CN117077123A - Service processing method and device for multiple password cards and electronic equipment - Google Patents
Service processing method and device for multiple password cards and electronic equipment Download PDFInfo
- Publication number
- CN117077123A CN117077123A CN202311047499.7A CN202311047499A CN117077123A CN 117077123 A CN117077123 A CN 117077123A CN 202311047499 A CN202311047499 A CN 202311047499A CN 117077123 A CN117077123 A CN 117077123A
- Authority
- CN
- China
- Prior art keywords
- key
- user
- card
- cipher
- synchronous
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title abstract description 18
- 238000000034 method Methods 0.000 claims abstract description 86
- 238000012545 processing Methods 0.000 claims abstract description 74
- 230000001360 synchronised effect Effects 0.000 claims abstract description 66
- 230000008569 process Effects 0.000 claims abstract description 30
- 230000015654 memory Effects 0.000 claims description 10
- 238000003860 storage Methods 0.000 claims description 9
- 238000010586 diagram Methods 0.000 description 13
- 238000004590 computer program Methods 0.000 description 11
- 230000002159 abnormal effect Effects 0.000 description 7
- 238000004891 communication Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 6
- 238000004422 calculation algorithm Methods 0.000 description 5
- 230000006378 damage Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000013473 artificial intelligence Methods 0.000 description 2
- 238000009826 distribution Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 210000001503 joint Anatomy 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000013515 script Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/48—Program initiating; Program switching, e.g. by interrupt
- G06F9/4806—Task transfer initiation or dispatching
- G06F9/4843—Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
- G06F9/4881—Scheduling strategies for dispatcher, e.g. round robin, multi-level priority queues
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Storage Device Security (AREA)
Abstract
The application provides a service processing method and device of a multi-password card and electronic equipment; the method comprises the following steps: carrying out sharing processing of the synchronous key on all the cipher cards according to the synchronous key; responding to service requests of different users, and determining a sub-process for executing the service requests by a main process according to a preset scheduling strategy; if the request type of the service request is a user key, the subprocess selects a corresponding cipher card to generate the user key corresponding to the user; the subprocess carries out synchronous processing on the user key in all the cipher cards based on the synchronous key. The service processing method of the multi-password card can realize high-performance parallel processing of the multi-password card based on the synchronous key, and eliminates the performance bottleneck of multi-card parallel.
Description
Technical Field
The present application relates to the field of cryptography, and in particular, to a method and an apparatus for processing services of a multi-password card, and an electronic device.
Background
In the traditional password server, each password server can only integrate one password card, single-card operation performance is limited, if a plurality of cards are mobilized by a single server, performance bottlenecks often exist in the multi-card scheduling process, the parallel performance of the plurality of cards cannot be fully exerted, expansion flexibility is poor, and upgrading and updating of the password server are limited.
Disclosure of Invention
The embodiment of the application provides a service processing method, a device and electronic equipment for a multi-password card, which can realize high-performance parallel processing of the multi-password card based on a synchronous key, eliminate the performance bottleneck of multi-card parallel and improve the expansibility of service processing.
The technical scheme of the embodiment of the application is realized as follows:
in a first aspect, an embodiment of the present application provides a service processing method for a multi-password card, including:
carrying out sharing processing of the synchronous key on all the cipher cards according to the synchronous key;
responding to service requests of different users, and determining a sub-process for executing the service requests by a main process according to a preset scheduling strategy;
if the request type of the service request is a user key, the subprocess selects a corresponding cipher card to generate the user key corresponding to the user;
the subprocess carries out synchronous processing on the user key in all the cipher cards based on the synchronous key.
In the above scheme, the performing the synchronization key sharing process on all the cryptographic cards according to the synchronization key includes:
all the cipher cards respectively generate corresponding identity key pairs, wherein the identity key pairs comprise a public key and a private key;
randomly determining one password card as a target password card in all password cards;
determining a synchronous key according to the target password card;
and carrying out sharing processing of the synchronous keys on all the cipher cards according to the identity key pairs of each cipher card except the target cipher card and the synchronous keys.
In the above solution, the sharing processing of the synchronization key for all the cryptographic cards with respect to the identity key pair and the synchronization key of each cryptographic card other than the target cryptographic card includes:
for each cipher card except the target cipher card, sending a public key in an identity key pair corresponding to each cipher card to the target cipher card;
the target cipher card performs asymmetric encryption on the synchronous key based on the public key, and distributes the encrypted ciphertext to the cipher card corresponding to the public key;
after the cipher text is received by the cipher card, the cipher text is decrypted according to a private key in an identity key pair corresponding to the cipher card, and the synchronous key is obtained.
In the above solution, if the request type of the service request is a user key, the sub-process selects a corresponding password card to generate the user key corresponding to the user, including:
acquiring a user identifier in the service request;
the subprocess calls a first service interface to send a service request to a password card bound with the subprocess;
the password card queries a user key corresponding to the user based on the user identification;
and if the user key is not queried, generating the user key corresponding to the user.
In the above solution, the generating the user key corresponding to the user if the user key is not queried includes:
determining a corresponding relation between the user identifier corresponding to the user and the user key;
and the password card stores the corresponding relation.
In the above scheme, the sub-process performs synchronization processing on the user key in all the cryptographic cards based on the synchronization key, including:
the cipher card corresponding to the subprocess encrypts a user key and a user identifier corresponding to the user based on the synchronous key, and the encrypted ciphertext is transmitted to other cipher cards;
the other cipher cards decrypt the user key ciphertext according to the synchronous key respectively to obtain the user key and the user identifier;
and the other password cards store the corresponding relation between the user key and the user identifier.
In the above scheme, the method further comprises:
if the request type of the service request is user encryption or decryption service, acquiring a user identifier in the service request;
the subprocess calls a second service interface to send the service request to a password card bound with the subprocess;
the password card obtains a user key corresponding to the user identifier based on the user identifier, and performs corresponding service processing on the data in the service request to obtain a processing result;
and the subprocess returns the processing result to the user.
In a second aspect, an embodiment of the present application provides a service processing apparatus for a multi-password card, where the service processing apparatus for a multi-password card includes:
the key synchronization module is used for carrying out sharing processing of the synchronous keys on all the cipher cards according to the synchronous keys;
and the selection module is used for responding to service requests of different users, and the main process determines sub-processes for executing the service requests according to a preset scheduling strategy.
The processing module is used for selecting a corresponding cipher card to generate a user key by the subprocess if the request type of the service request is a user key; the subprocess carries out synchronous processing on the user key in all the cipher cards based on the synchronous key.
In a third aspect, an embodiment of the present application provides an electronic device, including: at least one processor; and a memory communicatively coupled to the at least one processor; the memory stores instructions executable by the at least one processor, and the instructions are executed by the at least one processor, so that the at least one processor can execute the service processing method of the multi-password card provided by the embodiment of the application.
In a fourth aspect, embodiments of the present application provide a computer-readable storage medium comprising a set of computer-executable instructions, which when executed, are configured to perform a method of service processing for a multi-password card provided by embodiments of the present application.
According to the service processing method of the multi-password card, sharing processing of the synchronous keys is carried out on all the password cards according to the synchronous keys; responding to service requests of different users, and determining a sub-process for executing the service requests by a main process according to a preset scheduling strategy; if the request type of the service request is a user key, the subprocess selects a corresponding cipher card to generate the user key corresponding to the user; the subprocess carries out synchronous processing on the user key in all the cipher cards based on the synchronous key. The service processing method of the multi-password card carries out service processing of the synchronous key through all the password cards, so that the server can realize parallel high-performance parallel processing of the multi-password card, and the performance bottleneck of the multi-card parallel is eliminated.
Drawings
The drawings are included to provide a better understanding of the present application and are not to be construed as limiting the application. Wherein:
FIG. 1 is a schematic diagram of an alternative processing flow of a method for processing services of a multi-password card according to an embodiment of the present application;
FIG. 2 is a schematic diagram of an alternative process flow of sharing a synchronization key by all the cryptographic cards according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a corresponding relationship between a sub-process and a password card according to an embodiment of the present application;
FIG. 4 is a schematic diagram of an alternative architecture of a service processing device with multiple password cards according to an embodiment of the present application;
fig. 5 is a schematic block diagram of an alternative electronic device provided by an embodiment of the present application.
Detailed Description
The present application will be further described in detail with reference to the accompanying drawings, for the purpose of making the objects, technical solutions and advantages of the present application more apparent, and the described embodiments should not be construed as limiting the present application, and all other embodiments obtained by those skilled in the art without making any inventive effort are within the scope of the present application.
In the following description, reference is made to "some embodiments" which describe a subset of all possible embodiments, but it is to be understood that "some embodiments" can be the same subset or different subsets of all possible embodiments and can be combined with one another without conflict.
In the following description, the terms "first", "second", and the like are merely used to distinguish between similar objects and do not represent a particular ordering of the objects, it being understood that the "first", "second", or the like may be interchanged with one another, if permitted, to enable embodiments of the application described herein to be practiced otherwise than as illustrated or described herein.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs. The terminology used herein is for the purpose of describing embodiments of the application only and is not intended to be limiting of the application.
Referring to fig. 1, fig. 1 is a schematic diagram of an alternative processing flow of a service processing method of a multi-password card according to an embodiment of the present application, and the following description will refer to steps S101 to S104 shown in fig. 1.
Step S101, carrying out synchronous key sharing processing on all the cipher cards according to the synchronous keys.
In some embodiments, when scheduling multiple cryptographic cards based on a single server, the problem of key synchronization between the multiple cryptographic cards may be resolved from the synchronization key.
Firstly, initializing the server, loading necessary driving program and system components on the server, installing and configuring needed software and related tools such as related software running key algorithm, key management tools, related databases and the like, and ensuring that the server can safely, stably and efficiently execute service processing operation corresponding to the password service.
Second, each of all the cryptographic cards may generate a respective corresponding pair of identity keys, including a public key and a private key. The identity key pair may be used to identify each cryptographic card and to encrypt and decrypt data of the cryptographic card during communication to determine the security of the key.
And thirdly, the server randomly selects one password card from all password cards as a target password card, and the target password card calls a random number generator to generate a random number as a synchronous key, and can also call a time stamp server to generate time data as the synchronous key.
Thereafter, the sharing process of the synchronization key may be performed for all the cryptographic cards with respect to the synchronization key and the identity key pair of each of the cryptographic cards other than the target cryptographic card. The process of sharing the synchronization key may be: for each key card except the target cipher card, sending the public key in the identity key pair corresponding to each cipher card to the target cipher card; after receiving the public keys, the target cipher card performs asymmetric encryption on the synchronous keys by utilizing each public key, and distributes the encrypted ciphertext to the cipher card corresponding to the public key; after each cipher card receives the ciphertext sent by the target cipher card, the ciphertext can be decrypted according to the private key in the corresponding identity key to obtain the synchronous key. Thus, each cipher card can safely obtain the synchronous key, and the synchronous key sharing is realized. Among other algorithms, the asymmetric encryption may include, but is not limited to, RSA (Rivest-Shamir-Adleman, livister-Samor-Adaman), DSA (Digital Signature Algorithm ), ECC (Elliptic Curve Cryptography, elliptic Curve encryption algorithm), and the like.
As an example, as shown in fig. 2. In fig. 2, there are four password cards, and the password card 1 can be determined as the target password card. First, each cryptographic card generates a corresponding pair of identity keys, each pair of identity keys comprising a public key and a private key. Secondly, the random number generated by the target cipher card can be used as a synchronous key, and the cipher card 2, the cipher card 3 and the cipher card 4 respectively send the public keys in the respective identity keys to the target cipher card; after receiving the public keys sent by other cipher cards, the target cipher card can perform asymmetric encryption on the synchronous cipher based on each public key, and distributes the encrypted ciphertext to the cipher card corresponding to each public key. After receiving the respective ciphertext, the other cryptocards can decrypt the received ciphertext based on the private key of the other cryptocards to obtain the synchronous key.
Step S102, responding to service requests of different users, and determining a sub-process for executing the service requests by a main process according to a preset scheduling strategy.
In some embodiments, a server's business process may be divided into a main process and a plurality of sub-processes, which start running simultaneously when the server starts processing the business. The main process is responsible for the protection and service distribution of the sub-process, and the sub-process is responsible for processing specific services. When the main process is initialized, a protection thread pool is created, the size of the protection thread pool is the same as the number of the sub-processes, each protection thread in the protection thread pool is associated with the corresponding sub-process, and the main process is responsible for monitoring the state of the sub-process associated with the protection thread pool, such as whether the sub-process survives, the running state and the like. If the protection thread monitors that the corresponding sub-process is missing or abnormal, corresponding processing measures are triggered, such as recording the identification number of the abnormal sub-process, error reasons and other abnormal information, and sending the abnormal information to the main process to restart the sub-process, and the main process receives the abnormal information in the notification information provided by the protection thread and restarts the corresponding sub-process. By the mechanism, the state of the sub-process is monitored in real time, and corresponding treatment measures are started for the abnormal sub-process, so that the stable operation of the sub-process is ensured, the reliability and stability of the password server are improved, and the continuous operation of the service is ensured.
In some embodiments, after the main process receives the service request from the outside in the service distribution stage of the server, a sub-process may be selected to send the service request of the service process according to a preset scheduling policy. After the selected subprocess receives the service request, firstly judging the request type corresponding to the service request. The scheduling policy includes a random allocation, a polling mechanism or a mode of calculating weights. The service type includes a request mode for generating a user key and a request mode for encryption or decryption operation.
Step S103, if the request type of the service request generates a user key, the subprocess selects a corresponding cipher card to generate the user key corresponding to the user
In some embodiments, if the request type of the service request is a user key, the sub-process selects the cryptographic card corresponding to the sub-process to generate the user key corresponding to the user. The subprocess will firstly acquire the user identification in the service request, call the interface corresponding to the service request to execute the related request, in the embodiment, call the first service interface to send the service request to the password card bound with the first service interface, the password card inquires whether the user key corresponding to the user identification exists in the server, if the user key corresponding to the user identification is inquired to exist, the service request is not executed any more, and a corresponding prompt or error message can be returned to the service requester to prompt that the user key has been generated without repeated generation; if not, the cipher card is used to generate the user key corresponding to the user, and the corresponding relation between the user identification and the user key is stored in the database. The corresponding relationship between the subprocess and the password card is shown in fig. 3, and the subprocess and the password card are in one-to-one correspondence.
Step S104, the subprocess carries out synchronous processing on the user key in all the cipher cards based on the synchronous key.
In some embodiments, the cryptographic card corresponding to the sub-process may encrypt the user key and the user identifier by using the synchronization key, transmit the encrypted ciphertext to other cryptographic cards, and after the other cryptographic cards receive the ciphertext, decrypt the ciphertext by using the synchronization key shared in advance to obtain the user key and the corresponding user identifier, and store the correspondence between the decrypted user key and the user identifier. And whether the user key corresponding to the user identifier exists or not and the corresponding relation between the user key and the user identifier can be recorded and updated by creating a database table.
Through the scheme, when the sub-process generates the user key, the security of the key is ensured, and simultaneously, the user key is synchronized to other cipher cards through the encryption and decryption operation by utilizing the synchronization key, so that the synchronization of the user key is realized. Thus, the same user key can be shared and used among different cipher cards, and the utilization efficiency of the key and the parallel processing performance of multiple cards are improved.
In some embodiments, if the request type of the service request is user encryption or decryption service, the subprocess may acquire a user identifier in the service request, and the subprocess invokes the second service interface to send the service request to a cryptographic card bound with the second service interface, where the cryptographic card acquires a user key corresponding to the user identifier based on the user identifier, performs corresponding service processing on data in the service request, and obtains a processing result, and returns the processing result to the user.
In practical application, the frequency of the user key generation service is less than that of the encryption or decryption service, most of the services are services such as executing encryption or decryption by using the generated and synchronized user key, when the service request type is the encryption or decryption service, the user key is generated and is stored in each cipher card synchronously, at this time, when the server receives the service request, the main process only needs to randomly send the service request to any one sub-process by using a preset scheduling strategy, such as a random allocation strategy, and any one sub-process can complete related operation by using the user key stored in the corresponding cipher card.
On the other hand, the method provided by the embodiment is easy to expand the number of the password cards, and when a new password card is added, the data of the existing password card can be obtained.
In some embodiments, if the request type of the service request is a key destruction operation, the cryptographic card bound by the sub-process may synchronize the key destruction operation to all the cryptographic cards and destroy the key synchronously.
In some embodiments, if the request type of the service request is a key update operation, the cryptographic card bound by the subprocess first performs the destruction of the original key, notifies other cryptographic cards of the key destruction operation, synchronously destroys the key, then generates a new key, and uses the synchronous key to perform symmetric encryption and then synchronizes to other cryptographic cards.
Because the same synchronous key can be shared among different cipher cards in the application, the synchronization of the user keys among the multiple cipher cards is realized based on the synchronous key, the safe and efficient concurrent execution of the multiple cipher cards on the service request can be realized, the operation capability of the multiple cipher cards is fully released, the processing efficiency of the service request is improved, the performance bottleneck is eliminated, and the expansion is convenient. In the application, for all types of services, the main process can send the services to any subprocess to execute related operations, and for each user, the password card corresponding to any subprocess can execute related operations of generating a secret key, encrypting or decrypting corresponding to the user, and the related operations are not required to be executed by setting middleware or a fixed password card described by a comparison file, so that the performance bottleneck caused by the related operations is prevented.
In addition, in practical application, the subprocess can also be in butt joint with the service server to record the processed service request information, including the service single number, the successful or failed result of service processing, abnormal operation and other information, form a log file and send the log file to the service server for storage.
Fig. 4 is a schematic diagram of an alternative device structure of a service processing device with multiple cryptographic cards according to an embodiment of the application, where a service processing device 400 with multiple cryptographic cards includes a key synchronization module 401, a selection module 402, and a processing module 403. Wherein,
a key synchronization module 401, configured to perform a sharing process of the synchronization key on all the cryptographic cards according to the synchronization key;
a selection module 402, configured to respond to service requests of different users, and determine a sub-process for executing the service requests according to a preset scheduling policy by a main process;
a processing module 403, configured to, if the request type of the service request is a user key, select a corresponding cryptographic card by the subprocess to generate a user key corresponding to the user; the subprocess carries out synchronous processing on the user key in all the cipher cards based on the synchronous key.
In some embodiments, the key synchronization module 401 is further configured to: all the cipher cards respectively generate corresponding identity key pairs, wherein the identity key pairs comprise a public key and a private key; randomly determining one password card as a target password card in all password cards; determining a synchronous key according to the target password card; and carrying out sharing processing of the synchronous keys on all the cipher cards according to the identity key pairs of each cipher card except the target cipher card and the synchronous keys.
In some embodiments, the selection module 402 is further to: for each cipher card except the target cipher card, sending a public key in an identity key pair corresponding to each cipher card to the target cipher card; the target cipher card performs asymmetric encryption on the synchronous key based on the public key, and distributes the encrypted ciphertext to the cipher card corresponding to the public key; after the cipher text is received by the cipher card, the cipher text is decrypted according to a private key in an identity key pair corresponding to the cipher card, and the synchronous key is obtained.
In some embodiments, the processing module 403 is further to: acquiring a user identifier in the service request; the subprocess calls a first service interface to send the service request to a password card bound with the subprocess; the password card queries a user key corresponding to the user based on the user identification; and if the user key is not queried, generating the user key corresponding to the user.
In some embodiments, the processing module 403 is further to: determining a corresponding relation between the user identifier corresponding to the user and the user key; and the password card stores the corresponding relation.
In some embodiments, the processing module 403 is further to: if the request type of the service request is user encryption or decryption service, acquiring a user identifier in the service request; the subprocess calls a second service interface to send the service request to a password card bound with the subprocess; the password card obtains a user key corresponding to the user identifier based on the user identifier, and performs corresponding service processing on the data in the service request to obtain a processing result; and the subprocess returns the processing result to the user.
It should be noted that, the service processing device of the multi-password card in the embodiment of the present application is similar to the description of the foregoing service processing method embodiment of the multi-password card, and has similar beneficial effects as the method embodiment, so that a detailed description is omitted. The technical details of the service processing device of the multi-password card provided in the embodiment of the present application may be understood from the description of any one of fig. 1 to fig. 3.
Fig. 5 illustrates a schematic block diagram of an example electronic device 500 that may be used to implement embodiments of the present disclosure. The electronic device 500 is used to implement the service processing method of the multi-password card according to the embodiment of the present disclosure. In some alternative embodiments, the electronic device 500 may implement the service processing method of the multi-password card provided by the embodiment of the present application by running a computer program, for example, the computer program may be a software module in an operating system; a local (Native) APP (Application), i.e. a program that needs to be installed in an operating system to run; the method can also be an applet, namely a program which can be run only by being downloaded into a browser environment; but also an applet that can be embedded in any APP. In general, the computer programs described above may be any form of application, module or plug-in.
In practical applications, the electronic device 500 may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a Cloud server that provides Cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDNs, and basic Cloud computing services such as big data and artificial intelligence platforms, where Cloud Technology (Cloud Technology) refers to a hosting Technology that unifies serial resources such as hardware, software, and networks in a wide area network or a local area network to implement computing, storing, processing and sharing of data. The electronic device 500 may be, but is not limited to, a smart phone, tablet computer, notebook computer, desktop computer, smart speaker, smart television, smart watch, etc.
Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital assistants, cellular telephones, smartphones, wearable devices, vehicle terminals, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the applications described and/or claimed herein.
As shown in fig. 5, the electronic device 500 includes a computing unit 501 that can perform various appropriate actions and processes according to a computer program stored in a Read Only Memory (ROM) 502 or a computer program loaded from a storage unit 508 into a Random Access Memory (RAM) 503. In the RAM 503, various programs and data required for the operation of the electronic device 500 may also be stored. The computing unit 501, ROM 502, and RAM 503 are connected to each other by a bus 504. An input/output (I/O) interface 505 is also connected to bus 504.
A number of components in electronic device 500 are connected to I/O interface 505, including: an input unit 506 such as a keyboard, a mouse, etc.; an output unit 507 such as various types of displays, speakers, and the like; a storage unit 508 such as a magnetic disk, an optical disk, or the like; and a communication unit 509 such as a network card, modem, wireless communication transceiver, etc. The communication unit 509 allows the electronic device 500 to exchange information/data with other devices via a computer network such as the internet and/or various telecommunication networks.
The computing unit 501 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of computing unit 501 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, etc. The computing unit 501 performs the respective methods and processes described above, for example, a service processing method of a multi-password card. For example, in some alternative embodiments, the business processing method of the multi-password card may be implemented as a computer software program tangibly embodied on a machine-readable medium, such as the storage unit 508. In some alternative embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 500 via the ROM 502 and/or the communication unit 509. When the computer program is loaded into the RAM 503 and executed by the computing unit 501, one or more steps of the above-described service processing method of the multi-password card may be performed. Alternatively, in other embodiments, the computing unit 501 may be configured as a multi-password card business processing method by any other suitable means (e.g., by means of firmware).
The embodiment of the application provides a computer readable storage medium storing executable instructions, wherein the executable instructions are stored, and when the executable instructions are executed by a processor, the processor is caused to execute the service processing method of the multi-password card provided by the embodiment of the application.
In some embodiments, the computer readable storage medium may be FRAM, ROM, PROM, EPROM, EEPROM, flash memory, magnetic surface memory, optical disk, or CD-ROM; but may be a variety of devices including one or any combination of the above memories.
In some embodiments, the executable instructions may be in the form of programs, software modules, scripts, or code, written in any form of programming language (including compiled or interpreted languages, or declarative or procedural languages), and they may be deployed in any form, including as stand-alone programs or as modules, components, subroutines, or other units suitable for use in a computing environment.
As an example, executable instructions may be deployed to be executed on one computing device or on multiple computing devices located at one site or, alternatively, distributed across multiple sites and interconnected by a communication network.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
It should be understood that, in various embodiments of the present application, the size of the sequence number of each implementation process does not mean that the execution sequence of each process should be determined by its function and internal logic, and should not constitute any limitation on the implementation process of the embodiments of the present application.
The above is merely an example of the present application and is not intended to limit the scope of the present application. Any modification, equivalent replacement, improvement, etc. made within the spirit and scope of the present application are included in the protection scope of the present application.
Claims (10)
1. A method for processing a service of a multi-password card, the method comprising:
carrying out sharing processing of the synchronous key on all the cipher cards according to the synchronous key;
responding to service requests of different users, and determining a sub-process for executing the service requests by a main process according to a preset scheduling strategy;
if the request type of the service request is a user key, the subprocess selects a corresponding cipher card to generate the user key corresponding to the user;
the subprocess carries out synchronous processing on the user key in all the cipher cards based on the synchronous key.
2. The method according to claim 1, wherein the performing the synchronization key sharing process on all the cryptographic cards according to the synchronization key includes:
all the cipher cards respectively generate corresponding identity key pairs, wherein the identity key pairs comprise a public key and a private key;
randomly determining one password card as a target password card in all password cards;
determining a synchronous key according to the target password card;
and carrying out sharing processing of the synchronous keys on all the cipher cards according to the identity key pairs of each cipher card except the target cipher card and the synchronous keys.
3. The method according to claim 2, wherein the sharing of the synchronization key for all the cryptographic cards with respect to the synchronization key and the identity key pair of each of the cryptographic cards other than the target cryptographic card includes:
for each cipher card except the target cipher card, sending a public key in an identity key pair corresponding to each cipher card to the target cipher card;
the target cipher card performs asymmetric encryption on the synchronous key based on the public key, and distributes the encrypted ciphertext to the cipher card corresponding to the public key;
after the cipher text is received by the cipher card, the cipher text is decrypted according to a private key in an identity key pair corresponding to the cipher card, and the synchronous key is obtained.
4. The method of claim 1, wherein the sub-process selecting the corresponding cryptographic card to generate the user key corresponding to the user if the request type of the service request is a user key, comprises:
acquiring a user identifier in the service request;
the subprocess calls a first service interface to send the service request to a password card bound with the subprocess;
the password card queries a user key corresponding to the user based on the user identification;
and if the user key is not queried, generating the user key corresponding to the user.
5. The method of claim 4, wherein the generating the user key corresponding to the user if the user key is not queried comprises:
determining a corresponding relation between the user identifier corresponding to the user and the user key;
and the password card stores the corresponding relation.
6. The method of claim 1, wherein the sub-process synchronizes the user key among all cryptographic cards based on the synchronization key, comprising:
the cipher card corresponding to the subprocess encrypts a user key and a user identifier corresponding to the user based on the synchronous key, and the encrypted ciphertext is transmitted to other cipher cards;
the other cipher cards decrypt the user key ciphertext according to the synchronous key respectively to obtain the user key and the user identifier;
and the other password cards store the corresponding relation between the user key and the user identifier.
7. The method according to claim 1, wherein the method further comprises:
if the request type of the service request is user encryption or decryption service, acquiring a user identifier in the service request;
the subprocess calls a second service interface to send the service request to a password card bound with the subprocess;
the password card obtains a user key corresponding to the user identifier based on the user identifier, and performs corresponding service processing on the data in the service request to obtain a processing result;
and the subprocess returns the processing result to the user.
8. A service processing apparatus for a multi-password card, the apparatus comprising:
the key synchronization module is used for carrying out sharing processing of the synchronous keys on all the cipher cards according to the synchronous keys;
the selection module is used for responding to service requests of different users, and the main process determines sub-processes for executing the service requests according to a preset scheduling strategy;
the processing module is used for selecting a corresponding cipher card to generate a user key by the subprocess if the request type of the service request is a user key; the subprocess carries out synchronous processing on the user key in all the cipher cards based on the synchronous key.
9. An electronic device, the electronic device comprising:
at least one processor; and a memory communicatively coupled to the at least one processor;
wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-7.
10. A computer readable storage medium comprising a set of computer executable instructions for performing the method of transaction processing for a multi-password card of any of claims 1-7 when the instructions are executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311047499.7A CN117077123A (en) | 2023-08-18 | 2023-08-18 | Service processing method and device for multiple password cards and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311047499.7A CN117077123A (en) | 2023-08-18 | 2023-08-18 | Service processing method and device for multiple password cards and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117077123A true CN117077123A (en) | 2023-11-17 |
Family
ID=88701785
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311047499.7A Pending CN117077123A (en) | 2023-08-18 | 2023-08-18 | Service processing method and device for multiple password cards and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117077123A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117319092A (en) * | 2023-11-29 | 2023-12-29 | 杭州海康威视数字技术股份有限公司 | Distributed key management method, device, password card and system |
| CN117478439A (en) * | 2023-12-28 | 2024-01-30 | 天津市品茗科技有限公司 | Network and information security encryption system and method |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106341226A (en) * | 2016-10-11 | 2017-01-18 | 山东渔翁信息技术股份有限公司 | Data encryption and decryption method and system |
| CN110572258A (en) * | 2019-07-24 | 2019-12-13 | 中国科学院数据与通信保护研究教育中心 | Cloud password computing platform and computing service method |
| CN111082926A (en) * | 2019-11-06 | 2020-04-28 | 深圳市东进技术股份有限公司 | Key synchronization method and system |
| CN113452519A (en) * | 2021-06-25 | 2021-09-28 | 深圳市电子商务安全证书管理有限公司 | Key synchronization method and device, computer equipment and storage medium |
| CN114297114A (en) * | 2021-11-23 | 2022-04-08 | 北京智芯微电子科技有限公司 | Encryption card, data interaction method and device thereof, and computer readable storage medium |
| CN114329605A (en) * | 2021-12-31 | 2022-04-12 | 北京天融信网络安全技术有限公司 | Cipher card key management method and device |
| CN115225269A (en) * | 2022-07-22 | 2022-10-21 | 深圳市纽创信安科技开发有限公司 | Key management method, device and system for distributed password card |
-
2023
- 2023-08-18 CN CN202311047499.7A patent/CN117077123A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106341226A (en) * | 2016-10-11 | 2017-01-18 | 山东渔翁信息技术股份有限公司 | Data encryption and decryption method and system |
| CN110572258A (en) * | 2019-07-24 | 2019-12-13 | 中国科学院数据与通信保护研究教育中心 | Cloud password computing platform and computing service method |
| CN111082926A (en) * | 2019-11-06 | 2020-04-28 | 深圳市东进技术股份有限公司 | Key synchronization method and system |
| CN113452519A (en) * | 2021-06-25 | 2021-09-28 | 深圳市电子商务安全证书管理有限公司 | Key synchronization method and device, computer equipment and storage medium |
| CN114297114A (en) * | 2021-11-23 | 2022-04-08 | 北京智芯微电子科技有限公司 | Encryption card, data interaction method and device thereof, and computer readable storage medium |
| CN114329605A (en) * | 2021-12-31 | 2022-04-12 | 北京天融信网络安全技术有限公司 | Cipher card key management method and device |
| CN115225269A (en) * | 2022-07-22 | 2022-10-21 | 深圳市纽创信安科技开发有限公司 | Key management method, device and system for distributed password card |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117319092A (en) * | 2023-11-29 | 2023-12-29 | 杭州海康威视数字技术股份有限公司 | Distributed key management method, device, password card and system |
| CN117319092B (en) * | 2023-11-29 | 2024-02-09 | 杭州海康威视数字技术股份有限公司 | Distributed key management method, device, password card and system |
| CN117478439A (en) * | 2023-12-28 | 2024-01-30 | 天津市品茗科技有限公司 | Network and information security encryption system and method |
| CN117478439B (en) * | 2023-12-28 | 2024-04-19 | 天津市品茗科技有限公司 | Network and information security encryption system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111047450A (en) | Method and device for calculating down-link privacy of on-link data | |
| CN112329041A (en) | Contract deployment method and device | |
| US20180032383A1 (en) | Performing Transactions Between Application Containers | |
| EP3232634B1 (en) | Identity authentication method and device | |
| CN117077123A (en) | Service processing method and device for multiple password cards and electronic equipment | |
| CN112199701A (en) | Contract calling method and device | |
| EP3780483A1 (en) | Cryptographic operation method, method for creating work key, and cryptographic service platform and device | |
| CN109450620B (en) | Method for sharing security application in mobile terminal and mobile terminal | |
| CN109347839B (en) | Centralized password management method and device, electronic equipment and computer storage medium | |
| CN111522809B (en) | Data processing method, system and equipment | |
| CN111597567B (en) | Data processing method, data processing device, node equipment and storage medium | |
| CN114143108B (en) | Session encryption method, device, equipment and storage medium | |
| CN110661748A (en) | Log encryption method, log decryption method and log encryption device | |
| CN112800393B (en) | Authorization authentication method, software development kit generation method, device and electronic equipment | |
| CN112231755A (en) | Data authorization method, device and system based on block chain | |
| CN116155491B (en) | Symmetric key synchronization method of security chip and security chip device | |
| CN111628863B (en) | Data signature method and device, electronic equipment and storage medium | |
| CN111400743B (en) | Transaction processing method, device, electronic equipment and medium based on blockchain network | |
| CN115022012B (en) | Data transmission method, device, system, equipment and storage medium | |
| CN114095165B (en) | Key updating method, server device, client device and storage medium | |
| CN113489706B (en) | Data processing method, device, system, equipment and storage medium | |
| CN113034140B (en) | Method, system, equipment and storage medium for realizing intelligent contract encryption | |
| CN109639409B (en) | Key initialization method, key initialization device, electronic equipment and computer-readable storage medium | |
| CN114329596A (en) | Firmware updating method, device and system for Internet of things equipment | |
| CN110889145B (en) | Block chain resource processing method, platform, system and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |