CN115378735A - Data processing method and device, storage medium and electronic equipment - Google Patents

Data processing method and device, storage medium and electronic equipment Download PDF

Info

Publication number
CN115378735A
CN115378735A CN202211282366.3A CN202211282366A CN115378735A CN 115378735 A CN115378735 A CN 115378735A CN 202211282366 A CN202211282366 A CN 202211282366A CN 115378735 A CN115378735 A CN 115378735A
Authority
CN
China
Prior art keywords
data
program
transmitted
tangent plane
data processing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211282366.3A
Other languages
Chinese (zh)
Other versions
CN115378735B (en
Inventor
刘焱
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alipay Hangzhou Information Technology Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN202211282366.3A priority Critical patent/CN115378735B/en
Publication of CN115378735A publication Critical patent/CN115378735A/en
Application granted granted Critical
Publication of CN115378735B publication Critical patent/CN115378735B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)

Abstract

The embodiment of the specification relates to a safety tangent plane, and when a service application program transmits data to a data receiver, a tangent plane program for processing the data to be transmitted and a tangent point corresponding to the tangent plane program are obtained. Based on the tangent point, the tangent program is injected into the service application program. And determining a network address corresponding to the data receiver through the tangent plane program, judging whether the network address is an overseas network address, and if so, performing data identification on the data to be transmitted to obtain an identification result. And determining a data processing strategy aiming at the data to be transmitted according to the identification result, and processing the data to be transmitted according to the determined data processing strategy. And effectively judging whether the data to be transmitted belongs to the cross-border data or not through the tangent plane program, and processing the data to be transmitted according to the determined data processing strategy under the condition that the data to be transmitted belongs to the cross-border data.

Description

Data processing method and device, storage medium and electronic equipment
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to a data processing method, an apparatus, a storage medium, and an electronic device.
Background
With the development of the internet, many cross-border data exist in the network. When cross-border data is transmitted, in order to avoid revealing privacy data of a user, data processing needs to be carried out on the cross-border data.
When the cross-border data is processed, the existing method cannot effectively identify the cross-border data and cannot effectively process the cross-border data.
Disclosure of Invention
Embodiments of the present specification provide a data processing method, an apparatus, a storage medium, and an electronic device, so as to partially solve the problems in the prior art.
The embodiment of the specification adopts the following technical scheme:
the present specification provides a data processing method, including:
when a service application program transmits data to a data receiver, acquiring a tangent plane program for processing the data to be transmitted and a tangent point corresponding to the tangent plane program;
based on the tangent point, injecting the tangent program into the business application program;
determining a network address corresponding to the data receiver through the tangent plane program, and judging whether the network address is an overseas network address;
if so, carrying out data identification on the data to be transmitted through the tangent plane program to obtain an identification result, determining a data processing strategy aiming at the data to be transmitted according to the identification result, and carrying out data processing on the data to be transmitted according to the data processing strategy.
Optionally, when the service application transmits data to the data receiver, acquiring a tangent plane program for performing data processing on data to be transmitted and a tangent point corresponding to the tangent plane program, specifically including:
when a service application program transmits data to a data receiver, determining a function identifier of a function for executing data transmission;
and determining a tangent plane program matched with the function identifier from a preset tangent plane program library, and determining a corresponding tangent point injected into the service application program by the tangent plane program.
Optionally, the data identification of the data to be transmitted is performed through the tangent plane program, and specifically includes:
and judging whether the data to be transmitted contains private data or not according to a data identification rule contained in the section program.
Optionally, determining a data processing policy for the data to be transmitted according to the identification result, specifically including:
if the data to be transmitted contains private data according to the identification result, determining a first data processing strategy aiming at the data to be transmitted, wherein the first data processing strategy comprises the following steps: blocking at least one of data transmission, logging alarm, desensitization processing.
Optionally, determining a data processing policy for the data to be transmitted according to the identification result, specifically including:
if the data to be transmitted does not contain the private data according to the identification result, determining a second data processing strategy aiming at the data to be transmitted, wherein the second data processing strategy comprises the following steps: and keeping normal data transmission.
A data processing apparatus provided in this specification includes:
the acquisition module is used for acquiring a tangent plane program used for carrying out data processing on data to be transmitted and a tangent point corresponding to the tangent plane program when a service application program carries out data transmission to a data receiver;
the injection module is used for injecting the tangent plane program into the service application program based on the tangent point;
the judging module is used for determining a network address corresponding to the data receiver through the tangent plane program and judging whether the network address is an overseas network address;
and the data processing module is used for carrying out data identification on the data to be transmitted through the section program if the data to be transmitted is the section program, obtaining an identification result, determining a data processing strategy aiming at the data to be transmitted according to the identification result, and carrying out data processing on the data to be transmitted according to the data processing strategy.
Optionally, the obtaining module is specifically configured to determine a function identifier of a function for performing data transmission when the service application performs data transmission to the data receiver; and determining a tangent plane program matched with the function identifier from a preset tangent plane program library, and determining a corresponding tangent point injected into the service application program by the tangent plane program.
Optionally, the determining module is specifically configured to determine whether the data to be transmitted includes private data according to a data identification rule included in the tangent plane program.
The present specification provides a computer-readable storage medium storing a computer program which, when executed by a processor, implements the data processing method described above.
The present specification provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the program, the electronic device implements the data processing method described above.
The embodiment of the specification adopts at least one technical scheme which can achieve the following beneficial effects:
in the embodiment of the present specification, when a service application program transmits data to a data receiver, a tangent plane program for performing data processing on data to be transmitted and a tangent point corresponding to the tangent plane program are obtained. Based on the tangent point, the tangent program is injected into the business application program. And determining a network address corresponding to the data receiver through the tangent plane program, judging whether the network address is an overseas network address, and if so, performing data identification on the data to be transmitted to obtain an identification result. And determining a data processing strategy aiming at the data to be transmitted according to the identification result, and processing the data to be transmitted according to the determined data processing strategy. In the method, whether the data to be transmitted belongs to the cross-border data or not can be effectively judged through the tangent plane program, and the data to be transmitted is subjected to data processing according to the determined data processing strategy under the condition that the data to be transmitted belongs to the cross-border data.
Drawings
The accompanying drawings, which are included to provide a further understanding of the specification and are incorporated in and constitute a part of this specification, illustrate embodiments of the specification and together with the description serve to explain the specification and not to limit the specification in a non-limiting sense. In the drawings:
fig. 1 is a schematic flow chart of a data processing method provided in an embodiment of the present disclosure;
fig. 2 is a schematic structural diagram of a data processing apparatus according to an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of an electronic device provided in an embodiment of the present specification.
Detailed Description
In order to make the objects, technical solutions and advantages of the present disclosure more clear, the technical solutions of the present disclosure will be clearly and completely described below with reference to the specific embodiments of the present disclosure and the accompanying drawings. It is to be understood that the embodiments described are only a few embodiments of the present disclosure, and not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present specification without any creative effort belong to the protection scope of the present specification.
The technical solutions provided by the embodiments of the present description are described in detail below with reference to the accompanying drawings.
In this specification, there are some cases where data is inevitably sent out during the operation of a business application, and there are mainly: the server executing the business application actively transmits data to the outside, and the outside server acquires data from the server executing the business application. The term "foreign" refers to a foreign network address determined from a network address of a server that executes a business application.
Therefore, during the operation of the service application program, the service application program needs to monitor whether the transmitted data belongs to cross-border data (i.e., cross-border data) in real time, and if the transmitted data belongs to cross-border data, the transmitted cross-border data needs to be processed to avoid disclosure of the privacy data of the user.
In this specification, a secure section may be used to perform cross-border determination on data transmitted during the operation of a service application and to process the cross-border transmitted data.
