CN115941600B - Message distribution method, system and computer readable storage medium - Google Patents
Message distribution method, system and computer readable storage medium Download PDFInfo
- Publication number
- CN115941600B CN115941600B CN202310241352.5A CN202310241352A CN115941600B CN 115941600 B CN115941600 B CN 115941600B CN 202310241352 A CN202310241352 A CN 202310241352A CN 115941600 B CN115941600 B CN 115941600B
- Authority
- CN
- China
- Prior art keywords
- target
- processor
- encrypted
- message data
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a message distribution method, a system and a computer readable storage medium, wherein the method is applied to a receiving end and comprises the following steps: receiving encrypted message data sent by a sending end, and acquiring an encrypted field in the encrypted message data, wherein the encrypted message data is obtained by encrypting the message data to be sent by the sending end based on a public key of the receiving end; and determining a target processor in a preset processor set based on the encryption field, and shunting the encrypted message data to a waiting queue corresponding to the target processor. The invention extracts the encryption field of the encrypted message data, determines the target processor corresponding to the encrypted message data under the condition of not decrypting, and shunts the encrypted message data to the waiting queue corresponding to the target processor, thereby improving the efficiency of the receiving end when shunting the encrypted message data, reducing the possibility of blocking the encrypted message data and improving the network bandwidth performance.
Description
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a method and a system for packet splitting, and a computer readable storage medium.
Background
The distributed collaborative network simulation verification platform has become a research hotspot and a development trend of network shooting range technology in all countries of the world, and a large-scale distributed platform construction stage is entered for more effective collaborative work and resource sharing between the platforms. The platforms are interconnected through a special line, the Internet and the like, wherein the connection through the Internet is a relatively universal mode. The method comprises the steps that a safe encryption tunnel is established on the Internet through gateway equipment, encryption message data among federal yards are transmitted on the encryption tunnel, the yard gateway equipment receives the encryption message data, firstly decrypts the encryption message data, then obtains values of IP addresses, protocols and ports in the decrypted message data, and sends the decrypted message data to a target host from different physical interfaces based on the values and routing forwarding rules.
The prior method needs to decrypt the encrypted message data received by the receiver to determine the destination host corresponding to the encrypted message data, thus the efficiency of the receiver in shunting the encrypted message is reduced, the message data is easy to block, and the network bandwidth performance is reduced.
Therefore, how to improve the message transmission efficiency and the network bandwidth performance is an urgent problem to be solved.
Disclosure of Invention
The invention mainly aims to provide a message distribution method, a message distribution system and a computer readable storage medium, which aim to solve the problem of how to improve the message transmission efficiency and the network bandwidth performance.
In order to achieve the above object, the present invention provides a message splitting method, where the message splitting method is applied to receiving, and the message splitting method includes the following steps:
receiving encrypted message data sent by a sending end, and acquiring an encrypted field in the encrypted message data, wherein the encrypted message data is obtained by encrypting the message data to be sent by the sending end based on a public key of the receiving end;
and determining a target processor in a preset processor set based on the encryption field, and shunting the encrypted message data to a waiting queue corresponding to the target processor.
Optionally, the step of determining the target processor in the preset processor set based on the encryption field includes:
acquiring first target encrypted data in the encrypted field, and calculating a first target hash value according to a preset hash function and the first target encrypted data;
And determining a target processor in a preset processor set according to the first target hash value.
Optionally, the step of determining the target processor in the preset processor set according to the first target hash value includes:
determining a first preprocessor in a preset processor set according to the first target hash value;
acquiring a first current utilization rate of the first preprocessor, and comparing the first current utilization rate with a preset utilization rate threshold;
and if the first current utilization rate is smaller than the preset utilization rate threshold value, taking the first preprocessor as a target processor.
Optionally, the step of obtaining the first current usage rate of the first preprocessor and comparing the first current usage rate with a preset usage rate threshold value includes:
if the first current utilization rate is not smaller than the preset utilization rate threshold, second target encrypted data in the encrypted field is obtained, a second target hash value is calculated according to the preset hash function, the first target encrypted data and the second target encrypted data, and a target processor is determined in a preset processor set according to the first current utilization rate and the second target hash value.
Optionally, the step of determining the target processor in the preset processor set according to the first current usage rate and the second target hash value includes:
determining a second preprocessor in a preset processor set according to the second target hash value;
acquiring a second current utilization rate of the second preprocessor, and comparing the second current utilization rate with the first current utilization rate;
if the first current utilization rate is smaller than the second current utilization rate, the first preprocessor is used as a target processor;
and if the second current utilization rate is smaller than the first current utilization rate, taking the second preprocessor as a target processor.
Optionally, after the step of shunting the encrypted packet data to the waiting queue corresponding to the target processor, the method includes:
acquiring the encrypted message data in the waiting queue through the target processor, and decrypting the encrypted message data based on a private key to obtain decrypted message data;
and carrying out related processing on the decrypted message data through the target processor.
In addition, the message distribution method is applied to the transmitting end, and comprises the following steps:
Acquiring message data to be transmitted and a public key of the receiving end;
encrypting the target processor address and the target processor port number of the message data to be sent based on the public key to obtain encrypted message data;
and sending the encrypted message data to the receiving end.
Optionally, the step of encrypting the target processor address and the target processor port number of the message data to be sent based on the public key includes:
encrypting the target processor address of the message data to be sent based on the public key to obtain first target encrypted data, and filling the first target encrypted data into the message header of the message data to be sent;
encrypting the target processor address of the message data to be sent based on the public key to obtain second target encrypted data, and filling the second target encrypted data into the message header of the message data to be sent.
In addition, in order to achieve the above object, the present invention further provides a packet splitting device, where the packet splitting device is applied to a receiving end, and the packet splitting device includes:
the receiving module is used for receiving encrypted message data sent by the sending end and obtaining an encrypted field in the encrypted message data, wherein the encrypted message data is obtained by encrypting the message data to be sent by the sending end based on a public key of the receiving end;
And the determining module is used for determining a target processor in a preset processor set based on the encryption field and shunting the encrypted message data to a waiting queue corresponding to the target processor.
Further, the determining module is further configured to:
acquiring first target encrypted data in the encrypted field, and calculating a first target hash value according to a preset hash function and the first target encrypted data;
and determining a target processor in a preset processor set according to the first target hash value.
Further, the determining module is further configured to:
determining a first preprocessor in a preset processor set according to the first target hash value;
acquiring a first current utilization rate of the first preprocessor, and comparing the first current utilization rate with a preset utilization rate threshold;
and if the first current utilization rate is smaller than the preset utilization rate threshold value, taking the first preprocessor as a target processor.
Further, the determining module is further configured to:
if the first current utilization rate is not smaller than the preset utilization rate threshold, second target encrypted data in the encrypted field is obtained, a second target hash value is calculated according to the preset hash function, the first target encrypted data and the second target encrypted data, and a target processor is determined in a preset processor set according to the first current utilization rate and the second target hash value.
Further, the determining module is further configured to:
determining a second preprocessor in a preset processor set according to the second target hash value;
acquiring a second current utilization rate of the second preprocessor, and comparing the second current utilization rate with the first current utilization rate;
if the first current utilization rate is smaller than the second current utilization rate, the first preprocessor is used as a target processor;
and if the second current utilization rate is smaller than the first current utilization rate, taking the second preprocessor as a target processor.
Further, the determining module further includes a processing module, where the processing module is configured to:
acquiring the encrypted message data in the waiting queue through the target processor, and decrypting the encrypted message data based on a private key to obtain decrypted message data;
and carrying out related processing on the decrypted message data through the target processor.
In addition, in order to achieve the above object, the present invention further provides another packet splitting device, where the packet splitting device is applied to a transmitting end, and the packet splitting device includes:
the acquisition module is used for acquiring the message data to be transmitted and the public key of the receiving end;
The obtaining module is used for encrypting the target processor address and the target processor port number of the message data to be sent based on the public key to obtain encrypted message data;
and the sending module is used for sending the encrypted message data to the receiving end.
Further, the obtaining module is further configured to:
encrypting the target processor address of the message data to be sent based on the public key to obtain first target encrypted data, and filling the first target encrypted data into the message header of the message data to be sent;
encrypting the target processor address of the message data to be sent based on the public key to obtain second target encrypted data, and filling the second target encrypted data into the message header of the message data to be sent.
In addition, in order to achieve the above objective, the present invention further provides a packet splitting system, where the packet splitting system includes: the system comprises a memory, a processor and a message distribution program which is stored in the memory and can run on the processor, wherein the message distribution program realizes the steps of the message distribution method when being executed by the processor.
In addition, in order to achieve the above object, the present invention further provides a computer readable storage medium, on which a message splitting program is stored, which when executed by a processor, implements the steps of the message splitting method as described above.
The message distribution method provided by the invention is used for receiving encrypted message data sent by a sending end and obtaining an encrypted field in the encrypted message data, wherein the encrypted message data is obtained by encrypting the message data to be sent by the sending end based on a public key of the receiving end; and determining a target processor in a preset processor set based on the encryption field, and shunting the encrypted message data to a waiting queue corresponding to the target processor. The invention extracts the encryption field of the encrypted message data, determines the target processor corresponding to the encrypted message data under the condition of not decrypting, and shunts the encrypted message data to the waiting queue corresponding to the target processor, thereby improving the efficiency of the receiving end when shunting the encrypted message data, reducing the possibility of blocking the encrypted message data and improving the network bandwidth performance.
Drawings
FIG. 1 is a schematic diagram of a device architecture of a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a flow chart of a first embodiment of the message splitting method of the present invention;
FIG. 3 is a flow chart of a second embodiment of the message splitting method of the present invention;
fig. 4 is a flow chart of a third embodiment of the packet splitting method according to the present invention.
The realization, functional characteristics and advantages of the object of the invention will be further described with reference to the attached drawings.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Referring to fig. 1, fig. 1 is a schematic device structure of a hardware running environment according to an embodiment of the present invention.
The device of the embodiment of the invention can be a PC or a server device.
As shown in fig. 1, the apparatus may include: a processor 1001, such as a CPU, a network interface 1004, a user interface 1003, a memory 1005, a communication bus 1002. Wherein the communication bus 1002 is used to enable connected communication between these components. The user interface 1003 may include a Display, an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may further include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a wireless interface (e.g., WI-FI interface). The memory 1005 may be a high-speed RAM memory or a stable memory (non-volatile memory), such as a disk memory. The memory 1005 may also optionally be a storage device separate from the processor 1001 described above.
It will be appreciated by those skilled in the art that the device structure shown in fig. 1 is not limiting of the device and may include more or fewer components than shown, or may combine certain components, or a different arrangement of components.
As shown in fig. 1, an operating system, a network communication module, a user interface module, and a message distribution program may be included in the memory 1005, which is a type of computer storage medium.
The operating system is a program for managing and controlling the portable message distribution system and software resources and supports the operation of a network communication module, a user interface module, a message distribution program and other programs or software; the network communication module is used to manage and control the network interface 1002; the user interface module is used to manage and control the user interface 1003.
In the packet splitting system shown in fig. 1, the packet splitting system invokes a packet splitting program stored in the memory 1005 through the processor 1001, and performs operations in each embodiment of the following packet splitting method.
Based on the hardware structure, the embodiment of the message splitting method is provided.
Referring to fig. 2, fig. 2 is a flow chart of a first embodiment of a packet splitting method according to the present invention, where the method includes:
Step S10, receiving encrypted message data sent by a sending end, and obtaining an encrypted field in the encrypted message data, wherein the encrypted message data is obtained by encrypting message data to be sent by the sending end based on a public key of the receiving end;
step S20, determining a target processor in a preset processor set based on the encryption field, and shunting the encrypted message data to a waiting queue corresponding to the target processor.
The message distribution method is applied to the receiving end of the message distribution system, the message distribution system further comprises a transmitting end, the receiving end and the transmitting end can be intelligent terminals or PC equipment and the like, and the receiving end is taken as an example for description for convenience; the receiving end receives encrypted message data sent by the sending end and acquires an encrypted field in the encrypted message data, wherein the encrypted message data is obtained by encrypting the message data to be sent by the sending end based on a public key of the receiving end; the receiving end obtains first target encrypted data in the encrypted field, and calculates a first target hash value according to a preset hash function and the first target encrypted data; the receiving end determines a first preprocessor in a preset processor set according to a first target hash value, acquires a first current utilization rate of the first preprocessor, and compares the first current utilization rate with a preset utilization rate threshold; and if the first current utilization rate is smaller than the preset utilization rate threshold value, taking the first preprocessor as a target processor and shunting the encrypted message data into a waiting queue corresponding to the target processor. It should be noted that, the encrypted message data is encrypted message data based on a WireGuard protocol and encapsulated by adopting a UDP, the WireGuard protocol is a virtual private network (Virtual Private Network, VPN) protocol, the UDP is User Datagram Protocol for short, the chinese name is a user datagram protocol, and the encrypted message data is a connectionless transport layer protocol.
The message splitting method of the embodiment receives encrypted message data sent by a sending end, and obtains an encrypted field in the encrypted message data, wherein the encrypted message data is obtained by encrypting the message data to be sent by the sending end based on a public key of the receiving end; and determining a target processor in the preset processor set based on the encryption field, and shunting the encrypted message data to a waiting queue corresponding to the target processor. The invention extracts the encryption field of the encrypted message data, determines the target processor corresponding to the encrypted message data under the condition of not decrypting, and shunts the encrypted message data to the waiting queue corresponding to the target processor, thereby improving the efficiency of the receiving end when shunting the encrypted message data, reducing the possibility of blocking the encrypted message data and improving the network bandwidth performance.
The following will explain each step in detail:
step S10, receiving encrypted message data sent by a sending end, and obtaining an encrypted field in the encrypted message data, wherein the encrypted message data is obtained by encrypting message data to be sent by the sending end based on a public key of the receiving end;
in this embodiment, the receiving end and the transmitting end are interconnected through a private line, the internet, and other modes, the transmitting end first determines an object to be transmitted with message data, that is, the receiving end obtains a public key of the receiving end, encrypts the message data to be transmitted based on the public key to obtain encrypted message data, then transmits the encrypted message data to the receiving end, and after receiving the encrypted message data transmitted by the transmitting end, the receiving end analyzes the encrypted message data to obtain an encrypted field in the encrypted message data, wherein the encrypted field is encrypted data in a message header in the encrypted message data; it should be noted that, the sending end performs homomorphic encryption on the message data to be sent based on the public key of the receiving end to obtain encrypted message data; homomorphic encryption is a special form of encryption that allows algebraic operations to be performed on ciphertext in a specific form to obtain a result that is still encrypted, and decrypting it to obtain the same result as the result of performing the same operation on plaintext, in other words, the technique can perform operations such as retrieval, comparison, etc. on encrypted data to obtain a correct result without decrypting the data during the entire process.
Step S20, determining a target processor in a preset processor set based on the encryption field, and shunting the encrypted message data to a waiting queue corresponding to the target processor.
In this embodiment, after obtaining an encryption field of encrypted message data, a receiving end determines a target processor in a preset processor set based on the encryption field, and shunts the encrypted message data to a waiting queue corresponding to the target processor; it should be noted that, the number of processors at the receiving end is determined, one processor corresponds to one waiting queue, that is, the number of waiting queues is also determined, the receiving end performs homomorphic encryption on the address of each processor and the port number of the waiting queue corresponding to each processor based on its own public key, and stores the homomorphic encryption in the data structure to obtain a preset processor set, the receiving end and the transmitting end perform homomorphic encryption on data based on the same method, the receiving end calculates to obtain a ciphertext result based on the encryption field, and compares the ciphertext result with encrypted data in the preset processor set to determine the target processor corresponding to the encrypted message data.
Further, the step of determining the target processor in the preset processor set based on the encryption field includes:
Step S201, obtaining first target encrypted data in the encrypted field, and calculating a first target hash value according to a preset hash function and the first target encrypted data;
in the step, a receiving end acquires first target encrypted data in an encrypted field, and calculates a first target hash value according to a preset hash function and the first target encrypted data; specifically, the encrypted field includes all encrypted data in a header in the encrypted message data, where the header format is as follows: the type field is used for indicating the type of the encrypted message data, the reserved field is a reserved field, the receiver field represents a receiver of the encrypted message data, the sender performs homomorphic encryption on an address of a target processor for receiving the encrypted message data based on a public key of the receiver and fills the homomorphic encryption into the receiver field, a port number of a waiting queue corresponding to the target processor for receiving the encrypted message data performs homomorphic encryption based on the public key of the receiver and fills the homomorphic encryption into the reserved field, and first target encrypted data in the encrypted field acquired by the receiver is encrypted data in the receiver field and a first target hash value is calculated according to a preset hash function and the first target encrypted data.
The preset hash function may be an addition hash or a multiplication hash, and the receiving end calculates the first target encrypted data, that is, the encrypted data of the address of the target processor, through the addition hash or the multiplication hash, to obtain a first target hash value.
Step S202, determining a target processor in a preset processor set according to the first target hash value.
In the step, after a first target hash value is obtained by calculation, a receiving end determines a target processor in a preset processor set according to the first target hash value; specifically, the receiving end performs a remainder calculation on the first target hash value to obtain a first target remainder, compares the first target remainder with address encryption data corresponding to each processor in the preset processor set, and further determines a target processor in the preset processor set.
Further, the step of determining the target processor in the preset processor set according to the first target hash value includes:
step S2021, determining a first preprocessor in a preset processor set according to the first target hash value;
in the step, after a first target hash value is obtained by calculation, a receiving end determines a first preprocessor in a preset processor set according to the first target hash value; specifically, the receiving end performs remainder calculation on the first target hash value to obtain a first target remainder, compares the first target remainder with address encryption data corresponding to each processor in the preset processor set, and uses a processor with the address encryption data identical to the first target remainder as a first preprocessor.
Step S2022, obtaining a first current usage rate of the first preprocessor, and comparing the first current usage rate with a preset usage rate threshold;
in the step, a receiving end obtains a first current utilization rate of a first preprocessor, and compares the first current utilization rate with a preset utilization rate threshold; specifically, the receiving end acquires the current utilization rate corresponding to each processor in a preset processor set in real time, takes homomorphic encryption results of serial numbers corresponding to each processor as keys, takes the utilization rate in the preset processor set as value, writes the value into an eBPF Map which is a universal data structure for storing different types of data, and provides functions of user mode and kernel mode data interaction, data storage, multi-program sharing data and the like; the receiving end can acquire the first current utilization rate of the first preprocessor through the eBPF Map, and compares the first current utilization rate with a preset utilization rate threshold.
In step S2023, if the first current usage rate is less than the preset usage rate threshold, the first preprocessor is used as a target processor.
In the step, if the receiving end determines that the first current utilization rate is smaller than a preset utilization rate threshold value, the first preprocessor is taken as a target processor; for example, if the preset usage rate threshold is 80%, and the first current usage rate is less than 80%, it is indicated that the usage rate of the first preprocessor is lower, and the load is lower, and the first preprocessor may be used as the target processor, and the encrypted message data may be shunted to a waiting queue corresponding to the target processor.
Further, after the step of shunting the encrypted message data to the waiting queue corresponding to the target processor, the method includes:
step a, obtaining the encrypted message data in the waiting queue through the target processor, and decrypting the encrypted message data based on a private key to obtain decrypted message data;
and b, carrying out related processing on the decrypted message data through the target processor.
In the steps a to b, the receiving end obtains the encrypted message data in the waiting queue through the target processor, and performs signature verification on the encrypted message data, and decrypts the signed encrypted message data based on the private key to obtain decrypted message data; and forwarding the decrypted message data through the target processor and other related processes.
The receiving end of the embodiment receives encrypted message data sent by the sending end and acquires an encrypted field in the encrypted message data, wherein the encrypted message data is obtained by encrypting the message data to be sent by the sending end based on a public key of the receiving end; and determining a target processor in the preset processor set based on the encryption field, and shunting the encrypted message data to a waiting queue corresponding to the target processor. By extracting the encryption field of the encrypted message data, under the condition of not decrypting, determining the target processor corresponding to the encrypted message data, and shunting the encrypted message data to the waiting queue corresponding to the target processor, the efficiency of the receiving end in shunting the encrypted message data is improved, the possibility of blocking the encrypted message data is reduced, and the network bandwidth performance is improved.
Further, referring to fig. 3, a second embodiment of the packet splitting method of the present invention is provided based on the first embodiment of the packet splitting method of the present invention.
The difference between the second embodiment of the packet splitting method and the first embodiment of the packet splitting method is that the step of obtaining the first current usage rate of the first preprocessor and comparing the first current usage rate with a preset usage rate threshold value includes:
step S2024, if the first current usage rate is not less than the preset usage rate threshold, obtaining second target encrypted data in the encrypted field, calculating a second target hash value according to the preset hash function, the first target encrypted data and the second target encrypted data, and determining a target processor in a preset processor set according to the first current usage rate and the second target hash value.
In this embodiment, after comparing the first current usage rate with a preset usage rate threshold, if it is determined that the first current usage rate is not less than the preset usage rate threshold, the receiving end obtains second target encrypted data in the encrypted field, calculates a second target hash value according to a preset hash function, the first target encrypted data and the second target encrypted data, and determines a target processor in the preset processor set according to the first current usage rate and the second target hash value. Specifically, the second target encrypted data in the encrypted field is a reserved field in a header of the encrypted message data, the preset hash function may be addition hash or multiplication hash, the receiving end calculates the first target encrypted data and the second target encrypted data through the addition hash or the multiplication hash to obtain a second target hash value, and the target processor is determined in the preset processor set according to the first current usage rate and the second target hash value.
Further, the step of determining the target processor in the preset processor set according to the first current usage rate and the second target hash value includes:
step S20241, determining a second preprocessor in a preset processor set according to the second target hash value;
in the step, the receiving end determines a second preprocessor in a preset processor set according to a second target hash value; specifically, the receiving end performs a remainder calculation on the second target hash value to obtain a second target remainder, compares the second target remainder with address encryption data corresponding to each processor in the preset processor set, and further determines a second preprocessor in the preset processor set.
Step S20242, obtaining a second current utilization rate of the second preprocessor, and comparing the second current utilization rate with the first current utilization rate;
in the step, the receiving end obtains a second current utilization rate of a second preprocessor, and compares the second current utilization rate with the first current utilization rate; specifically, the receiving end acquires the current utilization rate corresponding to each processor in a preset processor set in real time, takes homomorphic encryption results of serial numbers corresponding to each processor as keys, takes the utilization rate in the preset processor set as value, writes the value into an eBPF Map which is a universal data structure for storing different types of data, and provides functions of user mode and kernel mode data interaction, data storage, multi-program sharing data and the like; the receiving end can obtain the second current utilization rate of the second preprocessor through the eBPF Map, and compares the second current utilization rate with the second current utilization rate.
Step S20243, if the first current usage rate is less than the second current usage rate, taking the first preprocessor as a target processor;
and step S20244, if the second current usage rate is smaller than the first current usage rate, taking the second preprocessor as a target processor.
In steps S20243 to S20244, if the receiving end determines that the first current usage rate is less than the second current usage rate, it indicates that the usage rate of the first preprocessor is low, the load is low, and the first preprocessor may be used as the target processor, and the encrypted message data may be shunted to the waiting queue corresponding to the target processor; if the second current utilization rate is smaller than the first current utilization rate, the second preprocessor is indicated to have lower utilization rate and lower load, and the second preprocessor can be used as a target processor, and encrypted message data are shunted into a waiting queue corresponding to the target processor.
Further, if the second current usage rate and the second current usage rate are not less than the preset usage rate threshold, at this time, the receiving end may select a processor with the lowest usage rate from the preset processor set as the target processor, and shunt the encrypted message data to a waiting queue corresponding to the target processor, and simultaneously send the address corresponding to the target processor to the collocation transmitting end.
If the receiving end determines that the first current usage rate is not less than the preset usage rate threshold, the receiving end acquires second target encrypted data in the encrypted field, calculates a second target hash value according to a preset hash function, the first target encrypted data and the second target encrypted data, and determines a target processor in a preset processor set according to the first current usage rate and the second target hash value. The final target processor is determined through the utilization rates of the two preprocessors, so that the problem of uneven distribution of encrypted message data caused by overlarge flow of a certain processor is avoided, the efficiency of a receiving end in distributing the encrypted message data is improved, the possibility of blocking the encrypted message data is reduced, and the network bandwidth performance is improved.
Further, referring to fig. 4, a third embodiment of the packet splitting method according to the present invention is provided based on the first embodiment and the second embodiment of the packet splitting method according to the present invention.
The difference between the third embodiment of the message splitting method and the first and second embodiments of the message splitting method is that the message splitting method is applied to the transmitting end, and the message splitting method includes the following steps:
Step S30, obtaining the message data to be sent and the public key of the receiving end;
in this embodiment, a transmitting end obtains to-be-transmitted message data and a public key of a receiving end; specifically, the message data to be sent may be generated by the sending end, or may be data sent by other sending ends received by the sending end; the receiving end and the transmitting end are interconnected through a special line, the Internet and the like, and the transmitting end transmits an acquisition instruction to the receiving end after determining the corresponding receiving end, so that the public key of the receiving end is acquired.
Step S40, encrypting the target processor address and the target processor port number of the message data to be sent based on the public key to obtain encrypted message data;
in this embodiment, after receiving the public key of the receiving end, the sending end encrypts the target processor address and the target processor port number corresponding to the message data to be sent based on the public key to obtain encrypted message data; it should be noted that, the address of the target processor corresponding to the message data to be sent refers to the address of the processor in the receiving end that processes the encrypted message data corresponding to the message data to be sent, and the port number of the target processor refers to the port number corresponding to the waiting queue of the processor in the receiving end that processes the encrypted message data corresponding to the message data to be sent.
Further, step S40 includes:
step S401, encrypting the target processor address of the message data to be sent based on the public key to obtain first target encrypted data, and filling the first target encrypted data into the message header of the message data to be sent;
step S402, encrypting the target processor address of the message data to be sent based on the public key, to obtain second target encrypted data, and filling the second target encrypted data into the header of the message data to be sent.
In step S401 to step S402, the transmitting end performs homomorphic encryption on the target processor address of the message data to be transmitted based on the public key of the receiving end, so as to obtain first target encrypted data, and fills the first target encrypted data into the receiver field in the header of the message data to be transmitted, performs homomorphic encryption on the port number of the target processor of the message data to be transmitted based on the public key of the receiving end, so as to obtain second target encrypted data, fills the second target encrypted data into the reserved field in the header of the message data to be transmitted, and further performs homomorphic encryption on the whole message data to be transmitted based on the public key of the receiving end, and performs homomorphic encryption on the whole message data to be transmitted based on the receiver field in the header, the reserved field in the header, and the data after homomorphic encryption, so as to obtain encrypted message data corresponding to the message data to be transmitted.
And step S50, the encrypted message data is sent to the receiving end.
In the step, the sending end sends the encrypted message data to the receiving end through a special line and internet connection between the receiving end and the sending end.
The method comprises the steps that message data to be sent and a public key of a receiving end are obtained at a sending end of the embodiment; encrypting the target processor address and the target processor port number of the message data to be transmitted based on the public key to obtain encrypted message data; and sending the encrypted message data to a receiving end. By homomorphic encryption of the target processor address and the target processor port number, the same homomorphic encryption method is used by the sending end and the receiving end, so that the receiving end can determine the target processor corresponding to the encrypted message data only by comparing ciphertext results, and the encrypted message data is split, thereby being beneficial to improving the efficiency of the receiving end when splitting the encrypted message data, reducing the possibility of blocking the encrypted message data and improving the network bandwidth performance.
The invention also provides a message splitting device, which is applied to a receiving end and comprises:
the receiving module is used for receiving encrypted message data sent by the sending end and obtaining an encrypted field in the encrypted message data, wherein the encrypted message data is obtained by encrypting the message data to be sent by the sending end based on a public key of the receiving end;
And the determining module is used for determining a target processor in a preset processor set based on the encryption field and shunting the encrypted message data to a waiting queue corresponding to the target processor.
Further, the determining module is further configured to:
acquiring first target encrypted data in the encrypted field, and calculating a first target hash value according to a preset hash function and the first target encrypted data;
and determining a target processor in a preset processor set according to the first target hash value.
Further, the determining module is further configured to:
determining a first preprocessor in a preset processor set according to the first target hash value;
acquiring a first current utilization rate of the first preprocessor, and comparing the first current utilization rate with a preset utilization rate threshold;
and if the first current utilization rate is smaller than the preset utilization rate threshold value, taking the first preprocessor as a target processor.
Further, the determining module is further configured to:
if the first current utilization rate is not smaller than the preset utilization rate threshold, second target encrypted data in the encrypted field is obtained, a second target hash value is calculated according to the preset hash function, the first target encrypted data and the second target encrypted data, and a target processor is determined in a preset processor set according to the first current utilization rate and the second target hash value.
Further, the determining module is further configured to:
determining a second preprocessor in a preset processor set according to the second target hash value;
acquiring a second current utilization rate of the second preprocessor, and comparing the second current utilization rate with the first current utilization rate;
if the first current utilization rate is smaller than the second current utilization rate, the first preprocessor is used as a target processor;
and if the second current utilization rate is smaller than the first current utilization rate, taking the second preprocessor as a target processor.
Further, the determining module further includes a processing module, where the processing module is configured to:
acquiring the encrypted message data in the waiting queue through the target processor, and decrypting the encrypted message data based on a private key to obtain decrypted message data;
and carrying out related processing on the decrypted message data through the target processor.
The invention also provides another message splitting device, which is applied to a transmitting end and comprises:
the acquisition module is used for acquiring the message data to be transmitted and the public key of the receiving end;
The obtaining module is used for encrypting the target processor address and the target processor port number of the message data to be sent based on the public key to obtain encrypted message data;
and the sending module is used for sending the encrypted message data to the receiving end.
Further, the obtaining module is further configured to:
encrypting the target processor address of the message data to be sent based on the public key to obtain first target encrypted data, and filling the first target encrypted data into the message header of the message data to be sent;
encrypting the target processor address of the message data to be sent based on the public key to obtain second target encrypted data, and filling the second target encrypted data into the message header of the message data to be sent.
The invention also provides a message distribution system.
The message distribution system of the invention comprises: the system comprises a memory, a processor and a message distribution program which is stored in the memory and can run on the processor, wherein the message distribution program realizes the steps of the message distribution method when being executed by the processor.
The method implemented when the message splitting program running on the processor is executed may refer to various embodiments of the message splitting method of the present invention, which are not described herein again.
The invention also provides a computer readable storage medium.
The computer readable storage medium of the present invention stores a message splitting program which, when executed by a processor, implements the steps of the message splitting method described above.
The method implemented when the message splitting program running on the processor is executed may refer to various embodiments of the message splitting method of the present invention, which are not described herein again.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) as described above, comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method according to the embodiments of the present invention.
The foregoing description is only of the preferred embodiments of the present invention, and is not intended to limit the scope of the invention, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein, or any application, directly or indirectly, in the field of other related technology.
Claims (9)
1. The message splitting method is characterized in that the message splitting method is applied to a receiving end and comprises the following steps:
Receiving encrypted message data sent by a sending end, and acquiring an encrypted field in the encrypted message data, wherein the encrypted message data is obtained by encrypting the message data to be sent by the sending end based on a public key of the receiving end;
determining a target processor in a preset processor set based on the encryption field, and shunting the encrypted message data to a waiting queue corresponding to the target processor;
wherein the step of determining the target processor in the preset processor set based on the encryption field includes:
acquiring first target encrypted data in the encrypted field, and calculating a first target hash value according to a preset hash function and the first target encrypted data, wherein the first target encrypted data is an address of a target processor;
and determining a target processor in a preset processor set according to the first target hash value.
2. The method of packet splitting according to claim 1, wherein the step of determining a target processor in a preset processor set according to the first target hash value includes:
determining a first preprocessor in a preset processor set according to the first target hash value;
Acquiring a first current utilization rate of the first preprocessor, and comparing the first current utilization rate with a preset utilization rate threshold;
and if the first current utilization rate is smaller than the preset utilization rate threshold value, taking the first preprocessor as a target processor.
3. The method for packet splitting according to claim 2, wherein the step of obtaining the first current usage rate of the first preprocessor and comparing the first current usage rate with a preset usage rate threshold value comprises:
if the first current utilization rate is not smaller than the preset utilization rate threshold, second target encrypted data in the encrypted field is obtained, a second target hash value is calculated according to the preset hash function, the first target encrypted data and the second target encrypted data, and a target processor is determined in a preset processor set according to the first current utilization rate and the second target hash value.
4. The method of packet splitting according to claim 3, wherein the step of determining a target processor in the preset processor set according to the first current usage rate and the second target hash value comprises:
Determining a second preprocessor in a preset processor set according to the second target hash value;
acquiring a second current utilization rate of the second preprocessor, and comparing the second current utilization rate with the first current utilization rate;
if the first current utilization rate is smaller than the second current utilization rate, the first preprocessor is used as a target processor;
and if the second current utilization rate is smaller than the first current utilization rate, taking the second preprocessor as a target processor.
5. The method for splitting packets according to claim 1, wherein after the step of splitting the encrypted packet data into the waiting queues corresponding to the target processor, the method comprises:
acquiring the encrypted message data in the waiting queue through the target processor, and decrypting the encrypted message data based on a private key to obtain decrypted message data;
and carrying out related processing on the decrypted message data through the target processor.
6. The method for splitting messages according to claim 1, wherein the method for splitting messages is applied to a transmitting end, and the method for splitting messages comprises the following steps:
Acquiring message data to be transmitted and a public key of the receiving end;
encrypting the target processor address and the target processor port number of the message data to be sent based on the public key to obtain encrypted message data;
and sending the encrypted message data to the receiving end.
7. The method of packet splitting according to claim 6, wherein the step of encrypting the destination processor address and the destination processor port number of the packet data to be transmitted based on the public key comprises:
encrypting the target processor address of the message data to be sent based on the public key to obtain first target encrypted data, and filling the first target encrypted data into the message header of the message data to be sent;
and encrypting the port number of the target processor of the message data to be sent based on the public key to obtain second target encrypted data, and filling the second target encrypted data into the message header of the message data to be sent.
8. A message splitting system, wherein the message splitting system comprises: memory, a processor and a message splitting program stored on the memory and executable on the processor, which when executed by the processor implements the steps of the message splitting method according to any of claims 1 to 7.
9. A computer readable storage medium, wherein a message splitting program is stored on the computer readable storage medium, and the message splitting program, when executed by a processor, implements the steps of the message splitting method according to any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310241352.5A CN115941600B (en) | 2023-03-14 | 2023-03-14 | Message distribution method, system and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310241352.5A CN115941600B (en) | 2023-03-14 | 2023-03-14 | Message distribution method, system and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115941600A CN115941600A (en) | 2023-04-07 |
| CN115941600B true CN115941600B (en) | 2023-05-26 |
Family
ID=85828985
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310241352.5A Active CN115941600B (en) | 2023-03-14 | 2023-03-14 | Message distribution method, system and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115941600B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102299799A (en) * | 2010-06-24 | 2011-12-28 | 索尼公司 | Information processing device and method, program, and information processing system |
| CN108347419A (en) * | 2017-01-24 | 2018-07-31 | 腾讯科技(深圳)有限公司 | Data transmission method and device |
| CN108566393A (en) * | 2018-04-13 | 2018-09-21 | 清华大学无锡应用技术研究院 | The methods, devices and systems of data encryption |
| CN110061840A (en) * | 2019-03-12 | 2019-07-26 | 平安科技(深圳)有限公司 | Data ciphering method, device, computer equipment and storage medium |
| CN113821810A (en) * | 2021-08-26 | 2021-12-21 | 上海赢科信息技术有限公司 | Data processing method and system, storage medium and electronic device |
| CN114866486A (en) * | 2022-03-18 | 2022-08-05 | 广州大学 | Encrypted flow classification system based on data packet |
Family Cites Families (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2000315997A (en) * | 1999-04-30 | 2000-11-14 | Toshiba Corp | Encryption communication method and node unit |
| CN101471772A (en) * | 2007-12-27 | 2009-07-01 | 华为技术有限公司 | Communication method, device and system |
| US11336629B2 (en) * | 2019-11-05 | 2022-05-17 | Vmware, Inc. | Deterministic load balancing of IPSec packet processing |
| CN111756522B (en) * | 2020-06-28 | 2023-06-23 | 中国平安财产保险股份有限公司 | Data processing method and system |
| CN112073332A (en) * | 2020-08-10 | 2020-12-11 | 烽火通信科技股份有限公司 | Message distribution method, multi-core processor and readable storage medium |
| CN113079109B (en) * | 2021-04-07 | 2022-10-04 | 鹏城实验室 | Data message processing method and system, intelligent terminal and storage medium |
| CN113194504B (en) * | 2021-04-27 | 2022-01-28 | 缪周航 | Method and system for optimizing transmission protocol based on multiplex detection and opposite-end remote measurement |
| CN113849797A (en) * | 2021-09-29 | 2021-12-28 | 深圳市电子商务安全证书管理有限公司 | Method, device, equipment and storage medium for repairing data security vulnerability |
| CN114039785B (en) * | 2021-11-10 | 2024-02-27 | 奇安信科技集团股份有限公司 | Data encryption, decryption and processing methods, devices, equipment and storage medium |
| CN114500093A (en) * | 2022-02-24 | 2022-05-13 | 中国工商银行股份有限公司 | Safe interaction method and system for message information |
| CN114826672A (en) * | 2022-03-25 | 2022-07-29 | 阿里云计算有限公司 | Encryption and decryption methods and devices of cloud network, computing node and system |
| CN114448730B (en) * | 2022-04-07 | 2022-08-02 | 中国工商银行股份有限公司 | Packet forwarding method and device based on block chain network and transaction processing method |
| CN114785496A (en) * | 2022-04-19 | 2022-07-22 | 支付宝(杭州)信息技术有限公司 | Method, device and system for sharing private data and receiving private data |
| CN114679395B (en) * | 2022-05-27 | 2022-08-09 | 鹏城实验室 | Data transmission detection method and system for heterogeneous network |
-
2023
- 2023-03-14 CN CN202310241352.5A patent/CN115941600B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102299799A (en) * | 2010-06-24 | 2011-12-28 | 索尼公司 | Information processing device and method, program, and information processing system |
| CN108347419A (en) * | 2017-01-24 | 2018-07-31 | 腾讯科技(深圳)有限公司 | Data transmission method and device |
| CN108566393A (en) * | 2018-04-13 | 2018-09-21 | 清华大学无锡应用技术研究院 | The methods, devices and systems of data encryption |
| CN110061840A (en) * | 2019-03-12 | 2019-07-26 | 平安科技(深圳)有限公司 | Data ciphering method, device, computer equipment and storage medium |
| CN113821810A (en) * | 2021-08-26 | 2021-12-21 | 上海赢科信息技术有限公司 | Data processing method and system, storage medium and electronic device |
| CN114866486A (en) * | 2022-03-18 | 2022-08-05 | 广州大学 | Encrypted flow classification system based on data packet |
Non-Patent Citations (3)
| Title |
|---|
| Hash Based Encryption for Keyframes of Diagnostic Hysteroscopy;Rafik Hamza;《IEEE Xplore》;全文 * |
| Seepage analysis of a diversion tunnel with high pressure in different periods: a case study;Wang Tao;《百度学术》;全文 * |
| 基于组合RSA的网络分流器的设计与实现;邓涛;《CNKI中国知网》;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115941600A (en) | 2023-04-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10798058B2 (en) | Distributed identity-based firewalls | |
| EP3632057B1 (en) | Distributed ipsec gateway | |
| US20180270660A1 (en) | Method and system for peer-to-peer enforcement | |
| JP3992579B2 (en) | Key exchange proxy network system | |
| Raza et al. | SecureSense: End-to-end secure communication architecture for the cloud-connected Internet of Things | |
| US11470060B2 (en) | Private exchange of encrypted data over a computer network | |
| US20200351107A1 (en) | Secure authentication of remote equipment | |
| JP6395867B2 (en) | OpenFlow communication method and system, control unit, and service gateway | |
| CA2432322A1 (en) | Packet encrypton system and method | |
| CN105939240B (en) | Load-balancing method and device | |
| CN104980920A (en) | Method and device for establishing communication connection of intelligent terminal | |
| CN110719248A (en) | Method and device for forwarding user datagram protocol message | |
| CN107547559B (en) | Message processing method and device | |
| CN113055269B (en) | Virtual private network data transmission method and device | |
| CN108306872A (en) | Network request processing method, device, computer equipment and storage medium | |
| US20080133915A1 (en) | Communication apparatus and communication method | |
| CN110474922B (en) | Communication method, PC system and access control router | |
| CN115941600B (en) | Message distribution method, system and computer readable storage medium | |
| US8595477B1 (en) | Systems and methods for reducing handshake delay in streaming protocol web requests | |
| CN115766902A (en) | Method, device, equipment and medium for transmitting non-sensitive data through QUIC | |
| CN113438215B (en) | Data transmission method, device, equipment and storage medium | |
| EP3890278B1 (en) | Data leakage prevention | |
| CN110535834B (en) | Accelerated processing method and system for network security IPsec | |
| CN108055360B (en) | Network data transmission method, system, transmission device and storage medium | |
| CN113810397A (en) | Protocol data processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |