Embodiment
For making the object of the embodiment of the present invention, technical scheme and advantage clearly, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
Fig. 1 is the structural representation of a kind of application centralized management system based on LSM base in the embodiment of the present invention.This system adopts LSM mechanism, construct one based on Linux platform, the platform of the multinomial business that can support same application technology, wherein, application technology is such as sms technique, and multinomial business is such as the virus scan business and rubbish filtering business etc. that perform for sms technique.Particularly, need to realize the interface that in the registration structure security_operations of LSM mechanism, business is relevant, the definition of this concrete structure can with reference to the linux version source code of correspondence (this linux version source code be the state of the art).
As shown in Figure 1, this system comprises three parts, and a part is the tactful configuration module for obtaining application management strategy; A part is the hard core control module that the data interception for realizing bottom is analyzed, some is for two execution modules of upper layer application process and displaying (in the present embodiment, be introduced for two execution modules, be respectively the first execution module and the second execution module).Strategy configuration module and hard core control model calling, and between hard core control module with each execution module, adopt exclusive communication path to be connected.Introduce the course of work of this system below:
Strategy configuration module, for obtaining application management strategy and described application management strategy being sent to described hard core control module; Wherein, described application management strategy comprises at least one application data processing instruction;
Hard core control module, for receiving the application data from LSM, and receiving the described application management strategy from described tactful configuration module, according to described application management strategy, the described application data received being sent to the first execution module;
First execution module, for receiving the application data that described hard core control module sends, and performs the application process corresponding with described application data processing instruction to described application data; Application data after process is sent to described hard core control module, sends to the second execution module to process the application data after described process to make described hard core control module;
Second execution module, for receiving the application data after described process that described hard core control module sends, and performs the application process corresponding with the application data processing instruction after described process to the application data after described process.
Such as: the first execution module is filtering junk short messages module, the second execution module is SMS encryption module, and the application management strategy in tactful configuration module is the note data from LSM, first carries out rubbish filtering process, then is encrypted.Hard core control module receives the note data from LSM, and the application management strategy received from described tactful configuration module, according to this application management strategy, the note data of reception is sent to the first execution module and carries out rubbish filtering process, after first execution module has carried out rubbish filtering process to note data, note data after process is sent to hard core control module, hard core control module is again according to application management strategy, note data after the rubbish filtering process of reception is sent to the second execution module, is encrypted.
After second execution module is encrypted the note data after rubbish filtering process, can be ended process flow process, also according to other application management strategy, the data after encryption can be sent to other execution module, correspondingly, also comprise multiple execution module, to perform corresponding process, comprise multiple execution module as shown in Figure 2, Fig. 2 is the another kind of structural representation based on the application centralized management system of LSM base in the embodiment of the present invention.For the disposition that there is two or more execution module, similar to the above embodiments, do not repeat them here.
Application centralized management system based on LSM base according to the above embodiment of the present invention, obtain by tactful configuration module the application management strategy that comprises at least one application data processing instruction due to hard core control module and according to application management strategy application data be sent to the multiple execution modules for performing application data processing instruction, application management strategy can be dynamically arranged as required, achieving can the centralized management of applied business of multiple dynamic expansion or reduction, thus application data carries out diversified business processing as required.
Respectively tactful configuration module, hard core control module and execution module are described in detail below.
One, tactful configuration module
At the present embodiment based in the application centralized management system of LSM base, tactful configuration module is for obtaining application management strategy and described application management strategy being sent to described hard core control module; Wherein, described application management strategy comprises at least one application data processing instruction.Particularly, this tactful configuration module can receive the dynamic strategy configuration of user, and it can be realized by routine interface, also can be realized by configuration file, and strategy setting can take similar following enumeration definition to realize:
Two, hard core control module
At the present embodiment based in the application centralized management system of LSM mechanism, hard core control module is for receiving the application data from LSM, and the described application management strategy received from described tactful configuration module, and according to described application management strategy the application data of reception is sent to and processes corresponding execution module for performing with the application of described application data processing instruction, wherein, application management strategy comprises at least one application data processing instruction.Particularly, hard core control module need realize with lower interface:
Realize the interface that LSM mechanism requires; The different corresponding business interfaces realizing the requirement of LSM mechanism is had according to the difference of required process business, such as when short message service will be realized, the interface realized is needed to comprise: net_spy_inint, hook_socket_sendmsg, hook_socket_recvmsg, hook_socket_bind, hook_socket_connect and hook_socket_accept etc.Interface is when intercepting and capturing application data, application data can carry out protocol level Data Analysis, thus judge whether this application data meets the standard pre-set, such as: judge whether this application data belongs to the scope of business of this application centralized management system, and when meeting, sending this application data to execution module and waiting for result feedback; Wherein, can be set up the as required any communication path of user for sending the private communication path of application data, such as socket or registered callbacks function etc.
Application data is sent to multiple execution module according to described application management strategy by hard core control module, receives the application data after execution module process, and is forwarded to next execution module and processes, thus achieves diversified business processing.
Realize registration interface, service registry is carried out for execution module, thus when after intercepting and capturing application data, application data can be sent to registered execution module, to make execution module application data process, in hard core control module, each execution module is marked by unique corresponding application identities, such as realized by enumerated value, and the application process performed by execution module should be corresponding with the application data processing instruction included by application management strategy respectively;
Meanwhile, also can comprise and realize nullifying interface, for when no longer needing current execution module to provide service, nullify interface release execution module by this realization, from hard core control module, namely deleting the relevant information of this execution module;
Setting up socket server, for connecting with client, or realizing registered callbacks interface, carry out data transmit-receive with execution module afterwards;
Implementation strategy configuration interface, for receiving application management strategy from tactful configuration module.
Three, execution module
At the present embodiment based in the application centralized management system of LSM base, the application data that execution module sends for receiving described hard core control module, and the application process corresponding with described application data processing instruction is performed to described application data.
Particularly, relatively independent between execution module and hard core control module, and when comprising multiple execution module, separate between the plurality of execution module, communicate with hard core control module respectively, that is: receive application data from hard core control module respectively, received application data is processed accordingly and result is returned hard core control module.Can be developed by different manufacturers from multiple execution modules of hard core control model calling and realize, carry out respective analyzing and processing for concrete business, and can be completely compatible with the execution module realizing other business.
More specifically, in this application centralized management system based on LSM base, the application management strategy of answering support policy configuration module to configure with multiple execution modules of hard core control model calling, namely at least comprises the application that can be respectively used to the application data processing instruction performed included by application management strategy and processes corresponding execution module.Wherein, an execution module corresponds to an application data processing instruction.Such as when this application centralized management system is used for SMS service management and the application management strategy of configuration be to note execution virus scan module, encrypted acknowledgment, secret inspection and rubbish filtering time, then at least should comprise four execution modules, be respectively: virus scan module, Encryption Decryption module, private checking module and filtering junk short messages module.
Execution module also needs the application data after by process to return to hard core control module, sends to other execution module to carry out subsequent treatment the application data after process to make hard core control module.
Execution module also for according to application management strategy, judges whether to need the application data after described process to send to described hard core control module.
Also can be used for other arbitrary application managements according to the application centralized management system based on LSM base of above-described embodiment, such as GPRS related service is managed, correspondingly, virus scan module, traffic statistics module etc. can be comprised with multiple execution modules of hard core control model calling.
Application centralized management system based on LSM base according to the above embodiment of the present invention, obtain by tactful configuration module the application management strategy that comprises at least one application data processing instruction due to hard core control module and according to application management strategy application data be sent to the execution module for performing application data processing instruction, due to application management strategy can be dynamically arranged as required, can the centralized management of multiple applied business of dynamic expansion or reduction so achieve, thus application data carries out diversified business processing as required.
Further, at above-described embodiment based in the application centralized management system of LSM base, hard core control module comprises:
Policy unit, for receiving and storing the described application management strategy from described tactful configuration module;
Application data resolution unit, for receiving the application data from LSM, and carries out protocol analysis to received application data, if know that described application data meets preassigned through resolving, then described application data is sent to communication unit; Wherein, this preassigned can be the scope of business of this application centralized management system that user limits, such as when this application centralized management system is only for processing note data, then this preassigned for received application data be note data, now, if know that it is not note data after resolving the application data received, then subsequent treatment is not carried out to it;
Described communication unit, for being that described application data works out routed path according to described application management strategy, and to route to the execution module for performing the application process corresponding with described application data processing instruction according to routed path by described application data.
Particularly, after communication unit obtains application data from application data resolution unit, according to policy unit store application management strategy be described application data work out routed path, for note, when application management strategy comprises following four application data processing instructions: note virus scan instruction, SMS encryption confirms instruction, when note secret checks instruction and the instruction of note rubbish filtering, communication unit is by hard core control module and virus scan module, encrypted acknowledgment module, secret checking module and rubbish filtering module (virus scan module, encrypted acknowledgment module, secret checking module and rubbish filtering module are execution module) between communication interface be defined as the routed path of this application data.Such as first application data is sent to virus scan module to be carried out virus scan process by virus scan module to this application data (in this instance, application data is such as note) and virus scan result to be back to communication unit; Communication unit again this application data is sent to encrypted acknowledgment module with by encrypted acknowledgment module to its be encrypted confirmation and encrypted acknowledgment result is back to communication unit; Similarly, communication continues this application data to be sent to secret checking module and rubbish filtering module successively, thus, realize the multinomial application process same note being carried out successively to virus scan, encrypted acknowledgment, secret inspection and rubbish filtering.
Preferably, timing device is provided with in this communication unit, this timing device starts when application data is sent to execution module by communication unit, if after arrival Preset Time, when communication unit does not receive the result that execution module returns yet, then assert time-out, no longer continue to wait for, start to perform next operation (such as application data being sent to another execution module), and to the corresponding error message of user feedback.
Further, at above-described embodiment based in the application centralized management system of LSM base, hard core control module also comprises:
Registering unit, for obtaining the registration information that described execution module sends, and responding described registration information, connecting with described execution module.
Particularly, execution module needs to carry out service registry to the registering unit of hard core control module, and to set up the communication path between hard core control module and execution module, communication between the two can be adopted web socket or be realized by technology such as registered callbacks.
Further, at above-described embodiment based in the application centralized management system of LSM base, tactful configuration module comprises:
Whether Authority Verification unit, possess strategy configuration authority for checking the user of input application management strategy;
Strategy acquiring unit, for obtaining the described application management strategy of the user's input possessing described strategy configuration authority and described application management strategy being sent to described hard core control module.
According to the application centralized management system based on LSM base of above-described embodiment, owing to being provided with the Authority Verification unit for carrying out authorization check in tactful configuration module, so only have specific, to have strategy configuration authority user's (being such as system manager) can be configured the application management strategy of this application centralized management system, thus improve the security of this application centralized management system.
Fig. 3 is a kind of process flow diagram based on management method in the application sets of LSM base in the embodiment of the present invention.As shown in Figure 3, this note method for managing security comprises the following steps:
Step S100, tactful configuration module obtains application management strategy and described application management strategy is sent to described hard core control module, and described application management strategy comprises at least one application data processing instruction;
Step S200, hard core control module receives the application data from LSM, and receives the described application management strategy from described tactful configuration module, according to described application management strategy, the described application data received is sent to the first execution module.
Step S300, the first execution module receives the application data that described hard core control module sends, and performs the application process corresponding with described application data processing instruction to described application data; Application data after process is sent to described hard core control module, sends to the second execution module to process the application data after described process to make described hard core control module;
Step S400, the second execution module receives the application data after the described process of described hard core control module transmission, and performs the application process corresponding with described application data processing instruction to the application data after described process.
Realizing based on the application centralized management system based on LSM base of management method in the application sets of LSM base by above-mentioned any embodiment of above-described embodiment.
Particularly, above-described embodiment based on the application sets of LSM base in management method, in advance according to the execution module that application centralized management system has, in the tactful configuration module of application centralized management system, configure application management strategy, and by tactful configuration module, configured application management strategy is sent to hard core control module.
When hard core control module is by included interface application data, application data carries out protocol level Data Analysis, thus judge whether this application data meets the standard pre-set, whether such as this application data belongs to the scope of business that this application centralized management system manages, and when judged result is for being, according to the application management strategy formerly received, application data is sent to corresponding execution module, wherein, corresponding execution module refers to the execution module for performing the application data processing instruction included by application management strategy.
According to above-described embodiment based on management method in the application sets of LSM base, obtain by tactful configuration module the application management strategy that comprises at least one application data processing instruction due to hard core control module and according to application management strategy application data be sent to the execution module for performing the application process corresponding with application data processing instruction, due to application management strategy can be dynamically arranged as required, can the centralized management of multiple applied business of dynamic expansion or reduction so achieve, thus application data carries out diversified business processing as required.And this application data can be arbitrary application data, such as, be note or GPRS.
Further, above-described embodiment based on the application sets of LSM base in management method, hard core control module receives described application management strategy, also comprises before according to described application management strategy the application data of reception being sent to the step of the execution module for performing the application process corresponding with described application data processing instruction:
Described hard core control module obtains the registration information that described execution module sends, and connects in response to described registration information and described execution module.
Further, above-described embodiment based on the application sets of LSM base in management method, hard core control module receives described application management strategy, and the step of the execution module be sent to the application data of reception for performing the application process corresponding with described application data processing instruction according to described application management strategy comprises:
Described application management strategy is received from described tactful configuration module;
Receiving from the application data of LSM, and carry out protocol analysis to received application data, if know that described application data meets preassigned through resolving, is then that described application data works out routed path according to described application management strategy;
According to described routed path described application data routed to and process corresponding execution module for performing with the application of described application data processing instruction.
Further, above-described embodiment based on the application sets of LSM base in management method, tactful configuration module obtains application management strategy and the step described application management strategy being sent to described hard core control module comprises:
Whether the user of inspection input application management strategy possesses strategy configuration authority;
Obtain the described application management strategy of the user's input possessing described strategy configuration authority and described application management strategy is sent to described hard core control module.。
According to above-described embodiment based on management method in the application sets of LSM base, due to tactful configuration module, the user to input application management strategy carries out strategy configuration authority verification, and only obtain the described application management strategy inputted by the user of inspection, thus avoid application management strategy and be arbitrarily modified, improve the reliability and safety of management method in this application sets.
Last it is noted that above embodiment is only in order to illustrate technical scheme of the present invention, be not intended to limit; Although with reference to previous embodiment to invention has been detailed description, those of ordinary skill in the art is to be understood that: it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein portion of techniques feature; And these amendments or replacement, do not make the essence of appropriate technical solution depart from the spirit and scope of various embodiments of the present invention technical scheme.