Specific embodiment
In being described below, for illustration and not for limitation, the tool of such as particular system structure, technology etc is proposedBody details, to understand thoroughly the embodiment of the present invention.However, it will be clear to one skilled in the art that there is no these specificThe present invention also may be implemented in the other embodiments of details.In other situations, it omits to well-known system, device, electricityThe detailed description of road and method, in case unnecessary details interferes description of the invention.
In order to illustrate technical solutions according to the invention, the following is a description of specific embodiments.
It is the signal of the interface security control method in a kind of network security provided in an embodiment of the present invention referring to Fig. 1, Fig. 1Flow chart is illustrated by taking the triggering of the angle of HTTP gateway as an example in this embodiment, here, the basic function of HTTP gatewayIt is all HTTP requests for receiving client and sending, the micro services interface of rear end is then forwarded to, as all requests of public networkEntrance, what can be made requests is uniformly controlled.As shown in Figure 1, in this embodiment, the treatment process of HTTP gateway may includeFollowing steps:
S101: the HTTP request that client is sent is received, the HTTP request is parsed, obtains URI.
Here, user can send HTTP by client (application program of mobile phone (Application, App), webpage etc.)HTTP gateway is requested, HTTP gateway receives above-mentioned HTTP request, parses the HTTP request, obtains uniform resource identifier URI.Wherein, HTTP request is the request message from client to server end, comprising: in message first trip, to the requesting method of resource,The identifier of resource and the agreement used.URI is one for identifying the character string of a certain Internet resources, i.e., a certain internetThe identifier of resource, available every kind of resource on internet, such as HyperText Markup Language (HyperText MarkupLanguage, HTML) document, image, video clip, program etc. be identified by a universal resource identifier URI.With HTMLFor document, it is assumed that all html documents have unique number, are denoted as html:xxxxx, and xxxxx is a character string, i.e.,The identifier of html document, this energy one html document of unique identification, then this identifier is exactly a URI.
Specifically, before sending HTTP request to HTTP gateway by client, being logged in can just hold userRow follow-up process.User by client send logging request, the request carry user information, HTTP gateway receive it is above-mentionedAfter logging request, the user information that above-mentioned logging request carries is inquired in the user information prestored to be allowed to use if inquiredFamily logs in, and does not otherwise allow user to log in.User after logging in the success of HTTP gateway by client, issue to user by HTTP gatewayOne TOKEN (token) of cloth.
Here, client can be with to the communications protocol of HTTP gateway and the communications protocol of HTTP gateway to micro services interfaceArbitrarily displacement.Under the weak net environment of mobile Internet, HTTP2.0 communications protocol, such client to HTTP can be replaced intoThe performance of gateway will become more preferably, and delay becomes very low.
S102: determine that the corresponding security strategy of the URI, the security strategy include signature check, subscription authentication, playbackOne of verification and black and white lists verification are a variety of.
Specifically, HTTP gateway can prestore the corresponding relationship of URI Yu micro services interface, be determined according to the relationship above-mentionedThe corresponding micro services interface of URI, obtains the demand for security of the micro services interface, and available above-mentioned HTTP request is corresponding asksThe demand for security of resource and the demand for security of present communications network are asked, according to the demand for security of micro services interface, HTTP request pairThe demand for security for the request resource answered and the demand for security of present communications network, determine the corresponding security strategy of above-mentioned URI.Such as: the security strategy of URI (/test/security) configuration is signature check and user authentication, when URI is /test/When gateway is passed through in the request of security, gateway can carry out signature check to the request and the security strategy of user authentication verifies.The security strategy includes signature check, subscription authentication, playback verification, black and white lists verification etc..Here, security strategy can be withIt is arranged according to the actual situation, that is, supports customized any interception to request.
S103: the HTTP request is verified according to the security strategy.
Here, HTTP gateway verifies received above-mentioned HTTP request based on the security strategy of above-mentioned determination.
Specifically, above-mentioned HTTP request can carry digital signature, which is to send the visitor of above-mentioned HTTP requestFamily end passes through the digital signature that associated digital signature algorithm carries out above-mentioned HTTP request.If above-mentioned security strategy is signature schoolIt tests, it may include: that HTTP gateway obtains the number label saved that HTTP gateway, which carries out signature check to received above-mentioned HTTP request,Name algorithm, client and HTTP gateway consult Digital Signature Algorithm here, using same Digital Signature Algorithm to above-mentioned HTTPRequest is digitally signed.HTTP gateway carries out digital label to received above-mentioned HTTP request according to the Digital Signature Algorithm of preservationName, the digital signature of acquisition is compared with the digital signature that above-mentioned HTTP request carries, if unanimously, passing through school of signingIt tests, if passing through verification, it was demonstrated that above-mentioned HTTP request is not tampered with.
Here, above-mentioned HTTP request can also carry TOKEN, and TOKEN is that above-mentioned user logs in by client hereAfter the success of HTTP gateway, a TOKEN that HTTP gateway is promulgated to user.If above-mentioned security strategy is subscription authentication, HTTPIt may include: that the above-mentioned received HTTP request of HTTP gateway detection is that gateway, which carries out subscription authentication to received above-mentioned HTTP request,No carrying TOKEN, if carrying TOKEN illustrates that user is to pass through subscription authentication by associated authorization.
If above-mentioned security strategy is to reset verification, HTTP gateway carries out playback verification to received above-mentioned HTTP request canTo include: HTTP gateway Test database, such as the digital signature of above-mentioned HTTP request carrying whether is stored in Redis, ifIt does not store in Redis, is verified by resetting.Here the micro- of HTTP request and rear end is initiated by client for the first time in userAfter service interface carries out information exchange, the digital signature of HTTP request can be deposited into database by HTTP gateway, if thisHTTP request is re-requested by hacker's packet capturing, by comparing with the information stored in database, if having existed, then tableShow that the request is to reset.
Specifically, above-mentioned HTTP request can also carry user information, if above-mentioned security strategy is black and white lists verification,It may include: HTTP gateway in the user information prestored that HTTP gateway, which carries out black and white lists verification to received above-mentioned HTTP request,The user information that blacklist inquiry above-mentioned HTTP request carries illustrates not to be black list user, by black if do not inquiredWhite list verification.
S104: if the HTTP request passes through security strategy and verifies, it is determined that the corresponding current limliting strategy of the URI.
Here, HTTP gateway can prestore the corresponding relationship of URI Yu current limliting strategy, determine above-mentioned URI pairs according to the relationshipThe current limliting strategy answered, such as: the calling frequency that URI (/test/flow-limit) configures interface thus is 1000 times per minute,When URI is /request of test/flow-limit pass through gateway when, gateway can check whether the request call frequency is more than every pointClock 1000 times, related prompt message is returned to if being more than, if not above subsequent step can be executed.Wherein, the purpose of current limlitingBe speed limit is carried out to protect system by the request carried out in speed limit or a time window to concurrent access/request, onceService can be refused, be lined up or wait, degrade by reaching limiting speed then.
Specifically current limliting strategy may include: the total number of concurrent of limitation, the instantaneous number of concurrent of limitation, limit putting down in time windowEqual rate etc., in addition it can according to number of network connections, network flow, server load etc. come current limliting.
If verified not over security strategy, HTTP gateway returns to relevant error information to client, and can be by phaseThe error result answered is counted, and database is synchronized to, and the displaying of safe multi-dimensional report can be carried out according to these data.
S105: the HTTP request is verified according to the current limliting strategy.
Here, above-mentioned HTTP request is verified according to determining current limliting strategy, if verification passes through, after can executingContinuous step stops operation if verification does not pass through, and the prompt of current limliting policy check failure can be generated, and the prompt is sentTo above-mentioned client.
S106: if the HTTP request passes through current limliting policy check, it is determined that the corresponding micro services interface of the URI, it willThe HTTP request is forwarded to the micro services interface.
Specifically, HTTP gateway can prestore the corresponding relationship of URI Yu micro services interface, if above-mentioned HTTP request meetsCurrent limliting strategy, HTTP gateway check the corresponding micro services interface of above-mentioned URI by above-mentioned relation, above-mentioned HTTP request are forwardedTo the micro services interface.
S107: the response that the micro services interface returns is received, and the response is sent to the client.
Here, above-mentioned micro services interface above-mentioned HTTP request returns to relevant response and gives HTTP gateway, and HTTP gateway existsAfter the relevant response for receiving micro services interface, relevant response is returned into client.
If HTTP gateway does not receive the relevant response of micro services interface return, Ke Yizai by prefixed time intervalIt is secondary to execute the above-mentioned the step of HTTP request is forwarded to the micro services interface, the phase until receiving the return of micro services interfaceClose response.
