CN116301890A - Service processing method and device, computer readable storage medium and electronic equipment - Google Patents

Service processing method and device, computer readable storage medium and electronic equipment Download PDF

Info

Publication number
CN116301890A
CN116301890A CN202310211421.8A CN202310211421A CN116301890A CN 116301890 A CN116301890 A CN 116301890A CN 202310211421 A CN202310211421 A CN 202310211421A CN 116301890 A CN116301890 A CN 116301890A
Authority
CN
China
Prior art keywords
service
task
processed
service processing
container
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310211421.8A
Other languages
Chinese (zh)
Inventor
刘长伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Netease Cloud Music Technology Co Ltd
Original Assignee
Hangzhou Netease Cloud Music Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Netease Cloud Music Technology Co Ltd filed Critical Hangzhou Netease Cloud Music Technology Co Ltd
Priority to CN202310211421.8A priority Critical patent/CN116301890A/en
Publication of CN116301890A publication Critical patent/CN116301890A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/41Compilation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The disclosure relates to a business processing method and device, a computer readable storage medium and electronic equipment, and relates to the technical field of computers; the method comprises the following steps: receiving a service processing request sent by a first user terminal, and decrypting the service processing request to obtain a service to be processed included in the service processing request; acquiring a target task image and a target service data set required by executing the service to be processed, and constructing a container task image corresponding to the service to be processed according to the target task image and the target service data; and executing the container task mirror image to obtain a service processing result corresponding to the service to be processed, and feeding back the service processing result to the first user side. The present disclosure improves the security of data.

Description

Service processing method and device, computer readable storage medium and electronic equipment
Technical Field
Embodiments of the present disclosure relate to the field of computer technology, and more particularly, to a service processing method, a service processing apparatus, a computer readable storage medium, and an electronic device.
Background
This section is intended to provide a background or context to the embodiments of the disclosure recited in the claims. The description herein is not admitted to be prior art by inclusion in this section.
In the existing service processing method, although the user behavior can be audited based on the multiparty co-construction technology of Virtual Kubelet of the Virtual node for realizing resource sharing; however, the method cannot fundamentally prevent data leakage, and further reduces the security of data at the server side.
Disclosure of Invention
However, in the prior art, on one hand, since the data at the server end can be checked by the audited user, the data leakage cannot be fundamentally prevented, and the security of the data at the server end is further reduced; on the other hand, when the server side executes service processing, a mirror image cannot be generated according to the matching of the requested service with the corresponding container task, so that the accuracy of the obtained service processing result is lower.
Therefore, an improved service processing method is very needed to construct a container task image according to a target task image corresponding to a service to be processed and target service data, and then execute the container task image to obtain a service processing result, so that the accuracy of the service processing result is improved on the basis of ensuring the safety of the data.
In this context, embodiments of the present disclosure desirably provide a service processing method, a service processing apparatus, a computer-readable storage medium, and an electronic device.
According to one aspect of the present disclosure, there is provided a service processing method, including:
receiving a service processing request sent by a first user terminal, and decrypting the service processing request to obtain a service to be processed included in the service processing request;
acquiring a target task image and a target service data set required by executing the service to be processed, and constructing a container task image corresponding to the service to be processed according to the target task image and the target service data;
and executing the container task mirror image to obtain a service processing result corresponding to the service to be processed, and feeding back the service processing result to the first user side.
In one exemplary embodiment of the present disclosure, obtaining a target task image and a target service data set required to execute the service to be processed includes:
matching target task images required by executing the service to be processed from a preset private image warehouse according to the service category of the service to be processed by modifying the admission Webhook of the property, and matching target service data sets required by executing the service to be processed from a preset database;
Wherein the traffic class comprises a data request traffic class and/or a cross-modal model training request traffic class.
In an exemplary embodiment of the present disclosure, the service processing method further includes:
receiving a source code to be processed, and acquiring a dependent software package and a deployment compiling environment corresponding to the source code to be processed;
executing the compiling construction of the source code to be processed and the dependent software package under the deployment compiling environment, and generating an executable image associated with the source code to be processed;
generating a container generation script according to the executable image, and executing the container generation script to obtain a current task image corresponding to the source code to be processed;
and verifying the identity of the sending end of the source code to be processed, and uploading the current task image to a preset private image warehouse when the identity verification of the sending end of the source code to be processed is confirmed to pass.
In an exemplary embodiment of the present disclosure, constructing a container task image corresponding to the service to be processed according to the target task image and target service data includes:
and carrying out instantiation processing on the target task image by utilizing the target service data, and arranging the instantiated target task image to obtain a container task image corresponding to the service to be processed.
In an exemplary embodiment of the present disclosure, performing the container task mirroring to obtain a service processing result corresponding to the service to be processed includes:
selecting a target container required for executing the container task mirror image from a preset container group, and executing the container task mirror image in the target container to obtain a task execution container;
and starting and executing the executable mirror image included in the task execution container to obtain a service processing result corresponding to the service to be processed.
In an exemplary embodiment of the present disclosure, the service processing method further includes:
in the process of executing the task mirror image of the container, receiving a task viewing request sent by a first user side, and verifying the task viewing request based on an admission Webhook with verification property;
after the task checking request is confirmed to pass verification, generating a data checking instruction corresponding to the task checking request, and executing the data checking instruction to obtain log data generated in the executing process of the container task mirror image and the current task executing state;
and feeding back the log data and the current task execution state to the first user side so as to display the log data and the current task execution state through the first user side.
In an exemplary embodiment of the present disclosure, decrypting the service processing request to obtain a service to be processed included in the service processing request includes:
acquiring a first key required for decrypting the service processing request according to a first terminal identifier of the first user terminal;
and decrypting the service processing request by using the first key to obtain the service to be processed included in the service processing request.
In an exemplary embodiment of the present disclosure, the service processing method further includes:
receiving a first random number sent by a first user side, and generating a first secret key according to the first random number;
and performing associated storage on the first key and a first terminal identifier of the first user terminal, and sending the first key to the first user terminal so that the first user terminal encrypts a service processing request according to the first key.
In an exemplary embodiment of the present disclosure, receiving a first random number sent by a first user terminal includes:
receiving a first client certificate and a first client public key sent by a first user side, and sending a server certificate and a server public key to the first user side;
The first client certificate and the first client public key are sent to a certificate authority, and a first verification result obtained after the certificate authority verifies the validity of the first client certificate and the first client public key is received;
when the first verification result is determined to be that the first client certificate and the first client public key are legal, receiving a first random number sent by the first client; the first random number is sent when the first client confirms that both the server side certificate and the server side public key are legal.
In an exemplary embodiment of the present disclosure, generating a first key from the first random number includes:
obtaining a server private key corresponding to the server public key, and decrypting the first random number by using the server private key;
and generating a first secret key according to the decrypted first random number.
In one exemplary embodiment of the present disclosure, the pending traffic includes a data request traffic and/or a cross-modality model training traffic.
According to an aspect of the present disclosure, there is provided a service processing apparatus including:
the service processing request decryption module is used for receiving a service processing request sent by a first user terminal, decrypting the service processing request and obtaining a service to be processed included in the service processing request;
The container task mirror image construction module is used for acquiring a target task mirror image and a target service data set required by executing the service to be processed, and constructing a container task mirror image corresponding to the service to be processed according to the target task mirror image and the target service data;
and the container task mirror image execution module is used for executing the container task mirror image to obtain a service processing result corresponding to the service to be processed, and feeding back the service processing result to the first user side.
In one exemplary embodiment of the present disclosure, obtaining a target task image and a target service data set required to execute the service to be processed includes:
matching target task images required by executing the service to be processed from a preset private image warehouse according to the service category of the service to be processed by modifying the admission Webhook of the property, and matching target service data sets required by executing the service to be processed from a preset database;
wherein the traffic class comprises a data request traffic class and/or a cross-modal model training request traffic class.
In an exemplary embodiment of the present disclosure, the service processing apparatus further includes:
The system comprises a source code receiving module to be processed, a compiling environment deploying module and a compiling module, wherein the source code receiving module to be processed is used for receiving source codes to be processed, acquiring dependent software packages corresponding to the source codes to be processed and deploying compiling environments;
the executable image generation module is used for executing the compiling construction of the source code to be processed and the dependent software package under the deployment compiling environment and generating an executable image associated with the source code to be processed;
the current task image generation module is used for generating a container generation script according to the executable image, and executing the container generation script to obtain a current task image corresponding to the source code to be processed;
and the current task image uploading module is used for checking the identity of the sending end of the source code to be processed, and uploading the current task image to a preset private image warehouse when the identity check of the sending end of the source code to be processed is confirmed to pass.
In an exemplary embodiment of the present disclosure, constructing a container task image corresponding to the service to be processed according to the target task image and target service data includes:
and carrying out instantiation processing on the target task image by utilizing the target service data, and arranging the instantiated target task image to obtain a container task image corresponding to the service to be processed.
In an exemplary embodiment of the present disclosure, performing the container task mirroring to obtain a service processing result corresponding to the service to be processed includes:
selecting a target container required for executing the container task mirror image from a preset container group, and executing the container task mirror image in the target container to obtain a task execution container;
and starting and executing the executable mirror image included in the task execution container to obtain a service processing result corresponding to the service to be processed.
In an exemplary embodiment of the present disclosure, the service processing apparatus further includes:
the task viewing request verification module is used for receiving a task viewing request sent by a first user side in the process of executing the container task mirror image, and verifying the task viewing request based on the admission Webhook with verification property;
the data checking instruction execution module is used for generating a data checking instruction corresponding to the task checking request after the task checking request is confirmed to pass verification, and executing the data checking instruction to obtain log data and a current task execution state generated in the execution process of the container task mirror image;
And the log data feedback module is used for feeding back the log data and the current task execution state to the first user side so as to display the log data and the current task execution state through the first user side.
In an exemplary embodiment of the present disclosure, decrypting the service processing request to obtain a service to be processed included in the service processing request includes:
acquiring a first key required for decrypting the service processing request according to a first terminal identifier of the first user terminal;
and decrypting the service processing request by using the first key to obtain the service to be processed included in the service processing request.
In an exemplary embodiment of the present disclosure, the service processing apparatus further includes:
the first key generation module is used for receiving a first random number sent by a first user terminal and generating a first key according to the first random number;
and the first key storage module is used for carrying out association storage on the first key and a first terminal identifier of the first user terminal, and sending the first key to the first user terminal so that the first user terminal encrypts a service processing request according to the first key.
In an exemplary embodiment of the present disclosure, receiving a first random number sent by a first user terminal includes:
receiving a first client certificate and a first client public key sent by a first user side, and sending a server certificate and a server public key to the first user side;
the first client certificate and the first client public key are sent to a certificate authority, and a first verification result obtained after the certificate authority verifies the validity of the first client certificate and the first client public key is received;
when the first verification result is determined to be that the first client certificate and the first client public key are legal, receiving a first random number sent by the first client; the first random number is sent when the first client confirms that both the server side certificate and the server side public key are legal.
In one exemplary embodiment of the present disclosure, the pending traffic includes a data request traffic and/or a cross-modality model training traffic.
According to one aspect of the present disclosure, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the service processing method of any one of the above.
According to one aspect of the present disclosure, there is provided an electronic device including:
a processor; and
a memory for storing executable instructions of the processor;
wherein the processor is configured to perform the business processing method of any of the above via execution of the executable instructions.
According to the service processing method and the service processing device, the service to be processed included in the service processing request can be obtained by receiving the service processing request sent by the first user terminal and decrypting the service processing request; acquiring a target task image and a target service data set required by executing a service to be processed, and constructing a container task image corresponding to the service to be processed according to the target task image and the target service data; executing the container task mirror image to obtain a service processing result corresponding to the service to be processed, and feeding back the service processing result to the first user side without directly feeding back the target service data set to the first user side, so that the problem that data leakage cannot be fundamentally prevented because the data at the server side can be checked by an audited user, the safety problem of the data at the server side is further reduced, the problem that the mirror image is generated according to the corresponding container task matched with the requested service is further reduced, and the problem that the accuracy of the obtained service processing result is lower is solved, and better experience is brought to the user.
Drawings
The above, as well as additional purposes, features, and advantages of exemplary embodiments of the present disclosure will become readily apparent from the following detailed description when read in conjunction with the accompanying drawings. Several embodiments of the present disclosure are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings, in which:
fig. 1 schematically illustrates a flow chart of a business processing method according to an example embodiment of the present disclosure;
FIG. 2 schematically illustrates an example diagram of a business processing system according to an example embodiment of the present disclosure;
FIG. 3 schematically illustrates an example diagram of interactions of a specific generation process of a first key and a specific authentication process between a client and a server according to an example embodiment of the present disclosure;
FIG. 4 schematically illustrates an example diagram of a specific generation process and storage process of a current task image according to an example embodiment of the present disclosure;
FIG. 5 schematically illustrates an example diagram of viewing task execution status and/or log data, according to an example embodiment of the present disclosure;
fig. 6 schematically illustrates a block diagram of a business processing apparatus according to an example embodiment of the present disclosure;
FIG. 7 schematically illustrates a computer readable storage medium for storing the above-described business processing method according to an example embodiment of the present disclosure;
Fig. 8 schematically illustrates an electronic device for implementing the above-described service processing method according to an exemplary embodiment of the present disclosure.
In the drawings, the same or corresponding reference numerals indicate the same or corresponding parts.
Detailed Description
The principles and spirit of the present disclosure will be described below with reference to several exemplary embodiments. It should be understood that these embodiments are presented merely to enable one skilled in the art to better understand and practice the present disclosure and are not intended to limit the scope of the present disclosure in any way. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art. Of course, the data related to the disclosure may be data authorized by the user or fully authorized by each party, and the collection, transmission, use, etc. of the data all conform to the requirements of relevant national laws and regulations, and the embodiments of the disclosure may be combined with each other.
Those skilled in the art will appreciate that embodiments of the present disclosure may be implemented as a system, apparatus, device, method, or computer program product. Accordingly, the present disclosure may be embodied in the following forms, namely: complete hardware, complete software (including firmware, resident software, micro-code, etc.), or a combination of hardware and software.
According to an embodiment of the present disclosure, a service processing method, a service processing apparatus, a computer-readable storage medium, and an electronic device are provided.
Any number of elements in the figures are for illustration and not limitation, and any naming is used for distinction only, and not for any limiting sense.
The principles and spirit of the present disclosure are explained in detail below with reference to several representative embodiments thereof.
Summary of The Invention
The applicant first considers that cross-modal model training is well-landed in the industry as well as in various departments within the enterprise. In the actual application process, based on the data diversity requirement of cross-modal model training, data sharing training is required to be carried out in each department; of course, according to the data security method, data sharing training needs to ensure data security; therefore, in order to solve the data security problem, in some schemes, privacy computation is realized through a secure multiparty computing technology, but the specific implementation of the mode is very complex; in other schemes, data sharing and model co-building can be performed in a multi-party co-building cluster mode based on Virtual Kubelet technology; however, although the multi-party co-building technology based on Virtual Kubelet can audit the behavior of a client, the client cannot be limited to view data and other operations, so that the data cannot be fundamentally prevented from being leaked, and the data privacy cannot be truly protected.
Based on this, an exemplary embodiment of the present disclosure provides a service processing method, on one hand, by receiving a service processing request sent by a first user terminal, and decrypting the service processing request, to obtain a service to be processed included in the service processing request; then, acquiring a target task mirror image and a target service data set required by executing the service to be processed, and constructing a container task mirror image corresponding to the service to be processed according to the target task mirror image and the target service data; finally, executing the container task mirror image to obtain a service processing result corresponding to the service to be processed, and feeding back the service processing result to the first user terminal, wherein the server terminal can generate a corresponding container task mirror image according to the target task mirror image corresponding to the service processing request and the target service data set, and further execute the container task mirror image to obtain the service processing result, so that the safety of the data can be ensured without a secure multiparty computing technology; on the other hand, the execution of the target task mirror image can be directly completed at the server side, so that the data leakage can be fundamentally prevented, and the protection of the data privacy is further realized; on the other hand, the corresponding container task mirror image can be generated according to the target task mirror image corresponding to the service processing request and the target service data set, and then the container task mirror image is executed to obtain the service processing result, so that the accuracy of the obtained service processing result is improved.
Having described the basic principles of the present disclosure, various non-limiting embodiments of the present disclosure are specifically described below.
Exemplary method
In this exemplary embodiment, a service processing method is provided first, where the method may operate on a server, a server cluster, or a cloud server; of course, those skilled in the art may also operate the methods of the present disclosure on other platforms as desired, which is not particularly limited in the present exemplary embodiment. Specifically, referring to fig. 1, the service processing method may include the following steps:
s110, receiving a service processing request sent by a first user terminal, and decrypting the service processing request to obtain a service to be processed included in the service processing request;
s120, acquiring a target task image and a target service data set required by executing the service to be processed, and constructing a container task image corresponding to the service to be processed according to the target task image and the target service data;
s130, executing the container task mirror image to obtain a service processing result corresponding to the service to be processed, and feeding back the service processing result to the first user side.
In the service processing method, the service to be processed included in the service processing request can be obtained by receiving the service processing request sent by the first user terminal and decrypting the service processing request; acquiring a target task image and a target service data set required by executing a service to be processed, and constructing a container task image corresponding to the service to be processed according to the target task image and the target service data; executing the container task mirror image to obtain a service processing result corresponding to the service to be processed, and feeding back the service processing result to the first user side without directly feeding back the target service data set to the first user side, so that the problem that data leakage cannot be fundamentally prevented because the data at the server side can be checked by an audited user, the safety problem of the data at the server side is further reduced, the problem that the mirror image is generated according to the corresponding container task matched with the requested service is further reduced, and the problem that the accuracy of the obtained service processing result is lower is solved, and better experience is brought to the user.
Hereinafter, a service processing method according to an exemplary embodiment of the present disclosure will be explained and illustrated in detail with reference to the accompanying drawings.
First, proper nouns to which exemplary embodiments of the present disclosure relate are explained.
TLS (Transport Layer Security, network transport layer security) protocol: an encryption protocol widely used on the internet authenticates servers in client-server connections and encrypts communications between clients and servers.
Digital certificate: multiple cryptographic algorithms are integrated, and the cryptographic algorithm is used for realizing a safety standard of multiple functions such as data encryption and decryption, identity authentication, signature and the like.
CA (Certificate Authority): the certificate authority is an authority responsible for issuing and managing digital certificates and serves as a trusted third party to bear responsibility for verifying the legitimacy of the public keys in the public key system.
Mirror image: the method refers to container mirror images in the container technology, user codes are compiled into executable files or scripts, and meanwhile, the execution environments on which the executable files or scripts depend are packaged into mirror images through a packaging tool; the image may be run by a containerization technique, executing user-executable files or scripts.
Kubernetes: is an open-source container orchestration engine for automated deployment, scaling and management of containerized applications.
Virtual kubelet: a virtual node technology for realizing the sharing of computing resources in a Kubernetes system.
Webhook: an HTTP (Hyper Text Transfer Protocol ) callback mechanism for receiving and processing admission requests.
Cross-modal model: comprehensive semantic understanding is carried out on the basis of fusing a plurality of single-mode features, and then specific tasks such as classification, matching, generation and the like are completed.
Next, the objects of the exemplary embodiments of the present disclosure will be explained and illustrated. Specifically, according to the service processing method provided by the exemplary embodiment of the present disclosure, the API (Application Programming Interface, application program interface) request may be authenticated through technologies such as a client certificate and an authentication agent, so that it may be ensured that the client is authorized; simultaneously, the authorized use time of the data by the client can be set; in addition, the client training codes are subjected to security audit and stored in a secure private mirror warehouse, so that the operation behavior is ensured to be safe and not tampered; further, through a Webhook mechanism of the Kubernetes API, the behavior restriction of automatic data mounting and training state viewing is realized; furthermore, the position of the data and the data content are transparent to the user, so that the privacy safety of the data is ensured, and the viewing behavior of the client on the training task is strictly limited.
Next, a service processing system of an exemplary embodiment of the present disclosure is explained and illustrated. Specifically, referring to fig. 2, the service processing system may include a client 210 and a server 220, where the client may be communicatively connected to the server by a wired network or a wireless network; the user terminal can be used for sending a service processing request to the server terminal and can also be used for sending a source code to be processed to the server terminal; the server side may be used to implement the service processing method described in the exemplary embodiments of the present disclosure.
In a possible example embodiment, the user terminal described herein may include a mobile terminal, such as a personal computer (Personal Computer, PC), a tablet computer, a mobile phone, or the like, and may also include a fixed terminal, such as a desktop computer, or the like, which is not particularly limited in this example. Meanwhile, in the practical application process, the user terminal for sending the service processing request and the user terminal for sending the source code to be processed described above may be the same user terminal or different user terminals, which is not limited in this example.
In an exemplary embodiment provided in the present disclosure, in order to improve security of a user terminal when performing communication interaction with a server terminal, it is first required to ensure that communication can be performed between the user terminal and the server terminal; that is, in the practical application process, before making a service request, the client and the server first need to determine that the identity of the other party is legal; under the premise, the user side can send a service processing request and source codes to be processed to the server side; in addition, when the user side wants to send the service processing request and the source code to be processed to the server side, the service processing request and the source code to be processed need to be encrypted through the first key. Therefore, in the practical application process, the first key needs to be generated first.
In an example embodiment, the specific generation process of the first key may be implemented as follows: firstly, receiving a first random number sent by a first user terminal, and generating a first secret key according to the first random number; and secondly, carrying out association storage on the first secret key and a first terminal identifier of the first user terminal, and sending the first secret key to the first user terminal so that the first user terminal encrypts a service processing request according to the first secret key. The receiving of the first random number sent by the first user terminal may be achieved by: firstly, receiving a first client certificate and a first client public key which are sent by a first user side, and sending a server certificate and a server public key to the first user side; secondly, the first client certificate and the first client public key are sent to a certificate authority, and a first verification result obtained after the certificate authority verifies the validity of the first client certificate and the first client public key is received; then, when the first verification result is determined to be that the first client certificate and the first client public key are legal, a first random number sent by the first client is received; the first random number is sent when the first client confirms that both the server side certificate and the server side public key are legal. Further, the generation of the first key according to the first random number may be achieved by: firstly, a server private key corresponding to a server public key is obtained, and the first random number is decrypted by utilizing the server private key; and secondly, generating a first secret key according to the decrypted first random number.
The specific generation process of the first key and the specific authentication process between the user side and the server side will be explained and described with reference to fig. 3. Specifically, referring to fig. 3, a specific generation process of the first key and a specific authentication process between the user side and the server side may include the following steps:
step S301, a first user side sends a first client side certificate and a first client side public key to a server;
step S302, a server side sends a server side certificate and a server side public key to a first user side;
step S303, the server side sends the first client certificate and the first client public key to a certificate authority;
step S304, the certificate authority verifies the first client certificate and the first client public key, and sends a first verification result corresponding to the first client certificate and the first client public key to the server;
step S305, the first user terminal sends the server certificate and the server public key to a certificate authority;
step S306, the certificate authority verifies the server side certificate and the server side public key, and sends a second verification result corresponding to the server side certificate and the server side public key to the first user side;
Step S307, when the first user terminal determines that the second checking result is that the server certificate and the server public key are legal, the first user terminal sends a first random number to the server terminal;
step S308, when the server determines that the first verification result is the first client certificate and the first client public key verification is passed, the server receives a first random number sent by a first user segment;
step S309, the server obtains a server private key corresponding to the server public key, and decrypts the first random number by using the server private key;
in step S310, the server generates a first key according to the decrypted first random number, and feeds back the first key to the first user.
So far, the specific generation process of the first key and the specific authentication process between the user side and the server side have been fully implemented. Based on the above description, it can be known that, because the first user side and the server side verify the certificate and the public key of the opposite party through the CA mechanism before communication, the identity of the opposite party can be ensured to be legal; meanwhile, the first user side, the server side and the server record public keys of the two parties, and the symmetric encryption secret key is negotiated in an asymmetric encryption mode, so that the secret key is ensured to be safe and not tampered; the server side and the first user side communicate in a symmetrical encryption mode through the negotiated first secret key; in addition, the security of the first secret key can be ensured because the first secret key is realized in an asymmetric encryption mode in the process of negotiating the first secret key; meanwhile, the method is realized in a symmetrical encryption mode in a specific communication process, so that the complexity of an algorithm is reduced; that is, by the above method, the complexity of the algorithm can be reduced on the basis of ensuring the safety of the communication process, and the processing efficiency of the service can be further improved.
The method is characterized in that in the actual application process, before using data, a user needs a server to issue a client certificate through a CA mechanism and set the validity period of the certificate; here, the validity period of the certificate described herein may be determined according to a certain item period; for example, in a certain project period, a specific first user side is allowed to request corresponding data from a server side or request model training, etc.
The specific generation process and storage process of the current task image involved in the exemplary embodiment of the present disclosure will be explained and described with reference to fig. 4. Specifically, referring to fig. 4, the specific generation process and storage process of the current task image may be implemented in the following manner:
step S410, receiving source codes to be processed, and acquiring a dependent software package and a deployment compiling environment corresponding to the source codes to be processed;
step S420, executing the compiling construction of the source code to be processed and the dependent software package in the deployment compiling environment, and generating an executable image associated with the source code to be processed;
step S430, generating a container generation script according to the executable image, and executing the container generation script to obtain a current task image corresponding to the source code to be processed;
Step S440, the identity of the sending end of the source code to be processed is checked, and when the identity check of the sending end of the source code to be processed is confirmed to pass, the current task image is uploaded to a preset private image warehouse.
Hereinafter, step S410 to step S440 will be explained and explained. Specifically, first, a source code to be processed is received; the source code to be processed described herein may be a source code for constructing a model training task, or may be a source code for executing a data query or a data statistics; in the actual application process, the corresponding source code to be processed can be written according to actual needs, and the example is not particularly limited to the corresponding source code; secondly, in the process of generating the current task image, acquiring a corresponding dependent software package and deploying a compiling environment to further obtain the current task image; the container generation script described herein may include Dockerfile, dockerrimage, etc., where in the actual application process, the corresponding container generation script may be determined according to the actual needs, and this example is not limited in particular; further, in the process of storing the current task image, the identity of the transmitting end of the source code to be processed needs to be verified; the sending end of the source code to be processed described herein may include a first user end, or may include other user ends, which is not limited in this example; the identity of the sender of the source code to be processed described herein may be verified by a client certificate corresponding to the sender of the source code to be processed, or may be verified by other means, which is not particularly limited in this example. Meanwhile, the method is realized in a private machine room arranged at the server side in the process of constructing the current task mirror image, so that the safety and the non-tamper property of the construction process of the current task mirror image can be ensured; furthermore, by carrying out identity verification on the sending end of the source code to be processed, verification on the validity and the safety of the source code to be processed can be realized, and further, malicious data content can be prevented from being output, so that the safety of a system is further enhanced; furthermore, the current task image is stored in a private image warehouse of the server side, and the uploading update of the image can be uploaded only when the authentication passes, so that the data security can be further ensured.
The method is characterized in that in the actual application process, in order to further ensure the security of the private image warehouse, whether the current task image included in the private image warehouse comprises missing malicious codes or exposed security holes is checked; specifically, the security of the current task image can be scanned periodically through a corresponding scanning tool, and when malicious codes or vulnerabilities are scanned, the malicious codes are timely deleted and vulnerability repair is executed.
The service processing method shown in fig. 1 will be further explained and explained with reference to fig. 2 to 4. Specific:
in step S110, a service processing request sent by a first user terminal is received, and the service processing request is decrypted, so as to obtain a service to be processed included in the service processing request.
In this example embodiment, when the first user side needs to request data from the server side or request model training, a service processing request may be sent to the server side; further, after the server receives the service processing request, the server decrypts the service processing request to obtain the service to be processed; the pending services described herein may include data request services, cross-modal model training services, and the like. Further, the data request service described herein may be, for example, a distribution of people requesting a certain age group in a certain region, a distribution of annual income intervals in a certain region, or a situation of employment people in a certain region; meanwhile, the cross-modal model training service described herein may refer to a model training service for performing multi-party combination, where a model trained by the model training service may include a convolutional neural network model, a cyclic neural network model, a deep neural network model, a decision tree model, and the like, and may be selected according to actual needs in an actual application process, which is not limited in this example.
In an example embodiment, decrypting the service processing request to obtain the service to be processed included in the service processing request may be implemented as follows: firstly, according to a first terminal identifier of the first user terminal, a first key required for decrypting the service processing request is obtained; and secondly, decrypting the service processing request by using the first key to obtain the service to be processed included in the service processing request. That is, the first key corresponding to the first user terminal may be matched based on the first terminal identifier, and then the service to be processed may be obtained by decrypting the first key. The service processing request is decrypted through the first secret key by adopting a symmetric encryption algorithm, and the method can reduce the complexity in the decryption process; meanwhile, the first secret key is obtained by adopting an asymmetric encryption algorithm, so that the security of the system can be ensured by adopting the symmetric encryption algorithm.
In step S120, a target task image and a target service data set required for executing the service to be processed are obtained, and a container task image corresponding to the service to be processed is constructed according to the target task image and the target service data.
In the present exemplary embodiment, first, a target task image and a target service data set required for executing a service to be processed are acquired; specifically, the method can be realized by the following steps: matching target task images required by executing the service to be processed from a preset private image warehouse according to the service category of the service to be processed by modifying the admission Webhook of the property, and matching target service data sets required by executing the service to be processed from a preset database; wherein the traffic class comprises a data request traffic class and/or a cross-modal model training request traffic class.
That is, in order to ensure the transparency of the original service data set held by the server to the first user during the service processing, firstly, an admission Webhook for modifying the property may be defined; then, when a service processing request sent by the first user terminal is received, an admittance Webhook with modification property is called, and then the admittance Webhook with modification property is based on, according to the service class of the service to be processed submitted by the first user terminal, a corresponding target task image and a target service data set are matched from a private image warehouse; the target task mirror image described herein refers to a task mirror image required for executing a service to be processed; when the service to be processed is a cross-mode model training service, the target task mirror image is a model training task mirror image.
In one possible example embodiment, the model training task images described above may include model training task images of different model classes in a plurality of different scenarios; for example, in a data prediction scenario, model training task images with convolutional neural network model categories, model training task images with cyclic neural network model categories, model training task images with deep neural network model categories, and model training task images with decision tree model categories may be included; for another example, in the data classification scenario, a model training task mirror image with a convolutional neural network model class, a model training task mirror image with a cyclic neural network model class, a model training task mirror image with a deep neural network model class, a model training task mirror image with a decision tree model class, and so on may also be included. In the actual application process, the corresponding task mirror image can be set according to actual needs, and the example is not particularly limited.
And secondly, constructing a container task mirror image corresponding to the service to be processed according to the target task mirror image and the target service data. Specifically, the method can be realized by the following steps: and carrying out instantiation processing on the target task image by utilizing the target service data, and arranging the instantiated target task image to obtain a container task image corresponding to the service to be processed. That is, the target business data and the target task mirror image can be instantiated based on the access Webhook with modified properties, so as to obtain the instantiated target task mirror image, and finally, the instantiated target task mirror image is arranged to obtain the container task mirror image; the instantiation processing described herein refers to applying target service data to a target task image to obtain a container task image with the same service scene as the service to be processed, thereby obtaining a corresponding service processing result.
It should be noted that, because the location information of the target service data and the data content of the target service data only exist in the private machine room of the server, and the generation of the container task image is realized based on the access Webhook of the modification property defined by the server, further, the malicious user cannot obtain the location information of the target service data and the data content of the target service data by snooping the corresponding task orchestration instruction, so that the security of the service data can be further improved.
In step S130, the container task mirroring is executed to obtain a service processing result corresponding to the service to be processed, and the service processing result is fed back to the first user side.
In this exemplary embodiment, first, the container task mirroring is performed to obtain a service processing result corresponding to the service to be processed. Specifically, the method can be realized by the following steps: firstly, selecting a target container required for executing the container task mirror image from a preset container group, and executing the container task mirror image in the target container to obtain a task execution container; and secondly, starting and executing the executable mirror image included in the task execution container to obtain a service processing result corresponding to the service to be processed. The task execution method comprises the steps of selecting a target container required for executing the container task mirror image from a preset container group, and executing the container task mirror image in the target container to obtain a task execution container, wherein the task execution container can be realized in the following manner: first, a container group consisting of a plurality of independent sub-containers is configured in a container coding engine; wherein the independent sub-containers included in the container group include a plurality of containers of different types, such as a data service processing container, a model training container, and the like, and of course, other containers, such as a test container, and the like, which is not particularly limited in this example; selecting a target container required for executing a container task mirror image from the container group according to the service class of the service to be processed, and executing the container task mirror image in the target container to obtain the task execution container; secondly, after the task execution container is obtained, an executable mirror image included in the task execution container can be started and executed to obtain a service processing result corresponding to the service to be processed, and the service processing result is encrypted and then fed back to the first user side; after the first user receives the service processing result, the service execution result can be displayed by decrypting the first key. And deleting the executable image in the task execution container when the executable image included in the task execution container is determined to be executed. By the method, the container can be recycled, the purpose of recycling resources when the resources are used up and used down is achieved, and the hardware cost is greatly reduced.
In one possible example embodiment, the task execution results described herein may include a first task execution result corresponding to a data request service and a second task execution result corresponding to a cross-modal model training service; wherein the first task execution result may include, but is not limited to, a person age distribution, an economic income distribution, a person density distribution, or the like; the second task execution result may include a model after parameter update, or the like, which is not particularly limited in this example.
In an example embodiment, during the process of executing the task mirror image of the container, there may be a scenario where the user needs to view the task execution status and/or log data. Specifically, referring to fig. 5, the task execution status and/or log data may be viewed by:
step S510, in the process of executing the task mirror image of the container, receiving a task viewing request sent by a first user side, and verifying the task viewing request based on an admission Webhook with verification property;
step S520, after the task checking request is confirmed to pass verification, generating a data checking instruction corresponding to the task checking request, and executing the data checking instruction to obtain log data and a current task execution state generated in the execution process of the container task mirror image;
Step S530, feeding back the log data and the current task execution state to the first user terminal, so as to display the log data and the current task execution state through the first user terminal.
Hereinafter, step S510 to step S530 will be explained and explained. Specifically, in the process of executing the task mirror image of the container (i.e. in the training executing process or the data processing process), if the first user side (the sending side of the service processing request) initiates the task checking request, a predefined validation property admitted Webhook can be called to validate the task checking request, and after the task checking request is validated, a data checking instruction is generated; the data checking instruction can be used for limiting the first user side to only check log data generated in the executing process of the container task mirror image and the current task executing state of the container task mirror image; and then, executing the data checking instruction to acquire log data and the current task execution state, and feeding back the log data and the current task execution state to the first user side. By the method, the first user side can be prevented from invading the task, the target data set is checked or tampered, and the aim of further improving the safety of the data is achieved.
So far, the service processing method described in the exemplary embodiments of the present disclosure has been fully implemented. As can be seen from the foregoing, the service processing method according to the exemplary embodiments of the present disclosure has at least the following advantages: on one hand, according to the business processing method disclosed by the example embodiment of the present disclosure, data stored in a server side can be shared in an abstract asset manner, and a user only knows the format of the data and cannot acquire and locate the data, so that the security of the data is improved; on the other hand, the business processing method described in the exemplary embodiment of the present disclosure can ensure that the user of the data is authorized, and the authorization is valid; on the other hand, the data position and the data content are in the private machine room of the data owner in the whole sharing training period, and the machine room network cannot attack or maliciously snoop the data; further, the behavior of data operation is strictly checked and limited, and the privacy security of the data is ensured.
Exemplary apparatus
The embodiment of the disclosure also provides a service processing device. In particular, referring to fig. 6, the service processing apparatus may include a service processing request decryption module 610, a container task image construction module 620, and a container task image execution module 630. Wherein:
The service processing request decryption module 610 may be configured to receive a service processing request sent by a first user side, and decrypt the service processing request to obtain a service to be processed included in the service processing request;
the container task image construction module 620 may be configured to obtain a target task image and a target service data set required for executing the service to be processed, and construct a container task image corresponding to the service to be processed according to the target task image and the target service data;
the container task image execution module 630 may be configured to execute the container task image to obtain a service processing result corresponding to the service to be processed, and feed back the service processing result to the first user side.
In one exemplary embodiment of the present disclosure, obtaining a target task image and a target service data set required to execute the service to be processed includes:
by modifying the property of the admitted Webhook, according to the service class of the service to be processed, matching the target task image required by executing the service to be processed from a preset private image warehouse, and matching the target service number required by executing the service to be processed from a preset database
A data set;
wherein the traffic class comprises a data request traffic class and/or a cross-modal model training request traffic class.
In an exemplary embodiment of the present disclosure, the service processing apparatus further includes:
the system comprises a source code receiving module to be processed, a compiling environment deploying module and a compiling module, wherein the source code receiving module to be processed is used for receiving source codes to be processed, acquiring dependent software packages corresponding to the source codes to be processed and deploying compiling environments;
the executable image generation module is used for executing the compiling construction of the source code to be processed and the dependent software package under the deployment compiling environment and generating an executable image associated with the source code to be processed;
the current task image generation module is used for generating a container generation script according to the executable image, and executing the container generation script to obtain a current task image corresponding to the source code to be processed;
and the current task image uploading module is used for checking the identity of the sending end of the source code to be processed, and uploading the current task image to a preset private image warehouse when the identity check of the sending end of the source code to be processed is confirmed to pass.
In an exemplary embodiment of the present disclosure, constructing a container task image corresponding to the service to be processed according to the target task image and target service data includes:
And carrying out instantiation processing on the target task image by utilizing the target service data, and arranging the instantiated target task image to obtain a container task image corresponding to the service to be processed.
In an exemplary embodiment of the present disclosure, performing the container task mirroring to obtain a service processing result corresponding to the service to be processed includes:
selecting a target container required for executing the container task mirror image from a preset container group, and executing the container task mirror image in the target container to obtain a task execution container;
and starting and executing the executable mirror image included in the task execution container to obtain a service processing result corresponding to the service to be processed.
In an exemplary embodiment of the present disclosure, the service processing apparatus further includes:
the task viewing request verification module is used for receiving a task viewing request sent by a first user side in the process of executing the container task mirror image, and verifying the task viewing request based on the admission Webhook with verification property;
the data checking instruction execution module is used for generating a data checking instruction corresponding to the task checking request after the task checking request is confirmed to pass verification, and executing the data checking instruction to obtain log data and a current task execution state generated in the execution process of the container task mirror image;
And the log data feedback module is used for feeding back the log data and the current task execution state to the first user side so as to display the log data and the current task execution state through the first user side.
In an exemplary embodiment of the present disclosure, decrypting the service processing request to obtain a service to be processed included in the service processing request includes:
acquiring a first key required for decrypting the service processing request according to a first terminal identifier of the first user terminal;
and decrypting the service processing request by using the first key to obtain the service to be processed included in the service processing request.
In an exemplary embodiment of the present disclosure, the service processing apparatus further includes:
the first key generation module is used for receiving a first random number sent by a first user terminal and generating a first key according to the first random number;
and the first key storage module is used for carrying out association storage on the first key and a first terminal identifier of the first user terminal, and sending the first key to the first user terminal so that the first user terminal encrypts a service processing request according to the first key.
In an exemplary embodiment of the present disclosure, receiving a first random number sent by a first user terminal includes:
receiving a first client certificate and a first client public key sent by a first user side, and sending a server certificate and a server public key to the first user side;
the first client certificate and the first client public key are sent to a certificate authority, and a first verification result obtained after the certificate authority verifies the validity of the first client certificate and the first client public key is received;
when the first verification result is determined to be that the first client certificate and the first client public key are legal, receiving a first random number sent by the first client; the first random number is sent when the first client confirms that both the server side certificate and the server side public key are legal.
In one exemplary embodiment of the present disclosure, the pending traffic includes a data request traffic and/or a cross-modality model training traffic.
The specific details of each module in the above service device are described in detail in the corresponding service processing method, so that the details are not repeated here.
Exemplary storage Medium
Having described the service processing method and the service processing apparatus of the exemplary embodiment of the present disclosure, next, a storage medium of the exemplary embodiment of the present disclosure will be described with reference to fig. 7.
Referring to fig. 7, a program product 700 for implementing the above-described method according to an embodiment of the present disclosure is described, which may employ a portable compact disc read-only memory (CD-ROM) and include program code, and may be run on a terminal device, such as a personal computer. However, the present disclosure
The program product is not limited thereto.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable signal medium may include a data signal propagated in baseband or as part of a carrier wave with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. The readable signal medium may also be any readable medium other than a readable storage medium.
Program code for carrying out operations of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the context of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN).
Exemplary electronic device
Having described the storage medium of the exemplary embodiments of the present disclosure, next, an electronic device of the exemplary embodiments of the present disclosure will be described with reference to the drawings.
Having described the storage medium of the exemplary embodiments of the present disclosure, next, an electronic device of the exemplary embodiments of the present disclosure will be described with reference to fig. 7.
The electronic device 800 shown in fig. 8 is merely an example and should not be construed to limit the functionality and scope of use of embodiments of the present disclosure in any way.
As shown in fig. 8, the electronic device 800 is embodied in the form of a general purpose computing device. Components of electronic device 800 may include, but are not limited to: the at least one processing unit 810, the at least one storage unit 820, a bus 830 connecting the different system components (including the storage unit 820 and the processing unit 810), and a display unit 840.
Wherein the storage unit 820 stores program code that is executable by the processing unit 810 such that the processing unit 810 performs steps according to various exemplary embodiments of the present disclosure described in the above section of the present specification. For example, the processing unit 810 may perform steps S110-S130 as shown in fig. 1.
The storage unit 820 may include volatile storage units such as a Random Access Memory (RAM) 8201 and/or a cache memory 8202, and may further include a Read Only Memory (ROM) 8203.
Storage unit 820 may also include a program/utility 8204 having a set (at least one) of program modules 8205, such program modules 8205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.
Bus 830 may include a data bus, an address bus, and a control bus.
Electronic device 800 may also communicate with one or more external devices 900 (e.g., keyboard, pointing device, bluetooth device, etc.) via an input/output (I/O) interface 850. Also, electronic device 800 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet, through network adapter 860. As shown, network adapter 860 communicates with other modules of electronic device 800 over bus 830. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 800, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
It should be noted that while several modules or sub-modules of a pop-up processing device are mentioned in the above detailed description, such a division is merely exemplary and not mandatory. Indeed, the features and functionality of two or more units/modules described above may be embodied in one unit/module in accordance with embodiments of the present disclosure. Conversely, the features and functions of one unit/module described above may be further divided into ones that are embodied by a plurality of units/modules.
It should be noted that although several units/modules or sub-units/modules of the apparatus are mentioned in the above detailed description, this division is merely exemplary and not mandatory. Indeed, the features and functionality of two or more units/modules described above may be embodied in one unit/module in accordance with embodiments of the present disclosure. Conversely, the features and functions of one unit/module described above may be further divided into ones that are embodied by a plurality of units/modules.
Furthermore, although the operations of the methods of the present disclosure are depicted in the drawings in a particular order, this is not required to or suggested that these operations must be performed in this particular order or that all of the illustrated operations must be performed in order to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform.
While the spirit and principles of the present disclosure have been described with reference to several particular embodiments, it is to be understood that this disclosure is not limited to the particular embodiments disclosed nor does it imply that features in these aspects are not to be combined to benefit from this division, which is done for convenience of description only. The disclosure is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.

Claims (10)

1. A business processing method, comprising:
receiving a service processing request sent by a first user terminal, and decrypting the service processing request to obtain a service to be processed included in the service processing request;
acquiring a target task image and a target service data set required by executing the service to be processed, and constructing a container task image corresponding to the service to be processed according to the target task image and the target service data;
and executing the container task mirror image to obtain a service processing result corresponding to the service to be processed, and feeding back the service processing result to the first user side.
2. The service processing method according to claim 1, wherein acquiring a target task image and a target service data set required for executing the service to be processed, comprises:
Matching target task images required by executing the service to be processed from a preset private image warehouse according to the service category of the service to be processed by modifying the admission Webhook of the property, and matching target service data sets required by executing the service to be processed from a preset database;
wherein the traffic class comprises a data request traffic class and/or a cross-modal model training request traffic class.
3. The service processing method according to claim 2, wherein the service processing method further comprises:
receiving a source code to be processed, and acquiring a dependent software package and a deployment compiling environment corresponding to the source code to be processed;
executing the compiling construction of the source code to be processed and the dependent software package under the deployment compiling environment, and generating an executable image associated with the source code to be processed;
generating a container generation script according to the executable image, and executing the container generation script to obtain a current task image corresponding to the source code to be processed;
and verifying the identity of the sending end of the source code to be processed, and uploading the current task image to a preset private image warehouse when the identity verification of the sending end of the source code to be processed is confirmed to pass.
4. The service processing method according to claim 1, wherein constructing a container task image corresponding to the service to be processed according to the target task image and target service data comprises:
and carrying out instantiation processing on the target task image by utilizing the target service data, and arranging the instantiated target task image to obtain a container task image corresponding to the service to be processed.
5. The service processing method according to claim 1, wherein executing the container task image to obtain a service processing result corresponding to the service to be processed includes:
selecting a target container required for executing the container task mirror image from a preset container group, and executing the container task mirror image in the target container to obtain a task execution container;
and starting and executing the executable mirror image included in the task execution container to obtain a service processing result corresponding to the service to be processed.
6. The service processing method according to claim 1, wherein the service processing method further comprises:
in the process of executing the task mirror image of the container, receiving a task viewing request sent by a first user side, and verifying the task viewing request based on an admission Webhook with verification property;
After the task checking request is confirmed to pass verification, generating a data checking instruction corresponding to the task checking request, and executing the data checking instruction to obtain log data generated in the executing process of the container task mirror image and the current task executing state;
and feeding back the log data and the current task execution state to the first user side so as to display the log data and the current task execution state through the first user side.
7. The service processing method according to claim 1, wherein decrypting the service processing request to obtain the service to be processed included in the service processing request includes:
acquiring a first key required for decrypting the service processing request according to a first terminal identifier of the first user terminal;
and decrypting the service processing request by using the first key to obtain the service to be processed included in the service processing request.
8. A traffic processing apparatus comprising:
the service processing request decryption module is used for receiving a service processing request sent by a first user terminal, decrypting the service processing request and obtaining a service to be processed included in the service processing request;
The container task mirror image construction module is used for acquiring a target task mirror image and a target service data set required by executing the service to be processed, and constructing a container task mirror image corresponding to the service to be processed according to the target task mirror image and the target service data;
and the container task mirror image execution module is used for executing the container task mirror image to obtain a service processing result corresponding to the service to be processed, and feeding back the service processing result to the first user side.
9. A computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the service processing method of any of claims 1-7.
10. An electronic device, comprising:
a processor; and
a memory for storing executable instructions of the processor;
wherein the processor is configured to perform the traffic processing method of any of claims 1-7 via execution of the executable instructions.
CN202310211421.8A 2023-02-24 2023-02-24 Service processing method and device, computer readable storage medium and electronic equipment Pending CN116301890A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310211421.8A CN116301890A (en) 2023-02-24 2023-02-24 Service processing method and device, computer readable storage medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310211421.8A CN116301890A (en) 2023-02-24 2023-02-24 Service processing method and device, computer readable storage medium and electronic equipment

Publications (1)

Publication Number Publication Date
CN116301890A true CN116301890A (en) 2023-06-23

Family

ID=86812603

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310211421.8A Pending CN116301890A (en) 2023-02-24 2023-02-24 Service processing method and device, computer readable storage medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN116301890A (en)

Similar Documents

Publication Publication Date Title
WO2021000337A1 (en) System and method for mapping decentralized identifiers to real-world entities
US20210319132A1 (en) Methods and Devices For Managing User Identity Authentication Data
CN109274652B (en) Identity information verification system, method and device and computer storage medium
CN111277573B (en) Resource locator with key
CN104520805B (en) According to the security application ecosystem with key and data exchange of company information control strategy
US20140282840A1 (en) Managing data handling policies
US9100171B1 (en) Computer-implemented forum for enabling secure exchange of information
CN111355726B (en) Identity authorization login method and device, electronic equipment and storage medium
CN105027096A (en) Securing results of privileged computing operations
CN103051600A (en) File access control method and system
CN110708162B (en) Resource acquisition method and device, computer readable medium and electronic equipment
US10990692B2 (en) Managing data handling policies
CN112182635B (en) Method, device, equipment and medium for realizing joint modeling
JP7223067B2 (en) Methods, apparatus, electronics, computer readable storage media and computer programs for processing user requests
CN111600900A (en) Single sign-on method, server and system based on block chain
CN114240347A (en) Business service secure docking method and device, computer equipment and storage medium
CN112261002B (en) Data interface docking method and device
US11888997B1 (en) Certificate manager
CN112994882B (en) Authentication method, device, medium and equipment based on block chain
CN112583816B (en) Login verification method, login verification device, electronic equipment and storage medium
KR102211033B1 (en) Agency service system for accredited certification procedures
CN116301890A (en) Service processing method and device, computer readable storage medium and electronic equipment
CN115935379A (en) Service processing method, device, equipment and computer readable storage medium
CN112767142A (en) Processing method, device, computing equipment and medium for transaction file
US20140282838A1 (en) Managing data handling policies

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination