CN117786730A

CN117786730A - Data processing method, device, equipment and storage medium

Info

Publication number: CN117786730A
Application number: CN202211144510.7A
Authority: CN
Inventors: 苟亚明
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2022-09-20
Filing date: 2022-09-20
Publication date: 2024-03-29

Abstract

The embodiment of the application provides a data processing method, a device, equipment and a storage medium, which are used for acquiring data generated by function call on the premise of not preventing normal data acquisition and performing desensitization processing on the data. Comprising the following steps: before data acquisition, acquiring an original function for acquiring data and a monitoring function for intercepting the data; then, a method exchange mapping relation is established between the original function and the monitoring function, so that when the original function is subjected to function call, namely the target parameter data is generated, the monitoring function can intercept the target parameter data based on the method exchange mapping relation; and finally, desensitizing the target parameter data to obtain desensitized information. The technical scheme provided by the application can be applied to the fields of cloud computing, artificial intelligence and computing data processing.

Description

Data processing method, device, equipment and storage medium

Technical Field

The present disclosure relates to the field of computer technologies, and in particular, to a data processing method, apparatus, device, and storage medium.

Background

The mobile terminal needs to collect data before data analysis, and a conventional scheme is to integrate a data collection component of a third party, and the specific implementation mode of the data collection component is to collect data in a buried point or non-buried point mode. That is, when the user uses an application to generate certain actions (swipes, clicks, long presses, etc.) at the mobile end, the data acquisition component of the third party will monitor these events. For example, after filling the form, clicking a submit button, triggering a click event at this time, and acquiring data in the form through notification of the click event, so as to send the data to a data acquisition server of a third party, and further perform data analysis on behavior operation of a user. If the mobile client uses the data collection software package counted as a third party, the possibility of stealing the private or secure data may exist, so that the process of data collection needs to be processed.

Disclosure of Invention

The embodiment of the application provides a data processing method, a device, equipment and a storage medium, which are used for acquiring data generated by function call on the premise of not preventing normal data acquisition and performing desensitization processing on the data.

In view of this, the present application provides, in one aspect, a data processing method, including:

acquiring an original function and a monitoring function, wherein the original function is used for acquiring parameter data, and the monitoring function is used for intercepting the parameter data; establishing a method exchange mapping relation between the original function and the monitoring function; intercepting the target parameter data based on the method exchange mapping relation when the monitoring function monitors that the original function collects the target parameter data; and desensitizing the target parameter data to obtain desensitization information.

Another aspect of the present application provides a data processing apparatus, comprising:

the acquisition module is used for acquiring an original function and a monitoring function, wherein the original function is used for acquiring parameter data, and the monitoring function is used for intercepting the parameter data;

the processing module is used for establishing a method exchange mapping relation between the original function and the monitoring function;

the interception module is used for intercepting the target parameter data based on the method exchange mapping relation when the monitoring function monitors that the original function collects the target parameter data;

The processing module is also used for performing desensitization processing on the target parameter data to obtain desensitization information.

In one possible design, in another implementation manner of another aspect of the embodiments of the present application, the processing module is specifically configured to establish a method exchange mapping relationship between the original function and the monitoring function based on a method implementation IMP pointer, where the IMP pointer is used to implement an exchange implementation function between functions.

In one possible design, in another implementation manner of another aspect of the embodiments of the present application, the obtaining module is specifically configured to obtain a first function list, and an equipment identifier of a terminal device that deploys the first function list and a user identifier corresponding to the first function list, where the first function list includes the original function;

rewriting the first function list to generate a second function list;

and acquiring the monitoring function according to the equipment identifier and the user identifier, wherein the monitoring function is contained in the second function list.

In one possible design, in another implementation of another aspect of the embodiments of the present application, the obtaining module is specifically configured to send the device identifier and the user identifier to a proxy server;

And receiving the monitoring function sent by the proxy server, wherein the monitoring function is generated by encoding after the proxy server inquires corresponding function information according to the equipment identifier and the user identifier.

In one possible design, in another implementation of another aspect of the embodiments of the present application, the processing module is specifically configured to initialize a data processing thread according to the target parameter data;

analyzing the target parameter data by using the data processing thread to obtain an analysis result;

and when the analysis result indicates that sensitive data exists in the target parameter data, desensitizing the sensitive data to obtain desensitized information.

In one possible design, in another implementation of another aspect of the embodiments of the present application, the processing module is specifically configured to parse the target parameter data into a structure field using the data processing thread;

comparing the value of the structural body field with the value of a preset sensitive field to obtain a comparison result;

when the comparison result indicates that the value of the structural body field is the same as the value of the preset sensitive field, indicating that sensitive data exists in the target parameter data;

And when the comparison result indicates that the value of the structural body field is not the same as the value of the preset sensitive field, indicating that sensitive data does not exist in the target parameter data. In one possible design, in another implementation of another aspect of the embodiments of the present application, the acquiring module is further configured to acquire stack information of the desensitization information in a transfer process;

the processing module is further configured to send a notification message to a processor of the desensitization information when the stack information indicates that the desensitization information has a preset processing behavior, so that the processor executes the preset processing behavior, and the preset processing behavior is written into a disk, a storage file, or a bottom shared data process.

In one possible design, in another implementation of another aspect of the embodiments of the present application, the processing module is further configured to write the target parameter data to a data set;

the sending module is further configured to send the data set to the proxy server according to a preset period, so that the proxy server screens sensitive data in the data set according to the wind control data table, and does not forward the sensitive data in the data set.

Another aspect of the present application provides a computer device comprising: a memory, a processor, and a bus system;

wherein the memory is used for storing programs;

the processor is used for executing the program in the memory, and the processor is used for executing the method according to the aspects according to the instructions in the program code;

the bus system is used to connect the memory and the processor to communicate the memory and the processor.

Another aspect of the present application provides a computer-readable storage medium having instructions stored therein which, when run on a computer, cause the computer to perform the methods of the above aspects.

In another aspect of the present application, a computer program product or computer program is provided, the computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device performs the methods provided in the above aspects.

From the above technical solutions, the embodiments of the present application have the following advantages: and establishing a method exchange mapping relation between the original function and the monitoring function, and acquiring parameter data generated by the original function in a function calling process by utilizing a method exchange mechanism, so that the data generated by function calling can be acquired on the premise of not preventing normal data acquisition, and meanwhile, the target parameter data is subjected to desensitization processing, so that sensitive data is prevented from being leaked.

Drawings

Fig. 1 is a schematic diagram of an architecture of a communication system according to an embodiment of the present application;

FIG. 2 is a schematic diagram of a data processing system according to an embodiment of the present application;

FIG. 3 is a schematic diagram of one embodiment of a data processing method in an embodiment of the present application;

FIG. 4 is a schematic diagram illustrating one generation of a neutron class interception component in an embodiment of the present application;

FIG. 5 is a schematic diagram illustrating the generation of a function to be monitored in a neutron class interception component according to an embodiment of the present application;

FIG. 6 is a schematic workflow diagram of a subclass interception component after a function in a data collection component is called in an embodiment of the present application;

FIG. 7 is a schematic diagram of a RunLoop processing mechanism in an embodiment of the present application;

FIG. 8 is a schematic diagram of another embodiment of a data processing method in an embodiment of the present application;

FIG. 9 is a schematic diagram of another embodiment of a data processing method in an embodiment of the present application;

FIG. 10 is a schematic diagram of another embodiment of a data processing method in an embodiment of the present application;

FIG. 11 is a schematic diagram of another embodiment of a data processing method in an embodiment of the present application;

FIG. 12 is a schematic diagram of an embodiment of a data processing apparatus in an embodiment of the present application;

FIG. 13 is a schematic diagram of another embodiment of a data processing apparatus in an embodiment of the present application;

Fig. 14 is a schematic view of another embodiment of a data processing apparatus in an embodiment of the present application.

Detailed Description

The terms "first," "second," "third," "fourth" and the like in the description and in the claims of this application and in the above-described figures, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that embodiments of the present application described herein may be capable of operation in sequences other than those illustrated or described herein, for example. Furthermore, the terms "comprises," "comprising," and "includes" and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus.

The mobile terminal needs to collect data before data analysis, and a conventional scheme is to integrate a data collection component of a third party, and the specific implementation mode of the data collection component is to collect data in a buried point or non-buried point mode. That is, when the user uses an application to generate certain actions (swipes, clicks, long presses, etc.) at the mobile end, the data acquisition component of the third party will monitor these events. For example, after filling the form, clicking a submit button, triggering a click event at this time, and acquiring data in the form through notification of the click event, so as to send the data to a data acquisition server of a third party, and further perform data analysis on behavior operation of a user. If the mobile client uses the data collection software package counted as a third party, the possibility of stealing the private or secure data may exist, so that the process of data collection needs to be processed. In order to solve the above problems, the present application provides the following technical solutions: acquiring an original function and a monitoring function, wherein the original function is used for acquiring parameter data, and the monitoring function is used for intercepting the parameter data; establishing a method exchange mapping relation between the original function and the monitoring function; intercepting the target parameter data based on the method exchange mapping relation when the monitoring function monitors that the original function collects the target parameter data; and desensitizing the target parameter data to obtain desensitization information. Thus, the data generated by function call can be obtained without preventing normal data acquisition, and the data is desensitized.

For ease of understanding, some of the proper terms in this application are described below.

And (3) data acquisition: the data collection refers to a process that terminal equipment of a financial industry institution obtains data directly or indirectly from personal financial information bodies, and external institutions such as enterprise clients and external data suppliers in the process of providing financial products and services, developing management and the like. The terminal device generally adopts a software package of a third party to collect data. Security risks such as data leakage, data source forging, privileged account misuse, data tampering and the like exist in the data acquisition process.

Data desensitization: the method refers to the deformation of data of certain sensitive information through a desensitization rule, so that the reliable protection of sensitive privacy data is realized. In the case of customer security data or some business sensitive data, the data desensitization is required to reconstruct the real data and provide test use, such as cell phone number, card number, customer number, etc. personal information without violating system rules. Is one of database security technologies, which mainly comprises: database scanning omission, database encryption, database firewall, data desensitization and database security audit system. The data desensitization is performed, sensitive contents in the data are erased, original data characteristics, service rules and data relevance are required to be maintained, development, testing, training and large data service are not affected by the desensitization, and data consistency and effectiveness before and after the desensitization are achieved. Maintaining data consistency is the maintenance of data characteristics that must be ensured before and after data desensitization. For example: the identification number consists of seventeen-bit digital body code and one-bit check code, which are respectively an area address code (6 bits), a birth date (8 bits), a sequence code (3 bits) and a check code (1 bit). Then the identification number desensitizer needs to ensure that the characteristic information remains after desensitization. Maintaining consistency between data is to have some correlation between data and data. For example: relationship between birth month or age and birth date. Likewise, there is a need to ensure consistency between the birth date field and the birth date contained in the identification document after desensitization of the identification number. Maintaining the relevance of data business rules is to maintain the data relevance, business semantics, and the like unchanged when the data is desensitized. Wherein the data association comprises: master, foreign key associations, business semantic associations of associated fields, etc. In particular, highly sensitive account-like subject data tends to traverse all relationship and behavioral information of the subject, and special care is required to ensure consistency of all relevant subject information. The data consistency among multiple desensitizations means that the same data is subjected to multiple desensitizations or is subjected to desensitization in different test systems, the consistency of the data subjected to desensitization each time is required to be ensured, and the continuous consistency of the data change of a service system and the continuous consistency of generalized service can be ensured only by the method.

Proxy server: is a special network service that allows one terminal (typically a client) to make an indirect connection with another terminal (typically a server) through this service.

Method Swizzling, also known as Method swapping, has the primary effect of replacing the implementation of one Method with the implementation of another at runtime. I.e. essentially in a runtime exchange method Implementation (IMP), such as the hook system method, in which own service requirements are inserted.

RunLoop: also known as a run cycle. runloop is a mechanism for handling events of threads and managing threads. When the event of the thread is ended, the runloop automatically sleeps, and the runloop in the main thread of the application program is in a state of inhibiting awakening.

Referring to fig. 1, fig. 1 is a schematic diagram of an architecture of a communication system in an embodiment of the present application, where the communication system includes a proxy server, a terminal device, and a data acquisition server, and a data acquisition client corresponding to the data acquisition server is deployed on the terminal device, where the data acquisition client may be running on the terminal device in a browser manner, may also be running on the terminal device in an independent Application (APP) manner, and the specific presentation form of the client is not limited herein. The server related to the application can be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, and can also be a cloud server for providing cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, content delivery networks (Content Delivery Network, CDNs), basic cloud computing services such as big data and artificial intelligence platforms. The terminal device may be, but is not limited to, a smart phone, a tablet computer, a notebook computer, a palm computer, a personal computer, a smart television, a smart watch, a vehicle-mounted device, a wearable device, and the like. The terminal device and the server may be directly or indirectly connected through wired or wireless communication, which is not limited herein. The number of servers and terminal devices is not limited either. The scheme provided by the application can be independently completed by the terminal equipment, can be independently completed by the server, and can be completed by the cooperation of the terminal equipment and the server, so that the application is not particularly limited. In this embodiment, the data collection server may also be configured to store parameter data collected by the client during the running process. It will be appreciated that the parameter data may be stored in a local memory of the data acquisition server, in a database, or in a cloud server. The Database (Database), which can be considered as an electronic filing cabinet, is a place for storing electronic files, and a user can perform operations such as adding, inquiring, updating, deleting and the like on data in the files. A "database" is a collection of data stored together in a manner that can be shared with multiple users, with as little redundancy as possible, independent of the application. The database management system (Database Management System, DBMS) is a computer software system designed for managing databases, and generally has basic functions of storage, interception, security, backup, and the like. The database management system may classify according to the database model it supports, e.g., relational, extensible markup language (Extensible Markup Language, XML); or by the type of computer supported, e.g., server cluster, mobile phone; or by classification according to the query language used, e.g. structured query language (Structured Query Language, SQL), XQuery; or by performance impact emphasis, such as maximum scale, maximum speed of operation; or other classification schemes. Regardless of the manner of classification used, some DBMSs are able to support multiple query languages across categories, for example, simultaneously.

Based on the communication system, as shown in fig. 2, the data processing flow of the application may be that the data acquisition component (also called a data acquisition client) is deployed on the terminal device, and the data processing middleware; the proxy server is deployed on the control layer, and then the data acquisition component transmits acquired data to the proxy server after desensitizing the acquired data through the data processing middleware; data that is not sensitive data is then forwarded to the data collection server (also referred to as a third party server) after screening of the wind control data table by the proxy server.

It will be appreciated that in the specific embodiments of the present application, related data such as parameter data is referred to, and when the above embodiments of the present application are applied to specific products or technologies, user permissions or consents need to be obtained, and the collection, use and processing of related data need to comply with related laws and regulations and standards of related countries and regions.

Based on the foregoing description, the data processing method provided in the present application is described below with a terminal device as an execution body, and referring specifically to fig. 3, one embodiment of the data processing method in the embodiment of the present application includes:

301. And obtaining base class information of the data acquisition component, wherein the base class information comprises a first function list.

When the data acquisition component operates, the terminal device can acquire base class information in the data acquisition component, wherein the base class information comprises a first function list of the data acquisition component. The first function list is used for indicating monitoring functions of the data acquisition component to corresponding application programs.

302. And generating a subclass interception component based on the base class information, wherein the subclass interception component comprises a second function list, a method realization pointer, a device identifier of terminal equipment for deploying the data acquisition component and a user identifier corresponding to the first function list.

When the data acquisition component operates, the terminal equipment generates the sub-class interception component based on the base class information, wherein the sub-class interception component comprises a second function list, a method realization pointer, equipment identifiers of the terminal equipment for deploying the data acquisition component and user identifiers corresponding to the first function list. In this embodiment, the interface function of the call burial point in the sub-class interception component is covered, that is, the second function list is generated in the sub-class interception component. In an exemplary scenario, the relationship between the subclass interception component and the data collection component may be as shown in fig. 4, and the subclass interception component will be dynamically generated during the operation of the data collection component, referred to as a TXEventManager, assuming that the collection class of the data collection component is named EventManager. The TXEventManager rewrites the EventManager's monitoring function internally, where the subclass interception component is equivalent to the EventManager's monitoring function interceptor. Meanwhile, the subclass interception component acquires the equipment identifier of the terminal equipment and the user identifier corresponding to the first function list, and establishes a method exchange mapping relation between the functions in the first function list and the functions in the second function list through the IMP.

303. And acquiring the function to be monitored of the sub-class interception component according to the equipment identifier and the user identifier.

In this embodiment, versions of data acquisition components installed in different terminal devices are different, and meanwhile, services of a user when running an application program through the terminal device are different, so that when aiming at different application programs and terminal devices, the sub-class interception component also needs to generate an accurate function to be monitored. The specific flow is as shown in fig. 5: the terminal equipment sends the equipment identifier and the user identifier to the proxy server through the sub-class interception component, and then the proxy server inquires function information of a client corresponding to the terminal equipment from a stored database; the proxy server generates the function to be monitored (also called a monitoring method) according to the function information automation script; finally, the proxy server sends the function to be monitored to the sub-class interception component; and finally, the subclass interception component in the terminal equipment stores the function to be monitored in the second function list. In an exemplary scheme, a data acquisition component with a version number of 2.0 is installed in a terminal device 1, meanwhile, when a service operated by the terminal device 1 is transfer and inquiry, the terminal device 1 sends its own device identifier and a user identifier corresponding to the service to the proxy server, then the proxy server inquires function information corresponding to the device identifier and the user identifier of the terminal device 1 from a database, for example, the proxy server inquires a function library corresponding to the data acquisition component with the version number of 2.0 according to the device identifier, and then inquires function information 1 for monitoring transfer and function information 2 for monitoring inquiry from the function library with the version number of 2.0; and finally, the proxy server codes according to the function information 1 and the function information 2 and the automation script adapted to the terminal equipment to generate a monitoring function of the current moment of the terminal equipment 1. It will be appreciated that in this embodiment, when the data acquisition component is installed, the terminal device 1 will store function information corresponding to the version number and the device identifier of the terminal device 1 in the target database, and also correspond to different functions for different services.

304. The pointer is used for obtaining parameter data based on a method exchange mechanism, the parameter data is generated when a function call occurs to a function to be executed in the first function list, and the function to be executed and the function to be monitored have a mapping relation.

In this embodiment, after the sub-class interception component generates the function to be monitored, the sub-class interception component may traverse the function to be monitored, and use the method to implement that the pointer establishes a mapping relationship between the function to be monitored and the function to be executed; when the function to be executed generates a function call event, the pointer is realized to acquire the parameter data through the method. The specific flow is as shown in fig. 6: assuming that the current subclass interception component is required to monitor the function A and the function B in the base class information of the data acquisition component, after the function to be monitored of the subclass interception component is returned and stored, the subclass interception component searches through the IMP, and then buries the function A and the function B in the base class information of the data acquisition component. When an acquisition event is generated (such as events of page display, form data submission, password input by an input box and the like), the direct access to the function A and the function B in the base class information of the data acquisition component is performed at the moment, meanwhile, the IMP of the subclass interception component receives a notification message, and the subclass interception component intercepts the parameter data generated by the event into the subclass interception component through the IMP.

In this embodiment, when the system of the terminal device is an apple system (i.e. ios system or osx system), the Method switching mechanism may be Method Swizzling; and when the terminal equipment is an android system or a windows system, the method exchange mechanism can be a hook. The specific examples are not limited herein.

305. And packaging the parameter data to generate an event source and sending the event source to the data processing middleware.

The subclass interception component in the terminal device encapsulates the parameter data to generate an event source and sends the event source to the data processing middleware. It will be appreciated that the terminal device may be adapted to encapsulate the terminal device and the data processing middleware in an encapsulation manner when encapsulating the parameter data, which is not limited herein.

In this embodiment, if the system of the terminal device is an apple system (i.e. ios system or osx system), the data processing middleware may be runloop. If the terminal device is an android system or a windows system, the data processing middleware may be other loop threads.

306. And desensitizing the parameter data by using the data processing middleware to obtain target data.

In this embodiment, the terminal device may use the data processing middleware to perform desensitization processing on the parameter data to obtain target data, which may adopt the following technical scheme: initializing a data processing thread of the data processing middleware according to the event source; monitoring the data processing thread by using the subclass interception component, and marking the event source as data to be processed; analyzing the parameter data in the event source by using the data processing thread to obtain an analysis result; when the analysis result indicates that sensitive data exists in the parameter data, the data processing middleware is utilized to desensitize the sensitive data to obtain the target data.

Optionally, when the terminal device analyzes the parameter data in the event source by using the data processing thread to obtain an analysis result, the following technical scheme may be adopted: analyzing the parameter data in the event source into a structural body field by utilizing the data processing thread; comparing the value of the structural body field with the value of a preset sensitive field to obtain a comparison result; when the comparison result indicates that the value of the structural body field is the same as the value of the preset sensitive field, indicating that sensitive data exists in the parameter data; and when the comparison result indicates that the value of the structural body field is not the same as the value of the preset sensitive field, indicating that sensitive data does not exist in the parameter data.

In an exemplary scheme, when the system of the terminal device is an apple system (i.e. ios system or osx system), the data processing middleware may be a runloop module, where a processing mechanism of the runloop may be shown in fig. 7, and the specific manner in which the terminal device uses the runloop module to desensitize the parameter data to obtain target data may be as follows: the runloop module initializes a runloop thread based on the event source. Specifically, the runloop module constructs a CFrunloop structure pointer according to an event source, sets a mode of the structure, acquires a thread corresponding to the event source by declaring a thread ID after completion, and wakes up the runloop thread according to the event source. It will be appreciated that when the runloop module sets the mode of the structure, the corresponding setting may be performed according to the event type involved in the event source. In one possible implementation, the runloop module sets the current mode to common mode, in which list sliding and normal touch events can be compatible. In another possible implementation manner, if the event type is a list sliding event, the runloop module sets the current mode to UITrackingMode; if the event type is a normal touch event, the runloop module sets the current mode to DefaultMode. After the runloop initialization is completed, the subclass interception component monitors the runloop thread and marks the event source by adopting identification information, so as to indicate that parameter data corresponding to the event source needs to be processed; the runloop thread analyzes the parameter data in the event source to generate a structural body field, then compares the structural body field with a preset sensitive field, and determines that the parameter data in the event source comprises sensitive data if the structural body field comprises the preset sensitive field; and when the analysis result indicates that sensitive data exists in the parameter data, desensitizing the sensitive data. In this embodiment, when the data processing middleware performs desensitization processing on the sensitive data, there may be the following several possible implementations: in one possible implementation, sensitive data is encrypted; in one possible implementation, the sensitive data is replaced; in one possible implementation, the sensitive data is subjected to offset processing; in one possible implementation, sensitive data is invalidated.

After the desensitization processing on the sensitive data is completed, the subclass interception component may further perform the following operations, see fig. 8 specifically:

in this embodiment, the steps 401 to 406 are the same as the steps 301 to 306, and are not repeated here.

407. And acquiring stack information of the target data in the transfer process.

In this embodiment, the terminal device uses the sub-class interception component to obtain stack information of the target data in the transfer process, that is, the stack information may be used to indicate a processing behavior of the target data, where the processing behavior includes, but is not limited to, writing to a disk, storing a file, or performing underlying shared data processing (such as application sharing, and key data reading).

408. When the stack information indicates that the target data has preset processing behaviors, a notification message is sent to a processing party of the target data, so that the processing party executes the preset processing behaviors, and the preset processing behaviors are written into a disk, a storage file or bottom shared data processing.

In this embodiment, if the stack information indicates that the target data is written into a disk, a storage file, or the underlying shared data is processed, the terminal device uses the sub-class interception component to send a notification to a processor corresponding to the target data, so that the processor can perform data processing in time. Therefore, illegal data transmission, storage and sharing can be effectively prevented.

As shown in FIG. 7, in the runloop processing mechanism, the subclass interception component may obtain stack information of the target data in the transfer process through source 0.

In this embodiment, after the terminal device processes the target data, the terminal device may further transfer the target data to the control layer. Referring specifically to fig. 9:

in this embodiment, steps 501 to 506 are the same as steps 301 to 306, and detailed descriptions thereof are omitted herein.

507. The target data is sent to a proxy server.

The terminal device is connected with the proxy server through wireless or wired network connection, and then the terminal device encodes the target data after acquiring the target data and then sends the encoded target data to the proxy server through the network.

508. The proxy server screens the target data according to the wind control data table,

in this embodiment, the proxy server analyzes the target data after receiving the data packet, and then compares and screens the target data with a wind control data table pre-stored in the proxy server. When the proxy server screens the parameter data according to the wind control data table, the parameter can be analyzed into a structural body field, and then the structural body field is compared with a preset sensitive field in the wind control data table, so that a screening result is obtained. In an exemplary scheme, when the first structure body field exists in the target data and is the same as a preset sensitive field in the wind control data table, the screening result is used for indicating that data corresponding to the first structure body field in the target data is sensitive data; when the non-existence structure body field in the target data is the same as the preset sensitive field in the wind control data table, the screening structure is used for indicating that the non-existence sensitive data in the target data. In this embodiment, the wind control data table may be generated according to a real-time page following result of the client, and a specific expression form of the wind control data table may be a preset sensitive field or a preset value generated according to a format of sensitive information, which is not limited herein. For example, the preset sensitive field may be set as "Account", "password", "Account", etc. The preset value may be a fixed value a generated according to the identification code or a fixed value B generated according to the mobile phone number.

509. When the screening result indicates that sensitive data is included in the target data, the proxy server does not forward the sensitive data to the data acquisition server.

When the screening result indicates that the target data comprises sensitive data, the proxy server can not forward the sensitive data in the target data, so that the sensitive data can reduce leakage at a control layer. It can be appreciated that in this embodiment, after the proxy server screens out the sensitive data again according to the target data, the sensitive data may be subjected to desensitization again to obtain desensitized data, and then the desensitized data is sent to the data acquisition server. The processing mode of the proxy server for desensitizing the sensitive data in the target data can be as follows: in one possible implementation, sensitive data is encrypted; in one possible implementation, the sensitive data is replaced; in one possible implementation, the sensitive data is subjected to offset processing; in one possible implementation, sensitive data is invalidated. In this embodiment, after intercepting the parameter data, the terminal device may also directly transfer the parameter data to the control layer. Referring specifically to fig. 10:

In this embodiment, steps 601 to 604 are the same as steps 301 to 304, and detailed descriptions thereof are omitted herein.

605. The parameter data is sent to a proxy server.

The terminal device is connected with the proxy server through wireless or wired network connection, and then encodes the parameter data after acquiring the parameter data, and then sends the encoded parameter data to the proxy server through the network.

606. The proxy server screens the parameter data according to the wind control data table to obtain a screening result.

In this embodiment, the proxy server analyzes the data packet after receiving the data packet to obtain the parameter data, and then compares and screens the parameter data with a wind control data table pre-stored in the proxy server. When the proxy server screens the parameter data according to the wind control data table, the parameter can be analyzed into a structural body field, and then the structural body field is compared with a preset sensitive field in the wind control data table, so that a screening result is obtained. The wind control data table can be generated according to the real-time page following result of the client, and the concrete expression form of the wind control data table can also be a preset sensitive field. The specific examples are not limited herein.

In an exemplary scheme, when the first structure body field exists in the parameter data and is the same as a preset sensitive field in the wind control data table, the screening result is used for indicating that data corresponding to the first structure body field in the parameter data is sensitive data; when the structural body field is not present in the parameter data and the preset sensitive field in the wind control data table is the same, the screening structure is used for indicating that the sensitive data is not present in the parameter data. In this embodiment, the wind control data table may be generated according to a real-time page following result of the client, and a specific expression form of the wind control data table may be a preset sensitive field or a preset value generated according to a format of sensitive information, which is not limited herein. For example, the preset sensitive field may be set as "Account", "password", "Account", etc. The preset value may be a fixed value a generated according to the identification code or a fixed value B generated according to the mobile phone number.

607. When the screening result indicates that the parameter data comprises sensitive data, the proxy server does not forward the sensitive data to the data acquisition server.

When the screening result indicates that the parameter data comprises sensitive data, the proxy server can not forward the sensitive data in the parameter data, so that the sensitive data can reduce leakage at a control layer. It can be appreciated that in this embodiment, after the proxy server screens out the sensitive data again according to the target data, the sensitive data may be subjected to desensitization again to obtain desensitized data, and then the desensitized data is sent to the data acquisition server. The processing mode of the proxy server for desensitizing the sensitive data in the parameter data can be as follows: in one possible implementation, sensitive data is encrypted; in one possible implementation, the sensitive data is replaced; in one possible implementation, the sensitive data is subjected to offset processing; in one possible implementation, sensitive data is invalidated.

The following describes a data processing method in the embodiment of the present application with a terminal device as an execution body, as shown in fig. 11:

1101. and acquiring an original function and a monitoring function, wherein the original function is used for acquiring parameter data, and the monitoring function is used for intercepting the parameter data.

In this embodiment, the original function is a function to be executed in the data acquisition component in the embodiments shown in fig. 3, 8, 9 and 10, and the monitoring function is a function to be monitored in the subclass interception component in the embodiments shown in fig. 3, 8, 9 and 10, which has the functions and effects of the function to be executed and the function to be monitored in the embodiments described above, and detailed descriptions thereof are omitted herein.

1102. And establishing a method exchange mapping relation between the original function and the monitoring function.

In this embodiment, the terminal device uses an IMP pointer to implement that the original function and the monitoring function can be exchanged in a method when running, so that the monitoring function can intercept data generated when the original function is invoked. The specific process may be referred to the description in the above embodiments, and the details are not repeated here.

1103. When the monitoring function monitors that the original function collects target parameter data, the target parameter data is intercepted based on the method exchange mapping relation.

In this embodiment, the specific operation of the monitoring function in intercepting the target parameter data may be referred to the description in the above embodiment, and details thereof are not repeated here.

1104. And desensitizing the target parameter data to obtain desensitization information.

In this embodiment, the desensitization information is the target data in the above embodiment. The operation of the terminal device for desensitizing the target parameter data may refer to the description in the above embodiment, which is not described herein in detail.

Referring to fig. 12, fig. 12 is a schematic diagram of an embodiment of a data processing apparatus according to an embodiment of the present application, where the data processing apparatus 20 includes:

an acquisition module 201, configured to acquire an original function and a monitoring function, where the original function is used to acquire parameter data, and the monitoring function is used to intercept the parameter data;

the processing module 202 is configured to establish a method exchange mapping relationship between an original function and a monitoring function;

the interception module 203 is configured to intercept the target parameter data based on the method exchange mapping relationship when the monitoring function monitors that the original function collects the target parameter data;

the processing module 202 is further configured to perform desensitization processing on the target parameter data to obtain desensitization information.

In an embodiment of the present application, a data processing apparatus is provided. By adopting the device, the method exchange mapping relation is established between the original function and the monitoring function, and the parameter data generated by the original function in the function calling process is acquired by utilizing a method exchange mechanism, so that the data generated by function calling can be acquired on the premise of not preventing normal data acquisition, and meanwhile, the target parameter data is subjected to desensitization processing, so that sensitive data is prevented from being leaked.

Optionally, in another embodiment of the data processing apparatus 20 provided in the embodiment of fig. 12, the processing module 202 is specifically configured to establish a method exchange mapping relationship between the original function and the monitoring function based on a method implementation IMP pointer, where the IMP pointer is used to implement an exchange implementation function between functions.

In an embodiment of the present application, a data processing apparatus is provided. By adopting the device, the pointer and the method exchange mechanism are realized through the method, and the function to be monitored in the sub-class interception component and the function in the data acquisition component are mapped one by one, so that the sub-class interception component can acquire the data generated by function call on the premise of not preventing normal data acquisition.

In an embodiment of the present application, a data processing apparatus is provided. By adopting the device, the function to be monitored of the sub-class interception component on the specific event is obtained, so that accurate interception can be performed in specific data interception, and data interception errors are prevented.

Optionally, on the basis of the embodiment corresponding to fig. 12, in another embodiment of the data processing apparatus 20 provided in this embodiment of the present application, the obtaining module 201 is specifically configured to obtain a first function list, and an equipment identifier of a terminal device on which the first function list is deployed and a user identifier corresponding to the first function list, where the first function list includes the original function; rewriting the first function list to generate a second function list; and acquiring the monitoring function according to the equipment identifier and the user identifier, wherein the monitoring function is contained in the second function list.

Optionally, in another embodiment of the data processing apparatus 20 provided in the embodiment of the present application, based on the embodiment corresponding to fig. 12, the processing module 202 is specifically configured to initialize a data processing thread according to the target parameter data; analyzing the target parameter data by using the data processing thread to obtain an analysis result; and when the analysis result indicates that sensitive data exists in the target parameter data, desensitizing the sensitive data to obtain desensitized information.

In an embodiment of the present application, a data processing apparatus is provided. By adopting the device, after the data processing thread is triggered, the parameter data is analyzed to obtain an analysis result, and the desensitization processing is carried out when sensitive data exists in the parameter data, so that the accurate desensitization processing can be carried out on the parameter data, and the data acquisition is safer.

Optionally, in another embodiment of the data processing apparatus 20 provided in the embodiment of the present application, based on the embodiment corresponding to fig. 12, the processing module 202 is specifically configured to parse the target parameter data into a structure field by using the data processing thread;

and when the comparison result indicates that the value of the structural body field is not the same as the value of the preset sensitive field, indicating that sensitive data does not exist in the target parameter data.

In an embodiment of the present application, a data processing apparatus is provided. By adopting the device, the parameter data is analyzed to obtain the structural body field, and whether the parameter data comprises the sensitive data is determined according to the comparison between the structural body field and the preset sensitive field, so that the accurate determination of the sensitive data is realized.

Optionally, on the basis of the embodiment corresponding to fig. 12, in another embodiment of the data processing apparatus 20 provided in the embodiment of the present application, the obtaining module 201 is further configured to obtain stack information of the target data in a transferring process;

The processing module 202 is further configured to send a notification message to a processor of the target data when the stack information indicates that the desensitization information has a preset processing behavior, so that the processor executes the preset processing behavior, and the preset processing behavior is written into a disk, a storage file, or an underlying shared data process.

In an embodiment of the present application, a data processing apparatus is provided. By adopting the device, the final processing behavior of the parameters is monitored, and the notification message is sent to the processing side when the data transmission, storage and sharing processing is carried out, so that illegal data transmission, storage and sharing can be effectively prevented.

Optionally, in another embodiment of the data processing apparatus 20 provided in the embodiment of the present application, based on the embodiment corresponding to fig. 12, the processing module 202 is further configured to write the target parameter data into a data set;

the data processing device also comprises the sending module which is used for sending the data set to the proxy server according to a preset period, so that the proxy server screens the sensitive data in the data set according to the wind control data table and does not forward the sensitive data in the data set.

In an embodiment of the present application, a data processing apparatus is provided. By adopting the device, the parameter data is stored in the data set, so that the interaction times of the client and the server can be reduced, and the data transmission exposure rate can be reduced. Meanwhile, the wind control data table of the proxy server determines page data which the client needs to follow, and sensitive data with higher timeliness can be filtered out.

Referring to fig. 13, fig. 13 is a schematic diagram of a server structure according to an embodiment of the present application, where the server 300 may have a relatively large difference due to different configurations or performances, and may include one or more central processing units (central processing units, CPU) 322 (e.g., one or more processors) and a memory 332, one or more storage media 330 (e.g., one or more mass storage devices) storing application programs 342 or data 344. Wherein the memory 332 and the storage medium 330 may be transitory or persistent. The program stored on the storage medium 330 may include one or more modules (not shown), each of which may include a series of instruction operations on a server. Still further, the central processor 322 may be configured to communicate with the storage medium 330 and execute a series of instruction operations in the storage medium 330 on the server 300.

The server 300 may also include one or more power supplies 326, one or more wired or wireless network interfaces 350, one or more input/output interfaces 358, and/or one or more operating systems 341, for exampleSuch as Windows Server ^TM ，Mac OS X ^TM ，Unix ^TM ,Linux ^TM ，FreeBSD ^TM Etc.

The steps performed by the server in the above embodiments may be based on the server structure shown in fig. 13.

The data processing apparatus provided in the present application may be used in a terminal device, please refer to fig. 14, which only shows a portion related to an embodiment of the present application for convenience of explanation, and specific technical details are not disclosed, please refer to a method portion of an embodiment of the present application. In the embodiment of the present application, a terminal device is taken as a smart phone as an example to describe:

fig. 14 is a block diagram showing a part of the structure of a smart phone related to a terminal device provided in an embodiment of the present application. Referring to fig. 14, the smart phone includes: radio Frequency (RF) circuitry 410, memory 420, input unit 430, display unit 440, sensor 450, audio circuitry 460, wireless fidelity (wireless fidelity, wiFi) module 470, processor 480, and power supply 490. Those skilled in the art will appreciate that the smartphone structure shown in fig. 14 is not limiting of the smartphone and may include more or fewer components than shown, or may combine certain components, or a different arrangement of components.

The following describes each component of the smart phone in detail with reference to fig. 14:

the RF circuit 410 may be used for receiving and transmitting signals during the process of receiving and transmitting information or communication, in particular, after receiving downlink information of the base station, the downlink information is processed by the processor 480; in addition, the data of the design uplink is sent to the base station. In general, RF circuitry 410 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low noise amplifier (low noise amplifier, LNA), a duplexer, and the like. In addition, the RF circuitry 410 may also communicate with networks and other devices via wireless communications. The wireless communications may use any communication standard or protocol including, but not limited to, global system for mobile communications (global system of mobile communication, GSM), general packet radio service (general packet radio service, GPRS), code division multiple access (code division multiple access, CDMA), wideband code division multiple access (wideband code division multiple access, WCDMA), long term evolution (long term evolution, LTE), email, short message service (short messaging service, SMS), and the like.

The memory 420 may be used to store software programs and modules, and the processor 480 may perform various functional applications and data processing of the smartphone by executing the software programs and modules stored in the memory 420. The memory 420 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program (such as a sound playing function, an image playing function, etc.) required for at least one function, and the like; the storage data area may store data (such as audio data, phonebooks, etc.) created according to the use of the smart phone, etc. In addition, memory 420 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage device.

The input unit 430 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the smart phone. In particular, the input unit 430 may include a touch panel 431 and other input devices 432. The touch panel 431, also referred to as a touch screen, may collect touch operations thereon or thereabout by a user (e.g., operations of the user on the touch panel 431 or thereabout using any suitable object or accessory such as a finger, a stylus, etc.), and drive the corresponding connection device according to a predetermined program. Alternatively, the touch panel 431 may include two parts of a touch detection device and a touch controller. The touch detection device detects the touch azimuth of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch detection device and converts it into touch point coordinates, which are then sent to the processor 480, and can receive commands from the processor 480 and execute them. In addition, the touch panel 431 may be implemented in various types such as resistive, capacitive, infrared, and surface acoustic wave. The input unit 430 may include other input devices 432 in addition to the touch panel 431. In particular, other input devices 432 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a trackball, mouse, joystick, etc.

The display unit 440 may be used to display information input by a user or information provided to the user and various menus of the smart phone. The display unit 440 may include a display panel 441, and optionally, the display panel 441 may be configured in the form of a liquid crystal display (liquid crystal display, LCD), an organic light-emitting diode (OLED), or the like. Further, the touch panel 431 may cover the display panel 441, and when the touch panel 431 detects a touch operation thereon or nearby, the touch operation is transmitted to the processor 480 to determine the type of the touch event, and then the processor 480 provides a corresponding visual output on the display panel 441 according to the type of the touch event. Although in fig. 14, the touch panel 431 and the display panel 441 are two separate components to implement the input and input functions of the smart phone, in some embodiments, the touch panel 431 and the display panel 441 may be integrated to implement the input and output functions of the smart phone.

The smartphone may also include at least one sensor 450, such as a light sensor, a motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor that may adjust the brightness of the display panel 441 according to the brightness of ambient light, and a proximity sensor that may turn off the display panel 441 and/or the backlight when the smartphone is moved to the ear. As one of the motion sensors, the accelerometer sensor can detect the acceleration in all directions (generally three axes), and can detect the gravity and direction when stationary, and can be used for identifying the application of the gesture of the smart phone (such as horizontal and vertical screen switching, related games, magnetometer gesture calibration), vibration identification related functions (such as pedometer and knocking), and the like; other sensors such as gyroscopes, barometers, hygrometers, thermometers, infrared sensors, etc. that may also be configured with the smart phone are not described in detail herein.

Audio circuitry 460, speaker 461, microphone 462 can provide an audio interface between the user and the smartphone. The audio circuit 460 may transmit the received electrical signal after the audio data conversion to the speaker 461, and the electrical signal is converted into a sound signal by the speaker 461 and output; on the other hand, microphone 462 converts the collected sound signals into electrical signals, which are received by audio circuit 460 and converted into audio data, which are processed by audio data output processor 480, and transmitted via RF circuit 410 to, for example, another smart phone, or which are output to memory 420 for further processing.

WiFi belongs to a short-distance wireless transmission technology, and a smart phone can help a user to send and receive emails, browse webpages, access streaming media and the like through a WiFi module 470, so that wireless broadband Internet access is provided for the user. Although fig. 14 shows a WiFi module 470, it is understood that it does not belong to the essential constitution of a smart phone, and can be omitted entirely as required within the scope of not changing the essence of the invention.

The processor 480 is a control center of the smart phone, connects various parts of the entire smart phone using various interfaces and lines, and performs various functions and processes data of the smart phone by running or executing software programs and/or modules stored in the memory 420 and invoking data stored in the memory 420, thereby performing overall monitoring of the smart phone. Optionally, the processor 480 may include one or more processing units; alternatively, the processor 480 may integrate an application processor that primarily handles operating systems, user interfaces, applications, etc., with a modem processor that primarily handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 480.

The smart phone also includes a power supply 490 (e.g., a battery) for powering the various components, optionally in logical communication with the processor 480 through a power management system that performs functions such as managing charge, discharge, and power consumption.

Although not shown, the smart phone may further include a camera, a bluetooth module, etc., which will not be described herein.

The steps performed by the terminal device in the above-described embodiments may be based on the terminal device structure shown in fig. 14.

Also provided in embodiments of the present application is a computer-readable storage medium having a computer program stored therein, which when run on a computer, causes the computer to perform the methods as described in the foregoing embodiments.

Also provided in embodiments of the present application is a computer program product comprising a program which, when run on a computer, causes the computer to perform the methods described in the foregoing embodiments.

It will be clear to those skilled in the art that, for convenience and brevity of description, specific working procedures of the above-described systems, apparatuses and units may refer to corresponding procedures in the foregoing method embodiments, which are not repeated herein.

In the several embodiments provided in this application, it should be understood that the disclosed systems, apparatuses, and methods may be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative, e.g., the division of the units is merely a logical function division, and there may be additional divisions when actually implemented, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.

The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in each embodiment of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.

The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or all or part of the technical solution in the form of a software product stored in a storage medium, including several instructions to cause a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method of the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a read-only memory (ROM), a random access memory (random access memory, RAM), a magnetic disk, or an optical disk, or other various media capable of storing program codes.

The above embodiments are merely for illustrating the technical solution of the present application, and are not limited thereto; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the corresponding technical solutions.

Claims

1. A method of data processing, comprising:

acquiring an original function and a monitoring function, wherein the original function is used for acquiring parameter data, and the monitoring function is used for intercepting the parameter data;

establishing a method exchange mapping relation between the original function and the monitoring function;

intercepting the target parameter data based on the method exchange mapping relation when the monitoring function monitors that the original function acquires the target parameter data;

and desensitizing the target parameter data to obtain desensitization information.

2. The method of claim 1, wherein the method of establishing the original function and the monitoring function exchange mapping relation comprises:

and establishing a method exchange mapping relation between the original function and the monitoring function based on an IMP pointer, wherein the IMP pointer is used for realizing the exchange realization function between functions.

3. The method of claim 1, wherein the obtaining the raw function and the monitoring function comprises:

acquiring a first function list, and deploying equipment identifiers of terminal equipment of the first function list and user identifiers corresponding to the first function list, wherein the first function list comprises the original function;

Rewriting the first function list to generate a second function list;

4. A method according to claim 3, wherein said obtaining said monitoring function from said device identity and said user identity comprises:

transmitting the equipment identifier and the user identifier to a proxy server;

5. The method of claim 1, wherein desensitizing the target parameter data to desensitize information comprises:

initializing a data processing thread according to the target parameter data;

and when the analysis result indicates that sensitive data exists in the target parameter data, desensitizing the sensitive data to obtain the desensitized information.

6. The method of claim 5, wherein parsing the target parameter data using the data processing thread to obtain a parsing result comprises:

Analyzing the target parameter data into a structural body field by utilizing the data processing thread;

7. The method according to any one of claims 1 to 6, characterized in that after desensitizing the target parameter data to desensitize information, the method further comprises:

acquiring stack information of the desensitization information in the transmission process;

when the stack information indicates that the desensitization information has preset processing behaviors, a notification message is sent to a processing party of the desensitization information, so that the processing party executes the preset processing behaviors, and the preset processing behaviors are written into a disk, a storage file or bottom shared data processing.

8. The method according to any one of claims 1 to 6, wherein after intercepting the target parameter data based on the method exchange mapping relationship when the monitoring function monitors that the original function collects target parameter data, the method further comprises:

writing the target parameter data into a data set;

and sending the data set to the proxy server according to a preset period, so that the proxy server screens the sensitive data in the data set according to the wind control data table and does not forward the sensitive data in the data set.

9. A data processing apparatus, comprising:

the interception module is used for intercepting the target parameter data based on the method exchange mapping relation when the monitoring function monitors that the original function acquires the target parameter data;

10. A computer device, comprising: a memory, a processor, and a bus system;

wherein the memory is used for storing programs;

the processor being for executing a program in the memory, the processor being for executing the method of any one of claims 1 to 8 according to instructions in program code;

the bus system is used for connecting the memory and the processor so as to enable the memory and the processor to communicate.

11. A computer readable storage medium comprising instructions which, when run on a computer, cause the computer to perform the method of any one of claims 1 to 8.