CN101656736A - Device and method for processing service data, and service processing system - Google Patents
Device and method for processing service data, and service processing system Download PDFInfo
- Publication number
- CN101656736A CN101656736A CN200910171418A CN200910171418A CN101656736A CN 101656736 A CN101656736 A CN 101656736A CN 200910171418 A CN200910171418 A CN 200910171418A CN 200910171418 A CN200910171418 A CN 200910171418A CN 101656736 A CN101656736 A CN 101656736A
- Authority
- CN
- China
- Prior art keywords
- algorithm
- processing
- encryption
- encryption library
- business datum
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
Embodiment of the invention discloses a device and method for processing service data, and a service processing system. The method for processing service data comprises receiving a service processingrequest distributed from a security socket layer protocol base, wherein the service processing request comprises service data requested to be processed and processing type information; according to processing type contained in the service processing request, calling algorithm corresponding to the processing type in an encryption base to process the service data; sending processing result of the service data to the security socket layer protocol base. The technical scheme of the invention is beneficial to calling algorithm of a third party encryption base for service processing, which reduces complexity of code maintenance.
Description
Technical field
The present invention relates to networking technology area, be specifically related to a kind of method and apparatus and transaction processing system of processing service data.
Background technology
Along with the fast development of Internet service and the variation of people's habits and customs, the demand of online transaction becomes more and more vigorous, thereby the fail safe of network trading has been proposed higher requirement.
SSL (SSL, Secure Sockets Layer) agreement is the communications protocol that is used to provide data security to maintain secrecy on the internet, and ssl protocol cooperates relevant cryptographic algorithm, for example can be used to help the network trading that carries out of user security.
Different business is not quite similar usually to the demand of safety, different application may use particular encryption algorithm to guarantee that its business can safe and effectively run, therefore, under some concrete application scenarios, may need to use the algorithm of third party's encryption library to carry out Business Processing.
Existing business is handled in the framework, the ssl protocol storehouse usually and the encryption library algorithm directly integrate, owing to ssl protocol storehouse and encryption library algorithm are direct-coupled, be unfavorable for that flexible invocation third party encryption library algorithm carries out Business Processing.For example,, need make amendment to existing ssl protocol bank code, and then the stability in ssl protocol storehouse is affected greatly, increase the complexity of code maintenance simultaneously if need to use the cryptographic algorithm of third party's encryption library.
Summary of the invention
Embodiment of the invention problem to be solved is, a kind of method and apparatus and transaction processing system of processing service data is provided, and the algorithm that helps flexible invocation third party encryption library carries out Business Processing, reduces the complexity of code maintenance.
For solving the problems of the technologies described above, the embodiment of the invention provides following technical scheme:
A kind of method of processing service data comprises:
Receive the Business Processing request that the secure socket layer protocol storehouse issues, described Business Processing request comprises business datum and the processing type information that request is handled; According to the processing type that described Business Processing request comprises, call in the encryption library and described business datum is handled with described processing type corresponding algorithm; Send the result of described business datum to described secure socket layer protocol storehouse.
Preferably, the described processing type that comprises according to described Business Processing request is called in the encryption library and with described processing mode corresponding algorithm described business datum is handled, and comprising:
In the algorithm structure table of each encryption library, search the record that the processing type that comprises with described Business Processing request is complementary, the record of the algorithm structure table of described encryption library comprises the field of the pointer of the field of the processing type that writes down algorithm and the algorithm structure that record points to this algorithm, has write down the pointer of the realization function that points to this algorithm in the algorithm structure of described algorithm; According to the pointer of the algorithm structure of the direction calculation that comprises in the matched record that finds out, obtain the algorithm structure of described algorithm; Pointer according to the realization function of the described algorithm of sensing that writes down in the described algorithm structure that obtains calls the realization function of algorithm described in the encryption library described business datum is handled.
Preferably, described method also comprises: after loading one or more new encryption libraries, and the algorithm structure table of the new encryption library that structure loads.
Preferably, described method also comprises: the algorithm structure table of deleting or simplifying one or more encryption libraries according to user instruction.
A kind of device of processing service data comprises:
Receiver module is used to receive the Business Processing request that the secure socket layer protocol storehouse issues, and described Business Processing request comprises business datum and the processing type information that request is handled; Call processing module, be used for the processing type that comprises according to the Business Processing request that described receiver module receives, call in the encryption library and described business datum is handled with described processing type corresponding algorithm; Sending module is used for sending to described secure socket layer protocol storehouse the result of described business datum.
