CN115935379A

CN115935379A - Service processing method, device, equipment and computer readable storage medium

Info

Publication number: CN115935379A
Application number: CN202110993491.4A
Authority: CN
Inventors: 黎相敏; 张韬
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2021-08-26
Filing date: 2021-08-26
Publication date: 2023-04-07

Abstract

The embodiment of the application discloses a service processing method, a device, equipment and a computer readable storage medium. The method comprises the following steps: under the condition of receiving a service processing request sent by a service demand party, selecting a target service processing logic from M pre-deployed service processing logics according to the service processing request, wherein M is a positive integer, performing service processing on service data by adopting the target service processing logic to obtain a service processing result, generating a use certificate of the target service processing logic, using the use certificate to prove that the target service processing logic is legally executed, returning feedback information carrying the service processing result to the service demand party, and exposing the use certificate to the service demand party. By the embodiment of the application, the service processing result can meet the requirement of a service demand side, so that the reliability and the credibility of the service processing result are improved; wherein the traffic data may be advertisement data.

Description

Service processing method, device, equipment and computer readable storage medium

Technical Field

The present application relates to the field of internet technologies, and in particular, to a method, an apparatus, a device, and a computer-readable storage medium for service processing.

Background

With the continuous development of computer technology, more and more services are shifted to the internet for execution. Some business data are usually maintained by a designated business processor for data security, privacy and other reasons (such as data related to personal information of users, enterprise confidentiality and the like); when a certain service demand party has a service processing demand for service data, the service processing party maintaining the service data needs to perform service processing on the corresponding service data, so as to return a service processing result to the service demand party. Since the service processing party and the service requiring party are independent from each other, the result of service processing may be unreliable; therefore, how to perform service processing on the service data to improve the reliability of the service processing result becomes a current research hotspot.

Disclosure of Invention

Embodiments of the present invention provide a service processing method, an apparatus, a device, and a computer-readable storage medium, which can enable a service processing result to meet a requirement of a service demander, and improve reliability and reliability of the service processing result.

On one hand, the embodiment of the application provides a service processing method, which is executed by service processing equipment, wherein service data and M service processing logics are stored in a storage space of the service processing equipment; m business processing logics are pre-deployed into the storage space by a business demand side, and M is a positive integer; the method comprises the following steps:

under the condition of receiving a service processing request sent by a service demand party, selecting a target service processing logic from M service processing logics according to the service processing request;

performing service processing on the service data by adopting target service processing logic to obtain a service processing result;

after the business processing result is obtained, generating a use certificate of the target business processing logic, wherein the use certificate is used for proving that the target business processing logic is legally executed;

and returning the feedback information carrying the service processing result to the service demand party, and exposing the use certificate to the service demand party, so that the service demand party analyzes the service processing result from the feedback information after determining that the feedback information is credible based on the use certificate.

On one hand, the embodiment of the application provides a service processing method, which is executed by service demand equipment used by a service demand party, wherein the service demand equipment is used for pre-deploying M service processing logics into a storage space of the service processing equipment, the storage space also stores service data, and M is a positive integer; the method comprises the following steps:

sending a service processing request to service processing equipment so that the service processing equipment selects target service processing logic from the M service processing logics according to the service processing request; performing service processing on the service data by adopting a target service processing logic to obtain a service processing result; after the service processing result is obtained, generating a use certificate of the target service processing logic, wherein the use certificate is used for proving that the target service processing logic is legally executed;

receiving feedback information returned by the service processing equipment, wherein the feedback information carries a service processing result;

and performing credibility verification on the feedback information based on the use certificate exposed by the service processing equipment, and analyzing a service processing result from the feedback information after the feedback information is determined to be credible.

On one hand, the embodiment of the application provides a service processing device, which is mounted in service processing equipment, wherein service data and M service processing logics are stored in a storage space of the service processing equipment; m business processing logics are pre-deployed into the storage space by a business demand side, and M is a positive integer; the service processing device comprises:

the processing unit is used for selecting a target business processing logic from the M business processing logics according to the business processing request under the condition of receiving the business processing request sent by the business demand side;

the system comprises a target business processing logic, a business processing logic and a business processing module, wherein the target business processing logic is used for processing business data to obtain a business processing result;

and after obtaining the business processing result, generating a use certificate of the target business processing logic, wherein the use certificate is used for proving that the target business processing logic is legally executed;

and the feedback information carrying the service processing result is returned to the service demand party, and the use voucher is exposed to the service demand party, so that the service demand party can analyze the service processing result from the feedback information after determining that the feedback information is credible based on the use voucher.

In one embodiment, the memory space of the business processing device includes a trusted execution environment, M business processing logics are pre-deployed in the trusted execution environment;

the processing unit is configured to perform service processing on the service data by using a target service processing logic to obtain a service processing result, and specifically configured to:

and in the trusted execution environment, performing service processing on the service data by adopting a target service processing logic to obtain a service processing result.

In one embodiment, the service processing request carries a public key of the service data;

the processing unit is configured to generate a usage certificate of the target service processing logic after obtaining the service processing result, and specifically configured to:

acquiring a target byte sequence for generating a use certificate, wherein the target byte sequence is generated based on a public key of service data;

encrypting the target byte sequence to obtain a target encryption result;

and protecting the integrity of the target encryption result by adopting a private key of the trusted execution environment, and determining the protection processing result as a use certificate of the target business processing logic.

In one embodiment, the service processing request further carries: a check parameter for checking whether the feedback information is attacked by replay; the target byte sequence is obtained by splicing a public key and a check parameter of the service data;

the processing unit is configured to return feedback information carrying a service processing result to the service requiring party, and expose the usage credential to the service requiring party, and specifically configured to:

generating feedback information carrying a service processing result;

generating response information of the service processing request by adopting the feedback information, the use certificate and the target encryption result;

and sending the response information to the service demand party.

In one embodiment, the processing unit is further configured to:

receiving a logic deployment request sent by a service demand party, wherein the logic deployment request carries any processing logic source code and a first logic encoding and decoding, and the first logic encoding and decoding is obtained by compiling any processing logic source code by the service demand party according to a code format matched with a trusted execution environment;

according to any processing logic source code, carrying out accuracy check on the first logic compiled code;

and if the first logic coding and decoding code passes the accuracy check, the first logic coding and decoding code is used as a service processing logic and is stored in the trusted execution environment.

In an embodiment, the processing unit is configured to, according to any processing logic source code, perform accuracy check on the first logic compiled code, and specifically configured to:

compiling any processing logic source code locally on the service processing equipment according to a code format adaptive to the trusted execution environment to obtain a second logic compiled code;

if the second logic compiled code is matched with the first logic compiled code, determining that the first logic compiled code passes accuracy verification;

and if the second logic compiled code is not matched with the first logic compiled code, determining that the first logic compiled code does not pass the accuracy check.

In one embodiment, the service processing device is located in a federation chain network, the federation chain network includes P federation chain nodes and federation chains, the service processing device is any one of the P federation chain nodes, P is an integer greater than 1; the storage space of the service processing equipment comprises a alliance chain, and M service processing logics are pre-deployed in the alliance chain;

performing service processing on the service data by adopting target service processing logic to obtain a target processing result;

broadcasting the service data to Q reference alliance chain nodes so that each reference alliance chain node performs service processing on the service data by adopting target service processing logic in an alliance chain to obtain a reference processing result; reference coalition link points refer to: q is more than or equal to 1 and less than or equal to P-1 of the alliance link nodes except the business processing equipment in the alliance link network;

receiving Q reference processing results returned by Q reference alliance chain nodes, wherein one reference alliance chain node returns one reference processing result;

and selecting one processing result from the target processing result and the Q reference processing results as a service processing result.

In one embodiment, the processing unit is configured to select one processing result from the target processing result and the Q reference processing results as a service processing result, and specifically configured to:

counting the repetition rate of each processing result in the target processing result and the Q reference processing results;

and selecting the processing result with the maximum repetition rate as a service processing result, or selecting the processing result with the repetition rate larger than a target threshold value as the service processing result.

In one embodiment, the service processing device is any federated link node in a federated link network;

signing and endorsement are carried out on the service processing result to obtain target endorsement information;

and generating a target block containing a business processing result and target endorsement information, and determining the target block as a use certificate of the target business processing logic.

In one embodiment, the processing unit is configured to expose the usage credential to the service demander, and specifically is configured to:

storing the usage credentials onto a federation chain;

after the usage certificate is successfully stored in the alliance chain, the block identification corresponding to the usage certificate is sent to the business requirement party, so that the usage certificate is exposed to the business requirement party.

In one embodiment, the processing unit is further configured to:

receiving a logic deployment request sent by a service demand party, wherein the logic deployment request carries any intelligent contract source code, and the intelligent contract source code refers to: the service demand side writes a processing logic source code according to the format of the intelligent contract;

in the alliance chain network, carrying out consensus processing on any intelligent contract source code;

and if any intelligent contract source code passes the consensus processing, any intelligent contract source code is used as a service processing logic and added into the alliance chain.

On one hand, the embodiment of the application provides a service processing device, which is carried in service demand equipment used by a service demand party, wherein the service demand equipment is used for pre-deploying M service processing logics into a storage space of the service processing equipment, the storage space further stores service data, and M is a positive integer; the service processing device comprises:

the processing unit is used for sending a service processing request to the service processing equipment so that the service processing equipment selects a target service processing logic from the M service processing logics according to the service processing request; performing service processing on the service data by adopting target service processing logic to obtain a service processing result; after the business processing result is obtained, generating a use certificate of the target business processing logic, wherein the use certificate is used for proving that the target business processing logic is legally executed;

the acquisition unit is used for receiving feedback information returned by the service processing equipment, and the feedback information carries a service processing result;

and the processing unit is also used for carrying out credibility verification on the feedback information based on the use certificate exposed by the service processing equipment, and analyzing a service processing result from the feedback information after the feedback information is determined to be credible.

In an embodiment, the obtaining unit is configured to receive feedback information returned by the service processing device, and specifically is configured to:

receiving response information returned by the business processing equipment, wherein the response information comprises feedback information, a use certificate and a target encryption result;

the service processing equipment adopts a private key of a trusted execution environment to protect the integrity of a target encryption result, and the target encryption result is obtained by encrypting a target byte sequence;

the processing unit is used for performing credible verification on the feedback information based on the use certificate exposed by the business processing equipment, and is specifically used for

Requesting the remote certification equipment to carry out validity check on the use certificate exposed by the service processing equipment;

if the use certificate passes the validity check, determining that the integrity of the target encryption result in the response information is not damaged;

and carrying out credible verification on the feedback information according to the target encryption result.

In one embodiment, the service processing request further carries: a check parameter for checking whether the service demander is attacked by replay; the target byte sequence is obtained by splicing a public key and a check parameter of the service data by the service processing equipment;

the processing unit is configured to perform trusted verification on the feedback information according to the target encryption result, and specifically configured to:

splicing the public key and the verification parameter of the service data to obtain a reference byte sequence; encrypting the reference byte sequence to obtain a reference encryption result;

if the reference encryption result is matched with the target encryption result, determining that the feedback information is not attacked by replay, and determining that the feedback information passes trusted verification; and if the reference encryption result is not matched with the target encryption result, the feedback information is attacked by replay, and the feedback information is determined not to pass the credible verification.

Accordingly, the present application provides a smart device comprising:

a processor for loading and executing a computer program;

a computer-readable storage medium, in which a computer program is stored, which, when executed by a processor, implements the service processing method described above.

Accordingly, the present application provides a computer-readable storage medium storing a computer program adapted to be loaded by a processor and to execute the above-mentioned service processing method.

Accordingly, the present application provides a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer readable storage medium, and the processor executes the computer instructions, so that the computer device executes the service processing method.

In the embodiment of the application, under the condition of receiving a service processing request sent by a service demand party, selecting a target service processing logic from M pre-deployed service processing logics according to the service processing request, and performing service processing on service data by adopting the target service processing logic to obtain a service processing result; because the M business processing logics are all pre-deployed in the business processing equipment by the business demander, the target business processing logic selected from the M business processing logics can meet the requirement of the business demander, so that the business processing result obtained based on the target business processing logic meets the requirement of the business demander, and the reliability of the business processing result is improved. Furthermore, the service processing equipment can also generate a use certificate of the target service processing logic and expose the use certificate to the service demand party to inform the service demand party that the target service processing logic is legally executed; therefore, the service requiring party can determine the service processing result carried in the feedback information based on the use certificate and obtain the service processing result according to the target service processing logic, and the reliability and the credibility of the service processing result can be further improved.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.

Fig. 1a is a scene diagram of a service process according to an exemplary embodiment of the present application;

fig. 1b is a block diagram of a service processing device according to an exemplary embodiment of the present application;

FIG. 1c is a schematic illustration of a federation chain provided in accordance with an exemplary embodiment of the present application;

fig. 1d is a schematic structural diagram of a block chain according to an exemplary embodiment of the present application;

fig. 2 is a flowchart of a service processing method according to an exemplary embodiment of the present application;

fig. 3 is a flowchart of another service processing method provided in an exemplary embodiment of the present application;

FIG. 4a is a schematic diagram illustrating a business process logic deployment according to an exemplary embodiment of the present application;

FIG. 4b is a schematic diagram illustrating a business process logic flow according to an exemplary embodiment of the present application;

FIG. 4c is a diagram of a business process architecture provided in an exemplary embodiment of the present application;

fig. 5 is a flowchart of another service processing method according to an exemplary embodiment of the present application;

fig. 6 is a flowchart of another service processing method according to an exemplary embodiment of the present application;

fig. 7 is a schematic structural diagram of a service processing apparatus according to an exemplary embodiment of the present application;

fig. 8 is a schematic structural diagram of another service processing apparatus according to an exemplary embodiment of the present application;

fig. 9 is a schematic structural diagram of an intelligent device according to an exemplary embodiment of the present application.

Detailed Description

The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.

The embodiment of the application provides a business processing scheme and a business processing system, so that a business processing result meets the requirement of a business demand side, and the reliability and the credibility of the business processing result are improved. As shown in fig. 1a, the service processing system may at least include: a terminal device 101 and a service processing device 102 used by a service demander. The service processing scheme provided by the embodiment of the present application may be executed by the service processing device 102, where the service processing device 102 may be a terminal device or a server storing service data and M service processing logics, where M is a positive integer. The terminal device may include, but is not limited to: the examples of the present disclosure include, but are not limited to, smart phones (such as Android phones, IOS phones, etc.), tablet computers, portable personal computers, mobile internet devices (MID for short), smart voice interaction devices, smart appliances, and vehicle terminals. The server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a Network service, cloud communication, a middleware service, a domain name service, a security service, a CDN (Content Delivery Network), a big data and an artificial intelligence platform, which is not limited in the embodiment of the present application.

In a specific implementation, the general principle of the service processing scheme is as follows: under the condition that the service processing device 102 receives a service processing request sent by a service demander, selecting a target service processing logic (for example, the service processing request carries an identifier of the target service processing logic) from M pre-deployed service processing logics according to the service processing request; adopting a target business processing logic to perform business processing (such as resource settlement and data correction) on business data to obtain a business processing result, and generating a use certificate of the target business processing logic, wherein the use certificate is used for proving that the target business processing logic is legally executed (namely used for proving that the business processing result is obtained by processing the business data by adopting the target business processing logic); returning the feedback information carrying the service processing result to the service requiring party, and exposing the use certificate to the service requiring party (for example, sending the use certificate to the service requiring party, or granting the service requiring party permission to view the use certificate, etc.); after the service demander determines that the feedback information is trusted based on the usage certificate (for example, the service demander can request a third party to verify the usage certificate and further determine whether the feedback information is trusted), a service processing result can be analyzed from the feedback information.

The step of performing service processing (such as resource settlement and data correction) on service data by using the target service processing logic to obtain a service processing result may be implemented in various ways, specifically as follows:

in one specific implementation, the service processing device 102 may perform service processing on the service data by using a target service processing logic with the help of a Trusted Execution Environment (TEE) to obtain a service processing result. In this specific implementation, a trusted execution environment may be deployed inside the service processing device 102, and the M service processing logics may be deployed in the trusted execution environment, so that the service processing device 102 may obtain a service processing result and a corresponding use credential in the trusted execution environment, thereby improving reliability and trustworthiness of the service processing result, as shown in fig. 1 b.

Specifically, the service processing device 102 may at least include: trusted execution environment, other zones, and hardware supporting trusted computing, as shown in FIG. 1 b. The trusted execution environment may include M service processing logics, and an API (Application Programming Interface) Interface of the trusted execution environment; the trusted execution environment can ensure that the service processing result obtained in the trusted execution environment is reliable through the combination of hardware and software. Other areas may include other modules, other API interfaces, and operating systems (e.g., android, IOS operating systems, etc.); the hardware may include a video transmitter for communication, a Central Processing Unit (CPU), a hard disk, etc. Trusted computing is based on hardware (trusted execution environment) to protect computing process security, data privacy and authenticate data integrity, source reliability, etc.; the method comprises the following steps that a memory access control mechanism and a memory encryption mechanism are arranged outside, namely, the outside comprises an operating system and does not have access authority of a memory space in a trusted computing domain; and a remote authentication mechanism is provided for remotely proving that the logic and the like operated by the trusted execution environment are not tampered. The effect achieved by using trusted computing is that data and program logic in the trusted computing domain cannot be snooped by the external environment without active output, and the business processing result obtained in the trusted execution environment is reliable.

The TEE is positioned in a chip, a public-private key pair is generated by adopting an asymmetric encryption mode, and a private key is written into the chip when the chip is produced, so that a file encrypted by a public key corresponding to the chip can be decrypted only in the chip to obtain information in the file. It should be noted that the private key in each chip is unique and not tampered. The chip manufacturer produces the corresponding certification information of each chip when producing the chip, the user carries the corresponding certification information when providing the public key of the trusted execution environment, and the owner of the digital product can verify whether the public key of the trusted execution environment provided by the user is real or not to the chip manufacturer through the certification information. The remote certification is a method for the trusted execution environment to prove the legitimacy of the hardware of the environment where the trusted execution environment runs to a third party. Generally, after a third party initiates a challenge, the trusted execution environment sends an information set including hash measurement of own code logic, signs the information set, and returns the signed information set to the third party for identity verification. If the verification is successful, the remote attestation is complete.

