Detailed Description
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only partial embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It should be understood that the data so used may be interchanged under appropriate circumstances such that embodiments of the application described herein may be implemented in sequences other than those illustrated or described herein. Moreover, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
First, some terms or terms appearing in the description of the embodiments of the present application are applicable to the following explanations:
TDE: the method is used for providing protection for the whole database, and after the TDE encryption is opened for the database, the method is completely transparent for the application program connected to the selected database, and does not need to make any changes to the existing application program. Once open, pages are encrypted before they are written to disk and decrypted before being read to memory.
The basic data type: including types underlying user-visible types (e.g., int, double, char, text, etc. types), each inheriting an underlying data type.
Hook function: the method comprises an encryption and decryption function, and realizes encryption and decryption operations on the whole database by setting a hook and calling.
Example 1
In the prior art, a data storage method can only encrypt a data page, and the encryption granularity is too large, so that the system performance is greatly influenced.
In view of the foregoing problems, embodiments of the present application provide a data storage method, which may obtain a second data set from a first data set that needs to be stored, encrypt only the second data set without encrypting the entire first data set, and store the encrypted second data set and data in the first data set, except for the second data set, in a database, so as to reduce encryption granularity and reduce the influence on system performance.
In order to achieve the above object, a transparent data encryption TDE process in a database system in a shopping payment scenario is taken as an example to describe in detail the technical solution adopted in this embodiment. As shown in fig. 1, the data storage method provided in this embodiment may include the following processing steps:
Step S102, a second data set to be encrypted is obtained from the first data set to be written into the preset storage area.
Alternatively, in a shopping payment scenario, data such as order information (including an order number, order time, commodity information, address information, logistics information, and the like), user account information (including a user name, a password, and the like), amount information (a user balance, and the like) and the like may be stored in the database system, but for a user, not all information is sensitive information, only the user account information, the amount information, and the like are sensitive information, and in order to reduce the influence on the system performance, only the sensitive information such as the user account information, the amount information, and the like may be encrypted.
Specifically, the preset storage area may include a storage area in a database system for storing a first data set, and the second data set may include data to be encrypted, which is preset by a user in the first data set, and may include: a single data form or a single column of data.
In an optional scheme, a second data set that needs to be encrypted may be obtained from a first data set that needs to be stored in a database according to a user requirement, for example, the first data set that needs to be stored in the database includes information such as an order number, commodity information, a user balance, a user name, a password, and sensitive information such as a user balance, a user name, a password, and the like may be obtained from the first data set according to a user requirement, so as to obtain the second data set.
Step S104, the initial data type of each data contained in the second data set is obtained.
Specifically, the initial data type may include a data type of each data source above the basic data type, for example, the initial data type of the user name may be a str type, the initial data type of the password may be a text type, and the initial data type of the user balance may be a double type.
In an optional scheme, after a second data set containing user sensitive information is obtained from a first data set according to a user requirement, an initial data type of each data contained in the second data set may be obtained, that is, an initial data type of a user balance, a password, and a user name may be obtained: double, text, and str types.
And step S106, uniformly converting the initial data type of each data into a preset data type, and calling a preset encryption function to encrypt the second data set.
Specifically, the preset data type may include a binary format type, and may be compatible with a user-visible type (e.g., int, double, char, text, etc.); the preset encryption function may include a hook function, such as a TDE encryption/decryption algorithm.
In an optional scheme, as shown in fig. 2, if the types of the data included in the second data set are int, double, char, and text types, the base data types (including the above four data types) may be converted in the database, and the data types are converted into binary format types, and at the same time, a hook function is called to perform TDE encryption processing on the second data set, so as to obtain encrypted data of the user balance, the password, the user name, and the like.
Step S108, storing the unencrypted remaining data in the first data set and the encrypted second data set to a preset storage area.
In an optional scheme, the encrypted data of the user balance, the password, the user name and the like, and the unencrypted data of the order number, the commodity information and the like can be stored in the database system.
Step S110, reading the unencrypted residual data and the encrypted second data set from the preset storage area.
In an alternative scheme, when the user needs to read the first data set from the database system, the encrypted data of the user balance, the password, the user name and the like, and the unencrypted data of the order number, the commodity information and the like may be first read from a preset storage area in the database system.
Step S112, converting the preset data type of each data included in the encrypted second data set into the initial data type of each data, and calling a preset decryption function to decrypt the encrypted second data set.
In an optional scheme, as shown in fig. 3, after reading the unencrypted remaining data and the encrypted second data set from the database system, the binary format type may be converted in the database, and while converting the binary format type into int, double, char, and text types, a hook function may be invoked to perform TDE decryption processing on the encrypted second data set, so as to obtain data such as a user balance, a password, and a user name.
And step S114, restoring the unencrypted residual data and the second data set into a first data set.
In an optional scheme, data such as a user balance, a password, a user name, and the like, and unencrypted data such as an order number, commodity information, and the like may be merged to obtain a first data set.
It should be noted that the hook function may also be replaced by another function, for example, replacing the TDE encryption/decryption algorithm with another encryption/decryption algorithm.
Through the scheme, the encryption and decryption processing can be performed on the second data set in the first data set, the encryption granularity is reduced, the influence on the system performance is reduced, moreover, the hook function is added for encryption and decryption operation while the basic data type is subjected to data conversion, the encrypted data can be completely and transparently accessed to the application program, meanwhile, the operational characters supported by the original data type are supported, the functions of the original data type are not influenced, and the functions comprise functions of data arrangement, operation and the like.
Example 2
There is also provided, in accordance with an embodiment of the present application, an embodiment of a method of storing data, it being noted that the steps illustrated in the flowchart of the figure may be performed in a computer system such as a set of computer-executable instructions and that, although a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in an order different than here.
The method provided by the first embodiment of the present application may be executed in a mobile terminal, a computer terminal, or a similar computing device. Fig. 4 is a block diagram of a hardware structure of a computer terminal for implementing a data storage method according to an embodiment of the present application. As shown in fig. 4, the computer terminal 40 may include one or more (shown as 402a, 402b, … …, 402 n) processors 402 (the processors 402 may include, but are not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA, etc.), a memory 404 for storing data, and a transmission device 406 for communication functions. Besides, the method can also comprise the following steps: a display, an input/output interface (I/O interface), a Universal Serial Bus (USB) port (which may be included as one of the ports of the I/O interface), a network interface, a power source, and/or a camera. It will be understood by those skilled in the art that the structure shown in fig. 4 is only an illustration and is not intended to limit the structure of the electronic device. For example, the computer terminal 40 may also include more or fewer components than shown in FIG. 4, or have a different configuration than shown in FIG. 4.
It should be noted that the one or more processors 402 and/or other data processing circuitry described above may be referred to generally herein as "data processing circuitry". The data processing circuitry may be embodied in whole or in part in software, hardware, firmware, or any combination thereof. Further, the data processing circuit may be a single stand-alone processing module, or incorporated in whole or in part into any of the other elements in the computer terminal 40. As referred to in the embodiments of the present application, the data processing circuit acts as a processor control (e.g., selection of a variable resistance termination path to interface with).
The memory 404 may be used to store software programs and modules of application software, such as program instructions/data storage devices corresponding to the data storage method in the embodiment of the present application, and the processor 402 executes various functional applications and data processing by operating the software programs and modules stored in the memory 404, that is, implementing the data storage method described above. The memory 404 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 404 may further include memory located remotely from the processor 402, which may be connected to the computer terminal 40 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission device 406 is used for receiving or sending data via a network. Specific examples of the network described above may include a wireless network provided by a communication provider of the computer terminal 40. In one example, the transmission device 406 includes a Network adapter (NIC) that can be connected to other Network devices through a base station to communicate with the internet. In one example, the transmission device 406 may be a Radio Frequency (RF) module, which is used for communicating with the internet in a wireless manner.
The display may be, for example, a touch screen type Liquid Crystal Display (LCD) that may enable a user to interact with the user interface of the computer terminal 40.
It should be noted here that in some alternative embodiments, the computer device shown in fig. 4 may include hardware elements (including circuitry), software elements (including computer code stored on a computer-readable medium), or a combination of both hardware and software elements. It should be noted that FIG. 4 is only one example of a particular specific example and is intended to illustrate the types of components that may be present in the computer device described above.
Under the above operating environment, the present application provides a method for storing data as shown in fig. 5. Fig. 5 is a flowchart of a data storage method according to an embodiment of the present application, and as shown in fig. 5, the method may include the following processing steps:
step S502, a second data set to be encrypted is obtained from the first data set to be written into the preset storage area.
Step S504, performs encryption processing on the second data set.
Alternatively, this step may be achieved by, but is not limited to: acquiring an initial data type of each data contained in the second data set; and uniformly converting the initial data type of each data into a preset data type, and calling a preset encryption function to encrypt the second data set.
Step S506, storing the unencrypted remaining data in the first data set and the encrypted second data set to a preset storage area.
Optionally, after storing the unencrypted remaining data and the encrypted second data set in the preset storage area, the method may further include the following processing steps: reading the unencrypted residual data and the encrypted second data set from a preset storage area; carrying out decryption processing on the encrypted second data set; and restoring the first data set by using the unencrypted residual data and the second data set.
Optionally, the decryption process on the encrypted second data set may include, but is not limited to, the following process steps: and converting the preset data types of all the data in the encrypted second data set into the initial data type of each data, and calling a preset decryption function to decrypt the encrypted second data set.
Optionally, the method provided by this embodiment may be applied to a Transparent Data Encryption (TDE) process in a database system, but is not limited thereto.
It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present application is not limited by the order of acts described, as some steps may occur in other orders or concurrently depending on the application. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required in this application.
Through the above description of the embodiments, those skilled in the art can clearly understand that the method according to the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but the former is a better implementation mode in many cases. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present application.
Example 3
According to an embodiment of the present application, there is also provided a data storage device for implementing the above data storage method, as shown in fig. 6, the data storage device 600 includes: an acquisition module 602, an encryption module 604, and a storage module 606.
The obtaining module 602 is configured to obtain a second data set to be encrypted from a first data set to be written in a preset storage area.
The encryption module 604 is configured to perform encryption processing on the second data set.
Alternatively, as shown in fig. 6, the module may include the following units, but is not limited thereto: an obtaining unit 608 and an encrypting unit 610, wherein the obtaining unit 608 is configured to obtain an initial data type of each data included in the second data set; the encryption unit 610 is configured to uniformly convert the initial data type of each data into a preset data type, and call a preset encryption function to perform encryption processing on the second data set.
The storage module 606 is configured to store the unencrypted remaining data in the first data set and the encrypted second data set in a preset storage area.
It should be noted here that the obtaining module 602, the encrypting module 604 and the storing module 606 correspond to steps S502 to S506 in embodiment 2, and the three modules are the same as the corresponding steps in the implementation example and application scenario, but are not limited to the disclosure in embodiment 1. It should be noted that the above modules may be operated in the computer terminal 40 provided in embodiment 1 as a part of the apparatus.
Optionally, as shown in fig. 6, the data storage device 600 further includes: a read module 612, a decryption module 614, and a restore module 616.
The reading module 612 is configured to read the unencrypted remaining data and the encrypted second data set from the preset storage area; the decryption module 614 is configured to decrypt the encrypted second data set; the restoring module 616 is configured to restore the first data set using the unencrypted remaining data and the second data set.
Optionally, the decryption module 614 is further configured to convert the preset data type of all data in the encrypted second data set into the initial data type of each data, and call a preset decryption function to perform decryption processing on the encrypted second data set.
Example 4
There is also provided, in accordance with an embodiment of the present application, an embodiment of a method of processing data, to note that the steps illustrated in the flowchart of the figure may be performed in a computer system such as a set of computer-executable instructions, and that while a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in an order different than here.
Fig. 7 is a flowchart of a data processing method according to an embodiment of the present application, and as shown in fig. 7, the method may include the following processing steps:
Step S702, obtain first data to be encrypted.
Optionally, in a shopping payment scenario, data such as order information (including an order number, order time, commodity information, address information, logistics information, and the like), user account information (including a user name, a password, and the like), amount information (a user balance, and the like) and the like may be stored in the database system, and in order to ensure data security, data stored in the database system may be encrypted.
Specifically, the first data to be encrypted may be included in different scenarios, and the user needs data stored in the database system.
In step S704, second data is extracted from the first data.
Optionally, in a shopping payment scenario, not all information is sensitive information for a user, but only user account information, amount information, and the like are sensitive information, and in order to reduce the influence on system performance, only the sensitive information such as the user account information, the amount information, and the like may be encrypted.
Specifically, the second data may include data that needs to be encrypted and is preset by the user in the first data, for example, sensitive information such as user account information and money amount information may include: a single data form or a single column of data.
Step S706, performs encryption processing on the second data.
In step S708, the unencrypted data and the encrypted second data in the first data are combined into third data.
In an optional scheme, according to a user requirement, second data containing user sensitive information may be extracted from first data to be encrypted, TDE encryption processing may be performed only on the second data to obtain encrypted second data, the entire first data is not encrypted any more, and remaining unencrypted data in the first data and the encrypted second data are combined into third data, and further the third data may be stored in a database, thereby reducing an influence on system performance.
In the embodiment of the application, the mode of extracting the second data from the first data to be encrypted and encrypting the second data is adopted, and only the second data in the first data to be encrypted is encrypted without encrypting the first data to be encrypted, so that the effects of reducing the encryption granularity and reducing the influence on the system performance are achieved.
Example 5
There is also provided, in accordance with an embodiment of the present application, an embodiment of a method for reading data, it being noted that the steps illustrated in the flowchart of the drawings may be performed in a computer system such as a set of computer-executable instructions and that, although a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in an order different than that presented herein.
Fig. 8 is a flowchart of a data reading method according to an embodiment of the present application, and as shown in fig. 8, the method may include the following processing steps:
in step S802, an unencrypted first data set and an encrypted second data set are read from a preset storage area.
Alternatively, in a shopping payment scenario, data such as order information (including an order number, order time, commodity information, address information, logistics information, and the like), user account information (including a user name, a password, and the like), amount information (a user balance, and the like) and the like may be stored in the database system, but for a user, not all information is sensitive information, only the user account information, the amount information, and the like are sensitive information, and in order to reduce the influence on the system performance, only the sensitive information such as the user account information, the amount information, and the like may be encrypted.
Specifically, the preset storage area may include a storage area in the database system for storing an unencrypted first data set and an encrypted second data set, where the second data set may include data that needs to be encrypted and is preset by a user, and the method may include: a single data form or single column of data, for example, in a shopping payment scenario, the second set of data may include: the first data set may include other data that needs to be stored in a preset storage area but needs to be encrypted, for example, in a shopping payment scenario, the first data set may include data such as order information other than the sensitive information.
In an alternative scheme, when data stored in the database is read, an encrypted second data set, for example, encrypted data of a user balance, a password, and a user name, and an unencrypted first data set, for example, unencrypted data of an order number, commodity information, and the like, may be read from a preset storage area in the database system.
Step S804, performing decryption processing on the encrypted second data set to obtain a second data set.
Alternatively, this step may be implemented by, but is not limited to: converting the preset data type of all the data in the encrypted second data set into the initial data type of each data; and calling a preset decryption function to decrypt the encrypted second data set to obtain the second data set.
Specifically, the preset data type may include a binary format type, and may be compatible with a user-visible type (e.g., int, double, char, text, etc.); the initial data type may include a data type of each data source above the basic data type, for example, the initial data type of the user name may be a str type, the initial data type of the password may be a text type, and the initial data type of the user balance may be a double type; the predetermined decryption function may include a hook function, such as TDE encryption and decryption algorithm.
In an optional scheme, after reading an unencrypted first data set and an encrypted second data set from a database system, a binary format type may be converted in the database, and while the binary format type is converted into int, double, char, and text types, a hook function may be called to perform TDE decryption processing on the encrypted second data set to obtain a second data set, for example, data such as a user balance, a password, and a user name may be obtained.
Step S806 combines the unencrypted first data set and second data set into a third data set.
In an alternative scheme, the unencrypted first data set and the unencrypted second data set may be combined to obtain a third data set, for example, data such as a user balance, a password, a user name, and unencrypted data such as an order number and commodity information may be combined to obtain the third data set.
It should be noted that the hook function described above may also be replaced by other functions, for example, replacing the TDE encryption/decryption algorithm with other encryption/decryption algorithms.
In the embodiment of the present application, a way of decrypting the encrypted second data set and combining the second data set and the unencrypted first data set to obtain the third data set is adopted, and since the second data set is encrypted and the first data set is unencrypted, only the encrypted second data set needs to be decrypted, so that the effects of reducing the decryption granularity and reducing the influence on the system performance are achieved.
Example 6
The embodiment of the application can provide a computer terminal which can be any computer terminal device in a computer terminal group. Optionally, in this embodiment, the computer terminal may also be replaced with a terminal device such as a mobile terminal.
Optionally, in this embodiment, the computer terminal may be located in at least one network device of a plurality of network devices of a computer network.
In this embodiment, the computer terminal may execute the program code of the following steps in the data storage method: acquiring a second data set to be encrypted from a first data set to be written into a preset storage area; encrypting the second data set; and storing the unencrypted residual data in the first data set and the encrypted second data set in a preset storage area.
Optionally, fig. 9 is a block diagram of a computer terminal according to an embodiment of the present application. As shown in fig. 9, the computer terminal 900 may include: one or more processors 902 (only one shown), a memory 904, and a transmitting device 906.
The memory 904 can be used for storing software programs and modules, such as program instructions/modules corresponding to the data storage method and apparatus in the embodiment of the present application, and the processor 902 executes various functional applications and data processing by running the software programs and modules stored in the memory, that is, implementing the data storage method described above. The memory 904 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memories may further include a memory located remotely from the processor, which may be connected to the terminal 900 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The processor 902 may invoke the memory-stored information and applications via the transmission means to perform the following steps: acquiring a second data set to be encrypted from the first data set to be written into a preset storage area; encrypting the second data set; and storing the unencrypted residual data in the first data set and the encrypted second data set to a preset storage area.
Optionally, the processor 902 may further execute the following steps: acquiring an initial data type of each data contained in the second data set; and uniformly converting the initial data type of each data into a preset data type, and calling a preset encryption function to encrypt the second data set.
Optionally, the processor 902 may further execute the following steps: after the unencrypted residual data and the encrypted second data set are stored in the preset storage area, reading the unencrypted residual data and the encrypted second data set from the preset storage area; carrying out decryption processing on the encrypted second data set; and restoring the first data set by using the unencrypted residual data and the second data set.
Optionally, the processor 902 may further execute program codes of the following steps: and converting the preset data types of all the data in the encrypted second data set into the initial data type of each data, and calling a preset decryption function to decrypt the encrypted second data set.
By adopting the embodiment of the application, a scheme for storing data is provided. The method comprises the steps of obtaining a second data set from a first data set, encrypting the second data set, and storing the unencrypted residual data and the encrypted second data set to a preset storage area, so that the aim of transparently storing the data is fulfilled, and the technical problems that the encryption granularity of a data storage method in the prior art is large and the system performance is influenced are solved.
It can be understood by those skilled in the art that the structure shown in fig. 9 is only an illustration, and the computer terminal may also be a terminal device such as a smart phone (e.g., an Android phone, an iOS phone, etc.), a tablet computer, a palmtop computer, a Mobile Internet Device (MID), a PAD, and the like. Fig. 9 is a diagram illustrating a structure of the electronic device. For example, the computer terminal a may also include more or fewer components (e.g., network interfaces, display devices, etc.) than shown in fig. 9, or have a different configuration than shown in fig. 9.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by a program instructing hardware associated with the terminal device, where the program may be stored in a computer-readable storage medium, and the storage medium may include: flash disks, Read-Only memories (ROMs), Random Access Memories (RAMs), magnetic or optical disks, and the like.
Example 7
Embodiments of the present application also provide a storage medium. Optionally, in this embodiment, the storage medium may be configured to store a program code executed by the data storage method provided in the first embodiment.
Optionally, in this embodiment, the storage medium may be located in any one of computer terminals in a computer terminal group in a computer network, or in any one of mobile terminals in a mobile terminal group.
Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps: acquiring a second data set to be encrypted from a first data set to be written into a preset storage area; encrypting the second data set; and storing the unencrypted residual data in the first data set and the encrypted second data set in a preset storage area.
Example 8
An embodiment of the present application further provides a system for implementing the above data storage method, including:
a processor; and
a memory coupled to the processor for providing instructions to the processor to perform the following processes:
acquiring a second data set to be encrypted from a first data set to be written into a preset storage area;
encrypting the second data set;
and storing the unencrypted residual data in the first data set and the encrypted second data set in a preset storage area.
The above-mentioned serial numbers of the embodiments of the present application are merely for description and do not represent the merits of the embodiments.
In the above embodiments of the present application, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed technology can be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one type of division of logical functions, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
The foregoing is only a preferred embodiment of the present application and it should be noted that those skilled in the art can make several improvements and modifications without departing from the principle of the present application, and these improvements and modifications should also be considered as the protection scope of the present application.