CN107247625A - A kind of data encrypting and deciphering dispatching method verified based on many card redundancys - Google Patents
A kind of data encrypting and deciphering dispatching method verified based on many card redundancys Download PDFInfo
- Publication number
- CN107247625A CN107247625A CN201710447273.4A CN201710447273A CN107247625A CN 107247625 A CN107247625 A CN 107247625A CN 201710447273 A CN201710447273 A CN 201710447273A CN 107247625 A CN107247625 A CN 107247625A
- Authority
- CN
- China
- Prior art keywords
- encrypted card
- card
- encryption
- port
- decryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5005—Allocation of resources, e.g. of the central processing unit [CPU] to service a request
- G06F9/5027—Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2209/00—Indexing scheme relating to G06F9/00
- G06F2209/50—Indexing scheme relating to G06F9/50
- G06F2209/503—Resource availability
Abstract
The invention discloses a kind of data encrypting and deciphering dispatching method verified based on many card redundancys, implementation steps include:Advance to safeguard an encrypted card status list, a port status list is safeguarded for each encrypted card, the state of encrypted card includes three kinds of normal, failure and saturation, and port status is not used two kinds including the use of neutralization;Initialize the waiting list for depositing encryption and decryption task;When receiving current encryption and decryption task, the encryption or decryption process that two untapped target ports that current encryption and decryption task is assigned in the encrypted card of two normal conditions are specified, the consistent situation of output then judges current encryption and decryption tasks carrying success, updating maintenance encrypted card status list and port status list in invoked procedure.Situations such as present invention take into account error in data and the call error of encrypted card, sets up redundancy under many snap ring borders using particular schedule algorithm, multi-card parallelism performance and system availability is improved to greatest extent, data error rate is reduced.
Description
Technical field
The present invention relates to the computer data encryption and decryption technology based on encrypted card, and in particular to one kind is based on many card redundancy schools
The data encrypting and deciphering dispatching method tested.
Background technology
In government, army, there are the enterprise of security requirements or organization internal to have the demand that significant data is encrypted.For
The consideration of confidentiality and performance, available data encryption system generally uses hardware enciphering and deciphering.Encryption hardware is the form of pci card
(Hereinafter referred to as encrypted card).The encryption/decryption speed of monolithic encrypted card has the upper limit.For separate unit main frame, monolithic adds sometimes
The need for close card can not meet processing mass data in speed, therefore polylith encrypted card can be inserted simultaneously share task.Cause
Task for each data block of encryption and decryption does not interdepend independently of one another, for many snap ring borders, can be simply encryption and decryption data
Block task is evenly distributed on each encrypted card, and this is also the encrypted card dispatching algorithm used at present.
Each encrypted card has multiple ports, and each port can handle an encryption and decryption data task, that is to say, that one has N
Encrypted card under the normal condition of individual port can carry out the encryption and decryption of N number of data simultaneously.
In actual use, encrypted card is likely to occur failure, causes encryption and decryption not carry out.Come for single deck tape-recorder system
Say, because encryption card failure is Single Point of Faliure, so as to cause whole system failure.For multi-card system, when a part of encrypted card
During failure, in the case of using current dispatching algorithm, when task is assigned on failure encrypted card, the task can be caused
Failure, it is overall apparently to have partial task failure.Therefore also can not redundancy encryption card failure even if multi-card system.
In actual encrypted card encryption process, find sometimes in the case of key and data are correct, it may appear that wrong
Result by mistake.This mistake has randomness, shows as identical key and data, repeats to encrypt on same encrypted card
Twice, it is possible that different results, it is considered to the uniqueness of result, the inevitable result for once generating mistake.This feelings
Condition is usually not considered as encrypting card failure, but how to ensure the correctness of data, is still a technology urgently to be resolved hurrily
Problem.
The content of the invention
The technical problem to be solved in the present invention:Above mentioned problem for prior art there is provided one kind take into account encrypted card
Error in data and situations such as call error, set up redundancy under many snap ring borders using particular schedule algorithm, improve to greatest extent
Multi-card parallelism performance and system availability, reduce the data encrypting and deciphering verified based on many card redundancys of data error rate
Dispatching method.
In order to solve the above-mentioned technical problem, the technical solution adopted by the present invention is:
A kind of data encrypting and deciphering dispatching method verified based on many card redundancys, it is characterised in that implementation steps include:
1)An encrypted card status list is safeguarded in advance, safeguard a port status list, the encryption for each encrypted card
Card status list includes the state of each encrypted card, and the state of the encrypted card includes three kinds of normal, failure and saturation, described
Port status list includes the state of each port of encrypted card, and the state of the port is not used two including the use of neutralization
Kind;Initialize the waiting list for depositing encryption and decryption task;When receiving current encryption and decryption task, execution step 2 is redirected);
2)Two untapped target ports current encryption and decryption task being assigned in the encrypted card of two normal conditions are carried out
The encryption or decryption process specified, and the consistent situation of output for the encryption or decryption process specified in two target ports
It is lower to judge target port is labeled as in use and adjusted during current encryption and decryption tasks carrying success, invocation target port
It is unused to recover port after being finished with target port, if encryption card port is complete in use and marks the encrypted card to be full
With, and call successful instance to mark the state of encrypted card to be normal or malfunction according to target port.
2. the data encrypting and deciphering dispatching method according to claim 1 verified based on many card redundancys, its feature is existed
In step 2)Detailed step include:
2.1)Whether be empty, execution step 2.2 is directly redirected if waiting list is sky if judging waiting list);Otherwise, ought
Preceding encryption and decryption task adds waiting list, and is located in waiting list the task before current encryption and decryption task and is fully completed
Afterwards, execution step 2.2 is redirected);
2.2)Attempted to obtain two encrypted cards of normal condition according to encrypted card status list, if obtained successfully, redirect and hold
Row step 2.3);Otherwise, encrypted card total quantity is subtracted into the encrypted card quantity in malfunction and obtains available encrypted card quantity,
Second return to mistake if can be less than with encrypted card quantity and exit, if two can be more than or equal to encrypted card quantity, redirect
Perform step 2.1);
2.3)According to the port status list of two encrypted cards, a untapped end is obtained respectively from described two encrypted cards
Mouthful, the juxtaposition port status is has used, if now all of the port of encrypted card is used, by encrypted card status list
In the correlation behavior of the encrypted card be set to saturation, finally give two ports for belonging to different encrypted cards as two destination ends
Mouthful;
2.4)The encryption or decryption process for calling two target ports to be specified respectively current encryption and decryption task obtains two
Output;Called if normal and two outputs are identical if two target ports and return to current encryption and decryption tasks carrying success;Such as
Really two target ports call normal and two outputs are different, then return to current encryption and decryption tasks carrying check errors;If
Error is called in arbitrary target port, then the correlation-like of the target port correspondence encrypted card of error will be called in encrypted card status list
State is set to failure, returns to current encryption and decryption tasks carrying mistake;
2.5)For calling the corresponding encrypted card of normal target port, by the shape of the target port in corresponding ports status list
State is set to unused, and the corresponding states in encrypted card status list is set to normally.
The present invention is had the advantage that based on the data encrypting and deciphering dispatching method tool that many card redundancys are verified:
1st, the inventive method safeguards an encrypted card status list, safeguards a port status Bar for each encrypted card in advance
Table, the state of encrypted card includes three kinds of normal, failure and saturation, and port status is unused two kinds including the use of neutralizing;Initialization
Waiting list for depositing encryption and decryption task;When receiving current encryption and decryption task, current encryption and decryption task is assigned to two
The encryption or decryption process that two untapped target ports in the encrypted card of individual normal condition are specified, is exported unanimously
Situation then judges current encryption and decryption tasks carrying success, updating maintenance encrypted card status list and port status in invoked procedure
List, situations such as present invention take into account error in data and the call error of encrypted card, using particular schedule algorithm in many snap rings
Redundancy is set up under border, multi-card parallelism performance and system availability are improved to greatest extent, data error rate is reduced.
2nd, the present invention can solve the problem that the existing data encrypting and deciphering system using many encryption snap ring borders has encryption card failure and led
Cause the problem of system failure, and encryption and decryption small probability produce error result.
Brief description of the drawings
Fig. 1 is the application environment schematic diagram of present invention method.
Fig. 2 is the schematic flow sheet of present invention method.
Fig. 3 is the encrypted card status list schematic diagram in the embodiment of the present invention.