Preferably, the described processing module of calling comprises:
Search submodule, be used for searching the record that the processing type that comprises with described Business Processing request is complementary at the algorithm structure table of each encryption library, the record of the algorithm structure table of described encryption library comprises the field of the pointer of the field of the processing type that writes down algorithm and the algorithm structure that record points to this algorithm, has write down the pointer of the realization function that points to this algorithm in the algorithm structure of described algorithm; Obtain submodule, be used for the pointer of searching the algorithm structure of the direction calculation that matched record that submodule finds out comprises according to described, obtain the algorithm structure of described algorithm; Call processing sub, be used for the pointer that obtains the realization function of the described algorithm of sensing that algorithm structure that submodule obtains writes down according to described, call the realization function of algorithm described in the encryption library described business datum is handled.
Preferably, described device also comprises: the table constructing module is used for after loading one or more new encryption libraries the algorithm structure table of the new encryption library that structure loads.
Preferably, described device also comprises: the table update module, be used for according to user instruction, and delete or simplify the algorithm structure table of one or more encryption libraries.
A kind of transaction processing system comprises:
The secure socket layer protocol storehouse is used for issuing service and handles request, and described Business Processing request comprises the business datum of request processing and handles type information; Algorithm interface layer unit is used to receive the Business Processing request that described secure socket layer protocol storehouse issues; According to the processing type that described Business Processing request comprises, call in the encryption library and described business datum is handled with described processing type corresponding algorithm; Send the result of described business datum to described secure socket layer protocol storehouse; One or more encryption libraries are used to provide algorithm.
Preferably, described algorithm interface layer unit also is used for, after loading one or more new encryption libraries, and the algorithm structure table of the new encryption library that structure loads.
As seen from the above, the technical scheme that the embodiment of the invention adopts has following advantage: because the unit that a transfer is handled is set between ssl protocol storehouse and encryption library algorithm, the unit of being handled by transfer calls the algorithm process business datum, eliminated the direct coupling of ssl protocol storehouse and encryption library algorithm, the algorithm that helps flexible invocation third party encryption library carries out Business Processing, reduces the complexity of code maintenance.
Description of drawings
In order to be illustrated more clearly in the technical scheme in the embodiment of the invention, the accompanying drawing of required use is done to introduce simply in will describing embodiment below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is a kind of transaction processing system schematic diagram that the embodiment of the invention provides;
Fig. 2 is the method flow diagram of a kind of processing service data of providing of the embodiment of the invention one;
Fig. 3 is the method flow diagram of a kind of processing service data of providing of the embodiment of the invention two;
Fig. 4 is the device schematic diagram of a kind of processing service data of providing of the embodiment of the invention three;
Fig. 5 is a kind of transaction processing system schematic diagram that the embodiment of the invention four provides.
Embodiment
The embodiment of the invention provides a kind of method and apparatus and transaction processing system of processing service data, eliminated the direct coupling of ssl protocol storehouse and encryption library algorithm, the algorithm that helps flexible invocation third party encryption library carries out Business Processing, reduces the complexity of code maintenance.
Below be elaborated respectively by specific embodiment.
At first see also Fig. 1, the technical scheme of the embodiment of the invention can specifically be implemented based on transaction processing system as shown in Figure 1, and transaction processing system shown in Figure 1 can comprise: secure socket layer protocol storehouse 110, algorithm interface layer unit 120, can also comprise acquiescence encryption library 131 and one or more third party's encryption library 132.Wherein, acquiescence include in the encryption library 131 a plurality of system defaults encryption/decryption algorithm, generate the random number algorithm and generate digest algorithm etc., can include a plurality of other add/separate algorithm, generate the random number algorithm, generate digest algorithm and other algorithm etc. in third party's encryption library 132.
See also Fig. 2, the method for a kind of processing service data of the embodiment of the invention one can comprise:
210, receive the Business Processing request that SSL ssl protocol storehouse issues, this Business Processing request comprises business datum and the processing type information that request is handled.
Under a kind of application scenarios, algorithm interface layer unit is set between ssl protocol storehouse and encryption library, when needs carry out enciphering/deciphering to business datum or generate summary etc. handling, request can be handled by issuing service in the ssl protocol storehouse, receive the Business Processing request that the ssl protocol storehouse issues by algorithm interface layer unit, this Business Processing request can comprise business datum and the processing type that the request of ssl protocol storehouse is handled, and can also comprise other parameter certainly.
Wherein, handle the type correspondence and certain concrete algorithm, for example, processing type information indication the carrying out des encryption that the Business Processing request is carried is handled, and des encryption is handled corresponding DES algorithm, and expression need utilize the DES algorithm that business datum is handled.
220, the processing type that comprises according to above-mentioned Business Processing request is called in the encryption library and with this processing type corresponding algorithm above-mentioned business datum is handled.
Under a kind of application scenarios, the processing type that can comprise according to the Business Processing request searches and handles the type corresponding algorithm in each encryption library, calls in the encryption library realization function with this processing type corresponding algorithm, and business datum is handled.
230, send the result of above-mentioned business datum to the ssl protocol storehouse.
Follow-up processing is proceeded in the ssl protocol storehouse after receiving the result of business datum.When system loads or deletion encryption library, need not the code in ssl protocol storehouse is made any change, the change of encryption library does not influence the realization and the stability in ssl protocol storehouse.
As seen from the above, in the embodiment of the invention, the unit that a transfer is handled is set between ssl protocol storehouse and encryption library algorithm, the unit of being handled by transfer calls the algorithm process business datum, eliminated the direct coupling of ssl protocol storehouse and encryption library algorithm, the algorithm that helps flexible invocation third party encryption library carries out Business Processing, reduces the complexity of code maintenance.
For ease of better understanding the technical scheme of the embodiment of the invention, the process of finishing the Business Processing request in ssl protocol storehouse with the algorithm of algorithm interface layer cell call encryption library is an example below, and technical solution of the present invention is carried out further detailed description.
See also Fig. 3, the method for a kind of processing service data of the embodiment of the invention two can comprise:
301, ssl protocol storehouse issuing service is handled request.
At needs business datum (is for example carried out certain processing, enciphering/deciphering, generation summary etc.) time, request can be handled by issuing service in the ssl protocol storehouse, request is carried out respective handling to business datum, above-mentioned Business Processing request can comprise business datum and the processing type information that the request of ssl protocol storehouse is handled, and can also comprise other one or more parameters certainly.
302, the algorithm interface layer unit processing type that request comprises according to Business Processing is called in the encryption library and with this processing type corresponding algorithm above-mentioned business datum is handled.
Can receive the Business Processing request that the ssl protocol storehouse issues by the algorithm interface layer unit that is connected with the ssl protocol storehouse, and, call Processing Algorithm corresponding in the encryption library above-mentioned business datum is handled with this encryption type according to the processing type that this Business Processing request comprises.
Wherein, the processing type that above-mentioned Business Processing request comprises can be: multiple encryption algorithms is handled (for example symmetric cryptography, public key encryption etc.), the processing of multiple decipherment algorithm, the processing of multiple generation digest algorithm, multiple generation random number algorithm process or other type algorithm, and the present invention does not do qualification.
Under a kind of application scenarios, algorithm interface layer unit can be earlier according to the algorithm structure of each algorithm in the user instruction structure encryption library, each that utilizes that the algorithm structure of algorithm writes down this algorithm realized the pointer of function and the correlation attribute value of this algorithm etc.
Be understandable that different algorithms comprises different realization function and correlation attribute value, so the algorithm structure of each algorithm construction of encryption library is normally different.
Further, raise the efficiency for reducing memory consumption, can directly ignore for those algorithms that can not call usually, its algorithm structure can not constructed yet.
Algorithm interface layer unit can further be constructed the algorithm structure table of encryption library again according to user instruction, utilize the algorithm structure pointer of part or all of algorithm of this encryption library of algorithm structure table record of each encryption library, wherein, the algorithm structure pointer of algorithm promptly is the pointer that points to the algorithm structure of this algorithm.
Be understandable that the type of the algorithm that different encryption libraries is included and quantity normally are not quite similar, therefore can construct independent algorithm structure table by corresponding each encryption library; Can certainly only construct an algorithm structure table, this algorithm structure table can write down the algorithm structure pointer of the part or all of algorithm of each encryption library.
Further, raise the efficiency for reducing memory consumption, the algorithm structure of those algorithms that can not call can be ignored usually, and the pointer of its algorithm structure can not be added in the algorithm structure table of encryption library.
Present embodiment is that example describes with the independent algorithm structure table of corresponding each encryption library structure, and for example, encryption library A comprises algorithm a, algorithm b and three algorithms of algorithm c, and the algorithm structure table of the encryption library A that constructs can be as shown in table 1, but be not limited to this:
Table 1
| The encryption library label | Handle type | The algorithm structure pointer | Call priority |
| ??A | The processing type of algorithm a | The algorithm structure pointer of algorithm a | ??2 |
| ??A | The processing type of algorithm b | The algorithm structure pointer of algorithm b | ??3 |
| ??A | The processing type of algorithm c | The algorithm structure pointer of algorithm c | ??2 |
Algorithm structure table as shown in table 1 can comprise the label of recording of encrypted storehouse A field, write down the field of the processing type of each algorithm, write down the field of the algorithm structure pointer of each algorithm, can also comprise the field of calling priority that writes down each algorithm, and the field of record out of Memory etc.
Wherein, may comprise the algorithm of same treatment type in each encryption library, in the algorithm structure table of different encryption libraries, the priority of calling of the algorithm of same treatment type generally is different, and the algorithm that priority is high preferentially calls.
Wherein, in each encryption library the algorithm of same treatment type call priority, can determine that for example the load time is late more, and to call the priority setting high more according to the load time of each encryption library earlier afterwards; Or directly according to concrete needs be provided with same treatment type in each encryption library algorithm call priority.
Under above-mentioned application scenarios, receive the Business Processing request that the ssl protocol storehouse issues after, algorithm interface layer unit can be searched in the algorithm structure table of each encryption library according to the processing type that comprises in this Business Processing request; If find the record that the processing type that comprises with the Business Processing request is complementary, then according to the algorithm structure pointer in this matched record, obtain the algorithm structure of this algorithm, then according to the realization function pointer in this algorithm structure that obtains, call corresponding realization function business datum is handled (for example carrying out encryption or decryption processing or the like), obtain the result of business datum at last.
Especially, if in the algorithm structure table of each encryption library, find many with the Business Processing request in the record that is complementary of the processing type that comprises, can directly call the highest algorithm corresponding algorithm structured fingers of priority, obtain the algorithm structure of this algorithm according in many records that are complementary that find; According to the realization function pointer in this algorithm structure that obtains, call corresponding realization function business datum is handled then, obtain the result of business datum.
303, algorithm interface layer unit sends the result of above-mentioned business datum to the ssl protocol storehouse.
Wherein, in the response of Business Processing that algorithm interface layer unit can carry the result and the relevant parameter of business datum, send to the ssl protocol storehouse, and after the ssl protocol storehouse receives business datum after handling, carry out follow-up processing.
Further, when loading new third party's encryption library, algorithm interface layer unit can be constructed the algorithm structure of each algorithm in the new encryption library that loads earlier according to user instruction; And further according to the algorithm structure table of user instruction structure encryption library.Certainly, algorithm interface layer unit also can also be according to the algorithm structure table that certain encryption library was deleted or simplified to frequency that calls of user instruction or each algorithm.For example, in a period of time of setting, certain algorithm of certain encryption library is not called always, then can delete the record of this algorithm correspondence in the algorithm structure table of this encryption library.
Further, if the function declaration form of the realization function of each encryption library algorithm there are differences, algorithm interface layer unit can realize that function encapsulates to the algorithm that each encryption library provided, make it meet the required function declaration form of function call, simultaneously also and shield the difference of each encryption library, to unify function interface.
For better understanding and implement the technical scheme of the embodiment of the invention, technical solution of the present invention is further detailed below by a concrete enforcement.
For instance, when needs carry out encryption to business datum, the Business Processing request that the ssl protocol storehouse issues, request is carried out encryption to business datum, this Business Processing request can comprise business datum and the encryption type information that request is handled, and can also comprise other one or more parameters certainly.
With request business datum being carried out des encryption below is treated to example and describes.
Can comprise in the algorithm structure of the DES algorithm that algorithm interface layer unit structure goes out: the pointer of encryption/decryption algorithm and the correlation attribute value of this encryption/decryption algorithm.
Under a kind of application scenarios, the algorithm structure of the DES algorithm that algorithm interface layer unit structure goes out can be as follows, but be not limited to this:
struct?DES{
Block_size; // cryptographic block length 64bit
Key_len; // key length 64bit
Des_init; The pointer of // sensing DES initialization function
Des_do_cipher; The pointer of // sensing DES enciphering/deciphering function
……
};
The algorithm structure of above-mentioned DES algorithm has write down cryptographic block length, key length and has pointed to the pointer of DES initialization function, the pointer of sensing DES enciphering/deciphering function etc.
For example the DES algorithm is included among the encryption library B1, and the algorithm structure table of the encryption library B1 that algorithm interface layer unit structure goes out can be as shown in table 2, but be not limited to this:
Table 2
| The encryption library label | Handle type | The algorithm structure pointer | Call priority |
| ??B1 | Des encryption | Point to the pointer of the algorithm structure of DES algorithm | ??1 |
| ??B1 | ??…… | ?…… | ??…… |
The algorithm structure table of above-mentioned encryption library B1 comprises the record of DES algorithm, wherein, and the algorithm structure of the algorithm structure pointed DES algorithm of DES algorithm.
After receiving the above-mentioned Business Processing request that the ssl protocol storehouse issues, algorithm interface layer unit can be searched in the algorithm structure table of each encryption library according to the processing type (des encryption) that comprises in this Business Processing request; If in the algorithm structure table of encryption library B1, search unique matched record, algorithm structure pointer according to the DES algorithm in this matched record, obtain the algorithm structure of DES algorithm, the pointer according to pointing to the initialization function in the DES algorithm structure calls the initialization function and carries out initialization; According to the pointer that points to encryption function in the DES algorithm structure, call encryption function business datum is carried out the des encryption processing, and the result after des encryption is handled is carried out in acquisition then.
Algorithm interface layer unit can send to the ssl protocol storehouse in the Business Processing response that business datum after des encryption is handled and relevant parameter carry with carrying out, and follow-up processing is carried out after receiving the business datum of carrying out after des encryption is handled in the ssl protocol storehouse.
By technique scheme as can be seen, in the present embodiment, algorithm interface layer unit is set between ssl protocol storehouse and encryption library algorithm, call the algorithm process business datum by algorithm interface layer unit, eliminated the direct coupling of ssl protocol storehouse and encryption library algorithm, the algorithm that helps flexible invocation third party encryption library carries out Business Processing, reduces the complexity of code maintenance.
Further, algorithm interface layer unit effectively managed the encryption library algorithm by safeguarding the algorithm structure table of encryption library, improved the flexibility of increase and decrease encryption library greatly.
For ease of the technical scheme of the better implement embodiment of the invention, also provide a kind of device of processing service data in the embodiment of the invention.
See also Fig. 4, the device 400 of a kind of processing service data of the embodiment of the invention three can comprise: receiver module 410, call processing module 420 and sending module 430.
Call processing module 420, be used for the processing type that comprises according to the Business Processing request that receiver module 410 receives, call in the encryption library and above-mentioned business datum is handled with this processing type corresponding algorithm.
Sending module 430 is used for sending to the secure socket layer protocol storehouse result of above-mentioned business datum.
Under a kind of application scenarios, calling processing module 420 can comprise: search submodule, obtain submodule and call processing sub (not shown among Fig. 4).
Search submodule, be used for searching the record that the processing type that comprises with above-mentioned Business Processing request is complementary at the algorithm structure table of each encryption library.
Wherein, the record of the algorithm structure table of encryption library comprises the field of the pointer of the field of the processing type that writes down algorithm and the algorithm structure that record points to this algorithm, has write down the pointer of the realization function that points to this algorithm in the algorithm structure of each algorithm.
For example, encryption library C comprises algorithm c1, algorithm c2 and three algorithms of algorithm c3, and the algorithm structure table of the encryption library C that constructs can be as shown in table 3, but be not limited to this:
Table 3
| The encryption library label | Handle type | The algorithm structure pointer | Call priority |
| ??C | The processing type of algorithm c1 | The algorithm structure pointer of algorithm c1 | ??5 |
| ??C | The processing type of algorithm c2 | The algorithm structure pointer of algorithm c2 | ??1 |
| ??C | The processing type of algorithm c3 | The algorithm structure pointer of algorithm c3 | ??4 |
Obtain submodule, be used for pointer, obtain the algorithm structure of this algorithm according to the algorithm structure of searching the direction calculation that matched record that submodule finds out comprises.
Call processing sub, be used for pointer, call the realization function of this algorithm in the encryption library above-mentioned business datum is handled according to the realization function that obtains the above-mentioned algorithm of sensing that algorithm structure that submodule obtains writes down.
In actual applications, after the Business Processing request that receiver module 410 reception ssl protocol storehouses issue, call the processing type that Business Processing request that submodule receives according to receiver module 410 comprises of searching of processing module 420, search in the algorithm structure table of each encryption library, obtain the pointer of submodule, obtain the algorithm structure of this algorithm according to the algorithm structure of searching the direction calculation that comprises in the matched record that submodule finds out; Call the pointer of processing sub, call the realization function of this algorithm in the encryption library above-mentioned business datum is handled according to the realization function that obtains the above-mentioned algorithm of sensing that writes down in the algorithm structure that submodule obtains; Sending module 430 sends the result of above-mentioned business datum to the secure socket layer protocol storehouse.
Under a kind of application scenarios, the device 400 of processing service data can also comprise:
The table constructing module is used for after loading one or more new encryption libraries the algorithm structure table of the new encryption library that structure loads.
In actual applications, the table constructing module can be behind the one or more new encryption libraries of system loads, construct the algorithm structure of each algorithm of new encryption library according to user instruction, and then construct the algorithm structure table of each new encryption library according to user instruction, so that the follow-up realization function of searching and call each algorithm of new encryption library.
Under a kind of application scenarios, the device 400 of processing service data can also comprise:
The table update module is used for presetting update mechanism according to user instruction or other, deletes or simplify the algorithm structure table of one or more encryption libraries.
In actual applications, the algorithm structure table of one or more encryption libraries be deleted or be simplified to the table update module can, the timely and effective renewal of implementation algorithm structural table according to user instruction or other update mechanism that presets.
Further, if the function declaration form of the realization function of each encryption library algorithm there are differences, the device 400 of processing service data can also comprise:
Package module, the algorithm that is used for that each encryption library is provided realizes that function encapsulates, and makes it meet the required function declaration form of processing module 420 function calls of calling, and also shields the difference of each encryption library simultaneously, unified function interface.
Be understandable that, the device 400 of the processing service data of present embodiment can be as the algorithm interface layer unit among the above-mentioned method embodiment, the function of its each functional module can be according to the method specific implementation among the said method embodiment, its concrete implementation procedure can repeat no more with reference to the associated description among the said method embodiment herein.
For ease of the technical scheme of the better implement embodiment of the invention, also provide a kind of transaction processing system in the embodiment of the invention.
See also Fig. 5, a kind of transaction processing system of the embodiment of the invention three can comprise: secure socket layer protocol storehouse 510, algorithm interface layer unit 520, one or more encryption library 530.
Secure socket layer protocol storehouse 510 is used for issuing service and handles request, and this Business Processing request comprises the business datum of request processing and handles type information etc.
Algorithm interface layer unit 520 is used to receive the Business Processing request that secure socket layer protocol storehouse 510 issues; According to the processing type that this Business Processing request comprises, call in the encryption library and above-mentioned business datum is handled with this processing type corresponding algorithm; Send the result of above-mentioned business datum to secure socket layer protocol storehouse 510.
One or more encryption libraries 530 are used to provide algorithm.
Wherein, one or more encryption libraries 530 can be used to provide various encryption/decryption algorithm, and various generation random number algorithms, various generation digest algorithms or the like are to realize various types of business data processings.
Under a kind of application scenarios, the record that the processing type that comprises with above-mentioned Business Processing request is complementary can be searched in algorithm interface layer unit 520 in the algorithm structure table of each encryption library, wherein, the record of the algorithm structure table of encryption library comprises the field of the pointer of the field of the processing type that writes down algorithm and the algorithm structure that record points to this algorithm, has write down the pointer of the realization function that points to this algorithm in the algorithm structure of each algorithm; According to the pointer of the algorithm structure of the direction calculation that comprises in the matched record that finds out, obtain the algorithm structure of this algorithm; Pointer according to the realization function of the above-mentioned algorithm of sensing that writes down in the algorithm structure that obtains calls the realization function of this algorithm in the encryption library above-mentioned business datum is handled.
Subsequent treatment is carried out in secure socket layer protocol storehouse 510 after the result of the above-mentioned business datum that receives 520 transmissions of algorithm interface layer unit.
Under a kind of application scenarios, algorithm interface layer unit 520 also is used for, after loading one or more new encryption libraries, and the algorithm structure table of the new encryption library that structure loads.
Under a kind of application scenarios, algorithm interface layer unit 520 also is used for, and presets update mechanism according to user instruction or other, deletes or simplify the algorithm structure table of one or more encryption libraries.
Be understandable that, present embodiment algorithm interface layer unit 520 can be as the device 400 of the processing service data among the embodiment three, the function of each functional unit of transaction processing system can be according to the method specific implementation among the said method embodiment in the present embodiment, its concrete implementation procedure can repeat no more with reference to the associated description among the said method embodiment herein.
Need to prove, for aforesaid each method embodiment, for simple description, so it all is expressed as a series of combination of actions, but those skilled in the art should know, the present invention is not subjected to the restriction of described sequence of movement, because according to the present invention, some step can adopt other orders or carry out simultaneously.Secondly, those skilled in the art also should know, the embodiment described in the specification all belongs to preferred embodiment, and related action and module might not be that the present invention is necessary.
In the above-described embodiments, the description of each embodiment is all emphasized particularly on different fields, do not have the part that describes in detail among certain embodiment, can be referring to the associated description of other embodiment.
In sum, in the present embodiment, algorithm interface layer unit is set between ssl protocol storehouse and encryption library algorithm, call the algorithm process business datum by algorithm interface layer unit, eliminated the direct coupling of ssl protocol storehouse and encryption library algorithm, the algorithm that helps flexible invocation third party encryption library carries out Business Processing, reduces the complexity of code maintenance.
Further, algorithm interface layer unit effectively managed the encryption library algorithm by safeguarding the algorithm structure table of encryption library, improved the flexibility of increase and decrease encryption library greatly.
One of ordinary skill in the art will appreciate that all or part of step in the whole bag of tricks of the foregoing description is to instruct relevant hardware to finish by program, this program can be stored in the computer-readable recording medium, and storage medium can comprise: read-only memory, random asccess memory, disk or CD etc.
More than the method and apparatus and the transaction processing system of a kind of processing service data that the embodiment of the invention provided is described in detail, used specific case herein principle of the present invention and execution mode are set forth, the explanation of above embodiment just is used for helping to understand method of the present invention and core concept thereof; Simultaneously, for one of ordinary skill in the art, according to thought of the present invention, the part that all can change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.
Claims (10)
1, a kind of method of processing service data is characterized in that, comprising:
Receive the Business Processing request that the secure socket layer protocol storehouse issues, described Business Processing request comprises business datum and the processing type information that request is handled;
According to the processing type that described Business Processing request comprises, call in the encryption library and described business datum is handled with described processing type corresponding algorithm;
Send the result of described business datum to described secure socket layer protocol storehouse.
2, method according to claim 1 is characterized in that, the described processing type that comprises according to described Business Processing request is called in the encryption library and with described processing mode corresponding algorithm described business datum handled, and comprising:
In the algorithm structure table of each encryption library, search the record that the processing type that comprises with described Business Processing request is complementary, the record of the algorithm structure table of described encryption library comprises the field of the pointer of the field of the processing type that writes down algorithm and the algorithm structure that record points to this algorithm, has write down the pointer of the realization function that points to this algorithm in the algorithm structure of described algorithm;
According to the pointer of the algorithm structure of the direction calculation that comprises in the matched record that finds out, obtain the algorithm structure of described algorithm;
Pointer according to the realization function of the described algorithm of sensing that writes down in the described algorithm structure that obtains calls the realization function of algorithm described in the encryption library described business datum is handled.
3, method according to claim 2 is characterized in that, described method also comprises: after loading one or more new encryption libraries, and the algorithm structure table of the new encryption library that structure loads.
4, according to claim 2 or 3 described methods, it is characterized in that described method also comprises: the algorithm structure table of deleting or simplifying one or more encryption libraries according to user instruction.
5, a kind of device of processing service data is characterized in that, comprising:
Receiver module is used to receive the Business Processing request that the secure socket layer protocol storehouse issues, and described Business Processing request comprises business datum and the processing type information that request is handled;
Call processing module, be used for the processing type that comprises according to the Business Processing request that described receiver module receives, call in the encryption library and described business datum is handled with described processing type corresponding algorithm;
Sending module is used for sending to described secure socket layer protocol storehouse the result of described business datum.
6, device according to claim 5 is characterized in that, the described processing module of calling comprises:
Search submodule, be used for searching the record that the processing type that comprises with described Business Processing request is complementary at the algorithm structure table of each encryption library, the record of the algorithm structure table of described encryption library comprises the field of the pointer of the field of the processing type that writes down algorithm and the algorithm structure that record points to this algorithm, has write down the pointer of the realization function that points to this algorithm in the algorithm structure of described algorithm;
Obtain submodule, be used for the pointer of searching the algorithm structure of the direction calculation that matched record that submodule finds out comprises according to described, obtain the algorithm structure of described algorithm;
Call processing sub, be used for the pointer that obtains the realization function of the described algorithm of sensing that algorithm structure that submodule obtains writes down according to described, call the realization function of algorithm described in the encryption library described business datum is handled.
7, device according to claim 6 is characterized in that, described device also comprises:
The table constructing module is used for after loading one or more new encryption libraries the algorithm structure table of the new encryption library that structure loads.
8, according to claim 6 or 7 described devices, it is characterized in that described device also comprises:
The table update module is used for according to user instruction, deletes or simplify the algorithm structure table of one or more encryption libraries.
9, a kind of transaction processing system is characterised in that, comprising:
The secure socket layer protocol storehouse is used for issuing service and handles request, and described Business Processing request comprises the business datum of request processing and handles type information;
Algorithm interface layer unit is used to receive the Business Processing request that described secure socket layer protocol storehouse issues; According to the processing type that described Business Processing request comprises, call in the encryption library and described business datum is handled with described processing type corresponding algorithm; Send the result of described business datum to described secure socket layer protocol storehouse;
One or more encryption libraries are used to provide algorithm.
10, system according to claim 9 is characterized in that,
Described algorithm interface layer unit also is used for, after loading one or more new encryption libraries, and the algorithm structure table of the new encryption library that structure loads.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101714188A CN101656736B (en) | 2009-08-28 | 2009-08-28 | Device and method for processing service data, and service processing system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009101714188A CN101656736B (en) | 2009-08-28 | 2009-08-28 | Device and method for processing service data, and service processing system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101656736A true CN101656736A (en) | 2010-02-24 |
| CN101656736B CN101656736B (en) | 2012-01-25 |
Family
ID=41710823
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009101714188A Active CN101656736B (en) | 2009-08-28 | 2009-08-28 | Device and method for processing service data, and service processing system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101656736B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106295367A (en) * | 2016-08-15 | 2017-01-04 | 北京奇虎科技有限公司 | Data ciphering method and device |
| CN106656939A (en) * | 2015-11-03 | 2017-05-10 | 华耀(中国)科技有限公司 | State cryptography SSL protocol and standard SSL protocol forwarding system and method |
| CN111182025A (en) * | 2019-11-26 | 2020-05-19 | 腾讯科技(深圳)有限公司 | Message processing method, device, server and storage medium |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1485746A (en) * | 2002-09-27 | 2004-03-31 | 鸿富锦精密工业(深圳)有限公司 | Management system and method for user safety authority limit |
| CN101141243A (en) * | 2006-09-08 | 2008-03-12 | 飞塔信息科技(北京)有限公司 | Device and method for carrying out security check and content filtering on communication data |
| CN101123494A (en) * | 2007-06-28 | 2008-02-13 | 深圳市中科新业信息科技发展有限公司 | A network access behavior data encryption system and method |
-
2009
- 2009-08-28 CN CN2009101714188A patent/CN101656736B/en active Active
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106656939A (en) * | 2015-11-03 | 2017-05-10 | 华耀(中国)科技有限公司 | State cryptography SSL protocol and standard SSL protocol forwarding system and method |
| CN106295367A (en) * | 2016-08-15 | 2017-01-04 | 北京奇虎科技有限公司 | Data ciphering method and device |
| CN111182025A (en) * | 2019-11-26 | 2020-05-19 | 腾讯科技(深圳)有限公司 | Message processing method, device, server and storage medium |
| CN111182025B (en) * | 2019-11-26 | 2021-04-20 | 腾讯科技(深圳)有限公司 | Message processing method, device, server and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101656736B (en) | 2012-01-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7364724B2 (en) | Operating system for blockchain IoT devices | |
| CN111460453B (en) | Machine learning training method, controller, device, server, terminal and medium | |
| US20110320805A1 (en) | Secure sharing of data along supply chains | |
| CN112602083A (en) | Multi-blockchain digital transaction information isolation system | |
| CN104301289B (en) | Equipment for safety information interaction | |
| CN101256615B (en) | Radio frequency recognizing privacy authentication method for dynamic cryptographic key update based on rarefaction tree | |
| WO2020199785A1 (en) | Processing method and computing method for private data, and applicable device | |
| CN102855448A (en) | Field-level database encryption device | |
| CN103597456A (en) | Method and apparatus for implementing memory segment access control in a distributed memory environment | |
| CN109491727A (en) | Object serialization method, terminal device and computer readable storage medium | |
| CN109802832A (en) | A kind of processing method of data file, system, big data processing server and computer storage medium | |
| CN107315966A (en) | Solid state hard disc data ciphering method and system | |
| CN106372874A (en) | Internet of things mobile finance payment system based on cloud platform | |
| Yu et al. | Blockchain technology for the 5g-enabled internet of things systems: Principle, applications and challenges | |
| CN101656736B (en) | Device and method for processing service data, and service processing system | |
| CN105515757B (en) | Security information exchange device based on credible performing environment | |
| US20230196351A1 (en) | Transaction tracing method and apparatus based on blockchain | |
| CN102542645A (en) | Entrance guard authentication method and system | |
| JP7222106B2 (en) | Privacy data uplink method, device and storage medium | |
| Gasimov et al. | Using blockchain technology to ensure security in the cloud and IoT environment | |
| CN117349685A (en) | Clustering method, system, terminal and medium for communication data | |
| Zhang et al. | An efficient and secure RFID batch authentication protocol with group tags ownership transfer | |
| CN109818734B (en) | Basic key distribution method, device and medium | |
| CN113609156A (en) | Data query and write-in method and device, electronic equipment and readable storage medium | |
| CN101303720B (en) | Built-in equipment, method and system for protecting encipherment of built-in equipment software |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |