CN115730319A - Data processing method, data processing device, computer equipment and storage medium - Google Patents

Abstract

The application relates to a data processing method, a data processing device, computer equipment and a storage medium. The method comprises the following steps: acquiring a plurality of data processing strategies provided by an initial security control; based on at least two data processing strategies selected by self-definition, configuring a data processing strategy combination corresponding to a target service aiming at the initial security control to obtain a target security control bound with the target service; when target data under the target service is acquired based on the target security control, calling the data processing strategy combination through the target security control; analyzing the data processing strategy combination into an instruction calling sequence; and converting the target data according to the instruction calling sequence to obtain converted data. By adopting the method, the target data under the target service can be flexibly converted, so that the safety of the target data under the target service is effectively improved.

Description

Data processing method, device, computer equipment and storage medium

technical field

The present application relates to the technical field of data security, in particular to a data processing method, device, computer equipment and storage medium.

Background technique

With the rapid development of Internet information technology, the speed of data transmission is getting faster and faster, and the scope of transmission is wider. For important data, it is necessary to ensure data security. At present, technologies such as concealment and encryption of data have emerged to protect key data.

In related technologies, target data is usually processed through a pre-designated fixed scheme. However, this method is usually implemented by invoking a more common specific single encryption algorithm. This encryption method is relatively fixed and single. The encryption algorithm is easy to be cracked, resulting in the leakage of key target data, and the data security is low.

Contents of the invention

Based on this, it is necessary to address the above technical problems and provide a data processing method, device, computer equipment and storage medium that can effectively improve data security.

A data processing method, the method comprising:

Obtain a variety of data processing strategies provided by the initial security controls;

Based on the at least two data processing strategies selected by self-definition, configure a combination of data processing strategies corresponding to the target service for the initial security control, and obtain a target security control bound to the target service;

When the target data under the target service is obtained based on the target security control, the data processing strategy combination is invoked through the target security control;

parsing the combination of data processing strategies into an instruction call sequence;

Perform conversion processing on the target data according to the instruction calling sequence to obtain converted data.

A data processing device, said device comprising:

A strategy acquisition module, configured to acquire various data processing strategies provided by the initial security control;

A security control configuration module, configured to configure a combination of data processing policies corresponding to the target service for the initial security control based on at least two of the data processing strategies selected by self-definition, and obtain a target security control bound to the target service ;

A security control calling module, configured to call the data processing strategy combination through the target security control when the target data under the target service is obtained based on the target security control;

The data conversion processing module is configured to analyze the combination of data processing strategies into an instruction calling sequence; perform conversion processing on the target data according to the instruction calling sequence to obtain converted data.

In one embodiment, the security control configuration module is further configured to obtain at least two data processing strategies corresponding to the target service based on user-defined selection; according to at least two data processing strategies, generate a A nested call function corresponding to the target service; configuring the nested call function in the initial security control to obtain a target security control bound to the target service.

In one embodiment, the security control configuration module is further configured to determine the nested call sequence corresponding to the at least two data processing strategies selected by custom; according to the nested call sequence, the at least two The data processing strategy is parsed into a nested call function corresponding to the target business.

In one embodiment, the security control configuration module is further configured to configure a data processing strategy for the initial security control; based on the configured data processing strategy, configure a corresponding combination strategy in the initial security control to generate and provide various data Initial security controls for processing policies.

In one embodiment, the security control calling module is further configured to call an expression parser and the combination of the data processing strategy through the target security control when the acquired data under the target service is target data; The sequence of expressions in the data processing strategy combination is determined by the expression parser, and the data processing strategy combination is parsed into an instruction calling sequence according to the sequence.

In one embodiment, the security control calling module is also used to initialize the instruction list through the expression parser; determine the outer function interface of the data processing policy combination; if the outer function interface is identified according to the outer function interface The data processing strategy combination includes a nested call function, then the nested call function is analyzed layer by layer to obtain the nested expressions in the nested call function, and the parsed expressions are added in the order of analysis Go to the instruction list to obtain the instruction calling sequence.

In one embodiment, the security control calling module is further configured to perform layer-by-layer analysis on the nested calling function to determine the position and quantity of input parameters in the current expression obtained by analysis; if the current expression obtained by analysis includes one input parameter, then add the current expression to the instruction list; if the parsed current expression includes at least two input parameters, then generate a parameter concatenation expression according to the position and quantity of the input parameters formula and added to the command list.

In one embodiment, the security control calling module is also used to check the legality of the parsed expressions respectively; if the legality check is passed, the parsed expressions are parsed in order Add to the instruction list to obtain the instruction calling sequence.

In one embodiment, the instruction calling sequence includes at least two calling instructions with an execution order; the data conversion processing module is further configured to execute the calling instructions in the instruction calling sequence according to the execution order, and During the execution process, the execution result of the previous call instruction is used as the input of the next call instruction to perform conversion processing on the target data to obtain converted data.

In one embodiment, the target security control includes an encryption policy corresponding to the custom configuration of the target service; the data processing device further includes an encryption module, configured to, if the attribute of the target data is an encryption attribute, pass The target security control invokes an encryption strategy; and encrypts the processed data according to the encryption strategy.

In one embodiment, the initial security control is a security control based on the running environment of the parent application, and the parent application provides a running environment for multiple sub-applications; the security control configuration module is also used to obtain the target sub-application at least two of the data processing strategies selected by the user; configure the initial security control with a combination of data processing strategies corresponding to the target business in the target sub-application, and obtain the target security control bound to the target business; The target security control is used to convert the target data under the target service in the target sub-application.

In one embodiment, the data conversion processing module is further configured to: when the target sub-application running in the running environment of the parent application obtains the target data corresponding to the target service of the target sub-application, then The target security control in the target sub-application invokes a corresponding custom configured data processing policy combination, so as to perform conversion processing on the target data according to the data processing policy combination.

A computer device includes a memory and a processor, the memory stores a computer program, and the processor implements the steps in the data processing method of each embodiment of the present application when executing the computer program.

A computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the steps in the data processing method of each embodiment of the present application are implemented.

A computer program product or computer program comprising computer instructions stored in a computer-readable storage medium; readable by a processor of the computer device from the computer-readable storage medium The computer instruction is fetched, and the processor implements the steps in the data processing method of each embodiment of the present application when executing the computer instruction.

The above-mentioned data processing method, device, computer equipment and storage medium obtain various data processing strategies provided by the initial security control, and the business side can customize and combine various data processing strategies in the initial security control, and then based on the custom Select at least two data processing strategies, and configure a combination of data processing strategies corresponding to the target service for the initial security control, so as to obtain the target security control bound to the target service. In this way, the business side can customize and flexibly generate various combinations of data processing strategies, and the combined data processing strategies are more secure for data processing. When the target data under the target business is obtained, the data processing strategy combination corresponding to the target business is invoked through the target security control, and then the data processing strategy combination is parsed into an instruction calling sequence, and then the target data is converted and processed according to the instruction calling sequence, In this way, the target data can be converted more safely, so that the converted data is not easy to be cracked and leaked, thereby effectively improving the security of the target data.

Description of drawings

Fig. 1 is an application environment diagram of a data processing method in an embodiment;

Fig. 2 is a schematic flow chart of a data processing method in an embodiment;

Fig. 3 is the rendering of the target security control in an embodiment;

Fig. 4 is the parsing flowchart of expression parser in an embodiment;

Fig. 5 is a schematic flow chart of a target data processing method in another embodiment;

Fig. 6 is a sequence diagram of data processing in an embodiment;

Fig. 7 is a schematic flow chart of a data processing method in a specific embodiment;

Fig. 8 is a structural block diagram of a data processing device in an embodiment;

Figure 9 is an internal structural diagram of a computer device in an embodiment;

Fig. 10 is an internal structure diagram of a computer device in another embodiment.

Detailed ways

In order to make the purpose, technical solution and advantages of the present application clearer, the present application will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present application, and are not intended to limit the present application.

The data processing method provided in this application can be applied to computer equipment. A computer device can be a terminal or a server. It can be understood that the data processing method provided in this application can be applied to a terminal, a server, or a system including a terminal and a server, and can be realized through interaction between the terminal and the server.

The data processing method provided in this application can be applied to the application environment shown in FIG. 1 . Wherein, the terminal 102 communicates with the server 104 through the network. After the terminal 102 obtains multiple data processing strategies provided by the initial security control from the server 104 , the terminal 102 obtains at least two data processing strategies selected by the business party user and uploads them to the server 104 . Then the server 104 acquires multiple data processing strategies provided by the initial security control; based on at least two data processing strategies selected by self-definition, configure a combination of data processing strategies corresponding to the target business for the initial security control, and obtain the data processing strategy bound to the target business Target security control; when the target data under the target business is obtained based on the target security control, the data processing strategy combination is invoked through the target security control; the data processing strategy combination is parsed into an instruction calling sequence; the target data is processed according to the instruction calling sequence, Get the processed data.

Wherein, the server 104 server can be an independent physical server, or a server cluster or a distributed system composed of multiple physical servers, and can also provide cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, Cloud servers for basic cloud technology services such as cloud communications, middleware services, domain name services, security services, CDN, and big data and artificial intelligence platforms. The terminal 102 may be a smart phone, a tablet computer, a notebook computer, a desktop computer, a smart speaker, a smart watch, etc., but is not limited thereto. The terminal and the server may be connected directly or indirectly through wired or wireless communication, which is not limited in this application.

Cloud technology refers to a hosting technology that unifies a series of resources such as hardware, software, and network in a wide area network or a local area network to realize data calculation, storage, processing, and sharing. Cloud technology is a general term for network technology, information technology, integration technology, management platform technology, application technology, etc. based on cloud computing business model applications. It can form a resource pool and be used on demand, which is flexible and convenient.

Cloud Computing (Cloud Computing) refers to the delivery and use mode of IT (Internet Technology, Internet Technology) infrastructure, which refers to the acquisition of required resources through the network in an on-demand and easy-to-expand manner; cloud computing in a broad sense refers to the delivery and use mode of services , refers to obtaining the required services through the network in an on-demand and easy-to-expand manner. Such services can be IT and software, Internet related, or other services. Cloud computing is grid computing (Grid Computing), distributed computing (Distributed Computing), parallel computing (Parallel Computing), utility computing (Utility Computing), network storage (Network Storage Technologies), virtualization (Virtualization), load balancing (Load Balance ) and other traditional computer and network technology development fusion products. With the rapid development and application of the Internet industry, each item may have its own identification mark in the future, which needs to be transmitted to the background system for logical processing. Data of different levels will be processed separately, and all kinds of industry data need to be powerful. The system backing support can only be realized through cloud computing.

Blockchain is a new application model of computer technologies such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithm. Blockchain (Blockchain), essentially a decentralized database, is a series of data blocks associated with each other using cryptographic methods. Each data block contains a batch of network transaction information, which is used to verify its Validity of information (anti-counterfeiting) and generation of the next block. The blockchain can include the underlying platform of the blockchain, the platform product service layer, and the application service layer.

The underlying blockchain platform can include processing modules such as user management, basic services, smart contracts, and operational monitoring. Among them, the user management module is responsible for the identity information management of all blockchain participants, including maintenance of public and private key generation (account management), key management, and maintenance of the corresponding relationship between the user's real identity and blockchain address (authority management), etc., and in In the case of authorization, supervise and audit transactions of certain real identities, and provide risk control rule configuration (risk control audit); the basic service module is deployed on all blockchain node devices to verify the validity of business requests, And complete the consensus on valid requests and record them on the storage. For a new business request, the basic service first analyzes and authenticates the interface adaptation (interface adaptation), and then encrypts the business information through the consensus algorithm (consensus management). After encryption, it is completely and consistently transmitted to the shared ledger (network communication) and recorded for storage; the smart contract module is responsible for the registration and issuance of the contract and the contract

Contract trigger and contract execution, developers can define the contract logic through a certain programming language, publish it to the blockchain (contract registration), according to the logic of the contract terms, call the key or other events to trigger execution, complete the contract logic, and at the same time It also provides the function of contract upgrade and cancellation; the operation monitoring module is mainly responsible for the deployment during the product release process, configuration modification, contract setting, cloud adaptation, and visual output of real-time status during product operation, such as: alarm, monitoring network conditions, Monitor the health status of node equipment, etc. The platform product service layer provides the basic capabilities and implementation framework of typical applications. Based on these basic capabilities, developers can superimpose the characteristics of the business and complete the blockchain implementation of business logic. The application service layer provides application services based on blockchain solutions for business participants to use.

The terminal device in this technical solution may be a block chain node device, and multiple block chain node devices may form a block chain storage system through network communication. The application scenario of the data processing method provided by this technical solution can also be: when the block chain node device receives a business request, the data processing method provided by this technical solution can be used to process key business information. The account information of the block chain node is processed. After processing key business information, the processed data is transmitted to the shared ledger and stored in the blockchain as a new data block.

In one embodiment, as shown in FIG. 2 , a data processing method is provided. The method is applied to the computer device in FIG. 1 as an example for illustration. The computer device may specifically be a terminal or a server. In this embodiment, the method includes the following steps:

Step S202, acquiring various data processing policies provided by the initial security control.

Among them, the security control is a plug-in developed for a specific business system or browser to protect key data, such as maintaining the confidentiality of server and client information, preventing loss of account passwords, and other functions. Security controls are usually programs or plug-ins designed to improve user data security and prevent target data such as account passwords from being stolen by malware such as Trojan horses or viruses. Security controls can be configured in various business systems or applications, and can also be downloaded, installed and loaded through a browser to provide data protection services.

The initial security control in this embodiment is a custom-configured security control, in which various data processing policies are configured. Among them, a plurality refers to at least two.

It can be understood that data conversion processing can refer to the transformation of certain key information through processing rules, that is, the process of converting real target data that is easy to leak into non-real data that is not easy to leak according to certain rules, so as to realize key information. reliable protection of your data. This enables safe use of processed real datasets in development, testing and other non-production environments as well as outsourced environments. The data conversion processing may specifically be performing concealment processing or encryption processing on the data, that is, transforming and transforming the original data to hide the plaintext data of the original data. For example, concealment processing may specifically be desensitization processing, which is a process of transforming sensitive private data into unreal data.

In a specific embodiment, the data processing policy may refer to a rule policy for desensitizing data, and specifically may be a desensitization policy, that is, a desensitization algorithm customized according to a specified desensitization rule. For example, the data processing policy includes at least one of replacement, rearrangement, encryption, truncation, masking, etc. of the target data. Wherein, the encryption algorithm may include Sha256 (Secure Hash Algorithm) algorithm, SM3 algorithm, Sha1 algorithm, MD5 (Message-Digest Algorithm 5, information digest algorithm) and so on.

Among them, the Sha256 algorithm is a cryptographically secure hash algorithm, that is, a hash function. This function scrambles the data to recreate a fingerprint called a hash value or hash value. The hash value is usually represented by a short string of random letters and numbers. For a message of any length, Sha256 will generate a 256bit long hash value called a message digest. SM3 is also a cryptographically secure hash algorithm, mainly used for digital signature and verification, message authentication code generation and verification, random number generation, etc. Sha1 is a security algorithm mainly used to verify the integrity of data. The data is likely to change during transmission, so different message digests will also be generated. The MD5 message digest algorithm is a widely used cryptographic hash function that can generate a 128-bit hash value to ensure the integrity and consistency of information transmission.

It can be understood that multiple data processing strategies are pre-configured in the initial security control. Specifically, there may be at least three data processing strategies. Wherein, the data processing strategy may include common encryption algorithms and desensitization algorithms, and may also include user-defined encryption algorithms and desensitization algorithms.

Before the computer device processes the target data under the target service, it can pre-configure the target security control corresponding to the target service. Specifically, the computer device may first obtain various data processing strategies provided by the initial security control, and then configure target security controls for target services based on the various data processing strategies provided by the initial security control.

Step S204, based on at least two data processing strategies selected by self-definition, configure a combination of data processing strategies corresponding to the target service for the initial security control, and obtain a target security control bound to the target service.

Among them, the target business may represent a business application of a specific business type, for example, it may be a business system of various business types or a sub-business in a business system, or it may be an application program of various business types or a sub-business in an application program. application.

The target security control refers to a security control configured with a combination of data processing policies generated by at least two data processing policies custom-selected for the target business.

Specifically, R&D personnel can customize and select at least two data processing strategies from various data processing strategies provided by the initial security control for the target business. Then the computer device configures at least two data processing strategies selected according to self-definition in the initial security control, and binds the initial security control to the target service, so that the target security control bound to the target service can be flexibly obtained.

In one of the embodiments, the business party can also customize and select one of the data processing strategies from the various data processing strategies provided by the initial security control. Then configure the data processing strategy corresponding to the target business for the initial security control, so as to obtain the target security control bound to the target business.

Step S206, when the target data under the target service is acquired based on the target security control, call the data processing policy combination through the target security control.

It can be understood that target data, also known as critical data, refers to data that may cause serious harm to society or individuals if leaked. For example, the target data may specifically be sensitive data.

In one embodiment, the target data includes at least one of name, ID number, address, phone number, bank account number, email address, password, medical information, and educational background.

After the computer device is configured with a target security control with a custom data processing policy combination for the target service, the target data under the target service can be processed through the target security control.

Specifically, when the computer device obtains the target data under the target service, it calls the target security control bound to the target service in real time, and loads the configured data processing strategy combination through the target security control.

Step S208, analyzing the combination of data processing strategies into an instruction calling sequence.

Wherein, the instruction call sequence may represent a set of instructions, and represent a plurality of instruction calls with an execution order, that is, a series of instructions arranged in a certain order of execution. Specifically, it may be invoking instructions corresponding to at least two data processing strategies in the data processing strategy combination. Specifically, each instruction calling sequence may correspond to a desensitization algorithm or an encryption algorithm.

It can be understood that in the process of processing the target data, the computer equipment is the process of sequentially executing the instruction calling sequence to convert the target data, so as to realize the conversion process of the target data and obtain the data after hiding the plaintext.

Wherein, the target security control also includes parsing rules for the combination of data processing strategies, which are used to resolve the custom combination of data processing strategies into an instruction calling sequence.

After the computer device loads the custom data processing strategy combination through the target security control, it analyzes the data processing strategy combination according to the parsing rules for the data processing strategy combination in the target security control, and obtains the instruction call corresponding to the data processing strategy combination sequence.

After the computer device parses the self-defined combination of data processing strategies into corresponding instruction calling sequences, it executes each instruction calling sequence sequentially according to the instruction execution order of the instruction calling sequences.

Step S210, converting the target data according to the instruction calling sequence to obtain the converted data.

It can be understood that the conversion process in this embodiment may implement a series of instruction call sequences for the target data to transform the target data. For example, specifically, desensitization may be performed on target data to obtain desensitized data.

After the computer device parses the combination of data processing strategies into a corresponding instruction invocation sequence, the instruction invocation sequence can be sequentially executed for the target data according to the corresponding instruction execution sequence.

For example, if there are at least three instruction call sequences, the computer device first executes the first instruction call sequence, and based on the result obtained after executing the first instruction, executes subsequent instruction call sequences in sequence until the last instruction call sequence is executed. After the sequence of instruction calls, the converted data is obtained. Wherein, the converted data may specifically be in the form of a hash value.

It can be understood that the computer equipment converts the target data, and after obtaining the converted data, stores the converted data in the database corresponding to the target business, thereby effectively avoiding storing plaintext data in the database.

In one of the embodiments, based on at least two data processing strategies selected by self-definition, the target security control bound to the target service is configured and obtained. If there is historical target data under the target business in clear text, the computer device can convert the historical target data under the target business through the target security control, so as to convert the historical target data into covertly processed data. Since the target security control is configured with a custom data processing policy combination bound to the target business, it can facilitate compatibility with the data and data formats under the old target business, thereby more securely and flexibly processing the target data under the target business Be concealed.

As shown in FIG. 3 , it is an effect diagram of a target security control in an embodiment. It can be understood that password information is a typical target data. Referring to FIG. 3 , the target security control can be applied in the scenario of password desensitization processing of the target business. For example, in the process of requiring the user to enter password information to verify the identity information in the target business, when the computer device obtains the password information entered by the user under the target business, it will call the bound target security control in real time and call the target business through the target security control The corresponding combination of data processing strategies. Then the combination of data processing strategies is parsed into an instruction call sequence, and then the target data is desensitized according to the instruction call sequence to obtain the desensitized data. The computer device can further perform identity verification based on the desensitized data, thereby effectively avoiding the exposure of plaintext data, thereby ensuring the security of key target data.

In the above data processing method, the computer device obtains multiple data processing strategies provided by the initial security control, and the business side can customize and combine various data processing strategies in the initial security control, and then select at least two based on the custom The data processing strategy configures a combination of data processing strategies corresponding to the target business for the initial security control, so as to obtain the target security control bound to the target business. In this way, the business side can customize and flexibly generate various combinations of data processing strategies, and the combined data processing strategies are more secure for data processing. When the target data under the target business is obtained, the data processing strategy combination corresponding to the target business is invoked through the target security control, and then the data processing strategy combination is parsed into an instruction calling sequence, and then the target data is converted and processed according to the instruction calling sequence, In this way, the target data can be converted more safely, so that the converted data is not easy to be cracked and leaked, thereby effectively improving the security of the target data.

In one embodiment, based on at least two data processing strategies selected by self-definition, the initial security control is configured with a combination of data processing strategies corresponding to the target business, and the step of obtaining the target security control bound to the target business includes: obtaining a security control based on Customize at least two data processing strategies corresponding to the target business; generate a nested call function corresponding to the target business according to at least two data processing strategies; configure the nested call function in the initial security control to obtain the target business The bound target security control.

Among them, the nested call is to call another function from one function, that is, function nesting allows calling another function in one function. For example, when there are multiple functions, if there is a layer-by-layer call relationship between these functions, then these functions are nested call functions.

It can be understood that each data processing strategy can be a strategy function, and the custom-selected data processing strategy combination includes at least two strategy functions, and at least two strategy functions can form a nested calling function. That is to say, a nested calling function means multiple policy functions having a layer-by-layer calling relationship.

After the computer device obtains various data processing strategies provided by the initial security controls, and obtains at least two data processing strategies selected for the target business customization from among the various data processing strategies provided by the initial security controls, then the customized The combination of at least two selected data processing strategies is analyzed to obtain the nested call function corresponding to the target business.

Then the computer equipment configures the nested call function in the initial security control. Since the data processing strategy combination selected by the user corresponds to the target business, in the process of configuring the initial security control, the initial security control can be combined with the target business at the same time. Business binding, so that the target security control bound to the target business can be more flexibly configured.

In one embodiment, according to at least two data processing strategies, the step of generating a nested call function corresponding to the target service includes: determining the nested call sequence corresponding to the at least two data processing strategies selected by the user; nested call sequence, and at least two data processing strategies are parsed into nested call functions corresponding to the target business.

Wherein, the nested call sequence indicates the call sequence among the policy functions.

It can be understood that each data processing strategy can be a strategy function, and the custom-selected data processing strategy combination includes at least two strategy functions, and at least two strategy functions can form a nested calling function. That is to say, a nested calling function means multiple policy functions having a layer-by-layer calling relationship.

When the computer device performs policy analysis on the combination of at least two data processing strategies selected by self-definition, it can specifically call the resolver in the initial security control, and first determine the at least two data processing strategies selected by self-definition through the resolver in the initial security control The corresponding multiple strategy functions, and the nested call sequence corresponding to each strategy function. Then, according to the nested call sequence, at least two data processing strategies are parsed into nested call functions corresponding to the target business, so that the target security control bound to the target business can be obtained through flexible and efficient custom configuration.

In one embodiment, before acquiring multiple data processing policies provided by the initial security controls, the method further includes a step of configuring the initial security controls, the step of configuring the initial security controls includes: configuring the data processing policies for the initial security controls; Configure the corresponding combined strategy in the initial security control to generate an initial security control that provides multiple data processing strategies.

It can be understood that the initial security control is a security control that is pre-configured with various data processing strategies, so that the initial security control can be provided to the business side, so that the business side can customize the selection from the various data processing strategies provided by the initial security control The combination of data processing strategies required to enable safe and flexible processing of the target data.

Wherein, before the computer device obtains the initial security control, it also includes a configuration step of the initial security control. The step of configuring the initial security control can be performed by other third-party platforms, or by current computer equipment.

Wherein, the combined strategy refers to a combined strategy among various data processing strategies.

Specifically, the computer device first obtains a plurality of data processing policies, which may include self-defined data processing policies. Then configure the obtained multiple data processing strategies for the initial security control, and determine the combined strategy among the various data processing strategies. The computer device then configures a combined strategy among various data processing strategies in the initial security control, thereby generating an initial security control that provides multiple data processing strategies.

In this embodiment, by configuring multiple data processing strategies for the initial security control, the initial security control can provide multiple data processing strategies for the business side to customize the combination of data processing strategies for the target business, and obtain the target The target security control for the custom configuration of the business binding.

In one embodiment, when the target data under the target business is obtained based on the target security control, the step of invoking the combination of data processing strategies through the target security control includes: when the acquired data under the target business is target data, through the target Security controls invoke expression parsers and data processing strategy combinations.

The step of parsing the data processing strategy combination into an instruction calling sequence includes: determining the sequence of expressions in the data processing strategy combination through an expression parser, and parsing the data processing strategy combination into an instruction calling sequence according to the order.

When the computer device acquires the target data under the target service, it will call the target security control bound to the target service in real time, and load the configured data processing strategy combination through the target security control.

It can be understood that the expression parser is a parsing toolkit configured in the target security control for parsing the combination of data processing strategies into instruction calls. For example, the expression parser is capable of parsing various expressions, such as expressions including mathematical functions, Boolean operations, string operations, encryption functions, nested functions, and user-defined functions. Wherein, the order of the expressions refers to the execution order of the expressions.

After configuring the target security control corresponding to the target business, when the computer device obtains the target data under the target business, it will invoke the target security control, and load the expression parser in it through the target security control, and call the target business corresponding A combination of data processing strategies.

Then the computer device further parses the combination of data processing strategies through the expression parser. Specifically, the computer device first parses the order of the expressions in the data processing strategy combination through the expression parser, and then converts the expressions in the data processing strategy combination into instruction calls with an execution sequence according to the order of the expressions sequence. It can be understood that the order of the expressions corresponds to the execution order of the instruction calling sequence.

In this embodiment, through the expression parser of the target security control, the policy analysis is performed on the custom-selected data processing policy combination, and the data processing policy combination can be quickly and effectively parsed into an instruction call sequence with an execution order, thereby enabling efficient Safely process target data.

In one embodiment, the sequence of the expressions in the data processing strategy combination is determined through an expression parser, and the step of parsing the data processing strategy combination into an instruction call sequence in order includes: initializing the instruction list through the expression parser; determining The outer layer function interface of the data processing strategy combination; if it is identified according to the outer layer function interface that the data processing strategy combination includes a nested call function, then the nested call function is analyzed layer by layer, and each nested call function in the nested call function is obtained. expression, add the parsed expression to the instruction list in the order of parsing, and obtain the instruction calling sequence.

Wherein, the instruction list is a list for recording each instruction obtained by parsing. Specifically, the instructions recorded in the instruction list may be expressed as a set of instruction sequences. Multiple instructions can be spliced in order of execution to form an instruction queue. The execution order of the instructions is used to follow the order of the instructions and execute each instruction down.

It can be understood that the outer function interface is also the outer function in the combination of data processing strategies. Among them, the outer function is the expression executed last in the combination of data processing strategies; the inner function in the combination of data processing strategies is the expression executed first in the combination of data processing strategies.

In the process of parsing the data processing strategy combination by the computer device through the expression parser, the expression is used to analyze the data processing strategy combination layer by layer, so as to analyze each expression in the data processing strategy combination layer by layer.

Specifically, the computer device first initializes an instruction list through the expression parser, and inputs the combination of data processing strategies into the expression parser. The expression parser first determines the outer layer function interface of the data processing strategy combination, and then identifies whether the outer layer function interface also includes nested calling functions, that is, identifies whether it also includes inner layer functions.

If it is identified according to the outer function interface that the combination of data processing strategies includes a nested call function, then the nested call function is analyzed layer by layer, and the nested expressions in the nested call function are respectively obtained in the order of analysis, and respectively The parsed expressions are added to the instruction list sequentially in the order of parsing, so as to obtain the instruction calling sequence.

In one of the embodiments, if the business party only selects one of the data processing strategies from the various data processing strategies provided by the initial security control, and then configures the initial security control with a data processing strategy corresponding to the target business , after obtaining the target security control bound to the target service. When the target data under the target business is obtained based on the target security control, the data processing strategy is invoked through the target security control, and then the data processing strategy is directly parsed through the expression parser in the target security control to obtain the corresponding conversion instruction . The computer device further converts the target data according to the instruction calling sequence, and obtains the converted data with higher security.

In one embodiment, the step of analyzing the nested call function layer by layer to obtain the nested expressions in the nested call function includes: analyzing the nested call function layer by layer to determine the current expression obtained by parsing The position and number of input parameters in the formula; if the current expression obtained by parsing includes one input parameter, then add the current expression to the command list; if the current expression obtained by parsing includes at least two input parameters, then according to the input The position and number of parameters, generate a parameter splicing expression and add it to the command list.

It will be understood that an input parameter refers to a set of variables input to a specified expression. The input parameters in this embodiment may include target data under the target business, intermediate processing results, random value parameters, and the like. Wherein, the random value parameter may specifically be a Salt value, also called a salt value, which is a random value generated by combining with target data.

In the process of analyzing the nested calling function layer by layer, the computer device first judges whether the nested calling function also includes the nested calling function, and if so, further analyzes the nested calling function to obtain the current expression. If the current expression does not include nested calling functions, then identify the position and number of input parameters in the current expression. Then according to the position and quantity of the input parameters, the corresponding expressions are added to the instruction list.

Specifically, if the parsed current expression includes an input parameter, the current expression is added to the instruction list. If the parsed current expression includes at least two input parameters, generate a parameter splicing expression according to the position and quantity of the input parameters, and add the parameter splicing expression to the instruction list. For example, if the parsed current expression includes an input parameter of target data and an input parameter of random value, then according to the positional relationship between the input parameter of target data and the input parameter of random value, generate the current parameter concatenation expression.

If the input parameter of the target data comes first, and the input parameter of the random value comes first, the generated parameter splicing expression can be a forward splicing expression. If the input parameter of the random value is last, and the input parameter of the target data is last, the generated parameter splicing expression can be a backward splicing expression. After these expressions are added to the instruction list according to the parsing order, the instruction calling sequence can be parsed, so that the combination of data processing strategies can be effectively parsed into the corresponding instruction calling sequence.

In one embodiment, the step of adding the parsed expressions to the instruction list in the order of parsing to obtain the instruction call sequence includes: performing a legality check on the parsed expressions respectively; if the legality check is passed, the The expressions obtained by parsing are added to the instruction list in the order of parsing, and the instruction calling sequence is obtained.

It can be understood that verifying the validity of an expression refers to verifying whether the expression complies with algorithm rules, that is, verifying whether the expression can be recognized and run by a computer device. For example, the validity check may include checking whether the input parameters, operation operators, and functions in the expression conform to algorithm rules.

During the layer-by-layer parsing process of the nested calling function, the computer device also performs a legality check on the expression obtained after each round of parsing. If the validity check of the expression is passed, the expression is added to the command list. After the expressions in the data processing strategy combination are all parsed and added to the instruction list, an instruction calling sequence is obtained based on the instruction list. In this way, the combination of data processing strategies corresponding to the target business can be effectively parsed into a corresponding instruction invocation sequence.

In one embodiment, the instruction call sequence includes at least two call instructions with an execution order; the step of converting the target data according to the instruction call sequence to obtain the converted data includes: executing the instruction call sequence according to the execution order In the execution process, the execution result of the previous call instruction is used as the input of the next call instruction to convert the target data and obtain the converted data.

It can be understood that the execution result of the last calling instruction represents an intermediate processing result during the execution of the instruction calling sequence.

After the computer device parses the combination of data processing strategies into an instruction calling sequence with an execution order, it sequentially executes the calling instructions in the instruction calling sequence according to the execution order. In the process of executing the call instruction, after each execution of a call instruction to obtain the corresponding execution result, the execution result of the previous call instruction is used as the input of the next call instruction to convert the target data, so that it can be safely and effectively Get the converted data.

As shown in FIG. 4, it is a parsing flowchart of an expression parser in an embodiment. Referring to FIG. 4 , the expression parser first initializes the instruction list, and first determines whether the expression combined by the data processing strategy is a legal expression. If it is a legal expression, the expression of the data processing strategy combination is parsed. Specifically, firstly, the interface of the current outer function name is obtained by parsing, and the outer function name Api is calculated through the Hash value to obtain the encoded Hash value of the current outer function name Api, that is, HashApi. Then identify whether the current outer function has nested calls, which may specifically include identifying nested calls of expressions and nested calls of parameters.

If it is identified that the current outer layer function has a nested call, further recursive call analysis is performed on the current outer layer function, so as to further analyze the called expression function.

If the current outer function has no nested calls, further identify the number and position of the input parameters in the current expression. Specifically, if there is only one parameter in the current expression, directly add the HashApi corresponding to the current outer layer function as an instruction into the instruction list.

If the current expression includes two parameters, it means that the input parameters include a random value parameter. If the random value is in the front, generate the expression of forward splicing, for example, it can be insertSalt(). And add the current expression to the instruction list, and then add the corresponding function HashApi as an instruction to the instruction list. If the random value follows, first add HashApi to the instruction list, and then generate a backward spliced expression, for example, appendSalt(), and add the current expression to the instruction list.

If the current expression includes three parameters, it means that the input parameters include two random value parameters, then first generate an expression for forward splicing, for example, insertSalt(). And add the current expression to the instruction list. Then add the corresponding function HashApi as an instruction to the instruction list. Finally, an expression for backward splicing is generated, for example, appendSalt(), and the current expression is added to the command list.

Before adding the current expression obtained by parsing at each step to the instruction list, it is necessary to judge whether the currently input expression is a legal expression, and if it is a legal expression, the current expression is added to the instruction list. After the expression analysis of the combination of data processing strategies is completed, each instruction in the instruction list is the obtained instruction calling sequence.

For example, the expression of the combination of data processing strategies is "Sha256(Salt2, SM3(pwd, Salt1), Salt3)" as an example for illustration. Among them, "pwd" indicates the target data under the target service, for example, it may be password information; "Salt" indicates a random value parameter; "SM3()" indicates the SM3 algorithm; "Sha256()" indicates the Sha256 algorithm. Wherein, the expression parser can parse the current expression obtained by parsing into corresponding pseudocode. It can be understood that pseudocode is an algorithm description language, so that the described algorithm can be easily implemented in any programming language.

Parse the expression according to the above expression parsing process. After the instruction list is initialized, the current outer layer function "Sha256()" is first parsed, and then it is identified whether the current outer layer function has a nested call. Wherein the current outer layer function "Sha256()" has a nested call, then further analyze the recursive call of the current outer layer function to further analyze the called expression function, and obtain the current expression as "(pwd,Salt1)" part. Since the random value parameter Salt1 is behind, generate the backward concatenated expression appendSalt(Salt1), and add the pseudocode corresponding to the first expression obtained by parsing to the instruction list, and the corresponding execution result is " pwd+Salt1".

Then continue to analyze to get the current outer layer function "SM3()", and add the pseudocode corresponding to the second expression obtained by the analysis to the instruction list, and the corresponding execution result is "SM3(pwd+Salt1)" .

The computer device further parses the current outer layer function through the expression parser, and parses out that the current expression is the part of "Salt2, SM3(pwd, Salt1)". Since the random value parameter Salt1 is in front, the forward spliced expression insertSalt( Salt2), and add the pseudocode corresponding to the third expression obtained from the analysis to the instruction list, and the corresponding execution result is "Salt2+SM3(pwd+Salt1)".

Further, the expression parser continues to analyze to obtain the current outer layer function, and parses out that the current expression is the part of "Salt2, SM3(pwd, Salt1), Salt3". Since the random value parameter Salt1 is behind, the backward spliced expression is generated appendSalt(Salt3), and add the pseudocode corresponding to the fourth expression obtained by parsing to the instruction list, and the corresponding execution result is "Salt2+SM3(pwd+Salt1)+Salt3".

Then, the expression parser continues to parse to obtain the current outer layer function, parses out the current expression as the "Sha256()" part, and adds the pseudocode corresponding to the fourth expression obtained by parsing to the instruction list, which corresponds to The execution result is "Sha256(Salt2+SM3(pwd+Salt1)+Salt3)".

The list of instructions finally parsed by the combination of data processing strategies is shown in Table 1 below.

serial number pseudocode Results of the 1 appendSalt(Salt1) pwd+Salt1 2 SM3() SM3(pwd+Salt1) 3 insertSalt(Salt2) Salt2+SM3(pwd+Salt1) 4 appendSalt(Salt3) Salt2+SM3(pwd+salt1)+Salt3 5 Sha256 Sha256(salt2+SM3(pwd+salt1)+Salt3)

Table I

In this embodiment, the initial security control is configured with the target security control obtained by combining the data processing policies corresponding to the target service through at least two data processing policies based on self-defined selection. When the target data under the target business is obtained, the data processing policy combination corresponding to the target business is invoked through the target security control, and then the data processing policy combination is parsed into an instruction calling sequence, and then the target data is processed according to the instruction calling sequence, by This can more safely covertly process the target data, so that the covertly processed data is not easy to be cracked and leaked.

In one embodiment, after converting the target data according to the instruction calling sequence to obtain the converted data, the data processing method further includes: when the attribute of the target data is an encryption attribute, calling the encryption policy through the target security control; The processed data is encrypted according to the encryption policy.

Wherein, the target security control includes an encryption policy corresponding to the custom configuration of the target business. It can be understood that the encryption policy is used to encrypt data, and specifically, data whose attribute is an encryption attribute may be encrypted.

Wherein, the target security control is also pre-configured with an encryption strategy for the target service, which is used to encrypt the target data whose attribute is an encryption attribute.

If the computer device recognizes that the attribute of the target data under the target business is an encrypted attribute, it means that the target data is of high importance, and needs to be converted and encrypted. Specifically, the computer device calls the encryption policy through the target security control, and then parses the security policy into corresponding encryption instructions through the expression parser in the target security control. Then, for the converted data, a corresponding encryption instruction is executed for encryption processing.

In this embodiment, by further encrypting the converted data, the target data can be converted and encrypted more safely, so that the converted data is not easy to be cracked and leaked, thereby greatly improving the security of the target data. safety.

In one embodiment, based on at least two data processing strategies selected by self-definition, the initial security control is configured with a combination of data processing strategies corresponding to the target business, and the step of obtaining the target security control bound to the target business includes: obtaining the target security control for At least two data processing strategies selected by the target sub-application; configure the initial security control with a combination of data processing strategies corresponding to the target business in the target sub-application, and obtain the target security control bound to the target business.

Wherein, the initial security control is a security control based on the operating environment of the parent application, and the parent application provides the operating environment for multiple sub-applications.

It can be understood that the parent application refers to an application that can run independently, and is a native application that runs directly on the operating system. Specifically, the parent application may be an application that hosts a sub-application and can provide an operating environment for the sub-application to run. Parent applications include but are not limited to instant messaging applications, SNS (Social Network Sites, social networking site) applications, short video applications, long video applications, game applications, music sharing applications, UGC (User Generated Content, user generated content) applications, but are not limited to this.

Sub-applications can be various business application scenarios attached to the parent application, or sub-applications running in the parent application. Each sub-application can correspond to different business domains. Sub-applications include, but are not limited to, instant messaging applications, SNS applications, short video applications, long video applications, game applications, music sharing applications, shopping and sales applications, UGC applications, and various intelligent identification applications, but are not limited thereto.

Each sub-application can configure target security controls under its own target business, and then configure the sub-application's running environment according to the running environment of the parent application, so that the sub-application can run on the parent application.

The parent application is pre-configured with initial security controls that can provide various data processing strategies. If the target business party needs to build the operating environment of the target sub-application on the parent application, it can obtain the initial security control provided by the parent application, and then customize any choice from the various customizable data processing strategies provided by the initial security control The required data processing policy or combination of data processing policies, and then configure the target security control bound to the target sub-application. Wherein, the target security control is used to convert and process the target data under the target service in the target sub-application.

Specifically, after the computer device acquires at least two data processing strategies customized by the target business party for the target sub-application, it binds the initial security control with the target business of the target sub-application, and configures the initial security control corresponding to Combining the data processing strategies of the target business to obtain a target security control with high security bound to the target business.

In this embodiment, through the initial security control provided by the parent application, which can customize and select various data processing strategies, each sub-application running in the parent application can customize the various data processing strategies provided by the initial security control By arbitrarily selecting the required data processing strategy or data processing strategy combination, a variety of freely combined data processing strategy combinations can be effectively generated for each sub-application, so that the target data can be converted and processed more safely, so that the obtained The converted data is not easily cracked and leaked.

In one embodiment, as shown in FIG. 5 , another target data processing method is provided, which specifically includes the following steps:

Step S502, acquiring various data processing strategies provided by the initial security control; the initial security control is a parent security control based on the operating environment of the parent application, and the application provides the operating environment for multiple sub-applications.

Step S504, acquiring at least two data processing policies customized for the target sub-application.

Step S506, configure the initial security control with a combination of data processing policies corresponding to the target service in the target sub-application, and obtain the target security control bound to the target service.

Step S508, when the target sub-application running in the operating environment of the parent application obtains the target data corresponding to the target business of the target sub-application, call the corresponding custom-configured data processing through the target security control in the target sub-application strategic combination.

Step S510, analyzing the combination of data processing strategies into an instruction calling sequence.

Step S512, converting the target data according to the instruction calling sequence to obtain the converted data.

It can be understood that, after the computer device obtains at least two data processing strategies custom-selected by the target business party for the target sub-application, it binds the initial security control with the target business of the target sub-application, and configures the initial security control corresponding to Combining the data processing strategies of the target business to obtain a target security control with high security bound to the target business.

When the target sub-application running in the running environment of the parent application obtains the target data corresponding to the target business of the target sub-application, it indicates that the target data of the target business of the target sub-application needs to be converted. The computer device invokes the corresponding custom-configured data processing strategy combination through the target security control in the target sub-application, and then analyzes the data processing strategy combination through the target security control to obtain the corresponding instruction calling sequence with execution order, and then targets the The target data executes the instruction call sequence sequentially according to the execution order, until the instruction call sequence is executed, the conversion processing of the target data is completed, and the converted data is obtained.

The computer equipment can further store and apply the converted data, which can effectively ensure that the data processing strategy corresponding to the target business of each sub-application can be customized more safely and flexibly without exposing the plaintext of the target data, thus making it more efficient. The target data is safely converted so that the converted data is not easy to be cracked and leaked, effectively ensuring the security of the target data.

In a specific embodiment, as shown in FIG. 6 , it is a timing diagram of data conversion processing in an embodiment. Referring to FIG. 6 , a security control is deployed in the computer device, and the security control is a target security control corresponding to the target service, and may specifically represent a server corresponding to the target service. The target service may specifically be expressed as a terminal corresponding to the target service party.

Specifically, the computer device uses various data processing strategies provided by the initial security controls, and after the target business party customizes the required combination of data processing strategies from these various data processing strategies, configure the initial security controls corresponding to the target business After obtaining the target security control bound to the target business. When the target business party inputs the target data, the computer device will evoke the bound target security control, and load the data processing policy combination of the custom configuration in it and analyze it, and analyze it to obtain an instruction call sequence with an execution order.

When the target data collection is completed, the target business party can feed back a notification that the data collection is completed. The target security control obtains the collected target data, and inputs the target data into the target security control, and the target security control first executes the instruction in the first parsed instruction call sequence according to the execution order of the target data and instruction call sequence . Then instruct the parsed instructions in order of execution until the last parsed instruction is executed, then the converted data will be obtained, and the converted data will be returned to the target business party. For example, the converted data may specifically be the converted HashData hash value.

In a specific embodiment, as shown in FIG. 7, a specific data processing method is provided, which specifically includes the following steps:

Step 702, acquiring various data processing policies provided by the initial security control.

Step 704: Obtain at least two data processing strategies corresponding to the target service based on the user-defined selection, and determine the nested call sequence corresponding to the at least two data processing strategies selected by the user-defined.

Step 706: According to the sequence of nested calls, at least two data processing strategies are parsed into nested call functions corresponding to the target business.

Step 708, configure the nested call function in the initial security control to obtain the target security control bound to the target service.

Step 710, when the acquired data under the target service is the target data, invoke the combination of the expression parser and the data processing strategy through the target security control.

Step 712, initialize the instruction list through the expression parser; determine the outer function interface of the data processing strategy combination.

Step 714, if it is identified according to the outer function interface that the combination of data processing strategies includes a nested call function, then the nested call function is analyzed layer by layer to obtain each nested expression in the nested call function, and the parsed expression Formulas are added to the instruction list in the order of analysis to obtain the instruction calling sequence.

Step 716: Execute the calling instructions in the instruction calling sequence according to the execution sequence. During the execution process, use the execution result of the previous calling instruction as the input of the next calling instruction to convert the target data and obtain the converted data.

In this embodiment, based on at least two data processing strategies selected by self-definition, a combination of data processing strategies corresponding to the target service is configured for the initial security control, so as to obtain the target security control bound to the target service. In this way, the business side can customize and flexibly generate various combinations of data processing strategies, and the combined data processing strategies are more secure for data conversion processing. When the target data under the target business is obtained, the data processing policy combination is parsed into an instruction call sequence through the target security control, and then the target data is converted and processed according to the instruction call sequence, so that the target data can be converted and processed more safely , so that the converted data is not easy to be cracked and leaked, thereby effectively improving the security of the target data.

The present application also provides an application scenario, where the above-mentioned data processing method is applied. Specifically, the user terminal runs an application program corresponding to the target service or accesses a corresponding service system website, such as various communication services, banking services, payment services, and the like. Among them, the corresponding target security control can be pre-configured in the application program corresponding to the target business or accessing the corresponding business system website. The target security control is based on the target business party's custom selection from the various data processing strategies provided by the initial security control. It is obtained by configuring the combination of data processing strategies.

The user can input the data under the target service in the application program through the user terminal. When the data entered by the user is the target data under the target business, such as passwords, personal information, etc., the terminal calls the corresponding target security control, loads the corresponding data processing strategy combination through the target security control and analyzes it, so that the instructions obtained through the analysis The call sequence performs real-time conversion processing on the target data input by the user, so as to obtain the converted data. Therefore, in the process of the user inputting the target data, it is effectively guaranteed that the plaintext of the target data will not be leaked. For scenarios such as password input and payment finance with a higher security level, it can effectively guarantee password security and payment security, thereby effectively improving the security of key target data.

It should be understood that although the steps in the flow charts of FIG. 2 , FIG. 5 , and FIG. 7 are shown sequentially as indicated by the arrows, these steps are not necessarily executed sequentially in the order indicated by the arrows. Unless otherwise specified herein, there is no strict order restriction on the execution of these steps, and these steps can be executed in other orders. Moreover, at least some of the steps in FIG. 2, FIG. 5, and FIG. 7 may include multiple steps or multiple stages, and these steps or stages are not necessarily executed at the same time, but may be executed at different times. These steps Or the execution sequence of the stages is not necessarily performed sequentially, but may be executed in turn or alternately with other steps or at least a part of steps or stages in other steps.

In one embodiment, as shown in FIG. 8 , a data processing device 800 is provided. The device may use software modules or hardware modules, or a combination of the two to become a part of computer equipment. The device specifically includes: policy acquisition Module 802, security control configuration module 804, security control calling module 806 and data conversion processing module 808, wherein:

The policy acquisition module 802 is configured to acquire various data processing policies provided by the initial security control.

The security control configuration module 804 is configured to configure a combination of data processing policies corresponding to the target service for the initial security control based on at least two data processing policies selected by self-definition, and obtain a target security control bound to the target service.

The security control calling module 806 is configured to call the data processing strategy combination through the target security control when the target data under the target service is acquired based on the target security control.

The data conversion processing module 808 is configured to analyze the combination of data processing strategies into an instruction call sequence; perform conversion processing on the target data according to the instruction call sequence to obtain converted data.

In one embodiment, the security control configuration module 804 is also used to obtain at least two data processing strategies corresponding to the target business based on self-defined selection; according to the at least two data processing strategies, generate nested calls corresponding to the target business Function; configure the nested call function in the initial security control to obtain the target security control bound to the target business.

In one embodiment, the security control configuration module 804 is further configured to determine the nested invocation sequence corresponding to at least two data processing strategies selected by self-definition; according to the nested invocation sequence, at least two data processing strategies are parsed into The corresponding nested calling function of the target business.

In one embodiment, the security control configuration module 804 is also used to configure the data processing policy for the initial security control; based on the configured data processing policy, configure the corresponding combined policy in the initial security control, and generate a policy that provides multiple data processing policies. Initial security controls.

In one embodiment, the security control calling module 804 is also used to call the expression parser and data processing strategy combination through the target security control when the acquired data under the target business is target data; through the expression parser, determine The order of the expressions in the data processing strategy combination is used to parse the data processing strategy combination into a sequence of instruction calls.

In one embodiment, the security control calling module 806 is also used to initialize the instruction list through the expression parser; determine the outer layer function interface of the data processing strategy combination; if it is identified according to the outer layer function interface that the data processing strategy combination includes nested To call a function, the nested call function is analyzed layer by layer to obtain nested expressions in the nested call function, and the parsed expressions are added to the instruction list in order of analysis to obtain an instruction call sequence.

In one embodiment, the security control calling module 806 is also used to analyze the nested calling function layer by layer to determine the position and quantity of input parameters in the current expression obtained by parsing; if the current expression obtained by parsing includes a For input parameters, add the current expression to the instruction list; if the parsed current expression includes at least two input parameters, generate a parameter concatenation expression according to the position and quantity of the input parameters and add it to the instruction list.

In one embodiment, the security control calling module 806 is also used to check the validity of the parsed expressions respectively; if the legality check is passed, the parsed expressions are added to the instruction list in the order of parsing, Get the command call sequence.

In one embodiment, the instruction call sequence includes at least two call instructions with an execution order; the data conversion processing module 808 is also used to execute the call instructions in the instruction call sequence according to the execution order, and during the execution process, the previous The execution result of the call instruction is used as the input of the next call instruction to perform conversion processing on the target data to obtain the converted data.

According to The encryption policy encrypts the converted data.

In one embodiment, the initial security control is a security control based on the operating environment of the parent application, and the parent application provides the operating environment for multiple sub-applications; the security control configuration module 804 is also used to obtain the customized selection for the target sub-application At least two data processing strategies; configure the initial security control with a combination of data processing strategies corresponding to the target business in the target sub-application, and obtain the target security control bound to the target business; the target security control is used to control the target business in the target sub-application The target data is converted.

In one embodiment, the data conversion processing module 808 is further configured to, when the target sub-application running in the operating environment of the parent application obtains the target data corresponding to the target business of the target sub-application, The target security control calls the corresponding custom-configured data processing strategy combination, so as to convert and process the target data according to the data processing strategy combination.

For specific limitations on the data processing device, refer to the above-mentioned limitations on the data processing method, which will not be repeated here. Each module in the above-mentioned data processing device can be fully or partially realized by software, hardware and a combination thereof. The above-mentioned modules can be embedded in or independent of the processor in the computer device in the form of hardware, and can also be stored in the memory of the computer device in the form of software, so that the processor can invoke and execute the corresponding operations of the above-mentioned modules.

In one embodiment, a computer device is provided. The computer device may be a server, and its internal structure may be as shown in FIG. 9 . The computer device includes a processor, memory and a network interface connected by a system bus. Wherein, the processor of the computer device is used to provide calculation and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and computer programs. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage medium. The network interface of the computer device is used to communicate with an external terminal via a network connection. When the computer program is executed by the processor, a data processing method is realized.

In another embodiment, a computer device is provided. The computer device may be a terminal, and its internal structure may be as shown in FIG. 10 . The computer device includes a processor, a memory, a communication interface, a display screen and an input device connected through a system bus. Wherein, the processor of the computer device is used to provide calculation and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and computer programs. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage medium. The communication interface of the computer device is used to communicate with an external terminal in a wired or wireless manner, and the wireless manner can be realized through WIFI, an operator network, NFC (Near Field Communication) or other technologies. When the computer program is executed by the processor, a data processing method is realized. The display screen of the computer device may be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer device may be a touch layer covered on the display screen, or a button, a trackball or a touch pad provided on the casing of the computer device , and can also be an external keyboard, touchpad or mouse.

Those skilled in the art can understand that the structures shown in Figure 9 and Figure 10 are only block diagrams of partial structures related to the solution of this application, and do not constitute a limitation on the computer equipment on which the solution of this application is applied, specifically The computer device may include more or fewer components than shown in the figures, or combine certain components, or have a different arrangement of components.

In one embodiment, there is also provided a computer device, including a memory and a processor, where a computer program is stored in the memory, and the processor implements the steps in the above method embodiments when executing the computer program.

In one embodiment, a computer-readable storage medium is provided, storing a computer program, and implementing the steps in the foregoing method embodiments when the computer program is executed by a processor.

In one embodiment there is provided a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instruction from the computer-readable storage medium, and the processor executes the computer instruction, so that the computer device executes the steps in the foregoing method embodiments.

Those of ordinary skill in the art can understand that all or part of the processes in the methods of the above embodiments can be implemented through computer programs to instruct related hardware, and the computer programs can be stored in a non-volatile computer-readable memory In the medium, when the computer program is executed, it may include the processes of the embodiments of the above-mentioned methods. Wherein, any references to memory, storage, database or other media used in the various embodiments provided in the present application may include at least one of non-volatile memory and volatile memory. The non-volatile memory may include read-only memory (Read-Only Memory, ROM), magnetic tape, floppy disk, flash memory or optical memory, and the like. Volatile memory may include random access memory (Random Access Memory, RAM) or external cache memory. By way of illustration and not limitation, RAM can be in various forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM).

The technical features of the above embodiments can be combined arbitrarily. To make the description concise, all possible combinations of the technical features in the above embodiments are not described. However, as long as there is no contradiction in the combination of these technical features, they should be It is considered to be within the range described in this specification.

The above-mentioned embodiments only represent several implementation modes of the present application, and the description thereof is relatively specific and detailed, but it should not be construed as limiting the scope of the patent for the invention. It should be noted that those skilled in the art can make several modifications and improvements without departing from the concept of the present application, and these all belong to the protection scope of the present application. Therefore, the scope of protection of the patent application should be based on the appended claims.

Claims (15)

1. A data processing method, characterized in that the method comprises: Obtain a variety of data processing strategies provided by the initial security controls; Based on the at least two data processing strategies selected by self-definition, configure a combination of data processing strategies corresponding to the target business for the initial security control, and obtain a target security control bound to the target business; When the target data under the target service is obtained based on the target security control, the data processing strategy combination is invoked through the target security control; parsing the combination of data processing strategies into an instruction call sequence; Perform conversion processing on the target data according to the instruction calling sequence to obtain converted data. 2. The method according to claim 1, characterized in that, based on at least two kinds of the data processing strategies selected by self-definition, the data processing strategy combination corresponding to the target business is configured for the initial security control, and the result is the same as The target security control bound by the target business includes: Obtaining at least two data processing strategies corresponding to the target business based on self-defined selection; Generate a nested call function corresponding to the target service according to at least two of the data processing strategies; The nested call function is configured in the initial security control to obtain a target security control bound to the target service. 3. The method according to claim 2, wherein said generating a nested call function corresponding to said target business according to at least two of said data processing strategies comprises: Determining the nested call sequence corresponding to at least two of the data processing strategies selected by the user; According to the nested calling sequence, the at least two data processing strategies are parsed into nested calling functions corresponding to the target service. 4. The method according to claim 1, characterized in that, before the acquisition of multiple data processing strategies provided by the initial security control, the method further comprises a configuration step of the initial security control, the initial security control The configuration steps include: Configure data processing policies for initial security controls; Based on the configured data processing strategy, a corresponding combined strategy is configured in the initial security control to generate an initial security control that provides multiple data processing strategies. 5. The method according to claim 1, wherein when the target data under the target service is obtained based on the target security control, the data processing policy combination is invoked through the target security control, include: When the acquired data under the target service is target data, invoke the combination of an expression parser and the data processing strategy through the target security control; The parsing the combination of data processing strategies into an instruction call sequence includes: The sequence of expressions in the data processing strategy combination is determined by the expression parser, and the data processing strategy combination is parsed into an instruction calling sequence according to the sequence. 6. The method according to claim 5, wherein the order of the expressions in the data processing strategy combination is determined through the expression parser, and the data processing strategy combination is analyzed according to the order Call sequences for instructions, including: initializing a list of instructions by said expression parser; Determine the outer layer function interface of the data processing strategy combination; If it is recognized that the data processing strategy combination includes a nested call function according to the outer layer function interface, then the nested call function is analyzed layer by layer to obtain each nested expression in the nested call function, and the The parsed expressions are added to the instruction list in a parsing order to obtain an instruction calling sequence. 7. The method according to claim 6, wherein said nested call function is analyzed layer by layer to obtain nested expressions in the nested call function comprising: Analyzing the nested calling function layer by layer to determine the position and quantity of input parameters in the current expression obtained by parsing; If the current expression obtained by parsing includes an input parameter, adding the current expression to the instruction list; If the parsed current expression includes at least two input parameters, then according to the position and quantity of the input parameters, a parameter concatenation expression is generated and added to the instruction list. 8. The method according to claim 6, wherein the said expressions to be parsed are added to the command list in a parsing order to obtain a command call sequence, comprising: Check the validity of the parsed expressions respectively; If the validity check is passed, the expressions obtained by parsing are added to the instruction list in order of parsing to obtain an instruction calling sequence. 9. The method according to claim 1, wherein the instruction calling sequence includes at least two calling instructions having an execution order; the target data is converted according to the instruction calling sequence to obtain Transformed data, including: Execute the call instruction in the instruction call sequence according to the execution order, and during the execution process, use the execution result of the previous call instruction as the input of the next call instruction to convert the target data, and obtain the converted The data. 10. The method according to claim 1, wherein the target security control includes an encryption policy corresponding to the custom configuration of the target business; After converting the target data according to the instruction calling sequence to obtain the converted data, the method further includes: If the attribute of the target data is an encryption attribute, invoke an encryption strategy through the target security control; Encrypt the converted data according to the encryption policy. 11. The method according to any one of claims 1 to 10, wherein the initial security control is a security control based on the operating environment of a parent application, and the parent application provides an operating environment for multiple sub-applications; The at least two data processing strategies based on self-defined selection, configuring a combination of data processing strategies corresponding to the target business for the initial security control, and obtaining the target security control bound to the target business, include: obtaining at least two of said data processing strategies for a custom selection of a target sub-application; Configure the initial security control corresponding to the data processing policy combination of the target business in the target sub-application, and obtain the target security control bound to the target business; the target security control is used for the target sub-application The target data under the target business is converted. 12. The method according to claim 11, wherein when the target data under the target service is obtained based on the target security control, the data processing strategy combination is invoked through the target security control, include: When the target sub-application running in the running environment of the parent application acquires the target data corresponding to the target service of the target sub-application, then The target security control in the target sub-application invokes a corresponding custom configured data processing policy combination, so as to perform conversion processing on the target data according to the data processing policy combination. 13. A data processing device, characterized in that the device comprises: A strategy acquisition module, configured to acquire various data processing strategies provided by the initial security control; A security control generation module, configured to configure a combination of data processing policies corresponding to the target service for the initial security control based on at least two of the data processing strategies selected by self-definition, and obtain a target security control bound to the target service ; A security control calling module, configured to call the data processing strategy combination through the target security control when the target data under the target service is obtained based on the target security control; The data conversion processing module is configured to analyze the combination of data processing strategies into an instruction calling sequence; perform conversion processing on the target data according to the instruction calling sequence to obtain converted data. 14. A computer device, comprising a memory and a processor, the memory stores a computer program, wherein the processor implements the method according to any one of claims 1 to 12 when executing the computer program step. 15. A computer-readable storage medium storing a computer program, characterized in that, when the computer program is executed by a processor, the steps of the method according to any one of claims 1 to 12 are implemented.

Images