Fig. 4 is the port status list schematic diagram in the embodiment of the present invention.
Fig. 5 is step 2 in the embodiment of the present invention)Detailed process schematic diagram.
Fig. 6 is the waiting list schematic diagram in the embodiment of the present invention.
Embodiment
As shown in figure 1, in the present embodiment be specifically comprising 4 block encryption cards linux operating systems exemplified by, to base of the present invention
The data encrypting and deciphering dispatching method verified in many card redundancys enters the detailed description advanced once.Referring to Fig. 1,4 block encryptions should be included
The linux operating system file system drive dispatching algorithm modules of card, file system driver is the caller of dispatching algorithm module,
The caller that dispatching algorithm module then drives for encrypted card, encrypted card is driven to original encrypted card hardware interface, it is desirable to call
Person specifies card number and port numbers, and dispatching algorithm module is the data encrypting and deciphering scheduling verified using the present embodiment based on many card redundancys
The example of method, the details of encrypted card is shielded to upper strata caller, and there is provided single encryption and decryption interface.
As shown in Fig. 2 the implementation steps for the data encrypting and deciphering dispatching method that the present embodiment is verified based on many card redundancys include:
1)An encrypted card status list is safeguarded in advance(As shown in figure 3, wherein card 1, card 2, the respectively different encryption of card 3 ...
Card), safeguard a port status list for each encrypted card(As shown in figure 4, its middle port 1, port 2, port 3 ... point
The different port of not same encrypted card), encrypted card status list includes the state of each encrypted card, and the state of encrypted card includes
Normally, three kinds of failure and saturation, port status list include the state of each port of encrypted card, and the state of port includes making
Two kinds are not used with neutralizing;Initialize the waiting list for depositing encryption and decryption task(As shown in figure 5, wherein 1~task of task
N represents being cached in waiting list for task);When receiving current encryption and decryption task, execution step 2 is redirected);
2)Two untapped target ports current encryption and decryption task being assigned in the encrypted card of two normal conditions are carried out
The encryption or decryption process specified, and the consistent situation of output for the encryption or decryption process specified in two target ports
It is lower to judge target port is labeled as in use and adjusted during current encryption and decryption tasks carrying success, invocation target port
It is unused to recover port after being finished with target port, if encryption card port is complete in use and marks the encrypted card to be full
With, and call successful instance to mark the state of encrypted card to be normal or malfunction according to target port.
As shown in fig. 6, step 2)Detailed step include:
2.1)Whether be empty, execution step 2.2 is directly redirected if waiting list is sky if judging waiting list);Otherwise, ought
Preceding encryption and decryption task adds waiting list, and is located in waiting list the task before current encryption and decryption task and is fully completed
Afterwards, execution step 2.2 is redirected);In the present embodiment, waiting list is scheduled by the way of FIFO, if waiting list is non-
Sky, then add waiting list by current encryption and decryption task, and until task above, all complete can be by current encryption and decryption task
Processing is scheduled, the purpose for the arrangement is that in order to provide QOS(Service quality), the task in the waiting list prevented may grow
Time cannot be handled;
2.2)Attempted to obtain two encrypted cards of normal condition according to encrypted card status list, if obtained successfully, redirect and hold
Row step 2.3);Otherwise, encrypted card total quantity is subtracted into the encrypted card quantity in malfunction and obtains available encrypted card quantity,
Second return to mistake if can be less than with encrypted card quantity and exit, if two can be more than or equal to encrypted card quantity, redirect
Perform step 2.1);
2.3)According to the port status list of two encrypted cards, a untapped port is obtained respectively from two encrypted cards,
The juxtaposition port status is has used, if now all of the port of encrypted card is used, by encrypted card status list
The correlation behavior of the encrypted card is set to saturation, finally gives two ports for belonging to different encrypted cards as two destination ends
Mouthful;
2.4)The encryption or decryption process for calling two target ports to be specified respectively current encryption and decryption task obtains two
Output;Called if normal and two outputs are identical if two target ports and return to current encryption and decryption tasks carrying success;Such as
Really two target ports call normal and two outputs are different, then return to current encryption and decryption tasks carrying check errors;If
Error is called in arbitrary target port, then the correlation-like of the target port correspondence encrypted card of error will be called in encrypted card status list
State is set to failure, returns to current encryption and decryption tasks carrying mistake;
2.5)For calling the corresponding encrypted card of normal target port, by the shape of the target port in corresponding ports status list
State is set to unused, and the corresponding states in encrypted card status list is set to normally.
Described above is only the preferred embodiment of the present invention, and protection scope of the present invention is not limited merely to above-mentioned implementation
Example, all technical schemes belonged under thinking of the present invention belong to protection scope of the present invention.It should be pointed out that for the art
Those of ordinary skill for, some improvements and modifications without departing from the principles of the present invention, these improvements and modifications
It should be regarded as protection scope of the present invention.
Claims (2)
1. a kind of data encrypting and deciphering dispatching method verified based on many card redundancys, it is characterised in that implementation steps include:
1)An encrypted card status list is safeguarded in advance, safeguard a port status list, the encryption for each encrypted card
Card status list includes the state of each encrypted card, and the state of the encrypted card includes three kinds of normal, failure and saturation, described
Port status list includes the state of each port of encrypted card, and the state of the port is not used two including the use of neutralization
Kind;Initialize the waiting list for depositing encryption and decryption task;When receiving current encryption and decryption task, execution step 2 is redirected);
2)Two untapped target ports current encryption and decryption task being assigned in the encrypted card of two normal conditions are carried out
The encryption or decryption process specified, and the consistent situation of output for the encryption or decryption process specified in two target ports
It is lower to judge target port is labeled as in use and adjusted during current encryption and decryption tasks carrying success, invocation target port
It is unused to recover port after being finished with target port, if encryption card port is complete in use and marks the encrypted card to be full
With, and call successful instance to mark the state of encrypted card to be normal or malfunction according to target port.
2. the data encrypting and deciphering dispatching method according to claim 1 verified based on many card redundancys, it is characterised in that step
2)Detailed step include:
2.1)Whether be empty, execution step 2.2 is directly redirected if waiting list is sky if judging waiting list);Otherwise, ought
Preceding encryption and decryption task adds waiting list, and is located in waiting list the task before current encryption and decryption task and is fully completed
Afterwards, execution step 2.2 is redirected);
2.2)Attempted to obtain two encrypted cards of normal condition according to encrypted card status list, if obtained successfully, redirect and hold
Row step 2.3);Otherwise, encrypted card total quantity is subtracted into the encrypted card quantity in malfunction and obtains available encrypted card quantity,
Second return to mistake if can be less than with encrypted card quantity and exit, if two can be more than or equal to encrypted card quantity, redirect
Perform step 2.1);
2.3)According to the port status list of two encrypted cards, a untapped end is obtained respectively from described two encrypted cards
Mouthful, the juxtaposition port status is has used, if now all of the port of encrypted card is used, by encrypted card status list
In the correlation behavior of the encrypted card be set to saturation, finally give two ports for belonging to different encrypted cards as two destination ends
Mouthful;
2.4)The encryption or decryption process for calling two target ports to be specified respectively current encryption and decryption task obtains two
Output;Called if normal and two outputs are identical if two target ports and return to current encryption and decryption tasks carrying success;Such as
Really two target ports call normal and two outputs are different, then return to current encryption and decryption tasks carrying check errors;If
Error is called in arbitrary target port, then the correlation-like of the target port correspondence encrypted card of error will be called in encrypted card status list
State is set to failure, returns to current encryption and decryption tasks carrying mistake;
2.5)For calling the corresponding encrypted card of normal target port, by the shape of the target port in corresponding ports status list
State is set to unused, and the corresponding states in encrypted card status list is set to normally.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710447273.4A CN107247625B (en) | 2017-06-14 | 2017-06-14 | A kind of data encrypting and deciphering dispatching method based on the verification of more card redundancies |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710447273.4A CN107247625B (en) | 2017-06-14 | 2017-06-14 | A kind of data encrypting and deciphering dispatching method based on the verification of more card redundancies |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107247625A true CN107247625A (en) | 2017-10-13 |
| CN107247625B CN107247625B (en) | 2019-08-09 |
Family
ID=60018561
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710447273.4A Active CN107247625B (en) | 2017-06-14 | 2017-06-14 | A kind of data encrypting and deciphering dispatching method based on the verification of more card redundancies |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107247625B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7347361B2 (en) * | 2005-06-13 | 2008-03-25 | Robert Lovett | System, method and program product for account transaction validation |
| CN103294958A (en) * | 2013-05-21 | 2013-09-11 | 中国人民解放军国防科学技术大学 | Kernel-level virtual polymerization and parallel encryption method for class-oriented Linux system |
| CN203840359U (en) * | 2014-05-08 | 2014-09-17 | 国民技术股份有限公司 | Electronic encryption apparatus and electronic device |
| CN102724035B (en) * | 2012-06-15 | 2015-04-01 | 中国电力科学研究院 | Encryption and decryption method for encrypt card |
-
2017
- 2017-06-14 CN CN201710447273.4A patent/CN107247625B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7347361B2 (en) * | 2005-06-13 | 2008-03-25 | Robert Lovett | System, method and program product for account transaction validation |
| CN102724035B (en) * | 2012-06-15 | 2015-04-01 | 中国电力科学研究院 | Encryption and decryption method for encrypt card |
| CN103294958A (en) * | 2013-05-21 | 2013-09-11 | 中国人民解放军国防科学技术大学 | Kernel-level virtual polymerization and parallel encryption method for class-oriented Linux system |
| CN203840359U (en) * | 2014-05-08 | 2014-09-17 | 国民技术股份有限公司 | Electronic encryption apparatus and electronic device |
Non-Patent Citations (2)
| Title |
|---|
| 寇家林: "Linux上内核多加密卡容错实时并行调度系统的研究与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
| 申锟锴: "虚拟专用网VPN的研究与实现", 《中国优秀博硕士学位论文全文数据库(硕士) 信息科技辑》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107247625B (en) | 2019-08-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2538087C (en) | System and method for remote device registration | |
| EP0876026B1 (en) | Programmable crypto processing system and method | |
| US11025415B2 (en) | Cryptographic operation method, method for creating working key, cryptographic service platform, and cryptographic service device | |
| US10534929B2 (en) | System and method for automatically securing sensitive data in public cloud using a serverless architecture | |
| SE427402B (en) | DATALENKKOMMUNIKATIONSSYSTEM | |
| CN112104627B (en) | Block chain-based data transmission method and device, electronic equipment and storage medium | |
| CN102932141A (en) | Order-preserving method and system for encrypting and decrypting messages by multiple encryption and decryption chips in parallel | |
| CN113055380B (en) | Message processing method and device, electronic equipment and medium | |
| CN103701583A (en) | Encryption processing device and method | |
| CN102045159A (en) | Decryption processing method and device thereof | |
| WO2020235942A1 (en) | System for restoring lost private key | |
| CN1298589A (en) | Method, arrangement and apparatus for authentication | |
| CN107247625A (en) | A kind of data encrypting and deciphering dispatching method verified based on many card redundancys | |
| EP3553689B1 (en) | System and method for automatically securing sensitive data in public cloud using a serverless architecture | |
| SE526070C2 (en) | Synchronizing method of communication session between e.g. enterprise and employees, involves performing handshake procedure to synchronize session counters of communication units by successively communicated signatures | |
| US20230071782A1 (en) | Electronic chip and a method for provisioning such an electronic chip | |
| CN102664887A (en) | Input information protecting method, device and system | |
| CN107786308B (en) | Data transmission method and terminal device | |
| CN110365468A (en) | Anonymization processing method, device, equipment and storage medium | |
| CN116134421A (en) | Streaming data to a multi-tile processing system | |
| CN106534047A (en) | Information transmitting method and apparatus based on Trust application | |
| CN112181308A (en) | Block chain based distributed data storage method and electronic equipment | |
| CN110585727A (en) | Resource acquisition method and device | |
| CN117201620B (en) | Equipment intelligent management system and method based on big data analysis | |
| CN109711207A (en) | A kind of data ciphering method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 410000 4th floor, Gongmei building, 156 Sany Avenue, Kaifu District, Changsha City, Hunan Province Patentee after: Hunan Qilin Xin'an Technology Co., Ltd Address before: 410000 4th floor, Gongmei building, 156 Sany Avenue, Kaifu District, Changsha City, Hunan Province Patentee before: HUNAN KYLIN XINAN TECHNOLOGY Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder |