WO2025108032A1 - Service execution - Google Patents
Service execution Download PDFInfo
- Publication number
- WO2025108032A1 WO2025108032A1 PCT/CN2024/128493 CN2024128493W WO2025108032A1 WO 2025108032 A1 WO2025108032 A1 WO 2025108032A1 CN 2024128493 W CN2024128493 W CN 2024128493W WO 2025108032 A1 WO2025108032 A1 WO 2025108032A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- target
- business
- business data
- data
- injection point
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/448—Execution paradigms, e.g. implementations of programming paradigms
- G06F9/4482—Procedural
- G06F9/4484—Executing subprograms
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Definitions
- the present invention relates to the field of computer technology, and in particular to a method, device, storage medium and electronic device for executing a service.
- data in certain business links need to be processed securely.
- the data needs to be displayed on the front-end page, the data needs to be desensitized before display.
- the data can be homomorphically encrypted before storage.
- the present specification provides a method, device, storage medium and electronic device for executing a service to improve the efficiency of adding a data security processing function to a service link.
- the present specification provides a method for executing a business, including: determining the process identifier of a target process used to execute a target business, and determining a target injection point in the target process; injecting a preset bytecode program into the target injection point of the target process according to the process identifier and the target injection point; obtaining, through the bytecode program, original business data required for use by the target process at the target injection point when executing the target business; calling, through the bytecode program, a pre-deployed data security component to process the original business data through the data security component to obtain processed business data; and continuing to execute the target business through the target process based on the processed business data.
- determining the process ID of a target process used to execute a target business includes: querying the process IDs of each running process; selecting a target process used to execute the target business from the processes, and determining the process ID of the target process.
- the original business data required for use at the target injection point when the target process executes the target business is obtained through the bytecode program, specifically including: obtaining, through the bytecode program, the original business data in the local variable table corresponding to the target injection point when the target process executes the target business, and pushing the original business data into the operand stack; calling, through the bytecode program, a pre-deployed data security component to process the original business data through the data security component to obtain processed business data, specifically including: calling, through the bytecode program, a data security component to process the original business data in the operand stack to obtain processed business data, and returning the processed business data to the operand stack; based on the processed business data, continuing to execute the target business through the target process, specifically including: replacing the original business data in the local variable table with the processed business data in the operand stack through the bytecode program, so as to continue to execute the target business through the target process based on the processed business data in the local variable table.
- the target injection point is identified by a fully qualified class name and a fully qualified method name.
- the present specification provides a device for executing a business, including: a determination module, used to determine the process identifier of a target process used to execute a target business, and to determine a target injection point in the target process; an injection module, used to inject a preset bytecode program into the target injection point of the target process according to the process identifier and the target injection point; an acquisition module, used to obtain, through the bytecode program, original business data required to be used at the target injection point when the target process executes the target business; a calling module, used to call a pre-deployed data security component through the bytecode program, so as to process the original business data through the data security component to obtain processed business data; and an execution module, used to continue to execute the target business through the target process based on the processed business data.
- a determination module used to determine the process identifier of a target process used to execute a target business, and to determine a target injection point in the target process
- an injection module used to inject a preset bytecode program into
- the determination module is specifically used to query the process identifiers of each running process; select a target process used to execute the target business from the processes, and determine the process identifier of the target process.
- the acquisition module is specifically used to, through the bytecode program, acquire the original business data in the local variable table corresponding to the target injection point when the target process executes the target business, and push the original business data into the operand stack;
- the calling module is specifically used to, through the bytecode program, call the data security component to process the original business data in the operand stack to obtain the processed business data, and return the processed business data to the operand stack;
- the execution module is specifically used to, through the The bytecode program replaces the original business data in the local variable table with the processed business data in the operand stack, so as to continue to execute the target business through the target process based on the processed business data in the local variable table.
- the target injection point is identified by a fully qualified class name and a fully qualified method name.
- This specification provides a computer-readable storage medium, which stores a computer program.
- the computer program is executed by a processor, the method for executing the above-mentioned service is implemented.
- This specification provides an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the above-mentioned service execution method when executing the program.
- the process identifier of the target process used to execute the target business is determined, and the target injection point in the target process is determined. Then, according to the process identifier and the target injection point, the preset bytecode program can be injected into the target injection point of the target process, and then, the original business data required to be used at the target injection point when the target process executes the target business can be obtained through the bytecode program.
- the pre-deployed data security component is called to process the original business data through the data security component to obtain the processed business data, and based on the processed business data, the target business is continued to be executed through the target process.
- the business execution method provided in this specification can obtain the business data that needs to be securely processed in the business chain through a pre-written bytecode program, and call the data security component through the bytecode program to process the original business data at the target injection point in the business chain of the process.
- the process can then continue to execute the business based on the processed business data, thereby improving the efficiency of adding security processing strategies to the business chain to a certain extent compared to the existing technology.
- FIG1 is a schematic flow chart of a method for executing a service in this specification.
- FIG. 2 is a schematic diagram of bytecode injection provided in this specification.
- FIG. 3 is a schematic diagram of a device for executing a service provided in this specification.
- FIG. 4 is a schematic diagram of an electronic device provided in this specification corresponding to FIG. 1 .
- FIG1 is a flow chart of a method for executing a service in this specification, which specifically includes the following steps.
- S100 Determine a process identifier of a target process used to execute a target business, and determine a target injection point in the target process.
- S102 Injecting a preset bytecode program into a target injection point of the target process according to the process identifier and the target injection point.
- the software system can be used to execute one or more businesses.
- the business In order to execute the business, there may be many processes inside the server. Different businesses have different processes, and the functions executed by each process may be different.
- the server can determine the process ID of the target process used to execute the target business, and determine the target injection point in the target process. Then, according to the process ID and the target injection point, the preset bytecode program can be injected into the target injection point of the target process.
- the server may query the process identifier of each running process (the process identifier may be a process id), and may select a target process used to execute a target business from each process, and determine the process identifier of the target process.
- the process identifier may be a process id
- the process can be the target process.
- the process may be a target process.
- the target process can be selected manually, so that after the process IDs of each process are queried, the process ID of the target process can be obtained.
- the application name and process ID corresponding to each process can be queried during the query.
- the application name and process ID of each process correspond one to one.
- the application name corresponding to the target process that needs data security processing among the processes used to execute the target business can be determined, and the process ID of the target process can be located by the application name.
- the application name and process ID of each process running in the server can be queried through the jps command.
- the target business mentioned above can also be defined according to actual needs.
- the server maintains payment business, transaction business, etc., and the business that needs to add data security processing can be selected as the target business.
- S104 Acquire, through the bytecode program, original business data required for use at the target injection point when the target process executes the target business.
- S106 calling a pre-deployed data security component through the bytecode program to process the original business data through the data security component to obtain processed business data.
- S108 Based on the processed business data, continue to execute the target business through the target process.
- the preset bytecode program can be injected into the target injection point of the target process, so as to obtain the original business data at the target injection point in the target process through the bytecode program, and call the pre-deployed data security component through the bytecode program to process the original business data through the data security component to obtain processed business data, so as to continue to execute the above-mentioned target business based on the processed business data.
- the above-mentioned bytecode program can be artificially written in the form of bytecode (Java bytecode), and the above-mentioned data security component can be in the form of a jar package.
- the function of the bytecode program is: after being injected into the target injection point, obtaining the original business data that needs to be securely processed at the target injection point, calling the data security component to process the original business data, and obtaining the processed business data.
- the process id can be specified through the attach mechanism to start the injector (agant program), and the bytecode program can be injected into the target process through the injector combined with the instrumentation mechanism.
- the local variables corresponding to the target injection point in the target process can be obtained
- the original business data in the local variable table is obtained by the bytecode program, and the original business data is pushed into the operand stack.
- the data security component can be called through the bytecode program to process the original business data in the operand stack to obtain the processed business data, and the processed business data is returned to the operand stack.
- the bytecode program replaces the original business data in the local variable table with the processed business data in the operand stack to complete the processing of the original business data.
- the target process can continue to execute the target business based on the processed business data in the local variable table.
- the original business data mentioned here may be data that has security processing requirements, such as data involving user privacy. Therefore, the bytecode program can filter out data of the target type from the local variable table as the original business data, and the target type can be set manually.
- FIG. 2 is a schematic diagram of bytecode injection provided in this specification.
- the data security component mentioned above may be a program specifically used for processing data securely, for example, the data security component may encrypt or desensitize the data, etc.
- the data security component may also be used for security verification of users.
- original business data related to the user's identity can be obtained, and the user's identity can be authenticated through the data security component based on the original business data.
- the processed business data can be used to indicate whether the user's identity authentication is successful.
- the business execution method provided in this specification can obtain the business data that needs to be securely processed in the business chain through a pre-written bytecode program, and call the data security component through the bytecode program to process the original business data at the target injection point in the business chain of the process.
- the process can then continue to execute the business based on the processed business data, thereby improving the efficiency of adding security processing strategies to the business chain to a certain extent compared to the existing technology.
- the execution subject of the method is described as a server in the above content.
- the execution subject of the method can be a computer, a large service platform, etc., which is not limited here.
- this specification also provides a device for executing services, as shown in FIG3 .
- Figure 3 is a schematic diagram of a business execution device provided in this specification, which specifically includes: a determination module 301, used to determine the process identifier of the target process used to execute the target business, and determine the target injection point in the target process; an injection module 302, used to inject a preset bytecode program into the target injection point of the target process according to the process identifier and the target injection point; an acquisition module 303, used to obtain, through the bytecode program, the original business data required to be used by the target process at the target injection point when executing the target business; a calling module 304, used to call a pre-deployed data security component through the bytecode program, so as to process the original business data through the data security component to obtain processed business data; an execution module 305, used to continue to execute the target business through the target process based on the processed business data.
- a determination module 301 used to determine the process identifier of the target process used to execute the target business, and determine the target injection point in the target process
- an injection module 302
- the determination module 301 is specifically used to query the process identifiers of each running process; select a target process used to execute the target business from the processes, and determine the process identifier of the target process.
- the acquisition module 303 is specifically used to acquire, through the bytecode program, the original business data in the local variable table corresponding to the target injection point when the target process executes the target business, and push the original business data into the operand stack;
- the calling module 304 is specifically used to call the data security component through the bytecode program to process the original business data in the operand stack to obtain processed business data, and return the processed business data to the operand stack;
- the execution module 305 is specifically used to replace the original business data in the local variable table with the processed business data in the operand stack through the bytecode program, so as to continue to execute the target business through the target process based on the processed business data in the local variable table.
- the target injection point is identified by a fully qualified class name and a fully qualified method name.
- This specification also provides a computer-readable storage medium, which stores a computer program.
- the computer program can be used to execute the above-mentioned service execution method.
- the electronic device includes a processor, an internal bus, a network interface, a memory, and a non-volatile memory, and of course may also include hardware required for other services.
- the processor reads the corresponding computer program from the non-volatile memory into the memory and then runs it to implement the above-mentioned service execution method.
- this specification does not exclude other implementation methods, such as logic devices or a combination of software and hardware, etc., that is to say, the execution subject of the following processing flow is not limited to each logic unit, but can also be hardware or logic devices.
- a programmable logic device such as a field programmable gate array (FPGA)
- FPGA field programmable gate array
- HDL There is not only one HDL, but many kinds, such as ABEL (Advanced Boolean Expression Language), AHDL (Altera Hardware Description Language), Confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (Java Hardware Description Language), Lava, Lola, MyHDL, PALASM, RHDL (Ruby Hardware Description Language), etc.
- ABEL Advanced Boolean Expression Language
- AHDL Altera Hardware Description Language
- HDCal JHDL (Java Hardware Description Language), Lava, Lola, MyHDL, PALASM, RHDL (Ruby Hardware Description Language), etc.
- VHDL Very-High-Speed Integrated Circuit Hardware Description Language
- Verilog Verilog
- the controller may be implemented in any suitable manner, for example, the controller may take the form of a microprocessor or processor and a computer readable medium storing a computer readable program code (e.g., software or firmware) executable by the (micro)processor, a logic gate, a switch, an application specific integrated circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include but are not limited to the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320, and the memory controller may also be implemented as part of the control logic of the memory.
- a computer readable program code e.g., software or firmware
- the controller may be implemented in the form of a logic gate, a switch, an application specific integrated circuit, a programmable logic controller, and an embedded microcontroller by logically programming the method steps. Therefore, such a controller may be considered as a hardware component, and the means for implementing various functions included therein may also be considered as a structure within the hardware component. Or even, the means for implementing various functions may be considered as both a software module for implementing the method and a structure within the hardware component.
- a typical implementation device is a computer.
- the computer may be, for example, a personal computer, a laptop computer, a cellular phone, a camera phone, a smart phone, a personal digital assistant, A media player, a navigation device, an email device, a gaming console, a tablet computer, a wearable device, or a combination of any of these devices.
- the above device is described by dividing it into various units according to its functions.
- the functions of each unit can be implemented in the same or multiple software and/or hardware.
- embodiments of the present invention may be provided as methods, systems, or computer program products. Therefore, the present invention may take the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, the present invention may take the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.
- computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
- each process and/or box in the flowchart and/or block diagram, as well as the combination of the process and/or box in the flowchart and/or block diagram can be implemented by computer program instructions.
- These computer program instructions can be provided to a processor of a general-purpose computer, a special-purpose computer, an embedded processor or other programmable data processing device to produce a machine, so that the instructions executed by the processor of the computer or other programmable data processing device produce a device for implementing the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.
- These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing device to work in a specific manner, so that the instructions stored in the computer-readable memory produce a manufactured product including an instruction device that implements the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.
- These computer program instructions may also be loaded onto a computer or other programmable data processing device so that a series of operational steps are executed on the computer or other programmable device to produce a computer-implemented process, whereby the instructions executed on the computer or other programmable device provide steps for implementing the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.
- a computing device includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.
- processors CPU
- input/output interfaces network interfaces
- memory volatile and non-volatile memory
- the memory may include non-permanent storage in a computer-readable medium, random access memory (RAM) and/or non-volatile memory in the form of read-only memory (ROM) or flash RAM.
- RAM random access memory
- ROM read-only memory
- flash RAM flash random access memory
- Computer readable media include permanent and non-permanent, removable and non-removable media that can be implemented by any method or technology to store information.
- Information can be computer readable instructions, data structures, program modules or other data.
- Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, compact disk read-only memory (CD-ROM), digital versatile disk (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices or any other non-transmission media that can be used to store information that can be accessed by a computing device.
- computer readable media does not include temporary computer readable media (transitory media), such as modulated data signals and carrier waves.
- this specification may be provided as methods, systems or computer program products. Therefore, this specification may take the form of a complete hardware embodiment, a complete software embodiment or an embodiment combining software and hardware. Moreover, this specification may take the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.
- computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
- program modules include routines, programs, objects, components, data structures, etc. that perform specific tasks or implement specific abstract data types.
- This specification may also be practiced in distributed computing environments where tasks are performed by remote processing nodes connected through a communication network.
- program modules may be located in local and remote computer storage media, including storage nodes.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Medical Informatics (AREA)
- Stored Programmes (AREA)
Abstract
Description
本说明书涉及计算机技术领域,尤其涉及一种业务执行的方法、装置、存储介质及电子设备。The present invention relates to the field of computer technology, and in particular to a method, device, storage medium and electronic device for executing a service.
随着信息技术的不断发展,各种各样的线上平台丰富着人们的生活,随之而来的是大量保证信息安全的需求,即,线上平台有着保证平台及用户的隐私数据安全的义务和需求。With the continuous development of information technology, various online platforms are enriching people's lives, and along with it comes a large demand for ensuring information security. That is, online platforms have the obligation and need to ensure the security of the privacy data of the platform and its users.
因此,在线上平台内部,需要对某些业务链路中的数据实施安全处理。例如,在需要将数据库中的数据展示在前端页面时,需要将数据进行脱敏处理后再进行展示。再例如,在存储涉及隐私的数据时,可以先对数据进行同态加密再进行存储。Therefore, within the online platform, data in certain business links need to be processed securely. For example, when data in the database needs to be displayed on the front-end page, the data needs to be desensitized before display. For another example, when storing data involving privacy, the data can be homomorphically encrypted before storage.
在现有技术中,当需要在一个业务链路中加入数据安全处理的策略时,需要进行代码改造,再进行重新的上线,这种方式在效率上往往较低。In the prior art, when a data security processing strategy needs to be added to a business link, code modification is required and then the system is put back online, which is often inefficient.
所以,如何提高在业务链路中加入数据安全处理策略的效率,则是一个亟待解决的问题。Therefore, how to improve the efficiency of adding data security processing strategies to the business chain is an urgent problem to be solved.
发明内容Summary of the invention
本说明书提供一种业务执行的方法、装置、存储介质及电子设备,以提高在业务链路中加入数据安全处理功能的效率。The present specification provides a method, device, storage medium and electronic device for executing a service to improve the efficiency of adding a data security processing function to a service link.
本说明书采用下述技术方案。This manual adopts the following technical solution.
本说明书提供一种业务执行的方法,包括:确定执行目标业务所使用的目标进程的进程标识,以及确定出所述目标进程中的目标注入点位;根据所述进程标识以及所述目标注入点位,将预设的字节码程序注入到所述目标进程的目标注入点位中;通过所述字节码程序,获取所述目标进程在执行所述目标业务时所述目标注入点位处所需使用的原始业务数据;通过所述字节码程序,调用预先部署的数据安全组件,以通过所述数据安全组件,对所述原始业务数据进行处理,得到处理后的业务数据;基于所述处理后的业务数据,继续通过所述目标进程执行所述目标业务。 The present specification provides a method for executing a business, including: determining the process identifier of a target process used to execute a target business, and determining a target injection point in the target process; injecting a preset bytecode program into the target injection point of the target process according to the process identifier and the target injection point; obtaining, through the bytecode program, original business data required for use by the target process at the target injection point when executing the target business; calling, through the bytecode program, a pre-deployed data security component to process the original business data through the data security component to obtain processed business data; and continuing to execute the target business through the target process based on the processed business data.
可选地,确定执行目标业务所使用的目标进程的进程标识,包括:查询运行的各进程的进程标识;从所述各进程中选取出执行所述目标业务所使用的目标进程,并确定出所述目标进程的进程标识。Optionally, determining the process ID of a target process used to execute a target business includes: querying the process IDs of each running process; selecting a target process used to execute the target business from the processes, and determining the process ID of the target process.
可选地,通过所述字节码程序,获取所述目标进程在执行所述目标业务时所述目标注入点位处所需使用的原始业务数据,具体包括:通过所述字节码程序,获取所述目标进程在执行所述目标业务时所述目标注入点位处对应的局部变量表中的原始业务数据,并将所述原始业务数据压入到操作数栈中;通过所述字节码程序,调用预先部署的数据安全组件,以通过所述数据安全组件,对所述原始业务数据进行处理,得到处理后的业务数据,具体包括:通过所述字节码程序,调用数据安全组件,以将所述操作数栈中的原始业务数据进行处理,得到处理后的业务数据,并将所述处理后的业务数据返回到所述操作数栈中;基于所述处理后的业务数据,继续通过所述目标进程执行所述目标业务,具体包括:通过所述字节码程序,将所述局部变量表中的原始业务数据替换为所述操作数栈中处理后的业务数据,以基于所述局部变量表中处理后的业务数据,继续通过所述目标进程执行所述目标业务。Optionally, the original business data required for use at the target injection point when the target process executes the target business is obtained through the bytecode program, specifically including: obtaining, through the bytecode program, the original business data in the local variable table corresponding to the target injection point when the target process executes the target business, and pushing the original business data into the operand stack; calling, through the bytecode program, a pre-deployed data security component to process the original business data through the data security component to obtain processed business data, specifically including: calling, through the bytecode program, a data security component to process the original business data in the operand stack to obtain processed business data, and returning the processed business data to the operand stack; based on the processed business data, continuing to execute the target business through the target process, specifically including: replacing the original business data in the local variable table with the processed business data in the operand stack through the bytecode program, so as to continue to execute the target business through the target process based on the processed business data in the local variable table.
可选地,所述目标注入点位通过全限定类名和全限定方法名进行标识。Optionally, the target injection point is identified by a fully qualified class name and a fully qualified method name.
本说明书提供一种业务执行的装置,包括:确定模块,用于确定执行目标业务所使用的目标进程的进程标识,以及确定出所述目标进程中的目标注入点位;注入模块,用于根据所述进程标识以及所述目标注入点位,将预设的字节码程序注入到所述目标进程的目标注入点位中;获取模块,用于通过所述字节码程序,获取所述目标进程在执行所述目标业务时所述目标注入点位处所需使用的原始业务数据;调用模块,用于通过所述字节码程序,调用预先部署的数据安全组件,以通过所述数据安全组件,对所述原始业务数据进行处理,得到处理后的业务数据;执行模块,用于基于所述处理后的业务数据,继续通过所述目标进程执行所述目标业务。The present specification provides a device for executing a business, including: a determination module, used to determine the process identifier of a target process used to execute a target business, and to determine a target injection point in the target process; an injection module, used to inject a preset bytecode program into the target injection point of the target process according to the process identifier and the target injection point; an acquisition module, used to obtain, through the bytecode program, original business data required to be used at the target injection point when the target process executes the target business; a calling module, used to call a pre-deployed data security component through the bytecode program, so as to process the original business data through the data security component to obtain processed business data; and an execution module, used to continue to execute the target business through the target process based on the processed business data.
可选地,所述确定模块具体用于,查询运行的各进程的进程标识;从所述各进程中选取出执行所述目标业务所使用的目标进程,并确定出所述目标进程的进程标识。Optionally, the determination module is specifically used to query the process identifiers of each running process; select a target process used to execute the target business from the processes, and determine the process identifier of the target process.
可选地,所述获取模块具体用于,通过所述字节码程序,获取所述目标进程在执行所述目标业务时所述目标注入点位处对应的局部变量表中的原始业务数据,并将所述原始业务数据压入到操作数栈中;所述调用模块具体用于,通过所述字节码程序,调用数据安全组件,以将所述操作数栈中的原始业务数据进行处理,得到处理后的业务数据,并将所述处理后的业务数据返回到所述操作数栈中;所述执行模块具体用于,通过所述 字节码程序,将所述局部变量表中的原始业务数据替换为所述操作数栈中处理后的业务数据,以基于所述局部变量表中处理后的业务数据,继续通过所述目标进程执行所述目标业务。Optionally, the acquisition module is specifically used to, through the bytecode program, acquire the original business data in the local variable table corresponding to the target injection point when the target process executes the target business, and push the original business data into the operand stack; the calling module is specifically used to, through the bytecode program, call the data security component to process the original business data in the operand stack to obtain the processed business data, and return the processed business data to the operand stack; the execution module is specifically used to, through the The bytecode program replaces the original business data in the local variable table with the processed business data in the operand stack, so as to continue to execute the target business through the target process based on the processed business data in the local variable table.
可选地,所述目标注入点位通过全限定类名和全限定方法名进行标识。Optionally, the target injection point is identified by a fully qualified class name and a fully qualified method name.
本说明书提供了一种计算机可读存储介质,所述存储介质存储有计算机程序,所述计算机程序被处理器执行时实现上述业务执行的方法。This specification provides a computer-readable storage medium, which stores a computer program. When the computer program is executed by a processor, the method for executing the above-mentioned service is implemented.
本说明书提供了一种电子设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述程序时实现上述业务执行的方法。This specification provides an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the above-mentioned service execution method when executing the program.
本说明书采用的上述至少一个技术方案能够达到以下有益效果。At least one of the above technical solutions adopted in this specification can achieve the following beneficial effects.
在本说明书中提供的业务执行的方法中,确定执行目标业务所使用的目标进程的进程标识,以及确定出该目标进程中的目标注入点位,而后,可以根据进程标识以及目标注入点位,将预设的字节码程序注入到目标进程的目标注入点位中,进而,可以通过字节码程序,获取目标进程在执行目标业务时目标注入点位处所需使用的原始业务数据。通过字节码程序,调用预先部署的数据安全组件,以通过数据安全组件,对原始业务数据进行处理,得到处理后的业务数据,基于处理后的业务数据,继续通过目标进程执行目标业务。In the method for executing a business provided in this specification, the process identifier of the target process used to execute the target business is determined, and the target injection point in the target process is determined. Then, according to the process identifier and the target injection point, the preset bytecode program can be injected into the target injection point of the target process, and then, the original business data required to be used at the target injection point when the target process executes the target business can be obtained through the bytecode program. Through the bytecode program, the pre-deployed data security component is called to process the original business data through the data security component to obtain the processed business data, and based on the processed business data, the target business is continued to be executed through the target process.
从上述内容中可以看出,本说明书中提供的业务执行的方法可以通过预先编写出的字节码程序,获取出业务链路中需要进行安全处理的业务数据,以及通过该字节码程序调用数据安全组件对进程的业务链路中目标注入点位处的原始业务数据进行处理,而后进程可根据处理后的业务数据继续执行业务,从而相比于现有技术,在一定程度上提高了在业务链路中加入安全处理策略的效率。From the above content, it can be seen that the business execution method provided in this specification can obtain the business data that needs to be securely processed in the business chain through a pre-written bytecode program, and call the data security component through the bytecode program to process the original business data at the target injection point in the business chain of the process. The process can then continue to execute the business based on the processed business data, thereby improving the efficiency of adding security processing strategies to the business chain to a certain extent compared to the existing technology.
此处所说明的附图用来提供对本说明书的进一步理解,构成本说明书的一部分,本说明书的示意性实施例及其说明用于解释本说明书,并不构成对本说明书的不当限定。The drawings described herein are used to provide further understanding of this specification and constitute a part of this specification. The illustrative embodiments of this specification and their descriptions are used to explain this specification and do not constitute improper limitations on this specification.
图1为本说明书中一种业务执行的方法的流程示意图。FIG1 is a schematic flow chart of a method for executing a service in this specification.
图2为本说明书提供的一种字节码注入的示意图。FIG. 2 is a schematic diagram of bytecode injection provided in this specification.
图3为本说明书提供的一种业务执行的装置示意图。 FIG. 3 is a schematic diagram of a device for executing a service provided in this specification.
图4为本说明书提供的一种对应于图1的电子设备示意图。FIG. 4 is a schematic diagram of an electronic device provided in this specification corresponding to FIG. 1 .
为使本说明书的目的、技术方案和优点更加清楚,下面将结合本说明书具体实施例及相应的附图对本说明书技术方案进行清楚、完整地描述。显然,所描述的实施例仅是本说明书一部分实施例,而不是全部的实施例。基于本说明书中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本说明书保护的范围。In order to make the purpose, technical solutions and advantages of this specification more clear, the technical solutions of this specification will be clearly and completely described below in combination with the specific embodiments of this specification and the corresponding drawings. Obviously, the described embodiments are only part of the embodiments of this specification, not all of them. Based on the embodiments in this specification, all other embodiments obtained by ordinary technicians in this field without creative work are within the scope of protection of this specification.
以下结合附图,详细说明本说明书各实施例提供的技术方案。The technical solutions provided by the embodiments of this specification are described in detail below in conjunction with the accompanying drawings.
图1为本说明书中一种业务执行的方法的流程示意图,具体包括以下步骤。FIG1 is a flow chart of a method for executing a service in this specification, which specifically includes the following steps.
S100:确定执行目标业务所使用的目标进程的进程标识,以及确定出所述目标进程中的目标注入点位。S100: Determine a process identifier of a target process used to execute a target business, and determine a target injection point in the target process.
S102:根据所述进程标识以及所述目标注入点位,将预设的字节码程序注入到所述目标进程的目标注入点位中。S102: Injecting a preset bytecode program into a target injection point of the target process according to the process identifier and the target injection point.
服务器运行一套软件系统时,该软件系统可以用于执行一种或多种业务,为了执行业务,服务器内部可以存在有许多的进程,不同业务下存在有不同的进程,每个进程所执行的功能可以存在一定不同。When a server runs a software system, the software system can be used to execute one or more businesses. In order to execute the business, there may be many processes inside the server. Different businesses have different processes, and the functions executed by each process may be different.
由于保证数据安全的需求对线上平台来说越来越重要,线上平台需要对内部的服务器等设备中运行的软件系统中连续的业务链路加入数据安全处理策略,这就需要在进程中加入数据安全处理的逻辑。As the need to ensure data security becomes increasingly important for online platforms, online platforms need to add data security processing strategies to continuous business links in software systems running in internal servers and other devices. This requires adding data security processing logic to the process.
基于此,服务器可以确定执行目标业务所使用的目标进程的进程标识,以及确定该目标进程中的目标注入点位,而后,可以根据进程标识以及目标注入点位,将预设的字节码程序注入到目标进程的目标注入点位中。Based on this, the server can determine the process ID of the target process used to execute the target business, and determine the target injection point in the target process. Then, according to the process ID and the target injection point, the preset bytecode program can be injected into the target injection point of the target process.
其中,服务器可以查询运行的各进程的进程标识(进程标识可以为进程id),并且,可以从各进程中选取出执行目标业务所使用的目标进程,并确定出该目标进程的进程标识。The server may query the process identifier of each running process (the process identifier may be a process id), and may select a target process used to execute a target business from each process, and determine the process identifier of the target process.
具体的,目标进程可以存在多种,例如,当进程需要通过网络传输从数据库中获取到数据并展示在前端页面(如网页或用户的app中),则该进程可以为目标进程。再例 如,当进程需要将获取到的数据存储在系统日志中,则该进程可以为目标进程。Specifically, there can be multiple target processes. For example, when a process needs to obtain data from a database through network transmission and display it on a front-end page (such as a web page or a user's app), the process can be the target process. For example, when a process needs to store acquired data in a system log, the process may be a target process.
需要说明的是,可以通过人为的方式选取出目标进程,从而在查询出各进程的进程标识后,得到该目标进程的进程标识。It should be noted that the target process can be selected manually, so that after the process IDs of each process are queried, the process ID of the target process can be obtained.
由于在每次启动服务器时,同一进程的进程id可能存在改变,因此,在查询时可以查询出各进程对应的应用名和进程id,每个进程的应用名和进程id一一对应,可以通过确定出执行目标业务所使用的进程中需要数据安全处理的目标进程对应的应用名,通过应用名定位到目标进程的进程id。其中,通过jps指令可以查询出在服务器中运行的各进程的应用名和进程id。Since the process ID of the same process may change each time the server is started, the application name and process ID corresponding to each process can be queried during the query. The application name and process ID of each process correspond one to one. The application name corresponding to the target process that needs data security processing among the processes used to execute the target business can be determined, and the process ID of the target process can be located by the application name. The application name and process ID of each process running in the server can be queried through the jps command.
上述提到的目标业务也可以根据实际需要进行定义,例如,服务器维护有支付业务、交易业务等,可以从中选取出需要添加数据安全处理的业务,作为目标业务。The target business mentioned above can also be defined according to actual needs. For example, the server maintains payment business, transaction business, etc., and the business that needs to add data security processing can be selected as the target business.
S104:通过所述字节码程序,获取所述目标进程在执行所述目标业务时所述目标注入点位处所需使用的原始业务数据。S104: Acquire, through the bytecode program, original business data required for use at the target injection point when the target process executes the target business.
S106:通过所述字节码程序,调用预先部署的数据安全组件,以通过所述数据安全组件,对所述原始业务数据进行处理,得到处理后的业务数据。S106: calling a pre-deployed data security component through the bytecode program to process the original business data through the data security component to obtain processed business data.
S108:基于所述处理后的业务数据,继续通过所述目标进程执行所述目标业务。S108: Based on the processed business data, continue to execute the target business through the target process.
在确定出目标进程的进程标识和目标进程中的目标注入点位后,可以将预设的字节码程序注入到目标进程的目标注入点位中,以通过该字节码程序,获取目标进程中目标注入点位处的原始业务数据,并通过该字节码程序调用预先部署的数据安全组件,以通过该数据安全组件,将原始业务数据进行处理,得到处理后的业务数据,以基于处理后的业务数据继续执行上述目标业务。After determining the process identifier of the target process and the target injection point in the target process, the preset bytecode program can be injected into the target injection point of the target process, so as to obtain the original business data at the target injection point in the target process through the bytecode program, and call the pre-deployed data security component through the bytecode program to process the original business data through the data security component to obtain processed business data, so as to continue to execute the above-mentioned target business based on the processed business data.
上述字节码程序可以是人为按照字节码(Java字节码)的形式编写出的,上述数据安全组件可以为jar包的形式,该字节码程序的作用是:在注入到目标注入点位后,获取目标注入点位处需要进行安全处理的原始业务数据,调用数据安全组件将该原始业务数据进行处理,得到处理后的业务数据。The above-mentioned bytecode program can be artificially written in the form of bytecode (Java bytecode), and the above-mentioned data security component can be in the form of a jar package. The function of the bytecode program is: after being injected into the target injection point, obtaining the original business data that needs to be securely processed at the target injection point, calling the data security component to process the original business data, and obtaining the processed business data.
其中需要结合Java的attach机制和instrumentation机制进行字节码程序的注入,可以通过attach机制指定进程id来启动注入器(agant程序),通过注入器结合instrumentation机制将字节码程序注入到目标进程中。It is necessary to combine Java's attach mechanism and instrumentation mechanism to inject the bytecode program. The process id can be specified through the attach mechanism to start the injector (agant program), and the bytecode program can be injected into the target process through the injector combined with the instrumentation mechanism.
其中,通过上述字节码程序,可以获取目标进程中目标注入点位处对应的局部变量 表中的原始业务数据,并将原始业务数据压入到操作数栈中,而后,可以通过该字节码程序调用数据安全组件将操作数栈中的原始业务数据进行处理,得到处理后的业务数据,并将处理后的业务数据返回到操作数栈,字节码程序将局部变量表中的原始业务数据替换为操作数栈中处理后的业务数据,以完成对原始业务数据的处理,而后,目标进程可以基于局部变量表中处理后的业务数据,继续执行目标业务。Among them, through the above bytecode program, the local variables corresponding to the target injection point in the target process can be obtained The original business data in the local variable table is obtained by the bytecode program, and the original business data is pushed into the operand stack. Then, the data security component can be called through the bytecode program to process the original business data in the operand stack to obtain the processed business data, and the processed business data is returned to the operand stack. The bytecode program replaces the original business data in the local variable table with the processed business data in the operand stack to complete the processing of the original business data. Then, the target process can continue to execute the target business based on the processed business data in the local variable table.
需要说明的是,这里提到的原始业务数据可以是存在有安全处理需求的数据,如涉及用户隐私的数据。因此,字节码程序可以从局部变量表中筛选出目标类型的数据,作为原始业务数据,目标类型可以人为进行设定。It should be noted that the original business data mentioned here may be data that has security processing requirements, such as data involving user privacy. Therefore, the bytecode program can filter out data of the target type from the local variable table as the original business data, and the target type can be set manually.
图2为本说明书提供的一种字节码注入的示意图。FIG. 2 is a schematic diagram of bytecode injection provided in this specification.
如图2所示,假设目标注入点位位于A逻辑与B逻辑之间,则将字节码程序注入后,在进程执行到A逻辑后,字节码程序将调用数据安全组件对原始业务数据进行安全处理,并将处理后的业务数据放回到原始的位置,进而进程可以继续执行B逻辑。从而,能够在用户无感知的情况下,实现在业务链路中加入数据安全处理策略。As shown in Figure 2, assuming that the target injection point is located between logic A and logic B, after the bytecode program is injected, after the process executes to logic A, the bytecode program will call the data security component to perform security processing on the original business data, and put the processed business data back to the original location, and then the process can continue to execute logic B. Thus, it is possible to add data security processing strategies to the business chain without the user's awareness.
因此,上述提到的数据安全组件可以是专门用于将数据进行安全处理的程序,例如,该数据安全组件可以将数据进行加密、脱敏等。再例如,该数据安全组件也可以用于对用户进行安全校验。Therefore, the data security component mentioned above may be a program specifically used for processing data securely, for example, the data security component may encrypt or desensitize the data, etc. For another example, the data security component may also be used for security verification of users.
例如,可以获取到与用户身份相关的原始业务数据,并基于原始业务数据通过数据安全组件对用户进行身份验证,处理后的业务数据可以用于表示用户的身份验证是否通过。For example, original business data related to the user's identity can be obtained, and the user's identity can be authenticated through the data security component based on the original business data. The processed business data can be used to indicate whether the user's identity authentication is successful.
需要说明的是,上述目标注入点位可以通过全限定类名和全限定方法名进行标识。It should be noted that the above target injection points can be identified by fully qualified class names and fully qualified method names.
从上述内容中可以看出,本说明书中提供的业务执行的方法可以通过预先编写出的字节码程序,获取出业务链路中需要进行安全处理的业务数据,以及通过该字节码程序调用数据安全组件对进程的业务链路中目标注入点位处的原始业务数据进行处理,而后进程可根据处理后的业务数据继续执行业务,从而相比于现有技术,在一定程度上提高了在业务链路中加入安全处理策略的效率。From the above content, it can be seen that the business execution method provided in this specification can obtain the business data that needs to be securely processed in the business chain through a pre-written bytecode program, and call the data security component through the bytecode program to process the original business data at the target injection point in the business chain of the process. The process can then continue to execute the business based on the processed business data, thereby improving the efficiency of adding security processing strategies to the business chain to a certain extent compared to the existing technology.
需要说明的是,为了便于描述,在上述内容中将执行本方法的执行主体作为服务器进行描述,本方法的执行主体可以是计算机、大型的服务平台等,在此不进行限定。It should be noted that, for ease of description, the execution subject of the method is described as a server in the above content. The execution subject of the method can be a computer, a large service platform, etc., which is not limited here.
以上为本说明书的一个或多个实施例提供的业务执行的方法,基于同样的思路,本说明书还提供了业务执行的装置,如图3所示。 The above is a method for executing services provided in one or more embodiments of this specification. Based on the same idea, this specification also provides a device for executing services, as shown in FIG3 .
图3为本说明书提供的一种业务执行的装置示意图,具体包括:确定模块301,用于确定执行目标业务所使用的目标进程的进程标识,以及确定出所述目标进程中的目标注入点位;注入模块302,用于根据所述进程标识以及所述目标注入点位,将预设的字节码程序注入到所述目标进程的目标注入点位中;获取模块303,用于通过所述字节码程序,获取所述目标进程在执行所述目标业务时所述目标注入点位处所需使用的原始业务数据;调用模块304,用于通过所述字节码程序,调用预先部署的数据安全组件,以通过所述数据安全组件,对所述原始业务数据进行处理,得到处理后的业务数据;执行模块305,用于基于所述处理后的业务数据,继续通过所述目标进程执行所述目标业务。Figure 3 is a schematic diagram of a business execution device provided in this specification, which specifically includes: a determination module 301, used to determine the process identifier of the target process used to execute the target business, and determine the target injection point in the target process; an injection module 302, used to inject a preset bytecode program into the target injection point of the target process according to the process identifier and the target injection point; an acquisition module 303, used to obtain, through the bytecode program, the original business data required to be used by the target process at the target injection point when executing the target business; a calling module 304, used to call a pre-deployed data security component through the bytecode program, so as to process the original business data through the data security component to obtain processed business data; an execution module 305, used to continue to execute the target business through the target process based on the processed business data.
可选地,所述确定模块301具体用于,查询运行的各进程的进程标识;从所述各进程中选取出执行所述目标业务所使用的目标进程,并确定出所述目标进程的进程标识。Optionally, the determination module 301 is specifically used to query the process identifiers of each running process; select a target process used to execute the target business from the processes, and determine the process identifier of the target process.
可选地,所述获取模块303具体用于,通过所述字节码程序,获取所述目标进程在执行所述目标业务时所述目标注入点位处对应的局部变量表中的原始业务数据,并将所述原始业务数据压入到操作数栈中;所述调用模块304具体用于,通过所述字节码程序,调用数据安全组件,以将所述操作数栈中的原始业务数据进行处理,得到处理后的业务数据,并将所述处理后的业务数据返回到所述操作数栈中;所述执行模块305具体用于,通过所述字节码程序,将所述局部变量表中的原始业务数据替换为所述操作数栈中处理后的业务数据,以基于所述局部变量表中处理后的业务数据,继续通过所述目标进程执行所述目标业务。Optionally, the acquisition module 303 is specifically used to acquire, through the bytecode program, the original business data in the local variable table corresponding to the target injection point when the target process executes the target business, and push the original business data into the operand stack; the calling module 304 is specifically used to call the data security component through the bytecode program to process the original business data in the operand stack to obtain processed business data, and return the processed business data to the operand stack; the execution module 305 is specifically used to replace the original business data in the local variable table with the processed business data in the operand stack through the bytecode program, so as to continue to execute the target business through the target process based on the processed business data in the local variable table.
可选地,所述目标注入点位通过全限定类名和全限定方法名进行标识。Optionally, the target injection point is identified by a fully qualified class name and a fully qualified method name.
本说明书还提供了一种计算机可读存储介质,该存储介质存储有计算机程序,计算机程序可用于执行上述业务执行的方法。This specification also provides a computer-readable storage medium, which stores a computer program. The computer program can be used to execute the above-mentioned service execution method.
本说明书还提供了图4所示的电子设备的示意结构图。如图4所述,在硬件层面,该电子设备包括处理器、内部总线、网络接口、内存以及非易失性存储器,当然还可能包括其他业务所需要的硬件。处理器从非易失性存储器中读取对应的计算机程序到内存中然后运行,以实现上述业务执行的方法。当然,除了软件实现方式之外,本说明书并不排除其他实现方式,比如逻辑器件抑或软硬件结合的方式等等,也就是说以下处理流程的执行主体并不限定于各个逻辑单元,也可以是硬件或逻辑器件。This specification also provides a schematic structural diagram of the electronic device shown in Figure 4. As shown in Figure 4, at the hardware level, the electronic device includes a processor, an internal bus, a network interface, a memory, and a non-volatile memory, and of course may also include hardware required for other services. The processor reads the corresponding computer program from the non-volatile memory into the memory and then runs it to implement the above-mentioned service execution method. Of course, in addition to the software implementation method, this specification does not exclude other implementation methods, such as logic devices or a combination of software and hardware, etc., that is to say, the execution subject of the following processing flow is not limited to each logic unit, but can also be hardware or logic devices.
在20世纪90年代,对于一个技术的改进可以很明显地区分是硬件上的改进(例如,对二极管、晶体管、开关等电路结构的改进)还是软件上的改进(对于方法流程的改进)。 然而,随着技术的发展,当今的很多方法流程的改进已经可以视为硬件电路结构的直接改进。设计人员几乎都通过将改进的方法流程编程到硬件电路中来得到相应的硬件电路结构。因此,不能说一个方法流程的改进就不能用硬件实体模块来实现。例如,可编程逻辑器件(Programmable Logic Device,PLD)(例如现场可编程门阵列(Field Programmable Gate Array,FPGA))就是这样一种集成电路,其逻辑功能由用户对器件编程来确定。由设计人员自行编程来把一个数字系统“集成”在一片PLD上,而不需要请芯片制造厂商来设计和制作专用的集成电路芯片。而且,如今,取代手工地制作集成电路芯片,这种编程也多半改用“逻辑编译器(logic compiler)”软件来实现,它与程序开发撰写时所用的软件编译器相类似,而要编译之前的原始代码也得用特定的编程语言来撰写,此称之为硬件描述语言(Hardware Description Language,HDL),而HDL也并非仅有一种,而是有许多种,如ABEL(Advanced Boolean Expression Language)、AHDL(Altera Hardware Description Language)、Confluence、CUPL(Cornell University Programming Language)、HDCal、JHDL(Java Hardware Description Language)、Lava、Lola、MyHDL、PALASM、RHDL(Ruby Hardware Description Language)等,目前最普遍使用的是VHDL(Very-High-Speed Integrated Circuit Hardware Description Language)与Verilog。本领域技术人员也应该清楚,只需要将方法流程用上述几种硬件描述语言稍作逻辑编程并编程到集成电路中,就可以很容易得到实现该逻辑方法流程的硬件电路。In the 1990s, improvements to a technology could be clearly distinguished as hardware improvements (for example, improvements to circuit structures such as diodes, transistors, switches, etc.) or software improvements (improvements to method flows). However, with the development of technology, many improvements in today's method flows can be regarded as direct improvements in hardware circuit structures. Designers almost always obtain the corresponding hardware circuit structure by programming the improved method flow into the hardware circuit. Therefore, it cannot be said that the improvement of a method flow cannot be implemented using hardware entity modules. For example, a programmable logic device (PLD) (such as a field programmable gate array (FPGA)) is such an integrated circuit whose logical function is determined by the user's programming of the device. Designers can "integrate" a digital system on a PLD by programming themselves, without having to ask a chip manufacturer to design and produce a dedicated integrated circuit chip. Moreover, nowadays, instead of manually making integrated circuit chips, this kind of programming is mostly implemented by "logic compiler" software, which is similar to the software compiler used when developing and writing programs, and the original code before compilation must also be written in a specific programming language, which is called hardware description language (HDL). There is not only one HDL, but many kinds, such as ABEL (Advanced Boolean Expression Language), AHDL (Altera Hardware Description Language), Confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (Java Hardware Description Language), Lava, Lola, MyHDL, PALASM, RHDL (Ruby Hardware Description Language), etc. The most commonly used ones are VHDL (Very-High-Speed Integrated Circuit Hardware Description Language) and Verilog. Those skilled in the art should also know that it is only necessary to program the method flow slightly in the above-mentioned hardware description languages and program it into the integrated circuit, and then it is easy to obtain the hardware circuit that implements the logic method flow.
控制器可以按任何适当的方式实现,例如,控制器可以采取例如微处理器或处理器以及存储可由该(微)处理器执行的计算机可读程序代码(例如软件或固件)的计算机可读介质、逻辑门、开关、专用集成电路(Application Specific Integrated Circuit,ASIC)、可编程逻辑控制器和嵌入微控制器的形式,控制器的例子包括但不限于以下微控制器:ARC 625D、Atmel AT91SAM、Microchip PIC18F26K20以及Silicone Labs C8051F320,存储器控制器还可以被实现为存储器的控制逻辑的一部分。本领域技术人员也知道,除了以纯计算机可读程序代码方式实现控制器以外,完全可以通过将方法步骤进行逻辑编程来使得控制器以逻辑门、开关、专用集成电路、可编程逻辑控制器和嵌入微控制器等的形式来实现相同功能。因此这种控制器可以被认为是一种硬件部件,而对其内包括的用于实现各种功能的装置也可以视为硬件部件内的结构。或者甚至,可以将用于实现各种功能的装置视为既可以是实现方法的软件模块又可以是硬件部件内的结构。The controller may be implemented in any suitable manner, for example, the controller may take the form of a microprocessor or processor and a computer readable medium storing a computer readable program code (e.g., software or firmware) executable by the (micro)processor, a logic gate, a switch, an application specific integrated circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include but are not limited to the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320, and the memory controller may also be implemented as part of the control logic of the memory. It is also known to those skilled in the art that in addition to implementing the controller in a purely computer readable program code manner, the controller may be implemented in the form of a logic gate, a switch, an application specific integrated circuit, a programmable logic controller, and an embedded microcontroller by logically programming the method steps. Therefore, such a controller may be considered as a hardware component, and the means for implementing various functions included therein may also be considered as a structure within the hardware component. Or even, the means for implementing various functions may be considered as both a software module for implementing the method and a structure within the hardware component.
上述实施例阐明的系统、装置、模块或单元,具体可以由计算机芯片或实体实现,或者由具有某种功能的产品来实现。一种典型的实现设备为计算机。具体的,计算机例如可以为个人计算机、膝上型计算机、蜂窝电话、相机电话、智能电话、个人数字助理、 媒体播放器、导航设备、电子邮件设备、游戏控制台、平板计算机、可穿戴设备或者这些设备中的任何设备的组合。The systems, devices, modules or units described in the above embodiments may be implemented by computer chips or entities, or by products with certain functions. A typical implementation device is a computer. Specifically, the computer may be, for example, a personal computer, a laptop computer, a cellular phone, a camera phone, a smart phone, a personal digital assistant, A media player, a navigation device, an email device, a gaming console, a tablet computer, a wearable device, or a combination of any of these devices.
为了描述的方便,描述以上装置时以功能分为各种单元分别描述。当然,在实施本说明书时可以把各单元的功能在同一个或多个软件和/或硬件中实现。For the convenience of description, the above device is described by dividing it into various units according to its functions. Of course, when implementing this specification, the functions of each unit can be implemented in the same or multiple software and/or hardware.
本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程序产品。因此,本发明可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will appreciate that embodiments of the present invention may be provided as methods, systems, or computer program products. Therefore, the present invention may take the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, the present invention may take the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.
本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to the flowchart and/or block diagram of the method, device (system), and computer program product according to the embodiment of the present invention. It should be understood that each process and/or box in the flowchart and/or block diagram, as well as the combination of the process and/or box in the flowchart and/or block diagram can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, a special-purpose computer, an embedded processor or other programmable data processing device to produce a machine, so that the instructions executed by the processor of the computer or other programmable data processing device produce a device for implementing the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing device to work in a specific manner, so that the instructions stored in the computer-readable memory produce a manufactured product including an instruction device that implements the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions may also be loaded onto a computer or other programmable data processing device so that a series of operational steps are executed on the computer or other programmable device to produce a computer-implemented process, whereby the instructions executed on the computer or other programmable device provide steps for implementing the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.
在一个典型的配置中,计算设备包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。In a typical configuration, a computing device includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.
内存可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM)。内存是计算机可读介质的示例。 The memory may include non-permanent storage in a computer-readable medium, random access memory (RAM) and/or non-volatile memory in the form of read-only memory (ROM) or flash RAM. The memory is an example of a computer-readable medium.
计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁磁盘存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。Computer readable media include permanent and non-permanent, removable and non-removable media that can be implemented by any method or technology to store information. Information can be computer readable instructions, data structures, program modules or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, compact disk read-only memory (CD-ROM), digital versatile disk (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices or any other non-transmission media that can be used to store information that can be accessed by a computing device. As defined in this article, computer readable media does not include temporary computer readable media (transitory media), such as modulated data signals and carrier waves.
还需要说明的是,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、商品或者设备中还存在另外的相同要素。It should also be noted that the terms "include", "comprises" or any other variations thereof are intended to cover non-exclusive inclusion, so that a process, method, commodity or device including a series of elements includes not only those elements, but also other elements not explicitly listed, or also includes elements inherent to such process, method, commodity or device. In the absence of more restrictions, the elements defined by the sentence "comprises a ..." do not exclude the existence of other identical elements in the process, method, commodity or device including the elements.
本领域技术人员应明白,本说明书的实施例可提供为方法、系统或计算机程序产品。因此,本说明书可采用完全硬件实施例、完全软件实施例或结合软件和硬件方面的实施例的形式。而且,本说明书可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will appreciate that the embodiments of this specification may be provided as methods, systems or computer program products. Therefore, this specification may take the form of a complete hardware embodiment, a complete software embodiment or an embodiment combining software and hardware. Moreover, this specification may take the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.
本说明书可以在由计算机执行的计算机可执行指令的一般上下文中描述,例如程序模块。一般地,程序模块包括执行特定任务或实现特定抽象数据类型的例程、程序、对象、组件、数据结构等等。也可以在分布式计算环境中实践本说明书,在这些分布式计算环境中,由通过通信网络而被连接的远程处理节点来执行任务。在分布式计算环境中,程序模块可以位于包括存储节点在内的本地和远程计算机存储介质中。This specification may be described in the general context of computer-executable instructions executed by a computer, such as program modules. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform specific tasks or implement specific abstract data types. This specification may also be practiced in distributed computing environments where tasks are performed by remote processing nodes connected through a communication network. In a distributed computing environment, program modules may be located in local and remote computer storage media, including storage nodes.
本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于系统实施例而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。Each embodiment in this specification is described in a progressive manner, and the same or similar parts between the embodiments can be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, for the system embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and the relevant parts can be referred to the partial description of the method embodiment.
以上所述仅为本说明书的实施例而已,并不用于限制本说明书。对于本领域技术人员来说,本说明书可以有各种更改和变化。凡在本说明书的精神和原理之内所作的任何 修改、等同替换、改进等,均应包含在本说明书的权利要求范围之内。 The above description is only an embodiment of the present specification and is not intended to limit the present specification. For those skilled in the art, the present specification may be modified and varied in various ways. Any modification or alteration made within the spirit and principle of the present specification is Modifications, equivalent substitutions, improvements, etc. should all be included in the scope of the claims of this specification.
Claims (10)
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311564564.3A CN117592104A (en) | 2023-11-21 | 2023-11-21 | A method, device, storage medium and electronic equipment for business execution |
| CN202311564564.3 | 2023-11-21 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| WO2025108032A1 true WO2025108032A1 (en) | 2025-05-30 |
Family
ID=89916158
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/CN2024/128493 Pending WO2025108032A1 (en) | 2023-11-21 | 2024-10-30 | Service execution |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN117592104A (en) |
| WO (1) | WO2025108032A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN120805194A (en) * | 2025-09-15 | 2025-10-17 | 浪潮云洲工业互联网有限公司 | ECLIPSE EDC-based trusted data space construction method, ECLIPSE EDC-based trusted data space construction equipment and medium |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117592104A (en) * | 2023-11-21 | 2024-02-23 | 支付宝(杭州)信息技术有限公司 | A method, device, storage medium and electronic equipment for business execution |
| CN118413363B (en) * | 2024-04-24 | 2025-11-25 | 中信银行股份有限公司 | Business data security enhancement methods, devices, equipment and storage media |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115185534A (en) * | 2022-07-18 | 2022-10-14 | 支付宝(杭州)信息技术有限公司 | Data desensitization method and device, readable storage medium and electronic equipment |
| US20220334828A1 (en) * | 2021-04-20 | 2022-10-20 | International Business Machines Corporation | Software upgrading using dynamic link library injection |
| CN115357940A (en) * | 2022-10-19 | 2022-11-18 | 支付宝(杭州)信息技术有限公司 | Data processing method and device, storage medium and electronic equipment |
| CN115495777A (en) * | 2022-09-08 | 2022-12-20 | 支付宝(杭州)信息技术有限公司 | A data protection method, device, storage medium and electronic equipment |
| CN117592104A (en) * | 2023-11-21 | 2024-02-23 | 支付宝(杭州)信息技术有限公司 | A method, device, storage medium and electronic equipment for business execution |
-
2023
- 2023-11-21 CN CN202311564564.3A patent/CN117592104A/en active Pending
-
2024
- 2024-10-30 WO PCT/CN2024/128493 patent/WO2025108032A1/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20220334828A1 (en) * | 2021-04-20 | 2022-10-20 | International Business Machines Corporation | Software upgrading using dynamic link library injection |
| CN115185534A (en) * | 2022-07-18 | 2022-10-14 | 支付宝(杭州)信息技术有限公司 | Data desensitization method and device, readable storage medium and electronic equipment |
| CN115495777A (en) * | 2022-09-08 | 2022-12-20 | 支付宝(杭州)信息技术有限公司 | A data protection method, device, storage medium and electronic equipment |
| CN115357940A (en) * | 2022-10-19 | 2022-11-18 | 支付宝(杭州)信息技术有限公司 | Data processing method and device, storage medium and electronic equipment |
| CN117592104A (en) * | 2023-11-21 | 2024-02-23 | 支付宝(杭州)信息技术有限公司 | A method, device, storage medium and electronic equipment for business execution |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN120805194A (en) * | 2025-09-15 | 2025-10-17 | 浪潮云洲工业互联网有限公司 | ECLIPSE EDC-based trusted data space construction method, ECLIPSE EDC-based trusted data space construction equipment and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117592104A (en) | 2024-02-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11314754B2 (en) | Data processing method, apparatus, and device | |
| WO2025108032A1 (en) | Service execution | |
| WO2020119264A1 (en) | Block chain-based screen recording evidence collection method and system, and electronic device | |
| CN113079200A (en) | Data processing method, device and system | |
| CN112307509B (en) | Desensitization processing method, device, medium and electronic device | |
| CN107066519B (en) | A task detection method and device | |
| WO2019105138A1 (en) | Service marking method, apparatus and device under multi-service system | |
| CN115374481B (en) | Data desensitization processing method and device, storage medium and electronic equipment | |
| CN114547024A (en) | A SQL statement risk detection method, device, equipment and medium | |
| WO2024221909A1 (en) | Data query method and apparatus | |
| CN111966709B (en) | Data query method, device and electronic equipment | |
| CN112579938B (en) | Page loading method, device, storage medium and electronic device | |
| CN111310137B (en) | Block chain associated data evidence storing method and device and electronic equipment | |
| WO2024078107A1 (en) | Database service execution method and apparatus | |
| CN114065186B (en) | Method for realizing single sign-on and automatic switching of subsystem login based on es6 | |
| CN106156050B (en) | Data processing method and device | |
| CN111967767A (en) | Business risk identification method, device, equipment and medium | |
| CN113673844A (en) | Information feedback method, device and equipment | |
| CN116432185B (en) | Abnormality detection method and device, readable storage medium and electronic equipment | |
| WO2024164707A1 (en) | Data desensitization method and apparatus, device and readable storage medium | |
| CN118132168A (en) | Function injection method, device, storage medium and electronic device | |
| CN110704134A (en) | Method and device for performing function expansion on block chain | |
| CN116305205A (en) | Data encryption processing method, device and equipment | |
| CN110750271B (en) | Service aggregation, method and device for executing aggregated service and electronic equipment | |
| CN115827589A (en) | A permission verification method, device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 24893190 Country of ref document: EP Kind code of ref document: A1 |