CN116301890A - Service processing method and device, computer readable storage medium and electronic equipment - Google Patents
Service processing method and device, computer readable storage medium and electronic equipment Download PDFInfo
- Publication number
- CN116301890A CN116301890A CN202310211421.8A CN202310211421A CN116301890A CN 116301890 A CN116301890 A CN 116301890A CN 202310211421 A CN202310211421 A CN 202310211421A CN 116301890 A CN116301890 A CN 116301890A
- Authority
- CN
- China
- Prior art keywords
- service
- task
- processed
- service processing
- container
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 43
- 238000012545 processing Methods 0.000 claims abstract description 161
- 238000000034 method Methods 0.000 claims abstract description 69
- 230000008569 process Effects 0.000 claims description 46
- 238000012549 training Methods 0.000 claims description 38
- 238000012795 verification Methods 0.000 claims description 28
- 238000013515 script Methods 0.000 claims description 15
- 238000010276 construction Methods 0.000 claims description 11
- 230000001419 dependent effect Effects 0.000 claims description 11
- 238000004590 computer program Methods 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 description 9
- 238000004422 calculation algorithm Methods 0.000 description 7
- 230000006399 behavior Effects 0.000 description 6
- 230000006854 communication Effects 0.000 description 6
- 238000003062 neural network model Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 238000013527 convolutional neural network Methods 0.000 description 3
- 125000004122 cyclic group Chemical group 0.000 description 3
- 238000003066 decision tree Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000012550 audit Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 238000004064 recycling Methods 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/41—Compilation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The disclosure relates to a business processing method and device, a computer readable storage medium and electronic equipment, and relates to the technical field of computers; the method comprises the following steps: receiving a service processing request sent by a first user terminal, and decrypting the service processing request to obtain a service to be processed included in the service processing request; acquiring a target task image and a target service data set required by executing the service to be processed, and constructing a container task image corresponding to the service to be processed according to the target task image and the target service data; and executing the container task mirror image to obtain a service processing result corresponding to the service to be processed, and feeding back the service processing result to the first user side. The present disclosure improves the security of data.
Description
Technical Field
Embodiments of the present disclosure relate to the field of computer technology, and more particularly, to a service processing method, a service processing apparatus, a computer readable storage medium, and an electronic device.
Background
This section is intended to provide a background or context to the embodiments of the disclosure recited in the claims. The description herein is not admitted to be prior art by inclusion in this section.
In the existing service processing method, although the user behavior can be audited based on the multiparty co-construction technology of Virtual Kubelet of the Virtual node for realizing resource sharing; however, the method cannot fundamentally prevent data leakage, and further reduces the security of data at the server side.
Disclosure of Invention
However, in the prior art, on one hand, since the data at the server end can be checked by the audited user, the data leakage cannot be fundamentally prevented, and the security of the data at the server end is further reduced; on the other hand, when the server side executes service processing, a mirror image cannot be generated according to the matching of the requested service with the corresponding container task, so that the accuracy of the obtained service processing result is lower.
Therefore, an improved service processing method is very needed to construct a container task image according to a target task image corresponding to a service to be processed and target service data, and then execute the container task image to obtain a service processing result, so that the accuracy of the service processing result is improved on the basis of ensuring the safety of the data.
In this context, embodiments of the present disclosure desirably provide a service processing method, a service processing apparatus, a computer-readable storage medium, and an electronic device.
According to one aspect of the present disclosure, there is provided a service processing method, including:
receiving a service processing request sent by a first user terminal, and decrypting the service processing request to obtain a service to be processed included in the service processing request;
acquiring a target task image and a target service data set required by executing the service to be processed, and constructing a container task image corresponding to the service to be processed according to the target task image and the target service data;
and executing the container task mirror image to obtain a service processing result corresponding to the service to be processed, and feeding back the service processing result to the first user side.
In one exemplary embodiment of the present disclosure, obtaining a target task image and a target service data set required to execute the service to be processed includes:
matching target task images required by executing the service to be processed from a preset private image warehouse according to the service category of the service to be processed by modifying the admission Webhook of the property, and matching target service data sets required by executing the service to be processed from a preset database;
Wherein the traffic class comprises a data request traffic class and/or a cross-modal model training request traffic class.
In an exemplary embodiment of the present disclosure, the service processing method further includes:
receiving a source code to be processed, and acquiring a dependent software package and a deployment compiling environment corresponding to the source code to be processed;
executing the compiling construction of the source code to be processed and the dependent software package under the deployment compiling environment, and generating an executable image associated with the source code to be processed;
generating a container generation script according to the executable image, and executing the container generation script to obtain a current task image corresponding to the source code to be processed;
and verifying the identity of the sending end of the source code to be processed, and uploading the current task image to a preset private image warehouse when the identity verification of the sending end of the source code to be processed is confirmed to pass.
In an exemplary embodiment of the present disclosure, constructing a container task image corresponding to the service to be processed according to the target task image and target service data includes:
and carrying out instantiation processing on the target task image by utilizing the target service data, and arranging the instantiated target task image to obtain a container task image corresponding to the service to be processed.
In an exemplary embodiment of the present disclosure, performing the container task mirroring to obtain a service processing result corresponding to the service to be processed includes:
selecting a target container required for executing the container task mirror image from a preset container group, and executing the container task mirror image in the target container to obtain a task execution container;
and starting and executing the executable mirror image included in the task execution container to obtain a service processing result corresponding to the service to be processed.
In an exemplary embodiment of the present disclosure, the service processing method further includes:
in the process of executing the task mirror image of the container, receiving a task viewing request sent by a first user side, and verifying the task viewing request based on an admission Webhook with verification property;
after the task checking request is confirmed to pass verification, generating a data checking instruction corresponding to the task checking request, and executing the data checking instruction to obtain log data generated in the executing process of the container task mirror image and the current task executing state;
and feeding back the log data and the current task execution state to the first user side so as to display the log data and the current task execution state through the first user side.
In an exemplary embodiment of the present disclosure, decrypting the service processing request to obtain a service to be processed included in the service processing request includes:
acquiring a first key required for decrypting the service processing request according to a first terminal identifier of the first user terminal;
and decrypting the service processing request by using the first key to obtain the service to be processed included in the service processing request.