Here, each function of above-mentioned HTTP gateway can be realized by Filter mechanism, while can also be by making by oneselfAdopted Filter carrys out the common logic of arbitrary extension HTTP gateway different business.
It is evidenced from the above discussion that the interface security control method in the network security of the embodiment of the present invention, it can be to public networkRequest is intercepted, is verified, and realization is uniformly controlled micro services interface security, and outer net is avoided directly to hand over micro services interfaceMutually, guarantee micro services interface security, while being conducive to the tightening and adjustment after micro services to micro services interface authority, be suitble to answerWith.
Referring to Fig. 2, Fig. 2 be another embodiment of the present invention provides a kind of network security in interface security control methodSchematic flow diagram.The difference of embodiment corresponding with Fig. 1 is: the corresponding security strategy of the determination URI can wrapInclude S202.Wherein S201 is identical as the S101 in a upper embodiment, S103~S107 in S203~S207 and a upper embodimentIt is identical, referring specifically to S101, S103 in above-described embodiment~S107 associated description, do not repeat herein.Specifically, S202 canTo include S2021~S2022:
S2021: the safety of the demand for security, the corresponding request resource of the HTTP request that obtain the micro services interface needsIt asks and the demand for security of present communications network.
Here it is possible to prestore the corresponding relationship of micro services interface and demand for security, request resource is corresponding with demand for securityThe corresponding relationship of relationship and communication network and demand for security obtains the safe need of above-mentioned micro services interface according to above-mentioned relationAsk, above-mentioned HTTP request it is corresponding request resource demand for security and present communications network demand for security.
S2022: according to the demand for security of the micro services interface, the safe need of the corresponding request resource of the HTTP requestIt asks and the demand for security of the present communications network, determines the corresponding security strategy of the URI.
Specifically, for example, above-mentioned micro services interface requirement access data it is accurate, by authorization etc., can determine above-mentioned URICorresponding security strategy includes signature check and subscription authentication etc., and the relative users of the corresponding request resource of above-mentioned HTTP request areLegitimate user determines that the corresponding security strategy of above-mentioned URI includes black and white lists verification.Present communications network is required to be not present and be resetAttack determines that the corresponding security strategy of above-mentioned URI includes resetting verification.
Optionally, the interface security control method in above-mentioned network security further include:
Label is added in the HTTP request, according to the label, records the security strategy verification of the HTTP requestThe corresponding relationship of process and current limliting policy check process and the HTTP request and the micro services interface
Here, the request that gateway receives can be very much, when needing to some request tracing, can enter net in the requestGuan Shi, adds a label, and the movement for the associated safety that gateway does above-mentioned request in gateway according to the label records, i.e.,Record which micro services interface above-mentioned request by gateway has invoked and carried out which security strategy, current limliting strategy is heldRow.
Specifically, if the new system of online support micro services, the interface of new system need to carry out safety-related matchIt sets, public network can access the interface of new system.For example, the corresponding security strategy of configuration/api/new-system/** and current limlitingStrategy includes: signature check, and -- > resetting verification -- > prevents the -- > subscription authentication -- verification of > black and white lists -- > limit of parameter SQL injectionInterface processed calls frequency.When the URI of HTTP request is with all requests of/api/new-system/ beginning, can be stamped for requestLabel (entirely requests all security strategies executed, current limliting strategy according to the label record and has invoked which micro services connectsMouthful), the associated check made requests in the order described above, if not passing through in any one link check, then request will not flowEnter into the application of micro services, background data center can be recorded in corresponding information.It here, can be with by the label stampedRecord request has passed through those verifications, not over information such as which verifications, so as to form safe base report.
Referring to Fig. 3, the interface security control method in a kind of network security that Fig. 3 provides for yet another embodiment of the inventionSchematic flow diagram.The difference of the present embodiment and above-described embodiment is S301~S302, S303~S308 and a upper embodimentIn S103~S107 it is identical, referring specifically to the associated description of S103~S107 in above-described embodiment, do not repeat herein.This realityThe interface security control method applied in the network security in example can also include:
S301: receiving the HTTP request that client is sent, and carries out structuring to the parameters in the HTTP request and looks intoAsk language (Structured Query Language, SQL) syntax check.
Here, above-mentioned SQL syntax inspection is to check in above-mentioned HTTP request and attack with the presence or absence of SQL injection, whereinSQL injection is exactly to be finally reached the SQL that spoofing server executes malice by the way that sql command is inserted into the places such as HTTP headerOrder.Specifically, it is that the sql command of malice is injected into the execution of background data base engine using existing applicationAbility.SQL injection harm is huge, can data in the case where without permission in operating database, including read, distort,The behaviors such as addition and deletion.
S302: if SQL statement is all not present in the parameters of the HTTP request, the HTTP request is parsed, is obtainedObtain URI.
Specifically, to SQL syntax inspection is carried out in above-mentioned HTTP request, if one or more ginsengs of above-mentioned HTTP requestThere are SQL statements in number, then, it is malicious user that judging above-mentioned HTTP request, there are SQL injection attacks, if above-mentioned HTTP is askedSQL statement is all not present in the parameters asked, judges that above-mentioned HTTP request there is no SQL injection attack, can execute subsequentStep prevents the SQL injection risk of interface.
Optionally, above-mentioned HTTP request can carry digital signature and user information etc., above-mentioned according to the security strategyCarrying out verification to the HTTP request may include:
The security strategy is signature check, is digitally signed by prestoring algorithm to the HTTP request;
If the digital signature obtained is consistent with the digital signature that the HTTP request carries, determine that the HTTP request is logicalCross signature check.
Here, received user's HTTP request is sended over from client, will before client initiates requestThe request body of HTTP has carried out digital signature by related algorithm, and when request touching reaches HTTP gateway, HTTP uses same algorithmDigital signature is carried out to the request, whether the front and back signature for verifying HTTP request is consistent.If inconsistent, judgement is asking for forgeryIt asks, not over signature check.If consistent, by signature check, prevent request to be tampered, guarantee the correctness of subsequent processing.
Or
The security strategy is subscription authentication, detects whether the HTTP request carries token, and the token is logical for userIt crosses the client and logs in the token successfully obtained afterwards;
If the HTTP request carries the token, determine that the HTTP request passes through subscription authentication.
Specifically, user needs to carry out login process before entering HTTP gateway by client, logs in userAfter certification, HTTP gateway can give user promulgate a TOKEN, when user carries out other requests, HTTP gateway will toThe TOKEN that family is promulgated is verified, and judges whether user passes through associated authorization.If above-mentioned request carries what HTTP gateway was promulgatedTOKEN determines that user passes through associated authorization, can execute follow-up process, otherwise, it is determined that user does not pass through associated authorization, refuseFollow-up process is executed absolutely, is avoided user from executing relevant operation without permission, is caused security risk.
Or
The security strategy is to reset verification, and the number label that the HTTP request carries whether are stored in Test databaseName;
If not storing the digital signature that the HTTP request carries in the database, determine that the HTTP request is logicalCross playback verification.
Here, the micro services interface for initiating HTTP request and rear end for the first time by client as user carries out information exchangeAfterwards, the digital signature of request can be stored in database, such as Redis by HTTP gateway, if this HTTP request is by hacker's packet capturingIt is re-requested, by the comparison signed in Redis, discovery is had existed, and can determine that the request is to reset, refusal is heldRow subsequent operation avoids hacker from obtaining corresponding information by packet capturing, causes information leakage.
Or
The security strategy is black and white lists verification, inquires the HTTP request in the user information blacklist prestored and takesThe user information of band;
If not inquiring the user information that the HTTP request carries in the user information blacklist prestored, determineThe HTTP request is verified by black and white lists.
Here, the source of black and white lists can configure backstage by HTTP gateway and obtain, generally can be by configuring user'sRelevant information carries out the configuration of black and white lists, such as: the user that discovery phone number is 12345678910 is hacker user, canWith by the information configuration, in blacklist, whether the user information that detection above-mentioned HTTP request carries is in user information blacklistIn, if not, being verified by black and white lists, if refusing this user and carrying out the association requests such as logging in, avoiding illegally usingFamily access obtains relevant information, meets using needs.
It should be understood that the size of the serial number of each step is not meant that the order of the execution order in above-described embodiment, each processExecution sequence should be determined by its function and internal logic, the implementation process without coping with the embodiment of the present invention constitutes any limitIt is fixed.
Corresponding to the interface security control method in network security described in foregoing embodiments, Fig. 4 shows of the invention realThe running environment schematic diagram of the interface security control program of example offer is provided.For ease of description, it illustrates only and the present embodiment phaseThe part of pass.
In the present embodiment, interface security control program 400 is installed and is run in terminal device 40.The terminalEquipment 40 can be mobile terminal, palm PC, server etc..The terminal device 40 may include, but be not limited only to, memory401, processor 402 and display 403.Fig. 4 illustrates only the terminal device 40 with component 401-403, it should be understood thatIt is, it is not required that implement all components shown, the implementation that can be substituted is more or less component.
The memory 401 can be the internal storage unit of the terminal device 40 in some embodiments, such as shouldThe hard disk or memory of terminal device 40.The memory 401 is also possible to the terminal device 40 in further embodimentsThe plug-in type hard disk being equipped on External memory equipment, such as the terminal device 40, intelligent memory card (Smart MediaCard, SMC), secure digital (Secure Digital, SD) card, flash card (Flash Card) etc..Further, described to depositReservoir 401 can also both including the terminal device 40 internal storage unit and also including External memory equipment.The memory401 for storing the application software and Various types of data for being installed on the terminal device 40, such as interface security control program400 program code etc..The memory 401 can be also used for temporarily storing the data that has exported or will export.
The processor 402 can be a central processing unit (Central Processing in some embodimentsUnit, CPU), microprocessor or other data processing chips, for run the program code stored in the memory 401 orHandle data, such as execute the interface security control program 400 etc..
The display 403 can be light-emitting diode display, liquid crystal display, touch control type LCD in some embodiments and showDevice and Organic Light Emitting Diode (Organic Light-Emitting Diode, OLED) touch device etc..The display 403For being shown in the information handled in the terminal device 40 and for showing visual user interface, such as application menuInterface, application icon interface etc..The component 401-403 of the terminal device 40 is in communication with each other by system bus.
Referring to Fig. 5, being the functional block diagram of interface security control program 400 provided in an embodiment of the present invention.In this realityIt applies in example, the interface security control program 400 can be divided into one or more modules, one or more of mouldsBlock is stored in the memory 401, and is held by one or more processors (the present embodiment is by the processor 402)Row, to complete the present invention.For example, the interface security control program 400 can be divided into HTTP request and connect in Fig. 5Receive unit 501, security strategy determination unit 502, security strategy verification unit 503, current limliting policy determining unit 504, current limliting planSlightly verification unit 505, micro services interface determination unit 506 and response transmission unit 507.The so-called unit of the present invention is to refer toThe series of computation machine program instruction section for completing specific function controls program more suitable for describing the interface security than program400 implementation procedure in the terminal device 40.The function of the module 501-507 will specifically be introduced by being described below.
Wherein, HTTP request receiving unit 501 parses the HTTP and asks for receiving the HTTP request of client transmissionIt asks, obtains URI.Security strategy determination unit 502, for determining that the corresponding security strategy of the URI, the security strategy includeOne of verification and black and white lists verification or a variety of are reset in signature check, subscription authentication.Security strategy verification unit 503 is usedIn being verified according to the security strategy to the HTTP request.Current limliting policy determining unit 504, if being asked for the HTTPIt asks and is verified by security strategy, it is determined that the corresponding current limliting strategy of the URI.Current limliting policy check unit 505, for according to instituteCurrent limliting strategy is stated to verify the HTTP request.Micro services interface determination unit 506, if passing through for the HTTP requestCurrent limliting policy check, it is determined that the HTTP request is forwarded to the micro services and connect by the corresponding micro services interface of the URIMouthful.Transmission unit 507 is responded, the response returned for receiving the micro services interface, and the response is sent to the visitorFamily end.
Optionally, the security strategy determination unit 502 can be divided into demand for security acquiring unit 5021 and peaceFull demand processing unit 5022.
Wherein, demand for security acquiring unit 5021, for obtaining the demand for security of the micro services interface, the HTTP is askedAsk the demand for security of corresponding request resource and the demand for security of present communications network.Demand for security processing unit 5022 is usedAccording to the demand for security of the corresponding request resource of the demand for security of the micro services interface, the HTTP request and describedThe demand for security of present communications network determines the corresponding security strategy of the URI.
Optionally, interface security control program 400 can also be divided into information recording unit 508.
Wherein, information recording unit 508, for adding label in the HTTP request, according to the label record instituteThe security strategy checking procedure and current limliting policy check process and the HTTP request for stating HTTP request connect with the micro servicesThe corresponding relationship of mouth.
Optionally, the HTTP request receiving unit 501 is also used to carry out the parameters in the HTTP requestSQL syntax inspection parses the HTTP request if SQL statement is all not present in the parameters of the HTTP request, obtainsURI。
Optionally, the HTTP request carries digital signature and user information.
The security strategy verification unit 503, if being also used to the security strategy is signature check, by prestoring calculationMethod is digitally signed the HTTP request;
If the digital signature obtained is consistent with the digital signature that the HTTP request carries, determine that the HTTP request is logicalCross signature check;
Or
If the security strategy is subscription authentication, detect whether the HTTP request carries token, the token is to useFamily logs in successfully obtain afterwards token by the client;
If the HTTP request carries the token, determine that the HTTP request passes through subscription authentication;
Or
If the security strategy is to reset verification, the number that the HTTP request carries whether is stored in Test databaseSignature;
If not storing the digital signature that the HTTP request carries in the database, determine that the HTTP request is logicalCross playback verification;
Or
If the security strategy is black and white lists verification, the HTTP is inquired in the user information blacklist prestored and is askedSeek the user information of carrying;
If not inquiring the user information that the HTTP request carries in the user information blacklist prestored, determineThe HTTP request is verified by black and white lists.
It is apparent to those skilled in the art that for convenience of description and succinctly, only with above-mentioned each functionCan unit, module division progress for example, in practical application, can according to need and by above-mentioned function distribution by differentFunctional unit, module are completed, i.e., the internal structure of described device is divided into different functional unit or module, more than completingThe all or part of function of description.Each functional unit in embodiment, module can integrate in one processing unit, can alsoTo be that each unit physically exists alone, can also be integrated in one unit with two or more units, it is above-mentioned integratedUnit both can take the form of hardware realization, can also realize in the form of software functional units.In addition, each function listMember, the specific name of module are also only for convenience of distinguishing each other, the protection scope being not intended to limit this application.Above systemThe specific work process of middle unit, module, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, is not described in detail or remembers in some embodimentThe part of load may refer to the associated description of other embodiments.
Those of ordinary skill in the art may be aware that list described in conjunction with the examples disclosed in the embodiments of the present disclosureMember and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actuallyIt is implemented in hardware or software, the specific application and design constraint depending on technical solution.Professional technicianEach specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceedThe scope of the present invention.
In embodiment provided by the present invention, it should be understood that disclosed device/terminal device and method, it can be withIt realizes by another way.For example, device described above/terminal device embodiment is only schematical, for example, instituteThe division of module or unit is stated, only a kind of logical function partition, there may be another division manner in actual implementation, such asMultiple units or components can be combined or can be integrated into another system, or some features can be ignored or not executed.SeparatelyA bit, shown or discussed mutual coupling or direct-coupling or communication connection can be through some interfaces, deviceOr the INDIRECT COUPLING or communication connection of unit, it can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unitThe component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multipleIn network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unitIt is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated listMember both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated module/unit be realized in the form of SFU software functional unit and as independent product sale orIn use, can store in a computer readable storage medium.Based on this understanding, the present invention realizes above-mentioned implementationAll or part of the process in example method, can also instruct relevant hardware to complete, the meter by computer programCalculation machine program can be stored in a computer readable storage medium, the computer program when being executed by processor, it can be achieved that onThe step of stating each embodiment of the method.Wherein, the computer program includes computer program code, the computer program generationCode can be source code form, object identification code form, executable file or certain intermediate forms etc..The computer-readable mediumIt may include: any entity or device, recording medium, USB flash disk, mobile hard disk, magnetic that can carry the computer program codeDish, CD, computer storage, read-only memory (Read-Only Memory, ROM), random access memory (RandomAccess Memory, RAM), electric carrier signal, telecommunication signal and software distribution medium etc..It should be noted that the meterThe content that calculation machine readable medium includes can carry out increase and decrease appropriate according to the requirement made laws in jurisdiction with patent practice,It such as does not include electric carrier signal and telecommunications according to legislation and patent practice, computer-readable medium in certain jurisdictionsSignal.
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations;Although referring to aforementioned realityApplying example, invention is explained in detail, those skilled in the art should understand that: it still can be to aforementioned eachTechnical solution documented by embodiment is modified or equivalent replacement of some of the technical features;And these are modifiedOr replacement, the spirit and scope for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution should allIt is included within protection scope of the present invention.