Data processing method and device, electronic equipment and storage medium
By splitting the data computation of the SDK and having it work collaboratively on the server and SDK sides, and using encoded information for authentication and encryption, the problems of SDK copyright protection and data transmission security are solved, achieving effective authentication and data security.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- ALIBABA INNOVATION PRIVATE LIMITED
- Filing Date
- 2021-06-11
- Publication Date
- 2026-07-03
AI Technical Summary
In existing technologies, it is difficult for SDK copyright owners to effectively protect their rights in paid usage scenarios. Furthermore, SDKs are easy to copy and crack, leading to incalculable losses. At the same time, data transmission security is insufficient, making them vulnerable to reverse engineering and replay attacks.
By splitting the data computation of the SDK into an easy-to-compute part on the server side and a high-computation-load part on the SDK side, the system generates encoded information using device information and input parameters. The server performs authentication and returns the encoded information, and the SDK performs calculations based on the encoded information to achieve authentication and data encryption, resisting reverse analysis and replay attacks.
It effectively protects the copyright of the SDK, resists reverse engineering and replay attacks, ensures the security of data transmission between the SDK and the server, and prevents data leakage.
Smart Images

Figure CN115470499B_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of computer processing technology, and in particular to a data processing method, apparatus, electronic device, and computer storage medium. Background Technology
[0002] With the rapid development of computer technology, while bringing many conveniences to people's lives, its application scenarios are becoming increasingly complex. SDKs (Software Development Kits), as software development toolkits that provide specific functions, are widely used in mobile, client, and server scenarios, providing great convenience for program developers.
[0003] In general application scenarios, SDKs provide all the functionalities developers can use. Especially when the SDK itself is open-source and free, the more people use it, the higher its popularity and market share, allowing the SDK developers to benefit. However, in certain specific SDK use cases, such as when the SDK requires payment, the rights of the SDK copyright holder are difficult to protect effectively. Because SDKs exist in digital form, they are easily copied and cracked, causing incalculable losses to SDK developers. Summary of the Invention
[0004] This application provides a data processing method, apparatus, readable storage medium, and electronic device to solve or partially solve the technical problems in the related art, such as the inability to effectively authenticate SDKs and the ease with which data leakage can occur.
[0005] To address the aforementioned problems, this application discloses a data processing method applied to an SDK, specifically including:
[0006] In response to a call to a preset functional module, the device information of the device to which the SDK belongs, as well as the input parameters corresponding to the functional module, are obtained;
[0007] Based on the input parameters and the device information, first encoded information is generated and sent to the server. The server is used to authenticate the SDK based on the first encoded information and return second encoded information for the input parameters.
[0008] The calculation is performed based on the second encoded information to generate a calculation result corresponding to the input parameters.
[0009] Optionally, generating first encoded information based on the input parameters and the device information, and sending the first encoded information to the server, includes:
[0010] Obtain a first encryption key for the input parameters and the device information;
[0011] The input parameters and the device information are encrypted using the first encryption key to generate first encoded information, which is then sent to the server.
[0012] Optionally, the step of calculating based on the second encoded information to generate a calculation result corresponding to the input parameters includes:
[0013] Obtain the first decryption key for the second encoded information;
[0014] The first decryption key is used to decrypt the second encoded information to obtain a first data identifier for the input parameter;
[0015] The first data identifier is used for calculation to generate a calculation result corresponding to the input parameters.
[0016] Optionally, the input parameters include at least the target object, initial feature information corresponding to the target object, and the identity key of the SDK; the device information includes at least the device address and the network address; encrypting the input parameters and the device information using the first encryption key to generate first encoded information, and sending the first encoded information to the server, includes:
[0017] Obtain the functional information of the aforementioned functional modules;
[0018] The initial feature information, the device address, the network address, the identity key, and the functional information are concatenated to generate a second data identifier;
[0019] The second data identifier is encrypted using the first encryption key to generate first encoded information, and the first encoded information is sent to the server.
[0020] The server is configured to authenticate the SDK successfully based on the device address, the network address, the identity key, and the functional information, and then generate second encoded information for the target object based on the initial feature information.
[0021] Optionally, the first data identifier includes at least an authentication result identifier and target feature information corresponding to the initial feature information. The step of using the first data identifier to perform calculations and generate a calculation result corresponding to the input parameters includes:
[0022] If the authentication result identifier indicates that the SDK authentication is successful, then the target object is processed using the target feature information to generate a calculation result corresponding to the input parameters.
[0023] This application also discloses a data processing method applied to a server, the method comprising:
[0024] Obtain the first encoded information sent by the SDK, wherein the first encoded information includes at least input parameters and device information;
[0025] The SDK is authenticated based on the input parameters and the device information, and second encoded information for the input parameters is generated.
[0026] The second encoded information is sent to the SDK, which is used to perform calculations based on the second encoded information to generate calculation results for the input parameters.
[0027] Optionally, the input parameters include at least the SDK's identity key, functional information corresponding to the input parameters, and initial feature information corresponding to the target object. The step of authenticating the SDK based on the input parameters and the device information, and generating second encoded information for the input parameters, includes:
[0028] The identity key, the functional information, and the device information are matched with a preset SDK management form to generate an authentication result for the SDK;
[0029] If the authentication result indicates that the SDK is valid, then an authentication result identifier for the initial feature information is generated;
[0030] Using the initial feature information and the authentication result identifier, second encoding information for the input parameters is determined.
[0031] Optionally, the step of matching the identity key, the functional information, and the device information with a preset SDK management form to generate an authentication result for the SDK includes:
[0032] Obtain the second decryption key for the first encoded information;
[0033] The first encoded information is decrypted using the second decryption key to obtain a second data identifier. The second data identifier includes at least the identity key of the SDK, the functional information corresponding to the input parameters, the initial feature information, and the device address and network address of the device to which the SDK belongs.
[0034] The identity key, the function information, the device address, and the network address are matched with a preset SDK management form to generate an authentication result for the SDK.
[0035] Optionally, determining the second encoding information for the input parameters using the initial feature information and the authentication result identifier includes:
[0036] The initial feature information is encoded to generate target feature information;
[0037] The authentication result identifier is concatenated with the target feature information to generate a first data identifier for the target object;
[0038] Obtain the second encryption key for the first data identifier;
[0039] The first data identifier is encrypted using the second encryption key to generate second encoded information for the target object.
[0040] Optionally, the step of matching the identity key, the functional information, the device address, and the network address with a preset SDK management form to generate an authentication result for the SDK includes:
[0041] The identity key is used to query the SDK's permission information from the preset SDK management form;
[0042] If the permission information indicates that the SDK has the permission to use the function corresponding to the function information, and the SDK management form contains the device address and network address corresponding to the SDK, then an authentication result is generated to indicate that the SDK is legitimate.
[0043] Optionally, it also includes:
[0044] In response to detecting that the second encoded information has been sent to the SDK, update the permission information corresponding to the SDK in the SDK management form;
[0045] The permission information includes at least one of the remaining number of uses of the SDK and the remaining usage time.
[0046] This application also discloses a data processing apparatus applied to an SDK, the apparatus comprising:
[0047] The information acquisition module is used to respond to the call operation for the preset functional module, acquire the device information of the device to which the SDK belongs, and the input parameters corresponding to the functional module;
[0048] The encoding information generation module is used to generate first encoding information based on the input parameters and the device information, and send the first encoding information to the server. The server is used to authenticate the SDK based on the first encoding information and return second encoding information for the input parameters.
[0049] The calculation result generation module is used to perform calculations based on the second encoded information to generate calculation results corresponding to the input parameters.
[0050] Optionally, the encoded information generation module includes:
[0051] An encryption key determination submodule is used to obtain a first encryption key for the input parameters and the device information;
[0052] The encoding information generation submodule is used to encrypt the input parameters and the device information using the first encryption key, generate first encoding information, and send the first encoding information to the server.
[0053] Optionally, the calculation result generation module includes:
[0054] The decryption key determination submodule is used to obtain the first decryption key for the second encoded information;
[0055] The data identifier generation submodule is used to decrypt the second encoded information using the first decryption key to obtain a first data identifier for the input parameter;
[0056] The calculation result generation submodule is used to perform calculations using the first data identifier to generate calculation results corresponding to the input parameters.
[0057] Optionally, the input parameters include at least the target object, initial feature information corresponding to the target object, and the identity key of the SDK; the device information includes at least the device address and the network address, and the encoding information generation submodule is specifically used for:
[0058] Obtain the functional information of the aforementioned functional modules;
[0059] The initial feature information, the device address, the network address, the identity key, and the functional information are concatenated to generate a second data identifier;
[0060] The second data identifier is encrypted using the first encryption key to generate first encoded information, and the first encoded information is sent to the server.
[0061] The server is configured to authenticate the SDK successfully based on the device address, the network address, the identity key, and the functional information, and then generate second encoded information for the target object based on the initial feature information.
[0062] Optionally, the first data identifier includes at least an authentication result identifier and target feature information corresponding to the initial feature information, and the calculation result generation submodule is specifically used for:
[0063] If the authentication result identifier indicates that the SDK authentication is successful, then the target object is processed using the target feature information to generate a calculation result corresponding to the input parameters.
[0064] This application also discloses a data processing apparatus, applied to a server, the apparatus comprising:
[0065] The encoding information acquisition module is used to acquire the first encoding information sent by the SDK, the first encoding information including at least input parameters and device information;
[0066] The encoding information generation module is used to authenticate the SDK based on the input parameters and the device information, and generate second encoding information for the input parameters;
[0067] The encoding information sending module is used to send the second encoding information to the SDK, and the SDK is used to perform calculations based on the second encoding information to generate calculation results for the input parameters.
[0068] Optionally, the input parameters include at least the SDK's identity key, functional information corresponding to the input parameters, and initial feature information corresponding to the target object, and the encoded information generation module includes:
[0069] The authentication result generation submodule is used to match the identity key, the functional information, and the device information with a preset SDK management form to generate an authentication result for the SDK.
[0070] The result identifier generation submodule is used to generate an authentication result identifier for the initial feature information if the authentication result indicates that the SDK is valid.
[0071] The encoding information determination submodule is used to determine the second encoding information for the input parameters using the initial feature information and the authentication result identifier.
[0072] Optionally, the authentication result generation submodule is specifically used for:
[0073] Obtain the second decryption key for the first encoded information;
[0074] The first encoded information is decrypted using the second decryption key to obtain a second data identifier. The second data identifier includes at least the identity key of the SDK, the functional information corresponding to the input parameters, the initial feature information, and the device address and network address of the device to which the SDK belongs.
[0075] The identity key, the function information, the device address, and the network address are matched with a preset SDK management form to generate an authentication result for the SDK.
[0076] Optionally, the encoding information determination submodule is specifically used for:
[0077] The initial feature information is encoded to generate target feature information;
[0078] The authentication result identifier is concatenated with the target feature information to generate a first data identifier for the target object;
[0079] Obtain the second encryption key for the first data identifier;
[0080] The first data identifier is encrypted using the second encryption key to generate second encoded information for the target object.
[0081] Optionally, the authentication result generation submodule is specifically used for:
[0082] The identity key is used to query the SDK's permission information from the preset SDK management form;
[0083] If the permission information indicates that the SDK has the permission to use the function corresponding to the function information, and the SDK management form contains the device address and network address corresponding to the SDK, then an authentication result is generated to indicate that the SDK is legitimate.
[0084] Optionally, it also includes:
[0085] The permission information update module is used to update the permission information corresponding to the SDK in the SDK management form in response to detecting that the second encoded information is sent to the SDK;
[0086] The permission information includes at least one of the remaining number of uses of the SDK and the remaining usage time.
[0087] This application also discloses an electronic device, including:
[0088] One or more processors; and
[0089] A computer-readable storage medium having instructions stored thereon, which, when executed by the one or more processors, causes the electronic device to perform the method described in the embodiments of this application.
[0090] This application also discloses a computer-readable storage medium storing instructions that, when executed by one or more processors, cause the processors to perform the methods described in this application.
[0091] This application also discloses a software product, including a computer program / instructions, wherein when the computer program / instructions are executed, the method described in this application is implemented.
[0092] The embodiments of this application have the following advantages:
[0093] In this embodiment, the SDK can communicate with the server. When the SDK detects a call to a preset functional module, it can obtain the device information of the device and the input parameters corresponding to the functional module. Then, it generates first encoded information based on the input parameters and device information and sends the first encoded information to the server. The server can authenticate the SDK based on the device information and input parameters, thus verifying the SDK's identity. Then, it returns second encoded information based on the input parameters. The SDK performs calculations based on the second encoded information to generate the corresponding calculation results. Thus, through data interaction between the SDK and the server, and with effective authentication of the SDK through input parameters and device information, the SDK needs to perform calculations based on the information returned by the server, effectively resisting reverse analysis. Furthermore, since the transmitted data is encoded, it can resist replay attacks, effectively ensuring the security of data transmission between the SDK and the server. Attached Figure Description
[0094] Figure 1 This is a flowchart of the steps of a data processing method provided in the embodiments of this application;
[0095] Figure 2 This is a schematic diagram of the SDK provided in the embodiments of this application;
[0096] Figure 3 This is a flowchart of the steps of a data processing method provided in the embodiments of this application;
[0097] Figure 4 This is a schematic diagram of the server provided in the embodiments of this application;
[0098] Figure 5 This is a schematic diagram of data communication provided in the embodiments of this application;
[0099] Figure 6This is a structural block diagram of a data processing apparatus provided in the embodiments of this application;
[0100] Figure 7 This is a structural block diagram of a data processing device provided in the embodiments of this application. Detailed Implementation
[0101] To make the above-mentioned objectives, features and advantages of this application more apparent and understandable, the application will be further described in detail below with reference to the accompanying drawings and specific embodiments.
[0102] As an example, an SDK provides all the functionalities available to developers. Especially when the SDK itself is open-source and free, the more people use it, the higher its profile and market share, benefiting its developers—for example, the Android Development Kit (NDK). However, there are special cases, such as scenarios where the SDK is purchased, requiring license management. Because digital assets are easily copied, without license management for such SDKs, countless pirated SDKs would circulate online, causing incalculable losses to the developers. Even with access control, existing technologies cannot guarantee against reverse engineering or replay attacks. Therefore, a more secure SDK solution is needed.
[0103] One of the core concepts of this application's embodiments is to split the SDK's computation, retaining most of the data computation on the SDK side and moving a small portion of the data computation to the server side. When the SDK's relevant functions are invoked, the SDK can obtain the corresponding input parameters and the device information of the associated device, encode both to generate first encoded information, and send it to the server. The server authenticates the SDK based on the device information and input parameters, determining the SDK's legitimacy. After confirming legitimacy, the server generates second encoded information. Simultaneously with SDK authentication, the server completes the small portion of data computation belonging to the server. The server can then return the second encoded information to the SDK, which performs the corresponding data computation based on it. Through data interaction between the SDK and the server, and with effective SDK authentication achieved through input parameters and device information, the SDK is required to perform computations based on the information returned by the server. This effectively resists reverse engineering, and because the transmitted data is encoded, it resists replay attacks, effectively ensuring the security of data transmission between the SDK and the server.
[0104] It should be noted that, in this embodiment, the SDK running on a terminal device is used as an example for illustrative purposes. The terminal device may include a mobile phone, PDA (Personal Digital Assistant), laptop computer, handheld computer, smart wearable device (such as a smart bracelet, smart glasses, smart headband, etc.), etc. When a user calls the corresponding function of the SDK, the SDK can communicate with the server to achieve the corresponding function. It is understood that the SDK can also run on a server, such as a physical server, and this application does not limit this.
[0105] Specifically, refer to Figure 1 This document illustrates a flowchart of a data processing method provided in an embodiment of this application, which is applied to an SDK and may specifically include the following steps:
[0106] Step 101: Respond to the call operation for the preset functional module, obtain the device information of the device to which the SDK belongs, and the input parameters corresponding to the functional module;
[0107] In this embodiment, the SDK can be a software development kit, such as a collection of development tools used by software engineers to build application software for specific software packages, software frameworks, hardware platforms, operating systems, etc. The SDK can implement different functions, such as image watermark embedding, detecting the location of faces in images, and deep learning-based image classification.
[0108] Optionally, for a conventional SDK, all data calculations are configured in the SDK. However, in this embodiment, the data calculations of the SDK can be split up, with the easy-to-calculate and low-calculation parts placed on the server and the high-calculation parts placed in the SDK. Without any calculation part, the corresponding function of the SDK cannot be called. Thus, based on the data communication between the SDK and the server, reverse analysis and replay attacks can be effectively resisted.
[0109] In one example, refer to Figure 2This diagram illustrates a schematic of the SDK provided in an embodiment of this application. An SDK can provide different functional modules, each capable of performing different functions, such as image watermark embedding, detecting the location of faces in an image, and image classification based on deep learning. Furthermore, a single functional module can be further divided into multiple units. Specifically, a functional module may include an input parameter encoding unit, a communication unit, a decoding unit, and a computation unit. The input parameters are the input parameters themselves. The input parameter encoding unit encodes the acquired input parameters, SDK authorization information, and device information. Its function is to provide the service provider with the ability to determine the validity of these parameters, whether the SDK user has the permission to use the corresponding functions, and to provide the server with local computation, thereby enabling the server to authenticate the SDK. The communication unit can be an optional unit. When the SDK includes a communication unit, the SDK can communicate with the server through this unit, including sending encoded information to the server and receiving information from the server. If the SDK does not include a communication unit, the external program calling the SDK needs to handle the communication with the server. The decoding unit can decode the encoded information returned by the server to obtain the data required for local SDK calculations. The calculation unit can perform subsequent calculations based on the data decoded by the decoding unit and obtain the corresponding calculation results. The calculation unit can be configured to be unable to complete the overall data calculation independently and needs to rely on the server's return results to obtain the correct results and realize the SDK function call. Therefore, it can be designed as a calculation unit that requires high computational load, large amount of data, and long processing time.
[0110] In the implementation, before using the SDK, users need to register their permissions on the server to enable the corresponding functions of the SDK. The server can record the deployment information of the SDK in the database, such as the device address, device identifier, network address, and permission information of the terminal device where the SDK is located. After successful registration, the server can provide the SDK with an identity key for use, which is only used by that SDK, thereby ensuring the uniqueness between the identity key and the SDK.
[0111] When a user of a terminal device invokes a corresponding function of the SDK, the SDK can respond to the call operation for the function module by obtaining the device information of the device to which the SDK belongs, as well as the input parameters corresponding to the function module. The device information can be used to characterize the device identification information of the device to which the SDK belongs, such as the device address, network address, device identifier, etc.; the input parameters can be the parameters entered by the user when invoking the function module. Different function modules can be invoked with different parameters, or the same parameters can be entered. For example, when invoking the SDK's image recognition and image classification functions, the input parameters can include the images to be input, which can be the same; when invoking the SDK's image recognition and image watermark embedding functions, the input parameters can include the same images. Furthermore, for the image watermark embedding function, the input parameters can also include the watermark parameters to be embedded, etc., and this application does not impose any limitations on this.
[0112] Step 102: Generate first encoding information based on the input parameters and the device information, and send the first encoding information to the server. The server is used to authenticate the SDK based on the first encoding information and return second encoding information for the input parameters.
[0113] In this embodiment, the SDK can encode the input parameters and device information through the input parameter encoding unit to generate first encoded information, and send the first encoded information to the server through the communication unit. The server authenticates the SDK based on the first encoded information and returns second encoded information for the input parameters. Thus, through data interaction between the SDK and the server, the SDK can be authenticated while preventing reverse analysis and replay attacks.
[0114] Optionally, to ensure the security of data transmission between the SDK and the server, the SDK can encrypt the acquired parameters through the input parameter encoding unit and send the encrypted encoded information to the server through the communication unit. Specifically, the SDK can obtain a first encryption key for the input parameters and device information through the input parameter encoding unit, then use this encryption key to encrypt the input parameters and device information to generate corresponding first encoded information, and send the first encoded information to the server through the communication unit. For example, for the first encryption key, the current time information and preset parameters can be obtained, and then the current time information and / or the preset parameters can be used to generate a first encryption key for the input parameters and device information. The preset parameters can be preset keys, such as using the current time as a random seed to generate a random number as the encryption key; or using the current time and the preset key to generate the encryption key; or directly using the preset key as the encryption key, etc. This application does not limit this.
[0115] In one example, the input parameters obtained by the input parameter encoding unit may include the target object, the initial feature information corresponding to the target object, and the SDK's identity key. The device information may include at least the device address and network address. The SDK can obtain the function information of the called function module (the function information can be used to represent the function that the SDK can execute) through the input parameter encoding unit, and concatenate the initial feature information, device address, network address, identity key, and function information to generate a second data identifier. Then, the second data identifier is encrypted using the first encryption key to generate first encoded information, and the first encoded information is sent to the server through the communication unit. The target object can be the object that needs to be calculated, and it is associated with the function module being called. Different functions of the SDK can correspond to different target objects. Furthermore, the initial feature information is also associated with the function information. Different functions of the SDK can correspond to different initial feature information. For example, when the SDK's image watermark embedding function is called, the target object is the image, and the initial feature information can be the watermark parameters to be embedded. When the SDK's image classification function is called, the target object can be the image, and the initial feature information can be the MD5 value of the image. When the SDK's audio classification function is called, the target object can be audio, and the initial feature information can be the MD5 value of the audio, and so on.
[0116] In addition, the second data identifier can be a string composed of initial feature information, device address, network address, identity key and functional information. Then the input parameter encoding unit can encrypt the string with an encryption key determined by the current time to obtain the first encoded information, and then send the first encoded information to the server through the communication unit.
[0117] After receiving the first encoded information, the server can successfully authenticate the SDK based on the device address, network address, identity key, and function information. Then, based on the initial feature information, it generates the second encoded information for the target object and returns the second encoded information to the SDK for subsequent calculations.
[0118] Step 103: Calculate based on the second encoding information to generate a calculation result corresponding to the input parameters.
[0119] In its implementation, the SDK can obtain a first decryption key for the second encoded information through the decoding unit, and use the first decryption key to decrypt the second encoded information to obtain a data identifier for the input parameters. Then, the calculation unit uses the first data identifier to perform calculations, generating a calculation result corresponding to the input parameters. This dynamically encrypts the data transmitted between the SDK and the server, making the encryption and decryption process unbreakable. If decoding fails, the SDK and the server can stop subsequent operations, effectively resisting replay attacks and ensuring the security of SDK usage. Specifically, the first data identifier can at least include an authentication result identifier and target feature information corresponding to the initial feature information. If the authentication result identifier indicates that the SDK has successfully authenticated, the SDK can use the target feature information to process the target object and generate a calculation result corresponding to the input parameters.
[0120] In this process, after obtaining the initial feature information of the target object, the server can encode the initial feature information to generate target feature information, thereby performing pre-calculation on the server and completing the computational workload configured on the server. Then, the server can concatenate the authentication result identifier (representing successful SDK verification) with the target feature information to generate a first data identifier for the target object, obtain a second encryption key for the first data identifier, encrypt the first data identifier, generate second encoded information, and then return the second encoded information to the SDK for subsequent calculations. Optionally, the second encryption key can be a key generated from one or more of the current time information, preset parameters, and the second data identifier, or a combination of at least two of them. The preset parameters can be preset keys, etc., and this application does not impose any limitations on this.
[0121] Optionally, for the target feature information, it can be the calculation result obtained by the server performing pre-calculation based on the initial feature information sent by the SDK. By splitting the data calculation of the SDK, the server completes the corresponding part of the pre-calculation, and the SDK completes the remaining part of the calculation based on the calculation result of the server's pre-calculation. While ensuring the integrity of the SDK's functional calculation, the division of labor and cooperation between the SDK and the server effectively resists malicious reverse analysis and ensures the security of SDK usage.
[0122] In this embodiment, the SDK can communicate with the server. When the SDK detects a call to a preset functional module, it can obtain the device information of the device and the input parameters corresponding to the functional module. Then, it generates first encoded information based on the input parameters and device information and sends the first encoded information to the server. The server can authenticate the SDK based on the device information and input parameters, thus verifying the SDK's identity. Then, it returns second encoded information based on the input parameters. The SDK performs calculations based on the second encoded information to generate the corresponding calculation results. Thus, through data interaction between the SDK and the server, and with effective authentication of the SDK through input parameters and device information, the SDK needs to perform calculations based on the information returned by the server, effectively resisting reverse analysis. Furthermore, since the transmitted data is encoded, it can resist replay attacks, effectively ensuring the security of data transmission between the SDK and the server.
[0123] Reference Figure 3 This document illustrates a flowchart of a data processing method provided in an embodiment of this application, applied to a server, and specifically includes the following steps:
[0124] Step 301: Obtain the first encoded information sent by the SDK, wherein the first encoded information includes at least the input parameters and device information;
[0125] In this embodiment, the server can be used for permission management, authentication, and data recording of the SDK. Each SDK needs to register with the server before use, and the server issues a corresponding identity key based on the registration result, so that the SDK can perform corresponding functions according to its own identity key. The server may include a server, a remote management terminal, etc.
[0126] Optionally, for a conventional SDK, all data calculations are configured in the SDK. However, in this embodiment, the data calculations of the SDK can be split up, with the easy-to-calculate and low-calculation parts placed on the server and the high-calculation parts placed in the SDK. Without any calculation part, the corresponding function of the SDK cannot be called. Thus, based on the data communication between the SDK and the server, reverse analysis and replay attacks can be effectively resisted.
[0127] In one example, refer to Figure 4This diagram illustrates a server provided in an embodiment of this application. The server can be configured based on the functional modules of the SDK. For different functional modules of the SDK, corresponding functional modules are configured in the server to establish the correspondence between function calls. For example, if the SDK includes functional modules ①, ②, and ③, the server can be configured with functional module A corresponding to functional module ①, functional module B corresponding to functional module ②, and functional module C corresponding to functional module ③, etc. Furthermore, an independent functional module can be divided into multiple different units. Specifically, a functional module may include an information receiving unit, an information decoding unit, an information verification unit, a data recording unit, a calculation unit, an information encoding unit, and an information return unit, etc. The system includes: an information receiving unit for receiving encoded information sent by the SDK; an information decoding unit for decoding the SDK's encoded information to obtain valid information; an information verification unit for comparing the decoded valid information with a locally stored permission database (e.g., SDK management forms) to determine if the SDK has the necessary permissions for subsequent operations, and for verifying the legality of device information; and a data recording unit for recording decoded information and calculating call volume based on this record to understand the call status of statistical methods, as well as for recording and updating SDK permission information, such as recording... The SDK can be updated with its remaining usage counts, remaining usage time, etc. The calculation unit can perform corresponding pre-calculations locally on the server side when it is determined that the SDK has the right to use it and the device information is legal. For pre-calculations, the calculation results obtained by the SDK that depend on the pre-calculations, as well as operations with small computational load but important functions, can be configured on the server side. The information encoding unit can encode the calculation results of the pre-calculations and the information authorized for the current call. The information return unit can return the encoding results of the information encoding unit to the SDK so that the SDK can complete the subsequent calculations based on the returned information and realize the call of the corresponding SDK functions.
[0128] In the implementation, before using the SDK, users need to register their permissions on the server to enable the corresponding functions of the SDK. The server can record the deployment information of the SDK in the database, such as the device address, device identifier, network address, and permission information of the terminal device where the SDK is located. After successful registration, the server can provide the SDK with an identity key for its use, which is only used by that SDK, thereby ensuring the uniqueness between the identity key and the SDK.
[0129] When a user of a terminal device invokes a corresponding function of the SDK, the SDK can respond to the call operation for the function module by obtaining the device information of the device to which the SDK belongs, as well as the input parameters corresponding to the function module. The SDK then encodes the device information and input parameters to generate first encoded information, which is sent to the server. The server can then obtain the first encoded information sent by the SDK through the information receiving unit. The device information can be used to represent the device identification information of the device to which the SDK belongs, such as the device address, network address, device identifier, etc. The input parameters can be the parameters entered by the user when invoking the function module; different function modules can be invoked with different parameters, or the same parameters can be entered. For example, when invoking the SDK's image recognition and image classification functions, the input parameters can include the images to be input, which can be the same. When invoking the SDK's image recognition and image watermarking functions, the input parameters can include the same images. Furthermore, for the image watermarking function, the input parameters can also include the watermark parameters to be embedded, etc. This application does not impose any restrictions on this.
[0130] Step 302: Authenticate the SDK based on the input parameters and the device information, and generate second encoded information for the input parameters;
[0131] In a specific implementation, the input parameters sent by the SDK can include at least the SDK's identity key, the functional information corresponding to the input parameters, and the initial feature information corresponding to the target object. The server can then match the identity key, functional information, and device information with the preset SDK management form to generate an authentication result for the SDK. If the authentication result indicates that the SDK is legitimate, an authentication result identifier for the initial feature information is generated. Then, the initial feature information and the authentication result identifier are used to determine the second encoding information for the input parameters.
[0132] Optionally, the SDK management form may include information corresponding to different SDKs, as shown in Table 1 below:
[0133]
[0134] Table 1
[0135] The permission information can include the remaining number of uses and remaining usage time of the SDK. These are usage permissions that users can purchase. For example, SDK① may have 10 remaining uses for image watermarking, 5 remaining uses for image classification, and 15 remaining uses for image recognition, etc. The remaining usage time is similar to the remaining number of uses and will not be elaborated here. By storing management forms for different SDKs in the corresponding database on the server side, SDK permissions can be effectively managed, SDK legitimacy can be verified, and SDK information can be updated and maintained.
[0136] In one example, the server can obtain a second decryption key for the first encoded information through an information decoding unit, and decrypt the first encoded information using the second decryption key to obtain a second data identifier. The second data identifier includes at least the SDK's identity key, functional information corresponding to the input parameters, initial feature information, and the device address and network address of the device to which the SDK belongs. Then, the identity key, functional information, device address, and network address are matched with a preset SDK management form to generate an authentication result for the SDK. Optionally, for the second decryption key, the current time information and preset parameters can be obtained, and then the current time information and / or preset parameters can be used to generate a second decryption key for the input parameters and device information. The preset parameter can be a preset key, in which case the current time can be used as a random seed to generate a random number as the decryption key; the current time can also be used with a preset key to generate the decryption key; or the preset key can be directly used as the decryption key, etc. This application does not limit this.
[0137] Specifically, the server can query the SDK's permission information from the preset SDK management form based on the identity key through the information verification unit. If the permission information indicates that the SDK has the permission to use the function corresponding to the function information, and the SDK management form contains the corresponding device address and network address of the SDK, then an authentication result indicating that the SDK is legitimate is generated. If the permission information indicates that the SDK does not have the permission to use the function information, or the permission has been used up, or the device information recorded in the SDK management form does not match, then a verification failure message indicating that the SDK is illegitimate is generated.
[0138] If the authentication result indicates the SDK is valid, the server can encode the initial feature information using the calculation unit to generate target feature information. The server then concatenates the authentication result identifier with the target feature information to generate a first data identifier for the target object. Next, the server obtains a second encryption key for the first data identifier using the information encoding unit, and then encrypts the first data identifier using the second encryption key to generate second encoded information for the target object. If the authentication result indicates the SDK is invalid, including situations where SDK usage permissions have been exhausted or device information does not match, the server can generate a verification failure result for the SDK using the information verification unit and return this result to the SDK, informing the user of the reason for the SDK verification failure. If the user is unauthorized, this effectively ensures the security of SDK use and prevents data leakage. If the user is legitimate, it reminds them to address the reason for the verification failure, ensuring the normal use of the SDK. Optionally, the second encryption key can be generated from one or more of the current time information, initial feature information, and some or all of the second data identifier, or a combination of at least two of these. This application does not impose any restrictions on this.
[0139] The target object can be the object that the SDK needs to perform data calculations on. It is associated with the function module being called. Different functions of the SDK can correspond to different target objects. Furthermore, the initial feature information is also associated with the function information. Different functions of the SDK can correspond to different initial feature information. For example, when the SDK's image watermark embedding function is called, the target object is the image, and the initial feature information can be the watermark parameters to be embedded. When the SDK's image classification function is called, the target object can be the image, and the initial feature information can be the MD5 value of the image. When the SDK's audio classification function is called, the target object can be the audio, and the initial feature information can be the MD5 value of the audio, and so on.
[0140] It should be noted that after obtaining the initial feature information of the target object, the server can encode the initial feature information to generate target feature information, realize the server's pre-calculation, and complete the computational workload configured on the server. Then, the server can concatenate the authentication result identifier used to represent the successful authentication of the SDK with the target feature information to generate the first data identifier for the target object, determine the encryption key for the first data identifier, encrypt the first data identifier, generate the second encoded information, and then return the second encoded information to the SDK so that the SDK can perform subsequent calculations.
[0141] For target feature information, it can be the calculation result obtained by the server performing pre-calculation based on the initial feature information sent by the SDK. By splitting the data calculation of the SDK, the server completes the corresponding part of the pre-calculation, and the SDK completes the remaining part of the calculation based on the calculation result of the server's pre-calculation. While ensuring the integrity of the SDK's functional calculation, the division of labor and cooperation between the SDK and the server effectively resists malicious reverse analysis and ensures the security of SDK use.
[0142] Optionally, the third time information can be the time corresponding to when the information decoding unit decodes the first encoded information; the fourth time information can be the time corresponding to when the information encoding unit encodes the authentication result identifier and the target feature information. Furthermore, the first data identifier can be a string concatenated from the authentication result identifier and the target feature information. Then, after the calculation unit encodes the initial feature information to obtain the target feature information, the information encoding unit can concatenate the target feature information with the authentication result identifier to obtain the corresponding string. This string is then encrypted using an encryption key determined by the current time to obtain the second encoded information. The second encoded information is then sent to the SDK through the information return unit so that the SDK can complete subsequent calculations based on the second encoded information.
[0143] Step 303: The second encoded information is sent to the SDK, which is used to perform calculations based on the second encoded information to generate a calculation result for the input parameters.
[0144] In the specific implementation, after the server generates the second encoded information, it can send the second encoded information to the SDK through the information return unit. Upon receiving the second encoded information, the SDK can obtain the decryption key for the second encoded information through the decoding unit, and use the decryption key to decrypt the second encoded information to obtain the data identifier for the input parameters. Then, the calculation unit uses the first data identifier to perform calculations, generating a calculation result corresponding to the input parameters. This dynamically encrypts the data transmitted between the SDK and the server, making the encryption and decryption process unbreakable. If decoding fails, the SDK and the server can stop subsequent operations, effectively resisting replay attacks and ensuring the security of SDK usage. Specifically, the first data identifier can at least include an authentication result identifier and target feature information corresponding to the initial feature information. If the authentication result identifier indicates that the SDK has successfully authenticated, the SDK can use the target feature information to process the target object and generate a calculation result corresponding to the input parameters.
[0145] Furthermore, the server can respond to detection by the data recording unit by sending the second encoded information to the SDK, and update the corresponding permission information of the SDK in the SDK management form. This permission information includes at least one of the SDK's remaining usage count and remaining usage time. For example, assuming the SDK has 10 remaining usages for image embedding watermarking, 5 for image classification, and 15 for image recognition, etc., the server can decrement the remaining usage count of the corresponding SDK function by one each time the user uses it, thus managing the SDK's permission information.
[0146] It should be noted that, in this embodiment of the application, the authentication of the SDK's device address, network address, etc. is used as an example for illustrative purposes. It can be understood that the SDK management form may also include other information of the device to which the SDK belongs, and the SDK may be authenticated through this information. This application does not impose any restrictions on this.
[0147] In this embodiment, the SDK can communicate with the server. The server can obtain the first encoded information sent by the SDK, which includes at least input parameters and device information. Then, the server authenticates the SDK based on the input parameters and device information to achieve identity verification of the SDK and generates second encoded information for the input parameters. The second encoded information is then sent to the SDK, which performs calculations based on the second encoded information to generate calculation results for the input parameters. Thus, through data interaction between the SDK and the server, and with effective authentication of the SDK through input parameters and device information, the SDK is required to perform calculations based on the information returned by the server, effectively resisting reverse analysis. Furthermore, since the transmitted data is encoded, it can resist replay attacks, effectively ensuring the security of data transmission between the SDK and the server.
[0148] To enable those skilled in the art to better understand the technical solutions of the embodiments of this application, the following description is provided in conjunction with data communication between the SDK and the server through some examples.
[0149] Reference Figure 5 This illustration shows a data communication diagram provided in an embodiment of this application. Before using the SDK, the SDK user needs to register permissions on the server to enable the corresponding SDK functional permissions. The server can record the SDK deployment status in its database. The SDK function invocation process may include:
[0150] 1. In response to the call operation of the function module, the SDK obtains the input parameters through the input parameter encoding unit, and encodes the information of the input parameters to generate the encoding MSG1;
[0151] 2. The SDK sends MSG1 to the server via the communication unit;
[0152] 3. The server receives MSG1 through the information receiving unit;
[0153] 4. The server decodes MSG1 through the information decoding unit to obtain the information transmitted by the SDK, namely the input parameters, as well as the device information and permission information of the device to which the SDK belongs;
[0154] 5. The server verifies whether the SDK user has permission to use this module by checking the database through the information authorization unit. If the user has permission, proceed to the next step.
[0155] 6. The server performs pre-calculation based on the input parameter information decoded from MSG1 through the calculation unit to obtain the pre-calculation information MSG2.
[0156] 7. The server encodes MSG2 using the information encoding unit to obtain MSG3;
[0157] 8. The server passes MSG3 to the SDK through the information return unit;
[0158] 9. The SDK receives MSG3 through the communication unit;
[0159] 10. The SDK decodes MSG3 through the information decoding unit;
[0160] 11. The SDK uses the calculation unit to perform subsequent calculations locally based on the decoded information to obtain the correct call result.
[0161] Thus, through data interaction between the SDK and the server, and with the SDK being effectively authenticated by input parameters and device information, the SDK is required to perform calculations based on the information returned by the server, effectively resisting reverse analysis. Furthermore, since the transmitted data is encoded, it can resist replay attacks, effectively ensuring the security of data transmission between the SDK and the server.
[0162] In one example, taking the image watermark embedding function of the SDK as an example, before using the SDK, the user needs to register permissions on the server side and enable the SDK's image watermark embedding (watermark_embed) capability. The server records the SDK's deployment information in the database, namely the MAC address of the deployed computer, the computer's local name, the network IP address used, and the total number of uses (assuming the SDK user purchased 10 times). After registration, the server provides the SDK with a usage permission key, which can only be used by this SDK.
[0163] (1) The user of the SDK calls the image watermark embedding capability of the SDK. The input parameters are a color image, embedding information and key. The embedding information is "ABCDEFGH". Then the SDK obtains the MAC address of the deployment machine, assuming it is "0800200A8C6D" and the network IP address of the deployment machine, "10.23.11.3". Assume the key is "ppzXDHgas756HHgdshb". Combine the above information to form a new string "ABCDEFGH; 0800200A8C6D; 10.23.11.3; ppzXDHgas756HHgdshb; watermark_embed". Use the current time (accurate to the minute) as a pseudo-random number seed to generate a random number as an encryption key to encrypt the above string, and obtain the encoded information MSG1 as "hhzooawnHasdMyqw8236GSl023jhBSBBsq";
[0164] (2) The SDK passes MSG1 to the server;
[0165] (3) When the server receives MSG1, it uses the current time (accurate to the minute) as a pseudo-random number seed to generate a random number for decryption. The server decrypts MSG1 and obtains the merged string: "ABCDEFGH; 0800200A8C6D; 10.23.11.3; ppzXDHgas756HHgdshb; watermark_embed". This information is saved and can be used to review and trace the call request.
[0166] (4) The server can query the table based on the key information to find that the SDK has the right to use the image watermark embedding (watermark_embed) capability, with 10 usage attempts remaining, and the deployed machine and network are also legal;
[0167] (5) The server encodes the embedded information “ABCDEFGH” into the information to be embedded “UBNBSDYUYSIAD” and generates a return string MSG2“r;UBNBSDYUYSIAD”, where “r” indicates that the SDK authentication was successful.
[0168] (6) The server uses the current time (accurate to the minute) as a pseudo-random number seed to generate a random number as an encryption key to encrypt MSG2, and obtains the encrypted information MSG3 as "ofnsdyqHGDshd846HDl2";
[0169] (7) The server passes MSG3 to the SDK, and then the server's backend billing system decrements the number of uses by 1, leaving 9 uses;
[0170] (8) The SDK uses the current time (accurate to the minute) as a pseudo-random number seed to generate a random number as a decryption key to decrypt MSG3 and obtain the information "r;UBNBSDYUYSIAD"; based on the information "r", the SDK obtains the instruction to perform subsequent calculations and embeds the encoded information "UBNBSDYUYSIAD" into the image to obtain a watermarked image.
[0171] In another example, taking the use of an SDK to detect the location of faces in an image as an example, specifically, before using the SDK, the user needs to register permissions on the server side, enabling the SDK's ability to detect face locations. The server records the SDK's deployment information in the database, namely the MAC address of the deployed computer, the computer's local name, and the network IP address used. After registration, the server provides the SDK with a usage permission key, which can only be used by this SDK.
[0172] (1) When a user of the SDK calls the SDK's face location calculation capability, the input parameters are a color image and a key. The SDK first calculates the MD5 value of the color image. Assuming the MD5 value of the input color image is "603F52D844017E83CA267751FEE5B61B", the SDK obtains the MAC address of the deployment machine, assuming it is "0800200A8C6D", and the SDK obtains the network IP address of the deployment machine, "10.23.11.3". Assuming the key is "ppzXDHgas756HHgdshb", the SDK then performs grayscale downsampling on the color image and Base64 encoding on the grayscale downsampling image, resulting in "YmluYXJ5AHN0cmluZw==". Combining the above information, a new string is formed: "603F52D844017E83CA267751FEE5B61B;0800200A8C6D;10.23.11.3;ppzXDHgas756HHgdshb;YmluYXJ5AHN0cmluZw==;face_detect". Using the current time (accurate to the minute) as a pseudo-random number seed, a random number is generated and used as the encryption key to encrypt the above string, resulting in the encoded information MSG1 as "hhzooawnHasdMyqw8236GSl023jhBSBBsq";
[0173] (2) The SDK passes MSG1 to the server;
[0174] (3) When the server receives MSG1, it uses the current time (accurate to the minute) as a pseudo-random number seed to generate a random number for decryption. The MSG1 is then decrypted to obtain the merged string: "603F52D844017E83CA267751FEE5B61B;0800200A8C6D;10.23.11.3;ppzXDHgas756HHgdshb;YmluYXJ5AHN0cmluZw==;face_detect". This information is saved and can be used to review and trace the call request. The MD5 of the file can be used to trace the embedded information.
[0175] (4) The server requests the use of the face detection and localization module (face_detect) based on the key information. The query table shows that the SDK has the right to use face detection capabilities, and the deployed machine and network are also legal.
[0176] (5) The server restores the Base64 encoded image, then performs contour calculation on the image, converts the contour image into Base64 encoded “5oiR5piv5LiA5Liq5YW1”, and generates a return string MSG2 “r;5oiR5piv5LiA5Liq5YW1”, where “r” indicates that the SDK authentication was successful.
[0177] (6) The server uses the current time (accurate to the minute) as a pseudo-random number seed to generate a random number as an encryption key to encrypt MSG2, and obtains the encrypted information MSG3 as "ofnsdyqHGDshd846HDl2";
[0178] (7) The server passes MSG3 to the SDK;
[0179] (8) The SDK uses the current time (accurate to the minute) as a pseudo-random number seed to generate a random number as a decryption key, decrypts MSG3, and obtains the information "r; 5oiR5piv5LiA5Liq5YW1"; based on the information "r", the SDK obtains the instruction to perform subsequent calculations, converts the Base64 encoded "5oiR5piv5LiA5Liq5YW1" into a contour image, and with the help of the contour image, the SDK calculates the position of the face in the color image.
[0180] In another example, taking the SDK's deep learning-based image classification module as an example, specifically, before using the SDK, the user needs to register permissions on the server to enable the SDK's image classification capabilities. The server records the SDK's deployment information in the database, namely the MAC address of the deployed computer, the computer's local name, and the network IP address used. After registration, the server provides the SDK with a usage permission key, which can only be used by this SDK.
[0181] (1) When a user of the SDK calls the SDK's image classification capability, the input parameters are a color image and a key. The SDK first calculates the MD5 value of the color image. Assuming the MD5 value of the input color image is "603F52D844017E83CA267751FEE5B61B", the SDK obtains the MAC address of the deployment machine, assuming it is "0800200A8C6D", and the SDK obtains the network IP address of the deployment machine, "10.23.11.3". Assuming the key is "ppzXDHgas756HHgdshb", the SDK then performs grayscale downsampling on the color image and Base64 encoding on the downsampled image, resulting in "YmluYXJ5AHN0cmluZw==". Combining the above information, a new string is formed: "603F52D844017E83CA267751FEE5B61B;0800200A8C6D;10.23.11.3;ppzXDHgas756HHgdshb;YmluYXJ5AHN0cmluZw==;image_classification". Using the current time (accurate to the minute) as a pseudo-random number seed, a random number is generated and used as the encryption key to encrypt the above string, resulting in the encoded information MSG1 as "hhzooawnHasdMyqw8236GSl023jhBSBBsq";
[0182] (2) The SDK passes MSG1 to the server;
[0183] (3) When the server receives MSG1, it uses the current time (accurate to the minute) as a pseudo-random number seed to generate a random number for decryption. The MSG1 is then decrypted to obtain the merged string: "603F52D844017E83CA267751FEE5B61B;0800200A8C6D;10.23.11.3;ppzXDHgas756HHgdshb;YmluYXJ5AHN0cmluZw==;image_classification". This information is saved and can be used to review and trace the call request. The MD5 of the file can be used to trace the embedded information.
[0184] (4) The server requests the image classification module based on the key information. The query table shows that the SDK has the right to use face detection capabilities, and the deployed machine and network are also legal.
[0185] (5) The server restores the Base64 encoded image and then performs preliminary feature point extraction on the image. The extracted feature point information is “5oiR5piv5LiA5Liq5YW1”, and generates a return string MSG2 “r;5oiR5piv5LiA5Liq5YW1”, where “r” indicates that the SDK authentication was successful.
[0186] (6) The server uses the current time (accurate to the minute) as a pseudo-random number seed to generate a random number as an encryption key to encrypt MSG2, and obtains the encrypted information MSG3 as "ofnsdyqHGDshd846HDl2";
[0187] (7) The server passes MSG3 to the SDK;
[0188] (8) The SDK uses the current time (accurate to the minute) as a pseudo-random number seed to generate a random number as a decryption key to decrypt MSG3 and obtain the information "r; 5oiR5piv5LiA5Liq5YW1"; based on the information "r", the SDK obtains the instruction to perform subsequent calculations, inputs the preliminary feature point information "5oiR5piv5LiA5Liq5YW1" and the color image into the neural network, and calculates the classification result.
[0189] It should be noted that in the above example, only the time information is used to generate the encryption key and decryption key. It can be understood that the key can also be generated by using the time information and a preset key, or by directly using the preset key, the time information and other parameters. This application embodiment does not limit this.
[0190] It should be noted that, for the sake of simplicity, the method embodiments are all described as a series of actions. However, those skilled in the art should understand that the embodiments of this application are not limited to the described order of actions, because according to the embodiments of this application, some steps can be performed in other orders or simultaneously. Secondly, those skilled in the art should also understand that the embodiments described in the specification are all preferred embodiments, and the actions involved are not necessarily required by the embodiments of this application.
[0191] Reference Figure 6 This diagram illustrates a structural block diagram of a data processing apparatus provided in an embodiment of this application, which is applied to an SDK and may specifically include the following modules:
[0192] The information acquisition module 601 is used to respond to the call operation for the preset functional module, acquire the device information of the device to which the SDK belongs, and the input parameters corresponding to the functional module;
[0193] The encoding information generation module 602 is used to generate first encoding information based on the input parameters and the device information, and send the first encoding information to the server. The server is used to authenticate the SDK based on the first encoding information and return second encoding information for the input parameters.
[0194] The calculation result generation module 603 is used to perform calculations based on the second encoding information to generate a calculation result corresponding to the input parameters.
[0195] In one optional embodiment of this application, the encoded information generation module 602 includes:
[0196] An encryption key determination submodule is used to obtain a first encryption key for the input parameters and the device information;
[0197] The encoding information generation submodule is used to encrypt the input parameters and the device information using the first encryption key, generate first encoding information, and send the first encoding information to the server.
[0198] In one optional embodiment of this application, the calculation result generation module 603 includes:
[0199] The decryption key determination submodule is used to obtain the first decryption key for the second encoded information;
[0200] The data identifier generation submodule is used to decrypt the second encoded information using the first decryption key to obtain a first data identifier for the input parameter;
[0201] The calculation result generation submodule is used to perform calculations using the first data identifier to generate calculation results corresponding to the input parameters.
[0202] In one optional embodiment of this application, the input parameters include at least a target object, initial feature information corresponding to the target object, and the identity key of the SDK; the device information includes at least a device address and a network address, and the encoding information generation submodule is specifically used for:
[0203] Obtain the functional information of the aforementioned functional modules;
[0204] The initial feature information, the device address, the network address, the identity key, and the functional information are concatenated to generate a second data identifier;
[0205] The second data identifier is encrypted using the first encryption key to generate first encoded information, and the first encoded information is sent to the server.
[0206] The server is configured to authenticate the SDK successfully based on the device address, the network address, the identity key, and the functional information, and then generate second encoded information for the target object based on the initial feature information.
[0207] In an optional embodiment of this application, the first data identifier includes at least an authentication result identifier and target feature information corresponding to the initial feature information, and the calculation result generation submodule is specifically used for:
[0208] If the authentication result identifier indicates that the SDK authentication is successful, then the target object is processed using the target feature information to generate a calculation result corresponding to the input parameters.
[0209] Reference Figure 7 This diagram illustrates a structural block diagram of a data processing apparatus provided in an embodiment of this application, which is applied to a server and may specifically include the following modules:
[0210] The encoding information acquisition module 701 is used to acquire the first encoding information sent by the SDK, the first encoding information including at least input parameters and device information;
[0211] The encoding information generation module 702 is used to authenticate the SDK based on the input parameters and the device information, and generate second encoding information for the input parameters;
[0212] The encoding information sending module 703 is used to send the second encoding information to the SDK, and the SDK is used to perform calculations based on the second encoding information to generate calculation results for the input parameters.
[0213] In one optional embodiment of this application, the input parameters include at least the identity key of the SDK, functional information corresponding to the input parameters, and initial feature information corresponding to the target object, and the encoded information generation module 702 includes:
[0214] The authentication result generation submodule is used to match the identity key, the functional information, and the device information with a preset SDK management form to generate an authentication result for the SDK.
[0215] The result identifier generation submodule is used to generate an authentication result identifier for the initial feature information if the authentication result indicates that the SDK is valid.
[0216] The encoding information determination submodule is used to determine the second encoding information for the input parameters using the initial feature information and the authentication result identifier.
[0217] In one optional embodiment of this application, the authentication result generation submodule is specifically used for:
[0218] Obtain the second decryption key for the first encoded information;
[0219] The first encoded information is decrypted using the second decryption key to obtain a second data identifier. The second data identifier includes at least the identity key of the SDK, the functional information corresponding to the input parameters, the initial feature information, and the device address and network address of the device to which the SDK belongs.
[0220] The identity key, the function information, the device address, and the network address are matched with a preset SDK management form to generate an authentication result for the SDK.
[0221] In one optional embodiment of this application, the encoding information determination submodule is specifically used for:
[0222] The initial feature information is encoded to generate target feature information;
[0223] The authentication result identifier is concatenated with the target feature information to generate a first data identifier for the target object;
[0224] Obtain the second encryption key for the first data identifier;
[0225] The first data identifier is encrypted using the second encryption key to generate second encoded information for the target object.
[0226] In one optional embodiment of this application, the authentication result generation submodule is specifically used for:
[0227] The identity key is used to query the SDK's permission information from the preset SDK management form;
[0228] If the permission information indicates that the SDK has the permission to use the function corresponding to the function information, and the SDK management form contains the device address and network address corresponding to the SDK, then an authentication result is generated to indicate that the SDK is legitimate.
[0229] In one optional embodiment of this application, it further includes:
[0230] The permission information update module is used to update the permission information corresponding to the SDK in the SDK management form in response to detecting that the second encoded information is sent to the SDK;
[0231] The permission information includes at least one of the remaining number of uses of the SDK and the remaining usage time.
[0232] As the device embodiment is basically similar to the method embodiment, the description is relatively simple, and relevant parts can be found in the description of the method embodiment.
[0233] This application also provides an electronic device, including:
[0234] One or more processors; and
[0235] A computer-readable storage medium having instructions stored thereon, which, when executed by the one or more processors, causes the electronic device to perform the methods described in the embodiments of this application.
[0236] This application also provides a computer-readable storage medium storing instructions that, when executed by one or more processors, cause the processors to perform the methods described in this application.
[0237] This application also provides a software product, including a computer program / instructions, wherein when the computer program / instructions are executed, the method described in this application is performed.
[0238] The various embodiments in this specification are described in a progressive manner, with each embodiment focusing on the differences from other embodiments. The same or similar parts between the various embodiments can be referred to each other.
[0239] Those skilled in the art will understand that embodiments of this application can be provided as methods, apparatus, or computer program products. Therefore, embodiments of this application can take the form of entirely hardware embodiments, entirely software embodiments, or embodiments combining software and hardware aspects. Furthermore, embodiments of this application can take the form of computer program products embodied on one or more machine-readable media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.
[0240] This application describes embodiments with reference to flowchart illustrations and / or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of this application. It should be understood that each block of the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, special-purpose computer, embedded processor, or other programmable data processing terminal device to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal device, generate instructions for implementing the flowchart illustrations. Figure 1 One or more processes and / or boxes Figure 1 A device that provides the functions specified in one or more boxes.
[0241] These computer program instructions may also be stored in a computer-readable storage medium that can direct a computer or other programmable data processing terminal device to operate in a particular manner, such that the instructions stored in the computer-readable storage medium produce an article of manufacture including instruction means, which are implemented in a process Figure 1 One or more processes and / or boxes Figure 1 The function specified in one or more boxes.
[0242] These computer program instructions can also be loaded onto a computer or other programmable data processing terminal equipment, causing a series of operational steps to be performed on the computer or other programmable terminal equipment to produce a computer-implemented process, thereby providing instructions that execute on the computer or other programmable terminal equipment for implementing the process. Figure 1 One or more processes and / or boxes Figure 1 The steps of the function specified in one or more boxes.
[0243] Although preferred embodiments of the present application have been described, those skilled in the art, upon learning the basic inventive concept, can make other changes and modifications to these embodiments. Therefore, the appended claims are intended to be interpreted as including the preferred embodiments as well as all changes and modifications falling within the scope of the embodiments of the present application.
[0244] Finally, it should be noted that in this document, relational terms such as "first" and "second" are used only to distinguish one entity or operation from another, and do not necessarily require or imply any such actual relationship or order between these entities or operations. Furthermore, the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or terminal device that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or terminal device. Without further limitations, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or terminal device that includes said element.
[0245] The above provides a detailed description of a data processing method and a data processing apparatus provided in this application. Specific examples have been used to illustrate the principles and implementation methods of this application. The description of the above embodiments is only for the purpose of helping to understand the method and core ideas of this application. At the same time, for those skilled in the art, there will be changes in the specific implementation methods and application scope based on the ideas of this application. Therefore, the content of this specification should not be construed as a limitation of this application.
Claims
1. A data processing method, characterized in that, Applied to the SDK, the method includes: In response to a call to a preset functional module, the device information of the device to which the SDK belongs, as well as the input parameters corresponding to the functional module, are obtained. Based on the input parameters and the device information, first encoded information is generated and sent to the server. The server is used to authenticate the SDK based on the first encoded information and return second encoded information for the input parameters. The calculation is performed based on the second encoded information to generate a calculation result corresponding to the input parameters.
2. The method according to claim 1, characterized in that, The step of generating first encoded information based on the input parameters and the device information, and sending the first encoded information to the server, includes: Obtain a first encryption key for the input parameters and the device information; The input parameters and device information are encrypted using the first encryption key to generate first encoded information, which is then sent to the server.
3. The method according to claim 1, characterized in that, The step of calculating based on the second encoded information to generate a calculation result corresponding to the input parameters includes: Obtain the first decryption key for the second encoded information; The first decryption key is used to decrypt the second encoded information to obtain a first data identifier for the input parameter; The first data identifier is used for calculation to generate a calculation result corresponding to the input parameters.
4. The method according to claim 2, characterized in that, The input parameters include at least a target object, initial feature information corresponding to the target object, and the identity key of the SDK; the device information includes at least a device address and a network address; encrypting the input parameters and the device information using the first encryption key to generate first encoded information, and sending the first encoded information to the server includes: Obtain the functional information of the aforementioned functional modules; The initial feature information, the device address, the network address, the identity key, and the functional information are concatenated to generate a second data identifier; The second data identifier is encrypted using the first encryption key to generate first encoded information, and the first encoded information is sent to the server. The server is configured to authenticate the SDK successfully based on the device address, the network address, the identity key, and the functional information, and then generate second encoded information for the target object based on the initial feature information.
5. The method according to claim 3, characterized in that, The input parameters include at least a target object and initial feature information corresponding to the target object. The first data identifier includes at least an authentication result identifier and target feature information corresponding to the initial feature information. The step of using the first data identifier to perform calculations and generate a calculation result corresponding to the input parameters includes: If the authentication result identifier indicates that the SDK authentication is successful, then the target object is processed using the target feature information to generate a calculation result corresponding to the input parameters.
6. A data processing method, characterized in that, Applied to the server side, the method includes: Obtain the first encoded information sent by the SDK, wherein the first encoded information includes at least input parameters and device information; The SDK is authenticated based on the input parameters and the device information, and second encoded information for the input parameters is generated. The second encoded information is sent to the SDK, which is used to perform calculations based on the second encoded information to generate calculation results for the input parameters.
7. The method according to claim 6, characterized in that, The input parameters include at least the SDK's identity key, functional information corresponding to the input parameters, and initial feature information corresponding to the target object. The step of authenticating the SDK based on the input parameters and the device information, and generating second encoded information for the input parameters, includes: The identity key, the functional information, and the device information are matched with a preset SDK management form to generate an authentication result for the SDK; If the authentication result indicates that the SDK is valid, then an authentication result identifier for the initial feature information is generated; Using the initial feature information and the authentication result identifier, second encoding information for the input parameters is determined.
8. The method according to claim 7, characterized in that, The step of matching the identity key, the functional information, and the device information with a preset SDK management form to generate an authentication result for the SDK includes: Obtain the second decryption key for the first encoded information; The first encoded information is decrypted using the second decryption key to obtain a second data identifier. The second data identifier includes at least the identity key of the SDK, the functional information corresponding to the input parameters, the initial feature information, and the device address and network address of the device to which the SDK belongs. The identity key, the function information, the device address, and the network address are matched with a preset SDK management form to generate an authentication result for the SDK.
9. The method according to claim 7 or 8, characterized in that, The step of determining the second encoding information for the input parameters using the initial feature information and the authentication result identifier includes: The initial feature information is encoded to generate target feature information; The authentication result identifier is concatenated with the target feature information to generate a first data identifier for the target object; Obtain the second encryption key for the first data identifier; The first data identifier is encrypted using the second encryption key to generate second encoded information for the target object.
10. The method according to claim 8, characterized in that, The step of matching the identity key, the functional information, the device address, and the network address with a preset SDK management form to generate an authentication result for the SDK includes: The identity key is used to query the SDK's permission information from the preset SDK management form; If the permission information indicates that the SDK has the permission to use the function corresponding to the function information, and the SDK management form contains the device address and network address corresponding to the SDK, then an authentication result is generated to indicate that the SDK is legitimate.
11. The method according to claim 10, characterized in that, Also includes: In response to detecting that the second encoded information has been sent to the SDK, update the permission information corresponding to the SDK in the SDK management form; The permission information includes at least one of the remaining number of uses of the SDK and the remaining usage time.
12. A data processing apparatus, characterized in that, Applied to the SDK, the device includes: The information acquisition module is used to respond to the call operation for the preset functional module, acquire the device information of the device to which the SDK belongs, and the input parameters corresponding to the functional module; The encoding information generation module is used to generate first encoding information based on the input parameters and the device information, and send the first encoding information to the server. The server is used to authenticate the SDK based on the first encoding information and return second encoding information for the input parameters. The calculation result generation module is used to perform calculations based on the second encoded information to generate calculation results corresponding to the input parameters.
13. A data processing apparatus, characterized in that, Applied to the server side, the device includes: The encoding information acquisition module is used to acquire the first encoding information sent by the SDK, wherein the first encoding information includes at least input parameters and device information. The encoding information generation module is used to authenticate the SDK based on the input parameters and the device information, and generate second encoding information for the input parameters; The encoding information sending module is used to send the second encoding information to the SDK, and the SDK is used to perform calculations based on the second encoding information to generate calculation results for the input parameters.
14. A software product comprising a computer program / instructions, wherein, When the computer program / instructions are executed, the method described in any one of claims 1-5 or 6-11 is performed.