In an exemplary embodiment of the present disclosure, the service processing method further includes:
receiving a first random number sent by a first user side, and generating a first secret key according to the first random number;
and performing associated storage on the first key and a first terminal identifier of the first user terminal, and sending the first key to the first user terminal so that the first user terminal encrypts a service processing request according to the first key.
In an exemplary embodiment of the present disclosure, receiving a first random number sent by a first user terminal includes:
receiving a first client certificate and a first client public key sent by a first user side, and sending a server certificate and a server public key to the first user side;
The first client certificate and the first client public key are sent to a certificate authority, and a first verification result obtained after the certificate authority verifies the validity of the first client certificate and the first client public key is received;
when the first verification result is determined to be that the first client certificate and the first client public key are legal, receiving a first random number sent by the first client; the first random number is sent when the first client confirms that both the server side certificate and the server side public key are legal.
In an exemplary embodiment of the present disclosure, generating a first key from the first random number includes:
obtaining a server private key corresponding to the server public key, and decrypting the first random number by using the server private key;
and generating a first secret key according to the decrypted first random number.
In one exemplary embodiment of the present disclosure, the pending traffic includes a data request traffic and/or a cross-modality model training traffic.
According to an aspect of the present disclosure, there is provided a service processing apparatus including:
the service processing request decryption module is used for receiving a service processing request sent by a first user terminal, decrypting the service processing request and obtaining a service to be processed included in the service processing request;
The container task mirror image construction module is used for acquiring a target task mirror image and a target service data set required by executing the service to be processed, and constructing a container task mirror image corresponding to the service to be processed according to the target task mirror image and the target service data;
and the container task mirror image execution module is used for executing the container task mirror image to obtain a service processing result corresponding to the service to be processed, and feeding back the service processing result to the first user side.
In one exemplary embodiment of the present disclosure, obtaining a target task image and a target service data set required to execute the service to be processed includes:
matching target task images required by executing the service to be processed from a preset private image warehouse according to the service category of the service to be processed by modifying the admission Webhook of the property, and matching target service data sets required by executing the service to be processed from a preset database;
wherein the traffic class comprises a data request traffic class and/or a cross-modal model training request traffic class.
In an exemplary embodiment of the present disclosure, the service processing apparatus further includes:
The system comprises a source code receiving module to be processed, a compiling environment deploying module and a compiling module, wherein the source code receiving module to be processed is used for receiving source codes to be processed, acquiring dependent software packages corresponding to the source codes to be processed and deploying compiling environments;
the executable image generation module is used for executing the compiling construction of the source code to be processed and the dependent software package under the deployment compiling environment and generating an executable image associated with the source code to be processed;
the current task image generation module is used for generating a container generation script according to the executable image, and executing the container generation script to obtain a current task image corresponding to the source code to be processed;
and the current task image uploading module is used for checking the identity of the sending end of the source code to be processed, and uploading the current task image to a preset private image warehouse when the identity check of the sending end of the source code to be processed is confirmed to pass.
In an exemplary embodiment of the present disclosure, constructing a container task image corresponding to the service to be processed according to the target task image and target service data includes:
and carrying out instantiation processing on the target task image by utilizing the target service data, and arranging the instantiated target task image to obtain a container task image corresponding to the service to be processed.
In an exemplary embodiment of the present disclosure, performing the container task mirroring to obtain a service processing result corresponding to the service to be processed includes:
selecting a target container required for executing the container task mirror image from a preset container group, and executing the container task mirror image in the target container to obtain a task execution container;
and starting and executing the executable mirror image included in the task execution container to obtain a service processing result corresponding to the service to be processed.
In an exemplary embodiment of the present disclosure, the service processing apparatus further includes:
the task viewing request verification module is used for receiving a task viewing request sent by a first user side in the process of executing the container task mirror image, and verifying the task viewing request based on the admission Webhook with verification property;
the data checking instruction execution module is used for generating a data checking instruction corresponding to the task checking request after the task checking request is confirmed to pass verification, and executing the data checking instruction to obtain log data and a current task execution state generated in the execution process of the container task mirror image;
And the log data feedback module is used for feeding back the log data and the current task execution state to the first user side so as to display the log data and the current task execution state through the first user side.
In an exemplary embodiment of the present disclosure, decrypting the service processing request to obtain a service to be processed included in the service processing request includes:
acquiring a first key required for decrypting the service processing request according to a first terminal identifier of the first user terminal;
and decrypting the service processing request by using the first key to obtain the service to be processed included in the service processing request.
In an exemplary embodiment of the present disclosure, the service processing apparatus further includes:
the first key generation module is used for receiving a first random number sent by a first user terminal and generating a first key according to the first random number;
and the first key storage module is used for carrying out association storage on the first key and a first terminal identifier of the first user terminal, and sending the first key to the first user terminal so that the first user terminal encrypts a service processing request according to the first key.
In an exemplary embodiment of the present disclosure, receiving a first random number sent by a first user terminal includes:
receiving a first client certificate and a first client public key sent by a first user side, and sending a server certificate and a server public key to the first user side;
the first client certificate and the first client public key are sent to a certificate authority, and a first verification result obtained after the certificate authority verifies the validity of the first client certificate and the first client public key is received;
when the first verification result is determined to be that the first client certificate and the first client public key are legal, receiving a first random number sent by the first client; the first random number is sent when the first client confirms that both the server side certificate and the server side public key are legal.
In one exemplary embodiment of the present disclosure, the pending traffic includes a data request traffic and/or a cross-modality model training traffic.
According to one aspect of the present disclosure, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the service processing method of any one of the above.
According to one aspect of the present disclosure, there is provided an electronic device including:
a processor; and
a memory for storing executable instructions of the processor;
wherein the processor is configured to perform the business processing method of any of the above via execution of the executable instructions.
According to the service processing method and the service processing device, the service to be processed included in the service processing request can be obtained by receiving the service processing request sent by the first user terminal and decrypting the service processing request; acquiring a target task image and a target service data set required by executing a service to be processed, and constructing a container task image corresponding to the service to be processed according to the target task image and the target service data; executing the container task mirror image to obtain a service processing result corresponding to the service to be processed, and feeding back the service processing result to the first user side without directly feeding back the target service data set to the first user side, so that the problem that data leakage cannot be fundamentally prevented because the data at the server side can be checked by an audited user, the safety problem of the data at the server side is further reduced, the problem that the mirror image is generated according to the corresponding container task matched with the requested service is further reduced, and the problem that the accuracy of the obtained service processing result is lower is solved, and better experience is brought to the user.
Drawings
The above, as well as additional purposes, features, and advantages of exemplary embodiments of the present disclosure will become readily apparent from the following detailed description when read in conjunction with the accompanying drawings. Several embodiments of the present disclosure are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings, in which:
fig. 1 schematically illustrates a flow chart of a business processing method according to an example embodiment of the present disclosure;
FIG. 2 schematically illustrates an example diagram of a business processing system according to an example embodiment of the present disclosure;
FIG. 3 schematically illustrates an example diagram of interactions of a specific generation process of a first key and a specific authentication process between a client and a server according to an example embodiment of the present disclosure;
FIG. 4 schematically illustrates an example diagram of a specific generation process and storage process of a current task image according to an example embodiment of the present disclosure;
FIG. 5 schematically illustrates an example diagram of viewing task execution status and/or log data, according to an example embodiment of the present disclosure;
fig. 6 schematically illustrates a block diagram of a business processing apparatus according to an example embodiment of the present disclosure;
FIG. 7 schematically illustrates a computer readable storage medium for storing the above-described business processing method according to an example embodiment of the present disclosure;
Fig. 8 schematically illustrates an electronic device for implementing the above-described service processing method according to an exemplary embodiment of the present disclosure.
In the drawings, the same or corresponding reference numerals indicate the same or corresponding parts.
Detailed Description
The principles and spirit of the present disclosure will be described below with reference to several exemplary embodiments. It should be understood that these embodiments are presented merely to enable one skilled in the art to better understand and practice the present disclosure and are not intended to limit the scope of the present disclosure in any way. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art. Of course, the data related to the disclosure may be data authorized by the user or fully authorized by each party, and the collection, transmission, use, etc. of the data all conform to the requirements of relevant national laws and regulations, and the embodiments of the disclosure may be combined with each other.
Those skilled in the art will appreciate that embodiments of the present disclosure may be implemented as a system, apparatus, device, method, or computer program product. Accordingly, the present disclosure may be embodied in the following forms, namely: complete hardware, complete software (including firmware, resident software, micro-code, etc.), or a combination of hardware and software.
According to an embodiment of the present disclosure, a service processing method, a service processing apparatus, a computer-readable storage medium, and an electronic device are provided.
Any number of elements in the figures are for illustration and not limitation, and any naming is used for distinction only, and not for any limiting sense.
The principles and spirit of the present disclosure are explained in detail below with reference to several representative embodiments thereof.
Summary of The Invention
The applicant first considers that cross-modal model training is well-landed in the industry as well as in various departments within the enterprise. In the actual application process, based on the data diversity requirement of cross-modal model training, data sharing training is required to be carried out in each department; of course, according to the data security method, data sharing training needs to ensure data security; therefore, in order to solve the data security problem, in some schemes, privacy computation is realized through a secure multiparty computing technology, but the specific implementation of the mode is very complex; in other schemes, data sharing and model co-building can be performed in a multi-party co-building cluster mode based on Virtual Kubelet technology; however, although the multi-party co-building technology based on Virtual Kubelet can audit the behavior of a client, the client cannot be limited to view data and other operations, so that the data cannot be fundamentally prevented from being leaked, and the data privacy cannot be truly protected.
Based on this, an exemplary embodiment of the present disclosure provides a service processing method, on one hand, by receiving a service processing request sent by a first user terminal, and decrypting the service processing request, to obtain a service to be processed included in the service processing request; then, acquiring a target task mirror image and a target service data set required by executing the service to be processed, and constructing a container task mirror image corresponding to the service to be processed according to the target task mirror image and the target service data; finally, executing the container task mirror image to obtain a service processing result corresponding to the service to be processed, and feeding back the service processing result to the first user terminal, wherein the server terminal can generate a corresponding container task mirror image according to the target task mirror image corresponding to the service processing request and the target service data set, and further execute the container task mirror image to obtain the service processing result, so that the safety of the data can be ensured without a secure multiparty computing technology; on the other hand, the execution of the target task mirror image can be directly completed at the server side, so that the data leakage can be fundamentally prevented, and the protection of the data privacy is further realized; on the other hand, the corresponding container task mirror image can be generated according to the target task mirror image corresponding to the service processing request and the target service data set, and then the container task mirror image is executed to obtain the service processing result, so that the accuracy of the obtained service processing result is improved.
Having described the basic principles of the present disclosure, various non-limiting embodiments of the present disclosure are specifically described below.
Exemplary method
In this exemplary embodiment, a service processing method is provided first, where the method may operate on a server, a server cluster, or a cloud server; of course, those skilled in the art may also operate the methods of the present disclosure on other platforms as desired, which is not particularly limited in the present exemplary embodiment. Specifically, referring to fig. 1, the service processing method may include the following steps:
s110, receiving a service processing request sent by a first user terminal, and decrypting the service processing request to obtain a service to be processed included in the service processing request;
s120, acquiring a target task image and a target service data set required by executing the service to be processed, and constructing a container task image corresponding to the service to be processed according to the target task image and the target service data;
s130, executing the container task mirror image to obtain a service processing result corresponding to the service to be processed, and feeding back the service processing result to the first user side.
In the service processing method, the service to be processed included in the service processing request can be obtained by receiving the service processing request sent by the first user terminal and decrypting the service processing request; acquiring a target task image and a target service data set required by executing a service to be processed, and constructing a container task image corresponding to the service to be processed according to the target task image and the target service data; executing the container task mirror image to obtain a service processing result corresponding to the service to be processed, and feeding back the service processing result to the first user side without directly feeding back the target service data set to the first user side, so that the problem that data leakage cannot be fundamentally prevented because the data at the server side can be checked by an audited user, the safety problem of the data at the server side is further reduced, the problem that the mirror image is generated according to the corresponding container task matched with the requested service is further reduced, and the problem that the accuracy of the obtained service processing result is lower is solved, and better experience is brought to the user.
Hereinafter, a service processing method according to an exemplary embodiment of the present disclosure will be explained and illustrated in detail with reference to the accompanying drawings.
First, proper nouns to which exemplary embodiments of the present disclosure relate are explained.
TLS (Transport Layer Security, network transport layer security) protocol: an encryption protocol widely used on the internet authenticates servers in client-server connections and encrypts communications between clients and servers.
Digital certificate: multiple cryptographic algorithms are integrated, and the cryptographic algorithm is used for realizing a safety standard of multiple functions such as data encryption and decryption, identity authentication, signature and the like.
