data on the platform server is leaked, the first login information stolen by the thief from the platform server is encrypted data, and therefore the thief cannot log in to the platform server through the login information obtained from the platform server, thereby effectively preventing the thief from illegally logging into the platform server through the login information stolen on the platform server, ensuring the security of the user's login information; by comparing the first verification code and the second verification code, the user is subjected to secondary identity authentication, thereby improving the security of the user in the process of logging in to the platform server.

Please refer to FIG7 , which is a flowchart of a method for obtaining an electronic file according to yet another exemplary embodiment 3. This embodiment is illustrative in an example where a user needs to bind the user's first login information on the platform server with a user identifier generated by the user on the information providing server. As shown in FIG7 , the method includes the following steps:

Step 701: When the first login information of the user on the platform server and the user identifier registered by the user on the information providing server are not bound, an association request is received from a terminal device, where the association request carries the first identifier.

Step 702: Return second prompt information to the terminal device according to the association request.

Step 703: The terminal device determines second verification information for identity authentication according to the second prompt information, and receives the second verification information returned from the terminal device according to the second prompt information, where the second verification information is encrypted using the first encryption key.

Step 704: forward the binding request and the second verification information encrypted with the first encryption key to the information providing server, so that the information providing server can decrypt the second verification information encrypted with the first encryption key and determine the user ID registered by the user in the information providing server based on the decrypted second verification information.

Step 705: Receive the user identification returned from the information providing server, and establish a binding relationship between the first login information and the user identification.

This embodiment is explained by taking the platform server as EPP and the information providing server as HIS as an example. The terminal device logs in to the EPP through the second mobile phone number, wherein the second mobile phone number is the original first mobile phone number encrypted by the first encryption key of the HIS information providing server; the EPP receives an association request from the terminal device, which carries the HIS_ID. After receiving the second verification information from the terminal device, the EPP sends the second mobile phone number, the second verification information, and the second encryption key of the EPP to the HIS, requesting the HIS to verify the second verification information; after the HIS verifies the second verification information, it returns the user identification to the EPP; the EPP stores the second verification information and the association relationship between the second mobile phone number and the user identification. In one embodiment, the HIS can generate a user identification through the first mobile phone number.

In this embodiment, the information providing server assists the platform server in implementing secondary identity authentication by verifying the second verification information from the platform server; on the platform server, since the second verification information is generated by encrypting the second original verification information with the first encryption key of the information providing server, the platform server cannot obtain the real verification information of the user of the terminal device, thereby preventing eavesdroppers from stealing the verification information of the user of the terminal device and avoiding illegal users from binding the first login information of the legitimate user on the platform server and the user identification of the user on the information providing server to the platform server through illegal association requests.

FIG8 is a flowchart of a method for obtaining an electronic file according to yet another exemplary embodiment 4. This embodiment is described by taking a user registering on a platform server and an information providing server as an example. As shown in FIG8 , the method includes the following steps:

Step 801: Receive a second request message from a terminal device for obtaining a second encryption key of a platform server.

Step 802: Return a second encryption key to the terminal device according to the second request message.

Step 803: When the user is not registered on the platform server, register using the second registration information from the terminal device.

Step 804: Obtain a third verification code from the information providing server according to the second registration information, and instruct the information providing server to send a fourth verification code to the first mobile phone number corresponding to the second mobile phone number.

Step 805: Receive a fourth verification code from the terminal device.

Step 806: Verify the third verification code and the fourth verification code.

Step 807: After the platform server verifies the third verification code and the fourth verification code, it returns a second response message indicating successful registration to the terminal device.

In this embodiment, after the platform server obtains the second mobile phone number encrypted by the first encryption key of the information providing server, it cannot decrypt the second mobile phone number to obtain the real first mobile phone number because it does not have the corresponding decryption key. Therefore, even if the second mobile phone number is stolen on the platform server, the thief cannot decrypt the second mobile phone number because he does not have the first decryption key of the information providing server; at the same time, the private data registered by the user on the information providing server is encrypted by the second encryption key of the platform server, so the information providing server cannot decrypt the data stored on the platform server. Since it is very difficult for a thief to break into the platform server and the information providing server at the same time, this application can greatly improve the security protection level of the platform server and the information providing server.

Please refer to FIG9 , which is a flowchart of a method for obtaining an electronic file according to another exemplary embodiment. This embodiment can be applied to an information providing server. In one embodiment, the information providing server can be a server in a hospital system. The information providing server can provide an electronic prescription to a user of a terminal device. As shown in FIG9 , the method includes the following steps:

Step 901: Receive first verification information from the platform server and a user ID of a user of a terminal device registered on an information providing server.

Step 902: Verify the first verification information, and determine the electronic file according to the user identification after the verification is passed.

Step 903: Encrypt the private information in the electronic file using the first encryption key of the information providing server.

Step 904: Send the electronic file to the platform server so that the platform server can forward the electronic file to the terminal device.

In the above step 902, the information providing server can decrypt the first verification information using the first decryption key of the information providing server, and encrypt the decrypted first verification information using the second encryption key of the platform server to obtain a first encrypted string; determine the second encrypted string generated when the user registers on the information providing server, and the second encrypted string is generated by encrypting the first verification information using the second encryption key of the platform server; determine whether the first encrypted string and the second encrypted string are the same, and if they are the same, the verification of the first verification information is passed.

In this embodiment, after the information providing server verifies the first verification information from the platform server and the verification is passed, it determines the electronic file based on the user identification from the platform server and encrypts the private information of the electronic file using the first encryption key. Since the platform server does not have the first encryption key of the information providing server, even if the electronic file is stolen on the platform server side, the thief cannot obtain the user's true private information through the electronic file, and the administrator on the platform server side cannot obtain the user's true private information through the electronic file, thereby effectively protecting the user's private information from being leaked by the platform server and ensuring the user's privacy security.

Please refer to FIG10 , which is a flowchart of a method for obtaining an electronic file according to another exemplary embodiment 2. This embodiment is described by taking an example where a user needs to log in to a platform server through a terminal device. As shown in FIG10 , the method includes the following steps:

Step 1001, when the user is not logged in to the platform server, receives an instruction message from the platform server to instruct the information providing server to send a first verification code to the second mobile phone number registered by the user on the platform server, wherein the second mobile phone number is obtained by encrypting the first mobile phone number with a first encryption key, and the first mobile phone number is the mobile phone number registered by the user on the information providing server.

Step 1002: Decrypt the second mobile phone number using the first decryption key according to the instruction message to obtain the first mobile phone number.

Step 1003: Send a first verification code to the terminal device via the first mobile phone number and return a second verification code to the platform server, so that the platform server can perform login verification on the user according to the first verification code and the second verification code.

In this embodiment, when the user needs to log in to the platform server, the information providing server decrypts the second mobile phone number using the first decryption key according to the instruction message from the platform server, obtains the first mobile phone number, and sends the first verification code to the terminal device through the first mobile phone number and returns the second verification code to the platform server, thereby assisting the platform server in performing secondary identity authentication for the user, thereby improving the security of the user in the process of logging into the platform server.

Please refer to FIG11, which is a flowchart of a method for obtaining an electronic file according to another exemplary embodiment 3. This embodiment is illustrative in an example where a user needs to bind the user's first login information on the platform server with a user identifier generated by the user on the information providing server. As shown in FIG11, the method includes the following steps:

Step 1101: When the first login information of the user on the platform server is not bound to the user identification, second verification information and a second encryption key of the platform server are received from the platform server, and the second verification information is encrypted using the first encryption key.

Step 1102: decrypt the second verification information using the first decryption key of the information providing server, and encrypt the decrypted second original verification information using the second encryption key to obtain a third encrypted character string.

Step 1103 : Determine a fourth encrypted string generated when the user registers on the information providing server, where the fourth encrypted string is generated by encrypting the second original verification information using the second encryption key of the platform server.

Step 1104: Determine whether the third encrypted string and the fourth encrypted string are the same.

Step 1105: If they are the same, the user ID of the user of the terminal device registered on the information providing server is returned to the platform server so that the platform server can establish a binding relationship between the first login information and the user ID.

As an exemplary scenario, the second verification information received by the information providing server from the platform server is the string "AAAA&&&" and the second encryption key "121212" of the platform server. Since "AAAA&&&" is encrypted with the first encryption key, the information providing server uses its first decryption key to decrypt "AAAA&&&" to generate the real verification information "BBBB&&&", and encrypts "BBBB&&&" with the second encryption key "121212" to obtain the third encrypted string "CCCC&&&", and determines the fourth encrypted string "DDDD&&&" generated when the user registers on the information providing server. The fourth encrypted string is generated by encrypting the second verification information AAAA&&& with the second encryption key "121212" of the platform server. It can be seen that the third encrypted string "CCCC&&&" and the fourth encrypted string "DDDD&&&" should be strings with the same content. If they are different, it means that the user's association request is illegal or an illegal user requests association.

In this embodiment, the information providing server verifies the second verification information from the platform server by using an encrypted string, thereby assisting the platform server in achieving secondary identity authentication; on the platform server, since the second verification information is generated by encrypting the second original verification information with the first encryption key of the information providing server, the platform server cannot obtain the true verification information of the user of the terminal device, and the fourth encrypted string is generated by encrypting the second verification information using the second encryption key of the platform server. Therefore, the information providing server side can only obtain the true verification information when verifying the user, thereby preventing eavesdroppers from stealing the verification information of the user of the terminal device on the platform server and the information providing server, and avoiding illegal users from binding the first login information of the legitimate user on the platform server and the user identification of the user on the information providing server to the platform server through illegal association requests.

Please refer to FIG12, which is a flowchart of a method for obtaining an electronic file according to another exemplary embodiment 4. This embodiment is described by taking the user registering on the platform server and the information providing server as an example. As shown in FIG12, the method includes the following steps:

Step 1201: When the user is not registered on the information providing server, the user registers using the first registration information from the terminal device.

Step 1202: After the user logs in to the information providing server using the first mobile phone number, the first mobile phone number is encrypted using the first encryption key to obtain a second mobile phone number.

Step 1203: Send the second mobile phone number to the terminal device so that the terminal device can register on the platform server using the second mobile phone number.

Step 1204: Generate a user ID based on the first mobile phone number.

Step 1205: Receive a second mobile phone number from the platform server.

Step 1206: Decrypt the second mobile phone number using the first decryption key to obtain the first mobile phone number.

Step 1207: Return a third verification code to the terminal device via the first mobile phone number. The third verification code is sent by the platform server to the terminal device according to the second registration information request information providing server.

Step 1208: Return the fourth verification code to the platform server, so that the platform server can compare the third verification code with the fourth verification code to determine whether the verification is successful.

In this embodiment, after the platform server obtains the second mobile phone number encrypted by the first encryption key of the information providing server, it cannot decrypt the second mobile phone number to obtain the real first mobile phone number because it does not have the corresponding decryption key. Therefore, even if the second mobile phone number is stolen on the platform server, the thief cannot decrypt the second mobile phone number because he does not have the first decryption key of the information providing server; at the same time, the private data registered by the user on the information providing server is encrypted by the second encryption key of the platform server, so the information providing server cannot decrypt the data stored on the platform server. Since it is very difficult for a thief to break into the platform server and the information providing server at the same time, this application can greatly improve the security protection level of the platform server and the information providing server.

Please refer to FIG13, which is one of the scenario diagrams of a method for obtaining an electronic file according to an exemplary embodiment. This embodiment takes an electronic prescription as the electronic file, an EPP as the platform server, and a HIS as the information providing server as an example to describe how a user obtains an electronic prescription from the HIS. Both the HIS and the EPP use an asymmetric encryption algorithm. Accordingly, the public key on the HIS side is the first encryption key, the private key is the first decryption key, the public key on the EPP side is the second encryption key, and the private key is the second decryption key. As shown in FIG13, the following steps are included:

Step 1301: The patient logs in to the EPP through the terminal device using the login name and password encrypted by the HIS public key. The patient can log in by pattern or by entering the login name and password.

Step 1302: EPP returns a first response message indicating successful login to the terminal device.

In step 1303, the terminal device sends a first request message for obtaining an electronic prescription to the EPP, requesting to view the electronic prescription of the patient in the designated hospital. The first request message carries the hospital identifier HIS_ID (also referred to as the first identifier).

Step 1304: The EPP returns a first prompt message to the terminal device according to the first request message, prompting the user to enter first verification information.

In step 1305, the terminal device determines the first original verification information input by the user in the terminal device and the first encryption key of the information providing server according to the first prompt information, encrypts the first original verification information according to the first encryption key, and obtains the first verification information for identity authentication.

Step 1306: Send first verification information to EPP.

Step 1307, EPP finds the patient's user ID (PatientID) in the designated hospital through the patient's login name, and sends the user ID, the second mobile phone number, the first verification information, and the EPP's second encryption key to the HIS.

Step 1308: The HIS decrypts the second mobile phone number using its first decryption key to obtain the first mobile phone number, and searches for the patient's user ID in the HIS using the first mobile phone number.

Step 1309 : The HIS decrypts the first verification information using the first decryption key of the HIS, and encrypts the decrypted first verification information using the second encryption key of the EPP to obtain a first encrypted string.

In step 1310, the HIS determines the second encrypted string generated when the patient registers with the HIS. The second encrypted string is generated by encrypting the first verification information using the second encryption key of the EPP. The first encrypted string and the second encrypted string are compared to see if they are the same. If they are the same, the verification of the first verification information is successful.

In step 1311, the HIS determines the electronic prescription, encrypts the private information in the electronic prescription using a first encryption key, and sends the encrypted electronic prescription to the EPP.

In step 1312, the EPP returns the electronic prescription to the terminal device.

In this embodiment, since the electronic prescriptions that patients need to view include their medical records, prescriptions, and medication instructions, de-encrypting the private information in the electronic prescriptions using the HIS's first encryption key does not affect the patient's user experience. Because the HIS only encrypts the private information in the electronic prescriptions using the first encryption key, while leaving non-private information unencrypted, the computational complexity on the HIS side is reduced.

Please refer to FIG. 14 , which is a second scenario diagram of a method for obtaining an electronic file according to an exemplary embodiment. This embodiment takes an electronic prescription as the electronic file, an EPP as the platform server, and an HIS as the information providing server as an example to describe how a user logs in to the EPP using a second mobile phone number. As shown in FIG. 14 , the method includes the following steps:

Step 1401: When a patient initiates a login request to the EPP through a terminal device, the terminal device encrypts the user's real first mobile phone number using the first encryption key of the HIS to obtain a second mobile phone number, and logs in through the second mobile phone number.

Step 1402: The EPP requests the HIS to send a first verification code to the terminal device based on the second mobile phone number.

In step 1403, the HIS decrypts the second mobile phone number based on the second mobile phone number using the first decryption key corresponding to the second mobile phone number to obtain the first mobile phone number, and sends the first verification code to the terminal device via the first mobile phone number.

Step 1404: The HIS returns a second verification code to the EPP.

Step 1405: The EPP receives a first verification code from the terminal device.

In step 1406, the EPP compares the first verification code and the second verification code. When determining that the two are the same, it is determined that the patient has successfully logged in, and a first response message indicating successful login is returned to the terminal device.

In this embodiment, when a user needs to log in to the EPP, the user's real login information is encrypted using the first encryption key, and the user logs in to the platform server using the encrypted first login information. When the data on the platform server is leaked, the first login information stolen from the platform server by the thief is encrypted data, so the thief cannot log in to the platform server using the login information obtained from the platform server, thereby effectively preventing the thief from illegally logging in to the platform server using the login information stolen from the platform server, ensuring the security of the user's login information. The HIS decrypts the second mobile phone number using its first decryption key to obtain the first mobile phone number, and sends the first verification code and the second verification code to the terminal device and EPP respectively, thereby assisting the EPP in completing the secondary identity authentication.

Please refer to FIG15 , which is a third scenario diagram of a method for obtaining an electronic file according to an exemplary embodiment. This embodiment takes an electronic prescription as the electronic file, an EPP as the platform server, and a HIS as the information providing server as an example to describe how to bind the user's login name in the first login information of the EPP with the user's user ID in the HIS. As shown in FIG15 , the method includes the following steps:

Step 1501: The terminal application uses the second mobile phone number (that is, the original first mobile phone number encrypted using the first decryption key of the HIS) and the login password to log in to the EPP.

Step 1502: EPP returns a first response message indicating successful login to the terminal device.

Step 1503: The terminal device sends an association request to the EPP, where the association request carries a hospital identifier.

Step 1504: The EPP returns second prompt information to the terminal device to prompt the user to enter second original verification information through the terminal device.

In step 1505, the user enters second original verification information (eg, ID number) according to the second prompt information, and encrypts the second original verification information using the first encryption key of the HIS to generate second verification information.

Step 1506: The terminal device sends second verification information to the EPP.

In step 1507, the EPP sends the second mobile phone number, the second verification information, the second encryption key of the EPP, and the name of the encryption algorithm adopted by the EPP to the HIS, requesting the HIS to verify the second verification information.

In step 1508, the HIS uses its first decryption key to adopt the corresponding encryption algorithm to decrypt the second mobile phone number to obtain the first mobile phone number, searches for the user ID based on the first mobile phone number, decrypts the second verification information using the first decryption key of the information providing server to obtain the second original verification information, and encrypts the second original verification information using the second encryption key to obtain a third encrypted string.

Step 1509: Determine a fourth encrypted string generated when the user registers on the information providing server. The fourth encrypted string is generated by encrypting the second original verification information using the second encryption key of the platform server.

Step 1510: The HIS compares the third encrypted string and the fourth encrypted string to see if they are the same, and performs verification.

Step 1511: If they are the same, the HIS verification is successful and returns the user ID to the EPP.

Step 1512: EPP stores the second verification information and the association between the second mobile phone number and the user identifier.

In the process described in this embodiment, the HIS obtains the second verification information from the EPP, uses the HIS's first decryption key to obtain the second original verification information encrypted with the first encryption key, and then encrypts the second original verification information with the EPP's second encryption key to obtain a third encrypted string, thereby achieving identity authentication. During the process of binding the first login information to the user ID, except for the first mobile phone number used for indexing and the second verification information used for verification, all other data on the HIS side is confidential. The user's login information on the EPP platform is also confidential, thus achieving the purpose of privacy protection.

Please refer to FIG16 , which is a fourth scenario diagram of a method for obtaining an electronic file according to an exemplary embodiment. This embodiment takes an electronic prescription as the electronic file, an EPP as the platform server, and a HIS as the information providing server as an example to describe how a user registers on the EPP and HIS sides. As shown in FIG16 , the following steps are included:

Step 1601: The patient requests the second encryption key of the EPP from the EPP through the terminal device.

In step 1602, the EPP returns the second encryption key of the EPP to the terminal device and sends a digital signature to the terminal device.

In step 1603, the terminal device registers with the HIS using the first mobile phone number (i.e., the original mobile phone number) and encrypts the information required for registration using the second encryption key of the EPP. The information required for registration with the HIS includes: name, medical record number, ID number, mobile phone number, home address, medication allergy record, past medical history, etc.

In step 1604, the HIS saves the first mobile phone number, generates a patient identifier (PatientID), and saves the verification information (eg, ID number, etc.) encrypted using the second encryption key based on EPP.

In step 1605, the HIS returns a second response message indicating successful registration to the terminal device, and returns the first encryption key of the HIS and the second mobile phone number generated by encrypting the first mobile phone number using the first encryption key of the HIS to the terminal device.

Step 1606: The terminal device registers with the EPP using the second mobile phone number.

In step 1607, the EPP sends the second mobile phone number to the HIS, requesting the HIS to send a text message verification code to the terminal device.

In step 1608, the HIS decrypts the second mobile phone number using the first encryption key of the HIS to obtain the first mobile phone number.

Step 1609: The HIS returns a third verification code to the EPP.

Step 1610: The HIS returns a fourth verification code to the terminal device based on the first mobile phone number.

Step 1611: The terminal device reports the fourth verification code to the EPP.

Step 1612: The EPP compares the fourth verification code reported by the terminal device with the third verification code returned by the HIS. If they are consistent, the verification is successful and the second mobile phone number is stored.

Step 1613: EPP returns a second response message indicating successful registration to the terminal device.

In step 1614, the terminal device may set a login password for logging into the EPP using the second mobile phone number.

Step 1615: EPP returns a successful setup response to the terminal device platform.

In the process of this embodiment, after the EPP obtains the second mobile phone number encrypted by the first encryption key of the HIS, it cannot decrypt the second mobile phone number to obtain the real first mobile phone number because it does not have the corresponding decryption key. Therefore, even if the second mobile phone number is stolen on the platform server, the thief will not be able to decrypt the second mobile phone number because he does not have the decryption key when he does not obtain the first decryption key of the HIS. At the same time, the private data registered by the user on the HIS is encrypted by the second encryption key of the EPP, so the HIS cannot decrypt the data stored on the EPP. Since it is very difficult for the thief to break through the EPP and HIS at the same time, this application can greatly improve the security protection level of the EPP and HIS. In addition, the HIS can decrypt the first mobile phone number according to its own first decryption key, so that it can assist the EPP in sending the SMS verification code to complete the secondary verification.

Corresponding to the above-mentioned method for obtaining electronic files, the present application also proposes a schematic structural diagram of a terminal device according to an exemplary embodiment of the present application as shown in FIG17. Please refer to FIG17. At the hardware level, the server includes a processor, an internal bus, a network interface, a memory, and a non-volatile memory, and of course may also include hardware required for other services. The processor reads the corresponding computer program from the non-volatile memory into the memory and then runs it, forming a device for obtaining electronic files at the logical level. Of course, in addition to software implementation, the present application does not exclude other implementation methods, such as logic devices or a combination of software and hardware, etc., that is, the execution subject of the following processing flow is not limited to each logic unit, but can also be hardware or logic devices.

Corresponding to the above-mentioned method for obtaining electronic files, the present application also proposes a schematic structural diagram of a platform server according to an exemplary embodiment of the present application, as shown in FIG18. Please refer to FIG18. At the hardware level, the server includes a processor, an internal bus, a network interface, a memory, and a non-volatile memory, and of course may also include hardware required for other services. The processor reads the corresponding computer program from the non-volatile memory into the memory and then runs it, forming a device for obtaining electronic files at the logical level. Of course, in addition to software implementation methods, the present application does not exclude other implementation methods, such as logic devices or a combination of software and hardware, etc., that is, the execution subject of the following processing flow is not limited to each logic unit, but can also be hardware or logic devices.

Corresponding to the above-mentioned method for obtaining electronic files, the present application also proposes a schematic structural diagram of an information providing server according to an exemplary embodiment of the present application, as shown in FIG19. Please refer to FIG19. At the hardware level, the server includes a processor, an internal bus, a network interface, a memory, and a non-volatile memory, and of course may also include hardware required for other services. The processor reads the corresponding computer program from the non-volatile memory into the memory and then runs it, forming a device for obtaining electronic files at the logical level. Of course, in addition to software implementation methods, the present application does not exclude other implementation methods, such as logic devices or a combination of software and hardware, etc., that is, the execution subject of the following processing flow is not limited to each logic unit, but can also be hardware or logic devices.

Please refer to FIG20 , which is a schematic diagram of the structure of an apparatus for acquiring an electronic file according to an exemplary embodiment 1. In a software implementation, the apparatus for acquiring an electronic file may include: a first sending module 2001, a first receiving module 2202, a first determining module 2203, and a second receiving module 2204; wherein:

A first sending module 2001 is configured to send a first request message for obtaining an electronic file to a platform server, wherein the first request message carries a first identifier of a server providing information of the electronic file;

The first receiving module 2002 is configured to receive first prompt information returned from the platform server according to the first request message sent by the first sending module 2001;

A first determining module 2003 is configured to determine first verification information for identity authentication according to the first prompt information received by the first receiving module 2002, and send the first verification information to the platform server;

The second receiving module 2004 is used to determine the information providing server based on the first identifier on the platform server, and determine the user identifier registered by the user on the information providing server based on the first login information of the user of the terminal device on the platform server, and after sending the first verification information and user identifier determined by the first determination module 2003 to the information providing server, receive the electronic file from the information providing server forwarded by the platform server, and the private information in the electronic file is encrypted with the first encryption key of the information providing server.

Please refer to FIG. 21 , which is a schematic diagram of the structure of an apparatus for acquiring an electronic file according to a second exemplary embodiment. Based on the embodiment shown in FIG. 20 , the first determining module 2003 may include:

The first determining unit 20031 is configured to determine the first original verification information input by the user on the terminal device and the first encryption key of the information providing server according to the first prompt information;

The first encryption unit 20032 is used to encrypt the first original verification information according to the first encryption key determined by the first determination unit 20031 to obtain first verification information for identity authentication.

In one embodiment, the apparatus may further include:

The second determining module 2005 is used to determine the first login information of the user when the user has not logged in to the platform server, and log in to the platform server using the first login information;

The third receiving module 2006 is configured to receive a first response message indicating a successful login returned by the platform server after the second determining module 2005 determines that the user login is successful.

In one embodiment, the apparatus may further include:

a fourth receiving module 2007, configured to receive a first verification code from the information providing server via the first mobile phone number, the first verification code being sent by the platform server to the information providing server according to the second mobile phone number, the second mobile phone number being encrypted by the first encryption key;

The second sending module 2008 is used to send the first verification code received by the fourth receiving module 2007 to the platform server via the second mobile phone number;

The third determination module 2009 is used to determine that the user login is successful after the platform server verifies the first verification code sent by the second sending module 2008 and the second verification code from the information providing server. The third receiving module 2006 executes the step of receiving the first response message of successful login returned by the platform server.

In one embodiment, the apparatus may further include:

The third sending module 210 is configured to send an association request to the platform server when the first login information of the user on the platform server is not bound to the user identifier, wherein the association request carries the first identifier of the information providing server;

The fifth receiving module 2011 is configured to receive the second prompt information returned from the platform server according to the association request sent by the third sending module 2010;

The fourth determining module 2012 is configured to determine the second original verification information input by the user on the terminal device according to the second prompt information received by the fifth receiving module 2011;

The first encryption module 2013 is configured to encrypt the second original verification information determined by the fourth determination module 2012 according to the first encryption key to obtain second verification information for identity authentication;

The fourth sending module 2014 is used to send the second verification information encrypted by the first encryption module 2013 to the platform server. The platform server forwards the binding request and the second verification information to the information providing server, so that the information providing server can decrypt the second verification information according to the first decryption key corresponding to the first encryption key, determine the user identification of the user on the information providing server according to the decrypted second verification information, and return the user identification to the platform server so that the platform server can establish a binding relationship between the first login information and the user identification.

In one embodiment, the apparatus may further include:

The second encryption module 2015 is used to encrypt the first registration information that the user of the terminal device needs to register on the information providing server using the second encryption key of the platform server when the user is not registered on the platform server and the information providing server;

a fifth sending module 2016, configured to send the first registration information encrypted by the first encryption key to the information providing server after the user logs in to the information providing server using the first mobile phone number;

a sixth receiving module 2017, configured to receive, after the information providing server generates a user identifier based on the first mobile phone number, a first encryption key, a first response message indicating successful registration, and a second mobile phone number from the information providing server, where the second mobile phone number is generated by encrypting the first mobile phone number with the first encryption key;

A first registration module 2018, configured to register with the platform server using the second mobile phone number;

The seventh receiving module 2019 is used to receive a second response message indicating successful registration returned by the platform server after the platform server registers the second mobile phone number.

In one embodiment, the apparatus further comprises:

A sixth sending module 220, configured to send a second request message for obtaining a second encryption key of the platform server to the platform server;

The eighth receiving module 2021 is configured to receive the second encryption key returned by the platform server according to the second request message sent by the sixth sending module 39 .

In one embodiment, the first registration module 2018 may include:

The first sending unit 20181 is used to send the second mobile phone number to the platform server;

The first receiving unit 20182 is configured to receive a third verification code returned from the information providing server, where the third verification code is sent by the platform server to the terminal device upon request of the information providing server based on the second mobile phone number sent by the first sending unit;

The second sending unit 20183 is configured to send the third verification code received by the first receiving unit 20182 to the platform server;

After the platform server compares the third verification code with the fourth verification code returned by the information providing server to the platform server to determine that the verification is successful, the seventh receiving module 2019 executes the step of receiving a second response message indicating successful registration returned by the platform server.

FIG22 is a schematic structural diagram of an apparatus for acquiring an electronic file according to yet another exemplary embodiment. In a software implementation, the apparatus for acquiring an electronic file may include: a ninth receiving module 2201, a seventh sending module 2202, an eighth sending module 2203, a first forwarding module 2204, and a second forwarding module 2205.

A ninth receiving module 2201 is configured to receive a first request message for obtaining an electronic file from a terminal device, wherein the first request message carries a first identifier of a server providing information of the electronic file;

The seventh sending module 2202 is configured to return first prompt information to the terminal device according to the first request message received by the ninth receiving module 2201;

An eighth sending module 2203 is configured to receive the first verification information from the terminal device after the terminal device determines the first verification information for identity authentication according to the first prompt information sent by the seventh sending module 2202;

A ninth sending module 2204 is configured to determine the information providing server according to the first identifier received by the ninth receiving module 2201, and to send the first verification information received by the eighth sending module 2203 and the user identifier of the user of the terminal device registered in the information providing server to the information providing server;

The first forwarding module 2205 is used to receive the electronic file from the information providing server after the information providing server verifies the first verification information sent by the ninth sending module 2204 and determines the electronic file based on the user identification, and forward the electronic file to the terminal device. The private information in the electronic file is encrypted with the first encryption key of the information providing server.

Figure 23 is a structural diagram of an apparatus for acquiring an electronic file according to yet another exemplary embodiment 2; based on the embodiment shown in Figure 22 above, the first verification information is generated by encrypting the original verification information input by the user on the terminal device using a first encryption key.

In one embodiment, the apparatus may further include:

A fifth determining module 2206 is configured to determine the first login information of the user on the platform server when the user has not logged in to the platform server;

The tenth sending module 2207 is configured to return a first response message indicating successful login to the terminal device after the fifth determining module 2206 determines that the user login is successful.

In one embodiment, the apparatus may further include:

an eleventh sending module 2208, configured to instruct the information providing server to send a first verification code to the terminal device using a second mobile phone number registered by the user of the terminal device on the platform server, where the second mobile phone number is obtained by encrypting the first mobile phone number using the first encryption key, and the first mobile phone number is the mobile phone number registered by the user on the information providing server;

A tenth receiving module 2209 is configured to decrypt the second mobile phone number using the first decryption key of the information providing server to obtain the first mobile phone number, instruct the terminal device to send the first verification code using the first mobile phone number, and then receive the first verification code from the terminal device and the second verification code from the information providing server.

The first verification module 2210 is used to verify the first verification code and the second verification code, and determine that the user login is successful after the verification is passed. The tenth sending module 2209 executes the step of returning a first response message of successful login to the terminal device.

In one embodiment, the apparatus may further include:

An eleventh receiving module 2211 is configured to receive an association request from a terminal device when the first login information of the user on the platform server and the user identifier registered by the user on the information providing server are not bound, the association request carrying the first identifier;

A twelfth sending module 2212 is configured to return second prompt information to the terminal device according to the association request;

a twelfth receiving module 2213, configured to determine, at the terminal device, second verification information for identity authentication according to the second prompt information, and receive the second verification information returned from the terminal device according to the second prompt information, where the second verification information is encrypted using the first encryption key;

The second forwarding module 2214 is configured to forward the binding request and the second verification information encrypted with the first encryption key to the information providing server, so that the information providing server can decrypt the second verification information encrypted with the first encryption key and determine the user ID registered with the information providing server based on the decrypted second verification information;

The thirteenth receiving module 2215 is configured to receive the user identification returned from the information providing server and establish a binding relationship between the first login information and the user identification.

In one embodiment, the apparatus may further include:

The second registration module 2216 is used to register the user using the second registration information from the terminal device when the user is not registered on the platform server;

The first obtaining module 2217 is configured to obtain a third verification code from the information providing server according to the second registration information registered by the second registration module 2216, and instruct the information providing server to send a fourth verification code to the first mobile phone number corresponding to the second mobile phone number;

A fourteenth receiving module 2218 is configured to receive a fourth verification code from a terminal device;

The second verification module 2219 is used to verify the third verification code and the fourth verification code;

The thirteenth sending module 2220 is configured to return a second response message indicating successful registration to the terminal device after the second verification module 2219 verifies the third verification code and the fourth verification code successfully.

In one embodiment, the apparatus may further include:

A fifteenth receiving module 2221 is configured to receive a second request message from a terminal device for obtaining a second encryption key from the platform server;

The fourteenth sending module 2222 is configured to return the second encryption key to the terminal device according to the second request message received by the fifteenth receiving module 2221 .

FIG24 is a schematic structural diagram of an apparatus for acquiring an electronic file according to another exemplary embodiment 1. In a software implementation, the apparatus for acquiring an electronic file may include: a sixteenth receiving module 2401, a third verification module 2402, a third encryption module 2403, and a fifteenth sending module 2404.

A sixteenth receiving module 2401 is configured to receive first verification information from the platform server and a user identifier of a user of a terminal device registered on an information providing server;

The third verification module 2402 is configured to verify the first verification information received by the sixteenth receiving module 2401 and determine the electronic file according to the user identifier after the verification is successful;

A third encryption module 2403 is configured to encrypt the private information in the electronic file determined by the third verification module 2402 using a first encryption key of the information providing server;

The fifteenth sending module 2404 is used to send the electronic file encrypted by the third encryption module 2403 to the platform server, so that the platform server can forward the electronic file to the terminal device.

FIG25 is a schematic diagram of the structure of an apparatus for obtaining an electronic file according to another exemplary embodiment 2. Based on the embodiment shown in FIG24 , the third verification module 2402 includes:

A first decryption unit 24021 is configured to decrypt the first verification information using a first decryption key of the information providing server;

The first encryption unit 24022 is configured to encrypt the first verification information decrypted by the first decryption unit using the second encryption key of the platform server to obtain a first encrypted string;

A first determining unit 24023 is configured to determine a second encrypted string generated when the user registers on the information providing server, where the second encrypted string is generated by encrypting the first verification information using a second encryption key of the platform server;

The second determining unit 24024 is configured to determine whether the first encrypted string obtained by the first encrypting unit 24022 and the second encrypted string determined by the first determining unit 24023 are the same. If they are the same, the verification of the first verification information is successful.

In one embodiment, the apparatus may further include:

A seventeenth receiving module 2405 is configured to, when the user is not logged into the platform server, receive an instruction message from the platform server for instructing the information provision server to send a first verification code to a second mobile phone number registered by the user with the platform server, wherein the second mobile phone number is obtained by encrypting the first mobile phone number using the first encryption key, and the first mobile phone number is the mobile phone number registered by the user with the information provision server;

A first decryption module 2406 is configured to decrypt the second mobile phone number using the first decryption key according to the instruction message received by the seventeenth receiving module 2405 to obtain the first mobile phone number;

The sixteenth sending module 2407 is configured to send the first verification code to the terminal device via the first mobile phone number and return the second verification code to the platform server, so that the platform server can perform login verification on the user according to the first verification code and the second verification code.

In one embodiment, the apparatus may further include:

An eighteenth receiving module 2408 is configured to receive second verification information and a second encryption key of the platform server from the platform server when the first login information of the user on the platform server is not bound to the user identifier, the second verification information being encrypted using the first encryption key;

The second decryption module 2409 is configured to decrypt the second verification information using the first decryption key of the information providing server, and encrypt the decrypted second original verification information using the second encryption key to obtain a third encrypted string;

A sixth determining module 2410 is configured to determine a fourth encrypted string generated when the user registers on the information providing server, where the fourth encrypted string is generated by encrypting the second original verification information using the second encryption key of the platform server;

a seventh determining module 2411, configured to determine whether the third encrypted string and the fourth encrypted string are identical;

The seventeenth sending module 2412 is used to return the user identification of the user of the terminal device registered on the information providing server to the platform server if the seventh determining module 2411 determines that they are the same, so that the platform server can establish a binding relationship between the first login information and the user identification.

In one embodiment, the apparatus may further include:

The third registration module 2413 is used to register the user using the first registration information from the terminal device when the user is not registered on the information providing server;

The fourth encryption module 2414 is configured to encrypt the first mobile phone number using the first encryption key to obtain a second mobile phone number after the user logs in to the information providing server using the first mobile phone number;

An eighteenth sending module 2415 is configured to send the second mobile phone number to the terminal device, so that the terminal device can register on the platform server using the second mobile phone number;

The identification generating module 2416 is configured to generate a user identification according to the first mobile phone number.

In one embodiment, the apparatus may further include:

A nineteenth receiving module 2417 is configured to receive a second mobile phone number from the platform server;

A third decryption module 2418 is configured to decrypt the second mobile phone number using the first decryption key to obtain the first mobile phone number;

A nineteenth sending module 2419 is configured to return a third verification code to the terminal device via the first mobile phone number, where the third verification code is sent by the platform server to the terminal device according to the second registration information request information providing server;

The twentieth sending module 2420 is configured to return the fourth verification code to the platform server, so that the platform server can compare the third verification code with the fourth verification code to determine whether the verification is successful.

As can be seen from the above embodiment, when a user registers with the information provider server, the second encryption key of the platform server is used to encrypt the user's relevant information; when registering with the platform server, the first encryption key of the information provider server is used to encrypt the user's relevant information (including private information in electronic files); when making an association request or viewing an electronic file, the platform server needs to send the encrypted information to the information provider server for decryption and then verification, or the information provider server decrypts the information and sends it back to the platform server for verification. When the private data on the information provider server is leaked, the thief cannot obtain the original data; similarly, even if the data on the platform server is leaked, the thief cannot obtain the original data. In addition, the platform server can also complete identity authentication with the assistance of the information provider server, which effectively protects the user's private information and realizes identity authentication.

Those skilled in the art will readily appreciate other embodiments of the present application after considering the specification and practicing the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the present application that follow the general principles of this application and include common knowledge or customary techniques in the art not disclosed herein. The description and examples are to be considered as exemplary only, and the true scope and spirit of the present application are indicated by the following claims.

It should also be noted that the terms "comprises," "includes," or any other variations thereof are intended to encompass non-exclusive inclusion, such that a process, method, commodity, or apparatus that includes a series of elements includes not only those elements but also other elements not explicitly listed, or includes elements inherent to such process, method, commodity, or apparatus. In the absence of further limitations, an element defined by the phrase "comprises a ..." does not exclude the presence of other identical elements in the process, method, commodity, or apparatus that includes the element.

The above description is only a preferred embodiment of the present application and is not intended to limit the present application. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present application shall be included in the scope of protection of the present application.

Claims (42)

1. A method for acquiring electronic documents, applied on a terminal device, characterized in that the method comprises: Send a first request message to the platform server to obtain electronic files, the first request message carrying a first identifier of the information providing server for providing the electronic files; Receive a first prompt message returned by the platform server based on the first request message; Based on the first prompt information, determine the first verification information for identity verification, and send the first verification information to the platform server; After the platform server determines the information providing server based on the first identifier and determines the user identifier registered by the user on the information providing server based on the user's first login information on the platform server, and sends the first verification information and the user identifier to the information providing server, it receives the electronic file forwarded by the platform server from the information providing server. The privacy information in the electronic file is encrypted by the first encryption key of the information providing server. 2. The method according to claim 1, wherein the step of determining the first verification information for authentication based on the first prompt information includes: Based on the first prompt information, determine the first original verification information entered by the user on the terminal device and determine the first encryption key of the information providing server; The first original verification information is encrypted using the first encryption key to obtain the first verification information used for identity verification. 3. The method according to claim 1, characterized in that the method further comprises: When the user is not logged into the platform server, the user's first login information is determined, and the user logs into the platform server using the first login information. After the user successfully logs in, the system receives a first response message from the platform server confirming successful login. 4. The method according to claim 3, characterized in that the method further comprises: The platform server receives a first verification code from the information providing server via a first mobile phone number. The first verification code is sent by the information providing server to the first mobile phone number based on the second mobile phone number. The second mobile phone number is obtained by encrypting the first mobile phone number with the first encryption key. The first verification code is sent to the platform server via the second mobile phone number; After the platform server verifies the first verification code and the second verification code from the information providing server, it determines that the user has successfully logged in and executes the step of receiving the first response message of successful login returned by the platform server. 5. The method according to claim 1, characterized in that the method further comprises: When the user's first login information on the platform server is not bound to the user identifier, an association request is sent to the platform server, and the association request carries the first identifier of the information providing server; Receive a second prompt message returned by the platform server based on the association request; The second original verification information entered by the user on the terminal device is determined based on the second prompt information; The second original verification information is encrypted using the first encryption key to obtain second verification information for identity verification. The second verification information is then sent to the platform server. The platform server forwards the binding request and the second verification information to the information providing server, so that the information providing server can decrypt the second verification information using the first decryption key corresponding to the first encryption key. Based on the decrypted second verification information, the user's user identifier on the information providing server is determined. After the user identifier is returned to the platform server, the platform server can establish a binding relationship between the first login information and the user identifier. 6. The method according to claim 1, characterized in that the method further comprises: When the user has not registered on the platform server and the information providing server, the first registration information of the user on the terminal device that needs to be registered on the information providing server is encrypted using the second encryption key of the platform server. After the user logs into the information providing server using the first mobile phone number, the first registration information encrypted with the first encryption key is sent to the information providing server. After the information providing server generates a user identifier based on the first mobile phone number, it receives the first encryption key, a first response message indicating successful registration, and a second mobile phone number from the information providing server. The second mobile phone number is generated by encrypting the first mobile phone number with the first encryption key. Register with the platform server using the second mobile phone number; After the platform server registers the second mobile phone number, it receives a second response message from the platform server indicating successful registration. 7. The method according to claim 6, characterized in that the method further comprises: Send a second request message to the platform server to obtain the second encryption key of the platform server; Receive the second encryption key returned by the platform server based on the second request message. 8. The method according to claim 6, wherein the step of registering with the platform server via the second mobile phone number includes: Send the second mobile phone number to the platform server; Receive a third verification code returned by the information providing server, wherein the third verification code is sent by the information providing server to the terminal device based on the second mobile phone number requested by the platform server; Send the third verification code to the platform server; After the platform server compares the third verification code with the fourth verification code returned by the information providing server to the platform server to determine that the verification is successful, it executes the step of receiving the second response message of successful registration returned by the platform server. 9. A method for acquiring electronic documents, applied on a platform server, characterized in that the method includes: Receive a first request message from a terminal device for obtaining an electronic file, the first request message carrying a first identifier of an information providing server for providing the electronic file; A first prompt message is returned to the terminal device according to the first request message; After the terminal device determines the first verification information for identity verification based on the first prompt information, it receives the first verification information from the terminal device. The information providing server is determined based on the first identifier, and the first verification information and the user identifier registered by the user of the terminal device on the information providing server are sent to the information providing server. After the information providing server verifies the first verification information and determines the electronic file according to the user identifier, it receives the electronic file from the information providing server and forwards the electronic file to the terminal device. The privacy information in the electronic file is encrypted by the first encryption key of the information providing server. 10. The method according to claim 9, wherein the first verification information is generated by encrypting the original verification information input by the user on the terminal device using the first encryption key. 11. The method according to claim 9, characterized in that the method further comprises: When the user is not logged into the platform server, determine the user's first login information on the platform server; After the user successfully logs in, a first response message indicating successful login is returned to the terminal device. 12. The method according to claim 11, characterized in that the method further comprises: The user of the terminal device instructs the information providing server to send a first verification code to the terminal device using a second mobile phone number registered on the platform server. The second mobile phone number is obtained by encrypting the first mobile phone number with the first encryption key. The first mobile phone number is the mobile phone number registered by the user on the information providing server. After the information providing server decrypts the second mobile phone number using the first decryption key of the information providing server to obtain the first mobile phone number, and instructs the terminal device to send a first verification code through the first mobile phone number, the terminal device receives the first verification code and the information providing server receives the second verification code. The first verification code and the second verification code are verified. After the verification is successful, it is determined that the user has successfully logged in, and the step of returning a first response message of successful login to the terminal device is executed. 13. The method according to claim 9, characterized in that the method further comprises: When the user's first login information on the platform server and the user identifier registered by the user on the information providing server are not bound, an association request is received from the terminal device, and the association request carries the first identifier; A second prompt message is returned to the terminal device according to the association request; The terminal device determines the second verification information for identity verification based on the second prompt information, and receives the second verification information returned by the terminal device based on the second prompt information, wherein the second verification information is encrypted by the first encryption key; The binding request and the second verification information encrypted with the first encryption key are forwarded to the information providing server, so that the information providing server can decrypt the second verification information encrypted with the first encryption key and determine the user identifier registered by the user on the information providing server based on the decrypted second verification information; Receive the user identifier returned from the information providing server and establish a binding relationship between the first login information and the user identifier. 14. The method according to claim 9, wherein the method further comprises: If the user has not registered on the platform server, registration is performed using second registration information from the terminal device; Based on the second registration information, a third verification code is obtained from the information providing server, and the information providing server is instructed to send a fourth verification code to the first mobile phone number corresponding to the second mobile phone number. The second mobile phone number is obtained by encrypting the first mobile phone number with the first encryption key. Receive the fourth verification code from the terminal device; Verify the third verification code and the fourth verification code; After the platform server verifies the third verification code and the fourth verification code, it returns a second response message indicating successful registration to the terminal device. 15. The method according to claim 14, characterized in that the method further comprises: Receive a second request message from the terminal device for obtaining a second encryption key from the platform server; The second encryption key is returned to the terminal device according to the second request message. 16. A method for acquiring electronic documents, applied on an information providing server, characterized in that the method comprises: Receive first verification information from the platform server, and the user identifier registered by the terminal device with the information provided by the server. The first verification information is verified, and the electronic document is determined based on the user identifier after the verification is successful. The privacy information in the electronic file is encrypted using the first encryption key provided by the information server; The electronic file is sent to the platform server, so that the platform server can forward the electronic file to the terminal device. 17. The method according to claim 16, wherein the step of verifying the first verification information includes: The first verification information is decrypted using the first decryption key provided by the server. The decrypted first verification information is encrypted using the second encryption key of the platform server to obtain a first encrypted string; The second encrypted string generated by the user during registration with the information providing server is determined. The second encrypted string is generated by encrypting the first verification information with the second encryption key of the platform server. Determine whether the first encrypted string and the second encrypted string are the same. If they are the same, the verification of the first verification information is successful. 18. The method according to claim 16, wherein the method further comprises: When the user is not logged into the platform server, an instruction message is received from the platform server instructing the information providing server to send a first verification code to the second mobile phone number registered by the user on the platform server, wherein the second mobile phone number is obtained by encrypting the first mobile phone number with the first encryption key, and the first mobile phone number is the mobile phone number registered by the user on the information providing server; According to the instruction message, the second mobile phone number is decrypted using the first decryption key provided by the information server to obtain the first mobile phone number; The first verification code is sent to the terminal device via the first mobile phone number, and a second verification code is returned to the platform server, so that the platform server can verify the user's login based on the first verification code and the second verification code. 19. The method according to claim 16, characterized in that the method further comprises: When the user's first login information on the platform server is not bound to the user identifier, the user receives second verification information and a second encryption key from the platform server, wherein the second verification information is encrypted with the first encryption key. The first decryption key provided by the information server is used to decrypt the second verification information, and the second encryption key is used to encrypt the decrypted second original verification information to obtain a third encrypted string; Determine the fourth encrypted string generated by the user when registering with the information providing server, the fourth encrypted string being generated by encrypting the second original verification information with the second encryption key of the platform server; Determine whether the third encrypted string and the fourth encrypted string are the same; If they are the same, the platform server returns the user identifier registered by the user of the terminal device on the information providing server, so that the platform server can establish a binding relationship between the first login information and the user identifier. 20. The method according to claim 16, characterized in that the method further comprises: If the user has not registered on the information providing server, registration is performed using the first registration information from the terminal device; After the user logs into the information providing server using the first mobile phone number, the first mobile phone number is encrypted using the first encryption key to obtain the second mobile phone number; The second mobile phone number is sent to the terminal device so that the terminal device can register on the platform server using the second mobile phone number; A user identifier is generated based on the first mobile phone number. 21. The method according to claim 20, characterized in that the method further comprises: Receive a second mobile phone number from the platform server; The first mobile phone number is obtained by decrypting the second mobile phone number using the first decryption key provided by the information provider server; A third verification code is returned to the terminal device through the first mobile phone number. The third verification code is sent to the terminal device by the information providing server based on the second registration information requested by the platform server. The second registration information comes from the terminal device. A fourth verification code is returned to the platform server so that the platform server can compare the third verification code and the fourth verification code to determine whether the verification is successful. 22. An apparatus for acquiring electronic documents, applied on a terminal device, characterized in that the apparatus comprises: The first sending module is used to send a first request message to the platform server for obtaining electronic files, wherein the first request message carries a first identifier of the information providing server for providing the electronic files. The first receiving module is used to receive a first prompt message returned by the platform server based on the first request message sent by the first sending module; The first determining module is configured to determine first verification information for identity verification based on the first prompt information received by the first receiving module, and send the first verification information to the platform server; The second receiving module is configured to receive the electronic file forwarded by the platform server from the information providing server after the platform server determines the information providing server based on the first identifier and determines the user identifier registered by the user of the terminal device on the information providing server based on the first login information of the user on the platform server, and sends the first verification information determined by the first determining module and the user identifier to the information providing server. The privacy information in the electronic file is encrypted by the first encryption key of the information providing server. 23. The apparatus according to claim 22, wherein the first determining module comprises: The first determining unit is configured to determine the first original verification information input by the user on the terminal device and the first encryption key of the information providing server based on the first prompt information. The first encryption unit is used to encrypt the first original verification information according to the first encryption key determined by the first determining unit to obtain the first verification information for identity verification. 24. The apparatus according to claim 22, wherein the apparatus further comprises: The second determining module is used to determine the user's first login information when the user has not logged into the platform server, and log into the platform server using the first login information; The third receiving module is used to receive a first response message indicating successful login returned by the platform server after the second determining module determines that the user has successfully logged in. 25. The apparatus according to claim 24, wherein the apparatus further comprises: The fourth receiving module is used to receive a first verification code from the information providing server via a first mobile phone number. The first verification code is sent by the information providing server to the first mobile phone number according to the instructions of the platform server based on the second mobile phone number. The second mobile phone number is obtained by encrypting the first mobile phone number with the first encryption key. The second sending module is used to send the first verification code received by the fourth receiving module to the platform server via a second mobile phone number; The third determining module is used to determine that the user has successfully logged in after the platform server verifies the first verification code sent by the second sending module and the second verification code from the information providing server, and the third receiving module performs the step of receiving the first response message of successful login returned by the platform server. 26. The apparatus according to claim 22, wherein the apparatus further comprises: The third sending module is used to send an association request to the platform server when the user's first login information on the platform server is not bound to the user identifier, and the association request carries the first identifier of the information providing server; The fifth receiving module is used to receive a second prompt message returned by the platform server based on the association request sent by the third sending module; The fourth determining module is used to determine the second original verification information input by the user on the terminal device based on the second prompt information received by the fifth receiving module; The first encryption module is used to encrypt the second original verification information determined by the fourth determining module according to the first encryption key, so as to obtain the second verification information for identity verification. The fourth sending module is used to send the second verification information encrypted by the first encryption module to the platform server. The platform server forwards the binding request and the second verification information to the information providing server, so that the information providing server can decrypt the second verification information according to the first decryption key corresponding to the first encryption key. Based on the decrypted second verification information, the information providing server determines the user's user identifier on the information providing server and returns the user identifier to the platform server, so that the platform server can establish a binding relationship between the first login information and the user identifier. 27. The apparatus according to claim 22, wherein the apparatus further comprises: The second encryption module is used to encrypt the first registration information of the user of the terminal device that needs to be registered on the information providing server using the second encryption key of the platform server when the user has not registered on the platform server and the information providing server. The fifth sending module is used to send the first registration information encrypted with the first encryption key to the information providing server after the user logs in to the information providing server using the first mobile phone number; The sixth receiving module is used to receive the first encryption key, the first response message of successful registration, and the second mobile phone number from the information providing server after the information providing server generates a user identifier based on the first mobile phone number. The second mobile phone number is generated by encrypting the first mobile phone number with the first encryption key. The first registration module is used to register with the platform server using the second mobile phone number; The seventh receiving module is used to receive a second response message indicating successful registration returned by the platform server after the platform server registers the second mobile phone number. 28. The apparatus according to claim 27, wherein the apparatus further comprises: The sixth sending module is used to send a second request message to the platform server for obtaining the second encryption key of the platform server; The eighth receiving module is used to receive the second encryption key returned by the platform server according to the second request message sent by the sixth sending module. 29. The apparatus according to claim 27, wherein the first registration module comprises: The first sending unit is used to send the second mobile phone number to the platform server; The first receiving unit is configured to receive a third verification code returned by the information providing server, wherein the third verification code is requested by the platform server to be sent by the information providing server to the terminal device based on the second mobile phone number sent by the first sending unit; The second sending unit is used to send the third verification code received by the first receiving unit to the platform server; After the platform server compares the third verification code with the fourth verification code returned by the information providing server to the platform server to determine that the verification is successful, the seventh receiving module performs the step of receiving the second response message of successful registration returned by the platform server. 30. An apparatus for acquiring electronic documents, used on a platform server, characterized in that the apparatus comprises: The ninth receiving module is used to receive a first request message from a terminal device for obtaining an electronic file, wherein the first request message carries a first identifier of an information providing server for providing the electronic file; The seventh sending module is used to return a first prompt message to the terminal device based on the first request message received by the ninth receiving module; The eighth sending module is configured to receive the first verification information from the terminal device after the terminal device determines the first verification information for identity verification based on the first prompt information sent by the seventh sending module; The ninth sending module is used to determine the information providing server based on the first identifier received by the ninth receiving module, and send the first verification information and the user identifier registered by the user of the terminal device on the information providing server to the information providing server; The first forwarding module is configured to receive the electronic file from the information providing server after the information providing server verifies the first verification information sent by the ninth sending module and determines the electronic file according to the user identifier, and forward the electronic file to the terminal device, wherein the privacy information in the electronic file is encrypted by the first encryption key of the information providing server. 31. The apparatus according to claim 30, wherein the first verification information is generated by encrypting the original verification information input by the user on the terminal device using the first encryption key. 32. The apparatus according to claim 30, characterized in that the apparatus further comprises: The fifth determining module is used to determine the user's first login information on the platform server when the user has not logged in to the platform server; The tenth sending module is used to return a first response message of successful login to the terminal device after the fifth determining module determines that the user has successfully logged in. 33. The apparatus according to claim 32, characterized in that the apparatus further comprises: The eleventh sending module is used to instruct the information providing server to send a first verification code to the terminal device through a second mobile phone number registered by the user of the terminal device on the platform server. The second mobile phone number is obtained by encrypting the first mobile phone number with the first encryption key. The first mobile phone number is the mobile phone number registered by the user on the information providing server. The tenth receiving module is configured to receive the first verification code from the terminal device and the second verification code from the information providing server after the information providing server decrypts the second mobile phone number using the first decryption key of the information providing server to obtain the first mobile phone number and instructs the terminal device to send a first verification code using the first mobile phone number; The first verification module is used to verify the first verification code and the second verification code. After the verification is successful, it is determined that the user has successfully logged in. The tenth sending module performs the step of returning a first response message of successful login to the terminal device. 34. The apparatus according to claim 30, wherein the apparatus further comprises: The eleventh receiving module is configured to receive an association request from the terminal device when the user's first login information on the platform server and the user identifier registered by the user on the information providing server are not bound together, wherein the association request carries the first identifier; The twelfth sending module is used to return a second prompt message to the terminal device according to the association request; The twelfth receiving module is configured to receive the second verification information returned by the terminal device based on the second prompt information when the terminal device determines the second verification information for authentication based on the second prompt information, wherein the second verification information is encrypted by the first encryption key; The second forwarding module is used to forward the binding request and the second verification information encrypted with the first encryption key to the information providing server, so that the information providing server can decrypt the second verification information encrypted with the first encryption key and determine the user identifier registered by the user on the information providing server based on the decrypted second verification information. The thirteenth receiving module is used to receive the user identifier returned by the information providing server and establish a binding relationship between the first login information and the user identifier. 35. The apparatus according to claim 30, wherein the apparatus further comprises: The second registration module is used to register the user using second registration information from the terminal device when the user has not registered on the platform server. The first acquisition module is used to obtain a third verification code from the information providing server based on the second registration information registered by the second registration module, and instruct the information providing server to send a fourth verification code to the first mobile phone number corresponding to the second mobile phone number, wherein the second mobile phone number is obtained by encrypting the first mobile phone number with the first encryption key; The fourteenth receiving module is used to receive the fourth verification code from the terminal device; The second verification module is used to verify the third verification code and the fourth verification code; The thirteenth sending module is used to return a second response message of successful registration to the terminal device after the second verification module has successfully verified the third verification code and the fourth verification code. 36. The apparatus according to claim 35, wherein the apparatus further comprises: The fifteenth receiving module is configured to receive a second request message from the terminal device for obtaining the second encryption key of the platform server; The fourteenth sending module is used to return the second encryption key to the terminal device according to the second request message received by the fifteenth receiving module. 37. An apparatus for acquiring electronic documents, used on an information providing server, characterized in that the apparatus comprises: The sixteenth receiving module is used to receive first verification information from the platform server and the user identifier registered by the user of the terminal device on the information providing server; The third verification module is used to verify the first verification information received by the sixteenth receiving module, and after the verification is passed, determine the electronic document according to the user identifier; The third encryption module is used to encrypt the privacy information in the electronic document using the first encryption key provided by the information server; The fifteenth sending module is used to send the electronic file encrypted by the third encryption module to the platform server, so that the platform server can forward the electronic file to the terminal device. 38. The apparatus according to claim 37, wherein the third verification module comprises: The first decryption unit is used to decrypt the first verification information using the first decryption key provided by the information provider server; The first encryption unit is used to encrypt the first verification information decrypted by the first decryption unit using the second encryption key of the platform server to obtain a first encrypted string. The first determining unit is used to determine the second encrypted string generated by the user when registering with the information providing server, wherein the second encrypted string is generated by encrypting the first verification information with the second encryption key of the platform server. The second determining unit is used to determine whether the first encrypted string obtained by the first encryption unit and the second encrypted string determined by the first determining unit are the same. If they are the same, the verification of the first verification information is successful. 39. The apparatus according to claim 37, wherein the apparatus further comprises: The seventeenth receiving module is used to receive an instruction message from the platform server when the user is not logged into the platform server, instructing the information providing server to send a first verification code to the second mobile phone number registered by the user on the platform server, wherein the second mobile phone number is obtained by encrypting the first mobile phone number with the first encryption key, and the first mobile phone number is the mobile phone number registered by the user on the information providing server; The first decryption module is used to decrypt the second mobile phone number using the first decryption key according to the instruction message received by the seventeenth receiving module, so as to obtain the first mobile phone number; The sixteenth sending module is used to send a first verification code to the terminal device via the first mobile phone number and return a second verification code to the platform server, so that the platform server can perform login verification on the user based on the first verification code and the second verification code. 40. The apparatus according to claim 37, wherein the apparatus further comprises: The eighteenth receiving module is used to receive second verification information and a second encryption key from the platform server when the user's first login information on the platform server is not bound to the user identifier, wherein the second verification information is encrypted by the first encryption key; The second decryption module is used to decrypt the second verification information using the first decryption key provided by the information server, and to encrypt the decrypted second original verification information using the second encryption key to obtain a third encrypted string; The sixth determining module is used to determine the fourth encrypted string generated by the user when registering with the information providing server, wherein the fourth encrypted string is generated by encrypting the second original verification information with the second encryption key of the platform server; The seventh determining module is used to determine whether the third encrypted string and the fourth encrypted string are the same; The seventeenth sending module is used to return the user identifier registered by the user of the terminal device on the information providing server to the platform server if the seventh determining module determines the same, so that the platform server can establish a binding relationship between the first login information and the user identifier. 41. The apparatus according to claim 37, wherein the apparatus further comprises: The third registration module is used to register the user using the first registration information from the terminal device when the user has not registered on the information providing server. The fourth encryption module is used to encrypt the first mobile phone number using the first encryption key after the user logs into the information providing server using the first mobile phone number, so as to obtain the second mobile phone number; The eighteenth sending module is used to send the second mobile phone number to the terminal device so that the terminal device can register on the platform server using the second mobile phone number; The identifier generation module is used to generate a user identifier based on the first mobile phone number. 42. The apparatus according to claim 41, characterized in that the apparatus further comprises: The nineteenth receiving module is used to receive a second mobile phone number from the platform server; The third decryption module is used to decrypt the second mobile phone number using the first decryption key provided by the information server to obtain the first mobile phone number; The nineteenth sending module is used to return a third verification code to the terminal device through the first mobile phone number. The third verification code is sent to the terminal device by the platform server based on the second registration information requested by the information providing server. The second registration information comes from the terminal device. The twentieth sending module is used to return a fourth verification code to the platform server, so that the platform server can compare the third verification code and the fourth verification code to determine whether the verification is successful.