CN115730319A - Data processing method, data processing device, computer equipment and storage medium - Google Patents
Data processing method, data processing device, computer equipment and storage medium Download PDFInfo
- Publication number
- CN115730319A CN115730319A CN202110984547.XA CN202110984547A CN115730319A CN 115730319 A CN115730319 A CN 115730319A CN 202110984547 A CN202110984547 A CN 202110984547A CN 115730319 A CN115730319 A CN 115730319A
- Authority
- CN
- China
- Prior art keywords
- target
- data processing
- security control
- data
- instruction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The application relates to a data processing method, a data processing device, computer equipment and a storage medium. The method comprises the following steps: acquiring a plurality of data processing strategies provided by an initial security control; based on at least two data processing strategies selected by self-definition, configuring a data processing strategy combination corresponding to a target service aiming at the initial security control to obtain a target security control bound with the target service; when target data under the target service is acquired based on the target security control, calling the data processing strategy combination through the target security control; analyzing the data processing strategy combination into an instruction calling sequence; and converting the target data according to the instruction calling sequence to obtain converted data. By adopting the method, the target data under the target service can be flexibly converted, so that the safety of the target data under the target service is effectively improved.
Description
Technical Field
The present application relates to the field of data security technologies, and in particular, to a data processing method and apparatus, a computer device, and a storage medium.
Background
With the rapid development of internet information technology, data transmission speed is faster and faster, the propagation range is wider, and for important data, the security of the data needs to be ensured. Technologies for performing conversion processing such as concealment and encryption on data are currently available to protect critical data.
In the related art, target data is generally processed by a fixed scheme designated in advance. However, this method is usually implemented by calling a specific single encryption algorithm, which is relatively common, and this encryption method is relatively fixed and single, and the encryption algorithm is easily broken to cause leakage of critical target data, and the data security is relatively low.
Disclosure of Invention
In view of the foregoing, it is necessary to provide a data processing method, an apparatus, a computer device, and a storage medium that can effectively improve data security.
A method of data processing, the method comprising:
acquiring a plurality of data processing strategies provided by an initial security control;
based on at least two data processing strategies selected by self-definition, configuring a data processing strategy combination corresponding to a target service aiming at the initial security control to obtain a target security control bound with the target service;
when target data under the target service is acquired based on the target security control, calling the data processing strategy combination through the target security control;
analyzing the data processing strategy combination into an instruction calling sequence;
and converting the target data according to the instruction calling sequence to obtain converted data.
A data processing apparatus, the apparatus comprising:
the strategy acquisition module is used for acquiring various data processing strategies provided by the initial security control;
the security control configuration module is used for configuring a data processing strategy combination corresponding to a target service aiming at the initial security control based on at least two data processing strategies selected by self-definition to obtain a target security control bound with the target service;
the security control calling module is used for calling the data processing strategy combination through the target security control when target data under the target service is obtained based on the target security control;
the data conversion processing module is used for analyzing the data processing strategy combination into an instruction calling sequence; and converting the target data according to the instruction calling sequence to obtain converted data.
In one embodiment, the security control configuration module is further configured to obtain at least two data processing policies selected based on a user-defined basis and corresponding to a target service; generating a nested calling function corresponding to the target service according to at least two data processing strategies; and configuring the nested calling function in the initial security control to obtain a target security control bound with the target service.
In one embodiment, the security control configuration module is further configured to determine a nested calling order corresponding to at least two of the data processing policies selected by a user; and analyzing the at least two data processing strategies into nested calling functions corresponding to the target service according to the nested calling sequence.
In one embodiment, the security control configuration module is further configured to configure a data processing policy for the initial security control; and configuring a corresponding combination strategy in the initial security control based on the configured data processing strategy, and generating the initial security control providing a plurality of data processing strategies.
In an embodiment, the security control invoking module is further configured to invoke an expression parser and the data processing policy combination through the target security control when the obtained data under the target service is target data; determining the sequence of expressions in the data processing strategy combination through the expression analyzer, and analyzing the data processing strategy combination into an instruction calling sequence according to the sequence.
In one embodiment, the security control invoking module is further configured to initialize an instruction list through the expression parser; determining an outer layer function interface of the data processing strategy combination; and if the data processing strategy combination is identified to comprise the nested calling function according to the outer layer function interface, analyzing the nested calling function layer by layer to obtain each nested expression in the nested calling function, and adding the analyzed expressions to the instruction list according to the analysis sequence to obtain an instruction calling sequence.
In one embodiment, the secure control calling module is further configured to perform layer-by-layer analysis on the nested calling function, and determine the position and the number of input parameters in the current expression obtained through analysis; if the current expression obtained by analysis comprises an input parameter, adding the current expression into the instruction list; and if the current expression obtained by analysis comprises at least two input parameters, generating a parameter splicing expression according to the positions and the number of the input parameters and adding the parameter splicing expression into the instruction list.
In one embodiment, the security control calling module is further configured to perform validity check on the expressions obtained through analysis respectively; and if the legality check is passed, adding the expressions obtained by analysis to the instruction list according to the analysis sequence to obtain an instruction calling sequence.
In one embodiment, the instruction call sequence comprises at least two call instructions having an execution order; and the data conversion processing module is further configured to execute the call instructions in the instruction call sequence according to the execution sequence, and in the execution process, take the execution result of the previous call instruction as the input of the next call instruction to perform conversion processing on the target data, so as to obtain converted data.
In one embodiment, the target security control comprises an encryption policy corresponding to the target service custom configuration; the data processing device also comprises an encryption module used for calling an encryption strategy through the target security control if the attribute of the target data is an encryption attribute; and encrypting the processed data according to the encryption strategy.
In one embodiment, the initial security control is based on a security control in a runtime environment of a parent application, the parent application providing a runtime environment for a plurality of child applications; the security control configuration module is further used for acquiring at least two data processing strategies selected by the user for the target sub-application; configuring a data processing strategy combination corresponding to a target service in the target sub-application for the initial security control to obtain a target security control bound with the target service; and the target security control is used for converting the target data under the target service in the target sub-application.
In an embodiment, the data conversion processing module is further configured to, when a target sub-application running in a running environment of the parent application obtains target data under a target service corresponding to the target sub-application, invoke a corresponding custom-configured data processing policy combination through a target security control in the target sub-application, so as to perform conversion processing on the target data according to the data processing policy combination.
A computer device comprising a memory storing a computer program and a processor implementing the steps in the data processing method of the embodiments of the present application when executing the computer program.
A computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, implements the steps in the data processing method of the embodiments of the present application.
A computer program product or computer program comprising computer instructions stored in a computer readable storage medium; the processor of the computer device reads the computer instructions from the computer-readable storage medium, and when the processor executes the computer instructions, the steps in the data processing method of each embodiment of the present application are implemented.
The data processing method, the data processing device, the computer equipment and the storage medium acquire various data processing strategies provided by the initial security control, the business side can select various data processing strategies in the initial security control in a user-defined manner for combination, and then the data processing strategy combination corresponding to the target business is configured for the initial security control based on at least two data processing strategies selected in the user-defined manner, so that the target security control bound with the target business is obtained. Therefore, business parties can flexibly generate various data processing strategy combinations in a customized mode, and the combined data processing strategies have higher safety for data processing. When target data under a target service are acquired, a data processing strategy combination corresponding to the target service is called through a target security control, then the data processing strategy combination is analyzed into an instruction calling sequence, and the target data are converted according to the instruction calling sequence, so that the target data can be converted more safely, the converted data are not easy to crack and leak, and the safety of the target data is effectively improved.
Drawings
FIG. 1 is a diagram of an application environment of a data processing method in one embodiment;
FIG. 2 is a flow diagram that illustrates a data processing method in one embodiment;
FIG. 3 is a diagram of the effects of a target security control in one embodiment;
FIG. 4 is a flow diagram that illustrates parsing of the expression parser in one embodiment;
FIG. 5 is a flowchart illustrating a target data processing method according to another embodiment;
FIG. 6 is a timing diagram of data processing in one embodiment;
FIG. 7 is a flow diagram of a data processing method in accordance with an exemplary embodiment;
FIG. 8 is a block diagram showing the structure of a data processing apparatus according to an embodiment;
FIG. 9 is a diagram of the internal structure of a computer device in one embodiment;
fig. 10 is an internal structural view of a computer device in another embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of and not restrictive on the broad application.
The data processing method can be applied to computer equipment. The computer device may be a terminal or a server. It can be understood that the data processing method provided by the present application can be applied to a terminal, can also be applied to a server, can also be applied to a system comprising the terminal and the server, and is implemented through interaction between the terminal and the server.
The data processing method provided by the application can be applied to the application environment shown in fig. 1. Wherein the terminal 102 communicates with the server 104 via a network. After the terminal 102 obtains the multiple data processing strategies provided by the initial security control from the server 104, the terminal 102 obtains at least two data processing strategies selected by the user of the service party in a customized manner, and uploads the strategies to the server 104. Then the server 104 obtains a plurality of data processing strategies provided by the initial security control; based on at least two data processing strategies selected by self-definition, configuring a data processing strategy combination corresponding to the target service aiming at the initial security control to obtain a target security control bound with the target service; when target data under a target service is acquired based on a target security control, calling a data processing strategy combination through the target security control; analyzing the data processing strategy combination into an instruction calling sequence; and processing the target data according to the instruction calling sequence to obtain processed data.
The server 104 may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud technology services such as cloud service, a cloud database, cloud computing, cloud functions, cloud storage, network service, cloud communication, middleware service, domain name service, security service, CDN, big data and an artificial intelligence platform. The terminal 102 may be, but is not limited to, a smart phone, a tablet computer, a laptop computer, a desktop computer, a smart speaker, a smart watch, and the like. The terminal and the server may be directly or indirectly connected through wired or wireless communication, and the application is not limited herein.
Cloud technology refers to a hosting technology for unifying serial resources such as hardware, software, network and the like in a wide area network or a local area network to realize calculation, storage, processing and sharing of data. The cloud technology is based on the general names of network technology, information technology, integration technology, management platform technology, application technology and the like applied in the cloud computing business model, can form a resource pool, is used as required, and is flexible and convenient.
Cloud Computing (Cloud Computing) refers to a mode of delivery and use of IT (Internet Technology ) infrastructure, and refers to obtaining required resources through a network in an on-demand, easily-extensible manner; the broad cloud computing refers to a delivery and use mode of a service, and refers to obtaining a required service in an on-demand and easily-extensible manner through a network. Such services may be IT and software, internet related, or other services. Cloud Computing is a product of development and fusion of traditional computers and Network Technologies, such as Grid Computing (Grid Computing), distributed Computing (distributed Computing), parallel Computing (Parallel Computing), utility Computing (Utility Computing), network Storage (Network Storage Technologies), virtualization (Virtualization), load balancing (Load Balance), and the like. With the high development and application of the internet industry, each article may have an own identification mark and needs to be transmitted to a background system for logic processing, data of different levels can be processed separately, and various industry data need strong system background support and can be realized only through cloud computing.
The blockchain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism and an encryption algorithm. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product services layer, and an application services layer.
The block chain underlying platform can comprise processing modules such as user management, basic service, intelligent contract and operation monitoring. The user management module is responsible for identity information management of all blockchain participants, and comprises public and private key generation maintenance (account management), key management, user real identity and blockchain address corresponding relation maintenance (authority management) and the like, and under the authorization condition, the user management module supervises and audits the transaction condition of certain real identities and provides rule configuration (wind control audit) of risk control; the basic service module is deployed on all block chain node equipment and used for verifying the validity of the service request, recording the service request to storage after consensus on the valid request is completed, for a new service request, the basic service firstly performs interface adaptation analysis and authentication processing (interface adaptation), then encrypts service information (consensus management) through a consensus algorithm, transmits the service information to a shared account (network communication) completely and consistently after encryption, and performs recording and storage; the intelligent contract module is responsible for registering, issuing and closing contracts
Contract triggering and contract execution, wherein a developer can define contract logic through a certain programming language, issues the contract logic to a block chain (contract registration), calls a secret key or other event triggering execution according to the logic of contract terms to complete the contract logic, and simultaneously provides a function of cancelling contract upgrading; the operation monitoring module is mainly responsible for deployment, configuration modification, contract setting, cloud adaptation in the product release process and visual output of real-time states in product operation, such as: alarm, monitoring network conditions, monitoring node equipment health status, and the like. The platform product service layer provides basic capability and an implementation framework of typical application, and developers can complete block chain implementation of business logic based on the basic capability and the characteristics of the superposed business. The application service layer provides the application service based on the block chain scheme for the business participants to use.
The terminal device in the technical scheme can be a block chain node device, and a plurality of block chain node devices can form a block chain storage system through network communication. The application scenario of the data processing method provided by the technical scheme can also be as follows: when the block link node device receives the service request, the data processing method provided by the technical scheme is used for processing key service information, for example, account information of the block link node can be specifically processed. And after processing the key business information, transmitting the processed data to a shared account book, and storing the data as a new data block in a block chain.
In an embodiment, as shown in fig. 2, a data processing method is provided, which is described by taking an example that the method is applied to the computer device in fig. 1, where the computer device may specifically be a terminal or a server. In this embodiment, the method includes the steps of:
step S202, a plurality of data processing strategies provided by the initial security control are obtained.
The security control is a plug-in developed for a specific business system or browser and used for protecting key data, and includes functions of maintaining confidentiality of information of a server and a client, preventing account passwords from being lost, and the like. The security control is generally a program or plug-in for improving user data security and preventing target data such as an account password from being stolen by malicious software such as trojans or viruses. The security control can be configured in various business systems or application programs, and can also be downloaded, installed and loaded through a browser, so that data protection services are provided.
The initial security control in this embodiment is a security control configured by a user, in which a plurality of data processing policies are configured. Wherein a plurality means at least two.
It can be understood that the data conversion processing may refer to a process of performing data transformation on some key information through a processing rule, that is, converting real target data which is easy to be divulged into non-real data which is not easy to be divulged according to a certain rule, so as to implement reliable protection of the key data. The processed real data set can thus be used securely in development, testing and other non-production environments as well as outsourcing environments. The data conversion process may specifically be a process of performing concealment or encryption on the data, that is, performing transformation conversion on the original data to conceal plaintext data of the original data. For example, the concealment process may be a desensitization process, that is, a process of transforming sensitive private data into non-real data.
In a specific embodiment, the data processing policy may be a rule policy for performing desensitization processing on data, and specifically may be a desensitization policy, that is, a desensitization algorithm defined by a specified desensitization rule. For example, the data processing policy includes at least one of replacement, rearrangement, encryption, truncation, masking, and the like of the target data. Among them, the encryption Algorithm may include a Sha256 (Secure Hash Algorithm), an SM3 Algorithm, a Sha1 Algorithm, an MD5 (Message-Digest Algorithm 5), and the like.
Among them, the Sha256 algorithm is a cryptographically secure hash algorithm, i.e., a hash function. This function mixes the data in a hash and recreates a fingerprint called a hash value or hash value. The hash value is typically represented by a short string of random letters and numbers. For any length message, the Sha256 generates a hash value 256 bits long, called a message digest. SM3 is also a cryptographic secure hash algorithm, and is mainly used for digital signature and verification, message authentication code generation and verification, random number generation, and the like. Sha1 is a security algorithm, and is mainly used for verifying the integrity of data. Data is likely to change during transmission, and thus different message digests are generated. The MD5 message digest algorithm is a widely used cryptographic hash function that generates a 128-bit hash value to ensure the integrity of the message transmission.
It is understood that the initial security control is pre-configured with a plurality of data processing policies. Specifically, at least three data processing strategies can be adopted. The data processing strategy can include a common encryption algorithm and a desensitization algorithm, and can also include a self-defined encryption algorithm and a desensitization algorithm.
Before processing target data under the target service, the computer device may pre-configure a target security control corresponding to the target service. Specifically, the computer device may first obtain a plurality of data processing policies provided by the initial security control, and then configure a target security control for the target service based on the plurality of data processing policies provided by the initial security control.
And S204, configuring a data processing strategy combination corresponding to the target service aiming at the initial security control based on at least two data processing strategies selected by self-definition to obtain the target security control bound with the target service.
The target service may represent a service application of a specific service type, for example, may be a service system or a sub-service in a service system of various service types, or may also be an application or a sub-application in an application of various service types.
The target security control is a security control which is generated by configuring at least two data processing strategies selected by self-definition aiming at a target service.
Specifically, a developer may select at least two data processing policies from the multiple data processing policies provided by the initial security control in a customized manner for the target service. And then the computer equipment configures at least two data processing strategies selected according to the user-defined mode in the initial security control and binds the initial security control with the target service, thereby flexibly obtaining the target security control bound with the target service.
In one embodiment, the business party can also select one of the data processing strategies from the multiple data processing strategies provided by the initial security control in a customized manner. And then configuring a data processing strategy corresponding to the target service aiming at the initial security control, thereby obtaining the target security control bound with the target service.
And step S206, when the target data under the target service is obtained based on the target security control, calling a data processing strategy combination through the target security control.
It is understood that the target data, also called critical data, refers to data that may cause serious harm to the society or individuals after leakage. The target data may specifically be sensitive data, for example.
In one embodiment, the target data includes at least one of a name, identification number, address, phone, bank account, mailbox, password, medical information, educational background, and the like.
After the computer equipment configures the target security control with the user-defined data processing strategy combination for the target service, the target data under the target service can be processed through the target security control.
Specifically, when the computer device obtains target data under the target service, the target security control bound with the target service is called in real time, and the configured data processing policy combination is loaded through the target security control.
And step S208, analyzing the data processing strategy combination into an instruction calling sequence.
The instruction call sequence may represent a set of instructions, and represents a plurality of instruction calls having an execution order, that is, a series of instructions arranged according to a certain execution order. Specifically, the instruction call may be respectively corresponding to at least two data processing policies in the data processing policy combination. In particular, each instruction call sequence may correspond to a desensitization algorithm or an encryption algorithm.
It can be understood that, in the process of processing the target data, the computer device executes the instruction calling sequence in sequence to perform the conversion processing on the target data, thereby implementing the conversion processing on the target data and obtaining the data after the plaintext is concealed.
The target security control further comprises an analysis rule aiming at the data processing strategy combination, and the analysis rule is used for analyzing the self-defined data processing strategy combination into an instruction calling sequence.
And after the computer equipment loads the self-defined data processing strategy combination through the target security control, strategy analysis is carried out on the data processing strategy combination according to an analysis rule aiming at the data processing strategy combination in the target security control, and an instruction calling sequence corresponding to the data processing strategy combination is obtained.
And after the computer equipment analyzes the customized data processing strategy combination into the corresponding instruction calling sequence, sequentially executing each instruction calling sequence according to the instruction execution sequence of the instruction calling sequence.
And step S210, converting the target data according to the instruction calling sequence to obtain converted data.
It is understood that the conversion process in the present embodiment may be implemented by executing a series of instruction call sequences on the target data to deform the target data. For example, desensitization processing may be specifically performed on the target data to obtain desensitized data.
After the computer equipment analyzes the data processing strategy combination into the corresponding instruction calling sequence, the instruction calling sequence can be executed in sequence aiming at the target data according to the corresponding instruction execution sequence.
For example, if the number of the instruction call sequences is at least three, the computer device executes a first instruction call sequence first, and then sequentially executes subsequent instruction call sequences according to the instruction execution sequence based on a result obtained by executing the first instruction until the last instruction call sequence is executed, so as to obtain the converted data. The converted data may be in the form of a hash value.
It can be understood that, the computer device converts the target data to obtain the converted data, and then stores the converted data into the database corresponding to the target service, thereby effectively avoiding storing plaintext data in the database.
In one embodiment, the target security control bound with the target service is configured based on at least two data processing strategies selected by self-definition. If the historical target data under the target service in the plaintext exists, the computer equipment can convert the historical target data under the target service through the target security control so as to convert the historical target data into the data after the hiding processing. The target security control is configured with the self-defined data processing strategy combination bound with the target service, so that the compatibility of data and data formats under the old target service can be facilitated, and the target data under the target service can be concealed more safely and flexibly.
Fig. 3 is a diagram illustrating the effect of the target security control in one embodiment. It is understood that password information is a typical target data. Referring to fig. 3, the target security control may be applied in the context of a cryptographic desensitization process of the target service. For example, in the process of verifying identity information by requiring a user to input password information in a target service, after the computer device obtains the password information input by the user under the target service, the bound target security control is called in real time, and a data processing policy combination corresponding to the target service is called through the target security control. And then, combining and analyzing the data processing strategies into an instruction calling sequence, and then carrying out desensitization processing on the target data according to the instruction calling sequence to obtain desensitized data. The computer equipment can further perform identity verification based on the desensitized data, so that plaintext data exposure can be effectively avoided, and the security of key target data can be ensured.
In the data processing method, the computer equipment acquires a plurality of data processing strategies provided by the initial security control, the business side can select various data processing strategies in the initial security control in a self-defined manner for combination, and then the data processing strategy combination corresponding to the target business is configured for the initial security control based on at least two data processing strategies selected in the self-defined manner, so that the target security control bound with the target business is obtained. Therefore, the business side can flexibly generate various data processing strategy combinations in a customized way, and the combined data processing strategy has higher safety for data processing. When target data under the target service is acquired, the data processing strategy combination corresponding to the target service is called through the target security control, then the data processing strategy combination is analyzed into an instruction calling sequence, and the target data is converted according to the instruction calling sequence, so that the target data can be converted more safely, the converted data is not easy to crack and leak, and the security of the target data is effectively improved.
In one embodiment, the step of configuring a data processing policy combination corresponding to the target service for the initial security control based on at least two data processing policies selected by a user, and obtaining the target security control bound to the target service includes: acquiring at least two data processing strategies corresponding to the target service selected based on self-definition; generating a nested calling function corresponding to the target service according to at least two data processing strategies; and configuring a nested calling function in the initial security control to obtain a target security control bound with the target service.
The nested call is to call another function to a certain function, namely, the function nesting allows another function to be called in one function. For example, when there are multiple functions, if there is a layer-by-layer calling relationship between the several functions, then the functions are nested calling functions.
It is understood that each data processing policy may be a policy function, the combination of the custom-selected data processing policies includes at least two policy functions, and the at least two policy functions may constitute a nested calling function. That is, the nested call function is a function representing a plurality of policies having a layer-by-layer call relationship.
The computer equipment acquires a plurality of data processing strategies provided by the initial security control, and after acquiring at least two data processing strategies selected by the user for the target service from the plurality of data processing strategies provided by the initial security control, the computer equipment performs strategy analysis on the combination of the at least two data processing strategies selected by the user to obtain a nested calling function corresponding to the target service.
And then the computer device configures a nested calling function in the initial security control, and because the data processing strategy combination selected by the user is corresponding to the target service, the initial security control can be bound with the target service simultaneously in the process of configuring the initial security control, so that the target security control bound with the target service can be configured more flexibly.
In one embodiment, the step of generating a nested calling function corresponding to the target service according to at least two data processing strategies includes: determining a nesting calling sequence corresponding to at least two data processing strategies selected by a user; and analyzing the at least two data processing strategies into nested calling functions corresponding to the target service according to the nested calling sequence.
The nested calling order represents the calling order among the strategy functions.
It is understood that each data processing strategy can be a strategy function, the combination of the data processing strategies selected by the user comprises at least two strategy functions, and the at least two strategy functions can form a nested calling function. That is, the nested call function is a function representing a plurality of policies having a layer-by-layer call relationship.
When the computer device performs policy analysis on the combination of at least two custom-selected data processing policies, a parser in the initial security control may be specifically called, and first, a plurality of policy functions corresponding to the at least two custom-selected data processing policies and a nesting calling order corresponding to each policy function are determined by the parser in the initial security control. And then analyzing at least two data processing strategies into nested calling functions corresponding to the target service according to the nested calling sequence, thereby flexibly and efficiently configuring a target security control bound with the target service in a customized manner.
In one embodiment, before obtaining the plurality of data processing policies provided by the initial security control, the method further includes a step of configuring the initial security control, the step of configuring the initial security control including: configuring a data processing strategy for the initial security control; and configuring a corresponding combination strategy in the initial security control based on the configured data processing strategy to generate the initial security control providing a plurality of data processing strategies.
It can be understood that the initial security control is a security control configured with a plurality of data processing policies in advance, so that the initial security control can be provided to the service party, and the service party can select a required data processing policy combination from the plurality of data processing policies provided by the initial security control in a customized manner, so as to process the target data safely and flexibly.
Before obtaining the initial security control, the computer device further includes a configuration step of the initial security control. The configuration step of the initial security control can be executed by other third party platforms and can also be executed by the current computer equipment.
Wherein, the combination strategy means the combination strategy among the data processing strategies.
Specifically, the computer device first obtains a plurality of data processing policies, which may include custom data processing policies. And then configuring the acquired multiple data processing strategies for the initial security control, and determining a combination strategy among the data processing strategies. The computer device further configures a combination policy among the data processing policies in the initial security control, thereby generating the initial security control providing a plurality of data processing policies.
In this embodiment, by configuring multiple data processing strategies for the initial security control, the initial security control can provide multiple data processing strategies, so that the business party can select a data processing strategy combination in a customized manner for the target business, and obtain a target security control bound with the target business and configured in a customized manner.
In one embodiment, when target data under a target service is acquired based on a target security control, the step of invoking a data processing policy combination through the target security control includes: and calling the expression analyzer and the data processing strategy combination through the target security control when the acquired data under the target service is the target data.
The step of analyzing the data processing strategy combination into an instruction calling sequence comprises the following steps: and determining the sequence of the expressions in the data processing strategy combination through an expression analyzer, and analyzing the data processing strategy combination into an instruction calling sequence according to the sequence.
When the computer equipment acquires target data under the target service, the target security control bound with the target service is called in real time, and the configured data processing strategy combination is loaded through the target security control.
It is to be appreciated that the expression parser is a parsing toolkit configured in the target security control for parsing the combination of data processing policies into instruction calls. For example, the expression parser can implement parsing of various expressions, which may include expressions such as mathematical functions, boolean operations, string operations, cryptographic functions, nested functions, and custom functions, for example. The order of the expressions refers to the execution order of the expressions.
After configuring a target security control corresponding to a target service, when computer equipment acquires target data under the target service, calling the target security control, loading an expression analyzer in the target security control, and calling a data processing strategy combination corresponding to the target service.
And then the computer equipment further analyzes the data processing strategy combination through the expression analyzer. Specifically, the computer device firstly analyzes the sequence of each expression in the data processing strategy combination through the expression parser, and then converts each expression in the data processing strategy combination into an instruction calling sequence with an execution sequence according to the sequence of each expression. It will be appreciated that the order of the expressions corresponds to the order of execution of the instruction call sequence.
In the embodiment, the user-defined selected data processing strategy combination is subjected to strategy analysis through the expression analyzer of the target safety control, and the data processing strategy combination can be quickly and effectively analyzed into the instruction calling sequence with the execution sequence, so that the target data can be efficiently and safely processed.
In one embodiment, the step of determining, by an expression parser, an order of expressions in a data processing policy combination, and parsing the data processing policy combination into an instruction call sequence in the order includes: initializing an instruction list through an expression parser; determining an outer layer function interface of a data processing strategy combination; and if the data processing strategy combination is identified to comprise the nested calling function according to the outer function interface, analyzing the nested calling function layer by layer to obtain each nested expression in the nested calling function, and adding the analyzed expressions to an instruction list according to the analysis sequence to obtain an instruction calling sequence.
The instruction list is a list for recording each instruction obtained by analysis. The instructions recorded in the instruction list may specifically be represented as a set of instruction sequences. The instruction queue formed by splicing a plurality of instructions according to the execution sequence. The execution order of the instructions is used to execute the instructions down along the instruction order.
It is understood that the outer function interface is also the outer function in the data processing policy combination. Wherein, the outer layer function is the expression executed last in the data processing strategy combination; the inner layer function in the data processing strategy combination is the expression executed firstly in the data processing strategy combination.
And in the process that the computer equipment analyzes the data processing strategy combination through the expression analyzer, analyzing the data processing strategy combination layer by layer through the expressions to analyze each expression in the data processing strategy combination layer by layer.
Specifically, the computer device first initializes an instruction list through the expression parser and inputs the data processing policy combination into the expression parser. The expression parser firstly determines an outer function interface of the data processing strategy combination, and then identifies whether the outer function interface further comprises a nested calling function, namely whether the outer function interface further comprises an inner function.
If the data processing strategy combination comprises the nested calling function is identified according to the outer layer function interface, analyzing the nested calling function layer by layer, respectively obtaining each nested expression in the nested calling function according to the analyzing sequence, and respectively and sequentially adding the analyzed expressions into the instruction list according to the analyzing sequence, thereby obtaining an instruction calling sequence.
In one embodiment, if the service party only self-defines and selects one of the multiple data processing strategies provided by the initial security control, then the data processing strategy corresponding to the target service is configured for the initial security control, and the target security control bound with the target service is obtained. When target data under a target service is acquired based on the target security control, a data processing strategy is called through the target security control, and then the data processing strategy is directly analyzed through an expression analyzer in the target security control to obtain a corresponding conversion instruction. And the computer equipment further performs conversion processing on the target data according to the instruction calling sequence to obtain converted data with higher safety.
In one embodiment, the step of analyzing the nested calling function layer by layer to obtain each nested expression in the nested calling function includes: analyzing the nested calling function layer by layer, and determining the position and the number of input parameters in the current expression obtained by analysis; if the current expression obtained by analysis comprises an input parameter, adding the current expression into an instruction list; and if the current expression obtained by analysis comprises at least two input parameters, generating a parameter splicing expression according to the positions and the number of the input parameters and adding the parameter splicing expression into the instruction list.
It is understood that an input parameter refers to a set of variables input to a specified expression. The input parameters in this embodiment may include target data under a target service, an intermediate processing result, a random value parameter, and the like. The random value parameter may specifically be a Salt value, which is also called a Salt value, and is a random value generated by combining with the target data.
In the process of analyzing the nested calling functions layer by layer, the computer equipment firstly judges whether the nested calling functions also comprise the nested calling functions, if so, the nested calling functions are further analyzed to obtain the current expression. And if the current expression does not comprise the nested calling function, identifying the position and the number of the input parameters in the current expression. And then adding corresponding expressions into the instruction list according to the positions and the number of the input parameters.
Specifically, if the current expression obtained through analysis includes an input parameter, the current expression is added to the instruction list. And if the current expression obtained by analysis comprises at least two input parameters, generating a parameter splicing expression according to the positions and the number of the input parameters, and adding the parameter splicing expression into the instruction list. For example, if the current expression obtained through analysis includes an input parameter of the target data and an input parameter of the random value, the current parameter splicing expression is generated according to the position relationship between the input parameter of the target data and the input parameter of the random value.
If the input parameter of the target data is in front and the input parameter of the random value is in front, the generated parameter splicing expression can be a forward splicing expression. If the input parameter of the random value is later and the input parameter of the target data is later, the generated parameter splicing expression can be a backward splicing expression. After the expressions are added to the instruction list according to the analysis sequence, the instruction calling sequence can be obtained through analysis, and therefore the data processing strategy can be effectively combined and analyzed into the corresponding instruction calling sequence.
In one embodiment, the step of adding the parsed expressions to the instruction list in the parsing order to obtain the instruction calling sequence includes: respectively carrying out legality verification on the expressions obtained by analysis; and if the legality is verified, adding the expressions obtained by analysis to the instruction list according to the analysis sequence to obtain an instruction calling sequence.
It is understood that verifying the validity of an expression refers to checking whether the expression conforms to an algorithm rule, that is, checking whether the expression can be recognized and run by a computer device. For example, the validity check may include checking whether input parameters, operation operators, and functions in the expression conform to the algorithm rules.
And in the process of analyzing the nested calling function layer by layer, the computer equipment also performs legality verification on the expression obtained by each analysis after each analysis. And if the legality of the expression passes the verification, adding the expression into the instruction list. And obtaining an instruction calling sequence based on the instruction list until the expressions in the data processing strategy combination are all analyzed and added to the instruction list. Therefore, the data processing strategy combination corresponding to the target service can be effectively analyzed into the corresponding instruction calling sequence.
In one embodiment, the instruction call sequence includes at least two call instructions having an execution order; the method comprises the following steps of converting target data according to an instruction calling sequence to obtain converted data, wherein the steps comprise: and executing the call instructions in the instruction call sequence according to the execution sequence, and taking the execution result of the previous call instruction as the input of the next call instruction in the execution process so as to convert the target data to obtain the converted data.
It will be appreciated that the result of the execution of the last call instruction is an intermediate processing result in the execution of the call sequence of instructions.
And after the computer equipment analyzes the data processing strategy combination into an instruction calling sequence with an execution sequence, sequentially executing the calling instructions in the instruction calling sequence according to the execution sequence. In the process of executing the call instruction, after each call instruction is executed to obtain a corresponding execution result, the execution result of the previous call instruction is used as the input of the next call instruction to perform conversion processing on target data, so that the converted data can be safely and effectively obtained.
FIG. 4 is a flow diagram that illustrates parsing of the expression parser in one embodiment. Referring to fig. 4, the expression parser first initializes an instruction list, and first determines whether an expression of a combination of data processing policies is a legal expression. And if the expression is a legal expression, analyzing the expression of the data processing strategy combination. Specifically, the current outer layer function name interface is obtained through analysis, the outer layer function name Api is calculated through a Hash value, and the Hash value of the encoded current outer layer function name Api, namely the HashApi, is obtained. And then, identifying whether the current outer layer function has a nested call, wherein the identifying specifically comprises identifying an expression nested call, a parameter nested call and the like.
If the current outer-layer function is identified to have the nested call, recursive call analysis is further carried out on the current outer-layer function so as to further analyze the called expression function.
And if the current outer-layer function has no nested call, further identifying the number and the position of the input parameters in the current expression. Specifically, if only one parameter exists in the current expression, the HashApi corresponding to the current outer-layer function is directly added to the instruction list as an instruction.
If the current expression comprises two parameters, the input parameters comprise a random value parameter. If the random value is ahead, an expression for the forward concatenation is generated, which may be, for example, insertSalt (). And adding the current expression into the instruction list, and then adding the corresponding function HashApi into the instruction list as an instruction. If the random value is later, the HashApi is added to the instruction list, then a backward-spliced expression, which may be appedsalt (), is generated, and the current expression is added to the instruction list.
If three parameters are included in the current expression, which means that two random value parameters are included in the input parameters, an expression of forward concatenation is first generated, which may be insertSalt (), for example. And add the current expression to the instruction list. The corresponding function HashApi is then added as an instruction to the instruction list. Finally, a backward-spliced expression, which may be appedsalt (), is generated, and the current expression is added to the instruction list.
Before adding the current expression obtained by analyzing in each step into the instruction list, whether the currently input expression is a legal expression needs to be judged, and if the currently input expression is a legal expression, the current expression is added into the instruction list. And after the analysis of the expression of the data processing strategy combination is completed, each instruction in the instruction list is the obtained instruction calling sequence.
For example, the description will be given taking as an example an expression of a combination of data processing strategies "Sha256 (Salt 2, SM3 (pwd, salt 1), salt 3)". Wherein, "pwd" represents target data under the target service, and may specifically be password information, for example; "Salt" represents a random value parameter; "SM3 ()" denotes the SM3 algorithm; "Sha256 ()" denotes the Sha256 algorithm. The expression parser may parse the current expression obtained by parsing into a corresponding pseudo code. It will be appreciated that the pseudo code is an algorithm description language such that the described algorithm can be readily implemented in any programming language.
And analyzing the expression according to the expression analysis flow. After an instruction list is initialized, a current skin function "Sha256 ()" is obtained through analysis, and whether the current skin function has a nested call or not is identified. If the current outer-layer function "Sha256 ()" has a nested call, recursive call analysis is further performed on the current outer-layer function, so as to further analyze the called expression function, and obtain a part of the current expression of "(pwd, salt 1)". Because the random value parameter Salt1 is later, a backward splicing expression apendsalt (Salt 1) is generated, the pseudo code corresponding to the first expression obtained by the analysis is added into the instruction list, and the corresponding execution result is 'pwd + Salt 1'.
Then, the current skin function "SM3 ()" is obtained by continuing to analyze, and the pseudo code corresponding to the second expression obtained by analyzing is added to the instruction list, and the corresponding execution result is "SM3 (pwd + Salt 1)".
The computer equipment further analyzes the current outer-layer function through an expression analyzer to obtain a part of a current expression of 'Salt 2, SM3 (pwd, salt 1)', generates a forward spliced expression insertSalt (Salt 2) because a random value parameter Salt1 is in front, adds a pseudo code corresponding to a third expression obtained by analyzing into an instruction list, and obtains a corresponding execution result of 'Salt 2+ SM3 (pwd + Salt 1)'.
Further, the expression parser continues to parse to obtain a current outer-layer function, the parts of the current expression, namely ' Salt2, SM3 (pwd, salt 1) and Salt3 ', are parsed, because the random value parameter Salt1 is later, a backward splicing expression, namely ' apledsalt (Salt 3), is generated, a pseudo code corresponding to a fourth expression obtained by parsing is added to the instruction list, and an execution result corresponding to the pseudo code is ' Salt2+ SM3 (pwd + Salt 1) + Salt3 '.
Then, the expression parser continues to parse to obtain the current outer-layer function, the current expression is parsed to obtain a part of "Sha256 ()", and the pseudo code corresponding to the fourth expression obtained by parsing is added to the instruction list, and the corresponding execution result is "Sha256 (Salt 2+ SM3 (pwd + Salt 1) + Salt 3)".
The instruction list obtained by the final analysis of the data processing strategy combination is shown in the following table one.
| Serial number | Pseudo | Execution results | |
| 1 | appendSalt(Salt1) | pwd+ |
|
| 2 | SM3() | SM3(pwd+Salt1) | |
| 3 | insertSalt(Salt2) | Salt2+SM3(pwd+Salt1) | |
| 4 | appendSalt(Salt3) | Salt2+SM3(pwd+salt1)+ |
|
| 5 | Sha256 | Sha256(salt2+SM3(pwd+salt1)+Salt3) |
In this embodiment, the initial security control is configured with the target security control obtained by combining the data processing policies corresponding to the target service, through at least two data processing policies selected by the user. When target data under a target service is acquired, a data processing strategy combination corresponding to the target service is called through a target security control, then the data processing strategy combination is analyzed into an instruction calling sequence, and the target data is processed according to the instruction calling sequence, so that the target data can be more safely concealed, and the concealed data is not easy to crack and leak.
In an embodiment, after performing conversion processing on target data according to an instruction call sequence to obtain converted data, the data processing method further includes: when the attribute of the target data is an encryption attribute, calling an encryption strategy through the target security control; and encrypting the processed data according to an encryption strategy.
The target security control comprises an encryption strategy corresponding to the target service custom configuration. It can be understood that the encryption policy is used for encrypting data, and specifically, data with an encryption attribute may be encrypted.
And the target security control is also pre-configured with an encryption strategy aiming at the target service and used for encrypting the target data with the attribute of encryption.
If the computer device identifies that the attribute of the target data under the target service is the encryption attribute, the importance degree of the target data is high, and conversion processing and encryption processing are required. Specifically, the computer device calls the encryption policy through the target security control, and then resolves the security policy into a corresponding encryption instruction through an expression resolver in the target security control. And then, aiming at the data after the conversion processing, executing a corresponding encryption instruction to perform encryption processing.
In this embodiment, the converted data is further encrypted, so that the target data can be more safely converted and encrypted, the converted data is not easy to crack and leak, and the safety of the target data is greatly improved.
In one embodiment, the step of configuring a data processing policy combination corresponding to the target service for the initial security control based on at least two data processing policies selected by a user, and obtaining the target security control bound to the target service includes: acquiring at least two data processing strategies selected by a user for a target sub-application; and configuring a data processing strategy combination corresponding to the target service in the target sub-application for the initial security control to obtain the target security control bound with the target service.
The initial security control is based on the security control in the running environment of the parent application, and the parent application provides the running environment for the plurality of child applications.
It is understood that the parent application refers to an application capable of running independently, which refers to an independently executable application, and is a native application program directly running on the operating system. The parent application may specifically be an application program that carries the child application, and may provide an execution environment for the application executed by the child application. Parent applications include, but are not limited to, instant messaging applications, SNS (Social networking Sites) applications, short video applications, long video applications, gaming applications, music sharing applications, UGC (User Generated Content) applications, but are not limited to such.
The sub-application can be various business application scenes attached to the parent application, and can also be a sub-application program running in the parent application program. Each sub-application may correspond to a different business domain. Sub-applications include, but are not limited to, instant messaging applications, SNS applications, short video applications, long video applications, gaming applications, music sharing applications, shopping vending applications, UGC applications, various types of smart identification applications, and the like.
Each sub-application can configure a target security control under a respective target service, and then configure the operating environment of the sub-application according to the operating environment of the parent application, so that the sub-application can be operated on the parent application.
The parent application is pre-configured with an initial security control that can provide a variety of data processing strategies. If the target service party needs to construct the running environment of the target child application on the parent application, the initial security control provided by the parent application can be obtained, then the required data processing strategy or data processing strategy combination is selected freely by self from the multiple customizable data processing strategies provided by the initial security control, and then the target security control bound with the target child application is configured. The target safety control is used for converting target data under a target service in the target sub-application.
Specifically, after the computer device obtains at least two data processing strategies selected by the target business policy for the customization of the target sub-application, the initial security control is bound with the target business of the target sub-application, and a data processing strategy combination corresponding to the target business is configured for the initial security control, so that the target security control bound with the target business and having higher security is obtained.
In the embodiment, the initial security control which is provided by the parent application and can be used for self-defining and selecting a plurality of data processing strategies is used, so that each child application running in the parent application can be used for self-defining and randomly selecting a required data processing strategy or a required data processing strategy combination from a plurality of data processing strategies provided by the initial security control, and therefore, a plurality of freely combined data processing strategy combinations can be effectively generated for each child application, target data can be converted more safely, and converted data are not easy to crack and leak.
In an embodiment, as shown in fig. 5, another target data processing method is provided, which specifically includes the following steps:
step S502, acquiring a plurality of data processing strategies provided by the initial security control; the initial security control is a security control parent in a running environment based on a parent application, and the application provides a running environment for a plurality of child applications.
And step S504, at least two data processing strategies selected by the user for the target sub-application are obtained.
Step S506, the data processing strategy combination corresponding to the target service in the target sub-application is configured for the initial security control, and the target security control bound with the target service is obtained.
Step S508, when the target sub-application running in the running environment of the parent application obtains the target data under the target service corresponding to the target sub-application, the corresponding custom-configured data processing policy combination is invoked through the target security control in the target sub-application.
Step S510, the data processing policy combination is analyzed into an instruction calling sequence.
And step S512, converting the target data according to the instruction calling sequence to obtain converted data.
It can be understood that, after the computer device obtains at least two data processing strategies selected by the target business policy for the customization of the target sub-application, the initial security control is bound with the target business of the target sub-application, and a data processing strategy combination corresponding to the target business is configured for the initial security control, so that the target security control bound with the target business and having higher security is obtained.
When the target sub-application running in the running environment of the parent application acquires target data under the target service corresponding to the target sub-application, the target data under the target service of the target sub-application needs to be converted. The computer device calls the corresponding custom-configured data processing strategy combination through a target security control in the target sub-application, analyzes the data processing strategy combination through the target security control to obtain a corresponding instruction calling sequence with an execution sequence, and then sequentially executes the instruction calling sequence according to the execution sequence aiming at the target data until the instruction calling sequence is executed, namely, the target data is converted to obtain the converted data.
The computer equipment can further store and apply the converted data, so that the data processing strategies corresponding to the target services of the sub-applications can be safely and flexibly customized on the premise of effectively ensuring that the plaintext of the target data is not exposed, the target data is safely converted, the converted data is not easy to crack and leak, and the safety of the target data is effectively ensured.
In a specific embodiment, as shown in FIG. 6, a timing diagram of the data conversion process in one embodiment is shown. Referring to fig. 6, a security control is deployed in the computer device, where the security control is a target security control corresponding to the target service, and may specifically represent a server corresponding to the target service. The target service may specifically be represented as a terminal corresponding to the target service party.
Specifically, the computer device configures a data processing policy combination corresponding to the target service for the initial security control after custom-selecting a required data processing policy combination from the multiple data processing policies based on the target service party through the multiple data processing policies provided by the initial security control, and obtains the target security control bound with the target service. When the target business side inputs target data, the computer equipment calls the bound target security control, loads the data processing strategy combination configured by the user-defined configuration in the target security control, analyzes the data processing strategy combination, and obtains an instruction calling sequence with an execution sequence.
When the target data acquisition is completed, a notification of completing the data acquisition can be fed back by the target service party. And the target security control acquires the acquired target data and inputs the target data into the target security control, and the target security control executes the instructions in the first analyzed instruction calling sequence according to the execution sequence of the target data and the instruction calling sequence. Then, the analyzed instructions are sequentially instructed according to the execution sequence until the last analyzed instruction is executed, the converted data is obtained, and the converted data is returned to the target service party. For example, the converted data may specifically be a hash value of HashData.
In a specific embodiment, as shown in fig. 7, a specific data processing method is provided, which specifically includes the following steps:
step 702, acquiring a plurality of data processing strategies provided by the initial security control.
Step 704, acquiring at least two data processing strategies corresponding to the target service selected by the user, and determining the nesting calling order corresponding to the at least two data processing strategies selected by the user.
And 708, configuring a nested calling function in the initial security control to obtain a target security control bound with the target service.
And 710, calling the expression analyzer and the data processing strategy combination through the target security control when the acquired data under the target service is the target data.
Step 712, initializing the instruction list through the expression parser; and determining an outer layer function interface of the data processing strategy combination.
And 714, if the data processing strategy combination is identified to comprise the nested calling function according to the outer layer function interface, analyzing the nested calling function layer by layer to obtain each nested expression in the nested calling function, and adding the analyzed expressions to the instruction list according to the analysis sequence to obtain an instruction calling sequence.
And 716, executing the calling instructions in the instruction calling sequence according to the execution sequence, and taking the execution result of the previous calling instruction as the input of the next calling instruction in the execution process to perform conversion processing on the target data to obtain the converted data.
In this embodiment, a data processing policy combination corresponding to the target service is configured for the initial security control by at least two data processing policies selected based on the user-defined basis, so as to obtain the target security control bound to the target service. Therefore, the business side can flexibly generate various data processing strategy combinations in a customized way, and the combined data processing strategies have higher safety for data conversion processing. When target data under a target service is acquired, the data processing strategy is combined and analyzed into an instruction calling sequence through the target security control, and then the target data is converted according to the instruction calling sequence, so that the target data can be more safely converted, the converted data is not easy to crack and leak, and the security of the target data is effectively improved.
The application also provides an application scene, and the application scene applies the data processing method. Specifically, the user terminal runs an application corresponding to the target service or accesses a corresponding service system website, such as various communication services, banking services, payment services, and the like. The corresponding target security control can be configured in advance in an application program corresponding to the target service or a website accessing the corresponding service system, and the target security control is obtained by configuring a data processing strategy combination selected by a user from a plurality of data processing strategies provided by the initial security control based on the target service party.
The user can input data under the target service through the user terminal in the application program. When the data input by the user is target data under a target service, such as a password, personal information and the like, the terminal calls a corresponding target security control, loads and analyzes a corresponding data processing strategy combination through the target security control, and carries out real-time conversion processing on the target data input by the user through an instruction calling sequence obtained through analysis, so as to obtain converted data. Therefore, in the process of inputting the target data by the user, the plaintext of the target data is effectively prevented from being leaked. For scenes with high security level, such as password input, payment finance and the like, the password security and the payment security can be effectively ensured, so that the security of key target data is effectively improved.
It should be understood that, although the steps in the flowcharts of fig. 2, 5, and 7 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a portion of the steps in fig. 2, 5, and 7 may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the steps or stages in other steps.
In one embodiment, as shown in fig. 8, a data processing apparatus 800 is provided, which may be a part of a computer device using a software module or a hardware module, or a combination of the two, and specifically includes: a policy obtaining module 802, a security control configuring module 804, a security control calling module 806, and a data conversion processing module 808, where:
a policy obtaining module 802, configured to obtain multiple data processing policies provided by the initial security control.
And the security control configuration module 804 is configured to configure a data processing policy combination corresponding to the target service for the initial security control based on at least two data processing policies selected by the user, so as to obtain a target security control bound with the target service.
And a security control invoking module 806, configured to invoke the data processing policy combination through the target security control when the target data under the target service is acquired based on the target security control.
A data conversion processing module 808, configured to combine and analyze the data processing policies into an instruction calling sequence; and converting the target data according to the instruction calling sequence to obtain converted data.
In one embodiment, the security control configuration module 804 is further configured to obtain at least two data processing policies corresponding to the target service selected based on a user-defined basis; generating a nested calling function corresponding to the target service according to at least two data processing strategies; and configuring a nested calling function in the initial security control to obtain a target security control bound with the target service.
In one embodiment, the security control configuration module 804 is further configured to determine a nested calling order corresponding to at least two data processing policies selected by a user; and analyzing the at least two data processing strategies into nested calling functions corresponding to the target service according to the nested calling sequence.
In one embodiment, the security control configuration module 804 is further configured to configure a data processing policy for the initial security control; and configuring a corresponding combination strategy in the initial security control based on the configured data processing strategy, and generating the initial security control providing a plurality of data processing strategies.
In an embodiment, the security control invoking module 804 is further configured to invoke, when the obtained data under the target service is target data, the combination of the expression parser and the data processing policy through the target security control; and determining the sequence of the expressions in the data processing strategy combination through an expression analyzer, and analyzing the data processing strategy combination into an instruction calling sequence according to the sequence.
In one embodiment, the security control invoking module 806 is further configured to initialize the instruction list through the expression parser; determining an outer layer function interface of a data processing strategy combination; and if the data processing strategy combination is identified to comprise the nested calling function according to the outer layer function interface, analyzing the nested calling function layer by layer to obtain each nested expression in the nested calling function, and adding the analyzed expressions to the instruction list according to the analysis sequence to obtain an instruction calling sequence.
In an embodiment, the security control invoking module 806 is further configured to perform layer-by-layer analysis on the nested calling function, and determine the position and the number of the input parameters in the current expression obtained through the analysis; if the current expression obtained by analysis comprises an input parameter, adding the current expression into an instruction list; and if the current expression obtained by analysis comprises at least two input parameters, generating a parameter splicing expression according to the positions and the number of the input parameters and adding the parameter splicing expression into the instruction list.
In an embodiment, the security control invoking module 806 is further configured to perform validity check on the expressions obtained by the parsing respectively; and if the legality check is passed, adding the expressions obtained by analysis to the instruction list according to the analysis sequence to obtain an instruction calling sequence.
In one embodiment, the instruction call sequence includes at least two call instructions having an execution order; the data conversion processing module 808 is further configured to execute the call instructions in the instruction call sequence according to the execution sequence, and during execution, take the execution result of the previous call instruction as the input of the next call instruction, so as to perform conversion processing on the target data to obtain converted data.
In one embodiment, the target security control comprises an encryption strategy corresponding to the target service custom configuration; the data processing device also comprises an encryption module used for calling an encryption strategy through the target security control if the attribute of the target data is an encryption attribute; and encrypting the converted data according to an encryption strategy.
In one embodiment, the initial security control is a security control in a runtime environment based on a parent application, the parent application providing a runtime environment for a plurality of child applications; the security control configuration module 804 is further configured to obtain at least two data processing strategies selected by the user for the target sub-application; configuring a data processing strategy combination corresponding to a target service in the target sub-application for the initial security control to obtain a target security control bound with the target service; and the target security control is used for converting the target data under the target service in the target sub-application.
In an embodiment, the data conversion processing module 808 is further configured to, when a target sub-application running in a running environment of a parent application acquires target data under a target service corresponding to the target sub-application, invoke a corresponding data processing policy combination configured in a user-defined manner through a target security control in the target sub-application, so as to perform conversion processing on the target data according to the data processing policy combination.
For specific limitations of the data processing apparatus, reference may be made to the above limitations of the data processing method, which are not described herein again. The various modules in the data processing apparatus described above may be implemented in whole or in part by software, hardware, and combinations thereof. The modules can be embedded in a hardware form or independent of a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, and its internal structure diagram may be as shown in fig. 9. The computer device includes a processor, a memory, and a network interface connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operating system and the computer program to run on the non-volatile storage medium. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a data processing method.
In another embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as shown in fig. 10. The computer device includes a processor, a memory, a communication interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operating system and the computer program to run on the non-volatile storage medium. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless communication can be realized through WIFI, an operator network, NFC (near field communication) or other technologies. The computer program is executed by a processor to implement a data processing method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.
It will be appreciated by those skilled in the art that the configurations shown in fig. 9 and 10 are block diagrams of only some of the configurations relevant to the present application, and do not constitute a limitation on the computing devices to which the present application may be applied, and that a particular computing device may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is further provided, which includes a memory and a processor, the memory stores a computer program, and the processor implements the steps of the above method embodiments when executing the computer program.
In an embodiment, a computer-readable storage medium is provided, in which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method embodiments.
In one embodiment, a computer program product or computer program is provided that includes computer instructions stored in a computer-readable storage medium. The computer instructions are read by a processor of the computer device from a computer-readable storage medium, and the computer instructions are executed by the processor to cause the computer device to perform the steps of the above-described method embodiments.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above may be implemented by hardware instructions of a computer program, which may be stored in a non-volatile computer-readable storage medium, and when executed, may include the processes of the embodiments of the methods described above. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include at least one of non-volatile and volatile memory. Non-volatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical storage, or the like. Volatile Memory can include Random Access Memory (RAM) or external cache Memory. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others.
All possible combinations of the technical features in the above embodiments may not be described for the sake of brevity, but should be considered as being within the scope of the present disclosure as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, and these are all within the scope of protection of the present application. Therefore, the protection scope of the present patent application shall be subject to the appended claims.
Claims (15)
1. A method of data processing, the method comprising:
acquiring a plurality of data processing strategies provided by an initial security control;
based on at least two data processing strategies selected by self-definition, configuring a data processing strategy combination corresponding to a target service aiming at the initial security control to obtain a target security control bound with the target service;
when target data under the target service is acquired based on the target security control, calling the data processing strategy combination through the target security control;
analyzing the data processing strategy combination into an instruction calling sequence;
and converting the target data according to the instruction calling sequence to obtain converted data.
2. The method of claim 1, wherein the configuring a combination of data processing policies corresponding to a target service for the initial security control based on at least two of the data processing policies selected by the user to obtain a target security control bound to the target service comprises:
acquiring at least two data processing strategies corresponding to the target service selected based on self-definition;
generating a nested calling function corresponding to the target service according to at least two data processing strategies;
and configuring the nested call function in the initial security control to obtain a target security control bound with the target service.
3. The method of claim 2, wherein generating the nested calling function corresponding to the target service according to at least two of the data processing policies comprises:
determining a nesting calling sequence corresponding to at least two data processing strategies selected by self-definition;
and analyzing the at least two data processing strategies into nested calling functions corresponding to the target service according to the nested calling sequence.
4. The method according to claim 1, wherein before said obtaining the plurality of data processing policies provided by the initial security control, the method further comprises a step of configuring the initial security control, the step of configuring the initial security control comprising:
configuring a data processing strategy for the initial security control;
and configuring a corresponding combination strategy in the initial security control based on the configured data processing strategy, and generating the initial security control providing a plurality of data processing strategies.
5. The method according to claim 1, wherein the invoking, by the target security control, the data processing policy combination when the target data under the target service is obtained based on the target security control comprises:
calling an expression analyzer and the data processing strategy combination through the target security control when the acquired data under the target service is target data;
the analyzing the data processing strategy combination into an instruction calling sequence comprises the following steps:
determining the sequence of expressions in the data processing strategy combination through the expression analyzer, and analyzing the data processing strategy combination into an instruction calling sequence according to the sequence.
6. The method of claim 5, wherein the determining, by the expression parser, an order of expressions in the data processing policy combination, the parsing the data processing policy combination into a sequence of instruction calls in the order comprises:
initializing an instruction list through the expression parser;
determining an outer layer function interface of the data processing strategy combination;
and if the data processing strategy combination is identified to comprise the nested calling function according to the outer layer function interface, analyzing the nested calling function layer by layer to obtain each nested expression in the nested calling function, and adding the analyzed expressions to the instruction list according to the analysis sequence to obtain an instruction calling sequence.
7. The method of claim 6, wherein the parsing the nested call functions layer by layer to obtain each expression of the nest in the nested call functions comprises:
analyzing the nested calling function layer by layer, and determining the position and the number of input parameters in the current expression obtained by analysis;
if the current expression obtained by analysis comprises an input parameter, adding the current expression into the instruction list;
and if the current expression obtained by analysis comprises at least two input parameters, generating a parameter splicing expression according to the positions and the number of the input parameters and adding the parameter splicing expression into the instruction list.
8. The method of claim 6, wherein adding the parsed expressions to the instruction list in a parsing order, resulting in an instruction call sequence, comprises:
respectively carrying out legality verification on the expressions obtained by analysis;
and if the legality check is passed, adding the expressions obtained by analysis to the instruction list according to the analysis sequence to obtain an instruction calling sequence.
9. The method of claim 1, wherein the instruction call sequence comprises at least two call instructions having an execution order; the converting the target data according to the instruction calling sequence to obtain converted data includes:
and executing the calling instructions in the instruction calling sequence according to the execution sequence, and taking the execution result of the last calling instruction as the input of the next calling instruction in the execution process so as to convert the target data to obtain converted data.
10. The method of claim 1, wherein the target security control comprises an encryption policy corresponding to the target service custom configuration;
after the target data is converted according to the instruction calling sequence to obtain converted data, the method further includes:
if the attribute of the target data is an encryption attribute, calling an encryption strategy through the target security control;
and encrypting the converted data according to the encryption strategy.
11. The method according to any one of claims 1 to 10, wherein the initial security control is a security control based on a running environment of a parent application, the parent application providing a running environment for a plurality of child applications;
the at least two data processing strategies selected based on self-definition configure a data processing strategy combination corresponding to a target service aiming at the initial security control to obtain a target security control bound with the target service, and the method comprises the following steps:
acquiring at least two data processing strategies selected by a user for a target sub-application;
configuring a data processing strategy combination corresponding to a target service in the target sub-application for the initial security control to obtain a target security control bound with the target service; and the target security control is used for converting the target data under the target service in the target sub-application.
12. The method according to claim 11, wherein the invoking the data processing policy combination through the target security control when the target data under the target service is acquired based on the target security control comprises:
when the target sub-application running in the running environment of the parent application obtains the target data under the target service corresponding to the target sub-application, then
And calling a corresponding custom-configured data processing strategy combination through a target security control in the target sub-application so as to convert the target data according to the data processing strategy combination.
13. A data processing apparatus, characterized in that the apparatus comprises:
the strategy acquisition module is used for acquiring various data processing strategies provided by the initial security control;
the security control generation module is used for configuring a data processing strategy combination corresponding to a target service aiming at the initial security control based on at least two data processing strategies selected by self-definition to obtain a target security control bound with the target service;
the security control calling module is used for calling the data processing strategy combination through the target security control when target data under the target service is obtained based on the target security control;
the data conversion processing module is used for analyzing the data processing strategy combination into an instruction calling sequence; and converting the target data according to the instruction calling sequence to obtain converted data.
14. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of the method of any of claims 1 to 12.
15. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 12.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110984547.XA CN115730319A (en) | 2021-08-25 | 2021-08-25 | Data processing method, data processing device, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110984547.XA CN115730319A (en) | 2021-08-25 | 2021-08-25 | Data processing method, data processing device, computer equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115730319A true CN115730319A (en) | 2023-03-03 |
Family
ID=85289831
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110984547.XA Pending CN115730319A (en) | 2021-08-25 | 2021-08-25 | Data processing method, data processing device, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115730319A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117252676A (en) * | 2023-11-20 | 2023-12-19 | 成都新希望金融信息有限公司 | Service processing method, device, electronic equipment and index policy system |
| CN117527399A (en) * | 2023-11-28 | 2024-02-06 | 广州视声智能股份有限公司 | Information security encryption method and system for intelligent home |
-
2021
- 2021-08-25 CN CN202110984547.XA patent/CN115730319A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117252676A (en) * | 2023-11-20 | 2023-12-19 | 成都新希望金融信息有限公司 | Service processing method, device, electronic equipment and index policy system |
| CN117252676B (en) * | 2023-11-20 | 2024-02-02 | 成都新希望金融信息有限公司 | Service processing method, device, electronic equipment and index policy system |
| CN117527399A (en) * | 2023-11-28 | 2024-02-06 | 广州视声智能股份有限公司 | Information security encryption method and system for intelligent home |
| CN117527399B (en) * | 2023-11-28 | 2024-05-17 | 广州视声智能股份有限公司 | Information security encryption method and system for intelligent home |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111488598B (en) | Access control method, device, computer equipment and storage medium | |
| CN113691597B (en) | Block chain contract deployment method, device, equipment and storage medium | |
| CN105659559B (en) | The safety of authenticating remote server | |
| Mukta et al. | Blockchain-based verifiable credential sharing with selective disclosure | |
| CN110569658A (en) | User information processing method and device based on block chain network, electronic equipment and storage medium | |
| US11328087B1 (en) | Multi-party analysis of streaming data with privacy assurances | |
| CN115730319A (en) | Data processing method, data processing device, computer equipment and storage medium | |
| Chen et al. | {MAGE}: Mutual Attestation for a Group of Enclaves without Trusted Third Parties | |
| CN111090581A (en) | Intelligent contract testing method and device, computer equipment and storage medium | |
| KR20190127124A (en) | Method and apparatus for verifying integrity of source code and related data using blockchain | |
| WO2021224210A1 (en) | Multi-directional zero-knowledge attestation systems and methods | |
| CN115580413A (en) | Zero-trust multi-party data fusion calculation method and device | |
| Mamun et al. | A novel approach to blockchain-based digital identity system | |
| KR101593675B1 (en) | User data integrity verification method and apparatus | |
| CN103559430B (en) | application account management method and device based on Android system | |
| CN116975901A (en) | Identity verification method, device, equipment, medium and product based on block chain | |
| Xu et al. | A symbolic model for systematically analyzing TEE-based protocols | |
| US20190121987A1 (en) | Light-weight context tracking and repair for preventing integrity and confidentiality violations | |
| CN113868628A (en) | Signature verification method and device, computer equipment and storage medium | |
| Escamilla Ambrosio et al. | Securing mHealth Applications Using loTsecM Security Modelling: Dentify. Me mApp Case Study for Urgent Care Management | |
| CN110659476A (en) | Method and apparatus for resetting password | |
| KR102534012B1 (en) | System and method for authenticating security level of content provider | |
| Malvin et al. | JSON Web Token Leakage Avoidance Using Token Split and Concatenate in RSA256 | |
| Alluhaybi et al. | Achieving self-protection and self-communication features for security of agentbased systems | |
| Rodriguez et al. | Dynamic Security and Privacy Seal Model Analysis |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40084180 Country of ref document: HK |