CA (Certificate Authority): the certificate authority is an authority responsible for issuing and managing digital certificates and serves as a trusted third party to bear responsibility for verifying the legitimacy of the public keys in the public key system.
Mirror image: the method refers to container mirror images in the container technology, user codes are compiled into executable files or scripts, and meanwhile, the execution environments on which the executable files or scripts depend are packaged into mirror images through a packaging tool; the image may be run by a containerization technique, executing user-executable files or scripts.
Kubernetes: is an open-source container orchestration engine for automated deployment, scaling and management of containerized applications.
Virtual kubelet: a virtual node technology for realizing the sharing of computing resources in a Kubernetes system.
Webhook: an HTTP (Hyper Text Transfer Protocol ) callback mechanism for receiving and processing admission requests.
Cross-modal model: comprehensive semantic understanding is carried out on the basis of fusing a plurality of single-mode features, and then specific tasks such as classification, matching, generation and the like are completed.
Next, the objects of the exemplary embodiments of the present disclosure will be explained and illustrated. Specifically, according to the service processing method provided by the exemplary embodiment of the present disclosure, the API (Application Programming Interface, application program interface) request may be authenticated through technologies such as a client certificate and an authentication agent, so that it may be ensured that the client is authorized; simultaneously, the authorized use time of the data by the client can be set; in addition, the client training codes are subjected to security audit and stored in a secure private mirror warehouse, so that the operation behavior is ensured to be safe and not tampered; further, through a Webhook mechanism of the Kubernetes API, the behavior restriction of automatic data mounting and training state viewing is realized; furthermore, the position of the data and the data content are transparent to the user, so that the privacy safety of the data is ensured, and the viewing behavior of the client on the training task is strictly limited.
Next, a service processing system of an exemplary embodiment of the present disclosure is explained and illustrated. Specifically, referring to fig. 2, the service processing system may include a client 210 and a server 220, where the client may be communicatively connected to the server by a wired network or a wireless network; the user terminal can be used for sending a service processing request to the server terminal and can also be used for sending a source code to be processed to the server terminal; the server side may be used to implement the service processing method described in the exemplary embodiments of the present disclosure.
In a possible example embodiment, the user terminal described herein may include a mobile terminal, such as a personal computer (Personal Computer, PC), a tablet computer, a mobile phone, or the like, and may also include a fixed terminal, such as a desktop computer, or the like, which is not particularly limited in this example. Meanwhile, in the practical application process, the user terminal for sending the service processing request and the user terminal for sending the source code to be processed described above may be the same user terminal or different user terminals, which is not limited in this example.
In an exemplary embodiment provided in the present disclosure, in order to improve security of a user terminal when performing communication interaction with a server terminal, it is first required to ensure that communication can be performed between the user terminal and the server terminal; that is, in the practical application process, before making a service request, the client and the server first need to determine that the identity of the other party is legal; under the premise, the user side can send a service processing request and source codes to be processed to the server side; in addition, when the user side wants to send the service processing request and the source code to be processed to the server side, the service processing request and the source code to be processed need to be encrypted through the first key. Therefore, in the practical application process, the first key needs to be generated first.
In an example embodiment, the specific generation process of the first key may be implemented as follows: firstly, receiving a first random number sent by a first user terminal, and generating a first secret key according to the first random number; and secondly, carrying out association storage on the first secret key and a first terminal identifier of the first user terminal, and sending the first secret key to the first user terminal so that the first user terminal encrypts a service processing request according to the first secret key. The receiving of the first random number sent by the first user terminal may be achieved by: firstly, receiving a first client certificate and a first client public key which are sent by a first user side, and sending a server certificate and a server public key to the first user side; secondly, the first client certificate and the first client public key are sent to a certificate authority, and a first verification result obtained after the certificate authority verifies the validity of the first client certificate and the first client public key is received; then, when the first verification result is determined to be that the first client certificate and the first client public key are legal, a first random number sent by the first client is received; the first random number is sent when the first client confirms that both the server side certificate and the server side public key are legal. Further, the generation of the first key according to the first random number may be achieved by: firstly, a server private key corresponding to a server public key is obtained, and the first random number is decrypted by utilizing the server private key; and secondly, generating a first secret key according to the decrypted first random number.
The specific generation process of the first key and the specific authentication process between the user side and the server side will be explained and described with reference to fig. 3. Specifically, referring to fig. 3, a specific generation process of the first key and a specific authentication process between the user side and the server side may include the following steps:
step S301, a first user side sends a first client side certificate and a first client side public key to a server;
step S302, a server side sends a server side certificate and a server side public key to a first user side;
step S303, the server side sends the first client certificate and the first client public key to a certificate authority;
step S304, the certificate authority verifies the first client certificate and the first client public key, and sends a first verification result corresponding to the first client certificate and the first client public key to the server;
step S305, the first user terminal sends the server certificate and the server public key to a certificate authority;
step S306, the certificate authority verifies the server side certificate and the server side public key, and sends a second verification result corresponding to the server side certificate and the server side public key to the first user side;
Step S307, when the first user terminal determines that the second checking result is that the server certificate and the server public key are legal, the first user terminal sends a first random number to the server terminal;
step S308, when the server determines that the first verification result is the first client certificate and the first client public key verification is passed, the server receives a first random number sent by a first user segment;
step S309, the server obtains a server private key corresponding to the server public key, and decrypts the first random number by using the server private key;
in step S310, the server generates a first key according to the decrypted first random number, and feeds back the first key to the first user.
So far, the specific generation process of the first key and the specific authentication process between the user side and the server side have been fully implemented. Based on the above description, it can be known that, because the first user side and the server side verify the certificate and the public key of the opposite party through the CA mechanism before communication, the identity of the opposite party can be ensured to be legal; meanwhile, the first user side, the server side and the server record public keys of the two parties, and the symmetric encryption secret key is negotiated in an asymmetric encryption mode, so that the secret key is ensured to be safe and not tampered; the server side and the first user side communicate in a symmetrical encryption mode through the negotiated first secret key; in addition, the security of the first secret key can be ensured because the first secret key is realized in an asymmetric encryption mode in the process of negotiating the first secret key; meanwhile, the method is realized in a symmetrical encryption mode in a specific communication process, so that the complexity of an algorithm is reduced; that is, by the above method, the complexity of the algorithm can be reduced on the basis of ensuring the safety of the communication process, and the processing efficiency of the service can be further improved.
The method is characterized in that in the actual application process, before using data, a user needs a server to issue a client certificate through a CA mechanism and set the validity period of the certificate; here, the validity period of the certificate described herein may be determined according to a certain item period; for example, in a certain project period, a specific first user side is allowed to request corresponding data from a server side or request model training, etc.
The specific generation process and storage process of the current task image involved in the exemplary embodiment of the present disclosure will be explained and described with reference to fig. 4. Specifically, referring to fig. 4, the specific generation process and storage process of the current task image may be implemented in the following manner:
step S410, receiving source codes to be processed, and acquiring a dependent software package and a deployment compiling environment corresponding to the source codes to be processed;
step S420, executing the compiling construction of the source code to be processed and the dependent software package in the deployment compiling environment, and generating an executable image associated with the source code to be processed;
step S430, generating a container generation script according to the executable image, and executing the container generation script to obtain a current task image corresponding to the source code to be processed;
Step S440, the identity of the sending end of the source code to be processed is checked, and when the identity check of the sending end of the source code to be processed is confirmed to pass, the current task image is uploaded to a preset private image warehouse.
Hereinafter, step S410 to step S440 will be explained and explained. Specifically, first, a source code to be processed is received; the source code to be processed described herein may be a source code for constructing a model training task, or may be a source code for executing a data query or a data statistics; in the actual application process, the corresponding source code to be processed can be written according to actual needs, and the example is not particularly limited to the corresponding source code; secondly, in the process of generating the current task image, acquiring a corresponding dependent software package and deploying a compiling environment to further obtain the current task image; the container generation script described herein may include Dockerfile, dockerrimage, etc., where in the actual application process, the corresponding container generation script may be determined according to the actual needs, and this example is not limited in particular; further, in the process of storing the current task image, the identity of the transmitting end of the source code to be processed needs to be verified; the sending end of the source code to be processed described herein may include a first user end, or may include other user ends, which is not limited in this example; the identity of the sender of the source code to be processed described herein may be verified by a client certificate corresponding to the sender of the source code to be processed, or may be verified by other means, which is not particularly limited in this example. Meanwhile, the method is realized in a private machine room arranged at the server side in the process of constructing the current task mirror image, so that the safety and the non-tamper property of the construction process of the current task mirror image can be ensured; furthermore, by carrying out identity verification on the sending end of the source code to be processed, verification on the validity and the safety of the source code to be processed can be realized, and further, malicious data content can be prevented from being output, so that the safety of a system is further enhanced; furthermore, the current task image is stored in a private image warehouse of the server side, and the uploading update of the image can be uploaded only when the authentication passes, so that the data security can be further ensured.
The method is characterized in that in the actual application process, in order to further ensure the security of the private image warehouse, whether the current task image included in the private image warehouse comprises missing malicious codes or exposed security holes is checked; specifically, the security of the current task image can be scanned periodically through a corresponding scanning tool, and when malicious codes or vulnerabilities are scanned, the malicious codes are timely deleted and vulnerability repair is executed.
The service processing method shown in fig. 1 will be further explained and explained with reference to fig. 2 to 4. Specific:
in step S110, a service processing request sent by a first user terminal is received, and the service processing request is decrypted, so as to obtain a service to be processed included in the service processing request.
In this example embodiment, when the first user side needs to request data from the server side or request model training, a service processing request may be sent to the server side; further, after the server receives the service processing request, the server decrypts the service processing request to obtain the service to be processed; the pending services described herein may include data request services, cross-modal model training services, and the like. Further, the data request service described herein may be, for example, a distribution of people requesting a certain age group in a certain region, a distribution of annual income intervals in a certain region, or a situation of employment people in a certain region; meanwhile, the cross-modal model training service described herein may refer to a model training service for performing multi-party combination, where a model trained by the model training service may include a convolutional neural network model, a cyclic neural network model, a deep neural network model, a decision tree model, and the like, and may be selected according to actual needs in an actual application process, which is not limited in this example.
In an example embodiment, decrypting the service processing request to obtain the service to be processed included in the service processing request may be implemented as follows: firstly, according to a first terminal identifier of the first user terminal, a first key required for decrypting the service processing request is obtained; and secondly, decrypting the service processing request by using the first key to obtain the service to be processed included in the service processing request. That is, the first key corresponding to the first user terminal may be matched based on the first terminal identifier, and then the service to be processed may be obtained by decrypting the first key. The service processing request is decrypted through the first secret key by adopting a symmetric encryption algorithm, and the method can reduce the complexity in the decryption process; meanwhile, the first secret key is obtained by adopting an asymmetric encryption algorithm, so that the security of the system can be ensured by adopting the symmetric encryption algorithm.
In step S120, a target task image and a target service data set required for executing the service to be processed are obtained, and a container task image corresponding to the service to be processed is constructed according to the target task image and the target service data.
In the present exemplary embodiment, first, a target task image and a target service data set required for executing a service to be processed are acquired; specifically, the method can be realized by the following steps: matching target task images required by executing the service to be processed from a preset private image warehouse according to the service category of the service to be processed by modifying the admission Webhook of the property, and matching target service data sets required by executing the service to be processed from a preset database; wherein the traffic class comprises a data request traffic class and/or a cross-modal model training request traffic class.
That is, in order to ensure the transparency of the original service data set held by the server to the first user during the service processing, firstly, an admission Webhook for modifying the property may be defined; then, when a service processing request sent by the first user terminal is received, an admittance Webhook with modification property is called, and then the admittance Webhook with modification property is based on, according to the service class of the service to be processed submitted by the first user terminal, a corresponding target task image and a target service data set are matched from a private image warehouse; the target task mirror image described herein refers to a task mirror image required for executing a service to be processed; when the service to be processed is a cross-mode model training service, the target task mirror image is a model training task mirror image.
In one possible example embodiment, the model training task images described above may include model training task images of different model classes in a plurality of different scenarios; for example, in a data prediction scenario, model training task images with convolutional neural network model categories, model training task images with cyclic neural network model categories, model training task images with deep neural network model categories, and model training task images with decision tree model categories may be included; for another example, in the data classification scenario, a model training task mirror image with a convolutional neural network model class, a model training task mirror image with a cyclic neural network model class, a model training task mirror image with a deep neural network model class, a model training task mirror image with a decision tree model class, and so on may also be included. In the actual application process, the corresponding task mirror image can be set according to actual needs, and the example is not particularly limited.
And secondly, constructing a container task mirror image corresponding to the service to be processed according to the target task mirror image and the target service data. Specifically, the method can be realized by the following steps: and carrying out instantiation processing on the target task image by utilizing the target service data, and arranging the instantiated target task image to obtain a container task image corresponding to the service to be processed. That is, the target business data and the target task mirror image can be instantiated based on the access Webhook with modified properties, so as to obtain the instantiated target task mirror image, and finally, the instantiated target task mirror image is arranged to obtain the container task mirror image; the instantiation processing described herein refers to applying target service data to a target task image to obtain a container task image with the same service scene as the service to be processed, thereby obtaining a corresponding service processing result.
It should be noted that, because the location information of the target service data and the data content of the target service data only exist in the private machine room of the server, and the generation of the container task image is realized based on the access Webhook of the modification property defined by the server, further, the malicious user cannot obtain the location information of the target service data and the data content of the target service data by snooping the corresponding task orchestration instruction, so that the security of the service data can be further improved.
In step S130, the container task mirroring is executed to obtain a service processing result corresponding to the service to be processed, and the service processing result is fed back to the first user side.
In this exemplary embodiment, first, the container task mirroring is performed to obtain a service processing result corresponding to the service to be processed. Specifically, the method can be realized by the following steps: firstly, selecting a target container required for executing the container task mirror image from a preset container group, and executing the container task mirror image in the target container to obtain a task execution container; and secondly, starting and executing the executable mirror image included in the task execution container to obtain a service processing result corresponding to the service to be processed. The task execution method comprises the steps of selecting a target container required for executing the container task mirror image from a preset container group, and executing the container task mirror image in the target container to obtain a task execution container, wherein the task execution container can be realized in the following manner: first, a container group consisting of a plurality of independent sub-containers is configured in a container coding engine; wherein the independent sub-containers included in the container group include a plurality of containers of different types, such as a data service processing container, a model training container, and the like, and of course, other containers, such as a test container, and the like, which is not particularly limited in this example; selecting a target container required for executing a container task mirror image from the container group according to the service class of the service to be processed, and executing the container task mirror image in the target container to obtain the task execution container; secondly, after the task execution container is obtained, an executable mirror image included in the task execution container can be started and executed to obtain a service processing result corresponding to the service to be processed, and the service processing result is encrypted and then fed back to the first user side; after the first user receives the service processing result, the service execution result can be displayed by decrypting the first key. And deleting the executable image in the task execution container when the executable image included in the task execution container is determined to be executed. By the method, the container can be recycled, the purpose of recycling resources when the resources are used up and used down is achieved, and the hardware cost is greatly reduced.
In one possible example embodiment, the task execution results described herein may include a first task execution result corresponding to a data request service and a second task execution result corresponding to a cross-modal model training service; wherein the first task execution result may include, but is not limited to, a person age distribution, an economic income distribution, a person density distribution, or the like; the second task execution result may include a model after parameter update, or the like, which is not particularly limited in this example.
In an example embodiment, during the process of executing the task mirror image of the container, there may be a scenario where the user needs to view the task execution status and/or log data. Specifically, referring to fig. 5, the task execution status and/or log data may be viewed by:
step S510, in the process of executing the task mirror image of the container, receiving a task viewing request sent by a first user side, and verifying the task viewing request based on an admission Webhook with verification property;
step S520, after the task checking request is confirmed to pass verification, generating a data checking instruction corresponding to the task checking request, and executing the data checking instruction to obtain log data and a current task execution state generated in the execution process of the container task mirror image;
Step S530, feeding back the log data and the current task execution state to the first user terminal, so as to display the log data and the current task execution state through the first user terminal.
Hereinafter, step S510 to step S530 will be explained and explained. Specifically, in the process of executing the task mirror image of the container (i.e. in the training executing process or the data processing process), if the first user side (the sending side of the service processing request) initiates the task checking request, a predefined validation property admitted Webhook can be called to validate the task checking request, and after the task checking request is validated, a data checking instruction is generated; the data checking instruction can be used for limiting the first user side to only check log data generated in the executing process of the container task mirror image and the current task executing state of the container task mirror image; and then, executing the data checking instruction to acquire log data and the current task execution state, and feeding back the log data and the current task execution state to the first user side. By the method, the first user side can be prevented from invading the task, the target data set is checked or tampered, and the aim of further improving the safety of the data is achieved.
So far, the service processing method described in the exemplary embodiments of the present disclosure has been fully implemented. As can be seen from the foregoing, the service processing method according to the exemplary embodiments of the present disclosure has at least the following advantages: on one hand, according to the business processing method disclosed by the example embodiment of the present disclosure, data stored in a server side can be shared in an abstract asset manner, and a user only knows the format of the data and cannot acquire and locate the data, so that the security of the data is improved; on the other hand, the business processing method described in the exemplary embodiment of the present disclosure can ensure that the user of the data is authorized, and the authorization is valid; on the other hand, the data position and the data content are in the private machine room of the data owner in the whole sharing training period, and the machine room network cannot attack or maliciously snoop the data; further, the behavior of data operation is strictly checked and limited, and the privacy security of the data is ensured.
Exemplary apparatus
The embodiment of the disclosure also provides a service processing device. In particular, referring to fig. 6, the service processing apparatus may include a service processing request decryption module 610, a container task image construction module 620, and a container task image execution module 630. Wherein:
The service processing request decryption module 610 may be configured to receive a service processing request sent by a first user side, and decrypt the service processing request to obtain a service to be processed included in the service processing request;
the container task image construction module 620 may be configured to obtain a target task image and a target service data set required for executing the service to be processed, and construct a container task image corresponding to the service to be processed according to the target task image and the target service data;
the container task image execution module 630 may be configured to execute the container task image to obtain a service processing result corresponding to the service to be processed, and feed back the service processing result to the first user side.
In one exemplary embodiment of the present disclosure, obtaining a target task image and a target service data set required to execute the service to be processed includes:
by modifying the property of the admitted Webhook, according to the service class of the service to be processed, matching the target task image required by executing the service to be processed from a preset private image warehouse, and matching the target service number required by executing the service to be processed from a preset database
A data set;
wherein the traffic class comprises a data request traffic class and/or a cross-modal model training request traffic class.
In an exemplary embodiment of the present disclosure, the service processing apparatus further includes:
the system comprises a source code receiving module to be processed, a compiling environment deploying module and a compiling module, wherein the source code receiving module to be processed is used for receiving source codes to be processed, acquiring dependent software packages corresponding to the source codes to be processed and deploying compiling environments;
the executable image generation module is used for executing the compiling construction of the source code to be processed and the dependent software package under the deployment compiling environment and generating an executable image associated with the source code to be processed;
the current task image generation module is used for generating a container generation script according to the executable image, and executing the container generation script to obtain a current task image corresponding to the source code to be processed;
and the current task image uploading module is used for checking the identity of the sending end of the source code to be processed, and uploading the current task image to a preset private image warehouse when the identity check of the sending end of the source code to be processed is confirmed to pass.
In an exemplary embodiment of the present disclosure, constructing a container task image corresponding to the service to be processed according to the target task image and target service data includes:
And carrying out instantiation processing on the target task image by utilizing the target service data, and arranging the instantiated target task image to obtain a container task image corresponding to the service to be processed.
In an exemplary embodiment of the present disclosure, performing the container task mirroring to obtain a service processing result corresponding to the service to be processed includes:
selecting a target container required for executing the container task mirror image from a preset container group, and executing the container task mirror image in the target container to obtain a task execution container;
and starting and executing the executable mirror image included in the task execution container to obtain a service processing result corresponding to the service to be processed.
In an exemplary embodiment of the present disclosure, the service processing apparatus further includes:
the task viewing request verification module is used for receiving a task viewing request sent by a first user side in the process of executing the container task mirror image, and verifying the task viewing request based on the admission Webhook with verification property;
the data checking instruction execution module is used for generating a data checking instruction corresponding to the task checking request after the task checking request is confirmed to pass verification, and executing the data checking instruction to obtain log data and a current task execution state generated in the execution process of the container task mirror image;
And the log data feedback module is used for feeding back the log data and the current task execution state to the first user side so as to display the log data and the current task execution state through the first user side.
In an exemplary embodiment of the present disclosure, decrypting the service processing request to obtain a service to be processed included in the service processing request includes:
acquiring a first key required for decrypting the service processing request according to a first terminal identifier of the first user terminal;
and decrypting the service processing request by using the first key to obtain the service to be processed included in the service processing request.
In an exemplary embodiment of the present disclosure, the service processing apparatus further includes:
the first key generation module is used for receiving a first random number sent by a first user terminal and generating a first key according to the first random number;
and the first key storage module is used for carrying out association storage on the first key and a first terminal identifier of the first user terminal, and sending the first key to the first user terminal so that the first user terminal encrypts a service processing request according to the first key.
In an exemplary embodiment of the present disclosure, receiving a first random number sent by a first user terminal includes:
receiving a first client certificate and a first client public key sent by a first user side, and sending a server certificate and a server public key to the first user side;
the first client certificate and the first client public key are sent to a certificate authority, and a first verification result obtained after the certificate authority verifies the validity of the first client certificate and the first client public key is received;
when the first verification result is determined to be that the first client certificate and the first client public key are legal, receiving a first random number sent by the first client; the first random number is sent when the first client confirms that both the server side certificate and the server side public key are legal.
In one exemplary embodiment of the present disclosure, the pending traffic includes a data request traffic and/or a cross-modality model training traffic.
The specific details of each module in the above service device are described in detail in the corresponding service processing method, so that the details are not repeated here.
Exemplary storage Medium
Having described the service processing method and the service processing apparatus of the exemplary embodiment of the present disclosure, next, a storage medium of the exemplary embodiment of the present disclosure will be described with reference to fig. 7.
Referring to fig. 7, a program product 700 for implementing the above-described method according to an embodiment of the present disclosure is described, which may employ a portable compact disc read-only memory (CD-ROM) and include program code, and may be run on a terminal device, such as a personal computer. However, the present disclosure
The program product is not limited thereto.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable signal medium may include a data signal propagated in baseband or as part of a carrier wave with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. The readable signal medium may also be any readable medium other than a readable storage medium.
Program code for carrying out operations of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the context of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN).
Exemplary electronic device
Having described the storage medium of the exemplary embodiments of the present disclosure, next, an electronic device of the exemplary embodiments of the present disclosure will be described with reference to the drawings.
Having described the storage medium of the exemplary embodiments of the present disclosure, next, an electronic device of the exemplary embodiments of the present disclosure will be described with reference to fig. 7.
The electronic device 800 shown in fig. 8 is merely an example and should not be construed to limit the functionality and scope of use of embodiments of the present disclosure in any way.
As shown in fig. 8, the electronic device 800 is embodied in the form of a general purpose computing device. Components of electronic device 800 may include, but are not limited to: the at least one processing unit 810, the at least one storage unit 820, a bus 830 connecting the different system components (including the storage unit 820 and the processing unit 810), and a display unit 840.
Wherein the storage unit 820 stores program code that is executable by the processing unit 810 such that the processing unit 810 performs steps according to various exemplary embodiments of the present disclosure described in the above section of the present specification. For example, the processing unit 810 may perform steps S110-S130 as shown in fig. 1.
The storage unit 820 may include volatile storage units such as a Random Access Memory (RAM) 8201 and/or a cache memory 8202, and may further include a Read Only Memory (ROM) 8203.
It should be noted that while several modules or sub-modules of a pop-up processing device are mentioned in the above detailed description, such a division is merely exemplary and not mandatory. Indeed, the features and functionality of two or more units/modules described above may be embodied in one unit/module in accordance with embodiments of the present disclosure. Conversely, the features and functions of one unit/module described above may be further divided into ones that are embodied by a plurality of units/modules.
It should be noted that although several units/modules or sub-units/modules of the apparatus are mentioned in the above detailed description, this division is merely exemplary and not mandatory. Indeed, the features and functionality of two or more units/modules described above may be embodied in one unit/module in accordance with embodiments of the present disclosure. Conversely, the features and functions of one unit/module described above may be further divided into ones that are embodied by a plurality of units/modules.
Furthermore, although the operations of the methods of the present disclosure are depicted in the drawings in a particular order, this is not required to or suggested that these operations must be performed in this particular order or that all of the illustrated operations must be performed in order to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform.
While the spirit and principles of the present disclosure have been described with reference to several particular embodiments, it is to be understood that this disclosure is not limited to the particular embodiments disclosed nor does it imply that features in these aspects are not to be combined to benefit from this division, which is done for convenience of description only. The disclosure is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
Claims (10)
1. A business processing method, comprising:
receiving a service processing request sent by a first user terminal, and decrypting the service processing request to obtain a service to be processed included in the service processing request;
acquiring a target task image and a target service data set required by executing the service to be processed, and constructing a container task image corresponding to the service to be processed according to the target task image and the target service data;
and executing the container task mirror image to obtain a service processing result corresponding to the service to be processed, and feeding back the service processing result to the first user side.
2. The service processing method according to claim 1, wherein acquiring a target task image and a target service data set required for executing the service to be processed, comprises:
Matching target task images required by executing the service to be processed from a preset private image warehouse according to the service category of the service to be processed by modifying the admission Webhook of the property, and matching target service data sets required by executing the service to be processed from a preset database;
wherein the traffic class comprises a data request traffic class and/or a cross-modal model training request traffic class.
3. The service processing method according to claim 2, wherein the service processing method further comprises:
receiving a source code to be processed, and acquiring a dependent software package and a deployment compiling environment corresponding to the source code to be processed;
executing the compiling construction of the source code to be processed and the dependent software package under the deployment compiling environment, and generating an executable image associated with the source code to be processed;
generating a container generation script according to the executable image, and executing the container generation script to obtain a current task image corresponding to the source code to be processed;
and verifying the identity of the sending end of the source code to be processed, and uploading the current task image to a preset private image warehouse when the identity verification of the sending end of the source code to be processed is confirmed to pass.
4. The service processing method according to claim 1, wherein constructing a container task image corresponding to the service to be processed according to the target task image and target service data comprises:
and carrying out instantiation processing on the target task image by utilizing the target service data, and arranging the instantiated target task image to obtain a container task image corresponding to the service to be processed.
5. The service processing method according to claim 1, wherein executing the container task image to obtain a service processing result corresponding to the service to be processed includes:
selecting a target container required for executing the container task mirror image from a preset container group, and executing the container task mirror image in the target container to obtain a task execution container;
and starting and executing the executable mirror image included in the task execution container to obtain a service processing result corresponding to the service to be processed.
6. The service processing method according to claim 1, wherein the service processing method further comprises:
in the process of executing the task mirror image of the container, receiving a task viewing request sent by a first user side, and verifying the task viewing request based on an admission Webhook with verification property;
After the task checking request is confirmed to pass verification, generating a data checking instruction corresponding to the task checking request, and executing the data checking instruction to obtain log data generated in the executing process of the container task mirror image and the current task executing state;
and feeding back the log data and the current task execution state to the first user side so as to display the log data and the current task execution state through the first user side.
7. The service processing method according to claim 1, wherein decrypting the service processing request to obtain the service to be processed included in the service processing request includes:
acquiring a first key required for decrypting the service processing request according to a first terminal identifier of the first user terminal;
and decrypting the service processing request by using the first key to obtain the service to be processed included in the service processing request.
8. A traffic processing apparatus comprising:
the service processing request decryption module is used for receiving a service processing request sent by a first user terminal, decrypting the service processing request and obtaining a service to be processed included in the service processing request;
The container task mirror image construction module is used for acquiring a target task mirror image and a target service data set required by executing the service to be processed, and constructing a container task mirror image corresponding to the service to be processed according to the target task mirror image and the target service data;
and the container task mirror image execution module is used for executing the container task mirror image to obtain a service processing result corresponding to the service to be processed, and feeding back the service processing result to the first user side.
9. A computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the service processing method of any of claims 1-7.
10. An electronic device, comprising:
a processor; and
a memory for storing executable instructions of the processor;
wherein the processor is configured to perform the traffic processing method of any of claims 1-7 via execution of the executable instructions.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310211421.8A CN116301890A (en) | 2023-02-24 | 2023-02-24 | Service processing method and device, computer readable storage medium and electronic equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310211421.8A CN116301890A (en) | 2023-02-24 | 2023-02-24 | Service processing method and device, computer readable storage medium and electronic equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN116301890A true CN116301890A (en) | 2023-06-23 |
Family
ID=86812603
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310211421.8A Pending CN116301890A (en) | 2023-02-24 | 2023-02-24 | Service processing method and device, computer readable storage medium and electronic equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116301890A (en) |
-
2023
- 2023-02-24 CN CN202310211421.8A patent/CN116301890A/en active Pending
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2021000337A1 (en) | System and method for mapping decentralized identifiers to real-world entities | |
US20210319132A1 (en) | Methods and Devices For Managing User Identity Authentication Data | |
CN109274652B (en) | Identity information verification system, method and device and computer storage medium | |
CN111277573B (en) | Resource locator with key | |
CN104520805B (en) | According to the security application ecosystem with key and data exchange of company information control strategy | |
US20140282840A1 (en) | Managing data handling policies | |
US9100171B1 (en) | Computer-implemented forum for enabling secure exchange of information | |
CN111355726B (en) | Identity authorization login method and device, electronic equipment and storage medium | |
CN105027096A (en) | Securing results of privileged computing operations | |
CN103051600A (en) | File access control method and system | |
CN110708162B (en) | Resource acquisition method and device, computer readable medium and electronic equipment | |
US10990692B2 (en) | Managing data handling policies | |
CN112182635B (en) | Method, device, equipment and medium for realizing joint modeling | |
JP7223067B2 (en) | Methods, apparatus, electronics, computer readable storage media and computer programs for processing user requests | |
CN111600900A (en) | Single sign-on method, server and system based on block chain | |
CN114240347A (en) | Business service secure docking method and device, computer equipment and storage medium | |
CN112261002B (en) | Data interface docking method and device | |
US11888997B1 (en) | Certificate manager | |
CN112994882B (en) | Authentication method, device, medium and equipment based on block chain | |
CN112583816B (en) | Login verification method, login verification device, electronic equipment and storage medium | |
KR102211033B1 (en) | Agency service system for accredited certification procedures | |
CN116301890A (en) | Service processing method and device, computer readable storage medium and electronic equipment | |
CN115935379A (en) | Service processing method, device, equipment and computer readable storage medium | |
CN112767142A (en) | Processing method, device, computing equipment and medium for transaction file | |
US20140282838A1 (en) | Managing data handling policies |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |