The present invention relates to the field of computer processing, and particularly to a method and a device of operating a functional module across platforms.
The functional modules of processing card data during transaction are generally present in the POS terminal system. Such functional modules usually comply with the uniform protocol standard, which is not related to the system platform and the programming language from the application logic and algorithm processing, such as, the payment protocol modules of the contact card and the non-contact card and the like. However, such modules need to be programmed and developed for the system in different terminal system platforms to implement the same functions or protocol standards, and need to submit certifications respectively, so that the process is very troublesome.
Accordingly, it is necessary to provide a method and a device of operating a functional module across platforms, which can be operated simply.
A method of operating a functional module across platforms, the method includes the steps of: obtaining a source code of the functional module, the source code of the functional module being a standard C code; compiling the source code to generate a plurality of intermediate files; link processing the plurality of intermediate files to generate an object file; loading the object file; and allocating a memory space for a bytecode in the object file and dividing the bytecode into a code segment and a data segment running in the memory space.
In an embodiment, after the step of allocating the memory space for the bytecode in the object file and dividing the bytecode into the code segment and the data segment running in the memory space; the method further includes: receiving a command of calling an API function in the object file; interpreting the command by an interpreter and calling the API function in the object file by the interpreter to execute the command; and indirectly calling a function in a host system by a system call mechanism of a virtual machine when the object file needs to call the function in the host system.
In an embodiment, prior to the step of loading the object file, the method further includes: extracting a file identifier in the object file; and verifying whether the object file is valid or not according to the file identifier; if yes, loading the object file.
In an embodiment, after the step of link processing the plurality of intermediate files to generate the object file; the method further includes: encrypting the object file by using an RSA encryption algorithm; the RSA encryption algorithm comprising a public key and a private key; wherein signing the object file by using the private key in RSA, and verifying a signature of the object file by using the public key in RSA.
In an embodiment, the method further includes: controlling an authority of the object file to access a function in a host system, so that the object file can only access an open function in the host system through a virtual machine.
A device of operating a functional module across platforms, the device includes: an obtainment module configured to obtain a source code of the functional module, the source code of the functional module being a standard C code; a compilation module configured to compile the source code to generate a plurality of intermediate files; a link module configured to link process the plurality of intermediate files to generate an object file; a loading module configured to loading the object file; an allocation module configured to allocate a memory space for a bytecode in the object file and dividing the bytecode into a code segment and a data segment running in the memory space.
In an embodiment, the device further includes: a reception module configured to receive a command of calling an API function in the object file; an execution module configured to parse the command by an interpreter and call the API function in the object file by the interpreter to execute the command; and a call module configured to indirectly call a function in a host system by a system call mechanism of a virtual machine when the object file needs to call the function in the host system.
In an embodiment, the device further includes: an extraction module configured to extract a file identifier in the object file; and a verification module configured to verify whether the object file is valid or not according to the file identifier; if yes, the loading module is informed to load the object file.
In an embodiment, the device further includes: an encryption module configured to encrypt the object file by using an RSA encryption algorithm; the RSA encryption algorithm comprising a public key and a private key; wherein the object file is signed by using the private key in RSA, and a signature of the object file is verified by using the public key in RSA.
In an embodiment, the device further includes: a control module configured to control an authority of the object file to access a function in a host system, so that the object file can only access an open function in the host system through a virtual machine.
The above method and device of operating a functional module across platforms obtain a source code of the functional module, the source code of the functional module being a standard C code; compile the source code to generate a plurality of intermediate files; link process the plurality of intermediate files to generate an object file; load the object file; and allocate a memory space for a bytecode in the object file and divide the bytecode into a code segment and a data segment running in the memory space. The method implements isolation between the functional module and the platform during the whole process, which can implement operation of a functional module cross platforms without any modification of the functional module, so that the operation is simple.
To illustrate the technical solutions according to the embodiments of the present invention or in the prior art more clearly, the accompanying drawings for describing the embodiments or the prior art are introduced briefly in the following. Apparently, the accompanying drawings in the following description are only some embodiments of the present invention, and persons of ordinary skill in the art can derive other drawings from the accompanying drawings without creative efforts.
Referring to
Referring to
In step 202, a source code of the functional module is obtained, and the source code of the functional module is a standard C code.
In the embodiment, in order to implement the functional module cross platforms of, a virtual machine of implementing the functional module cross platforms is developed by using C language. The functional module is programmed by using the standard C, that is to say, the source code of the functional module is the standard C code. Firstly, the source code of the functional module is obtained by using the compiler supporting the C language virtual machine and the source code is compiled.
In step 204, the source code is compiled to generate a plurality of intermediate files.
In the embodiment, the source code is compiled by using the compiler supporting the C language virtual machine to generate a plurality of intermediate files; wherein, the compiler is a program that translates a language (usually a high level language) into another language (usually a low level language). Particularly, the C code is compiled into a plurality of intermediate code files with a suffix “.obj” by using the compiler. After compiling the source code of the functional module, it needs to use the linker to link process the plurality of intermediate code files with a suffix “.obj”, and a file with a suffix “.pvm” is finally generated.
In step 206, the plurality of intermediate files are link processed to generate an object file.
In the embodiment, the intermediate files are link processed by using the linker supporting the C language virtual machine to generate an object file; wherein the linker is a program configured to link one or more files generated by the compiler or assembler. Particularly, the linker is used to link the intermediate files compiled by the compiler to generate a .pvm file, where the .pvm file is composed of the bytecode recognizable by the virtual machine, and is not an executable file. An application program cannot call and execute the .pvm file. Referring to
In step 208, the object file is loaded.
In the embodiment, after using the compiler and the linker supporting the virtual machine to compile and link the source code of the functional module to generate an object file, the object file is loaded by using the virtual machine developed by the C language. In an embodiment, for loading the object file by the virtual machine, it firstly needs to identify the file identifier of the object file, which is used to identify that the object file is generated by the compiler and the linker supporting the virtual machine, which prevents from maliciously counterfeiting the .pvm file. That is to say, any file of which the suffix is changed into .pvm cannot be a functional module cross platforms. Particularly, the file identifier is represented by a MAGIC value, generated by the compiler, and subsequently verified by the interpreter in the virtual machine.
In step 110, a memory space is allocated to a bytecode in the object file and the bytecode is divided into a code segment and a data segment running in the memory space.
In the embodiment, the running principle of the program is: a code program is compiled into binary bytecodes and then run in any operating system. The operating system needs to allocate a process (memory) space for the program, and these binary bytecodes are divided into the code segment and the data segment to be allocated in the process control for running; wherein the data segment refers to a memory area configured to store the global variables that have been initialized in the program, which belongs to the static memory allocation. The code segment refers to a memory area configured to store the program execution codes. In other words, the code segment is equivalent to the instructions, and the data segment is equivalent to the data information.
In the embodiment, after the virtual machine loads the object file, the object file is pre-parsed firstly, and the data segment and the code segment in which the object file is run are virtualized in the memory space in which the virtual machine is run. Particularly, the interpreter in the virtual machine is used to pre-parse the object file, that is to say, the memory space is allocated for the bytecodes in the object file in the process of the virtual machine, and the bytecodes are divided into the code segment and the data segment running in the memory space. In this way, when the application program in the terminal wants to call the API (Application Programming Interface) function in the functional module (object file), it can initiate the call operation by the external interface of the virtual machine. After the interpreter in the virtual machine receives the call command, it will parse the command and then call the corresponding API function in the functional module. The process that the interpreter calls the corresponding API function in the functional module is a process that the code segment is allocated and interpreted and data is calculated. At the same time, when the functional module needs to call the function of the host system, the function of the host system can be indirectly called by the system call mechanism of the virtual machine.
In the embodiment, the source code of the functional module is obtained, and the source code of the functional module is the standard C code; the source code is compiled to generate a plurality of intermediate files; the plurality of intermediate files are link processed to generate the object file; the object file is loaded; the memory space is allocated for the bytecode in the object file, and the bytecode is divided into the code segment and the data segment running in the memory space. The method implements isolation between the functional module and the platform during the whole process, which can implement operation of a functional module cross platforms without any modification of the functional module, so that the operation is simple. Further, because the C language belongs to a relatively basic and original programming language, the hardware can be directly operated, the machine code can be generated efficiently. the C language can directly access the memory by using the pointer. Compared to the virtual machines developed by some high level programming languages (for example, the Java virtual machine), the virtual machine developed by using the C language does not have much intermediate layer scheduling, and has a higher execution efficiency.
Referring to
Referring to
In step 212, a command of calling an API function in the object file is received.
Particularly, the application program in the terminal initiates the command to call the API function of the object file. The virtual machine developed by using the C language receives the command by the external interface. After the interpreter in the virtual machine receives the call command, it will parse the command and then call the corresponding API function in the functional module; wherein the API function: the operating system not only coordinates execution of the application program, memory allocation and system resource management, but also serves as a large service center, calls various services of the service center (each service is a function), help the application program to achieve purposes that windows are opened, graphics are drawn, and peripheral equipments are used. Because objects served by these functions are the application programs, it is called Application Programming Interface, referred to as API function.
In step 214, the command is interpreted by an interpreter and the API function in the object file is called by the interpreter to execute the command.
In the embodiment, after the virtual machine developed by using the C language receives the command of calling the API function of the object file, the command is parsed by the interpreter in the virtual machine, and the API function in the object file is called by the interpreter; wherein, the interpreter is a program that can translate and run the high level programming language line by line directly, that is to say, the interpreter is like a “middleman”, when the program is run, the program has to be converted into another language to be run. Particularly, the process that the application program calls the API function in the functional module is the process that the code segment in the object file is allocated and interpreted and data is calculated by the interpreter.
In step 216, a function in a host system is indirectly called by a system call mechanism of a virtual machine when the object file needs to call the function in the host system.
In the embodiment, when the object file executes the calling instruction of the application program, it is sometimes necessary that the object file further calls the function in the host system to complete the calling instruction of the application. When the object file needs to call the function in the host system, it needs to indirectly call the function in the host system by the system call mechanism of the virtual machine. This is because it needs to isolate the functional module from the platform, the function in the host system cannot be called directly. It needs to perform a packaging operation by the virtual machine, and the system call mechanism in the virtual machine is the means of packaging. Where the virtual machine can be adapted to the host system platform, the application program can call the function in the functional module by the virtual machine, that is to say, isolation of the functional module and the platform is implemented.
Referring to
In step 218, a file identifier in the object file is extracted.
Particularly, the file identifier is a special MAGIC value that is generated when the compiler compiles the source code, and the file identifier is equivalent to a security code that identifies that the object file is compiled by this specific compiler. Before the virtual machine loads the object file, the virtual machine firstly needs to extract the file identifier in the object file, and then verifies the file identifier to prevent from maliciously counterfeiting the object file.
In step 219, the object file is verified whether it is valid or not according to the file identifier; if yes, then go to step 108; if no, then the end.
Particularly, the interpreter in the virtual machine verifies the extracted file identifier, that is to say, the MAGIC value is verified. If verification is passed, it is illustrated that the object file is valid, and the object file is loaded. If verification is not passed, it is illustrated that the PVM file is counterfeited, and the virtual machine does not load the file. The object file is verified by the file identifier, which can effectively prevent from maliciously counterfeiting the PVM file.
In one embodiment, after link processing the plurality of intermediate files to generate the object file; the method further includes: the object file is encrypted by using an RSA encryption algorithm; the RSA encryption algorithm includes a public key and a private key; wherein the object file is signed by using the private key in RSA, and a signature of the object file is verified by using the public key in RSA.
In the embodiment, in order to prevent from falsification, the object file is encrypted by the RSA encryption algorithm after the object file is generated, and the object file is signed by using the private key in the RSA algorithm. When the virtual machine loads the object file, the signature is verified by using the public key in the RSA algorithm.
In one embodiment, the method further includes: an authority of the object file to access a function in a host system is set, so that the object file can only access an open function in the host system through a virtual machine, which forms a sandbox environment.
In the embodiment, the sandbox environment refers to an approach to running an application program in a restricted security environment. This approach is to restrict the authority to access to code of the application program. All modification in the sandbox environment will not cause any loss to the operating system, and it is a safety environment. In the embodiment, in order to create a safety environment, the access authority is set so that the object file can only access the open function in the host system, and it is not allowed to access other functions, which constitutes a safety sandbox environment.
In an embodiment, in order to prevent from disassembly, the instruction code of the virtual machine is disarranged. Particularly, the instruction enumeration of the virtual machine is the sequence beginning from 0, so that it is easily disassembled. In the embodiment, the enumeration instruction is disarranged by changing the algorithm in the enumeration process during the compiler compiles the source code. Meanwhile, the enumeration value of the instruction is disarranged in the interpreter in the same ways, so that the instruction is enumerated without any rules, which can prevent from disassembly.
Referring to
In step 802, the compiler obtains the source code of the functional module, compiles the source code of the functional module to generate a plurality of intermediate files, and the source code of the functional module is the standard C code.
In step 804, the linker link processes the plurality of intermediate files to generate an object file.
In step 806, the virtual machine extracts the file identifier in the object file, verifies whether the object file is valid or not according to the file identifier. If yes, the object file is loaded, the memory space is allocated to the bytecode in the object file, and the bytecode is divided into the code segment and data segment running in the memory space.
In step 808, the application program in the terminal initiates a command of calling the API function in the object file.
In step 810, after the command is received, the interpreter in the virtual machine parses the command and calls the API function in the object file by the interpreter.
The above virtual machine is a virtual machine developed by using the C language; wherein the compiler and the linker are the compilers and linkers supporting the C language virtual machine.
Referring to
an obtainment module 902 configured to obtain a source code of the functional module, the source code of the functional module is a standard C code;
a compilation module 904 configured to compile the source code to generate a plurality of intermediate files;
a link module 906 configured to link process the plurality of intermediate files to generate an object file;
a loading module 908 configured to load the object file; and
an allocation module 910 configured to allocate a memory space for a bytecode in the object file and divide the bytecode into a code segment and a data segment running in the memory space.
Referring to
a reception module 912 configured to receive a command of calling an API function in the object file;
an execution module 914 configured to parse the command by an interpreter and call the API function in the object file by the interpreter to execute the command; and
a call module 916 configured to indirectly call a function in a host system by a system call mechanism of a virtual machine when the object file needs to call the function in the host system.
Referring to
an extraction module 918 configured to extract a file identifier in the object file; and
a verification module 919 configured to verify whether the object file is valid or not according to the file identifier; if yes, the loading module is informed to load the object file.
Referring to
an encryption module 907 configured to encrypt the object file by using an RSA encryption algorithm; the RSA encryption algorithm comprises a public key and a private key; wherein the object file is signed by using the private key in RSA, and a signature of the object file is verified by using the public key in RSA.
Referring to
a control module 901 configured to control an authority of the object file to access a function in a host system, so that the object file can only access an open function in the host system through a virtual machine.
Various features of the above embodiments can be combined in any manner. For simplicity of description, all possible combinations of various features in the above embodiments are not described. However, these combinations of these features should be regarded in the scope described in the specification as long as they do not contradict with each other.
Although the invention is illustrated and described herein with reference to specific embodiments, the invention is not intended to be limited to the details shown. Rather, various modifications may be made in the details within the scope and range of equivalents of the claims and without departing from the invention.
Number | Date | Country | Kind |
---|---|---|---|
201610593862.9 | Jul 2016 | CN | national |
Filing Document | Filing Date | Country | Kind |
---|---|---|---|
PCT/CN2016/106260 | 11/17/2016 | WO | 00 |