Specific embodiment
To keep the purposes, technical schemes and advantages of the application clearer, below in conjunction with the application specific embodiment and
Technical scheme is clearly and completely described in corresponding attached drawing.Obviously, described embodiment is only the application one
Section Example, instead of all the embodiments.Based on the embodiment in the application, those of ordinary skill in the art are not doing
Every other embodiment obtained under the premise of creative work out, shall fall in the protection scope of this application.
In the prior art, interface authentication usually has following several schemes: user name password authentification, token are authenticated, are public and private
Key signature verification.But either password, token or public and private key, have greatly may leakage, once these interfaces call with
Card leakage, these interfaces can be forged by attacker and be called.Attacker can carry out interface and call puppet by very low cost
It makes.
In view of the above-mentioned problems, this specification embodiment proposes a kind of interface call method.
Method in order to propose this specification embodiment, inventor first analyze practical application scene.Certain
In application scenarios, since system is the application program for calling voucher by verifying interface to confirm current initiation interface call request
Whether legal, therefore, once interface calls voucher leakage, system just can not prevent interface from illegally being called.Because even
Illegal program, as long as it, which has effective interface, calls voucher, system will identify it for legal application program.
In above-mentioned application scenarios, calls voucher to reveal brought interface by interface and illegally call, essential reason is
Because of the self-characteristic of interface calling voucher.Interface calling voucher can be a supplementary features of application program in itself,
It is legal procedure that it, which is used to identify the application program,.That is, when application program has interface calling voucher, this is special
When feature, which is exactly legal procedure.This is allowed for, and interface calls voucher to be can be with different application combinations
, have versatility.In addition, since interface calling is not a sexual behaviour, it is that can repeat that interface, which calls voucher,
It is nonexpondable, have reusability.
Since interface calls voucher to have versatility and reusability, in theory, as long as obtaining
Voucher is called to complete interface, so that it may is combined it with any application, so that the application program can be with
Pass through legal verifying.This is allowed for, once interface calls voucher to be leaked, it is possible to it is applied to the verifying of illegal program
On, the legal procedure so that illegal program disguises oneself as.
Based on above-mentioned analysis, it in this specification embodiment, is not adopted as application program additional interface and calls voucher
It is legal procedure that method, which carrys out identification application, but is directed to each application program, and independent label application program is legal
Program.That is, being not that legal procedure is individually divided into one kind, the application program that definition has " interface calling voucher " is legal
Program, but using each legal procedure as independent individual, each legal procedure is recorded respectively.(it should be noted that
In this specification embodiment, to the format of interface without mandatory requirement, interface can provide REST service or RPC service etc..)
For example, in an application scenarios, for application program A and application program B, if application program A and application
Program B is the legal procedure of interface C, then records application program A and application program B, wishes that calling connects in certain application program
When mouth C, it is not whether the mark that judgement wishes whether the application program of calling interface B has valid application program (has and connect
Mouth calls voucher), but judgement wishes whether the application program of calling interface B is application program A or application program B, if uncommon
Hope the application program of calling interface B neither application program A is also not application program B, it is desirable that the application journey of calling interface B
Sequence is not just the legal procedure of interface C.
Further, security verified in order to improve, in one embodiment of this specification, call deployment system true by interface
Recognize legal procedure corresponding to interface.That is, being only capable of calling deployment system by interface for the legal procedure that a certain interface is registered
It is increased and decreased and/or modifies.Also, the quantity (predetermined quantity) for the legal procedure that interface is registered, and be only capable of by interface tune
Determined by deployment system.
Further, illegal to increase and decrease and/or modify in order to evade brought by interface calling deployment system is cracked
The generation of the case where legal procedure that interface is registered initially is come into operation or not in one embodiment of this specification in interface
Its corresponding legal procedure just is set for it when coming into operation, after interface comes into operation, its corresponding legal journey cannot be changed
Sequence.
Further, it is contemplated that corresponding in order to register its for interface when an interface is registered with multiple legal procedures
Corresponding relationship between legal procedure and management interface and legal procedure just must call deployment system to step on interface by interface
The legal procedure of note is managed (increase and decrease and/or modification).The presence of above-mentioned management process will increase the possibility that system is cracked
Property.
Therefore, it in one embodiment of this specification, for either interface, in the whole life cycle of interface, is only capable of stepping on
Remember a unique legal procedure.That is, once it is determined that application program A is the legal procedure of interface B, then,
Interface B can only just be called by interface A, which can not modify.In this way, even if interface calls deployment system to be broken
Solution can not also be pretended illegal program by way of modifying the legal procedure setting of interface or increasing legal procedure for interface
At legal procedure.This just fundamentally avoids the generation that interface illegally calls.
Further, it is contemplated that the scene that various services are updated, called mutually between service, in huge enterprises application
In environment, the feature difficulty for combing out the call relation and legal procedure between service is very big.Therefore, implement in this specification one
In example, when interface is first invoked, registration calls the application program of the interface for the legal procedure of the interface.It thus can be with
Credible call relation between the clear service of the combing of automation.Specifically, the interface is called in registration when interface is first invoked
Application program be the interface legal procedure, there is no need to interface call deployment system be actively that interface directly distributes legal journey
Sequence avoids the case where meeting bring illegal program is registered as interface legal procedure when interface calls deployment system to be cracked
Occur.
Further, in one embodiment of this specification, in order to avoid illegal program disguises oneself as legal procedure, for interface
When registering legal procedure, by the way of by the binding of the program fingerprint data of interface and legal procedure.One interface is only capable of tying up
The program fingerprint data of a fixed application program, the program fingerprint data of application program are only capable of matching its corresponding application program.
When there is application program to initiate interface call request for the interface, the program fingerprint data for calling the interface to bind, verifying is worked as
Whether the preceding application program for initiating interface call request can be matched to program fingerprint data.In this way, unless can be by illegal journey
Sequence disguises oneself as legal procedure completely, and otherwise illegal program can not pass through interface and call legitimate verification.Very due to attacker
Hardly possible forges one and carrys out calling interface with the identical program of legal procedure, this safety for allowing for interface calling obtains significantly
Enhancing.
To sum up, in one embodiment of this specification, in the whole life cycle of the interface of setting, it is only capable of one application of binding
The program fingerprint data of program, also, when interface is called for the first time, the program fingerprint number of the application program of the interface will be called
According to being tied to the interface.
It is interface binding procedure finger print data according to the method for this specification embodiment, to call legitimacy in interface
Or not interface when verifying and call voucher, but verify it is current initiate application program that interface calls whether matched interfaces binding
Program fingerprint data;Scheme compared to the prior art, since the method for this specification embodiment does not use interface to call voucher,
Therefore can evade interface calls voucher to reveal brought security risk.Further, according to the side of this specification embodiment
Method is only capable of the program fingerprint data of one application program of binding in the whole life cycle of interface, so that in the conjunction of enrollment interface
The increase and decrease and modification of legal procedure are not can be carried out after method program, so that fundamentally avoiding illegal program is forged into legal journey
The generation of the case where sequence.Further, according to the method for this specification embodiment, program is carried out when interface is called for the first time and is referred to
The binding of line data enormously simplifies the deployment registering flow path of legal procedure.The method of this specification embodiment executes simple, peace
Quan Xinggao, it is possible to prevente effectively from interface is illegally called.
Below in conjunction with attached drawing, the technical solution that each embodiment of this specification provides is described in detail.
In one embodiment of this specification, as shown in Figure 1, method includes:
S100 monitors whether that there are interface call requests;
When there is the interface call request for being directed to interface, S110 judges the corresponding interface tune of the interface call request
With operation whether be the first interface interface call operation for the first time;
When the corresponding interface call operation of interface call request is the call operation of interface for the first time of first interface, S120,
The program fingerprint data and first interface that will initiate the application program of interface call request are bound, wherein first interface is configured to
Be only capable of by with itself bound in the application program of program fingerprint Data Matching call, program fingerprint is only capable of matching its corresponding
Application program is only capable of the program fingerprint data of one application program of binding in the whole life cycle of first interface.
Further, in one embodiment of this specification, method further include:
When the corresponding interface call operation of interface call request is not the call operation of interface for the first time of first interface, judgement
Initiate the program fingerprint the Data Matching whether application program of interface call request binds with first interface;
When the program fingerprint Data Matching that the application program and first interface for initiating interface call request are bound, letting pass, this is connect
Mouth call request;
When the program fingerprint data of the application program and first interface binding of initiating interface call request mismatch, intercepting should
Interface call request.
Further, in one embodiment of this specification, when the corresponding interface call operation of interface call request is first
When the call operation of interface for the first time of interface, the interface call request of letting pass.
Further, in one embodiment of this specification, in such a way that program fingerprint data are saved in specified directory
Interface and program fingerprint data are bound.Specifically, in one embodiment of this specification, for interface binding procedure finger print data
During:
Corresponding program fingerprint data are generated according to the application program for initiating interface call request;
Program fingerprint data are saved in legal procedure finger print data storage catalogue corresponding with first interface, this is legal
Program fingerprint data storage catalogue is only capable of saving a program fingerprint data.
Further, in one embodiment of this specification, as shown in Fig. 2, when the corresponding interface of interface call request calls
When operation is not the call operation of interface for the first time of first interface, in the application program for judge initiation interface call request whether with the
During the program fingerprint Data Matching of one interface binding:
S210 reads the corresponding legal procedure finger print data storage catalogue of first interface, the program wherein saved is called to refer to
Line data;
S220 judges whether the application program for initiating interface call request can be with matcher finger print data;
When the application program for initiating interface call request can be with matcher finger print data, S221, clearance interface is called
Request;
When initiate interface call request application program cannot matcher finger print data when, S222, intercept interface tune
With request.
Further, in the application scenarios for registering legal procedure by the way of save routine finger print data, if one
Corresponding program fingerprint data are preserved in the corresponding legal procedure finger print data storage catalogue of a interface, then explanation should
Interface is bound with program fingerprint data, that is to say, that the interface necessarily has already been through to be called for the first time.Therefore, in this specification
In one embodiment, by judging whether preserve program fingerprint data under the corresponding legal procedure finger print data storage catalogue of interface
It is called for the first time to judge whether the interface have passed through.Specifically, judging interface call request in one embodiment of this specification
When whether corresponding interface call operation is the call operation of interface for the first time of first interface, the corresponding legal journey of first interface is judged
Program fingerprint data whether are preserved in sequence finger print data storage catalogue.
Specifically, in one embodiment of this specification, as shown in figure 3, method includes:
S310 receives the interface call request for being directed to first interface;
S320 judges whether preserve program fingerprint number in the corresponding legal procedure finger print data storage catalogue of first interface
According to;
When there is no save routine finger print data in legal procedure finger print data storage catalogue, S330, according to initiation interface
The application program of call request generates program fingerprint data and saves;And S351, clearance interface call request;
When preserving program fingerprint data in legal procedure finger print data storage catalogue, S340 calls the program fingerprint
Data;
S350, judges whether the application program for initiating interface call request matches with program fingerprint data;
When initiating the application program and program fingerprint Data Matching of interface call request, S351, clearance interface calling is asked
It asks;
When the application program and program fingerprint data of initiating interface call request mismatch, S352 intercepts interface and calls
Request.
Further, in certain application scenarios, there is the case where more new application.Due to updating the application journey of front and back
There are data differences for sequence, this is possible to after causing application program to be updated, can not be with the program fingerprint data that have saved
Match.For this case, in one embodiment of this specification, when application program is updated, the corresponding program saved that updates refers to
Line data.
Specifically, method further includes, when the corresponding application program quilt of program fingerprint data in one embodiment of this specification
When update, the program fingerprint data saved in corresponding legal procedure finger print data storage catalogue are deleted.In this way, after updating
Application program for the first time calling interface when, by the program saved in the corresponding legal procedure finger print data storage catalogue of interface
Finger print data has been deleted, and according to the method for this specification embodiment, is equivalent to the interface and is identified as no binding procedure and refer to
Line data generate program fingerprint letter according to updated application program at this time that is, interface is identified as being first invoked
It ceases and by new program fingerprint information preservation into legal procedure finger print data storage catalogue.
Specifically, in one embodiment of this specification, as shown in Figure 4:
S410, when application program is updated, confirmation is using the application program as the interface of legal procedure;
S420 deletes the program fingerprint data in the corresponding legal procedure finger print data storage catalogue of the interface;
S430, application program in the updated for the first time calling interface when, according to updated application program generate program refer to
Line data;
The program fingerprint data being newly generated are saved in legal procedure finger print data storage catalogue by S440.
Further, in one embodiment of this specification, by taking an application scenarios as an example, it is assumed that have an interface B by program B
Operation, the program A (legal procedure that program A is interface B) of a callable interface B, interface B only allows program A to call.Interface
The program for calling the interface for the first time can be considered legal procedure by B, and in the whole life cycle of interface B, only allow this
Trusted program calling interface B.The more new technological process of program A is as shown in Figure 5.
S510, delivery system more new procedures A.
S511, program A are fed back to delivery system, and the interface B called needs synchronized update.
S520, delivery system more new procedures B and interface B.
S521, program B empty the local Key file of interface B.
After program A completes to update (S531) and program B completes to update (S532), program A calling interface B, interface B's
Key file (legal procedure finger print data storage catalogue) is written into the program fingerprint data (Secret) of updated program A.
Further, in order to avoid attacker is after learning the legal procedure verifying logic of this specification embodiment, by hand
Program fingerprint data are deleted, and legal procedure calling interface is preempted by condition competition, to be verified around legal procedure.?
In one embodiment of this specification, security monitoring is carried out to the program fingerprint data of preservation, monitors abnormal modification, delete operation.
Further, it is broken since local file is far longer than network file by the difficulty that non-local operation cracks and distorts
The difficulty for solving and distorting.Therefore, in one embodiment of this specification, the corresponding legal procedure finger print data storage catalogue position of interface
Under the local file directory of interface.Further, since program fingerprint data are stored in local file, without being stored in
In memory, when avoiding attacker in this way and restarting interface routine by hand, the generation of program fingerprint loss of data.
Further, in one embodiment of this specification, legal procedure finger print data storage catalogue in local file
Directory path is can be customized, that is, the storage location and filename of developer's available customization program fingerprint data, this is just
The difficulty that program fingerprint data are found by attacker is considerably increased, to enhance safety.
Further, in order to ensure the Corresponding matching relationship between program fingerprint data and legal procedure, prevent matching wrong
The generation for the case where unrest or program fingerprint data/legal procedure are forged, in one embodiment of this specification, program fingerprint number
According to for the program fingerprint information by computations, specifically, program fingerprint information include application program executable file and/
Or program directory.
Since program fingerprint information includes the executable file and/or program directory of application program, for legal procedure,
Attacker is difficult or even can not forge a rogue program to come through interface authentication.Because as long as attacker is to legal procedure
In be filled with malicious code, centainly will lead to the variation of program fingerprint information.
Further, in one embodiment of this specification, as shown in fig. 6, when the corresponding interface of interface call request calls
When operation is not the call operation of interface for the first time of first interface, in the application program for judge initiation interface call request whether with the
During the program fingerprint Data Matching of one interface binding:
S600 calls the program fingerprint data in the corresponding legal procedure finger print data storage catalogue of first interface;
The program fingerprint information of the application program of interface call request is initiated in S610, identification;
S620 carries out computations to the program fingerprint information for the application program for initiating interface call request;
The encryption of the program fingerprint information of the application program of S630, comparison program fingerprint data and initiation interface call request
Whether calculated result is consistent.
Further, in one embodiment of this specification, during obtaining the program fingerprint data of application program,
When application program initiates interface call request, interface gets the process of application program by information associations such as process, ports
PID.The program fingerprint data of application program are obtained according to the process PID of application program.
Specifically, after getting the process PID of application program, operating system in Linux in one embodiment of this specification
The following feature of the process is obtained under system:
1. order line :/proc/pid/cmdline, the complete order row of the process;
2. executing file :/proc/pid/exe executes the binary file address of the process;
3. working directory :/proc/pid/cwd, the work at present catalogue of the process;
4. environmental variance :/proc/pid/environ, the environmental variance of the process;
5. the file opened :/proc/pid/fd, the file information which opens.
Further, in certain application scenarios, get above several process features does not prove application program also enough
Identity uniqueness, therefore, in one embodiment of this specification, it is also necessary to features described above into carrying out following feature extraction:
1. extracting the content Hash (cryptographic Hash, hashed value) of order line.Extracting method: md5sum/proc/pid/
cmdline
2. extracting the filename of executable file, attribute, modification time, content Hash.Extracting method: stat/proc/
Pid/exe, md5sum/proc/pid/exe
3. extracting the directory name of working directory, attribute, modification time.Extracting method: stat/proc/pid/exe
4. the content Hash of extraction environment variable.Extracting method: md5sum/proc/pid/environ
5. extracting the filename for opening file, attribute, modification time, content Hash.Extracting method: stat/proc/pid/
Fd/0, md5sum/proc/pid/fd/0.
It is extracted by features described above, shares following 13 specific features values:
1. order line Hash
2. executable file name
3. executable file attribute
4. executable file modification time
5. executable file content Hash
6. working directory name
7. working directory attribute
8. working directory modification time
9. environmental variance content Hash
10. the filename opened
11. the file attribute opened
12. the filemodetime opened
13. the file content Hash opened.
Further, it in one embodiment of this specification, is encrypted by Md5, to above-mentioned 13 hash values according to certain
Format is encrypted.Specifically, in one embodiment of this specification, using directly carrying out Md5 encryption after string-concatenation.Encryption
Content afterwards is the program fingerprint data of application program.
Further, since program fingerprint data need order line, executable file, the file of opening etc. of capture program
Progress information.Therefore, in one embodiment of this specification, on deployment mode, legal procedure and interface must be deployed in same
On platform server.
Specifically, in one embodiment of this specification, by taking an application scenarios as an example, it is assumed that there is an interface B to be transported by program B
Row, the program A (legal procedure that program A is interface B) of a callable interface B, interface B only allows program A to call.Interface B
The program for calling the interface for the first time can be considered legal procedure, and in the whole life cycle of interface B, only allow this can
Believe routine call interface B.It is as shown in Figure 7 for the call flow of interface B.
S710, program A initiate request call interface B for the first time.
After S720, interface B are called, the finger print information of recognizer A first gets executable file, the journey of program A
Preface and table of contents record etc. information, and carry out series of algorithms and encrypt to obtain the program fingerprint data (Secret) of program A.
Interface B obtains the program fingerprint data locally saved, and program fingerprint data are stored in local Key file (legal journey
Sequence finger print data storage catalogue) in.
S731, if local Key file content is sky, interface B thinks it oneself is to be called for the first time, allows any journey
Sequence is called;
S732, if local Key file content is not sky, interface B can be by the Secret of program A and local Key file content
It compares, comparing successfully just allows to call.
Due to being to call for the first time, therefore local Key file content is sky, interface B has learnt that program A is legal journey at this time
Sequence.
S740, interface B will be in the Secret write-in local Key files of legal procedure A.
S750, interface B allow program A to call, and interface call result is returned to program A.
At this point, it is the legal procedure that can call oneself that interface B, which has obtained program A, and by the identity documents of legal procedure A
It has been stored in after encryption in local Key file.
Second of S760, program A (n-th) initiate request call interface B2.
S761, the finger print information of interface B recognizer A get executable file, program directory of program A etc. letter
Breath, and carry out series of algorithms and encrypt to obtain the Secret of program A.
S762, interface B obtain local Key file content, and local Key file content is not sky, and interface B is by program A's
Secret is compared with local Key file content.
S763, by comparing, the Secret of program A is identical as local Key file content.
S764, interface B allow program A to call, and interface call result is returned to program A.
Further, in one embodiment of this specification, by taking an application scenarios as an example, it is assumed that have an interface B by program B
Operation, the program A (legal procedure that program A is interface B) of a callable interface B, interface B only allows program A to call.Interface
The program for calling the interface for the first time can be considered legal procedure by B, and in the whole life cycle of interface B, only allow this
Trusted program calling interface B.Assuming that attacker invades interface B now.Attacker has write a program C and has carried out illegal calling interface
B, then the process of program C calling interface B is as shown in Figure 8.
S810, program C initiate request call interface B.
After S820, interface B are called, the finger print information of recognizer C gets executable file, the program mesh of program C
Record etc. information, and carry out series of algorithms and encrypt to obtain the Secret of program C.
Interface B obtains the content of local Key file, if Key file content is sky, interface B thinks it oneself is for the first time
It is called, allow any routine call.
S830, if Key file content is not sky, interface B can compare Secret and Key content, judge Secret and Key
Whether content is identical.
S831, through comparing, Key file content is different from the Secret content of program C.
S840, interface B do not allow program C to call, and return to malloc failure malloc.
Further, this specification embodiment also proposed a kind of interface calling system, as shown in figure 9, system includes:
Interface call request monitoring modular 910 is used for the judgement when there is the interface call request for being directed to first interface
The corresponding interface call operation of interface call request whether be first interface interface call operation for the first time;
Legal procedure Registration Module 920 is used to when the corresponding interface call operation of interface call request be first interface
The call operation of interface for the first time when, the program fingerprint data of application program for initiating interface call request are tied up with first interface
It is fixed, wherein the first interface be configured to be only capable of by with itself bound in the application program of program fingerprint Data Matching adjust
With program fingerprint is only capable of matching its corresponding application program, in the whole life cycle of the first interface, is only capable of binding one
The program fingerprint data of a application program.
Further, based on method of the invention, the invention also provides one kind in the processing of user equipment client information
Equipment, which includes the memory for storing computer program instructions and the processor for executing program instructions,
In, when the computer program instructions are executed by the processor, triggers the equipment and execute method of the present invention.
In the 1990s, the improvement of a technology can be distinguished clearly be on hardware improvement (for example,
Improvement to circuit structures such as diode, transistor, switches) or software on improvement (improvement for method flow).So
And with the development of technology, the improvement of current many method flows can be considered as directly improving for hardware circuit.
Designer nearly all obtains corresponding hardware circuit by the way that improved method flow to be programmed into hardware circuit.Cause
This, it cannot be said that the improvement of a method flow cannot be realized with hardware entities module.For example, programmable logic device
(Programmable Logic Device, PLD) (such as field programmable gate array (Field Programmable Gate
Array, FPGA)) it is exactly such a integrated circuit, logic function determines device programming by user.By designer
Voluntarily programming comes a digital display circuit " integrated " on a piece of PLD, designs and makes without asking chip maker
Dedicated IC chip.Moreover, nowadays, substitution manually makes IC chip, this programming is also used instead mostly " is patrolled
Volume compiler (logic compiler) " software realizes that software compiler used is similar when it writes with program development,
And the source code before compiling also write by handy specific programming language, this is referred to as hardware description language
(Hardware Description Language, HDL), and HDL is also not only a kind of, but there are many kind, such as ABEL
(Advanced Boolean Expression Language)、AHDL(Altera Hardware Description
Language)、Confluence、CUPL(Cornell University Programming Language)、HDCal、JHDL
(Java Hardware Description Language)、Lava、Lola、MyHDL、PALASM、RHDL(Ruby
Hardware Description Language) etc., VHDL (Very-High-Speed is most generally used at present
Integrated Circuit Hardware Description Language) and Verilog.Those skilled in the art also answer
This understands, it is only necessary to method flow slightly programming in logic and is programmed into integrated circuit with above-mentioned several hardware description languages,
The hardware circuit for realizing the logical method process can be readily available.
Controller can be implemented in any suitable manner, for example, controller can take such as microprocessor or processing
The computer for the computer readable program code (such as software or firmware) that device and storage can be executed by (micro-) processor can
Read medium, logic gate, switch, specific integrated circuit (Application Specific Integrated Circuit,
ASIC), the form of programmable logic controller (PLC) and insertion microcontroller, the example of controller includes but is not limited to following microcontroller
Device: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicone Labs C8051F320 are deposited
Memory controller is also implemented as a part of the control logic of memory.It is also known in the art that in addition to
Pure computer readable program code mode is realized other than controller, can be made completely by the way that method and step is carried out programming in logic
Controller is obtained to come in fact in the form of logic gate, switch, specific integrated circuit, programmable logic controller (PLC) and insertion microcontroller etc.
Existing identical function.Therefore this controller is considered a kind of hardware component, and to including for realizing various in it
The device of function can also be considered as the structure in hardware component.Or even, it can will be regarded for realizing the device of various functions
For either the software module of implementation method can be the structure in hardware component again.
System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity,
Or it is realized by the product with certain function.It is a kind of typically to realize that equipment is computer.Specifically, computer for example may be used
Think personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media play
It is any in device, navigation equipment, electronic mail equipment, game console, tablet computer, wearable device or these equipment
The combination of equipment.
For convenience of description, it is divided into various units when description apparatus above with function to describe respectively.Certainly, implementing this
The function of each unit can be realized in the same or multiple software and or hardware when application.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention
Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more,
The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces
The form of product.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
In a typical configuration, calculating equipment includes one or more processors (CPU), input/output interface, net
Network interface and memory.
Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/or
The forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable medium
Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method
Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves
State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable
Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM),
Digital versatile disc (DVD) or other optical storage, magnetic cassettes, tape magnetic disk storage or other magnetic storage devices
Or any other non-transmission medium, can be used for storage can be accessed by a computing device information.As defined in this article, it calculates
Machine readable medium does not include temporary computer readable media (transitory media), such as the data-signal and carrier wave of modulation.
It should also be noted that, the terms "include", "comprise" or its any other variant are intended to nonexcludability
It include so that the process, method, commodity or the equipment that include a series of elements not only include those elements, but also to wrap
Include other elements that are not explicitly listed, or further include for this process, method, commodity or equipment intrinsic want
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including described want
There is also other identical elements in the process, method of element, commodity or equipment.
The application can describe in the general context of computer-executable instructions executed by a computer, such as program
Module.Generally, program module includes routines performing specific tasks or implementing specific abstract data types, programs, objects, group
Part, data structure etc..The application can also be practiced in a distributed computing environment, in these distributed computing environments, by
Task is executed by the connected remote processing devices of communication network.In a distributed computing environment, program module can be with
In the local and remote computer storage media including storage equipment.
All the embodiments in this specification are described in a progressive manner, same and similar portion between each embodiment
Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for system reality
For applying example, since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to embodiment of the method
Part explanation.
The above description is only an example of the present application, is not intended to limit this application.For those skilled in the art
For, various changes and changes are possible in this application.All any modifications made within the spirit and principles of the present application are equal
Replacement, improvement etc., should be included within the scope of the claims of this application.