The above-mentioned security profile refers to a method for dynamically adding or modifying a profile program for implementing a security profile service in the running logic of a service application program without modifying the service application program by using an Aspect-oriented Programming (AOP) mode. The method and the system enable the program for realizing the safe tangent plane service to be decoupled with the service application program while realizing the safe tangent plane service, thereby avoiding the development iteration problem caused by high coupling.
The tangent plane program is an enhanced program for realizing the safe tangent plane service based on the service operation logic. The method can inject the tangent plane program into the corresponding tangent point of the service application program by adopting a tangent plane-oriented programming mode, and the tangent plane program is triggered to be executed in the process of executing the service application program, so that the required safe tangent plane service function is realized.
When a service application executes a service, the service application generally performs service execution through a call between functions. Therefore, any function in the service application program can be used as the cut-in point of the tangent program, namely the cut-in point, and the tangent program is injected into the corresponding cut-in point. When the service application program is executed to the tangent point, namely the function of the service application program corresponding to the tangent point is called, the tangent plane program injected at the tangent point is executed.
Generally, there is high reusability of the code responsible for the process of injecting the tangent program into the tangent point, and therefore, the program implementing this process is generally abstracted into one service module, i.e., the tangent base. The tangent plane base can obtain tangent plane programs needing to be deployed and tangent points in the service application programs from a third party providing safe tangent plane services, and the corresponding tangent plane programs are injected into the tangent points of the service application programs by the environment after the application containers are started.
The business application may be a business application that provides business services in a server of the business platform. The service may be a service provided by a server of the service platform to a user, such as an inquiry service, a payment service, and the like. The business service may also be a business service provided by a certain server of the business platform to other servers, such as a settlement service.
Of course, as can be seen from the above description, in order to decouple the program of the secure cut-plane service from the service application, the present specification makes the program of the secure cut-plane service and the service application be interleaved during service execution by using a cut-plane-oriented programming method, but are parallel to each other and can be maintained independently. Therefore, unlike the service provider of the service application program, a third party providing the security tangent plane service may manage the content related to the security tangent plane service through the management and control platform, for example, configuration of a security tangent plane service management and control policy, version iteration of the tangent plane program, configuration of a deployment rule of the tangent plane program, and the like. Of course, the service providing the security profile may be a third party or a service provider.
When managing the content related to the security tangent plane service, the management and control platform may record various configuration information, such as configuration of various policies, configuration of deployment rules of tangent plane programs, and the like, through the configuration file. The section base can complete the deployment of the section program according to the configuration file, or the management and control platform can realize the safe section service according to the configuration file.
In practical applications, a service provider usually has a machine room including several physical machines or physical servers, and provides physical resources required by service applications through the physical machines. Of course, a business application may not need all the physical resources of the entire physical machine, and thus, multiple virtual hosts (virtual hosting) are generally run on one physical machine through virtualization technology. The virtual hosts are independent of each other and share part of physical resources of the physical machine. An application container can then be deployed in the virtual host and the business application can be run through the application container. An application container typically contains physical resources, such as CPU, memory, etc., allocated to the application container, and a runtime environment, such as an Operating System (OS) or other runtime environment data, provided to the application container, such as Serial Number (SN) Number of the container, allocated IP (infinitial Property), application name, tenant, environment variable, etc. Business applications can be deployed in application containers to execute business.
In a scene of executing a service based on a safe tangent plane, a service provider or a server of a third party providing the safe tangent plane service can provide a control platform, manage the content related to the safe tangent plane service through the control platform, deploy a tangent plane base in an application container, and inject a tangent plane program into a service application program in the service application container through the tangent plane base to provide support of the safe tangent plane service for the application container of the service provider.
The tangent plane base can then be deployed beforehand in the application container of the service provider. Generally, when the application container is started, an operating system provided for the application container can be called, a pre-deployed section base is operated, the tangent point of the section program and the service application program is obtained from the management and control platform through the section base, and the section program is injected into the tangent point of the service application program in the application container. In addition, the tangent plane base can also obtain tangent points of the tangent plane program and the service application program from the management and control platform in the execution process of the service application program, and inject the tangent plane program into the tangent points of the service application program in the application container.
Of course, how the tangent plane base obtains the information required for deploying the tangent plane program from the control platform can be set according to the requirement. For example, the required information may be actively pulled from the management and control platform according to the configuration file, or the management and control platform may actively issue the information required for the tangent plane base to receive.
After the tangent plane program is injected into the tangent point of the service application program, the service application program can trigger the tangent plane program in the execution process so as to realize the corresponding safe tangent plane service function.
In this specification, the secure tangent plane service function implemented by the tangent plane program refers to: judging whether data transmitted in the service application program is cross-border data or not, detecting whether the cross-border data contains privacy data or not, and processing the cross-border data or data transmission of the cross-border data.
Fig. 1 is a schematic flow chart of a data processing method provided in this specification, the data processing method is applied to a server, the server is used for executing a service, and the data processing method may include:
s100: when a service application program transmits data to a data receiver, a tangent plane program for processing the data to be transmitted and a tangent point corresponding to the tangent plane program are obtained.
In this embodiment of the present description, in the operation process of the service application, when the service application performs data transmission to a data receiving side, a function for performing data transmission may be called by the service application to perform data transmission.
Specifically, when the server executing the service application program receives a data transmission request sent by the data receiver, the server executing the service application program may determine the data to be transmitted according to the received data transmission request. Then, the server executing the service application program can call a first function for executing data transmission through the service application program, so that the data receiver acquires the data to be transmitted for the data transmission request from the server executing the service application program. The data transmission request carries a network address corresponding to a data receiver, a network address corresponding to a server executing a service application program, and the like. The data receiver may be an overseas other server.
In addition, when the server executing the service application program actively initiates data transmission to the data receiver, the server executing the service application program may determine the data to be transmitted and the network address of the data receiver, and then directly call a second function for executing data transmission, so as to send the data to be transmitted to the data receiver through the second function.
In this embodiment of the present description, after the service application invokes a function for performing data transmission, a data processing policy may be determined by a tangent plane program, and data processing is performed on data to be transmitted according to the data processing policy, so as to protect privacy of a user. Thus, when a business application calls a function for performing data transfer, a tangent program injection operation is triggered.
When the service application program actively sends data, the function called by the service application program and used for executing data transmission is different from the function called by the service application program and used for executing data transmission when the data receiver acquires data from the service application program, so that different functions used for executing data transmission correspond to different tangent plane programs, and the different tangent plane programs are all used for processing data to be transmitted. The functions are different, and the function identifiers of the functions are also different, and the function identifiers may refer to function names.
For the triggered injection operation, when the service application program transmits data to the data receiver, the tangent plane program for performing data processing on the data to be transmitted and the tangent point corresponding to the tangent plane program can be obtained from a preset tangent plane program library.
Further, when the service application program transmits data to the data receiver, the function identification of the function for executing the data transmission is determined. Then, a tangent plane program matched with the function identification is determined from a preset tangent plane program library, and when the function is called, the tangent plane program is injected into a corresponding tangent point in the service application program. The position corresponding to the function called by the service application program for executing data transmission can be used as the tangent point.
It should be noted that, when data to be transmitted is transmitted, the data to be transmitted needs to be transmitted to the outside, so the data to be transmitted is usually encrypted to obtain the encrypted data to be transmitted. However, it is difficult to process data of encrypted data to be transmitted through the tangent plane program, so in the embodiment of this specification, the tangent point of the tangent plane program injected into the service application program must be located before the position corresponding to the function for encrypting data to be transmitted.
S102: and injecting the tangent plane program into the service application program based on the tangent point.
In this embodiment, after acquiring the tangent plane program and the tangent point for the data transmission request, the server may inject the acquired tangent plane program into the service application program based on the tangent point. That is, the acquisition tangent plane program may be injected into a location corresponding to a function for performing data transmission in the service application program.
The method for injecting the tangent plane program into the service application program includes but is not limited to: for a section program written by Java, a Java technique can be adopted to inject the section program written by Java to the position of a tangent point. Aiming at the tangent plane program written by the PHP, the tangent plane program can be injected into an interpreter of the PHP in a PHP expansion mode.
S104: and determining a network address corresponding to the data receiver through the tangent plane program, and judging whether the network address is an overseas network address.
S106: if so, carrying out data identification on the data to be transmitted through the tangent plane program to obtain an identification result, determining a data processing strategy aiming at the data to be transmitted according to the identification result, and carrying out data processing on the data to be transmitted according to the data processing strategy.
In this embodiment of the present specification, after injecting the tangent plane program into the service application program, the server may determine, through the tangent plane program, a network address corresponding to a data receiver that receives data to be transmitted, and determine whether the network address corresponding to the data receiver is an overseas network address. If so, carrying out data identification on the data to be transmitted through a section program to obtain an identification result, and determining a data processing strategy aiming at the data to be transmitted according to the identification result so as to carry out data processing on the data to be transmitted according to the data processing strategy.
When determining whether the network address corresponding to the data receiver is an overseas network address, the server may first determine the network address corresponding to the data receiver according to a data transmission request sent by the data receiver to the server executing the service application program through the tangent plane program. Then, according to the network address of the server where the tangent plane program is located (i.e. the server executing the service application program), it is determined whether the network address corresponding to the data receiving side is an overseas network address. The foreign network address is a network address determined with respect to a network address of a server where the tangent plane program is located.
In addition, the network address corresponding to the data receiver for receiving the data to be transmitted when the server executing the service application program initiates data transmission can be determined through the tangent plane program. Then, according to the network address of the server where the tangent plane program is located (i.e. the server executing the service application program), it is determined whether the network address corresponding to the data receiver is an outbound network address.
And if the network address corresponding to the data receiver is judged to be the overseas network address, determining the data to be transmitted to be cross-border data. Under the condition that the data to be transmitted is determined to be cross-border data, whether the data to be transmitted contains privacy data needs to be detected. The privacy data includes but is not limited to: telephone number, user name, password, bank card number, etc.
Specifically, if the network address corresponding to the data receiving party is determined to be an overseas network address, the server may perform data identification on the data to be transmitted through the tangent plane program to obtain an identification result.
Further, through the section program, the private data identification is carried out on the data to be transmitted, and an identification result is obtained. The method for identifying the private data of the data to be transmitted includes but is not limited to: the present specification is not limited to any data recognition methods, such as a matching method of regular expressions, a natural language processing method, and a method of performing data recognition using a classification model.
The method comprises the steps of receiving a section program, and judging whether the section program comprises private data or not according to a data identification rule contained in the section program. The data identification rule contains a regular expression.
After the identification result is obtained, the server can determine a data processing strategy aiming at the data to be transmitted according to the identification result of the data to be transmitted through the tangent plane program.
Specifically, if it is determined that the data to be transmitted contains private data according to the identification result, a first data processing policy for the data to be transmitted is determined. Wherein the first data processing policy comprises: blocking at least one of data transmission, logging alarm, desensitization processing. The specific case in which the first data processing strategy is adopted can be configured according to the actual situation.
And if the data to be transmitted does not contain the private data according to the identification result, determining a second data processing strategy aiming at the data to be transmitted. Wherein the second data processing policy comprises: and keeping the data normally transmitted.
After the server determines the data processing strategy for the data to be transmitted, the server can perform data processing on the data to be transmitted according to the data processing strategy for the data to be transmitted through the tangent plane program.
When data processing is performed on data to be transmitted according to the first data processing strategy for blocking data transmission, the data transmission of the data to be transmitted is blocked according to the first data processing strategy for blocking data transmission through the section program.
And when data processing is carried out on the data to be transmitted according to the first data processing strategy of the log warning, warning is carried out on the log corresponding to the data to be transmitted through the section program according to the first data processing strategy of the log warning. It should be noted that, by using the first data processing policy of log warning, when data processing is performed on the data to be transmitted, the data to be transmitted can still be transmitted to the outside.
When data processing is carried out on data to be transmitted according to the first data processing strategy of desensitization processing, desensitization processing is carried out on private data contained in the data to be transmitted according to the first data processing strategy of desensitization processing through a tangent plane program, and the data to be transmitted after desensitization is transmitted to the outside. Wherein the desensitization process may include: and replacing the private data with any character string, deleting the private data, and the like, which is not limited in this specification.
And when the data to be transmitted is processed according to the second data processing strategy for keeping normal data transmission, keeping normal transmission of the data to be transmitted through the tangent plane program.
In addition, if the network address corresponding to the data receiving party is judged not to be the overseas network address, the data to be transmitted is determined not to belong to the cross-border data. And when the data to be transmitted does not belong to the cross-border data through the tangent plane program, determining a second data processing strategy aiming at the data to be transmitted, and processing the data to be transmitted according to the second data strategy. I.e. maintaining normal transmission of data to be transmitted.
Under the condition that the data to be transmitted does not belong to cross-border data, when the requirement for detecting whether the data to be transmitted contains private data exists, data identification can be carried out on the data to be transmitted through a tangent plane program to obtain an identification result, a data processing strategy aiming at the data to be transmitted is determined according to the identification result, and data processing is carried out on the data to be transmitted according to the data processing strategy. In this case, the data processing policy for the data to be transmitted may include: at least one of log alarm, desensitization treatment and normal transmission of data is maintained.
As can be seen from the method shown in fig. 1, when the service application program transmits data to the data receiver, the description obtains a tangent plane program for performing data processing on the data to be transmitted and a tangent point corresponding to the tangent plane program. Based on the tangent point, the tangent program is injected into the service application program. And determining a network address corresponding to the data receiver through the tangent plane program, judging whether the network address is an overseas network address, and if so, performing data identification on the data to be transmitted to obtain an identification result. And determining a data processing strategy aiming at the data to be transmitted according to the identification result, and processing the data to be transmitted according to the determined data processing strategy. In the method, whether the data to be transmitted belongs to the cross-border data or not can be effectively judged through the tangent plane program, and the data to be transmitted is subjected to data processing according to the determined data processing strategy under the condition that the data to be transmitted belongs to the cross-border data. In addition, the service application program and the section program for processing data are mutually decoupled, so that the maintenance efficiency of the section program can be improved. In addition, the unencrypted data to be transmitted is subjected to data processing through the tangent plane program, so that the problem that whether the encrypted data to be transmitted belongs to cross-border data cannot be analyzed can be avoided.
Based on the same idea, the data processing method provided by the embodiment of the present specification further provides a corresponding apparatus, a storage medium, and an electronic device.
Fig. 2 is a schematic structural diagram of a data processing apparatus provided in an embodiment of the present specification, where the apparatus includes:
an obtaining module 201, configured to obtain a tangent plane program used for performing data processing on data to be transmitted and a tangent point corresponding to the tangent plane program when a service application program performs data transmission to a data receiver;
an injection module 202, configured to inject the tangent plane program into the business application program based on the tangent point;
the judging module 203 is configured to determine, through the tangent plane program, a network address corresponding to the data receiver, and judge whether the network address is an overseas network address;
and the data processing module 204 is configured to perform data identification on the data to be transmitted through the tangent plane program if the data to be transmitted is the tangent plane program, obtain an identification result, determine a data processing policy for the data to be transmitted according to the identification result, and perform data processing on the data to be transmitted according to the data processing policy.
Optionally, the obtaining module 201 is specifically configured to determine a function identifier of a function for performing data transmission when the service application performs data transmission to a data receiver; and determining a tangent plane program matched with the function identifier from a preset tangent plane program library, and determining a corresponding tangent point injected into the service application program by the tangent plane program.
Optionally, the data processing module 204 is specifically configured to determine, through a data identification rule included in the section program, whether the data to be transmitted includes private data.
Optionally, the data processing module 204 is specifically configured to, if it is determined that the data to be transmitted includes private data according to the identification result, determine a first data processing policy for the data to be transmitted, where the first data processing policy includes: blocking at least one of data transmission, logging alarm, desensitization processing.
Optionally, the data processing module 204 is specifically configured to, if it is determined that the data to be transmitted does not include private data according to the identification result, determine a second data processing policy for the data to be transmitted, where the second data processing policy includes: and keeping the data normally transmitted.
The present specification also provides a computer readable storage medium storing a computer program which, when executed by a processor, is operable to perform the data processing method provided in fig. 1 above.
Based on the data processing method shown in fig. 1, the embodiment of the present specification further provides a schematic structural diagram of the unmanned device shown in fig. 3. As shown in fig. 3, the drone includes, at the hardware level, a processor, an internal bus, a network interface, a memory, and a non-volatile memory, although it may also include hardware required for other services. The processor reads the corresponding computer program from the nonvolatile memory into the memory and then runs the computer program to implement the data processing method shown in fig. 1.
Of course, besides the software implementation, the present specification does not exclude other implementations, such as logic devices or a combination of software and hardware, and the like, that is, the execution subject of the following processing flow is not limited to each logic unit, and may be hardware or logic devices.
In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually manufacturing an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as ABEL (Advanced Boolean Expression Language), AHDL (alternate Hardware Description Language), traffic, CUPL (core universal Programming Language), HDCal, jhddl (Java Hardware Description Language), lava, lola, HDL, PALASM, rhyd (Hardware Description Language), and vhigh-Language (Hardware Description Language), which is currently used in most popular applications. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer readable medium that stores computer readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and embedded microcontrollers, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, atmel AT91SAM, microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be considered a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be conceived to be both a software module implementing the method and a structure within a hardware component.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the various elements may be implemented in the same one or more pieces of software and/or hardware in the practice of this description.
As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, the description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The description has been presented with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the description. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Disks (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of other like elements in a process, method, article, or apparatus comprising the element.
As will be appreciated by one skilled in the art, embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, the description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the description may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
This description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only an example of the present specification, and is not intended to limit the present specification. Various modifications and alterations to this description will become apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present specification should be included in the scope of the claims of the present specification.

Claims (10)

1. A method of data processing, the method comprising:
when a service application program transmits data to a data receiver, acquiring a tangent plane program for processing the data to be transmitted and a tangent point corresponding to the tangent plane program;
based on the tangent point, injecting the tangent program into the business application program;
determining a network address corresponding to the data receiver through the tangent plane program, and judging whether the network address is an overseas network address;
if so, carrying out data identification on the data to be transmitted through the tangent plane program to obtain an identification result, determining a data processing strategy aiming at the data to be transmitted according to the identification result, and carrying out data processing on the data to be transmitted according to the data processing strategy.
2. The method according to claim 1, wherein when the service application program transmits data to the data receiver, acquiring a tangent plane program for performing data processing on data to be transmitted and a tangent point corresponding to the tangent plane program, specifically comprises:
when a service application program transmits data to a data receiver, determining a function identifier of a function for executing data transmission;
and determining a tangent plane program matched with the function identifier from a preset tangent plane program library, and determining a corresponding tangent point injected into the service application program by the tangent plane program.
3. The method according to claim 1, wherein the data identification of the data to be transmitted is performed by the tangent plane program, and specifically comprises:
and judging whether the data to be transmitted contains private data or not according to a data identification rule contained in the section program.
4. The method according to claim 3, wherein determining a data processing policy for the data to be transmitted according to the identification result specifically includes:
if the data to be transmitted contains private data according to the identification result, determining a first data processing strategy aiming at the data to be transmitted, wherein the first data processing strategy comprises the following steps: blocking at least one of data transmission, logging alarm, desensitization processing.
5. The method according to claim 3, wherein determining a data processing policy for the data to be transmitted according to the identification result specifically comprises:
if the data to be transmitted does not contain the private data according to the identification result, determining a second data processing strategy aiming at the data to be transmitted, wherein the second data processing strategy comprises the following steps: and keeping the data normally transmitted.
6. A data processing apparatus comprising:
the acquisition module is used for acquiring a tangent plane program used for carrying out data processing on data to be transmitted and tangent points corresponding to the tangent plane program when a service application program carries out data transmission to a data receiver;
the injection module is used for injecting the tangent plane program into the service application program based on the tangent point;
the judging module is used for determining a network address corresponding to the data receiver through the tangent plane program and judging whether the network address is an overseas network address;
and the data processing module is used for carrying out data identification on the data to be transmitted through the section program if the data to be transmitted is the section program to obtain an identification result, determining a data processing strategy aiming at the data to be transmitted according to the identification result, and carrying out data processing on the data to be transmitted according to the data processing strategy.
7. The apparatus according to claim 6, wherein the obtaining module is specifically configured to determine a function identifier of a function for performing data transmission when the service application performs data transmission to the data receiver; and determining a tangent plane program matched with the function identifier from a preset tangent plane program library, and determining a corresponding tangent point injected into the service application program by the tangent plane program.
8. The apparatus according to claim 6, wherein the determining module is specifically configured to determine whether the data to be transmitted includes private data according to a data identification rule included in the tangent plane program.
9. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the method of any one of the preceding claims 1 to 5.
10. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method of any of the preceding claims 1-5 when executing the program.
CN202211282366.3A 2022-10-19 2022-10-19 Data processing method and device, storage medium and electronic equipment Active CN115378735B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211282366.3A CN115378735B (en) 2022-10-19 2022-10-19 Data processing method and device, storage medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211282366.3A CN115378735B (en) 2022-10-19 2022-10-19 Data processing method and device, storage medium and electronic equipment

Publications (2)

Publication Number Publication Date
CN115378735A true CN115378735A (en) 2022-11-22
CN115378735B CN115378735B (en) 2023-03-24

Family

ID=84073222

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211282366.3A Active CN115378735B (en) 2022-10-19 2022-10-19 Data processing method and device, storage medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN115378735B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115659340A (en) * 2022-12-09 2023-01-31 支付宝(杭州)信息技术有限公司 Counterfeit applet identification method and device, storage medium and electronic equipment
CN115828247A (en) * 2023-02-10 2023-03-21 支付宝(杭州)信息技术有限公司 Applet abnormality detection method, device and equipment and readable storage medium
CN115988558A (en) * 2023-03-21 2023-04-18 中汽研软件测评(天津)有限公司 Intelligent vehicle data exit detection device, method, equipment and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017084508A1 (en) * 2015-11-17 2017-05-26 阿里巴巴集团控股有限公司 Method and device for automatically burying points
US20190223023A1 (en) * 2018-01-17 2019-07-18 Netsia, Inc. System and method for an integrated virtual customer premises equipment
CN112307509A (en) * 2020-10-20 2021-02-02 北京三快在线科技有限公司 Desensitization processing method, equipment, medium and electronic equipment
CN114035812A (en) * 2021-11-05 2022-02-11 安天科技集团股份有限公司 Application software installation and/or operation method, device, electronic equipment and storage medium
US20220108312A1 (en) * 2019-06-19 2022-04-07 Tunnel International Inc. Methods, systems, and devices for secure cross-border payments with high transaction throughput
CN115186269A (en) * 2022-07-18 2022-10-14 支付宝(杭州)信息技术有限公司 Vulnerability mining method and device, storage medium and electronic equipment
CN115185605A (en) * 2022-07-18 2022-10-14 支付宝(杭州)信息技术有限公司 Service execution method, device, storage medium and electronic equipment
CN115185534A (en) * 2022-07-18 2022-10-14 支付宝(杭州)信息技术有限公司 Data desensitization method and device, readable storage medium and electronic equipment

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017084508A1 (en) * 2015-11-17 2017-05-26 阿里巴巴集团控股有限公司 Method and device for automatically burying points
US20190223023A1 (en) * 2018-01-17 2019-07-18 Netsia, Inc. System and method for an integrated virtual customer premises equipment
US20220108312A1 (en) * 2019-06-19 2022-04-07 Tunnel International Inc. Methods, systems, and devices for secure cross-border payments with high transaction throughput
CN112307509A (en) * 2020-10-20 2021-02-02 北京三快在线科技有限公司 Desensitization processing method, equipment, medium and electronic equipment
CN114035812A (en) * 2021-11-05 2022-02-11 安天科技集团股份有限公司 Application software installation and/or operation method, device, electronic equipment and storage medium
CN115186269A (en) * 2022-07-18 2022-10-14 支付宝(杭州)信息技术有限公司 Vulnerability mining method and device, storage medium and electronic equipment
CN115185605A (en) * 2022-07-18 2022-10-14 支付宝(杭州)信息技术有限公司 Service execution method, device, storage medium and electronic equipment
CN115185534A (en) * 2022-07-18 2022-10-14 支付宝(杭州)信息技术有限公司 Data desensitization method and device, readable storage medium and electronic equipment

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
刘琦等: "软件定义网络下状态防火墙的设计与实现", 《信息网络安全》 *
黄隽等: "一种动态监测模型的研究", 《湖南工业大学学报》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115659340A (en) * 2022-12-09 2023-01-31 支付宝(杭州)信息技术有限公司 Counterfeit applet identification method and device, storage medium and electronic equipment
CN115659340B (en) * 2022-12-09 2023-03-14 支付宝(杭州)信息技术有限公司 Counterfeit applet identification method and device, storage medium and electronic equipment
CN115828247A (en) * 2023-02-10 2023-03-21 支付宝(杭州)信息技术有限公司 Applet abnormality detection method, device and equipment and readable storage medium
CN115988558A (en) * 2023-03-21 2023-04-18 中汽研软件测评(天津)有限公司 Intelligent vehicle data exit detection device, method, equipment and storage medium
CN115988558B (en) * 2023-03-21 2023-11-24 中汽研软件测评(天津)有限公司 Intelligent vehicle data departure detection device, method, equipment and storage medium

Also Published As

Publication number Publication date
CN115378735B (en) 2023-03-24

Similar Documents

Publication Publication Date Title
CN115378735B (en) Data processing method and device, storage medium and electronic equipment
US11687645B2 (en) Security control method and computer system
US9509697B1 (en) Systems and methods for authorizing attempts to access shared libraries
JP6055574B2 (en) Context-based switching to a secure operating system environment
KR20140045502A (en) Trust level activation
CN115185534A (en) Data desensitization method and device, readable storage medium and electronic equipment
CN115374481B (en) Data desensitization processing method and device, storage medium and electronic equipment
CN110390184B (en) Method, apparatus and computer program product for executing applications in the cloud
US10803167B1 (en) Systems and methods for executing application launchers
CN115357940A (en) Data processing method and device, storage medium and electronic equipment
US10719456B2 (en) Method and apparatus for accessing private data in physical memory of electronic device
CN112219202A (en) Memory allocation for guest operating systems
CN115659340B (en) Counterfeit applet identification method and device, storage medium and electronic equipment
CN115495343A (en) Safety maintenance method and device, storage medium and electronic equipment
CN115186269A (en) Vulnerability mining method and device, storage medium and electronic equipment
CN107392010B (en) Root operation execution method and device, terminal equipment and storage medium
CN115495777A (en) Data protection method and device, storage medium and electronic equipment
CN115617471A (en) Service calling method and device, storage medium and electronic equipment
CN115185847A (en) Fault testing method and device, storage medium and electronic equipment
US11520866B2 (en) Controlling processor instruction execution
CN115357762A (en) Data verification method and device, storage medium and electronic equipment
CN110852139A (en) Biometric feature recognition method, biometric feature recognition device, biometric feature recognition equipment and storage medium
US11882123B2 (en) Kernel level application data protection
CN112231757B (en) Privacy protection method, device and equipment for embedded application
EP4145318A1 (en) System and method for monitoring delivery of messages passed between processes from different operating systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant