CN102880825A - Method and system for efficiently calling hardware encryption equipment in UNIX/LINUX environment - Google Patents
Method and system for efficiently calling hardware encryption equipment in UNIX/LINUX environment Download PDFInfo
- Publication number
- CN102880825A CN102880825A CN2012103107957A CN201210310795A CN102880825A CN 102880825 A CN102880825 A CN 102880825A CN 2012103107957 A CN2012103107957 A CN 2012103107957A CN 201210310795 A CN201210310795 A CN 201210310795A CN 102880825 A CN102880825 A CN 102880825A
- Authority
- CN
- China
- Prior art keywords
- hardware encipher
- encipher machine
- unix
- message
- machine
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a method and a system for efficiently calling hardware encryption equipment in a UNIX/LINUX environment. The method comprises the following steps of: reading configuration from a configuration file, establishing a request message queue and an acknowledgement message queue respectively, establishing connection with the hardware encryption equipment, writing messages for which the hardware encryption equipment is required to be called into the request message queue by using other application systems; reading the messages from the request message queue, transmitting the read messages to the hardware encryption equipment, receiving messages from the hardware encryption equipment, writing the messages of the hardware encryption equipment into the acknowledgement message queue, and receiving the messages from the acknowledgement message queue by using the other application systems. Application program interfaces (API) of different types of hardware encryption equipment are arranged in different modules, the same interface is called by the application systems, and is stored in a dynamic link library, and an encryption server is independent from the application systems, so that efficiency is improved, and the application systems can be conveniently maintained. Different types of hardware encryption equipment can be called by modifying information in the configuration file, so that different types of hardware encryption equipment can be conveniently replaced.
Description
Technical field
The present invention relates to computer application field, be specifically related to a kind of method and system of in the UNIX/LINUX environment, efficiently conveniently calling the hardware encipher machine.
Background technology
The industries such as army, finance, telecommunications generally used the hardware encipher machine, but there are several families in hardware encipher machine producer for guaranteeing security of system, and every family also has Multiple Type.The hardware encipher machine of different model, calling interface substantially all is different, the different application systems of an enterprise also often uses the hardware encipher machine of distinct interface, the major applications system all bundles with the hardware encipher machine, hardware encipher machine model change just needs to revise application system, cause system portablely low, the system maintenance cost is very high and the risk increasing.
Summary of the invention
The object of the present invention is to provide the method and system of efficiently calling the hardware encipher machine in a kind of UNIX/LINUX environment, can realize accessing corresponding hardware encipher machine according to configuration file, to solve present defective of the prior art.
Technical scheme of the present invention is as follows:
Efficiently call the method for hardware encipher machine in a kind of UNIX/LINUX environment, may further comprise the steps:
Step 1: from configuration file, read the configuration information that comprises hardware encipher machine model, hardware encipher machine IP address, hardware encipher machine port numbers, request message formation and response message formation key value;
Step 2: judge whether request message formation and response message formation exist, if there is no, then set up respectively;
Step 3: connect with the hardware encipher machine;
Step 4: wait for that other application system calls need the message write request message queue of hardware encipher machine;
Step 5: from the request message formation, read information and sending to the hardware encipher machine;
Step 6: receive hardware encipher machine message and write the response message formation;
Step 7: other application system is from response message formation receipt message.
Its further technical scheme is: before carrying out described step 5, check first whether message is arranged in the request message formation; If there is message, then execution in step five, if without message, then return step 4 and continue to wait for.
Its further technical scheme is: before carrying out described step 5, need request message is carried out pre-service, then execution in step five, and pretreated message is sent to corresponding hardware encipher machine.
Its further technical scheme is: in the described step 3, connect by the SOCKET communication modes with the hardware encipher machine of appointment in the configuration file, port numbers is taken from configuration file.
Its further technical scheme is: other application system in described step 4, the step 7 is for calling the application system of hardware encipher machine.
The present invention also provides the system of efficiently calling the hardware encipher machine in a kind of UNIX/LINUX environment, comprises that a server that UNIX or LINUX be housed, dynamic link library, one encrypt other application system that server, hardware encipher machine and need call the hardware encipher machine; Described dynamic link library, encrypt server, other application system that need call the hardware encipher machine all moves at the server that UNIX or LINUX are housed, described other application system is carried out interacting message by calling dynamic link library with encryption server, and described hardware encipher machine passes through network connection with the server that UNIX or LINUX are housed.
Useful technique effect of the present invention is:
The present invention is placed on the hardware encipher machine API of various different models in the disparate modules, call for the application system with same interface, this interface is kept in the dynamic link library, encrypt server and application system independence, has both improved the maintenance that efficient has also made things convenient for application system.By the modification of information in the configuration file, just can call the hardware encipher machine of different model, made things convenient for the replacement of different model hardware encipher machine.
The aspect that the present invention adds and advantage provide in the embodiment description partly below, and part will become obviously from the following description, or recognize by practice of the present invention.
Description of drawings
Fig. 1 is the process flow diagram of the inventive method.
Fig. 2 is the synoptic diagram of system of the present invention.
Embodiment
Below in conjunction with accompanying drawing the specific embodiment of the present invention is described further.
As shown in Figure 1, efficiently call the method for hardware encipher machine in the UNIX/LINUX environment of the present invention, may further comprise the steps:
The S1 step reads hardware encipher machine model, daily record rank, request message formation and the parameters such as response message formation key value, hardware encipher machine IP address and port numbers from configuration file;
The S2 step checks whether request message formation and response message formation exist; If exist, then carry out the S4 step; If there is no, then carry out the S3 step;
The S3 step is set up respectively request message formation and response message formation;
The S4 step is set up the SOCKET communication with the hardware encipher machine of appointment in the configuration file, and port numbers is taken from configuration file;
S5 step, wait need be called other system of hardware encipher machine with encrypting messages write request message queue;
The S6 step checks in the request message formation whether message is arranged; If there is message, then carry out the S7 step; If without message, then return the S5 step, continue to wait for;
The S7 step is carried out pre-service to request message;
The S8 step sends to corresponding hardware encipher machine with pretreated message;
The S9 step receives response message from the hardware encipher machine;
The S10 step writes the response message formation with response message;
The S11 step, other application system is from response message formation receipt message.
As shown in Figure 2, the system of efficiently calling hardware encipher machine of the present invention for realizing that said method provides, its structure forms and comprises: need call other application system 1 of hardware encipher machine, a dynamic link library 2, encryption server 3, a hardware encipher machine 4 and the server 5 that UNIX or LINUX are housed.
In the system shown in Figure 2, dynamic link library 2, other application system 1 of encrypting server 3 and need call the hardware encipher machine are all moved at the server 5 that UNIX or LINUX are being housed, need call other application system 1 of hardware encipher machine and carry out interacting message by calling dynamic link library 2 with encryption server 3, hardware encipher machine 4 passes through network connection with the server 5 that UNIX or LINUX are housed.
Need call other application system 1 of hardware encipher machine, can be Unionpay of bank front-end system, Banking Integrated Front System, bank's debit card key problem, bank's credit card core system, IC-card card sending system, telecommunications hair fastener management system or other system, this system issues dynamic link library with the request message that need call the hardware encipher machine.
Encrypt and to send to hardware encipher machine 4, then wait acknowledge message after request message that server 3 calls the hardware encipher machine with need is done pre-service; Encrypt server 3 and receive response message, after treatment, return messages are to dynamic link library 2.
In the system shown in Figure 2, the formation of calling the request message place of encryption equipment is called the request message formation, and the formation at the response message place that encryption equipment returns is called the response message formation.
In one embodiment of the invention, encrypting server comprises:
The first configuration file is deposited hardware encipher machine model, daily record rank, request message formation and response message formation key value etc.;
The second configuration file is preserved hardware encipher machine IP address and port numbers;
The configuration function reading comprises the function that reads configuration information in the first configuration file and the second configuration file file;
The public function storehouse, comprise with the hardware encipher machine set up the function of socket communication, with the pre-service function of hardware encipher machine interacting message, write that daily record function, binary-coded decimal turn the ASCII character function, ASCII character turns binary-coded decimal function etc.;
Encrypt the server principal function, comprised the principal function of encrypting server, realize encrypting the control flow of server;
Api function corresponding to various hardware encipher machine models comprised the api function of the hardware encipher machine SJL06 of Unionpay's cipher mode, the api function of the hardware encipher machine SJL06 of RACAL encryption system, the api function of the hardware encipher machine SJL05 of Unionpay's cipher mode, the api function of the hardware encipher machine SJL05 of RACAL encryption system, the api function of the hardware encipher machine SJL10-A of Unionpay's cipher mode, the api function of hardware encipher machine SJL22, the api function of hardware encipher machine SJJ0808-A and SJJ0808-B, the api function of hardware encipher machine SJJ1005-A and SJJ1005-B;
Dynamic link library comprises the public function that calls for other application system.
Change hardware encipher machine model, only need to revise the hardware encipher machine model in the first configuration file, just can quick and conveniently realize, and need not to revise other system of calling the hardware encipher machine, if hardware encipher machine IP address or port numbers have change, as long as revise the second configuration file.
Below by an example how quick and convenient replacing hardware encipher machine model is described.
Suppose in the first configuration file the hardware encipher machine SJL06 that represents Unionpay's cipher mode with 1, the hardware encipher machine SJL06 of 2 expression RACAL cipher modes, the hardware encipher machine SJL05 of 3 expression Unionpay cipher modes, the hardware encipher machine SJL05 of 4 expression RACAL cipher modes, the hardware encipher machine SJL10-A of 5 expression Unionpay cipher modes, 6 expression hardware encipher machine SJL22,7 expression hardware encipher machine SJJ0808-A, other hardware encipher machine is in this not one by one explanation.
If the hardware encipher machine SJL05 of the former use of certain Unionpay of bank front-end system Unionpay cipher mode represents this encryption equipment model with 1 in the first configuration file.Need now to use hardware encipher machine SJJ0808-A, address and the port numbers of encryption equipment change simultaneously.Then just can finish replacing according to the following steps:
1) stops to encrypt server; 2) change encryption equipment model in the first configuration file into 7 by 1; 3) with hardware encipher machine IP address and port in the second configuration file, change IP address and the port of the hardware encipher machine SJJ0808-A of new use into; 4) restart encryption server.
Above-described only is preferred implementation of the present invention, the invention is not restricted to above embodiment.Be appreciated that other improvement and variation that those skilled in the art directly derive or associate under the prerequisite that does not break away from basic conception of the present invention, all should think to be included within protection scope of the present invention.
Claims (6)
1. efficiently call the method for hardware encipher machine in the UNIX/LINUX environment, it is characterized in that may further comprise the steps:
Step 1: from configuration file, read the configuration information that comprises hardware encipher machine model, hardware encipher machine IP address, hardware encipher machine port numbers, request message formation and response message formation key value;
Step 2: judge whether request message formation and response message formation exist, if there is no, then set up respectively;
Step 3: connect with the hardware encipher machine;
Step 4: wait for that other application system calls need the message write request message queue of hardware encipher machine;
Step 5: from the request message formation, read information and sending to the hardware encipher machine;
Step 6: receive hardware encipher machine message and write the response message formation;
Step 7: other application system is from response message formation receipt message.
2. efficiently call according to claim 1 the method for hardware encipher machine in the described UNIX/LINUX environment, it is characterized in that: before carrying out described step 5, check first whether message is arranged in the request message formation; If there is message, then execution in step five, if without message, then return step 4 and continue to wait for.
3. efficiently call according to claim 1 the method for hardware encipher machine in the described UNIX/LINUX environment, it is characterized in that: before carrying out described step 5, need request message is carried out pre-service, then execution in step five, and pretreated message is sent to corresponding hardware encipher machine.
4. efficiently call according to claim 1 the method for hardware encipher machine in the described UNIX/LINUX environment, it is characterized in that: in the described step 3, connect by the SOCKET communication modes with the hardware encipher machine of appointment in the configuration file, port numbers is taken from configuration file.
5. efficiently call according to claim 1 the method for hardware encipher machine in the described UNIX/LINUX environment, it is characterized in that: other application system in described step 4, the step 7 is for calling the application system of hardware encipher machine.
6. efficiently call the system of hardware encipher machine in the UNIX/LINUX environment, it is characterized in that: comprise that a server that UNIX or LINUX be housed, dynamic link library, one encrypt other application system that server, hardware encipher machine and need call the hardware encipher machine; Described dynamic link library, encrypt server, other application system that need call the hardware encipher machine all moves at the server that UNIX or LINUX are housed, described other application system is carried out interacting message by calling dynamic link library with encryption server, and described hardware encipher machine passes through network connection with the server that UNIX or LINUX are housed.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2012103107957A CN102880825A (en) | 2012-08-28 | 2012-08-28 | Method and system for efficiently calling hardware encryption equipment in UNIX/LINUX environment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2012103107957A CN102880825A (en) | 2012-08-28 | 2012-08-28 | Method and system for efficiently calling hardware encryption equipment in UNIX/LINUX environment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN102880825A true CN102880825A (en) | 2013-01-16 |
Family
ID=47482146
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2012103107957A Pending CN102880825A (en) | 2012-08-28 | 2012-08-28 | Method and system for efficiently calling hardware encryption equipment in UNIX/LINUX environment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102880825A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105227294A (en) * | 2015-09-29 | 2016-01-06 | 北京江南天安科技有限公司 | Cipher machine and its implementation and encrypting and deciphering system and method thereof |
CN107948170A (en) * | 2017-11-30 | 2018-04-20 | 中国平安人寿保险股份有限公司 | Interface requests parameter encryption method, device, equipment and readable storage medium storing program for executing |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101820342A (en) * | 2010-03-31 | 2010-09-01 | 北京飞天诚信科技有限公司 | Method for implementing hardware encryption engine |
US20110173442A1 (en) * | 2004-03-19 | 2011-07-14 | Verizon Corporate Services Group Inc. | Packet-based and pseudo-packet based cryptographic communications systems and methods |
-
2012
- 2012-08-28 CN CN2012103107957A patent/CN102880825A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110173442A1 (en) * | 2004-03-19 | 2011-07-14 | Verizon Corporate Services Group Inc. | Packet-based and pseudo-packet based cryptographic communications systems and methods |
CN101820342A (en) * | 2010-03-31 | 2010-09-01 | 北京飞天诚信科技有限公司 | Method for implementing hardware encryption engine |
Non-Patent Citations (2)
Title |
---|
林松等: "国际卡收单系统的安全解决方案", 《计算机工程》 * |
董贵山等: "一种Linux网络硬件加密高性能并发调度方法", 《计算机应用》 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105227294A (en) * | 2015-09-29 | 2016-01-06 | 北京江南天安科技有限公司 | Cipher machine and its implementation and encrypting and deciphering system and method thereof |
CN105227294B (en) * | 2015-09-29 | 2018-08-03 | 北京江南天安科技有限公司 | Cipher machine and its implementation and encrypting and deciphering system and its method |
CN107948170A (en) * | 2017-11-30 | 2018-04-20 | 中国平安人寿保险股份有限公司 | Interface requests parameter encryption method, device, equipment and readable storage medium storing program for executing |
CN107948170B (en) * | 2017-11-30 | 2020-11-24 | 中国平安人寿保险股份有限公司 | Interface request parameter encryption method, device, equipment and readable storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11620401B2 (en) | System and method for automatically securing sensitive data in public cloud using a serverless architecture | |
EP2974122B1 (en) | Systems and methods for cryptographic security as a service | |
WO2020000720A1 (en) | Server, packet processing method, program, and computer-readable storage medium | |
EP3007066A1 (en) | Method for using shared device in apparatus capable of operating two operating systems | |
CN107169364A (en) | A kind of data security method and related system | |
CN103577281A (en) | Method and system for recovering data | |
CN114637611A (en) | Information processing method and device based on message queue and computer equipment | |
CN108833500B (en) | Service calling method, service providing method, data transmission method and server | |
CN112015815B (en) | Data synchronization method, device and computer readable storage medium | |
CN102880825A (en) | Method and system for efficiently calling hardware encryption equipment in UNIX/LINUX environment | |
CN107172112A (en) | A kind of computer documents transmission method and device | |
CN112860805A (en) | Block chain data interaction method and system | |
EP3842980B1 (en) | System and method for automatically securing sensitive data in public cloud using a serverless architecture | |
CN105812327B (en) | Composite type multipurpose communication method and system | |
CN110059081A (en) | Data output method, device and the computer equipment shown based on data | |
CN106789272A (en) | A kind of server set group managing means and system | |
CN109241180B (en) | Data synchronization method and device based on log | |
CN112187909A (en) | Financing information generation system and method based on block chain | |
CN105592032A (en) | Internet-based security information interaction method | |
CN104572353A (en) | Disaster recovery fusion management method and system | |
CN111506644A (en) | Application data processing method and device and electronic equipment | |
Tan et al. | Electronic Data Interchange on Logistics System Based on Embedded Linux | |
CN110764925A (en) | Data transaction terminal equipment | |
CN115391804A (en) | File transfer protocol command execution method and device | |
CN116760820A (en) | Data export method, device, computer equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C05 | Deemed withdrawal (patent law before 1993) | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20130116 |