一种基于底层转译的电子交易系统An electronic trading system based on bottom-level translation
本发明属于计算机与网络的计算架构领域，特别是数字内容的交易。The invention belongs to the field of computing architecture of computers and networks, especially the transaction of digital content.
当今社会在信息化，但是数字资产流通效率低，研发效率低。每年全球研发投入已经达到2万亿美元，然而其中60％属于重复研发，基本上每个开发团队都是独立研发。本质原因就是，开发的源文件很难流通。即使在欧美国家，开源项目虽然数量很大，然而仍远远不能满足各行业的研发需求，大部分的项目是不开源的，尤其重要的或者优质的项目更是很少有开源内容。Today's society is informatization, but digital asset circulation efficiency is low, and research and development efficiency is low. Annual global R & D investment has reached 2 trillion US dollars, but 60% of them are repeated R & D, basically each development team is independent R & D. The essential reason is that the developed source files are difficult to circulate. Even in Europe and the United States, although there are a large number of open source projects, they are still far from meeting the R & D needs of various industries. Most of the projects are not open source, and especially important or high-quality projects rarely have open source content.
1.开源模式：优质内容少，对内容提供者激励机制不足。1. Open source model: less high-quality content and insufficient incentive mechanism for content providers.
2.外包模式：费用高，周期长，质量不可控，交易双方缺乏信任。2. Outsourcing mode: high cost, long cycle, uncontrollable quality, and lack of trust between both parties to the transaction.
本发明旨在提供一个高效率的数字内容流通交易系统。The present invention aims to provide a high-efficiency digital content circulation transaction system.
发明内容Summary of the invention
本发明设计了一种基于网络的编程开发系统，在文件、指令、程序、代码等层面实现隔离与转译。一种基于底层转译的电子交易系统，该系统具有如下特征：The invention designs a network-based programming development system, which implements isolation and translation at the level of files, instructions, programs, and codes. An electronic trading system based on bottom-level translation. The system has the following characteristics:
a.系统的组成上，包含供应端，应用端，服务器端，总控制软件及数据库：其中，供应端向系统平台提供开发代码、模型资源、以及实现特定功能的技术组件等各种数字形态的产品，供应产品的存管可以是1)由供应者上传到服务器端，或者2)将相关信息提交给服务器而数字产品原件保存在本地，等其他模式；应用端即数字产品的使用端，也包含二次开发性质的应用，本电子交易系统的应用端还包含了转译重定向工具，可以对数字形态的内容进行重定向、转译、替换等操作；服务器端负责系统软件与数据的存储，以及与各端交互等功能；总控制软件控制交易项目的真实映射关系等内容；a. The composition of the system includes the supply side, application side, server side, general control software and database: the supply side provides various code forms such as development codes, model resources, and technical components to realize specific functions to the system platform For products, the depository of supplied products can be 1) uploaded by the supplier to the server, or 2) submitted to the server and the original digital product is stored locally, and other modes; the application side is the user side of the digital product, also Contains applications of a secondary development nature. The application side of this electronic trading system also includes a translation redirection tool that can redirect, translate, and replace digital content; the server side is responsible for the storage of system software and data, and Functions such as interaction with each end; the total control software controls the real mapping relationship of transaction items, etc .;
b.应用端的转译重定向的实现可以采用如下的办法：1)沙盒重定向，在应用端运行的伪数字内容在执行时被重定向到位于供应端或服务器端，获取真实内容；2)应用端以WEB IDE形式或类似的客户端软件来运行接收到的数字内容，编译、执行、存储在vps或云主机等远端设备上，在远端设备上执行替换；3)其他类似效果的方法包括但不限于透明加密等；b. The translation redirection of the application side can be implemented as follows: 1) Sandbox redirection, the pseudo digital content running on the application side is redirected to the supply side or the server side during execution to obtain real content; 2) The application terminal runs the received digital content in the form of WEB IDE or similar client software, compiles, executes, and stores the remote device such as vps or cloud host, and performs replacement on the remote device; 3) Other similar effects Methods include but are not limited to transparent encryption, etc .;
c.该电子交易系统的流程：当供应端向应用者交付对应的数字产品时，先不交付真实内容，而是提供一套对应的沙盒化的伪数字产品到应用端，比如，对于开发代码，提供的是伪代码，而对于模型资源，提供的是透明加密后的伪模型，伪内容可以是标签性质的、指代性质的， 而当本系统的应用端接收到伪产品后，总控制软件作为项目与代码的真实映射控制，对伪代码或伪模型在本地执行时的内容下达动态替换指令到应用端，应用端由于包含了转译重定向工具，在将伪代码或伪模型在本地应用使用的时候，随即将伪代码或伪模型，编译、使用时被按照映射库的对应关系还原为真实原始的内容再编译或执行，从而实现用户所见非所得，对于应用端的客户，看到的均是伪代码、伪模型等，而后编译时被动态替换为真实的内容，使得真实的内容不被应用端获取、而应用端可以使用；c. The process of the electronic trading system: when the supply side delivers the corresponding digital product to the user, it does not first deliver the real content, but provides a corresponding set of sandboxed pseudo digital products to the application side, for example, for development The code provides pseudo code, and for the model resources, it provides a pseudo model with transparent encryption. The pseudo content can be of a label or referential nature. When the application of the system receives the pseudo product, the total The control software serves as the real mapping control of the project and the code, and issues dynamic replacement instructions to the application side when the pseudo code or pseudo model is executed locally. The application side contains the translation redirect tool, and the pseudo code or pseudo model is localized. When the application is used, the pseudo code or pseudo model will be restored to the real original content according to the corresponding relationship of the mapping library when compiling and using, and then compiled or executed, so as to realize what the user sees but not gain. Are pseudocode, pseudomodels, etc., and are dynamically replaced with real content when compiled, so that the real content is not used by the application Take, and end use application;
d.应用端随后执行如下四种模式中的一种或多种：1)应用端通过上述转译伪代码的方式确认数字内容的价值，完成支付或者确认后，供应端再提供给真实的数字内容；2)应用端通过上述转译伪代码的方式完成外包前的选择与试用，以衡量、选择供应端；3)应用端通过上述转译伪代码的方式实现仅仅需要使用权的数字产品出租模式；4)服务端托管真实的数字产品,而应用端通过上述转译伪代码的方式仅获得一部分真实内容，从而获得部分的产权。d. The application terminal then executes one or more of the following four modes: 1) The application terminal confirms the value of the digital content by means of the above pseudocode translation, and after the payment or confirmation is completed, the supply terminal provides the real digital content ; 2) The application side completes the selection and trial before outsourcing through the above-mentioned translation pseudo code to measure and select the supply side; 3) The application side realizes the digital product rental mode that only requires the right to use through the above-mentioned translation pseudo code; 4 ) The server side hosts real digital products, while the application side obtains only part of the real content through the above-mentioned method of translating pseudocode, thereby obtaining part of the property rights.
见说明书附图1。See attached drawing 1 of the specification.
服务器端可以是是一台专门的服务器，也可以是分布式的服务器节点，这些服务端还可以：1.作为研发项目与代码的真实的存储位置；2.存管对应与映射关系，指的是伪代码与真实代码之间的对应关系；3.接收应用端的指令，并控制应用端所执行或编译的代码或内容的动态替换，以及版本控制，权限分级控制。The server can be a dedicated server or a distributed server node. These servers can also be: 1. As the true storage location of R & D projects and codes; 2. Correspondence and mapping relationship of depository management refers to Correspondence between pseudocode and real code; 3. Receive instructions from the application side, and control the dynamic replacement of the code or content executed or compiled by the application side, as well as version control and permission level control.
应用端将指令传递给服务器端或直接给供应端，将编译器缓存与中间文件、文件与注册表操作、程序操作等的部分或全部内容的真实路径指向服务端或供应端上对应的源代码、或者项目、或者工作空间、或数据库等，服务端或供应端作为研发项目与代码等的真实存储，对客户端所执行或编译的代码等内容提供动态替换的内容，由应用端的转译重定向程序执行动态替换，从而实现应用端对数字内容的可用却不可得，如：交付的数字内容中可以插入伪代码，这部分代码不是真实代码，而是某种指代，比如//hook(document API，z.dll),正常情况下这本来应该是一行注释文字，如果非本系统的话，编译器也就是将其作为一行注释，不会有任何内容添加到程序中。然而现在，这行注释就会被替换为一行对所有文件操作相关的API进行全面hook并注入z.dll的代码，并编译供执行。The application side passes instructions to the server side or directly to the supply side, and directs the real path of part or all of the contents of the compiler cache and intermediate files, file and registry operations, and program operations to the corresponding source code on the server or supply side , Or projects, or workspaces, or databases, etc. The server or supplier serves as the real storage of R & D projects and codes, etc. It provides dynamic replacement of content executed by the client or compiled code, and is redirected by the translation of the application. The program performs dynamic replacement, so that the application can use the digital content but it is not available. For example, pseudo code can be inserted into the delivered digital content. This part of the code is not the real code, but a kind of reference, such as // hook (document API, z.dll), under normal circumstances, this should be a line of comment text. If it is not the system, the compiler will use it as a line of comments, and nothing will be added to the program. Now, however, this line of comments will be replaced by a line that comprehensively hooks all file operation-related APIs and injects z.dll code, and compiles it for execution.
本系统还在转译内容中自动添加header头部语句，以下称为工具宏，用于调试与二次开发等功能，如，数字内容的原始内容标记为Y，其所对应的伪内容标记为A，增加的工具宏的内容为H，则应用端在执行或者编译的时候，便会被重定向为HY或YH，H可以是代码也可以是其他数字内容，且真实内容Y对于H是可访问的。增加的工具宏的内容中包括了数字产品的控制语句或控制模块，以实现运行区域控制、授权场景控制、微服务模块化、 定时失效等。The system also automatically adds a header statement to the translated content, hereinafter referred to as a tool macro, which is used for debugging and secondary development. For example, the original content of digital content is marked as Y, and the corresponding pseudo content is marked as A. , The content of the added tool macro is H, when the application is executed or compiled, it will be redirected to HY or YH, H can be code or other digital content, and the real content Y is accessible to H of. The content of the added tool macro includes the control sentence or control module of the digital product, so as to realize the operation area control, authorization scene control, microservice modularization, and timing failure.
本系统还包含多次转译的流程，在系统的架构上，设计了延伸链条以进行自我延展，其控制模式为：系统的处理实现还包含多次转译的设计，如，代码ABCD在第一应用端转译为伪代码XY，假定在这个过程中经过了二次开发，又包含了来自原来第一应用端用户的新的内容EFG，新的代码XY-EFG，再存储到服务端上，然后经过本系统转译，在第二应用端以伪代码XYZ的形式处理，处理时映射回ABCDEFG，从而在过程中包括了更多的开发者的内容。见说明书附图2。The system also includes the process of multiple translations. On the architecture of the system, an extension chain is designed to self-extend. The control mode is: the system's processing implementation also includes the design of multiple translations. For example, the code ABCD is used in the first application. The end is translated into pseudo code XY, assuming that it has undergone secondary development in this process, and contains new content EFG from the original first application user, the new code XY-EFG, and then stored on the server, and then passed This system is translated and processed in the form of pseudo-code XYZ on the second application side, and is mapped back to ABCDEFG during processing, so as to include more developers' content in the process. See Attachment 2 in the specification.
在应用端的缓存文件上，首先都是经过透明加密保护的，然后还可以不写入硬盘，而是在内存创建一个的Ramdisk虚拟磁盘存储区，虚拟化为虚拟磁盘从而进行I/O控制。The cache files on the application side are first protected by transparent encryption. Then, instead of writing to the hard disk, a Ramdisk virtual disk storage area can be created in the memory and virtualized into a virtual disk for I / O control.
整个系统还进行区块链公证，对整个系统的运行过程，包括服务器与项目源主体，以及时间、MAC地址、IP、身份等都进行分布式的永久的不可篡改的记录。The entire system is also notarized by the blockchain. The operation process of the entire system, including the server and the source of the project, as well as time, MAC address, IP, identity, etc., are distributed and permanently immutable records.
当然，系统的各个环节之间的交互都进行了加密。Of course, the interaction between the various links of the system is encrypted.
服务器上的分布式存储也可以有多种模式:1.同时将真实文件拆分成多份保存，即在服务端上文件不是以完整的文件形式保存，而是将文件拆分多段分别保存到多个不同的物理机器，每个服务器分别保存一部分，或者多个不同的物理磁盘，但对于客户端上的映射与替换时则还是一个完整的文件；2.采用区块链式的分布式存储；3.系统的服务器端通过沙箱将每个用户的工作空间隔离，一个用户一个沙盒,不同的沙盒与沙盒之间映射关系不同,因此文件与进程互相之间不可访问，为每个用户设置对应的真实存储区(网络磁盘或虚拟磁盘或文件夹，或在服务器Ramdisk中创建虚拟存储区域)，在同一台计算机上起到了共享计算池、分割计算机的效果。The distributed storage on the server can also have multiple modes: 1. Simultaneously split the real file into multiple copies to save, that is, the file is not saved as a complete file on the server side, but the file is split into multiple segments and saved to Multiple different physical machines, each server separately saves a part, or multiple different physical disks, but it is still a complete file for mapping and replacement on the client; 2. Adopt blockchain-style distributed storage ; 3. The server side of the system isolates each user's work space through a sandbox. Each user has a sandbox. The mapping relationship between different sandboxes and sandboxes is different. Therefore, files and processes are not accessible to each other. Each user sets the corresponding real storage area (network disk or virtual disk or folder, or creates a virtual storage area in the server Ramdisk), which has the effect of sharing the computing pool and dividing the computer on the same computer.
为了防泄密，系统中各个环节还可通过inline hook与IRP派遣控制等方式实现虚拟化沙箱，将关键文件、程序、系统环境变成映射，再由沙盒对上述所有映射进行解析，对可信程序与不可信进程可以放到不同的沙盒中，或直接将不可信进程排除到沙盒外，以使得外部进入的恶意的窃取与木马不能获得真实文件。In order to prevent leaks, various links in the system can also realize virtual sandboxes by means of inline hooking and IRP dispatch control, turning key files, programs, and system environments into maps, and then the sandbox analyzes all the above maps. Trust programs and untrusted processes can be placed in different sandboxes, or untrusted processes can be directly excluded from the sandbox, so that malicious theft and Trojan horses from outside cannot obtain real files.
本发明的优势在于：The advantages of the present invention are:
特征1，相比于开源模式，本系统实现的模式有更强的商业性与激励性，在不交出核心知识产权的前提下实现交易，而相比于外包模式，本系统效率更高，成果可试用，成本也更低，因为除了买断之外本系统还可以租用数字成果；Feature 1, compared with the open source model, the model implemented by the system has stronger commerciality and incentives, and the transaction is realized without handing over the core intellectual property. Compared with the outsourcing model, the system is more efficient, The results can be used for trial, and the cost is lower, because in addition to buying out, the system can also rent digital results;
特征2，本发明系统的工具宏对数字内容的双向两侧都可访问到，因此可实现调试与二次开发，本系统并对所有修改实时地在服务端节点链条上进行分叉；Feature 2: The tool macro of the system of the present invention is accessible to both sides of the digital content, so debugging and secondary development can be achieved. The system forks all the modifications on the server node chain in real time;
特征3.本发明系统的链结构保证了二次开发的成果可以再利用。Feature 3. The chain structure of the system of the present invention ensures that the results of secondary development can be reused.
本发明所设计的技术方案中，所涉及的各个计算设备既可以是电脑，也可以是便携式计算机包括手机与平板设备，以及嵌入式设备。In the technical solution designed by the present invention, each computing device involved may be a computer, or a portable computer including a mobile phone and a tablet device, and an embedded device.
本发明在降低了客户端的设计研发工作与难度同时，会加强辅助性与协同性，客户端应用者本身也可以是服务端的源项目的开发者与提供者，从而形成一个网络。所有的本系统的项目还可以通过工具宏header代码共享token、应用组件等。The invention reduces the design and development work and difficulty of the client, and at the same time strengthens the assistance and collaboration. The client application itself can also be the developer and provider of the source project on the server side, thereby forming a network. All projects of this system can also share tokens, application components, etc. through the tool macro header code.
本发明已经成功实现了具体实施案例，作为一个具体实施案例，在上述基本架构的基础上，实施案例还做了如下的设置：The present invention has successfully implemented a specific implementation case. As a specific implementation case, based on the above basic architecture, the implementation case has also made the following settings:
1.应用端选取了一台标准的windows7计算机，在上面安装了沙盒重定向软件，并经过重启计算机生效；1. The application selects a standard windows7 computer, installs sandbox redirection software on it, and takes effect after restarting the computer;
2.服务器端选用windows server 2008服务器3台，安装了服务端内核沙盒，以便为每个客户端创建一个隔离的用户空间沙箱，以及每个用户可以自行上传、管理、分发、控制内容的管理系统，这一实例项目的存管基于沙盒隔离与去中心化区块链分布，3台服务端组成IPFS节点网络，数据是拆分存储在所有服务器的，但是任何一台的服务器又不能构成完整性。测试中，应用端与服务端的连接不是持续的，而是当应用端与服务端连接的时候，服务端进行认证，认证成功后服务端上开启一个沙盒，真实代码或内容进入该沙盒，服务端的沙盒与应用端的沙盒联通，彼此适应同一套映射关系；2. The server uses 3 Windows Server 2008 servers, and installs a server-side kernel sandbox to create an isolated user space sandbox for each client, and each user can upload, manage, distribute, and control content by himself Management system, the depository of this example project is based on sandbox isolation and decentralized blockchain distribution. Three servers form an IPFS node network. The data is split and stored on all servers, but any one server cannot Constitute integrity. In the test, the connection between the application and the server is not continuous, but when the application and the server are connected, the server authenticates. After the authentication is successful, a sandbox is opened on the server, and the real code or content enters the sandbox. The sandbox on the server side and the sandbox on the application side are connected to each other to adapt to the same set of mapping relationships;
3.我们测试了代码型的项目交易，供应端上传了一个底层的hook代码项目作为需要交易的数字内容，而后核心算法部分被转译为伪代码hooka-hooka，在仅仅交付接口、配套函数以及经过hooka-hooka伪装过的内核代码给应用端的情况下，应用端通过转译重定向得到了服务端输出的大量代码功能，对其效果进行了评估，而后应用端利用工具宏header进行了调试和二次开发，形成了新的分叉，并上传到服务器端；3. We tested the code-based project transaction. The supplier uploaded a low-level hook code project as the digital content to be traded, and then the core algorithm part was translated into pseudo code hooka-hooka. After only delivering the interface, supporting functions and When the kernel code disguised by hooka-hooka is given to the application side, the application side obtains a large number of code functions output by the server side through translation redirection, and its effect is evaluated, and then the application side uses the tool macro header for debugging and secondary Development, formed a new fork, and uploaded to the server;
4.我们随后测试了3D模型形式的交易，供应端上传了一个fbx格式的3D模型，并将其透明加密的版本交付给了应用端，应用端在WEB IDE中打开使用没有问题，在连接WEB IDE的云主机上编译操作也没有问题。4. We then tested the transaction in the form of 3D model. The supplier uploaded a 3D model in fbx format and delivered its transparent encrypted version to the application. The application was opened and used in the WEB IDE. There is no problem in connecting to the WEB. There is no problem with the compilation operation on the IDE cloud host.
附图1.本系统流程图。Figure 1. Flow chart of the system.
附图2.链流程图。Figure 2. Chain flow diagram.