In another specific implementation, the service processing device 102 may perform service processing on the service data by using the target service processing logic through the alliance link network, so as to obtain a service processing result. A alliance-link network (such as Fabric, terdermint) is a practical application of blockchain. The alliance chain network has functions of authority control and the like, and only alliance members can see the block chain data. The alliance chain network is a data distribution network based on a Gossip protocol, information (Gossip) is propagated by a seed node, when the state of the seed node needs to be updated to other nodes in the alliance chain network, the seed node randomly selects a plurality of surrounding nodes to disseminate messages, and the nodes receiving the messages repeat the process (namely randomly selecting a plurality of surrounding nodes to disseminate the messages) until all the nodes in the alliance chain network receive the messages.

Referring to fig. 1c, a federation chain network may include a plurality of federation chain nodes, each federation chain node storing an identical federation chain. The alliance chain is composed of a plurality of blocks, referring to fig. 1d, the alliance chain is composed of a plurality of blocks, the creature block comprises a block header and a block main body, the block header stores an input information characteristic value, a version number, a timestamp and a difficulty value, and the block main body stores input information; the next block of the created block takes the created block as a parent block, the next block also comprises a block head and a block main body, the block head stores the input information characteristic value of the current block, the block head characteristic value of the parent block, the version number, the timestamp and the difficulty value, and the like, so that the block data stored in each block in the block chain is associated with the block data stored in the parent block, and the safety of the input information in the block is ensured.

In this specific implementation, the service processing device 102 may be a federation chain node in a federation chain network, and the M service processing logics may be stored in the federation chain in the form of an intelligent contract, so that the service processing device 102 may request all or part of federation chain nodes in the federation chain network except the service processing device 102 to obtain a service processing result and a corresponding use certificate by calling a target intelligent contract corresponding to the target service processing logic, thereby improving reliability and reliability of the service processing result.

The business processing scheme can be applied to the directional popularization of music, multimedia files and advertisements (different types of music, multimedia files and advertisements are recommended to different types of users); the method can also be applied to various application scenes such as tour planning (such as route selection) made according to the requirements of users) and the like. Accordingly, the service data mentioned above may be any data related to a service, such as advertisement data, or multimedia data, or virtual article transfer records, or service book data and fund flow data, and so on.

Taking the service processing scheme applied to the targeted popularization of the advertisement and the service data is the advertisement data as an example, the application process of the service processing scheme is as follows: after receiving an advertisement delivery request (i.e., a service processing request) sent by a service demander (e.g., an advertisement delivery provider), the service processing device 102 selects a target service processing logic from M pre-deployed service processing logics (e.g., delivering an advertisement to a male user, delivering an advertisement to a user over 20 years old, etc.) according to the advertisement delivery request, delivers advertisement data according to the target service processing logic to obtain a delivery result (i.e., a service processing result), and generates a use certificate of the target service processing logic, where the use certificate is used to prove that the delivery result is obtained by executing the target service processing logic (i.e., prove that the advertisement has been delivered according to the requirements of the advertisement delivery provider), returns feedback information carrying the delivery result to the advertisement delivery provider, and exposes the use certificate to the advertisement delivery provider.

In the embodiment of the application, under the condition of receiving a service processing request sent by a service demand party, selecting a target service processing logic from M pre-deployed service processing logics according to the service processing request, and performing service processing on service data by adopting the target service processing logic to obtain a service processing result; because the M service processing logics are all pre-deployed in the service processing equipment by the service demand side, the target service processing logic selected from the M service processing logics can meet the requirements of the service demand side, so that the service processing result obtained based on the target service processing logic meets the requirements of the service demand side, and the reliability of the service processing result is improved. Furthermore, the service processing equipment can also generate a use certificate of the target service processing logic and expose the use certificate to the service demand party to inform the service demand party that the target service processing logic is legally executed; therefore, the service requiring party can determine the service processing result carried in the feedback information based on the use certificate and obtain the service processing result according to the target service processing logic, and the reliability and the credibility of the service processing result can be further improved.

Based on the above description of the service processing method, the embodiment of the present application provides a service processing method, which can be executed by the service processing device 102 mentioned above; the storage space of the business processing equipment stores business data and M business processing logics; the M service processing logics are pre-deployed into the storage space by a service demand side, and M is a positive integer; referring to fig. 2, the service processing method may include the following steps S201 to S204:

s201, according to the service processing request, selecting a target service processing logic from the M service processing logics.

The service processing request is used for requesting to adopt a target processing logic in the M service processing logics to process one or more service data stored in the service processing equipment. The target business process logic is determined based on the business process request. In an implementation manner, the service processing request may carry a summary or an identifier of the target service processing logic, and the service processing device selects the target service processing logic from the M service processing logics according to the summary or the identifier carried in the service processing request. In another embodiment, M types of services are further stored in the storage space of the service processing device, each type of service corresponds to one service processing logic, and the service processing device may determine the target service processing logic according to the type to which the service data requested to be processed belongs.

S202, performing service processing on the service data by adopting a target service processing logic to obtain a service processing result.

In practical application, the number of the service data and the target service processing logic may be set according to practical situations, which is not limited in the present application. With different service data, the target service processing logic can be different; for example, the service data is a virtual article transfer record, and the target service processing logic may be processing logic for settling the virtual resource according to the virtual article transfer record; for another example, the business data is business account book data and fund flow data, and the target business processing logic may be to perform accounting on the fund flow data through the business account book data. It should be noted that, if the result of the service processing includes at least one piece of sensitive data (for example, the service processing is data copy), the data desensitization processing is performed on at least one piece of sensitive data in the result of the service processing to ensure that the result of the service processing can be provided to the service demander, that is, the service demander cannot obtain the sensitive data stored in the service processing device through the received result of the service processing.

The data desensitization processing refers to the steps of adopting a desensitization algorithm to shield, randomly replace, disorder process and encrypt sensitive data, converting the sensitive data into fictional data, anonymizing personal information and providing basic guarantee for safe use of the data. Meanwhile, on the premise of not changing the logic of a service system, the desensitized data is ensured to keep the characteristics and distribution of the original data, the effectiveness and the availability of the data are ensured, and the desensitized data can be safely applied to testing, development, analysis and third-party use environments.

And S203, generating a use certificate of the target business processing logic.

The usage credentials are used to prove that the target business processing logic has been legitimately executed. In one embodiment, the storage space of the business processing device comprises a trusted execution environment, and the use certificate is composed of signature information and software and hardware measurement information. The signature information is obtained by adopting a private key of a trusted execution environment to carry out signature; the signature information is used to indicate: the data used to generate the service processing result is the service data indicated by the service requiring party. The software and hardware measurement information is generated based on the target business processing logic, and the software and hardware measurement information is used for indicating that the business processing logic corresponding to the business processing result is the target business processing logic indicated by the business demand party. That is to say, the use of the credential may prove that the service processing result is obtained by performing service processing on the service data indicated by the service demander in the trusted execution environment by using the target service processing logic indicated by the service demander. After obtaining the usage certificate, the business requiring party may verify the validity of the usage certificate to a third party (e.g., a chip manufacturer of a trusted execution environment). If the use certificate passes the verification, the service processing result received by the service demand party is obtained by performing service processing on the service data by adopting the target service processing logic in the trusted execution environment.

In another embodiment, the service processing device belongs to a federation chain network, the federation chain network includes P federation chain nodes and federation chains, P is a positive integer; the service processing equipment is a alliance link node in an alliance link network, an alliance link and intelligent contracts corresponding to all service processing logics are stored in a storage space of the service processing equipment, a use certificate refers to a block carrying a service processing result, and the block is generated according to the service processing result after P alliance nodes process service data according to the intelligent contracts corresponding to target service processing logics. After the service requiring party obtains the service processing result, the service requiring party can determine that the service processing result is obtained after the service data is processed according to the intelligent contract corresponding to the target service processing logic through the block carrying the service processing result.

And S204, returning the feedback information carrying the service processing result to the service demand party, and exposing the use certificate to the service demand party.

The feedback information is used for feeding back the service processing request, and the feedback information comprises a service processing result. According to actual requirements, the service processing result can be unencrypted plaintext data or ciphertext data encrypted according to a preset encryption algorithm. The service credential is exposed to the service demander, which means that the service demander obtains the service credential directly or indirectly.

In one embodiment, the usage credential is generated by a trusted execution environment of the business processing device. After generating the usage certificate, the service processing device may package the usage certificate into the feedback information, and send the packaged feedback information to the service demander (i.e., directly provide the usage certificate to the service demander).

In another embodiment, the usage certificate refers to a block carrying a service processing result, and the service processing device may open a federation link access right to a service demander or a third party authority (e.g., a supervisor), so that the service demander or the third party authority has a right to view the block carrying the service processing result (i.e., indirectly let the service demander obtain the usage certificate).

Further, after the certificate is verified (for example, a notification that the certificate is verified by a third party is received or a block carrying a service processing result exists in the federation chain is confirmed), the service demander may determine that the feedback information is authentic, and further analyze the service processing result from the feedback information.

Based on the description of the foregoing service processing method, an embodiment of the present application provides another service processing method, which can be executed by the service processing device 102 mentioned above; the storage space of the business processing equipment comprises a trusted execution environment, and business data are stored in the storage space; referring to fig. 3, the service processing method may include the following steps S301 to S311:

s301, receiving a logic deployment request sent by a service demand party.

The logic deployment request is used for requesting the deployment of the business processing logic in the business processing equipment. In one embodiment, the logic deployment request carries any processing logic source code and a first logic codec (enclave), and the first logic codec is obtained by compiling any processing logic source code by a service demand side according to a code format adapted to a trusted execution environment. The logic coding and decoding (enclave) is a trusted memory opened by a trusted execution environment protected by a hardware chip, and can protect the safety of codes and data running in the logic coding and decoding (enclave). Its software code is also called enclave.

In another embodiment, the logic deployment request carries any processing logic source code, the service processing device approves the processing logic source code in the logic deployment request (e.g., detects whether the service processing operation corresponding to the processing logic source code is legal), and if the processing logic source code is approved, the service processing device directly compiles the processing logic source code in the logic deployment request, determines the compilation result as a first logic compilation code (enclave), and continues to execute step S305.

S302, according to any processing logic source code, accuracy verification is carried out on the first logic compiled code.

In an embodiment, the service processing device (for example, through an approval module) approves the processing logic source code in the logic deployment request, and if the processing logic source code passes the approval, the service processing device locally compiles the processing logic source code in the logic deployment request to obtain a second logic compiled code, and performs accuracy check on the first logic compiled code in the logic deployment request through the second logic compiled code.

Optionally, if the service processing device confirms that the service demander is trusted (for example, there is a deployment record of the service processing logic, the logic deployment request is sent by a trusted execution environment of the service demander, etc.), the service processing device may directly locally compile a processing logic source code in the logic deployment request to obtain a second logic compiled code, and perform accuracy verification on the first logic compiled code in the logic deployment request through the second logic compiled code.

S303, judging whether the first logic coding and decoding pass the accuracy check.

In one embodiment, if the second logic compiled code matches the first logic compiled code, the first logic compiled code is determined to pass the accuracy check, and the step S305 is executed. If the second logic compiled code does not match the first logic compiled code, it is determined that the first logic compiled code fails the accuracy check, and the step S304 is executed continuously.

And S304, sending prompt information to the service demand party.

The prompt information is used for prompting the service demander that the first logic encoding and decoding carried in the logic deployment request fails to pass the accuracy check and that the first logic encoding and decoding is unsuccessfully deployed in the service processing equipment.

S305, the first logic coding and decoding is used as a service processing logic and stored in the trusted execution environment.

As can be seen from steps S301 to S304, the service processing device may compile the processing logic source code in the logic deployment request to obtain a first logic compilation code; the accuracy of the first logic compiled code in the logic deployment request can also be checked, and the first logic compiled code is determined to be error-free. After determining the first logic encoding code, the service processing device stores the first logic encoding code as a service processing logic (mth service processing logic) in the trusted execution environment.

Fig. 4a is a schematic diagram of a service processing logic deployment according to an exemplary embodiment of the present application. As shown in fig. 4a, the service demander refers to a party that needs to obtain a service processing result, and is responsible for pre-deploying service processing logic in a Trusted Execution Environment (TEE) of the service processing device. The service processing equipment is used for processing (such as accounting) services, and is responsible for storing approved service processing logic in a Trusted Execution Environment (TEE), and comprises an approval module, a controller, a trusted execution environment, a database and other modules. In the process of service processing logic deployment, a service demander firstly packages and generates deployment information (namely compiling processing logic source codes according to requirements and compiling the processing logic source codes to obtain a first logic coding and decoding), and then uploads the processing logic source codes and the first logic coding and decoding to service processing equipment. After receiving the processing logic source code and the first logic encoding and decoding code uploaded by the service processing equipment, the service processing equipment examines and approves the processing logic source code through the examination module (for example, whether illegal service operation exists or not is detected), if the processing logic source code passes the examination and approval, the service processing equipment generates a second logic encoding and decoding code based on the processing logic source code, and the first logic encoding and decoding code uploaded by the service demand side is subjected to accuracy verification through the second logic encoding and decoding code, so that the second logic encoding and decoding code is matched with the first logic encoding and decoding code uploaded by the service demand side (for example, binary data are completely consistent). If the approval module approves (namely the second logic coding and decoding are matched with the first logic coding and decoding uploaded by the service demand side), the examination module stores the first logic coding and decoding into the trusted execution environment. In one embodiment, the service processing device stores the encrypted hash value of the first logical encoding as a storage key and the binary data of the first logical encoding as a storage value in association with the trusted execution environment, so that the first logical encoding can be indexed by the encrypted hash value when the first logical encoding needs to be called subsequently. After the first logic encoding and decoding code is stored in the trusted execution environment, the service processing device feeds back a deployment result (used for indicating whether the service processing logic is successfully deployed) to the service demand party, and specifically, the approval module may generate deployment result information according to the storage result of the first logic encoding and decoding code and send the deployment result information to the service demand party.

S306, selecting a target business processing logic from the M business processing logics according to the business processing request.

In one embodiment, the service processing request carries a public key of the service data, an encryption key, and a verification parameter. The public key of the service data may be pre-published by the service processing device (for example, in the blockchain network when the service data is generated, the service demander may obtain the public key of the service data from the blockchain). The service processing device determines the target service data according to the public key of the service data, and the target service data may be one or more specific, which is not limited in this application. The specific implementation of the service processing device selecting the target service processing logic from the M service processing logics according to the service processing request may refer to the implementation of step S201 in fig. 2, which is not described herein again.

The encryption key is an asymmetric key and is used for encrypting the service processing result, and the service requiring party has a decryption key corresponding to the encryption key. The encryption key may specifically be a public key of an industry-generic Elliptic Curve cryptography Algorithm such as an Explicit Customer Digital Signature Algorithm (ECDSA), SM2, ED25519, or other public keys supporting asymmetric encryption.

The check parameter is used to generate a target encryption result, the target encryption result is used to prevent replay attack, and the length of the check parameter is greater than a length threshold (e.g., 32 bytes). The principle is as follows: the service requiring party records the used check parameters, and if the check parameters carried in the target encryption result received by a certain requiring party are the used check parameters of the service requiring party, the service requiring party judges that the target encryption result is replay attack.

The replay attack means that an attacker sends a packet which is received by a target host to achieve the purpose of deceiving the system. The method is mainly used for the identity authentication process and destroys the authentication correctness. The attacker steals the authentication credentials by using network monitoring or other methods, and then retransmits the authentication credentials to the authentication server. Replay attacks may occur during any network traffic and are one of the common attacks used by hackers. For example, assume that device a initiates authentication to device B, which requires device a to provide an account and password as identity information; however, device C intercepts the communication content of device a and device B, and acquires the account and password of device a. After the communication between the equipment A and the equipment B is completed, the equipment C establishes connection with the equipment B and is disguised as the equipment A, and when the equipment B requires the equipment C to provide an account and a password, the equipment C sends the account and the password of the equipment A out, so that the equipment B mistakenly thinks that the equipment A establishes connection.

And S307, in the trusted execution environment, performing service processing on the service data by adopting the target service processing logic to obtain a service processing result.

In the trusted execution environment, the service processing device processes target service data (service data determined according to a public key of the service data) by using the target service processing logic to obtain a service processing result, and a specific implementation manner may refer to the implementation manner of step S202 in fig. 2, which is not described herein again.

Further, after the service processing result is obtained, the service processing device may perform asymmetric encryption on the service processing result by using the encryption key to obtain the feedback information of the service processing result, so as to ensure that only the service requiring party can decrypt the feedback information, thereby improving the security of data.

S308, acquiring a target byte sequence for generating the use certificate.

The target byte sequence is generated by the trusted execution environment according to the public key and the verification parameter of the service data, that is, the demander can determine the original service data before the service processing corresponding to the service processing result according to the public key of the service data in the target byte sequence (that is, the original service data is obtained by processing the target service data corresponding to the public key of the service data to prove that the service processing result is the result of processing the target service data corresponding to the public key of the service data).

In one embodiment, the service processing device performs splicing processing (e.g., merging) on the public key and the verification parameter of the service data to obtain a target byte sequence; for example, if the length of the public key of the service data is a and the length of the verification parameter is b, the length of the target byte sequence obtained by splicing the public key of the service data and the verification parameter is a + b.

S309, encrypting the target byte sequence to obtain a target encryption result.

The encryption processing mode is irreversible encryption so as to ensure that other equipment cannot analyze the target byte sequence from the target encryption result. In one embodiment, the service processing device performs hash calculation on the target byte sequence to obtain a target encryption result.

S310, protecting the integrity of the target encryption result by adopting a private key of the trusted execution environment, and determining the protection processing result as a use certificate of the target business processing logic.

In a specific implementation, the service processing device may first sign the target encryption result by using a private key of the trusted execution environment to obtain signature information; because the private key of the trusted execution environment is not published to the outside, the target encryption result is signed by the private key, and the integrity of the target encryption result can be effectively protected. In addition, the business processing equipment can also generate software and hardware measurement information based on the target business processing logic. Then, generating a use certificate of the target business processing logic by adopting the signature information and the software and hardware measurement information; that is, the usage certificate includes signature information and software and hardware measurement information, and the usage certificate can prove that the service processing result is obtained by performing service processing on service data indicated by a service demander in a trusted execution environment by using target service processing logic indicated by the service demander.

And S311, returning the feedback information carrying the service processing result to the service demand party, and exposing the use certificate to the service demand party.

And the service processing equipment generates response information of the service processing request by adopting the feedback information, the use certificate and the target encryption result, and sends the response information to the service demand party. The business requiring party, upon receiving the usage credential, may request from a third party (e.g., a remote attestation service) to verify the signature of the usage credential to prove that the target encryption result was obtained in the trusted execution environment of the business processing party (i.e., that the integrity of the target encryption result was not compromised). Further, a verification byte sequence is generated according to the verification parameters and the public key of the service data, the verification byte sequence is encrypted to obtain verification encrypted data, if the verification encrypted data is matched with a target encryption result, it can be determined that the response information is not attacked by replay, and it is determined that the service processing result is obtained by processing the target service data corresponding to the public key of the service data by using target processing logic. Based on this, the service demander can analyze the feedback information (decrypt the feedback information by using the asymmetric key) to obtain a service processing result.

Optionally, after obtaining the service processing result, the service demander may provide a decryption key, a verification parameter, feedback information, a target decryption result, a usage certificate, and a public key of the service data to a third party (such as a service administrator), so that the third party may supervise the service processing flow (supervise the service processing flow by the data replication, where a specific supervision manner is similar to an implementation manner of verifying the service processing result by the service demander, and is not described herein again).

Fig. 4b is a schematic diagram of a business process logic flow according to an exemplary embodiment of the present application. As shown in fig. 4b, the service demander randomly generates an asymmetric public and private key pair (a, a) and a check parameter N, and packages the encryption key a, the check parameter N, the hash value E of the logical coding and decoding corresponding to the target service processing logic that is expected to be executed (i.e. the identifier of the target service processing logic), and the public key Y of the service data set to generate the service processing request. After receiving a service processing request sent by a service demand party, on one hand, a controller module of the service processing device calls a logical encoding and decoding code corresponding to E in a trusted execution environment (namely, the logical encoding and decoding code corresponding to the target service processing logic) according to a hash value E of the logical encoding and decoding code corresponding to the target service processing logic, performs service processing on service data corresponding to a public key Y of a service data set to obtain a service processing result, and performs asymmetric encryption on the service processing result based on an encryption key A to obtain a ciphertext C (namely, feedback information). In one embodiment, the service data set is accompanied by a signature of the service processing device, from which the trusted execution environment can verify the legitimacy of the service data set. On the other hand, the trusted execution environment splices N and Y to obtain a target byte sequence, performs hash calculation on the target byte sequence to obtain a target encryption result H, and signs H through a private key of the trusted execution environment to obtain a use certificate P (that is, a hardware legal use certificate for protecting the integrity of H is generated). Then, the service processing device (such as a controller module) packs the ciphertext C, the target encryption result H and the use certificate P into response information of the service processing request, and sends the response information to the service demander. After receiving the response information returned by the business processing equipment, the business requiring party can ask the remote certification service for proving the validity of the use certificate P. If the remote attestation service indicates that the verification is passed using the credential P, the business requiring party can be sure that the logical encoding of the target business processing logic requested to be executed has been placed in a legitimate trusted execution environment to run, and the integrity of the target encryption result H is not destroyed (i.e., obtained in the trusted execution environment). And then, the service demand side splices the check parameter N and the service data set Y to obtain a verification byte sequence, and performs hash calculation on the verification byte sequence to obtain verification encrypted data H'. If H 'and H match (e.g. H' = H), it indicates that the response information is not attacked by replay, and it is determined that the service processing result is obtained by processing the target service data corresponding to the public key of the service data set by using the target processing logic (i.e. the original data subjected to service processing is not tampered). Further, the service requiring party follows an asymmetric encryption algorithm, and decrypts the ciphertext C based on (a, A), so that the plaintext of the settlement result can be restored.

Fig. 4c is a diagram of a business process architecture according to an exemplary embodiment of the present application. As shown in fig. 4c, the service demander first pre-deploys the service processing logic in the trusted execution environment of the service processing device (i.e. the encrypted hash value of the logic encoding and decoding of the service processing logic is used as a storage key, and the binary data of the logic encoding and decoding is used as a storage value, and is stored in the trusted execution environment in an associated manner), and then requests the service processing device to settle, i.e. sends a service processing request (for indicating the target service processing logic and the service data set, and in fig. 4c, the service data set is taken as a service account book and a fund flow as an example), and after receiving the service processing request, the service processing device calls the target service processing logic to perform service processing on the service account book and the fund flow according to the service processing request (e.g. check the fund flow through the service account book), and returns the service processing result to the service demander. For a specific processing procedure, refer to the above step S301 to step S311, which are not described herein again.

It can be seen that the trusted execution environment (without loss of generality, software Guard Extensions (SGX) may be used as an implementation method of the trusted execution environment) comprehensively guarantees confidentiality and validity of the service processing device in the service processing process, and directional encryption protects the settlement result. The logic coding and decoding (enclave) corresponding to the business processing logic can be examined publicly; the remote attestation service can verify that the service processing result is from the trusted execution environment by using the certificate; the business processing result realizes confidentiality and integrity based on asymmetric encryption, the business requiring party can successfully carry out asymmetric decryption on the result, and the legality of the business processing result can be proved through the target encryption result. And the approved business processing logic can contain desensitization operation of data, and the output business processing result is ensured not to contain any sensitive information. The service demand side can also customize the service processing logic according to the actual situation, and compile the service processing logic into enclave to be put into the partitioned TEE for operation, thereby ensuring that the settlement process is executed strictly according to the expectation of the demand side and improving the flexibility of service processing. In addition, the service data of the service processing equipment cannot be transmitted out of the service processing equipment (namely, no sensitive data is transmitted across regions), so that the risk of data leakage is well reduced.

Based on the above description of the service processing method, the embodiment of the present application provides another service processing method, which can be executed by the service processing device 102 mentioned above; the service processing equipment is positioned in a alliance chain network, the alliance chain network comprises P alliance chain nodes and an alliance chain, the service processing equipment is any alliance chain node of the P alliance chain nodes, and P is an integer larger than 1; the storage space of the business processing equipment comprises a alliance chain, and business data are stored in the storage space of the business processing equipment; referring to fig. 5, the service processing method may include the following steps S501 to S510:

s501, receiving a logic deployment request sent by a service demand party.

The logic deployment request is used for requesting the deployment of the business processing logic. In one embodiment, the logic deployment request carries any intelligent contract source code, and the intelligent contract source code refers to: the service requiring party compiles the processing logic source code according to the format of the intelligent contract, namely the intelligent contract source code is obtained by compiling the processing logic source code.

Optionally, the logic deployment request further carries processing logic source codes, so that the service processing device performs consensus processing on the intelligent contract source codes in the logic deployment request according to the processing logic source codes (for example, detects whether an illegal operation exists in the intelligent contract source codes).

And S502, in the alliance chain network, carrying out consensus processing on any intelligent contract source code.

The consensus process is used to ensure the consistency and correctness of the service processing results (that is, the results obtained by processing the same service data by each alliance link node using the consensus intelligent contract are theoretically the same). Methods of consensus processing may include, but are not limited to: a Proof of workload mechanism (Proof of Work, POW), a Proof of rights mechanism (Proof of stamp, POS), a Proof of delegation of rights (DPOS), and a pool of authentication (pool) consensus mechanism.

And S503, if any intelligent contract source code is processed through consensus, adding any intelligent contract source code into the alliance chain as a service processing logic.

In one embodiment, any intelligent contract source code is deployed in the federation chain (i.e., the mth business processing logic) after consensus processing.

S504, according to the service processing request, selecting a target service processing logic from the M service processing logics.

In one embodiment, the service processing request carries a public key of the service data, and an encryption key. The specific implementation of the service processing device selecting the target service processing logic from the M service processing logics according to the service processing request may refer to the implementation of step S306 in fig. 3, and details are not described here.

And S505, performing service processing on the service data by adopting a target service processing logic to obtain a target processing result.

And performing service processing on the service data by adopting the target service processing logic, namely calling an intelligent contract corresponding to the target service processing logic to perform service processing on the service data. The specific implementation of step S505 can refer to the implementation of step S201 in fig. 2, and is not described herein again.

S506, broadcasting the service data to the Q reference alliance chain nodes so that each reference alliance chain node can conduct service processing on the service data by adopting a target service processing logic in the alliance chain to obtain a reference processing result.

In one embodiment, the service processing device broadcasts the public key of the service data or the service data to Q reference federation chain nodes, where the reference federation chain node is: q is more than or equal to 1 and less than or equal to P-1 of the alliance link nodes except the business processing equipment in the alliance link network; after receiving the public key of the service data or the service data, each reference alliance link node calls an intelligent contract corresponding to the target service processing logic to perform service processing on the service data to obtain Q reference processing results.

And S507, receiving Q reference processing results returned by the Q reference alliance chain nodes.

Wherein, one reference alliance link node returns one reference processing result.

And S508, selecting one processing result from the target processing result and the Q reference processing results as a service processing result.

In one embodiment, the service processing device counts the repetition rate of each processing result in the target processing result and the Q reference processing results; and selecting the processing result with the maximum repetition rate as a service processing result, or selecting the processing result with the repetition rate larger than the target threshold value as the service processing result. For example, let Q =9, the target processing result and Q reference processing results include result 1-result 3,3 different processing results, where the repetition rate of result 1 is 10%, the repetition rate of result 2 is 70%, the repetition rate of result 3 is 20%, and since the repetition rate of result 2 > the repetition rate of result 3 > the repetition rate of result 1, the service processing device determines result 2 as the service processing result.

It can be understood that, if the target processing result and the Q reference processing results are the same, the result is directly determined as the service processing result.

S509, generating a use certificate of the target service processing logic.

In one embodiment, the service processing device performs signature endorsement (e.g., public key carrying service data) on the service processing result to obtain target endorsement information (used to indicate each federation link node to be responsible for the service processing result, i.e., to ensure that the service processing result is authentic). Further, a target block containing a business processing result and target endorsement information is generated by a billing node (which may be a business processing device or another federation chain node except the business processing device) in the federation chain, and the business processing device determines the target block as a usage certificate of the target business processing logic.

And S510, returning the feedback information carrying the service processing result to the service demand party, and exposing the use certificate to the service demand party.

The accounting node in the alliance chain stores the use certificate on the alliance chain (namely, uplink processing is carried out on the target block); after the usage certificate is successfully stored in the alliance chain (i.e. after the target block successfully chains), the service processing equipment sends the block identifier (such as the block number) corresponding to the usage certificate to the service demander, and grants the service demander the viewing authority, so that the service demander can verify the usage certificate according to the block identifier (for example, see whether the target block corresponding to the block identifier exists in the alliance chain, and whether the target block contains the service processing result and the target endorsement information). And the target block business demander can determine that the intelligent contract corresponding to the target business processing logic is uniformly executed by the alliance chain, and the business processing result is credible. Based on this, the service demander can analyze the feedback information (decrypt the feedback information by using the asymmetric key) to obtain a service processing result.

Optionally, after obtaining the service processing result, the service demander may provide the decryption key, the feedback information, the identifier of the target block, and the public key of the service data to a third party (e.g., a service administrator), so that the third party may supervise the service processing flow (the third party may access the federation chain and supervise the service processing flow by the data replication, where a specific supervision manner is similar to an implementation manner in which the service demander verifies the service processing result, and is not described here again).

Therefore, a service demand party can pre-deploy the self-defined service processing logic into the alliance chain through an intelligent contract, so that the flexibility of service processing is improved; and the smart contracts may be publicly audited. The target block proves that the business processing result is obtained by processing the business data by the alliance link points according to the appointed intelligent contract, the confidentiality and the integrity of the business processing result are realized based on the asymmetric encryption, and the business requiring party can successfully perform the asymmetric decryption on the result. The approved business processing logic (corresponding intelligent contract) can comprise Data desensitization operation, ensure that the output business processing result does not contain any sensitive information, and conform to Data Protection laws such as General Data Protection Regulation (GDPR). In addition, the service data of the service processing equipment cannot be transmitted out of the service processing equipment (namely, no sensitive data is transmitted across regions), so that the risk of data leakage is well reduced.

Based on the description of the service processing method, the embodiment of the present application provides another service processing method, which can be executed by the service demanding party (e.g., service demanding device); the service demand device is configured to pre-deploy M service processing logics into a storage space of the service processing device, and a specific implementation may refer to the implementation in steps S301 to S305 in fig. 3, which is not described herein again, where the storage space further stores service data, and M is a positive integer; referring to fig. 6, the service processing method may include the following steps S601-S603:

s601, sending a service processing request to service processing equipment.

The service processing request is used for requesting the service processing equipment to select a target service processing logic from the M service processing logics; performing service processing on the service data by adopting a target service processing logic to obtain a service processing result; and after the business processing result is obtained, generating a use certificate of the target business processing logic, wherein the use certificate is used for proving that the target business processing logic is legally executed. In one embodiment, the service processing request carries a public key of the service data, an encryption key, and a verification parameter. The processing flow of the service processing device for processing the service data may refer to the implementation in step S306 to step S311 in fig. 3, and is not described herein again.

And S602, receiving feedback information returned by the service processing equipment.

In one embodiment, the service demander receives response information returned by the service processing equipment, wherein the response information comprises feedback information, a use certificate and a target encryption result. The usage credential is obtained by the service processing device protecting the integrity of the target encryption result by using the private key of the trusted execution environment, the target encryption result is obtained by the service processing device encrypting the target byte sequence, and the specific implementation manner of obtaining the usage credential and the target encryption result may refer to steps S306 to S311 in fig. 3, which is not described herein again.

S603, performing credibility check on the feedback information based on the use certificate exposed by the service processing equipment, and analyzing a service processing result from the feedback information after the feedback information is determined to be credible.

In an implementation manner, corresponding to the embodiment in fig. 3, the performing, by the service demander, the trusted verification on the feedback information based on the usage credential exposed by the service processing device refers to: the service demand side requests the remote certification equipment to perform validity check on the use certificate exposed by the service processing equipment; and if the usage certificate passes the validity check, determining that the integrity of the target encryption result in the response information is not damaged. The service processing request also carries: a check parameter for checking whether the service demander is attacked by replay; the target byte sequence is obtained by splicing a public key and a verification parameter of service data by service processing equipment; a service demand party splices the public key and the verification parameter of the service data to obtain a reference byte sequence; encrypting the reference byte sequence to obtain a reference encryption result; if the reference encryption result is matched with the target encryption result, determining that the feedback information is not attacked by replay, and determining that the feedback information passes the credible verification; and if the reference encryption result is not matched with the target encryption result, the feedback information is attacked by replay, and the feedback information is determined not to pass the credible verification.

Specifically, after receiving the response information returned by the service processing device, the service demander may prove the validity of the use credential P to the remote attestation service. If the remote attestation service indicates that the verification is passed using the credential P, the business requiring party can be sure that the logical encoding of the target business processing logic requested to be executed has been placed in a legitimate trusted execution environment to run, and the integrity of the target encryption result H is not destroyed (i.e., obtained in the trusted execution environment). Then, the service requiring party splices the verification parameter N and the service data set Y to obtain a verification byte sequence, and performs hash calculation on the verification byte sequence to obtain verification encrypted data H'. If H 'and H match (e.g. H' = H), it indicates that the response information is not attacked by replay, and it is determined that the service processing result is obtained by processing the target service data corresponding to the public key of the service data set by using the target processing logic (i.e. the original data subjected to service processing is not tampered). Further, the service requiring party follows an asymmetric encryption algorithm, and decrypts the ciphertext C based on (a, A), so that the plaintext of the settlement result can be restored.

In another embodiment, corresponding to the embodiment in fig. 5, the service demander may verify the usage certificate according to the block identifier (e.g., check whether a target block corresponding to the block identifier exists in the federation chain, and whether the target block includes the service processing result and the target endorsement information). The target block business demander can determine that the intelligent contract corresponding to the target business processing logic is uniformly executed by the alliance chain, and the business processing result is credible. Based on this, the service demander can analyze the feedback information (decrypt the feedback information by using the asymmetric key) to obtain a service processing result.

Optionally, after obtaining the service processing result, the service demander may provide a decryption key, feedback information, an identifier of the target block, and a public key of the service data to a third party (e.g., a service administrator), so that the third party may supervise the service processing flow (the third party may access the federation chain and supervise the service processing flow by using the data replication, where a specific supervision manner is similar to an implementation manner in which the service demander verifies the service processing result, and is not described herein again).

In the embodiment of the application, the service processing request is sent to the service processing equipment, the feedback information returned by the service processing equipment is received, and the M service processing logics are all pre-deployed in the service processing equipment by the service demander, so that the target service processing logic selected from the M service processing logics can meet the requirement of the service demander, the service processing result obtained based on the target service processing logic can meet the requirement of the service demander, and the reliability of the service processing result is improved. Further, the service demander can perform credibility check on the feedback information based on the use certificate exposed by the service processing device, and analyze the service processing result from the feedback information after determining that the feedback information is credible. Therefore, the service requiring party can determine the service processing result carried in the feedback information based on the use certificate, and the service processing result is obtained according to the target service processing logic, so that the reliability and the credibility of the service processing result are improved.

While the method of the embodiments of the present application has been described in detail above, to facilitate better implementation of the above-described aspects of the embodiments of the present application, the apparatus of the embodiments of the present application is provided below accordingly.

Referring to fig. 7, fig. 7 is a schematic structural diagram of a service processing apparatus according to an exemplary embodiment of the present application, where the apparatus may be mounted on an intelligent device in the foregoing method embodiment, and the intelligent device may specifically include the service processing device 102 in fig. 1a, where service data and M service processing logics are stored in a storage space of the service processing device 102; m business processing logics are pre-deployed into the storage space by a business demand side, and M is a positive integer. The service processing apparatus shown in fig. 7 may be configured to perform some or all of the functions in the method embodiments described in fig. 2, fig. 3 and fig. 5. Wherein, the detailed description of each unit is as follows:

a processing unit 701, configured to select a target service processing logic from the M service processing logics according to a service processing request when the service processing request sent by a service demander is received;

the processing unit 701 is configured to perform service processing on the service data by using a target service processing logic to obtain a service processing result, and specifically configured to:

the processing unit 701 is configured to, after obtaining the service processing result, generate a use credential of the target service processing logic, and specifically configured to:

encrypting the target byte sequence to obtain a target encryption result;

and adopting a private key of a trusted execution environment to protect the integrity of the target encryption result, and determining the protection processing result as a use certificate of the target business processing logic.

In one embodiment, the service processing request further carries: a check parameter for checking whether the feedback information is attacked by replay; the target byte sequence is obtained by splicing a public key and a verification parameter of the service data;

the processing unit 701 is configured to return feedback information carrying a service processing result to the service demander, and expose the usage certificate to the service demander, and specifically is configured to:

generating feedback information carrying a service processing result;

and sending the response information to the service demand party.

In one embodiment, the processing unit 701 is further configured to:

and if the first logic encoding code passes the accuracy check, storing the first logic encoding code into the trusted execution environment as a service processing logic.

In an embodiment, the processing unit 701 is configured to, according to any processing logic source code, perform accuracy check on the first logic compiled code, and specifically, to:

the processing unit 701 is configured to perform service processing on the service data by using a target service processing logic to obtain a service processing result, and is specifically configured to:

In an embodiment, the processing unit 701 is configured to select one processing result from the target processing result and the Q reference processing results as a service processing result, and specifically configured to:

In an embodiment, the processing unit 701 is configured to expose the usage certificate to a business demander, and specifically is configured to:

storing the use certificate on the alliance chain;

after the use certificate is successfully stored in the alliance chain, the block identification corresponding to the use certificate is sent to the service demand party, so that the use certificate is exposed to the service demand party.

In one embodiment, the processing unit 701 is further configured to:

According to an embodiment of the present application, some steps involved in the service processing methods shown in fig. 2, fig. 3 and fig. 5 may be performed by respective units in the service processing apparatus shown in fig. 7. For example, steps S201 to S204 shown in fig. 2 may be executed by the processing unit 701 shown in fig. 7. Steps S301 to S311 shown in fig. 3 may be executed by the processing unit 701 shown in fig. 7. Steps S501 to S510 shown in fig. 5 may be executed by the processing unit 701 shown in fig. 7. The units in the service processing apparatus shown in fig. 7 may be respectively or entirely combined into one or several other units to form one or several other units, or some unit(s) may be further split into multiple units with smaller functions to form one or several other units, which may achieve the same operation without affecting the achievement of the technical effect of the embodiments of the present application. The units are divided based on logic functions, and in practical application, the functions of one unit can be realized by a plurality of units, or the functions of a plurality of units can be realized by one unit. In other embodiments of the present application, the service processing apparatus may also include other units, and in practical applications, these functions may also be implemented by being assisted by other units, and may be implemented by cooperation of multiple units.

According to another embodiment of the present application, the business processing apparatus as shown in fig. 7 may be constructed by running a computer program (including program codes) capable of executing the steps involved in the respective methods as shown in fig. 2, 3 and 5 on a general-purpose computing apparatus such as a computer including a Central Processing Unit (CPU), a random access storage medium (RAM), a read-only storage medium (ROM) and the like processing elements and storage elements, and the business processing method of the embodiment of the present application may be implemented. The computer program may be recorded on a computer-readable recording medium, for example, and loaded and executed in the above-described computing apparatus via the computer-readable recording medium.

Based on the same inventive concept, the principle and the beneficial effect of the service processing apparatus provided in the embodiment of the present application for solving the problem are similar to the principle and the beneficial effect of the service processing apparatus in the embodiment of the method of the present application for solving the problem, and for brevity, the principle and the beneficial effect of the implementation of the method may be referred to, and are not described herein again.

Referring to fig. 8, fig. 8 is a schematic structural diagram of another service processing apparatus according to an exemplary embodiment of the present application, where the apparatus may be mounted on an intelligent device in the foregoing method embodiment, and the intelligent device may specifically be a terminal device 101 (i.e., a service demand device) in fig. 1a, the service demand device is configured to pre-deploy M service processing logics into a storage space of the service processing device, where the storage space further stores service data, and M is a positive integer. The service processing apparatus shown in fig. 8 may be used to perform part or all of the functions in the method embodiment described in fig. 6 above. Wherein, the detailed description of each unit is as follows:

a processing unit 801, configured to send a service processing request to a service processing device, so that the service processing device selects a target service processing logic from M service processing logics according to the service processing request; performing service processing on the service data by adopting target service processing logic to obtain a service processing result; after the service processing result is obtained, generating a use certificate of the target service processing logic, wherein the use certificate is used for proving that the target service processing logic is legally executed;

an obtaining unit 802, configured to receive feedback information returned by a service processing device, where the feedback information carries a service processing result;

the processing unit 801 is further configured to perform a trusted check on the feedback information based on the usage credential exposed by the service processing device, and analyze a service processing result from the feedback information after determining that the feedback information is trusted.

In an embodiment, the obtaining unit 802 is configured to receive feedback information returned by the service processing device, and specifically configured to:

the processing unit 801 is configured to perform trusted verification on the feedback information based on the usage credential exposed by the service processing device, and specifically configured to:

if the use certificate passes the validity check, the integrity of the target encryption result in the response information is determined not to be damaged;

In one embodiment, the service processing request further carries: a check parameter for checking whether the service demander is attacked by replay; the target byte sequence is obtained by splicing a public key and a verification parameter of service data by service processing equipment;

the processing unit 801 is configured to perform trusted verification on the feedback information according to the target encryption result, and specifically configured to:

According to an embodiment of the present application, some steps involved in the service processing method shown in fig. 6 may be performed by each unit in the service processing apparatus shown in fig. 8. For example, steps S601 and S603 shown in fig. 6 may be executed by the processing unit 801 shown in fig. 8, and step S602 may be executed by the acquisition unit 802 shown in fig. 8. The units in the service processing apparatus shown in fig. 8 may be respectively or entirely combined into one or several other units to form one or several other units, or some unit(s) may be further split into multiple units with smaller functions to form one or several other units, which may achieve the same operation without affecting the achievement of the technical effect of the embodiments of the present application. The units are divided based on logic functions, and in practical applications, the functions of one unit can also be implemented by a plurality of units, or the functions of a plurality of units can also be implemented by one unit. In other embodiments of the present application, the service processing apparatus may also include other units, and in practical applications, these functions may also be implemented by being assisted by other units, and may be implemented by cooperation of multiple units.

According to another embodiment of the present application, the business processing apparatus as shown in fig. 8 may be constructed by running a computer program (including program codes) capable of executing the steps involved in the corresponding method as shown in fig. 6 on a general-purpose computing apparatus such as a computer including a Central Processing Unit (CPU), a random access storage medium (RAM), a read-only storage medium (ROM), and the like as well as a storage element, and the business processing method of the embodiment of the present application may be implemented. The computer program may be recorded on a computer-readable recording medium, for example, and loaded and executed in the above-described computing apparatus via the computer-readable recording medium.

Referring to fig. 9, fig. 9 is a schematic structural diagram of an intelligent device according to an exemplary embodiment of the present application, where the intelligent device at least includes a processor 901, a communication interface 902, and a memory 903. The processor 901, the communication interface 902, and the memory 903 may be connected by a bus or other means. The processor 901 (or Central Processing Unit, CPU) is a computing core and a control core of the terminal, and can analyze various instructions in the terminal and process various data of the terminal, for example: the CPU can be used for analyzing a power-on and power-off instruction sent to the terminal by a user and controlling the terminal to carry out power-on and power-off operation; and the following steps: the CPU may transmit various types of interactive data between the internal structures of the terminal, and so on. The communication interface 902 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI, mobile communication interface, etc.), and may be controlled by the processor 901 to transmit and receive data; the communication interface 902 may also be used for transmission and interaction of data inside the terminal. A Memory 903 (Memory) is a Memory device in the terminal for storing programs and data. It is understood that the memory 903 herein can include both the internal memory of the terminal and the extended memory supported by the terminal. The memory 903 provides storage space that stores the operating system of the terminal, which may include, but is not limited to: android system, iOS system, windows Phone system, etc., which are not limited in this application.

In one embodiment, the intelligent device may be a business processing device, such as the business processing device 102 shown in fig. 1a, the storage space of the business processing device 102 stores business data, and M business processing logics; m service processing logics are pre-deployed into the storage space by a service demand side, and M is a positive integer. In this case, the processor 901 is configured to execute the following operations by executing the executable program code in the memory 903:

performing service processing on the service data by adopting a target service processing logic to obtain a service processing result;

after the service processing result is obtained, generating a use certificate of the target service processing logic, wherein the use certificate is used for proving that the target service processing logic is legally executed;

As an alternative embodiment, the storage space of the service processing device includes a trusted execution environment, and the M service processing logics are pre-deployed in the trusted execution environment;

the specific implementation manner of the processor 901 performing service processing on the service data by using the target service processing logic to obtain a service processing result is as follows:

As an optional embodiment, the service processing request carries a public key of the service data;

the specific implementation manner of the processor 901 generating the usage certificate of the target service processing logic after obtaining the service processing result is as follows:

encrypting the target byte sequence to obtain a target encryption result;

As an optional embodiment, the service processing request further carries: a check parameter for checking whether the feedback information is attacked by replay; the target byte sequence is obtained by splicing a public key and a check parameter of the service data;

the specific implementation manner of the processor 901 returning the feedback information carrying the service processing result to the service demander and exposing the usage certificate to the service demander is as follows:

generating feedback information carrying a service processing result;

and sending the response information to the service demand party.

As an alternative embodiment, the processor 901, by executing the executable program code in the memory 903, further performs the following operations:

As an alternative embodiment, the specific implementation manner of the processor 901 performing the accuracy check on the first logic compiled code according to any processing logic source code is as follows:

As an optional embodiment, the service processing device is located in a federation chain network, where the federation chain network includes P federation chain nodes and federation chains, the service processing device is any one of the P federation chain nodes, and P is an integer greater than 1; the storage space of the service processing equipment comprises a alliance chain, and M service processing logics are pre-deployed in the alliance chain;

As an alternative embodiment, the specific implementation manner of selecting one processing result as the service processing result from the target processing result and the Q reference processing results by the processor 901 is as follows:

and selecting the processing result with the maximum repetition rate as a service processing result, or selecting the processing result with the repetition rate larger than the target threshold value as the service processing result.

As an alternative embodiment, the service processing device is any alliance link node in an alliance link network;

As an alternative embodiment, the specific implementation manner of the processor 901 exposing the usage certificate to the business demander is as follows:

storing the usage credentials onto a federation chain;

In another embodiment, the intelligent device may be a service requirement device, such as the terminal device 101 shown in fig. 1a, where the service requirement device is configured to pre-deploy M service processing logics into a storage space of the service processing device, where the storage space further stores service data, and M is a positive integer. In this case, the processor 1001 is configured to execute the following operations by executing the executable program code in the memory 1003:

sending a service processing request to the service processing equipment so that the service processing equipment selects a target service processing logic from the M service processing logics according to the service processing request; performing service processing on the service data by adopting a target service processing logic to obtain a service processing result; after the service processing result is obtained, generating a use certificate of the target service processing logic, wherein the use certificate is used for proving that the target service processing logic is legally executed;

As an optional embodiment, a specific implementation manner of receiving feedback information returned by the service processing device through the communication interface 1002 is as follows:

the specific implementation manner of the processor 1001 performing the trusted check on the feedback information based on the usage credential exposed by the service processing device is as follows:

As an optional embodiment, the service processing request further carries: a check parameter for checking whether the service demander is attacked by replay; the target byte sequence is obtained by splicing a public key and a check parameter of the service data by the service processing equipment;

the specific implementation manner of the processor 1001 performing the trusted verification on the feedback information according to the target encryption result is as follows:

if the reference encryption result is matched with the target encryption result, determining that the feedback information is not attacked by replay, and determining that the feedback information passes trusted verification; and if the reference encryption result is not matched with the target encryption result, the feedback information is replayed and attacked, and the feedback information is determined not to pass the credible verification.

Based on the same inventive concept, the principle and the beneficial effect of solving the problem of the intelligent device provided in the embodiment of the present application are similar to the principle and the beneficial effect of solving the problem of the service processing method in the embodiment of the present application, and for brevity, the principle and the beneficial effect of the implementation of the method can be referred to, and are not described herein again.

The embodiment of the present application further provides a computer-readable storage medium, where one or more instructions are stored in the computer-readable storage medium, and the one or more instructions are suitable for being loaded by a processor and executing the service processing method in the foregoing method embodiment.

Embodiments of the present application further provide a computer program product containing instructions, which when run on a computer, cause the computer to execute the service processing method of the foregoing method embodiment.

Embodiments of the present application also provide a computer program product or a computer program comprising computer instructions stored in a computer-readable storage medium. The processor of the intelligent device reads the computer instructions from the computer readable storage medium, and the processor executes the computer instructions, so that the intelligent device executes the business processing method.

The steps in the method of the embodiment of the application can be sequentially adjusted, combined and deleted according to actual needs.

The modules in the device can be merged, divided and deleted according to actual needs.

Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, which may include: flash disks, read-Only memories (ROMs), random Access Memories (RAMs), magnetic or optical disks, and the like.

While the invention has been described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims

1. A business processing method is characterized in that the method is executed by business processing equipment, and business data and M business processing logics are stored in a storage space of the business processing equipment; the M service processing logics are pre-deployed into the storage space by a service demand side, and M is a positive integer; the method comprises the following steps:

under the condition of receiving a service processing request sent by the service demand party, selecting a target service processing logic from the M service processing logics according to the service processing request;

performing service processing on the service data by adopting the target service processing logic to obtain a service processing result;

and returning feedback information carrying the service processing result to the service demand party, and exposing the use certificate to the service demand party, so that the service demand party analyzes the service processing result from the feedback information after determining that the feedback information is credible based on the use certificate.

2. The method of claim 1, wherein the memory space of the business processing device comprises a trusted execution environment, the M business processing logic being pre-deployed in the trusted execution environment;

the performing service processing on the service data by using the target service processing logic to obtain a service processing result, including:

and in the trusted execution environment, performing service processing on the service data by adopting the target service processing logic to obtain a service processing result.

3. The method of claim 2, wherein the service processing request carries a public key of the service data, and the generating a usage certificate of the target service processing logic after obtaining the service processing result comprises:

obtaining a target byte sequence used for generating a use certificate, wherein the target byte sequence is generated based on a public key of the service data;

encrypting the target byte sequence to obtain a target encryption result;

and adopting the private key of the trusted execution environment to protect the integrity of the target encryption result, and determining the protection processing result as a use certificate of the target business processing logic.

4. The method of claim 3, wherein the service processing request further carries: a check parameter for checking whether the feedback information is attacked by replay; the target byte sequence is obtained by splicing the public key of the service data and the verification parameter;

the returning the feedback information carrying the service processing result to the service demand party and exposing the use certificate to the service demand party includes:

generating feedback information carrying the service processing result;

and sending the response information to the service demand party.

5. The method of any of claims 2-4, further comprising:

receiving a logic deployment request sent by the service demander, wherein the logic deployment request carries any processing logic source code and a first logic encoding code, and the first logic encoding code is obtained by encoding any processing logic source code by the service demander according to a code format adapted to the trusted execution environment;

6. The method of claim 5, wherein said checking the accuracy of the first logical compiled code against any of the processing logical source code comprises:

if the second logic compiled code is matched with the first logic compiled code, determining that the first logic compiled code passes accuracy check;

if the second logic compiled code does not match the first logic compiled code, determining that the first logic compiled code does not pass the accuracy check.

7. The method of claim 1, wherein the traffic processing device is located in a federation chain network, the federation chain network including P federation chain nodes and federation chains, the traffic processing device being any one of the P federation chain nodes, P being an integer greater than 1; the memory space of the business processing equipment comprises the alliance chain, and the M business processing logics are pre-deployed in the alliance chain;

performing service processing on the service data by adopting the target service processing logic to obtain a target processing result;

broadcasting the service data to Q reference alliance chain nodes so that each reference alliance chain node performs service processing on the service data by adopting the target service processing logic in the alliance chain to obtain a reference processing result; the reference federation link points refer to: q is more than or equal to 1 and less than or equal to P-1 for alliance link nodes except the service processing equipment in the alliance link network;

receiving Q reference processing results returned by the Q reference alliance chain nodes, wherein one reference alliance chain node returns one reference processing result;

8. The method of claim 7, wherein said selecting one of said target processing result and said Q reference processing results as a service processing result comprises:

9. The method of claim 1, wherein the service processing device is any federation chain node in a federation chain network, and the generating the usage credential of the target service processing logic after obtaining the service processing result comprises:

and generating a target block containing the service processing result and the target endorsement information, and determining the target block as a use certificate of the target service processing logic.

10. The method of claim 9, wherein said exposing the usage credentials to the business requiring party comprises:

storing the usage credentials onto the federation chain;

and after the use certificate is successfully stored in the alliance chain, sending the block identification corresponding to the use certificate to the service demand party so as to expose the use certificate to the service demand party.

11. The method of any one of claims 7-10, further comprising:

receiving a logic deployment request sent by the service demander, wherein the logic deployment request carries any intelligent contract source code, and the intelligent contract source code refers to: the service demander processes the logic source code written according to the format of the intelligent contract;

and if any intelligent contract source code passes the consensus processing, adding any intelligent contract source code into the alliance chain as a service processing logic.

12. A business processing method is characterized in that the method is executed by business requirement equipment used by a business requirement party, the business requirement equipment is used for pre-deploying M business processing logics into a storage space of the business processing equipment, the storage space also stores business data, and M is a positive integer; the method comprises the following steps:

sending a service processing request to service processing equipment so that the service processing equipment selects a target service processing logic from the M service processing logics according to the service processing request; performing service processing on the service data by adopting the target service processing logic to obtain a service processing result; after the service processing result is obtained, generating a use certificate of the target service processing logic, wherein the use certificate is used for proving that the target service processing logic is legally executed;

receiving feedback information returned by the service processing equipment, wherein the feedback information carries the service processing result;

and performing credibility check on the feedback information based on the use certificate exposed by the service processing equipment, and analyzing the service processing result from the feedback information after the feedback information is determined to be credible.

13. The method of claim 12, wherein the receiving the feedback information returned by the service processing device comprises: receiving response information returned by the service processing equipment, wherein the response information comprises the feedback information, the use certificate and a target encryption result;

the service processing equipment adopts a private key of a trusted execution environment to protect the integrity of the target encryption result, and the target encryption result is obtained by encrypting a target byte sequence by the service processing equipment;

the performing the trusted verification on the feedback information based on the usage certificate exposed by the service processing device includes:

requesting a remote certification device to carry out validity check on the use certificate exposed by the service processing device;

if the usage certificate passes the validity check, determining that the integrity of the target encryption result in the response information is not damaged;

14. The method of claim 13, wherein the service processing request further carries: a verification parameter for verifying whether the service demander is attacked by replay; the target byte sequence is obtained by splicing the public key of the service data and the verification parameter by the service processing equipment; the performing the credibility verification on the feedback information according to the target encryption result comprises:

splicing the public key of the service data and the verification parameter to obtain a reference byte sequence; encrypting the reference byte sequence to obtain a reference encryption result;

if the reference encryption result is matched with the target encryption result, determining that the feedback information is not attacked by replay, and determining that the feedback information passes through credible verification; and if the reference encryption result is not matched with the target encryption result, the feedback information is attacked by replay, and the feedback information is determined not to pass the credible verification.

15. A smart device, comprising: a storage device and a processor;

the storage device stores a computer program;

a processor executing a computer program implementing the traffic processing method according to any of claims 1-11; or implementing a service handling method according to any of claims 12-14.